Episode 64: June 04, 2026

Episode 64: June 04, 2026

This episode covers a zero-day flaw in Visual Studio Code that's leaking GitHub tokens, a devastating HTTP/2 exploit hammering web servers across the internet, and how attackers are now using AI to automatically bypass security tools faster than defenders can respond. Adrian breaks down what's moving in the threat landscape before your second cup of coffee hits. It's Thursday morning, and the signals are already loud. Stories covered: - VS Code zero-day lets hackers steal GitHub tokens in one click (BleepingComputer) - https://www.bleepingcomputer.com/news/security/vs-code-zero-day-lets-hackers-steal-github-tokens-in-one-click/ - New HTTP/2 Bomb Vulnerability Allows Remote DoS on NGINX, Apache, IIS, Envoy & Cloudflare (The Hacker News) - https://thehackernews.com/2026/06/new-http2-bomb-vulnerability-allows.html - Attackers Use AI to Automate EDR Evasion Testing (Dark Reading) - https://www.darkreading.com/endpoint-security/attackers-automate-edr-evasion-testing - Is It Okay to Take Breaks During Long Runs? Experts Explain When It Helps and When It Signals a Red Flag (Runner's World) - https://www.runnersworld.com/training/a71483612/stopping-during-long-runs/ - UAH researchers studying technology that could cut travel time to Mars - WAAY 31 News (WAAY 31 News) - https://news.google.com/rss/articles/CBMi4gFBVV95cUxQS081ZEhrbGhfa2V3LXhYcmVjQjZmMmU2UURsU2FkTnhOSlNzYW1nQ0duLS1iSTdRTE1pcG55cUhhR0hxX0ZxZHlmTG5kZ09ZSkdrejREb1ZTNzhQaHEwcWlWUWlFWi1RdUtackdPOGRmaEdIaGlSc0hWRHdWaWRzZUlBQV9FSUlzY1FsTk1zRFBXM08wLWVYNEgwMGZyMDJXY1lEYmdxZFVQd0wwWFR3aWczVkl6ZDM5Znc5SVplaEpQZnNJUkVsN0tjLVlXQ3FvQ1VfOXJGNFVKMmp2eXBxb25n?oc=5 - CISA warns of cyberattacks targeting fuel tank monitoring systems (BleepingComputer) - https://www.bleepingcomputer.com/news/security/cisa-warns-of-cyberattacks-targeting-fuel-tank-monitoring-systems/

Episode 63: June 03, 2026

This episode covers Google's urgent Android patch fixing an actively exploited vulnerability, another authentication bypass hitting Palo Alto's VPN gateways, and a wild new attack where hackers use Meta's own AI support tools to hijack Instagram accounts. We also dig into the growing cyberdeck movement — DIY enthusiasts building custom hardware to escape big tech surveillance — and wrap with a look at stunning independent trail races across the country. Stories covered: - Google June 2026 Android Update Patches 124 Flaws, One Actively Exploited (The Hacker News) - https://thehackernews.com/2026/06/google-june-2026-android-update-patches.html - Patch Now: Another Palo Alto Auth Bypass Bug Under Active Exploit (Dark Reading) - https://www.darkreading.com/threat-intelligence/patch-palo-alto-auth-bypass-bug-exploit - Instagram users locked out after Meta AI abused to steal accounts (BleepingComputer) - https://www.bleepingcomputer.com/news/security/instagram-users-locked-out-after-meta-ai-abused-to-steal-accounts/ - Cyberdecks are having a moment, rejecting big tech surveillance with style and substance (TechCrunch) - https://techcrunch.com/2026/06/02/cyberdeck-tiktok-trend-reject-big-tech/ - 13 Indy Trail Races With Views and Vibes That Will Blow You Away (Trail Runner Mag) - https://www.trailrunnermag.com/travel/race-guides/best-indy-trail-races-in-the-us/ - What I Learned Exploding Cams and Nuts On a Classic Squamish Splitter (Climbing Magazine) - https://www.climbing.com/gear/what-trad-climbers-should-know-about-exploding-cams-and-nuts/

