Signal Check

Episode 52: May 23, 2026

This episode digs into the week's quiet but persistent threats—Linux rootkits, router zero-days, and AI adversarial probing—before covering major incidents including Grafana Labs' GitHub breach and a zero-day exploit in Trend Micro's own security software. Adrian North wraps up with a sobering reminder that even CISA contractors aren't immune to mistakes, as exposed AWS GovCloud credentials sat publicly on GitHub. Stories covered: - ThreatsDay Bulletin: Linux Rootkits, Router 0-Day, AI Intrusions, Scam Kits and 25 New Stories (The Hacker News) - https://thehackernews.com/2026/05/threatsday-bulletin-linux-rootkits.html - Grafana Labs Security Breach - Hackers Access GitHub and Download Codebase - CyberSecurityNews (CyberSecurityNews) - https://news.google.com/rss/articles/CBMia0FVX3lxTE00aWtyeFl6WE1sS1N0X0JRYkJXQmxvQ1NpYVlSeWZGempNc2RXdlM2TU5pdkh5SDlOVXVLMGRPMXZzU2VIOUFwUFlSNkR2YVpxcEpZdEcxa3Y4TGgzdlk4cnpra1FCbHh4OWhJ0gFwQVVfeXFMT1owNlYwdDNmV0c5bWVlNlJHbDB6TnlNS28xWUZ1RWpsVHpyQTFxWmZzcG9lV3h3RTBTczM1TWJnaW13Qk10RHpfMi1JME9abzh3QnBRdWlWeVk2cHpVLXJxNHlieWhUZTFUR0swWF9rVw?oc=5 - Trend Micro warns of Apex One zero-day exploited in the wild (BleepingComputer) - https://www.bleepingcomputer.com/news/security/trend-micro-warns-of-apex-one-zero-day-exploited-in-attacks/ - CISA Admin Leaked AWS GovCloud Keys on Github (Krebs on Security) - https://krebsonsecurity.com/2026/05/cisa-admin-leaked-aws-govcloud-keys-on-github/ - The Best Editor-Approved Memorial Day Deals on Garmin, Coros, and Shokz: Get Hundreds Off Popular Gear for Runners (Runner's World) - https://www.runnersworld.com/gear/a71292623/memorial-day-running-gear-deals-2026/ - Trump Mobile confirms it exposed customers’ personal data, including phone numbers and home addresses (TechCrunch) - https://techcrunch.com/2026/05/22/trump-mobile-confirms-it-exposed-customers-personal-data-including-phone-numbers-and-home-addresses/

Episode 51: May 22, 2026

This episode covers Microsoft shutting down a malware signing operation that weaponized their own trust systems, law enforcement dismantling a VPN service used by ransomware gangs, and a nine-year-old Linux kernel vulnerability that somehow stayed hidden in plain sight. Adrian also digs into GitHub's employee device compromise and what it means when the tools built to protect us become the very things attackers exploit. Stories covered: - Microsoft Takes Down Malware-Signing Service Behind Ransomware Attacks (The Hacker News) - https://thehackernews.com/2026/05/microsoft-takes-down-malware-signing.html - Police seize “First VPN” service used in ransomware, data theft attacks (BleepingComputer) - https://www.bleepingcomputer.com/news/security/police-seize-first-vpn-service-used-in-ransomware-data-theft-attacks/ - 9-Year-Old Linux Kernel Flaw Enables Root Command Execution on Major Distros (The Hacker News) - https://thehackernews.com/2026/05/9-year-old-linux-kernel-flaw-enables.html - GitHub confirms 'hacking' attack; says: We detected and contained a compromise of an employee device invo - The Times of India (The Times of India) - https://news.google.com/rss/articles/CBMiqAJBVV95cUxPeWUwVngxRXo5NjZQWTlFMTAxMnpPLVVHYm5yVEtxZWdKVWMwd1ZVeGpUNEcwOVRxRUdBX2o5VjVlSnZ3LUVuLU9QNnc0NTNkUDBJWUVoblE1aGRlZWlWakQxMllzSWthNlVGV1hoWEQwb3pnMVM5NVdMd3J2NkE0bmFfN0FQamNidFdFNWVFWmw2OUhxU3ZXMTBEdWVlSjRxb3gtVjk2Qjl2aFJzS2JTWW81dEg1U1ZxbHVMcFZmMXozNWYybXpUb3lHcnVGT3o5bW9JQXRzN3Z4dGhTcm9RU1hlTWpCNjNZN09aTVpNSlN0YWhNZ2xzY3FwMVF4eVZ4UHNaRmNpSVdicXRVRG1mS0k4RmJXQzduMl83T2VqMGdtdDRGdXhCSNIBrgJBVV95cUxOcnhHTmJ3RXhwMUdyc1pYeFFtQ2t1c2s5anI4LVJkLVJoWnhVakdVWU1TVDRBQVNtVC1IOUN1OWFRcDJ5LTlCb0h6WFZCRlBndDRvbWgwOElXeE1aSF9ha3RNZ29fYm44MFJreVFMa250b0dPN25HWVJnUElkeFIxOVJDOGVnWTYtNmZ1aks2eHRCYTJsZWV0b3VFTjBkU3U2NFdoMmRBeGhETDc3Y2pGR1BQUzZ6NTdGNzV5Z29VdEhhUWc4b3lOWkRLSnMxWGFKNDItQlR0TW1GUE1xZmtBd1FVam8yMFBabjBJbzRBOTVlS0JhTmpIc2JSM0JVZ3hXRlBQVm1TdTRaWWlUWVozNWNTVEpyWmpPSktqOXd2WjVQdnJfS1lNMnZMd1dydw?oc=5 - The Adidas Ultraboost 5X Is Over 50% Off—and Still One of Our Favorite Running Shoes (Runner's World) - https://www.runnersworld.com/gear/a71365136/adidas-ultraboost-5x-sale-may-2026/ - Golden Trail World Series is now in Canada; here’s what you need to know (Canadian Running) - https://runningmagazine.ca/trail-running/golden-trail-world-series-is-now-in-canada-heres-what-you-need-to-know/

