エピソード

  • Episode 86: June 26, 2026

    Episode 86: June 26, 2026
    2026/06/26
    This episode digs into a Cisco SD-WAN zero-day exploit breakdown from Mandiant, a clever macOS malware strain that deceives AI analysis tools with fake error messages, and a former hacker now applying exploit-finding skills to solar energy collection. Adrian North walks through early-morning signals before the noise of the day takes over. Stories covered: - Mandiant reveals how Cisco SD-WAN zero-day attacks gained root access (BleepingComputer) - https://www.bleepingcomputer.com/news/security/mandiant-reveals-how-cisco-sd-wan-zero-day-attacks-gained-root-access/ - New macOS malware embeds fake errors to confuse AI analysis tools (BleepingComputer) - https://www.bleepingcomputer.com/news/security/new-macos-malware-embeds-fake-errors-to-confuse-ai-analysis-tools/ - This former hacker saw the light—and now wants to collect all of it - Ars Technica (Ars Technica) - https://news.google.com/rss/articles/CBMirgFBVV95cUxNcUlQeG1mWTJSeC1MOFEwZjBKUHZxdFZxTnh6ZmN4UUhHMXBlYVd4SjZhRnoxSnpaRXFIUnotQnYzWThKR3pDWlRwZjNWVHRSZjNhN3pBLXFINHdfSWpjQWtkWE5fdjYxT3o3dXVzT0RlSm5oVUZNVVFWQ3JtXzFQZzh2cl8wYWZ0eXBFXzBrNWJFRnVKZVFCNC1BNVBpZ2ZfSlQxZFBYZnZuUXdGOFE?oc=5 - Fifty Years On, New York Honors the Five Who Took the NYC Marathon Out of Central Park (Marathon Handbook) - https://marathonhandbook.com/fifty-years-on-new-york-honors-the-five-who-took-the-nyc-marathon-out-of-central-park/ - An entire Herculaneum scroll has been read for the first time (Hacker News) - https://scrollprize.org/firstscroll - Mother Nature has a Weird and Nasty Way of Welcoming You to the Trail - The Trek (The Trek) - https://news.google.com/rss/articles/CBMiqwFBVV95cUxOR2xiOWV3d2tIMGlaUVc4ODFVcGtoLWt3cElsSkZIMUdIRndzMHRPdG83UVk0bG0tRlNLZllIT3Ftc21FT1Njc3pmUVhDOEtjU29vdU1YRkJzd1pQb3cwZmowbm5sWTF5OWREZmlXUnV2dWNZZXVPQUU3WFpjSE1DQTBZNFpxQkxDZkgtU19TOUhVWDZSb0l2RnJFY3dxYlY2LVdJbkE1UXp1R00?oc=5
    続きを読む 一部表示
    6 分
  • Episode 85: June 25, 2026

    Episode 85: June 25, 2026
    2026/06/25
    This episode digs into two actively exploited Cisco vulnerabilities that are making waves — including a zero-day that gave attackers root access to SD-WAN devices. We also cover a new website publicly shaming companies that still don't support passkeys, and a reformed hacker with an unexpected new mission. Stories covered: - Mandiant reveals how Cisco SD-WAN zero-day attacks gained root access (BleepingComputer) - https://www.bleepingcomputer.com/news/security/mandiant-reveals-how-cisco-sd-wan-zero-day-attacks-gained-root-access/ - Cisco Unified CM flaw CVE-2026-20230 now exploited in attacks (BleepingComputer) - https://www.bleepingcomputer.com/news/security/cisco-unified-cm-sme-flaw-cve-2026-20230-now-exploited-in-attacks/ - New website names and shames companies that still don’t offer passkeys to users (TechCrunch) - https://techcrunch.com/2026/06/24/new-website-names-and-shames-companies-that-still-dont-offer-passkeys-to-users/ - This former hacker saw the light—and now wants to collect all of it - Ars Technica (Ars Technica) - https://news.google.com/rss/articles/CBMirgFBVV95cUxNcUlQeG1mWTJSeC1MOFEwZjBKUHZxdFZxTnh6ZmN4UUhHMXBlYVd4SjZhRnoxSnpaRXFIUnotQnYzWThKR3pDWlRwZjNWVHRSZjNhN3pBLXFINHdfSWpjQWtkWE5fdjYxT3o3dXVzT0RlSm5oVUZNVVFWQ3JtXzFQZzh2cl8wYWZ0eXBFXzBrNWJFRnVKZVFCNC1BNVBpZ2ZfSlQxZFBYZnZuUXdGOFE?oc=5 - There’s an IKEA Marathon Happening This Year—and You May Have to Self-Assemble Your Medal (Of Course) (Runner's World) - https://www.runnersworld.com/news/a71679229/ikea-marathon/ - Amateur Hacker Used Claude And OpenAI Agents To Hack 14 Companies - bgr.com (bgr.com) - https://news.google.com/rss/articles/CBMigAFBVV95cUxOUy1rd0FqTk1EcF9qaDNtSjg0OUpLR1ZXWTZlM1hRU2xockRCMTF6U1FMZTFDZEw2UUxJTFlnZUpsVlFsa0tLZkRSUTlMRWJKVjhpNmhKNnVGSkp0Z1pNSlRBRDNrN2NYQ083a1NpeFVIMXVZLTVUSWc5blFZNHlJNg?oc=5
    続きを読む 一部表示
    6 分
  • Episode 84: June 24, 2026

