Microsoft pulls 73 GitHub repos after malware

Microsoft pulls 73 GitHub repos after malware

A supply chain attack targeting developer tools forced Microsoft to remove dozens of GitHub repositories, highlighting a shift in where real risk now sits. This episode breaks down how attackers are moving closer to credentials through trusted workflows, and why AI development environments are becoming a high value target. For security and IT leaders, the implication is direct. Developer machines, repositories, and third party access paths now function as part of your identity perimeter. At the same time, passkeys are exposing operational gaps around recovery, and new research shows overreliance on AI can quietly degrade decision making across teams. We also cover a third party access lawsuit with cross client impact, shifts in AI economics, and growing geopolitical pressure on AI partnerships. Learn more at https://crestvale.io Support the show [https://www.buzzsprout.com/2602483/support]

US export controls shut off Anthropic models

AI access is no longer just a product feature. It is becoming controlled infrastructure. In this episode, we break down how U.S. export controls forced Anthropic to shut down major models globally, and what that signals for any team relying on third-party AI. The shift has real consequences. Security workflows can stop overnight. Vendor risk now includes geopolitical decisions. And at the same time, critical vulnerabilities like the Splunk remote code execution flaw show how quickly your core systems can become liabilities if exposed. We also cover Wallarm's push into full visibility for AWS environments, and a new regulatory move as state attorneys general subpoena OpenAI over model behavior and data handling. Plus, key updates on cyber training, AI governance, and the changing shape of security teams. Learn more at https://crestvale.io Support the show [https://www.buzzsprout.com/2602483/support]

CISA orders Ivanti Sentry patch by Sunday

CISA just enforced a seventy two hour patch deadline for actively exploited infrastructure, and that single move signals a broader shift in how fast security teams are expected to operate. This episode breaks down what that means in practice, from Ivanti Sentry exposure to the growing expectation that internet-facing systems must be treated as compromised almost immediately. It also looks at how attackers are accelerating their own timelines, with zero-day exploitation in PeopleSoft leading directly to extortion, and npm-based worms stealing cloud and AI credentials before detection tools can respond. We also cover Google's legal push against AI-driven smishing networks and what it signals about the future of platform-led defense. Learn more at https://crestvale.io Support the show [https://www.buzzsprout.com/2602483/support]

South Korea fines Coupang $400M after breach

A record fine against Coupang signals a shift in global privacy enforcement, with regulators willing to apply maximum penalties across borders after insider-driven breaches. For security and IT leaders, this changes how breach risk is modeled. Insider access is now a primary threat vector, and global enforcement is no longer theoretical. At the same time, Shadow AI and developer-targeted malware are expanding how data leaves organizations, often outside traditional controls. We also cover new AI-driven attack delivery methods, Microsoft 365 detection changes, and rising pressure to adopt governed AI tools. Learn more at https://crestvale.io Support the show [https://www.buzzsprout.com/2602483/support]

ServiceNow bug exposed customer instance data online

A ServiceNow vulnerability exposed how quickly SaaS platforms can become part of your attack surface, while new federal guidance is shrinking vulnerability response windows to just three days. This episode breaks down what the ServiceNow incident means in practice, why CISA's seventy two hour remediation expectation is a major shift, and how AI agents are quietly expanding identity risk inside most organizations. The common thread is speed and visibility. Teams are being forced to make faster decisions with less margin for error, while managing identities and data they often cannot fully see. We also cover Cyera's major funding round and what it signals about data security becoming the control layer for AI, along with key updates from Microsoft, Fortinet, and others. Learn more at https://crestvale.io Support the show [https://www.buzzsprout.com/2602483/support]