Episode 50: May 21, 2026

This episode covers GitHub's massive breach, CISA's accidental exposure of government cloud credentials, and Microsoft's new open-source AI security tools. We dig into what happens when the infrastructure holding our infrastructure gets compromised, plus a quick detour into gray zone training and why most runners are doing it wrong. Stories covered: - GitHub Confirms Breach, 4K Internal Repos Stolen (Dark Reading) - https://www.darkreading.com/application-security/github-confirms-breach-4k-internal-repos-stolen - CISA Admin Leaked AWS GovCloud Keys on Github (Krebs on Security) - https://krebsonsecurity.com/2026/05/cisa-admin-leaked-aws-govcloud-keys-on-github/ - Microsoft Open-Sources RAMPART and Clarity to Secure AI Agents During Development (The Hacker News) - https://thehackernews.com/2026/05/microsoft-open-sources-rampart-and.html - What to Know About Gray Zone Training and How It Can Help—or Harm—Your Running (Runner's World) - https://www.runnersworld.com/training/a71353931/gray-zone-training/ - What Are Peptides, And Why Is Every Middle-Aged Runner Suddenly Talking About BPC-157? (Marathon Handbook) - https://marathonhandbook.com/what-are-peptides-and-why-is-every-middle-aged-runner-suddenly-talking-about-bpc-157/ - Google Declaring War on the Web (Hacker News) - https://tante.cc/2026/05/20/on-google-declaring-war-on-the-web/

Episode 49: May 20, 2026

On today's Signal Check, Adrian North digs into over six hundred malicious npm packages flooding the registry, a CISA contractor's exposed AWS credentials left on GitHub, and a newly public Linux kernel exploit called DirtyDecrypt. The episode wraps with a quick detour into reframing personal narratives and how the stories we tell ourselves shape what we think is possible. Stories covered: - New Shai-Hulud malware wave compromises 600 npm packages (BleepingComputer) - https://www.bleepingcomputer.com/news/security/new-shai-hulud-malware-wave-compromises-600-npm-packages/ - CISA Admin Leaked AWS GovCloud Keys on Github (Krebs on Security) - https://krebsonsecurity.com/2026/05/cisa-admin-leaked-aws-govcloud-keys-on-github/ - DirtyDecrypt PoC Released for Linux Kernel CVE-2026-31635 LPE Vulnerability (The Hacker News) - https://thehackernews.com/2026/05/dirtydecrypt-poc-released-for-linux.html - This Training Plan Transformed Her View on Running. It Could Change Your Mindset, Too. (Runner's World) - https://www.runnersworld.com/beginner/a71350276/couch-to-5k-training-plan/ - ‘Women Can Do This’: She Started Racing Postpartum in Her 30s. Now She’s an Ultrarunning Champion (Runner's World) - https://www.runnersworld.com/news/a71309956/careth-arnold-ultrarunning-postpartum/ - Microsoft Exchange Zero-Day Under Attack, No Patch Available (Dark Reading) - https://www.darkreading.com/vulnerabilities-threats/microsoft-exchange-zero-day-no-patch

Episode 48: May 19, 2026

This episode covers a critical NGINX vulnerability already being exploited in the wild, a Windows zero-day giving attackers full system control, and a jaw-dropping security lapse where CISA's own contractor leaked AWS GovCloud credentials on GitHub. We also dig into a massive NYC Health + Hospitals breach exposing biometric data from nearly two million people—the kind of information you can never change once it's stolen. Stories covered: - NGINX CVE-2026-42945 Exploited in the Wild, Causing Worker Crashes and Possible RCE (The Hacker News) - https://thehackernews.com/2026/05/nginx-cve-2026-42945-exploited-in-wild.html - New Windows 'MiniPlasma' zero-day exploit gives SYSTEM access, PoC released (BleepingComputer) - https://www.bleepingcomputer.com/news/microsoft/new-windows-miniplasma-zero-day-exploit-gives-system-access-poc-released/ - CISA Admin Leaked AWS GovCloud Keys on Github (Krebs on Security) - https://krebsonsecurity.com/2026/05/cisa-admin-leaked-aws-govcloud-keys-on-github/ - NYC Health + Hospitals says hackers stole medical data and fingerprints during breach affecting at least 1.8 million people (TechCrunch) - https://techcrunch.com/2026/05/18/nyc-health-and-hospitals-says-hackers-stole-medical-data-and-fingerprints-during-breach-affecting-at-least-1-8-million-people/ - What to Do When You Don’t Get Into Your Goal Race (Runner's World) - https://www.runnersworld.com/races-places/a71318334/world-marathon-major-race-alternatives/ - Everything You Need to Know About the 2026 Cape Town Marathon (Marathon Handbook) - https://marathonhandbook.com/everything-you-need-to-know-about-the-2026-cape-town-marathon/