00:00 Intro

02:33 Shai Hulud 2.0

17:12 Max severity React vulnerability

29:23 CrowdStrike catches insider feeding information to hackers

46:24 Anthropic disruptes AI-orchestrated cyber campaign

52:35 Uncertain economy takes effect on cyber teams

Shai-Hulud 2.0 Aftermath: Trends, Victimology and Impact

Researchers report that Shai-Hulud 2.0 is an ongoing npm supply-chain worm that has compromised hundreds of packages and tens of thousands of GitHub repositories and siphoned secrets through CI/CD pipelines.

Critical React Server Components Vulnerability CVE-2025-55182

React vulnerability React Server Components (RSC) — tracked as CVE-2025-55182 — is a critical (CVSS 10.0) flaw that allows unauthenticated attackers to execute arbitrary code on servers just by sending a crafted HTTP request to vulnerable packages.

CrowdStrike catches insider feeding information to hackers

CrowdStrike caught an insider who had secretly shared screenshots of internal systems with hackers linked to Scattered Lapsus$ Hunters — though the company says no breach of its infrastructure occurred and no customer data was compromised.

Comcast's 2025 Cybersecurity Threat Report

Comcast Business’s 2025 Cybersecurity Threat Report finds that over the 12-month period ending May 31, 2025 the company recorded 34.6 billion cyber events — including 4.7 billion phishing attempts, 9.7 billion “drive-by” compromise attacks, 44,000 DDoS attacks, and 19.5 billion resource-development activities.

Disrupting the first reported AI-orchestrated cyber espionage campaign

Anthropic reports disrupting what it assesses to be the first large-scale, AI-orchestrated cyber espionage campaign, in which a Chinese state-linked group jailbroke Claude Code to autonomously conduct reconnaissance, exploit vulnerabilities, and exfiltrate data across dozens of global targets with minimal human involvement.

Uncertain Economy Takes Toll on Cybersecurity Teams

Economic uncertainty has hit corporate cyber operations: Artico Search and IANS Research report that cybersecurity budgets rose just 4% in 2025 (a five-year low), hiring growth slowed to 7% (down from 12% in 2024), and many security-teams are grappling with tighter budgets, fewer hires, and slower wage growth.

Hosts:

Jerry Perullo (Founder, https://adversarial.com/)

Sounil Yu (Founder, https://www.knostic.ai/)

Mario Duarte (Founder, stealth startup)

Producer: Tillson Galloway (Founder, http://githoundexplore.com/)

00:00 Intro

01:50 Louvre password

08:54 Trump budget cuts

20:35 Google AI threat report

36:56 Nevada didn’t pay ransom

48:25 Moved the needle

58:38 L3Harris Trenchant boss stole exploits, sold to Russia

62:00 Ransomware remediation firm employees go rogue

63:40 Cybersecurity Is A Digital Identity Problem And We Must Deal With It

The password for the Louvre’s video surveillance system was “Louvre”

The Louvre Museum reportedly had a video-surveillance server password of simply “LOUVRE” as early as 2014..

Trump budget cuts, agency gutting, leave Americans and economy at greater risk of being hacked, experts warn

Budget cuts under Donald Trump’s administration are slashing funding and staff at key federal cybersecurity agencies like CISA, increasing the risk of U.S. vulnerability to cyberattacks.

GTIG AI Threat Tracker: Advances in Threat Actor Usage of AI Tools | Google Cloud Blog

Adversaries are now deploying AI-enabled malware (such as self-modifying code) and exploiting underground AI tool markets across the full attack lifecycle.

Nevada didn’t pay ransom in statewide cyberattack, spent $1.5M on response

The State of Nevada did not pay the ransom after a statewide cyberattack, opting instead to spend approximately $1.5 million on response efforts.

How an ex-L3Harris boss stole and sold cyber exploits to Russia

A former L3Harris division boss admitted to stealing eight zero-day exploits from network and selling them to a Russian cyber-tool broker.

