The Defensive Line Podcast
The Defensive Line Weekly podcast is the audio edition of the weekly Defensive Line Substack intelligence summary — fifteen minutes of the week’s most defensively useful security stories, for blue teamers and security leaders. Vishing crews plant rogue passkeys; Helix loots SharePoint via device codes; ShareFile ordered offline; npm kills install scripts. Full breakdown: https://thedefensiveline.substack.com/p/the-defensive-line-weekly-29-512 [https://thedefensiveline.substack.com/p/the-defensive-line-weekly-29-512] Story 1 — Two crews, one phone: passkey enrolment vishing and Helix * Okta Threat Intelligence: https://www.okta.com/blog/threat-intelligence/vishing-actors-target-microsoft-entra-passkey-enrollment-/ [https://www.okta.com/blog/threat-intelligence/vishing-actors-target-microsoft-entra-passkey-enrollment-/] * BleepingComputer — Entra passkey enrolment vishing: https://www.bleepingcomputer.com/news/security/entra-passkey-enrollment-vishing-targets-microsoft-365-users/ [https://www.bleepingcomputer.com/news/security/entra-passkey-enrollment-vishing-targets-microsoft-365-users/] * SecurityWeek — Okta vishing warning: https://www.securityweek.com/okta-warns-of-vishing-attacks-targeting-microsoft-365-customers/ [https://www.securityweek.com/okta-warns-of-vishing-attacks-targeting-microsoft-365-customers/] * The Hacker News — fake Microsoft Entra pages: https://thehackernews.com/2026/07/hackers-use-fake-microsoft-entra.html [https://thehackernews.com/2026/07/hackers-use-fake-microsoft-entra.html] * ReliaQuest — Helix threat spotlight: https://reliaquest.com/blog/threat-spotlight-helix-new-name-in-data-extortion-ecosystem/ [https://reliaquest.com/blog/threat-spotlight-helix-new-name-in-data-extortion-ecosystem/] * BleepingComputer — Helix SharePoint data theft: https://www.bleepingcomputer.com/news/security/new-helix-vishing-group-emerges-in-sharepoint-data-theft-attacks/ [https://www.bleepingcomputer.com/news/security/new-helix-vishing-group-emerges-in-sharepoint-data-theft-attacks/] Story 2 — Progress orders ShareFile Storage Zone Controllers switched off * The Hacker News — ShareFile shutdown instruction: https://thehackernews.com/2026/07/urgent-progress-tells-sharefile.html [https://thehackernews.com/2026/07/urgent-progress-tells-sharefile.html] * ShareFile status page: https://status.sharefile.com/ Story 3 — npm’s bad week and the install-scripts default * Affected versions: jscrambler 8.14.0; @injectivelabs/sdk-ts 1.20.21 * StepSecurity — jscrambler malicious preinstall binary: https://www.stepsecurity.io/blog/jscrambler-npm-package-publishes-malicious-preinstall-binary [https://www.stepsecurity.io/blog/jscrambler-npm-package-publishes-malicious-preinstall-binary] * Socket — jscrambler supply chain attack: https://socket.dev/blog/jscrambler-supply-chain-attack [https://socket.dev/blog/jscrambler-supply-chain-attack] * The Hacker News — compromised jscrambler release: https://thehackernews.com/2026/07/compromised-jscrambler-8140-npm-release.html [https://thehackernews.com/2026/07/compromised-jscrambler-8140-npm-release.html] * The Hacker News — Injective Labs GitHub compromise: https://thehackernews.com/2026/07/injective-labs-github-compromise-pushes.html [https://thehackernews.com/2026/07/injective-labs-github-compromise-pushes.html] * The Hacker News — npm 12 disables install scripts by default: https://thehackernews.com/2026/07/npm-12-disables-install-scripts-by.html [https://thehackernews.com/2026/07/npm-12-disables-install-scripts-by.html] Honourable mentions * Wiz — GhostApproval: https://www.wiz.io/blog/ghostapproval-a-trust-boundary-gap-in-ai-coding-assistants [https://www.wiz.io/blog/ghostapproval-a-trust-boundary-gap-in-ai-coding-assistants] * Noma Security — GitLost: https://noma.security/blog/gitlost-how-we-tricked-githubs-ai-agent-into-leaking-private-repos/ [https://noma.security/blog/gitlost-how-we-tricked-githubs-ai-agent-into-leaking-private-repos/] * The Hacker News — GitLost: https://thehackernews.com/2026/07/public-github-issue-could-trick-github.html [https://thehackernews.com/2026/07/public-github-issue-could-trick-github.html] * BleepingComputer — Ghostcommit: https://www.bleepingcomputer.com/news/security/ghostcommit-hides-prompt-injection-in-images-to-fool-ai-agents-steal-secrets/ [https://www.bleepingcomputer.com/news/security/ghostcommit-hides-prompt-injection-in-images-to-fool-ai-agents-steal-secrets/] * Adobe — ColdFusion security bulletin (CVE-2026-48282): https://helpx.adobe.com/security/products/coldfusion/apsb26-68.html [https://helpx.adobe.com/security/products/coldfusion/apsb26-68.html] * BleepingComputer — ColdFusion flaw exploited in attacks: https://www.bleepingcomputer.com/news/security/max-severity-adobe-coldfusion-flaw-now-exploited-in-attacks/ [https://www.bleepingcomputer.com/news/security/max-severity-adobe-coldfusion-flaw-now-exploited-in-attacks/] * Google Cloud / Mandiant — recovering ADFS signing keys: https://cloud.google.com/blog/topics/threat-intelligence/recovering-active-adfs-signing-keys-machine-dpapi/ [https://cloud.google.com/blog/topics/threat-intelligence/recovering-active-adfs-signing-keys-machine-dpapi/] This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit thedefensiveline.substack.com [https://thedefensiveline.substack.com?utm_medium=podcast&utm_campaign=CTA_1]
27 afleveringen
Reacties
0Wees de eerste die een reactie plaatst
Meld je nu aan en word lid van de The Defensive Line Podcast community!