    Episode 84: June 24, 2026
    2026/06/24
    This episode covers active exploitation of a Cisco Unified Communications flaw, LastPass confirming another breach through stolen OAuth tokens, and a former hacker who pivoted to solar energy. Adrian digs into why supply chain attacks are now the standard playbook and shares a Runner's World tip on avoiding long-run mistakes. Stories covered: - Cisco Unified CM flaw CVE-2026-20230 now exploited in attacks (BleepingComputer) - https://www.bleepingcomputer.com/news/security/cisco-unified-cm-sme-flaw-cve-2026-20230-now-exploited-in-attacks/ - LastPass confirms data breach in Klue supply chain attack (BleepingComputer) - https://www.bleepingcomputer.com/news/security/lastpass-confirms-data-breach-in-klue-supply-chain-attack/ - This former hacker saw the light—and now wants to collect all of it - Ars Technica (Ars Technica) - https://news.google.com/rss/articles/CBMirgFBVV95cUxNcUlQeG1mWTJSeC1MOFEwZjBKUHZxdFZxTnh6ZmN4UUhHMXBlYVd4SjZhRnoxSnpaRXFIUnotQnYzWThKR3pDWlRwZjNWVHRSZjNhN3pBLXFINHdfSWpjQWtkWE5fdjYxT3o3dXVzT0RlSm5oVUZNVVFWQ3JtXzFQZzh2cl8wYWZ0eXBFXzBrNWJFRnVKZVFCNC1BNVBpZ2ZfSlQxZFBYZnZuUXdGOFE?oc=5 - 8 Ways You’re Sabotaging Your Long Runs and How to Make Them Feel Easier (Runner's World) - https://www.runnersworld.com/training/a71682764/long-run-mistakes-runners/ - On Her Own Path: Lotti Brinks and the 2026 Western States 100 (iRunFar) - https://www.irunfar.com/on-her-own-path-lotti-brinks-and-the-2026-western-states-100 - The NO FAKES Act Could Silence Satire, Commentary, And News (EFF) - https://www.eff.org/deeplinks/2026/06/no-fakes-act-could-silence-satire-commentary-and-news
    続きを読む 一部表示
    6 分
  • Episode 83: June 23, 2026

