Episode 54: May 25, 2026

Episode 59: May 30, 2026

This episode covers a cybercrime gang funding real-world violence with stolen data, a Russian hacker who spent five years running an AI bot inside a 17,000-member Telegram channel, and Dutch authorities dismantling a botnet controlling 17 million infected devices. We also dig into how cloud misconfigurations stack into serious exploits when no one's watching the service accounts. Stories covered: - 'The Com' Cyberattacks Support Violence & Sexploitation (Dark Reading) - https://www.darkreading.com/threat-intelligence/the-com-cyberattacks-violence-sexploitation - A Russian hacker tricked a 17,000 strong MAGA Telegram channel with a jailbroken AI for over 5 years, leading to fraud, credential theft, and an empty crypto wallet - TechRadar (TechRadar) - https://news.google.com/rss/articles/CBMipwJBVV95cUxNRnpHUXhXbUtuN0NhVFl2blI5TzhlTGlsVTNhdGdmRm14aXl0MWQxS0h6VXRBNXZ2bHJzNkJMQllaQ3RfbnhveFlCdUU2ZUxqakxzbWpKc3FSSjFNZVAwZWY5OWoxOHdvajl2ejQwQTRfU2E0QlktcVdQczlGZ2gwZFNkcDRkdGhHNkJsZzJRYTNSUV9wQzJQT1FQOHZyNnljN2dDN3JnYmJTb3ZvUzYtSkFPR3RWR1RGSlAxaEEtbHU5YW1UQW5rY2tXOWtkLWVISmVZMnRVZnpxQTdWaDNUY1RVSzgzM2lScEJiQTQ0VjJhZ3BNbHE0UVIxNDRuQmJfMWp2bW1ldnJRV0FQVndFMEl0NDBieEFUTS02OU8zSFJoQUctMEU4?oc=5 - Dutch govt disrupts malware botnet with 17 million infected devices (BleepingComputer) - https://www.bleepingcomputer.com/news/security/dutch-govt-disrupts-malware-botnet-with-17-million-infected-devices/ - With Complex Cloud Integrations, Small Errors Lead to Major Compromises (Dark Reading) - https://www.darkreading.com/vulnerabilities-threats/complex-cloud-integrations-small-errors-compromises - 5 Advanced Workouts That Build Marathon Speed and How to Know You’re Ready for Them (Runner's World) - https://www.runnersworld.com/advanced/a71423197/advanced-marathon-speed-workouts/ - 13 Indy Trail Races With Views and Vibes That Will Blow You Away (Trail Runner Mag) - https://www.trailrunnermag.com/travel/race-guides/best-indy-trail-races-in-the-us/

Episode 57: May 28, 2026

This episode digs into a dark week for software supply chains, from the Glassworm botnet takedown to the TrapDoor malware infecting npm, PyPI, and CratesIO—plus why multi-factor authentication isn't as bulletproof as you think when attackers weaponize fatigue. Adrian also spotlights thirteen under-the-radar trail races that trade crowds for waterfalls and old-growth forests. It's cybersecurity threats and hidden running gems before your coffee cools. Stories covered: - CrowdStrike and Google take down botnet used by hackers to target open source software developers (TechCrunch) - https://techcrunch.com/2026/05/27/crowdstrike-and-google-take-down-botnet-used-by-hackers-to-target-software-developers-in-supply-chain-attacks/ - TrapDoor Supply Chain Attack Spreads Credential-Stealing Malware via npm, PyPI, and CratesIO - The Hacker News (The Hacker News) - https://news.google.com/rss/articles/CBMigAFBVV95cUxOMElHdEJDV1N1Q1JINkxIcmc1eTZINWVRRFNSanc3ZURLN0pCRzE4UVNhRXd2UV9SUmV2bFd6OWdRbjZDcFJwM3JPMmh0bFd4UUJMMmhleXpIOHVIZVBrOWFhMWxBZEp0QUZFdHJxSUthdWt4Q3ljb0ozYkNRUTZYdg?oc=5 - MFA Prompt Bombing: Why Your Second Factor Isn't Saving You (The Hacker News) - https://thehackernews.com/2026/05/mfa-prompt-bombing-why-your-second.html - 13 Indy Trail Races With Views and Vibes That Will Blow You Away (Trail Runner Mag) - https://www.trailrunnermag.com/travel/race-guides/best-indy-trail-races-in-the-us/ - Gemini, Gophers, and Fingers. Oh My Alternative Internets Beyond HTTPS (Hacker News) - https://brennan.day/gemini-gophers-and-fingers-oh-my-alternative-internets-beyond-https/ - Ransomware Actors Show Up In Person to Steal Law Firm Data (Dark Reading) - https://www.darkreading.com/cyberattacks-data-breaches/ransomware-actors-steal-law-firm-data

