Episode 73: June 13, 2026

Episode 73: June 13, 2026

This episode digs into a brutal week for security, starting with over 400 hijacked Arch Linux packages that installed credential stealers and rootkits. We also cover ShinyHunters exploiting a zero-day in Oracle PeopleSoft to hit universities, and an AI-powered cyber defense platform launching with serious funding and even bigger questions. Stories covered: - Over 400 Arch Linux AUR Packages Hijacked to Deploy Infostealer and eBPF Rootkit (The Hacker News) - https://thehackernews.com/2026/06/over-400-arch-linux-aur-packages.html - ShinyHunters Exploits Oracle PeopleSoft Zero-Day (CVE-2026-35273) to Breach Universities (The Hacker News) - https://thehackernews.com/2026/06/shinyhunters-exploits-oracle-peoplesoft.html - He Hacked Teslas For Elon Musk. Now He’s Launching A $100 Million AI Cyber Agent. - Forbes (Forbes) - https://news.google.com/rss/articles/CBMiuwFBVV95cUxPeEhOdFU0M2trc1E2Zko0d0pzX2lyQ2RNdExTcno4WWI5cGRHUThGeWQtR3locXZPREwtNkhkVG0yZ2lUQjNVVTJQM0VjVHd3U2k1WHp3S0dwMEc5YlNfN1ZBTll3cTJ2dm14ZWVHZjJ4eTJiWnRVazBJN3FvbU1MM2I1VHh5VlhLNnVROHJaNXR5eDA5UUE2dUVJU25HcU1ITFpZQnV0eUxTS0FxUmpRaVI4TkFrbWdDTEFB?oc=5 - Oracle mitigates PeopleSoft zero-day exploited in data theft attacks (BleepingComputer) - https://www.bleepingcomputer.com/news/security/oracle-mitigates-peoplesoft-zero-day-exploited-in-data-theft-attacks/ - Intriguing Storylines and Predictions for the 2026 Western States 100 (iRunFar) - https://www.irunfar.com/intriguing-storylines-and-predictions-for-the-2026-western-states-100 - Man sues law enforcement alleging AI facial recognition technology led to wrongful arrest - ABC News - Breaking News, Latest News and Videos (ABC News - Breaking News, Latest News and Videos) - https://news.google.com/rss/articles/CBMipgFBVV95cUxNYkxZcmlfd3dZdHRKb0JGdUExZWVmRDlPYkNlczc0LWtfMnU1ektLaWt1a2JtTXRhOGVpYkJUOUJmdG9VXzJVdUxsMnR0UWNRYXdmUUtnQnR6QmhuQUNRc2NpcFQ1ZEZackU2UzJ6SU8wUndvZ1VWUjN0NS0yWVhTRGt5QjZCZmk2QjR0NHQzTmx4Z0Q5MVBEZjdPZDVkbDg2WkRyNDdB0gGrAUFVX3lxTE1ZaGdfR1NQVWZQQVRkXzZDc2tWcl9JVUV4clhPUzlvNUgxdWNyVDFuSkptWjVSWXp1aU5ZOGcxblpWX1JzMGtJalgzUFJhcS1VX2lWNy1fR0tOeGFJY3NnNDhEUGlRazZuT2ZYejdOWGpPOXJBcExnd1paMnhvZkppdjZWU2xCeU9VMk1DeWZiMVNONzdMdHlyOFNpRC01Sm1Zb0RzY2dEY0ROSQ?oc=5

Episode 72: June 12, 2026

This episode covers ShinyHunters exploiting an unpatched Oracle PeopleSoft vulnerability to breach universities, the leaked Miasma worm source code lowering the barrier for supply-chain attacks, and new research showing how AI agents like OpenClaw can be tricked into running malicious code through prompt injection. Adrian breaks down the week's critical signals before the weekend hits. Stories covered: - ShinyHunters Exploits Oracle PeopleSoft Zero-Day (CVE-2026-35273) to Breach Universities (The Hacker News) - https://thehackernews.com/2026/06/shinyhunters-exploits-oracle-peoplesoft.html - The ‘Miasma’ worm source code briefly leaked on GitHub (BleepingComputer) - https://www.bleepingcomputer.com/news/security/the-miasma-worm-source-code-briefly-leaked-on-github/ - New Attacks Trick OpenClaw AI Agent Into Running Code and Leaking Secrets (The Hacker News) - https://thehackernews.com/2026/06/new-attacks-trick-openclaw-ai-agent.html - Why You Have to Run SLOW to Race FAST (The Science of Easy Running) (Marathon Handbook) - https://marathonhandbook.com/why-you-have-to-run-slow-to-race-fast-the-science-of-easy-running/ - Everest 2026: Sherpas and Guides Call For Change (ExplorersWeb) - https://explorersweb.com/everest-2026-summary-sherpas-and-guides-call-for-change/ - Why You Might Already Own SpaceX Shares, Siri’s AI Makeover, and Knicks Owner’s Surveillance Machine (Wired) - https://www.wired.com/story/uncanny-valley-podcast-why-you-might-already-own-spacex-shares-siri-ai-makeover-knicks-owner-surveillance-machine/