Chicago firm that resolves ransomware attacks had rogue workers carrying out their own hacks, FBI says

A Chicago-based ransomware response firm is under indictment after employees allegedly conducted five ransomware attacks of their own.

Cybersecurity Is A Digital Identity Problem And We Must Deal With It

Cybersecurity failures increasingly stem from weak or mis-managed digital identities, and organizations must shift their focus from endpoints to identity-first strategies.

Hosts:

Jerry Perullo (Founder, https://adversarial.com/)

Sounil Yu (Founder, https://www.knostic.ai/)

Mario Duarte (Founder, stealth startup)

Producer: Tillson Galloway (Founder, http://githoundexplore.com/)

00:00 Intro

00:50 AWS Outage

20:48 F5 Breach

41:06 Risk Management vs. Security Engineering

58:19 Moving the Needle Part 3

F5 Hack Blamed on China

Chinese state-backed hackers allegedly breached U.S. cybersecurity firm F5, gaining year-long access to its systems and BIG-IP source code, prompting security fears and causing the company to warn of revenue impacts and falling shares.

AWS Outage

A race condition in Amazon DynamoDB’s DNS management system caused widespread outages across the US-EAST-1 region on October 19–20, 2025, disrupting DynamoDB, EC2, NLB, and multiple dependent AWS services until recovery was completed the next afternoon.

The CISO Dilemma: Risk Management vs. Security Engineering

This post argues that quantitative risk management (QRM) in cybersecurity is a deceptive comfort mechanism that lets executives rationalize insecurity, urging CISOs to reject financialized “risk buy-downs” and instead demand true security engineering and systemic architectural integrity.

Hosts:

Jerry Perullo (Founder, https://adversarial.com/)

Sounil Yu (Founder, https://www.knostic.ai/)

Mario Duarte (Founder, stealth startup)

Producer: Tillson Galloway (Founder, http://githoundexplore.com/)

00:00 Highlight

03:44 Oracle E-Business Suite Zero-Day

14:49 UK government to be guarantor for Jaguar Land Rover cyberattack

25:54 "Moved the needle" Part 2

48:18 12 Security Problems Practitioners Want Solved

1:02:53 National Risk of Losing the CISA 2015 Act?

Oracle E-Business Suite Zero-Day Exploited in Widespread Extortion Campaign

Mandiant and Google Threat Intelligence Group uncovered a large-scale CL0P-linked extortion campaign exploiting a zero-day (CVE-2025-61882) in Oracle E-Business Suite to steal data from organizations before patches were released.

https://cloud.google.com/blog/topics/threat-intelligence/oracle-ebusiness-suite-zero-day-exploitation

UK government to be guarantor for Jaguar Land Rover loan as it recovers from cyberattack

The UK government is guaranteeing a £1.5 billion loan to Jaguar Land Rover to support its recovery and supply chain after a major cyberattack forced the automaker to halt production earlier this month.

https://therecord.media/jaguar-land-rover-loan-guarantor-cyberattack

12 Security Problems Practitioners Want Solved

Leen and Lockstep Ventures released a “Requests for Security Startups” report outlining twelve practitioner-driven problem areas—from preventative security and identity sprawl to AI-native assistants and continuous compliance—calling for builders to create practical, AI-powered, and workflow-integrated solutions that solve real security pain points.

https://www.leen.dev/beyond-the-noise

When Cyber Visibility Fades: The National Risk of Losing the CISA 2015 Act—and How Organizations Can Stay Secure Without It

The expiration of the Cybersecurity Information Sharing Act of 2015 has reduced national cyber visibility and weakened public–private threat intelligence sharing, prompting experts to warn that organizations must strengthen internal risk management and collaboration to stay secure.

https://www.carson-saint.com/when-cyber-visibility-fades-the-national-risk-of-losing-the-cisa-2015-act-and-how-organizations-can-stay-secure-without-it

Hosts:

Jerry Perullo (Founder, https://adversarial.com/)

Sounil Yu (Founder, https://www.knostic.ai/)

