Episode 49: May 20, 2026

Episode 57: May 28, 2026

This episode digs into a dark week for software supply chains, from the Glassworm botnet takedown to the TrapDoor malware infecting npm, PyPI, and CratesIO—plus why multi-factor authentication isn't as bulletproof as you think when attackers weaponize fatigue. Adrian also spotlights thirteen under-the-radar trail races that trade crowds for waterfalls and old-growth forests. It's cybersecurity threats and hidden running gems before your coffee cools. Stories covered: - CrowdStrike and Google take down botnet used by hackers to target open source software developers (TechCrunch) - https://techcrunch.com/2026/05/27/crowdstrike-and-google-take-down-botnet-used-by-hackers-to-target-software-developers-in-supply-chain-attacks/ - TrapDoor Supply Chain Attack Spreads Credential-Stealing Malware via npm, PyPI, and CratesIO - The Hacker News (The Hacker News) - https://news.google.com/rss/articles/CBMigAFBVV95cUxOMElHdEJDV1N1Q1JINkxIcmc1eTZINWVRRFNSanc3ZURLN0pCRzE4UVNhRXd2UV9SUmV2bFd6OWdRbjZDcFJwM3JPMmh0bFd4UUJMMmhleXpIOHVIZVBrOWFhMWxBZEp0QUZFdHJxSUthdWt4Q3ljb0ozYkNRUTZYdg?oc=5 - MFA Prompt Bombing: Why Your Second Factor Isn't Saving You (The Hacker News) - https://thehackernews.com/2026/05/mfa-prompt-bombing-why-your-second.html - 13 Indy Trail Races With Views and Vibes That Will Blow You Away (Trail Runner Mag) - https://www.trailrunnermag.com/travel/race-guides/best-indy-trail-races-in-the-us/ - Gemini, Gophers, and Fingers. Oh My Alternative Internets Beyond HTTPS (Hacker News) - https://brennan.day/gemini-gophers-and-fingers-oh-my-alternative-internets-beyond-https/ - Ransomware Actors Show Up In Person to Steal Law Firm Data (Dark Reading) - https://www.darkreading.com/cyberattacks-data-breaches/ransomware-actors-steal-law-firm-data

Episode 56: May 27, 2026

This episode covers a critical Microsoft SharePoint vulnerability demanding immediate patching, a major 7-Eleven data breach exposing 183,000 people, and a coordinated supply chain attack hitting three major package ecosystems at once. Adrian also digs into an Oregon hacker who sold access to the state's emergency network for Bitcoin. It's Wednesday morning, and the signals are already humming. Stories covered: - Microsoft Patches SharePoint RCE Flaw CVE-2026-45659 Across Server Versions (The Hacker News) - https://thehackernews.com/2026/05/microsoft-patches-sharepoint-rce-flaw.html - 7-Eleven data breach exposes personal information of 185,000 people (BleepingComputer) - https://www.bleepingcomputer.com/news/security/7-eleven-data-breach-exposes-personal-information-of-185-000-people/ - TrapDoor Supply Chain Attack Spreads Credential-Stealing Malware via npm, PyPI, and CratesIO (The Hacker News) - https://thehackernews.com/2026/05/trapdoor-supply-chain-attack-spreads.html - Hacker who sold access to Oregon state emergency network for Bitcoin gets prison - OregonLive.com (OregonLive.com) - https://news.google.com/rss/articles/CBMixAFBVV95cUxNczh0aUVGUzllVUVlZXJ4R24zM25tVTgzM1FwNWZSMm9ibjZRdE9hU1VORWZTMWFSdk1TUVZGVklGdE5QdmZFM29JTl92X05uWWpfOUthWkdraGtVenpCVWtaRnYtV3dxOVJnWkxXSW41S0ZnR2FjYS1Nc0FnaGxSNXBiWnNESmdFX0E0enVfNXNEREY1ZmNwcnA0NXgyaHVtVVozSWlGNFJzUk02aFlpVThVQXlpUmlSNWN1LU9Hc0tUbk4y0gHYAUFVX3lxTE1WS3FpaVlGT0UtWVBtUVpBVnBtcFFQTjdvU1RZRjMzZlpFS0kwZmxfUmhyR1VTd1J0SGlOd1Vnc1pfYTZhSkxBWkZrRzBCZlNiUFIwNlFHbExOaEJWblVwTG5IaVlsWWJJX01Eclc0TDRtN2dyb2pjck4tQTcwa0NZMEczMWthQ1h2V24wYk4zcU5oVFF3T1RNMjlyWmZTdW9nc2tRdVFJYVhySHhfa1VWNzIyZVdtcldJb3lXM1d5NWQteExseWlKNU9SNzNsdjQzX19sTEdmNQ?oc=5 - These Runners Dress Up Like Salmon Every Year and Run This Historic Race—Backwards (Runner's World) - https://www.runnersworld.com/news/a71376795/bay-to-breakers-costume-runners/ - DuckDuckGo installs are up 30% as users reject being ‘force-fed’ Google’s AI Search (TechCrunch) - https://techcrunch.com/2026/05/26/duckduckgo-installs-are-up-30-as-users-reject-being-force-fed-googles-ai-search/

