Episode 62: June 02, 2026

Episode 62: June 02, 2026

This episode covers a wild range of security wake-up calls — from hackers tricking Meta's AI chatbot to hijack high-profile Instagram accounts, to compromised npm packages stealing developer credentials, to a critical Windows vulnerability now being actively exploited. Adrian North also shifts gears to spotlight thirteen stunning independent trail races across the U.S. for anyone looking to suffer beautifully. Stories covered: - Hackers Used Meta’s AI Support Bot to Seize Instagram Accounts (Krebs on Security) - https://krebsonsecurity.com/2026/06/hackers-used-metas-ai-support-bot-to-seize-instagram-accounts/ - Red Hat npm packages compromised to steal developer credentials (BleepingComputer) - https://www.bleepingcomputer.com/news/security/red-hat-npm-packages-compromised-to-steal-developer-credentials/ - Critical Windows Netlogon RCE flaw now exploited in attacks (BleepingComputer) - https://www.bleepingcomputer.com/news/microsoft/critical-windows-netlogon-remote-code-execution-flaw-now-exploited-in-attacks/ - 13 Indy Trail Races With Views and Vibes That Will Blow You Away (Trail Runner Mag) - https://www.trailrunnermag.com/travel/race-guides/best-indy-trail-races-in-the-us/ - Why Your Long Runs Leave You Wiped—and How to Bounce Back Better (Runner's World) - https://www.runnersworld.com/training/a71459738/amazing-runners-world-show-epsiode-117-long-run-fatigue_1780323049/ - This Weird 20-Legged Robot Moves Like Nothing Else on Earth and It Could Change How We Build Machines - ZME Science (ZME Science) - https://news.google.com/rss/articles/CBMiekFVX3lxTE1kVmZHZW9kNVZNX1VwTzl6RFdMWVNOYXJTSHhtYlcxb1RsUDRGUFByWFhYai0yd2ZsaG5wWmU4MXRpT2Vka1Z0WnN4cjdIM2lOT1FhQjRiSnptY0p3WWRqeXM0aDN4UGZzdXlmRFN4NXNfTWRLcjY4LW93?oc=5

Episode 61: June 01, 2026

This episode covers critical vulnerabilities in Gogs and Palo Alto's GlobalProtect VPN that are already being actively exploited, plus the takedown of a massive 17 million device botnet in the Netherlands. Adrian also digs into a bizarre new attack where hackers used an AI agent to carry out post-compromise actions autonomously. It's a Monday morning packed with urgent patches and unsettling new tactics. Stories covered: - Critical Gogs RCE Vulnerability Lets Any Authenticated User Execute Arbitrary Code (The Hacker News) - https://thehackernews.com/2026/05/critical-gogs-rce-vulnerability-lets.html - Palo Alto GlobalProtect VPN auth bypass flaw now exploited in attacks (BleepingComputer) - https://www.bleepingcomputer.com/news/security/palo-alto-globalprotect-vpn-auth-bypass-flaw-now-exploited-in-attacks/ - Dutch govt disrupts malware botnet with 17 million infected devices (BleepingComputer) - https://www.bleepingcomputer.com/news/security/dutch-govt-disrupts-malware-botnet-with-17-million-infected-devices/ - Attackers Use LLM Agent for Post-Exploitation After Marimo CVE-2026-39987 Exploit (The Hacker News) - https://thehackernews.com/2026/05/attackers-use-llm-agent-for-post.html - 13 Indy Trail Races With Views and Vibes That Will Blow You Away (Trail Runner Mag) - https://www.trailrunnermag.com/travel/race-guides/best-indy-trail-races-in-the-us/ - Tyler Andrews Sets Oxygen-Assisted Speed Record on Mount Everest (iRunFar) - https://www.irunfar.com/tyler-andrews-mount-everest-speed-record-2026

Episode 60: May 31, 2026

This episode covers critical vulnerabilities hitting Gogs self-hosted Git servers, Palo Alto VPN authentication bypass being actively exploited, and a groundbreaking attack where threat actors deployed an AI agent to autonomously handle post-exploitation. We also dig into a new Linux kernel privilege escalation flaw and what it means when your VPN becomes the weakest link. Stories covered: - Critical Gogs RCE Vulnerability Lets Any Authenticated User Execute Arbitrary Code (The Hacker News) - https://thehackernews.com/2026/05/critical-gogs-rce-vulnerability-lets.html - Palo Alto GlobalProtect VPN auth bypass flaw now exploited in attacks (BleepingComputer) - https://www.bleepingcomputer.com/news/security/palo-alto-globalprotect-vpn-auth-bypass-flaw-now-exploited-in-attacks/ - Attackers Use LLM Agent for Post-Exploitation After Marimo CVE-2026-39987 Exploit (The Hacker News) - https://thehackernews.com/2026/05/attackers-use-llm-agent-for-post.html - New CIFSwitch Linux flaw gives root on multiple distributions (BleepingComputer) - https://www.bleepingcomputer.com/news/security/new-cifswitch-linux-flaw-gives-root-on-multiple-distributions/ - 13 Indy Trail Races With Views and Vibes That Will Blow You Away (Trail Runner Mag) - https://www.trailrunnermag.com/travel/race-guides/best-indy-trail-races-in-the-us/ - Tyler Andrews Sets Oxygen-Assisted Speed Record on Mount Everest (iRunFar) - https://www.irunfar.com/tyler-andrews-mount-everest-speed-record-2026

