
Hosted by Edwin Kwan · EN

* ACSC Issues Second Warning in Two Months Over Unpatched CMS Vulnerabilities Being Actively Exploited* OpenMandriva Linux Hit by Internal Sabotage Attempt from Former Contributor* China Warns Developers to Uninstall Claude Code Over ‘Backdoor’ Data Collection Fears* Phishing Campaign Impersonates Major Global Brands to Steal Gmail Credentials This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit edwinkwan.substack.com

* Massive Automated Password Spray Attack Against Microsoft Azure Compromises 78 Accounts Across 64 Organisations* Apple’s Hide My Email Service Has Been Leaking Real Email Addresses for Over a Year Despite Being Reported* Anthropic to Restore Claude Fable Access After Export Control Suspension* Microsoft Introduces Smarter Bot Protection in Microsoft Teams Meetings* Malicious Websites Are Embedding Hidden Instructions to Hijack AI Agents Through Indirect Prompt Injection This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit edwinkwan.substack.com

* Fake ABC News Website Scam Using Facebook Ads to Defraud Australians of Hundreds of Thousands of Dollars* Five Eyes Cyber Chiefs Issue Urgent Joint Warning: AI Is Reshaping Cyber Risk Faster Than Anyone Anticipated* Anthropic’s Mythos AI Model Found Vulnerabilities in Classified US Government Systems Within Hours* WhatsApp Phishing Attack Uses Fake Business Documents to Compromise PCs* New macOS ClickFix Attack Silently Mounts Disk Images to Deploy Information-Stealing Malware This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit edwinkwan.substack.com

* Malicious JetBrains Marketplace Plugins Discovered Stealing AI API Keys from Developers* A Three-Stage Vulnerability Chain Turning Microsoft 365 Copilot Into a Silent Data Exfiltration Weapon* The Digital Trove: How a Single Hack Exposed One Man’s Entire Life and Why We’re All Vulnerable* FIFA Bug in World Cup Streaming Infrastructure Opened Door to Remote Takeover* Passkeys vs Passwords: Readers Debate Whether a Smartphone PIN Can Really Be Safer Than a Complex Password This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit edwinkwan.substack.com

* GitHub Announces Sweeping npm Security Overhaul to Combat Supply Chain Attacks* Anthropic Rolls Out Claude Fable 5 in Limited-Time Free Release Before Usage-Based Pricing Kicks In* OpenClaw AI Agent Found Vulnerable to Phishing Attacks, Leaking Sensitive User Data* Apple Introduces Automatic Password Changing Feature for Compromised Credentials This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit edwinkwan.substack.com

* Anthropic Expands Claude Mythos Preview Access to Australian Organisations Through Project Glasswing* Cybercriminals Exploit ChatGPT Share Links to Distribute Malware Via Fake Outage Pages* Google Chrome Bolsters Security With Session Cookie Theft Protection for All Users* Hackers Exploit Meta’s AI Support Bot to Hijack High-Profile Instagram Accounts* Critical HTTP/2 Bomb Vulnerability Exposes Major Web Servers to Remote Denial-of-Service Attacks This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit edwinkwan.substack.com

* npm Introduces Human Approval Gates to Counter Software Supply Chain Attacks* Anthropic’s AI Model Finds Over Ten Thousand Critical Vulnerabilities in Global Software Infrastructure* Anthropic’s Restricted Claude Mythos Model Moves Closer to Public Release* AI Emerges as a Game-Changer in Cyber Defence, Australian Signals Directorate Reports This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit edwinkwan.substack.com

* Grafana Labs Confirms Ransomware Extortion Following TanStack Supply Chain Breach* GitHub Confirms Internal Repository Breach After Employee Device Compromise* Google Accidentally Exposes Details of Unpatched Chromium Vulnerability* CISA Credentials Exposed in Public GitHub Repository for Six Months Before Takedown* HackerOne Slashes Bug Bounty Payouts as AI Floods Open-Source Security Programs This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit edwinkwan.substack.com

* Signal Adds In-App Security Warnings to Combat Social Engineering Attacks* Eighteen-Year-Old Vulnerability Discovered in Nginx Puts Millions of Web Servers at Risk* OpenAI Confirms Security Breach Following Sophisticated Supply Chain Attack* New Zero-Day Exploit Allows USB Stick to Bypass Windows BitLocker Encryption* Agentic AI Is the Security Blind Spot Organisations Can No Longer Afford to Ignore This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit edwinkwan.substack.com

* Cybercriminals Abuse Amazon SES to Launch Undetected Phishing Campaigns* ACSC Issues Warning Over ClickFix Attacks Deploying Vidar Stealer Malware* Malicious OpenClaw Skill Weaponizes AI Agent Framework to Distribute Malware* Survey Finds 1 in 8 Employees Consider Selling Company Login Credentials Justifiable* 60% of MD5 Password Hashes Now Crackable in Under an Hour With a Single GPU This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit edwinkwan.substack.com