Episode 55: May 26, 2026

On today's Signal Check, Adrian North digs into a massive botnet takedown involving two million compromised devices, a coordinated supply chain attack targeting developers across three major code repositories, and Verizon's latest breach report showing a major shift in how attackers are getting in. Plus, a Romanian ultramarathon turns into a mountain rescue when weather strikes harder than expected. Stories covered: - US and Canada arrest and charge suspected Kimwolf botnet admin (BleepingComputer) - https://www.bleepingcomputer.com/news/security/us-and-canada-arrest-and-charge-suspected-kimwolf-botnet-admin/ - TrapDoor Supply Chain Attack Spreads Credential-Stealing Malware via npm, PyPI, and CratesIO (The Hacker News) - https://thehackernews.com/2026/05/trapdoor-supply-chain-attack-spreads.html - Verizon 2026 DBIR: Vulnerability Exploitation Leaps Ahead of Stolen Credentials as #1 Initial Breach Cause - CPO Magazine (CPO Magazine) - https://news.google.com/rss/articles/CBMi4gFBVV95cUxQcl80azh0dFB1ZE5TdGM3eW4zVk9XZEtnczNNeUM1SUI4M1lnSFJvbk8tQzY1RXNwT1AxQWZ5X21BUG82ZTJtQy1mUGhpYkpsOXNnT2FxaVVXdUZYTG9yd3NaR0pBLVNPQkE3UkpzYmFQS2tqeWItdFgtX3ZSMUx1U0RpWERPUnZYSHdZNXlhaGxUdjJHbDhud3cta0tGNkgxa3I4amc3WE1kMWcySEQ1dHRqenJPUDlPbnJJUFBTbWpOQkZhWmRKVENqcGFYN2dYZmNNajBTSFB3ZFItQXJNeWdn?oc=5 - Snow and Ice Trap Runners at Romania’s Transylvania 100, Triggering Mass Mountain Rescue (Marathon Handbook) - https://marathonhandbook.com/snow-and-ice-trap-runners-at-romanias-transylvania-100-triggering-mass-mountain-rescue/ - On Trails is a wandering tale that blends hiking, science, and history (The Verge) - https://www.theverge.com/entertainment/936860/robert-moor-on-trails-book-review - Microsoft Copilot Cowork Exfiltrates Files (Hacker News) - https://www.promptarmor.com/resources/microsoft-copilot-cowork-exfiltrates-files

Episode 54: May 25, 2026

This episode covers a coordinated supply chain attack on PHP's Packagist repository, mass exploitation of a critical Ghost CMS vulnerability turning websites into malware traps, and the ironic exposure of AWS GovCloud credentials by a CISA contractor's public GitHub repo. Adrian breaks down how attackers are poisoning dependencies upstream, automating large-scale injections, and why even the agencies protecting federal networks aren't immune to basic security mistakes. Stories covered: - Packagist Supply Chain Attack Infects 8 Packages Using GitHub-Hosted Linux Malware (The Hacker News) - https://thehackernews.com/2026/05/packagist-supply-chain-attack-infects-8.html - Ghost CMS SQL injection flaw exploited in large-scale ClickFix campaign (BleepingComputer) - https://www.bleepingcomputer.com/news/security/ghost-cms-sql-injection-flaw-exploited-in-large-scale-clickfix-campaign/ - CISA Admin Leaked AWS GovCloud Keys on Github (Krebs on Security) - https://krebsonsecurity.com/2026/05/cisa-admin-leaked-aws-govcloud-keys-on-github/ - Megalodon GitHub Attack Targets 5,561 Repos with Malicious CI/CD Workflows (The Hacker News) - https://thehackernews.com/2026/05/megalodon-github-attack-targets-5561.html - On Trails is a wandering tale that blends hiking, science, and history (The Verge) - https://www.theverge.com/entertainment/936860/robert-moor-on-trails-book-review - The Shoes That Won The 2026 Cape Town Marathon (Marathon Handbook) - https://marathonhandbook.com/the-shoes-that-won-the-2026-cape-town-marathon/

Episode 53: May 24, 2026

This episode covers GitHub's new security requirements for npm publishers, a major credential leak from a CISA contractor, and Apple's lockdown mode for high-risk users. We dig into how trust gets built—and broken—in software supply chains and government infrastructure. On today's show, friction that protects, keys left in plain sight, and what to do when your phone becomes a target. Stories covered: - npm Adds 2FA-Gated Publishing and Package Install Controls Against Supply Chain Attacks (The Hacker News) - https://thehackernews.com/2026/05/npm-adds-2fa-gated-publishing-and.html - CISA Admin Leaked AWS GovCloud Keys on Github (Krebs on Security) - https://krebsonsecurity.com/2026/05/cisa-admin-leaked-aws-govcloud-keys-on-github/ - These special phone and app features can help protect you from spyware (TechCrunch) - https://techcrunch.com/2026/05/23/you-dont-have-to-click-anything-to-get-hacked-anymore-heres-how-to-fight-back/ - Adidas Built a Suit That Makes You Run Faster. The World’s Best Marathoners Aren’t Sure They Want It. (Marathon Handbook) - https://marathonhandbook.com/adidas-built-a-suit-that-makes-you-run-faster-the-worlds-best-marathoners-arent-sure-they-want-it/ - TSA Confirms Medical Cannabis Air Travel Policy Remains Unchanged Triggering Widespread Passenger Confusion, Flight Cancellations Risk, and Airport Disruptions Across New York, Los Angeles, Chicago, and Miami: New Airline News and Aviation Upda - Nomad Lawyer (Nomad Lawyer) - https://news.google.com/rss/articles/CBMigAFBVV95cUxNSjk4Z2dodFpJZGVoZ2U3UHBzNEF6ZXYzUlB6RVJSbUFpWEhHMkgwYzBOSEhoZTh1b2RQamVpUk55NjNmVEJXd1liS3N0clRPTU9HeEVQY1VDQzl4a2pfNVpjYm5mY3Z3UUZyYWlLVThtWHpmT202WkRHVjNBT3Nxdg?oc=5 - Ebola outbreak now third largest recorded and "spreading rapidly" (Ars Technica) - https://arstechnica.com/health/2026/05/ebola-outbreak-now-third-largest-recorded-and-spreading-rapidly/