Episode 59: May 30, 2026

This episode covers a cybercrime gang funding real-world violence with stolen data, a Russian hacker who spent five years running an AI bot inside a 17,000-member Telegram channel, and Dutch authorities dismantling a botnet controlling 17 million infected devices. We also dig into how cloud misconfigurations stack into serious exploits when no one's watching the service accounts. Stories covered: - 'The Com' Cyberattacks Support Violence & Sexploitation (Dark Reading) - https://www.darkreading.com/threat-intelligence/the-com-cyberattacks-violence-sexploitation - A Russian hacker tricked a 17,000 strong MAGA Telegram channel with a jailbroken AI for over 5 years, leading to fraud, credential theft, and an empty crypto wallet - TechRadar (TechRadar) - https://news.google.com/rss/articles/CBMipwJBVV95cUxNRnpHUXhXbUtuN0NhVFl2blI5TzhlTGlsVTNhdGdmRm14aXl0MWQxS0h6VXRBNXZ2bHJzNkJMQllaQ3RfbnhveFlCdUU2ZUxqakxzbWpKc3FSSjFNZVAwZWY5OWoxOHdvajl2ejQwQTRfU2E0QlktcVdQczlGZ2gwZFNkcDRkdGhHNkJsZzJRYTNSUV9wQzJQT1FQOHZyNnljN2dDN3JnYmJTb3ZvUzYtSkFPR3RWR1RGSlAxaEEtbHU5YW1UQW5rY2tXOWtkLWVISmVZMnRVZnpxQTdWaDNUY1RVSzgzM2lScEJiQTQ0VjJhZ3BNbHE0UVIxNDRuQmJfMWp2bW1ldnJRV0FQVndFMEl0NDBieEFUTS02OU8zSFJoQUctMEU4?oc=5 - Dutch govt disrupts malware botnet with 17 million infected devices (BleepingComputer) - https://www.bleepingcomputer.com/news/security/dutch-govt-disrupts-malware-botnet-with-17-million-infected-devices/ - With Complex Cloud Integrations, Small Errors Lead to Major Compromises (Dark Reading) - https://www.darkreading.com/vulnerabilities-threats/complex-cloud-integrations-small-errors-compromises - 5 Advanced Workouts That Build Marathon Speed and How to Know You’re Ready for Them (Runner's World) - https://www.runnersworld.com/advanced/a71423197/advanced-marathon-speed-workouts/ - 13 Indy Trail Races With Views and Vibes That Will Blow You Away (Trail Runner Mag) - https://www.trailrunnermag.com/travel/race-guides/best-indy-trail-races-in-the-us/

Episode 57: May 28, 2026

This episode digs into a dark week for software supply chains, from the Glassworm botnet takedown to the TrapDoor malware infecting npm, PyPI, and CratesIO—plus why multi-factor authentication isn't as bulletproof as you think when attackers weaponize fatigue. Adrian also spotlights thirteen under-the-radar trail races that trade crowds for waterfalls and old-growth forests. It's cybersecurity threats and hidden running gems before your coffee cools. Stories covered: - CrowdStrike and Google take down botnet used by hackers to target open source software developers (TechCrunch) - https://techcrunch.com/2026/05/27/crowdstrike-and-google-take-down-botnet-used-by-hackers-to-target-software-developers-in-supply-chain-attacks/ - TrapDoor Supply Chain Attack Spreads Credential-Stealing Malware via npm, PyPI, and CratesIO - The Hacker News (The Hacker News) - https://news.google.com/rss/articles/CBMigAFBVV95cUxOMElHdEJDV1N1Q1JINkxIcmc1eTZINWVRRFNSanc3ZURLN0pCRzE4UVNhRXd2UV9SUmV2bFd6OWdRbjZDcFJwM3JPMmh0bFd4UUJMMmhleXpIOHVIZVBrOWFhMWxBZEp0QUZFdHJxSUthdWt4Q3ljb0ozYkNRUTZYdg?oc=5 - MFA Prompt Bombing: Why Your Second Factor Isn't Saving You (The Hacker News) - https://thehackernews.com/2026/05/mfa-prompt-bombing-why-your-second.html - 13 Indy Trail Races With Views and Vibes That Will Blow You Away (Trail Runner Mag) - https://www.trailrunnermag.com/travel/race-guides/best-indy-trail-races-in-the-us/ - Gemini, Gophers, and Fingers. Oh My Alternative Internets Beyond HTTPS (Hacker News) - https://brennan.day/gemini-gophers-and-fingers-oh-my-alternative-internets-beyond-https/ - Ransomware Actors Show Up In Person to Steal Law Firm Data (Dark Reading) - https://www.darkreading.com/cyberattacks-data-breaches/ransomware-actors-steal-law-firm-data