logo
episode-header-image
Sep 15
8m 40s

NPM Attack Leave Hackers Empty Handed: C...

Jim Love
About this episode

Cybersecurity Today: NPM Attack, Void Proxy Phishing, and Major Business Disruptions

In this episode of Cybersecurity Today, host David Shipley discusses a recent massive NPM attack that, despite causing significant disruption, left hackers with minimal gains. We also cover a new, highly sophisticated phishing service called Void Proxy, which targets Microsoft and Google accounts. Additionally, we delve into the severe repercussions of cyber attacks on major companies like Jaguar Land Rover and Marks and Spencer, highlighting the wide-ranging impacts on supply chains and leadership. Join us for the latest updates and insights from the world of cybersecurity.

00:00 Introduction and Headlines
00:35 Massive NPM Attack: What Happened?
02:53 Void Proxy: A New Phishing Threat
05:31 Jaguar Land Rover Cyber Attack Impact
06:59 Marks and Spencer Leadership Change
08:04 Conclusion and Final Thoughts

Up next
Jun 2024
Cyber Security Today, June 14, 2024 - Employee downloaded file that led to hospital chain's ransomware attack
This episode reports on the latest ransomware news, another North Korean threat actor putting  malicious packages on the NPM registry, vulnerabilities in some open source AI apps, and more 
7m 52s
Jun 2024
Cyber Security Today, June 3, 2024 - Four cloud-related data breaches
This episode reports on confirmation of cyber attacks on Ticketmaster, Santander bank, a Canadian broadcaster, and more 
7m 37s
May 2024
Cyber Security Today, May 27, 2024 - Security controversy over a new Microsoft tool, a new open source threat intelligence service
This episode reports on fake antivirus web sites to stay away from, and more 
6m 14s
Recommended Episodes
Jul 2024
Cybersecurity snow day.
A Crowdstrike update takes down IT systems worldwide. A U.S. District Court judge dismissed most charges against SolarWinds. Sophos examines the ransomware threat to the energy sector. European web hosting companies suspend Doppelgänger propaganda. An Australian digital prescript ... Show More
31m 45s
Jul 2023
New phishing campaigns hit Microsoft 365 and Adobe users. Big Head ransomware. Multichain bridge compromised. CISA adds a KEV. Progress patches MOVEit. Telegram's role in Russia's war.
New phishing campaigns afflict users of Microsoft 365 and Adobe. An analysis of Big Head ransomware. Multichain reports a crypto heist with over $100 million stolen. CISA makes an addition to the Known Exploited Vulnerability Catalog. Progress Software issues additional MOVEit pa ... Show More
31m 15s
Aug 2024
A health bot’s security slip-up.
Researchers at Tenable uncovered severe vulnerabilities in Microsoft’s Azure Health Bot Service. Scammers use deepfakes on Facebook and Instagram. Foreign influence operations target the Harris presidential campaign. An Idaho not-for-profit healthcare provider discloses a data br ... Show More
25m 24s
Aug 2024
Cyberattack cripples major American chipmaker.
A major American chipmaker discloses a cyberattack. Cybercriminals exploit Progressive Web Applications (PWAs) to bypass iOS and Android defenses. Mandiant uncovers a privilege escalation vulnerability in Microsoft Azure Kubernetes Services. ALBeast hits ALB. Microsoft’s latest s ... Show More
28m 26s
Aug 2024
Almost letting hackers rule the web.
A Wordpress plugin vulnerability puts 5 million sites at risk. Google releases an emergency Chrome update addressing an actively exploited vulnerability. Cisco patches multiple vulnerabilities. Researchers say Slack AI is vulnerable to prompt injection. Widely used RFID smart car ... Show More
26m 7s
Feb 2025
PAN-ic mode: The race to secure PAN-OS.
Palo Alto Networks confirms a recently patched firewall vulnerability is being actively exploited. CISA warns of an actively exploited iOS vulnerability. Juniper Networks has issued a critical security advisory for an API authentication bypass vulnerability. The acting commission ... Show More
29m 23s
Dec 2024
When AI goes offline.
ChatGPT and Meta face widespread outages. Trump advisors explore splitting NSA and CyberCom leadership roles. A critical vulnerability in Apache Struts 2 has been disclosed. “AuthQuake” allowed attackers to bypass Microsoft MFA protections. Researchers identify Nova, a sophistica ... Show More
27m 10s
Aug 2024
Cyber revolt or just digital ruckus?
Hacktivists respond to the arrest of Telegram’s CEO in France. Stealthy Linux malware stayed undetected for two years. Versa Networks patches a zero-day vulnerability. Google has patched its tenth zero-day vulnerability of 2024. Researchers at Arkose labs document Greasy Opal. A ... Show More
25m 20s
Jan 2025
U.S. sanctions spark cyber showdown with China.
China criticizes U.S. sanctions. School districts face cyberattacks over the holiday season. The U.N.’s International Civil Aviation Organization (ICAO) is investigating a potential data breach. Eagerbee malware targets government organizations and ISPs in the Middle East. A majo ... Show More
27m 17s
Dec 2024
Lessons from the Viasat cybersecurity attack. [T-Minus]
Please enjoy this encore of T-Minus Space Daily. A few hours prior to the Russian invasion of Ukraine on February 24, 2022, Russia’s military intelligence launched a cyberattack against ViaSat’s KA-SAT satellite network, which was used by the Ukrainian Armed Forces. It prevented ... Show More
26m 17s
Listen to millions of songs and podcasts on Anghami