Episode 71: June 11, 2026

This episode digs into a fresh Microsoft Defender zero-day granting full system access, a new SSD timing attack that tracks your browsing through hardware behavior, and the rise of The Gentlemen ransomware group building a professional cybercrime empire. Adrian breaks down why these aren't just bugs—they're fundamental shifts in how attacks work. Morning coffee required. Stories covered: - Microsoft Defender RoguePlanet Zero-Day Grants SYSTEM Access on Updated Windows (The Hacker News) - https://thehackernews.com/2026/06/microsoft-defender-rogueplanet-zero-day.html - New FROST Attack Lets Websites Track What Sites and Apps You Open via SSD Timing - The Hacker News (The Hacker News) - https://news.google.com/rss/articles/CBMigAFBVV95cUxQcHJSUHJZODRwQVc2bUJwR3hGUWlwS1NYazduREVkWk1ScXNMVTd4c051Uk5TOUwtNk52RGh6QlVLZjhIR2ExZGpoWDJha0hIR193eC00WlNxaXhwZ1A5T0wxSlJKdC11d2JESldOcVpfSThBT3ZjWUpfTW15M3Z0cA?oc=5 - Who Runs the Ransomware Group ‘The Gentlemen?’ (Krebs on Security) - https://krebsonsecurity.com/2026/06/who-runs-the-ransomware-group-the-gentlemen/ - This Adidas Trainer Was Our Best Overall Running Shoe, and It’s Just $105 Right Now (Runner's World) - https://www.runnersworld.com/gear/a71547463/adidas-adizero-evo-sl-sale-june-2026/ - China Opens World’s First Wind-Powered Underwater Data Center (Wired) - https://www.wired.com/story/china-opens-worlds-first-wind-powered-underwater-data-center/ - How JPL keeps the 13-year-old Curiosity rover doing science (Hacker News) - https://spectrum.ieee.org/curiosity-rover-jpl-mars-science

Episode 70: June 10, 2026

This episode covers a critical Check Point VPN flaw being actively exploited by ransomware groups, a wild new browser-based attack that uses your SSD to spy on your activity, and a must-patch Veeam vulnerability that lets any domain user compromise your backup infrastructure. Adrian also digs into surprising running science that shows walking breaks can actually make you faster. It's threat intel, hardware side-channels, and a dash of endurance strategy before your second cup of coffee. Stories covered: - CISA gives feds 3 days to patch Check Point VPN bug exploited as zero-day (BleepingComputer) - https://www.bleepingcomputer.com/news/security/cisa-orders-feds-to-patch-check-point-flaw-exploited-by-ransomware-gangs/ - New FROST Attack Lets Websites Track What Sites and Apps You Open via SSD Timing (The Hacker News) - https://thehackernews.com/2026/06/new-frost-attack-lets-websites-track.html - Veeam Backup & Replication RCE Flaw Lets Domain Users Run Remote Code (The Hacker News) - https://thehackernews.com/2026/06/veeam-backup-replication-rce-flaw-lets.html - Walking Breaks Can Make You a Faster and Better Runner. We Can Prove It. (Runner's World) - https://www.runnersworld.com/training/a70690471/walking-break-can-make-you-faster/ - 4 Tactics and 14 Organizations to Support LGBTQ+ Climbers This Pride Month (Climbing Magazine) - https://www.climbing.com/culture-climbing/support-lgbtq-climbers-pride-month/ - COROS Watches Now Talk to AllTrails, Giving Trail Runners One Map for the Backcountry (Marathon Handbook) - https://marathonhandbook.com/coros-watches-now-talk-to-alltrails-giving-trail-runners-one-map-for-the-backcountry/

Episode 69: June 09, 2026

This episode covers emergency patches for a critical Check Point VPN zero-day that's been exploited by ransomware groups since early May, plus a Python supply-chain attack that compromised nineteen packages on PyPI. Adrian breaks down why patching isn't enough when attackers have already had weeks inside networks, and how developer trust becomes the vulnerability in these campaigns. Stories covered: - Check Point VPN Flaw Exploited Since Early May (Dark Reading) - https://www.darkreading.com/vulnerabilities-threats/check-point-vpn-flaw-exploited-early-may - Check Point links VPN zero-day attacks to Qilin ransomware gang (BleepingComputer) - https://www.bleepingcomputer.com/news/security/check-point-links-vpn-zero-day-attacks-to-qilin-ransomware-gang/ - New Shai-Hulud attack trojanizes 19 science-focused PyPI packages (BleepingComputer) - https://www.bleepingcomputer.com/news/security/new-shai-hulud-attack-trojanizes-19-science-focused-pypi-packages/ - UNC3753 Used Vishing and Physical Intrusions in U.S. Data Theft Extortion Campaign (The Hacker News) - https://thehackernews.com/2026/06/unc3753-used-vishing-and-physical.html - ‘I’m a 75-Year-Old Grandmother of Six and Just Ran a 3:57 Marathon. This Is How I Train’ (Runner's World) - https://www.runnersworld.com/training/a71523801/penny-jarvis-runner/ - Surveillance Is Not Safety: A statement on the UK's latest threat to privacy [pdf] (Hacker News) - https://signal.org/blog/pdfs/2026-06-08-uk-surveillance-is-not-safety.pdf