Episode 56: May 27, 2026

This episode covers a critical Microsoft SharePoint vulnerability demanding immediate patching, a major 7-Eleven data breach exposing 183,000 people, and a coordinated supply chain attack hitting three major package ecosystems at once. Adrian also digs into an Oregon hacker who sold access to the state's emergency network for Bitcoin. It's Wednesday morning, and the signals are already humming. Stories covered: - Microsoft Patches SharePoint RCE Flaw CVE-2026-45659 Across Server Versions (The Hacker News) - https://thehackernews.com/2026/05/microsoft-patches-sharepoint-rce-flaw.html - 7-Eleven data breach exposes personal information of 185,000 people (BleepingComputer) - https://www.bleepingcomputer.com/news/security/7-eleven-data-breach-exposes-personal-information-of-185-000-people/ - TrapDoor Supply Chain Attack Spreads Credential-Stealing Malware via npm, PyPI, and CratesIO (The Hacker News) - https://thehackernews.com/2026/05/trapdoor-supply-chain-attack-spreads.html - Hacker who sold access to Oregon state emergency network for Bitcoin gets prison - OregonLive.com (OregonLive.com) - https://news.google.com/rss/articles/CBMixAFBVV95cUxNczh0aUVGUzllVUVlZXJ4R24zM25tVTgzM1FwNWZSMm9ibjZRdE9hU1VORWZTMWFSdk1TUVZGVklGdE5QdmZFM29JTl92X05uWWpfOUthWkdraGtVenpCVWtaRnYtV3dxOVJnWkxXSW41S0ZnR2FjYS1Nc0FnaGxSNXBiWnNESmdFX0E0enVfNXNEREY1ZmNwcnA0NXgyaHVtVVozSWlGNFJzUk02aFlpVThVQXlpUmlSNWN1LU9Hc0tUbk4y0gHYAUFVX3lxTE1WS3FpaVlGT0UtWVBtUVpBVnBtcFFQTjdvU1RZRjMzZlpFS0kwZmxfUmhyR1VTd1J0SGlOd1Vnc1pfYTZhSkxBWkZrRzBCZlNiUFIwNlFHbExOaEJWblVwTG5IaVlsWWJJX01Eclc0TDRtN2dyb2pjck4tQTcwa0NZMEczMWthQ1h2V24wYk4zcU5oVFF3T1RNMjlyWmZTdW9nc2tRdVFJYVhySHhfa1VWNzIyZVdtcldJb3lXM1d5NWQteExseWlKNU9SNzNsdjQzX19sTEdmNQ?oc=5 - These Runners Dress Up Like Salmon Every Year and Run This Historic Race—Backwards (Runner's World) - https://www.runnersworld.com/news/a71376795/bay-to-breakers-costume-runners/ - DuckDuckGo installs are up 30% as users reject being ‘force-fed’ Google’s AI Search (TechCrunch) - https://techcrunch.com/2026/05/26/duckduckgo-installs-are-up-30-as-users-reject-being-force-fed-googles-ai-search/

