Crestvale Newsroom

Linux Bad Epoll bug roots servers fast

5 min · 5 jul 2026
aflevering Linux Bad Epoll bug roots servers fast artwork

Beschrijving

Send us Fan Mail [https://www.buzzsprout.com/2602483/fan_mail/new] A critical Linux kernel flaw, a surge in malicious open source packages, and a high-profile breach all point to the same shift: attackers are focusing on identity, tokens, and trusted workflows instead of traditional perimeter defenses. For security and IT leaders, this changes where risk actually lives. Patch speed is now a primary control. Developer environments are active attack surfaces. And a single leaked credential can expose far more than expected if access is not tightly scoped. This episode breaks down the Linux "Bad Epoll" vulnerability, the Lazarus package campaign, and the Novo Nordisk breach, along with a disruption of residential proxy infrastructure used in credential attacks. Learn more at https://crestvale.io Support the show [https://www.buzzsprout.com/2602483/support]

Reacties

0

Wees de eerste die een reactie plaatst

Meld je nu aan en word lid van de Crestvale Newsroom community!

Probeer gratis

Probeer 14 dagen gratis

€ 9,99 / maand na proefperiode. · Elk moment opzegbaar.

  • Podcasts die je alleen op Podimo hoort
  • 20 uur luisterboeken / maand
  • Gratis podcasts

Alle afleveringen

163 afleveringen

aflevering Linux Bad Epoll bug roots servers fast artwork

Linux Bad Epoll bug roots servers fast

Send us Fan Mail [https://www.buzzsprout.com/2602483/fan_mail/new] A critical Linux kernel flaw, a surge in malicious open source packages, and a high-profile breach all point to the same shift: attackers are focusing on identity, tokens, and trusted workflows instead of traditional perimeter defenses. For security and IT leaders, this changes where risk actually lives. Patch speed is now a primary control. Developer environments are active attack surfaces. And a single leaked credential can expose far more than expected if access is not tightly scoped. This episode breaks down the Linux "Bad Epoll" vulnerability, the Lazarus package campaign, and the Novo Nordisk breach, along with a disruption of residential proxy infrastructure used in credential attacks. Learn more at https://crestvale.io Support the show [https://www.buzzsprout.com/2602483/support]

5 jul 20265 min
aflevering ServiceNow unauth API bug exposed enterprise data artwork

ServiceNow unauth API bug exposed enterprise data

Send us Fan Mail [https://www.buzzsprout.com/2602483/fan_mail/new] A quiet fix to a ServiceNow API exposure is raising a louder question about trust in the SaaS control plane. When systems that power identity, tickets, and internal context leak without authentication, the blast radius extends far beyond a single tool. This episode breaks down why delayed disclosure changes your response window, and why you should treat core SaaS platforms and build systems as breach critical. It also looks at how autonomous ransomware is compressing attack timelines, and why internet exposed orchestration tools are becoming high value entry points. We also cover the NetNut proxy disruption, the rise of supply chain to ransomware pipelines, and signals from Alibaba, CISA, Visa, and Microsoft 365. Learn more at https://crestvale.io Support the show [https://www.buzzsprout.com/2602483/support]

Gisteren6 min
aflevering CISA adds SharePoint RCE CVE-2026-45659 to KEV artwork

CISA adds SharePoint RCE CVE-2026-45659 to KEV

Send us Fan Mail [https://www.buzzsprout.com/2602483/fan_mail/new] A critical SharePoint vulnerability is now under active exploitation, while regulators are making it clear that inaccurate security claims can carry legal consequences. At the same time, attackers are turning edge device flaws into repeatable ransomware entry points, and major platforms are reshaping how security intelligence is delivered. This episode breaks down what these shifts mean in practice. From emergency patching decisions to the growing legal weight of compliance frameworks, the environment is changing from both sides. Security leaders are being pushed to move faster operationally while also proving that controls are actually in place. We also cover FortiBleed's role in ransomware campaigns, Visa's move into threat intelligence, and what it signals about the merging of fraud and cybersecurity. Learn more at https://crestvale.io Support the show [https://www.buzzsprout.com/2602483/support]

3 jul 20266 min
aflevering Tomcat auth bypass breaks security-constraint protections artwork

Tomcat auth bypass breaks security-constraint protections

Send us Fan Mail [https://www.buzzsprout.com/2602483/fan_mail/new] Authentication controls failing silently is a different kind of risk. Today's episode breaks down how newly disclosed Apache Tomcat vulnerabilities allowed attackers to bypass protections that teams believed were enforced, and why this changes how you validate access controls. For security and IT leaders, the shift is clear. Configuration is no longer proof of enforcement. You need to test real access paths, verify behavior, and assume gaps exist until proven otherwise. At the same time, active exploitation of an Oracle E-Business Suite flaw shows how quickly attackers move once patches are released, while new federal deadlines on post-quantum cryptography turn long-term planning into near-term operational work. We also cover Zscaler's move into AI agent control planes and what it signals about identity in autonomous systems, along with several other key developments shaping the threat landscape. Learn more at https://crestvale.io Support the show [https://www.buzzsprout.com/2602483/support]

2 jul 20266 min
aflevering EY grads accused of PM bank snooping artwork

EY grads accused of PM bank snooping

Send us Fan Mail [https://www.buzzsprout.com/2602483/fan_mail/new] Today's episode focuses on a quiet but critical failure point: access control. A real-world incident involving contractor access to sensitive financial data shows how authorization gaps, not external attackers, are often the weakest link. For security and IT leaders, this is a shift in where risk lives. Insider misuse, third-party exposure, and inherited liability from vendors are becoming more consequential than perimeter threats. From financial filings to endpoint security, the common thread is clear. If you do not tightly control who can access what, and when, you are carrying unseen risk. We also cover a major IRS liability ruling, active ransomware exploitation of a Windows privilege escalation flaw, and key signals from across the security landscape. Learn more at https://crestvale.io Support the show [https://www.buzzsprout.com/2602483/support]

1 jul 20266 min