Podcast
Hacking Humans
Hosted by N2K Networks · EN
Deception, influence, and social engineering in the world of cyber crime.
186episodes
Episodes
Newest firstAll episodes
Trusting the wrong package. [Only Malware in the Building]
Yesterday00:46:54Summary readyWelcome in! You’ve entered, Only Malware in the Building. Join us each month to sip tea and solve mysteries about today’s most interesting threats. Your host is Selena Larson, Proofpoint intelligence analyst and host of their podcast DISCARDED. Inspired by the residents of a building in New York’s exclusive upper west side, Selena is joined by her co-hosts N2K Networks Dave Bittner and Keith Mularski, former FBI cybercrime investigator and now Chief Global Ambassador at Qintel. Being a security researcher is a bit like being a detective: you gather clues, analyze the evidence, and consult the experts to solve the cyber puzzle. This week, our hosts dive into the evolving threat of software supply chain attacks and the growing risks facing the open-source ecosystem. As developers increasingly rely on third-party packages and AI-powered coding tools, attackers are finding new ways to abuse trusted software to reach a wider range of targets. The discussion explores why these attacks are becoming more common, what recent incidents reveal about the state of software security, and what organizations can do to better protect themselves. Sources: Shai-Hulud worm returns stronger and more automated than ever before ‘Mini Shai-Hulud’ malware compromises hundreds of open-source packages in sprawling supply-chain attack What We Learned: Axios NPM Supply Chain Compromise Emergency Briefing Your AI Gateway Was a Backdoor: Inside the LiteLLM Supply Chain Compromise
Summary
GDPR (noun) [Word Notes]
Yesterday00:06:57Summary readyA data privacy legal framework that applies to all countries in the European Union, regulating the transmission, storage, and use of personal data associated with residents of the EU. CyberWire Glossary link: https://thecyberwire.com/glossary/general-data-protection-regulation Audio reference link: “Mr. Robot Predicts JPM Coin!” YouTube, YouTube, 14 Feb. 2019, https://www.youtube.com/watch?v=1ee-cHbCI0s.
SummaryGraduation day grifts
6d ago00:46:36Summary readyThis week, hosts of N2K CyberWire Maria Varmazis and Dave Bittner alongside Joe Carrigan are discussing the latest in social engineering scams, phishing schemes, and criminal exploits that are making headlines. We start with some follow up on Joe’s rental scam story, as listener Ben suggests the scammers may go the extra mile because they could keep collecting rent for months before anyone realizes the property was never theirs to rent out. Also, another listener writes in with some “Chook Psychology 101." Maria’s story is on scammers targeting recent college graduates with fake student loan relief offers, job scams, and rental listings designed to steal personal information, deposits, and money through high-pressure tactics. Joe’s story is on Congress pressuring major telecom companies to do more to stop the flood of scam calls and texts still reaching Americans despite billions already being blocked every year. Dave’s story is on Android 17 adding new protections aimed at stopping banking scams, including stronger privacy controls and defenses against malicious calls during sensitive actions. Our Catch of the Day is on a text scam where scammers use scare tactics by sending fake messages about court dates and legal trouble. Resources and links to stories: BBB warns of scams targeting new graduates Congressional committee asks telecoms to do more to prevent scams as losses surge Android 17 to expand banking scam call and privacy protections Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@n2k.com.
Summary
ChatGPT (noun) [Word Notes]
1w ago00:08:37Summary readyPlease enjoy this encore of Word Notes. A conversational language model developed by the company OpenAI. CyberWire Glossary link: https://thecyberwire.com/glossary/chatgpt Audio reference link: jeongphill. “Movie - Her, First Meet OS1 (Operation System One, Os One, OS1).” YouTube, YouTube, 29 June 2014, https://www.youtube.com/watch?v=GV01B5kVsC0.
SummaryThe friendly skies aren’t friendly.
2w ago00:43:17Summary readyThis week, hosts of N2K CyberWire Maria Varmazis and Dave Bittner alongside Joe Carrigan are discussing the latest in social engineering scams, phishing schemes, and criminal exploits that are making headlines. We start with some follow up on a phishing scam targeting people tied to Japan’s pension system, with listener Don Roley warning that martial arts communities connected to Japan may also be in scammers’ sights. Joe’s story is on two scams that actually ended well, including a Baltimore man who avoided losing millions in a sweepstakes scam thanks to help from local reporters and law enforcement. Dave’s got the story of a retired engineer who lost thousands after calling a fake airline support number he found through a Google search while trying to rebook a Lufthansa flight. Maria’s story is on suspicious “child safety kits” sent home through schools that collect deeply personal information from parents while quietly serving as lead generation for life insurance sales. From the scams subreddit comes today’s Catch of the Day, where a scammer trying to score a quick fifty bucks was met instead with a barrage of old-timey biblical insults, eventually spiraling into rage messages. Resources and links to stories: Springfield Child Safety Kits determined not to be a scam Sweepstakes scam targets Baltimore-area man who was promised $9.4 million and a Mercedes-Benz Scam of elderly man goes so well, con artists strike again. But their timing is horrible Hearken, brethren! Behold how I did smite a worker of iniquity with the Word, and brought him unto great wrath. Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@n2k.com.
