logo
episode-header-image
Jul 21
17m 6s

NPM Linter Packages Hijacked, Microsoft'...

Jim Love
About this episode

In this episode of Cybersecurity Today, host David Shipley discusses several pressing cybersecurity issues. First, popular NPM Linter packages were hijacked via phishing to spread malware, affecting millions of downloads. 

Concurrently, Ukrainian CERT uncovers new phishing campaigns tied to APT28 using large language models for command and control.

Microsoft discontinues the use of China-based engineers for US Department of Defense systems following a controversial report. Lastly, social engineering, facilitated by AI, becomes a greater threat than zero-day exploits.

The episode emphasizes the need for stronger maintainer security, multifactor authentication, and a comprehensive understanding of social engineering risks. 

00:00 Introduction - 10 Million Downloads
01:30 NPM Linter Packages Hijacked
05:05 Social Engineering and AI in Cybersecurity
08:57 Microsoft's China-Based Engineers Controversy
12:15 The Real Threat: Social Engineering
16:39 Conclusion and Call to Action

Up next
Today
Cybersecurity Alerts: Black Hat Exposes AI and Firmware Vulnerabilities
In this episode, host Jim Love thanks listeners for their support of his book 'Elisa, A Tale of Quantum Kisses,' which is available for 99 cents on Kindle. The show then dives into pressing cybersecurity issues discussed at Black Hat USA, including vulnerabilities in AI assistant ... Show More
11m 54s
Aug 6
Cybersecurity Threats and Trends: From North Korean Spies to AI-Driven Attacks
In this episode, host Jim Love explores a variety of pressing cybersecurity threats and developments. The episode begins with an invitation for listeners to share their summer reading choices. The main content highlights include North Korean operatives infiltrating US companies t ... Show More
11m 55s
Aug 4
Cybersecurity Today: Hamilton's Ransomware Crisis and Emerging AI and OAuth Threats
In this episode of 'Cybersecurity Today,' host David Chipley discusses several major security incidents and threats. Hamilton, Ontario faces a $5 million insurance denial following a ransomware attack due to incomplete deployment of Multi-Factor Authentication (MFA). The episode ... Show More
9m 46s
Recommended Episodes
Jul 2023
Taking steps to stop a Chinese APT. Implementing the US National Cybersecurity Strategy. LokiBot is back. Malware masquerading as a proof-of-concept. Swapping cyber ops in a hybrid war.
CISA and the FBI issue a joint Cybersecurity Advisory on exploitation of Microsoft Exchange Online. Implementing the US National Cybersecurity Strategy. FortiGuard discovers a new LokiBot campaign. Training code turns out to be malicious in a new proof-of-concept attack discovere ... Show More
32m 18s
Apr 2025
When fake fixes hide real attacks.
Adversary nations are using ClickFix in cyber espionage campaigns. Japan’s Financial Services Agency issues an urgent warning after hundreds of millions in unauthorized trades. The critical Erlang/OTP’s SSH vulnerability now has public exploits. A flawed rollout of a new Microsof ... Show More
31m 36s
Jun 9
White House reboots cybersecurity priorities.
A new White House executive Order overhauls U.S. cybersecurity policy. The EU updates its “cybersecurity blueprint”. The Pentagon’s inspector general investigates Defense Secretary Hegseth’s Signal messages. Chinese hackers target U.S. smartphones. A new Mirai botnet variant drop ... Show More
36m 12s
Aug 2024
A health bot’s security slip-up.
Researchers at Tenable uncovered severe vulnerabilities in Microsoft’s Azure Health Bot Service. Scammers use deepfakes on Facebook and Instagram. Foreign influence operations target the Harris presidential campaign. An Idaho not-for-profit healthcare provider discloses a data br ... Show More
31m 24s
Aug 2024
Almost letting hackers rule the web.
A Wordpress plugin vulnerability puts 5 million sites at risk. Google releases an emergency Chrome update addressing an actively exploited vulnerability. Cisco patches multiple vulnerabilities. Researchers say Slack AI is vulnerable to prompt injection. Widely used RFID smart car ... Show More
32m 7s
Aug 2024
Cyberattack cripples major American chipmaker.
A major American chipmaker discloses a cyberattack. Cybercriminals exploit Progressive Web Applications (PWAs) to bypass iOS and Android defenses. Mandiant uncovers a privilege escalation vulnerability in Microsoft Azure Kubernetes Services. ALBeast hits ALB. Microsoft’s latest s ... Show More
34m 26s
Jan 2025
Hacking the bureau.
The FBI warns agents of hacked call and text logs. The US Treasury sanctions entities tied to North Korea’s fake IT worker operations. Russian hacking group Star Blizzard attempted to infiltrate WhatsApp accounts of nonprofits supporting Ukraine. Yubico discloses a critical vulne ... Show More
40m 16s
Jan 2025
A new Mirai-based botnet.
Researchers ID a new Mirai-based botnet. Android devices get their first round of updates for the new year. Criminals exploit legitimate Apple and Google services in sophisticated voice phishing attacks. Japan attributes over 200 cyberattacks to the Chinese hacking group MirrorFa ... Show More
32m 9s
Feb 2025
Hacked in plain sight.
A major employee screening provider discloses a data breach affecting over 3.3 million people. Signal considers exiting Sweden over a proposed law that would give police access to encrypted messages. House Democrats call out DOGE’s negligent cybersecurity practices. Critical vuln ... Show More
30m 56s
Feb 2025
PAN-ic mode: The race to secure PAN-OS.
Palo Alto Networks confirms a recently patched firewall vulnerability is being actively exploited. CISA warns of an actively exploited iOS vulnerability. Juniper Networks has issued a critical security advisory for an API authentication bypass vulnerability. The acting commission ... Show More
35m 23s
Listen to millions of songs and podcasts on Anghami