    Episode 83: June 23, 2026
    2026/06/23
    This episode digs into Canada's unprecedented move to remotely clean malware from citizens' devices without permission, Microsoft's attribution of the Mastra AI supply chain attack to North Korean hackers, and a newly published iPhone exploit that lives in hardware Apple can't patch. We also touch on why your best running mentor is probably the local coach who shows up at dawn, not the influencer with perfect splits. Stories covered: - Canada’s Spy Agency Used First-of-Its-Kind Warrant to Clean Botnet-Infected Devices (The Hacker News) - https://thehackernews.com/2026/06/canadas-spy-agency-used-first-of-its.html - Microsoft links Mastra AI supply chain attack to North Korean hackers (BleepingComputer) - https://www.bleepingcomputer.com/news/security/microsoft-links-mastra-ai-supply-chain-attack-to-north-korean-hackers/ - Unpatchable 'usbliter8' Exploit Breaks Apple A12 and A13 SecureROM Boot Chain (The Hacker News) - https://thehackernews.com/2026/06/unpatchable-usbliter8-exploit-breaks.html - Your Best Running Mentor Probably Isn’t Who You Think (Marathon Handbook) - https://marathonhandbook.com/your-best-running-mentor-probably-isnt-who-you-think/ - A newbie hacker used "vague, low-skill prompts" in Claude and Codex to breach 14 companies, and the AI Agents did all the legwork - TechRadar (TechRadar) - https://news.google.com/rss/articles/CBMi9wFBVV95cUxQN3dzMmhNd3Y5TzN6OGxsVEI0TEZnZTN2aFY1QkJ2NDZMZWhRZl9EWmI3TjN3RVE1WmlKRWxBd2VBRE9xVHg2VGdEdFJfZmhZTE9xdUxOT2Jid1NRQVQ2RkdlU19PcUJBSFVXVURtWE1fZ1RpVUxjNU93bWdiRjVtdElITDJPRkptcHVmcnQ0Z0k3NDNLMWRJWGV0UlNSN3NVejJoN0NBUldXQzQwOWZRY1RSWk93NkRDLXNQeUlhLTQwOUljR0oyejYtTXhmS2xHT1BNc1hpbHNoZ0hEY1VPLXVEczNUMlRuSGRPTmpsZDZnQjVoNm5r?oc=5 - Linux and Secure Boot certificate expiration (2025) (Hacker News) - https://lwn.net/Articles/1029767/
    続きを読む 一部表示
    5 分
  • Episode 82: June 22, 2026

    Episode 82: June 22, 2026
    2026/06/22
    This episode digs into a CISA deadline for a critical Splunk vulnerability that's already being exploited in the wild, a North Korean supply chain attack that poisoned over 140 npm packages, and how a junior hacker used legitimate tools like Tailscale to maintain persistence after losing his primary command server. Adrian breaks down six stories that show how attackers are leveraging trust, timing, and creative tradecraft to stay ahead. Stories covered: - CISA: Splunk Enterprise flaw actively exploited, patch by Sunday (BleepingComputer) - https://www.bleepingcomputer.com/news/security/cisa-splunk-enterprise-flaw-actively-exploited-patch-by-sunday/ - Microsoft links Mastra AI supply chain attack to North Korean hackers (BleepingComputer) - https://www.bleepingcomputer.com/news/security/microsoft-links-mastra-ai-supply-chain-attack-to-north-korean-hackers/ - Junior Hacker Used Tailscale and OpenSSH to Keep Access After His C2 Went Offline - The Hacker News (The Hacker News) - https://news.google.com/rss/articles/CBMie0FVX3lxTFBNOXBPUEVoeE5CZl82WmNsVTRUMGY0LVJlMXMxZ3NJYnNuV1Y0MlFRY2pReHl1b2UwWVVENTRBeURnVlFpRmh0eEFzNEJUYkNNZ2IyNlRGOFRsMWJ0aTk1aFhfQURpb2ptVlh2N0hnYktPb2dwNGVMTWNZQQ?oc=5 - I Hated Running in the Heat. This Training Switch Led Me to Love It—and Faster Times (Runner's World) - https://www.runnersworld.com/training/a71631076/benefits-track-workouts-in-heat/ - Catching Up With Jimmy Chin: Training for Everest, Time, and His Next Big Project (Climbing Magazine) - https://www.climbing.com/culture-climbing/catching-up-with-jimmy-chin-training-for-everest-time-and-his-next-big-project/ - A bold satellite rescue mission came together in record time, but will it work? (Ars Technica) - https://arstechnica.com/space/2026/06/a-bold-satellite-rescue-mission-came-together-in-record-time-but-will-it-work/
    続きを読む 一部表示
    6 分
  • Episode 81: June 21, 2026