Summary
Man-in-the-Middle (noun) [Word Notes]
2w ago00:05:51Summary readyA cyber attack technique where adversaries intercept communications between two parties in order to collect useful information or to sabotage or corrupt the communication in some manner. CyberWire Glossary link: https://thecyberwire.com/glossary/man-in-the-middle-attack
SummaryMy relationship status is “compromised.”
3w ago00:51:29Summary readyThis week, hosts of N2K CyberWire Maria Varmazis and Dave Bittner alongside Joe Carrigan are discussing the latest in social engineering scams, phishing schemes, and criminal exploits that are making headlines. Joe once again shares tales from his "stupid" chickens. Dave has the story on how sugar baby scams are evolving into broader cyber threats involving fake identities, financial fraud, and account compromise. Maria's got the story on a Michigan business owner whose hacked Facebook account was drained, banned, and effectively locked away by automated moderation systems. Joe has the story on a Virginia family who narrowly avoided a Facebook Marketplace rental scam after a fake landlord asked them to wire money for a home they didn’t own. Our catch of the day comes from Reddit, where a scammer was this close too fooling, not really. Resources and links to stories: Sugar Baby Scams: How to Spot and Avoid Them Hacked, robbed, then banned: Canton Township business owner’s meta AI nightmare Mother falls for apparent social media-based real estate scam So Close Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@n2k.com.
Summary
NIST (Noun)
3w ago00:06:06Summary readyPlease enjoy this encore of Word Notes. A branch of the US Department of Commerce whose stated mission is to “promote U.S. innovation and industrial competitiveness by advancing measurement science, standards, and technology in ways that enhance economic security and improve our quality of life.” CyberWire Glossary link: https://thecyberwire.com/glossary/national-institute-of-standards-and-technology Audio reference link: Center, M.I., 2022. 2022 Meridian Summit: Cultivating Trust in Technology with NIST Director Laurie Locascio [WWW Document]. YouTube. URL https://www.youtube.com/watch?v=o43Y9Tk8ZVA (accessed 1.26.23).
SummaryDeepFake it till you make it.
4w ago00:46:46Summary readyThis week, hosts of N2K CyberWire Maria Varmazis and Dave Bittner alongside Joe Carrigan are discussing the latest in social engineering scams, phishing schemes, and criminal exploits that are making headlines. We start with some follow, a sweeping DOJ-led crackdown and rare U.S.-China cooperation that led to hundreds of arrests and the dismantling of global scam centers targeting Americans. Maria has the story on a study finding over a third of FIFA World Cup 2026 partner domains lack strong DMARC “reject” protections, leaving fans and customers vulnerable to spoofed emails and event-themed fraud. Dave’s got the story on Americans losing $2.1 billion to social media scams in 2025, with shopping, investment, and romance fraud surging as criminals increasingly use platforms like Facebook, WhatsApp, and Instagram to target victims. Joe’s got the story on AI deepfakes fueling scams, from fake Taylor Swift videos on TikTok luring users into phishing schemes to a completely fabricated influencer persona run by a scammer, underscoring how convincingly synthetic identities are being used to deceive online. Our catch of the day is on a text message where a scammer is promising a big reward. Resources and links to stories: 276 arrested in connection with 'scam centers' targeting Americans US, China join for rare cooperation in scam center raid FIFA World Cup 2026: More than One-Third of Official Partners Expose the Public to the Risk of Email Fraud Watchdog warns high FIFA World Cup ticket prices increase risk of scams How to make your World Cup experience scam free Consumers lost $2.1B to social media scams in 2025, FTC reports Taylor Swift Deepfakes Are Fooling TikTok Users Into Phishing Scams MAGA Influencer Emily Hart Exposed as Indian Man Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@n2k.com.
Summary
Mythbehavior under investigation. [OMITB]
4w ago00:44:56Summary readyWelcome in! You’ve entered, Only Malware in the Building. Join us each month to sip tea and solve mysteries about today’s most interesting threats. Your host is Selena Larson, Proofpoint intelligence analyst and host of their podcast DISCARDED. Inspired by the residents of a building in New York’s exclusive upper west side, Selena is joined by her co-hosts N2K Networks Dave Bittner and Keith Mularski, former FBI cybercrime investigator and now Chief Global Ambassador at Qintel. Being a security researcher is a bit like being a detective: you gather clues, analyze the evidence, and consult the experts to solve the cyber puzzle. On this episode of Mythb…oops, we mean Only Malware in the Building, our hosts take on some cyber myths. Dave busts the idea that small organizations aren’t targets, Selena digs into whether AI is really making attackers smarter, and Keith breaks down why identifying a hacker doesn’t mean law enforcement can just go make an arrest. Three myths, one truth: in cybersecurity, nothing is ever that simple.
Summary