Episode 62: June 02, 2026

This episode covers a wild range of security wake-up calls — from hackers tricking Meta's AI chatbot to hijack high-profile Instagram accounts, to compromised npm packages stealing developer credentials, to a critical Windows vulnerability now being actively exploited. Adrian North also shifts gears to spotlight thirteen stunning independent trail races across the U.S. for anyone looking to suffer beautifully. Stories covered: - Hackers Used Meta’s AI Support Bot to Seize Instagram Accounts (Krebs on Security) - https://krebsonsecurity.com/2026/06/hackers-used-metas-ai-support-bot-to-seize-instagram-accounts/ - Red Hat npm packages compromised to steal developer credentials (BleepingComputer) - https://www.bleepingcomputer.com/news/security/red-hat-npm-packages-compromised-to-steal-developer-credentials/ - Critical Windows Netlogon RCE flaw now exploited in attacks (BleepingComputer) - https://www.bleepingcomputer.com/news/microsoft/critical-windows-netlogon-remote-code-execution-flaw-now-exploited-in-attacks/ - 13 Indy Trail Races With Views and Vibes That Will Blow You Away (Trail Runner Mag) - https://www.trailrunnermag.com/travel/race-guides/best-indy-trail-races-in-the-us/ - Why Your Long Runs Leave You Wiped—and How to Bounce Back Better (Runner's World) - https://www.runnersworld.com/training/a71459738/amazing-runners-world-show-epsiode-117-long-run-fatigue_1780323049/ - This Weird 20-Legged Robot Moves Like Nothing Else on Earth and It Could Change How We Build Machines - ZME Science (ZME Science) - https://news.google.com/rss/articles/CBMiekFVX3lxTE1kVmZHZW9kNVZNX1VwTzl6RFdMWVNOYXJTSHhtYlcxb1RsUDRGUFByWFhYai0yd2ZsaG5wWmU4MXRpT2Vka1Z0WnN4cjdIM2lOT1FhQjRiSnptY0p3WWRqeXM0aDN4UGZzdXlmRFN4NXNfTWRLcjY4LW93?oc=5

Episode 61: June 01, 2026

This episode covers critical vulnerabilities in Gogs and Palo Alto's GlobalProtect VPN that are already being actively exploited, plus the takedown of a massive 17 million device botnet in the Netherlands. Adrian also digs into a bizarre new attack where hackers used an AI agent to carry out post-compromise actions autonomously. It's a Monday morning packed with urgent patches and unsettling new tactics. Stories covered: - Critical Gogs RCE Vulnerability Lets Any Authenticated User Execute Arbitrary Code (The Hacker News) - https://thehackernews.com/2026/05/critical-gogs-rce-vulnerability-lets.html - Palo Alto GlobalProtect VPN auth bypass flaw now exploited in attacks (BleepingComputer) - https://www.bleepingcomputer.com/news/security/palo-alto-globalprotect-vpn-auth-bypass-flaw-now-exploited-in-attacks/ - Dutch govt disrupts malware botnet with 17 million infected devices (BleepingComputer) - https://www.bleepingcomputer.com/news/security/dutch-govt-disrupts-malware-botnet-with-17-million-infected-devices/ - Attackers Use LLM Agent for Post-Exploitation After Marimo CVE-2026-39987 Exploit (The Hacker News) - https://thehackernews.com/2026/05/attackers-use-llm-agent-for-post.html - 13 Indy Trail Races With Views and Vibes That Will Blow You Away (Trail Runner Mag) - https://www.trailrunnermag.com/travel/race-guides/best-indy-trail-races-in-the-us/ - Tyler Andrews Sets Oxygen-Assisted Speed Record on Mount Everest (iRunFar) - https://www.irunfar.com/tyler-andrews-mount-everest-speed-record-2026

Episode 60: May 31, 2026

This episode covers critical vulnerabilities hitting Gogs self-hosted Git servers, Palo Alto VPN authentication bypass being actively exploited, and a groundbreaking attack where threat actors deployed an AI agent to autonomously handle post-exploitation. We also dig into a new Linux kernel privilege escalation flaw and what it means when your VPN becomes the weakest link. Stories covered: - Critical Gogs RCE Vulnerability Lets Any Authenticated User Execute Arbitrary Code (The Hacker News) - https://thehackernews.com/2026/05/critical-gogs-rce-vulnerability-lets.html - Palo Alto GlobalProtect VPN auth bypass flaw now exploited in attacks (BleepingComputer) - https://www.bleepingcomputer.com/news/security/palo-alto-globalprotect-vpn-auth-bypass-flaw-now-exploited-in-attacks/ - Attackers Use LLM Agent for Post-Exploitation After Marimo CVE-2026-39987 Exploit (The Hacker News) - https://thehackernews.com/2026/05/attackers-use-llm-agent-for-post.html - New CIFSwitch Linux flaw gives root on multiple distributions (BleepingComputer) - https://www.bleepingcomputer.com/news/security/new-cifswitch-linux-flaw-gives-root-on-multiple-distributions/ - 13 Indy Trail Races With Views and Vibes That Will Blow You Away (Trail Runner Mag) - https://www.trailrunnermag.com/travel/race-guides/best-indy-trail-races-in-the-us/ - Tyler Andrews Sets Oxygen-Assisted Speed Record on Mount Everest (iRunFar) - https://www.irunfar.com/tyler-andrews-mount-everest-speed-record-2026