Weekly CYBER NEWS

Bleeding Llama and poisoned water supplies

5 min · 10 mei 2026
aflevering Bleeding Llama and poisoned water supplies artwork

Beschrijving

In this episode, we cover the biggest cybersecurity threats making headlines right now — including the critical “Bleeding Llama” vulnerability impacting Ollama AI servers, a supply-chain attack that turned the official JDownloader site into a malware delivery platform, and alarming breaches at Polish water treatment facilities. We also break down the latest Ivanti zero-day under active exploitation, the Quasar Linux RAT targeting developer credentials and cloud secrets, and the Braintrust breach that may have exposed customer AI provider keys. From AI infrastructure security to real-world OT attacks, this episode explains what defenders, developers, and businesses need to watch closely this week.

Reacties

0

Wees de eerste die een reactie plaatst

Meld je nu aan en word lid van de Weekly CYBER NEWS community!

Probeer gratis

Probeer 14 dagen gratis

€ 9,99 / maand na proefperiode. · Elk moment opzegbaar.

  • Podcasts die je alleen op Podimo hoort
  • 20 uur luisterboeken / maand
  • Gratis podcasts

Alle afleveringen

50 afleveringen

aflevering Cybersecurity Daily: OpenAI Supply Chain Scare, Adobe Zero-Day, Marimo RCE Exploits & APT37 Social Engineering (April 2026) artwork

Cybersecurity Daily: OpenAI Supply Chain Scare, Adobe Zero-Day, Marimo RCE Exploits & APT37 Social Engineering (April 2026)

In today’s Cybersecurity Daily, we break down the most critical cyber threats impacting April 2026. OpenAI revokes its macOS signing certificate after the Axios supply chain compromise exposed risks to software-signing pipelines, highlighting how deeply modern attacks can reach into trusted development workflows. We also cover an actively exploited Adobe Acrobat Reader vulnerability (CVE-2026-34621) that enables remote code execution through malicious PDFs, alongside a rapidly exploited Marimo pre-auth RCE flaw where attackers began harvesting secrets within hours of disclosure. On the threat actor side, we analyze North Korea’s APT37 campaign, using Facebook, Messenger, and Telegram to deliver RokRAT malware through a trojanized PDF viewer—showing how social engineering is evolving into long-term trust-based intrusion. Plus, a CPUID supply chain attack distributing malware via CPU-Z and HWMonitor downloads, reinforcing that even official download sources can no longer be fully trusted. The key takeaway: trust is now the primary attack surface—from code signing to social platforms to software distribution.

13 apr 20265 min