Mario Duarte (Founder, stealth startup)

Producer: Tillson Galloway (Founder, http://githoundexplore.com/)

00:00 Highlight

00:43 Intro

06:40 "Moved the needle" awards

37:05 Scattered Lapsus$ and Jaguar Hack

44:39 One Token to Rule Them All - Entra pwned

1:02:21 H-1B visa changes and their effect on the cyber industry

Scattered Lapsus$ and Jaguar Hack

Jaguar Land Rover has extended its production pause until October after a cyberattack crippled its IT systems. The company is struggling to recover operations at Range Rover plants.

https://www.wsj.com/business/jaguar-land-rover-extends-production-pause-until-october-following-cyberattack-0e39b7e8

One Token to Rule Them All

A deep dive into how attackers can obtain Global Admin across all Entra ID tenants using Actor tokens — the mechanics, prerequisites, and mitigation strategies.

https://dirkjanm.io/obtaining-global-admin-in-every-entra-id-tenant-with-actor-tokens/

What to Know About Changes to the H-1B Visa Program

The U.S. is proposing major H-1B visa changes, including a $100,000 annual fee per visa starting in 2026, a move aimed at prioritizing higher-wage hires but likely to hit startups and global tech talent hard.

https://www.wsj.com/us-news/h1b-visa-changes-explained-45b818e9?mod=djemCybersecruityPro

Hosts:

Jerry Perullo (Founder, https://adversarial.com/)

Sounil Yu (Founder, https://www.knostic.ai/)

Mario Duarte (Founder, stealth startup)

Producer: Tillson Galloway (Founder, http://githoundexplore.com/)

00:00 Intro

03:10 NPM supply chain attack leaves attackers empty handed

24:44 Why is Atlassian buying a browser company?

37:20 Apple's new Memory Integrity Enforcement

52:56 Salesloft breach leads to downstream hacks

Hackers left empty-handed after massive NPM supply-chain attack

Hackers briefly compromised popular NPM packages like chalk and debug-js, infecting ~10% of cloud environments, but despite the massive supply-chain reach they only netted about $600 in stolen cryptocurrency.

https://www.bleepingcomputer.com/news/security/hackers-left-empty-handed-after-massive-npm-supply-chain-attack/

Why is Atlassian Buying a Browser Company?

Atlassian is buying The Browser Company (makers of Arc and Dia) for $610M to gain control of the browser channel, secure its AI agent (Rovo) distribution, and enter the emerging “enterprise browser” market, even though success is uncertain against Google and Microsoft.

https://nextword.substack.com/p/why-is-atlassian-buying-a-browser

Memory Integrity Enforcement: A complete vision for memory safety in Apple devices

Apple’s new Memory Integrity Enforcement (MIE) brings always-on hardware-software memory safety to iPhone 17, making advanced spyware exploits far harder.

https://security.apple.com/blog/memory-integrity-enforcement/

Salesloft breached to steal OAuth tokens for Salesforce data-theft attacks

Hackers exploited Salesloft’s Drift–Salesforce integration to steal OAuth tokens and exfiltrate sensitive Salesforce data, tracked as UNC6395.

https://www.bleepingcomputer.com/news/security/salesloft-breached-to-steal-oauth-tokens-for-salesforce-data-theft-attacks/

Hosts:

Jerry Perullo (Founder, https://adversarial.com/)

Sounil Yu (Founder, https://www.knostic.ai/)

Mario Duarte (Founder, stealth startup)

Producer: Tillson Galloway (Founder, https://githoundexplore.com)

00:00 Introduction & BlackHat

02:06 Cybersecurity in Schools

18:53 Black Hat Conference Highlights

34:02 New York sues Zelle

44:48 Trends in Cybersecurity Mergers and Acquisitions

1:02:44 95% of generative AI pilots at companies are failing

1:08:53 Prompt injection with poisoned calendar invites

DARPA announces $4 million winner of AI code review competition at DEF CON

DARPA announced Team Atlanta as the winner of its two-year competition among researchers to create the best artificial intelligence systems that can find and fix vulnerabilities.