Episode 55: May 26, 2026

On today's Signal Check, Adrian North digs into a massive botnet takedown involving two million compromised devices, a coordinated supply chain attack targeting developers across three major code repositories, and Verizon's latest breach report showing a major shift in how attackers are getting in. Plus, a Romanian ultramarathon turns into a mountain rescue when weather strikes harder than expected. Stories covered: - US and Canada arrest and charge suspected Kimwolf botnet admin (BleepingComputer) - https://www.bleepingcomputer.com/news/security/us-and-canada-arrest-and-charge-suspected-kimwolf-botnet-admin/ - TrapDoor Supply Chain Attack Spreads Credential-Stealing Malware via npm, PyPI, and CratesIO (The Hacker News) - https://thehackernews.com/2026/05/trapdoor-supply-chain-attack-spreads.html - Verizon 2026 DBIR: Vulnerability Exploitation Leaps Ahead of Stolen Credentials as #1 Initial Breach Cause - CPO Magazine (CPO Magazine) - https://news.google.com/rss/articles/CBMi4gFBVV95cUxQcl80azh0dFB1ZE5TdGM3eW4zVk9XZEtnczNNeUM1SUI4M1lnSFJvbk8tQzY1RXNwT1AxQWZ5X21BUG82ZTJtQy1mUGhpYkpsOXNnT2FxaVVXdUZYTG9yd3NaR0pBLVNPQkE3UkpzYmFQS2tqeWItdFgtX3ZSMUx1U0RpWERPUnZYSHdZNXlhaGxUdjJHbDhud3cta0tGNkgxa3I4amc3WE1kMWcySEQ1dHRqenJPUDlPbnJJUFBTbWpOQkZhWmRKVENqcGFYN2dYZmNNajBTSFB3ZFItQXJNeWdn?oc=5 - Snow and Ice Trap Runners at Romania’s Transylvania 100, Triggering Mass Mountain Rescue (Marathon Handbook) - https://marathonhandbook.com/snow-and-ice-trap-runners-at-romanias-transylvania-100-triggering-mass-mountain-rescue/ - On Trails is a wandering tale that blends hiking, science, and history (The Verge) - https://www.theverge.com/entertainment/936860/robert-moor-on-trails-book-review - Microsoft Copilot Cowork Exfiltrates Files (Hacker News) - https://www.promptarmor.com/resources/microsoft-copilot-cowork-exfiltrates-files

Episode 54: May 25, 2026

This episode covers a coordinated supply chain attack on PHP's Packagist repository, mass exploitation of a critical Ghost CMS vulnerability turning websites into malware traps, and the ironic exposure of AWS GovCloud credentials by a CISA contractor's public GitHub repo. Adrian breaks down how attackers are poisoning dependencies upstream, automating large-scale injections, and why even the agencies protecting federal networks aren't immune to basic security mistakes. Stories covered: - Packagist Supply Chain Attack Infects 8 Packages Using GitHub-Hosted Linux Malware (The Hacker News) - https://thehackernews.com/2026/05/packagist-supply-chain-attack-infects-8.html - Ghost CMS SQL injection flaw exploited in large-scale ClickFix campaign (BleepingComputer) - https://www.bleepingcomputer.com/news/security/ghost-cms-sql-injection-flaw-exploited-in-large-scale-clickfix-campaign/ - CISA Admin Leaked AWS GovCloud Keys on Github (Krebs on Security) - https://krebsonsecurity.com/2026/05/cisa-admin-leaked-aws-govcloud-keys-on-github/ - Megalodon GitHub Attack Targets 5,561 Repos with Malicious CI/CD Workflows (The Hacker News) - https://thehackernews.com/2026/05/megalodon-github-attack-targets-5561.html - On Trails is a wandering tale that blends hiking, science, and history (The Verge) - https://www.theverge.com/entertainment/936860/robert-moor-on-trails-book-review - The Shoes That Won The 2026 Cape Town Marathon (Marathon Handbook) - https://marathonhandbook.com/the-shoes-that-won-the-2026-cape-town-marathon/