    Episode 81: June 21, 2026
    2026/06/21
    On today's Signal Check, Adrian digs into a North Korean supply chain attack that poisoned over 140 npm packages, an unpatchable iPhone exploit targeting Apple's SecureROM, and a scrappy hacker who kept his operation alive using Tailscale and SSH after losing his C2 server. Plus, millions in Brazil received a mysterious unauthorized emergency alert that nobody can quite explain yet. Stories covered: - Microsoft links Mastra AI supply chain attack to North Korean hackers (BleepingComputer) - https://www.bleepingcomputer.com/news/security/microsoft-links-mastra-ai-supply-chain-attack-to-north-korean-hackers/ - Unpatchable 'usbliter8' Exploit Breaks Apple A12 and A13 SecureROM Boot Chain (The Hacker News) - https://thehackernews.com/2026/06/unpatchable-usbliter8-exploit-breaks.html - Junior Hacker Used Tailscale and OpenSSH to Keep Access After His C2 Went Offline - The Hacker News (The Hacker News) - https://news.google.com/rss/articles/CBMie0FVX3lxTFBNOXBPUEVoeE5CZl82WmNsVTRUMGY0LVJlMXMxZ3NJYnNuV1Y0MlFRY2pReHl1b2UwWVVENTRBeURnVlFpRmh0eEFzNEJUYkNNZ2IyNlRGOFRsMWJ0aTk1aFhfQURpb2ptVlh2N0hnYktPb2dwNGVMTWNZQQ?oc=5 - Unauthorized alert sent to cell phones across Brazil (Hacker News) - https://www.cnn.com/2026/06/20/americas/brazil-hackers-unauthorized-alert-latam - What 50,000 Runners And 76 Studies Teach Us About Racing The NYC Marathon Smarter (Marathon Handbook) - https://marathonhandbook.com/what-50000-runners-and-76-studies-teach-us-about-racing-the-nyc-marathon-smarter/ - The Free and Open Web Is Under Attack at the IETF (EFF) - https://www.eff.org/deeplinks/2026/06/free-and-open-web-under-attack-ietf
    続きを読む 一部表示
    7 分
  • Episode 80: June 20, 2026

    Episode 80: June 20, 2026
    2026/06/20
    This episode covers critical security patches for NGINX that can't wait until Monday, a messy OAuth breach at Klue that gave hackers direct access to Salesforce data, and an unpatchable exploit in millions of older iPhones that Apple can't fix with software. Adrian walks through what moved overnight and why it matters before the weekend noise kicks in. Stories covered: - F5 Patches Two Critical NGINX Open Source Flaws Enabling Remote Code Execution (The Hacker News) - https://thehackernews.com/2026/06/f5-patches-two-critical-nginx-open.html - Klue OAuth breach victim list grows as Icarus hackers claim attack (BleepingComputer) - https://www.bleepingcomputer.com/news/security/klue-oauth-breach-victim-list-grows-as-icarus-hackers-claim-attack/ - Unpatchable 'usbliter8' Exploit Breaks Apple A12 and A13 SecureROM Boot Chain (The Hacker News) - https://thehackernews.com/2026/06/unpatchable-usbliter8-exploit-breaks.html - I Faded During My First Two Races. This Simple Workout Helped Me Finish the Next One Strong—and Set a PR. (Runner's World) - https://www.runnersworld.com/training/a71631335/fartlek-training-race-stronger/ - A bold satellite rescue mission came together in record time, but will it work? (Ars Technica) - https://arstechnica.com/space/2026/06/a-bold-satellite-rescue-mission-came-together-in-record-time-but-will-it-work/ - The Free and Open Web Is Under Attack at the IETF (EFF) - https://www.eff.org/deeplinks/2026/06/free-and-open-web-under-attack-ietf
    続きを読む 一部表示
    6 分
  • Episode 79: June 19, 2026

    Episode 79: June 19, 2026
    2026/06/19
    This episode digs into a patient cryptocurrency clipper campaign running since February, a French attacker who pivoted to legitimate remote tools when their server died, and why Salesforce integrations are becoming a serious supply chain risk. Adrian pulls signal from the noise before the day gets loud. Stories covered: - Microsoft Details Windows Clipper Malware Campaign Using USB LNK Worm and Tor-Based C2 (The Hacker News) - https://thehackernews.com/2026/06/microsoft-details-windows-clipper.html - Junior Hacker Used Tailscale and OpenSSH to Keep Access After His C2 Went Offline (The Hacker News) - https://thehackernews.com/2026/06/junior-hacker-used-tailscale-and.html - Salesforce Data Thefts Continue via Klue App Compromise (Dark Reading) - https://www.darkreading.com/cyberattacks-data-breaches/salesforce-data-thefts-klue-app-compromise - Shoulder and back exercises to improve your running mechanics (Canadian Running) - https://runningmagazine.ca/sections/training/shoulder-and-back-exercises-to-improve-your-running-mechanics/ - Launch HN: TesterArmy (YC P26) – Agents that test web and mobile apps (Hacker News) - https://tester.army - ‘Popa’ Botnet Linked to Publicly-Traded Israeli Firm (Krebs on Security) - https://krebsonsecurity.com/2026/06/popa-botnet-linked-to-publicly-traded-israeli-firm/
    続きを読む 一部表示
    6 分