Attorney General James Sues Company Behind Zelle for Enabling Widespread Fraud

New York today sued Early Warning Services, a company owned and controlled by a group of the largest banks in the United States that was tasked with developing and operating the electronic payment platform Zelle, for failing to protect its users from massive amounts of fraud.

Cyber Acquisitions

• Palo Alto / CyberArk
• CrowdStrike / Onum
• Okta / Axiom
• Armis raises millions at $5B valuation

MIT report: 95% of generative AI pilots at companies are failing

A recent MIT‑commissioned study—highlighted in Fortune on August 18, 2025—reveals that approximately 95% of generative AI pilot programs at companies failed to deliver any measurable return on investment or financial uplift. The core issue appears to be not the AI itself, but poor integration into existing workflows and misaligned use cases, with only about 5% of pilots achieving rapid revenue growth by focusing sharply on specific pain points.

Hackers Hijacked Google’s Gemini AI With a Poisoned Calendar Invite to Take Over a Smart Home

Security researchers demonstrated that a poisoned Google Calendar invite could indirectly prompt-inject Google’s Gemini, causing it to control smart-home devices.

Hosts:

Jerry Perullo (Founder, https://adversarial.com/)

Sounil Yu (Founder, https://www.knostic.ai/)

Mario Duarte (Founder, stealth startup)

Producer: Tillson Galloway (https://tillsongalloway.com)

00:00 Introduction & BlackHat

03:14 AI Action Plan Overview

13:30 Chip Security Act

20:48 Government led AI-ISAC?

23:16 UK government considering banning public sector ransomware payments

28:14 Microsoft probing if Chinese hackers learned SharePoint flaws through alert

42:07 Ethics in Vendor Relationships – Gifts for meetings

America's AI Action Plan

“America’s AI Action Plan,” released by the Trump administration, outlines a roadmap with over 90 federal actions across three pillars—accelerating AI innovation, building U.S. AI infrastructure, and asserting international AI leadership through exports and technology alliances.

The Chip Security Act: A Bipartisan Solution to Chip Smuggling

The Chip Security Act, introduced by U.S. lawmakers, mandates that export‑controlled AI chip makers (like NVIDIA) embed on‑chip location‑verification mechanisms to ensure devices go only where they’re authorized—aiming to deter smuggling (especially to China) without deploying intrusive GPS or kill switches.

Why a Government-Led AI-ISAC is a Missed Opportunity

Errol Weiss argues that an AI‑ISAC led by the U.S. government, as proposed in the July 2025 White House AI Action Plan, represents a missed opportunity, because government-led initiatives tend to be bureaucratic, slow, less innovative, struggle to win private-sector trust and buy‑in, risk duplicating existing ISAC efforts, and may be perceived as politically biased—undermining effective, rapid, cross-industry intelligence sharing

UK plans to ban public sector bodies from paying ransom to cyber criminals

The UK government is set to ban public sector bodies and operators of critical national infrastructure from paying ransom demands to cyber criminals, as part of a wider package also mandating mandatory reporting for other organisations planning to pay, aimed at dismantling the ransomware business model and protecting essential services from dangerous disruptions.

Microsoft probing if Chinese hackers learned SharePoint flaws through alert, Bloomberg News reports

Microsoft is investigating whether a leak from its Microsoft Active Protections Program (MAPP)—which provides early vulnerability alerts to security partners—may have enabled Chinese-aligned hackers (Linen Typhoon, Violet Typhoon, and Storm-2603) to exploit critical zero‑day flaws in on-premises SharePoint servers before Microsoft fully patched the software, fueling a global espionage and ransomware campaign.

Hosts:

Jerry Perullo (Founder, https://adversarial.com/)

Sounil Yu (Founder, https://www.knostic.ai/)

Mario Duarte (Founder, stealth startup)

Producer: Tillson Galloway (https://tillsongalloway.com)