Daily Security Review podcast | Listen online for free

Available Episodes

5 of 327

The “s1ngularity” Attack: How Hackers Hijacked Nx and Leaked Thousands of Repositories
In late August 2025, the open-source software ecosystem was rocked by a sophisticated two-phase supply chain attack, now known as “s1ngularity.” The incident began when attackers exploited a flaw in GitHub Actions workflows for the Nx repository, stealing an NPM publishing token and using it to release malicious versions of Nx packages. These packages carried a hidden malware script—telemetry.js—that targeted developer machines, searching for GitHub tokens, NPM tokens, API keys, SSH keys, crypto wallets, and .env files, then uploading the stolen secrets into public GitHub repositories labeled s1ngularity-repository.The breach didn’t stop there. In Phase 2, the attackers used the compromised credentials to infiltrate hundreds of GitHub accounts, flipping over 6,700 private repositories to public, exposing sensitive intellectual property, AI service credentials, and cloud platform secrets. In some cases, they even modified shell startup files to crash developer systems. Most alarming of all, this attack marked the first documented weaponization of AI coding assistants—including Claude, Gemini, and Amazon Q—as automated data-harvesting tools. The attackers issued detailed prompts through AI CLIs, instructing them to search recursively for sensitive data, effectively turning trusted developer AI tools into accomplices.While many compromised GitHub tokens have since been revoked, a worrying percentage of stolen NPM tokens remain valid, extending the potential blast radius. The s1ngularity incident underscores the growing risks in today’s software supply chain, where open-source dependencies, developer machines, CI/CD pipelines, and AI assistants all create new points of vulnerability.This episode unpacks how the attack unfolded, why it’s being called a watershed moment in AI-driven cybercrime, and what organizations must do to defend against similar threats. From secret management and secure pipelines to AI usage policies and SBOM adoption, we explore the urgent measures needed to secure the future of software development against the next evolution of supply chain attacks.#s1ngularity #SupplyChainAttack #Nx #NPM #GitHub #AIExfiltration #Claude #Gemini #Cybersecurity #OpenSourceSecurity #SecretsManagement #CI_CD #SoftwareSupplyChain #DevSecOps
--------
38:48
--------
38:48
Canadian Investment Giant Wealthsimple Hit by Vendor Compromise
Wealthsimple, one of Canada’s largest online investment platforms, has confirmed a data breach that exposed the sensitive information of fewer than 1% of its three million clients. The incident, detected on August 30, 2025, originated from a supply chain attack: a trusted third-party vendor’s compromised software package served as the entry point for attackers. While Wealthsimple quickly contained the breach and confirmed that no client funds were accessed or stolen, the compromised data includes Social Insurance Numbers (SINs), government IDs, financial account numbers, IP addresses, dates of birth, and contact details—a treasure trove for identity thieves.Wealthsimple has assured clients that all accounts remain secure, but the exposure of SINs and government IDs raises significant concerns about long-term risks such as fraud, account takeovers, and tax-related identity theft. To mitigate these risks, the company is offering two years of free credit monitoring, dark-web surveillance, and identity theft protection services to those impacted. Clients have also been urged to enable two-factor authentication, remain vigilant for phishing scams, and regularly check financial and credit reports for suspicious activity.This breach highlights the growing threat of supply chain attacks, where adversaries exploit vulnerabilities in trusted third-party providers to compromise downstream organizations. Such attacks have become increasingly common—infamously seen in SolarWinds, Kaseya, and ASUS incidents—because they bypass traditional defenses and provide attackers with broad access at scale. Canadian regulators, including privacy and financial authorities, have been notified in line with breach reporting obligations.Beyond Wealthsimple, this incident is a stark reminder for organizations to strengthen vendor risk management, conduct ongoing security reviews of third-party partners, and adopt proactive defense strategies such as zero-trust frameworks, software integrity checks, and continuous monitoring. For individuals, it underscores the importance of maintaining strong password hygiene, avoiding reuse across accounts, and staying alert to potential fraud attempts long after the initial breach.#Wealthsimple #DataBreach #SupplyChainAttack #Cybersecurity #IdentityTheft #Canada #FinancialSecurity #SINFraud #ThirdPartyRisk #Privacy #InvestmentSecurity
--------
34:24
--------
34:24
FireCompass Raises $20M to Scale AI-Powered Offensive Security
In a year when cybercrime is projected to cost the world over $10.5 trillion, FireCompass has emerged as one of the most closely watched AI-driven cybersecurity innovators. The startup, founded in 2019, just secured $20 million in new funding—bringing its total raised to nearly $30 million. Backed in part by EC-Council’s Cybersecurity Innovation Fund, this investment is aimed at accelerating research and development, scaling global operations, and strengthening its talent base in an industry where skilled professionals remain in short supply.FireCompass offers a unified AI-powered offensive security platform designed to outpace adversaries by simulating real-world attacks at machine speed. Using its patented Agentic AI foundation, the platform chains vulnerabilities, conducts lateral movement, and validates risks across networks—mirroring the playbook of advanced attackers. With thousands of attack scenarios aligned to the MITRE ATT&CK framework, FireCompass continuously identifies exploitable risks before criminals can act, boasting over 2.5 million real attack paths uncovered to date and reducing customer remediation timelines by 40%.The funding comes at a pivotal moment for the cybersecurity industry. Venture capital investment in 2025 is increasingly concentrated on AI-native platforms as organizations grapple with the growing sophistication of threats, the rise of automated attacks, and the chronic shortage of cybersecurity talent. FireCompass’s expansion signals not only a bet on AI as the future of security but also a recognition that offensive, continuous threat exposure management (CTEM) is becoming mission-critical for enterprises worldwide.This episode explores how FireCompass plans to use its latest funding to transform global cybersecurity, why offensive security is becoming essential in an era of AI-powered threats, and how innovations like microsegmentation, lateral movement detection, and MITRE ATT&CK alignment are shaping the next generation of defense.#FireCompass #Cybersecurity #AI #OffensiveSecurity #MITREATTACK #CTEM #PenTesting #AgenticAI #ECcouncil #Cybercrime #ThreatExposureManagement #Automation #VentureCapital
--------
38:48
--------
38:48
CVE-2025-42957: Active Exploits Target SAP S/4HANA Systems
A newly uncovered critical vulnerability, tracked as CVE-2025-42957, is sending shockwaves through the enterprise technology world. Affecting all SAP S/4HANA deployments, both on-premise and in private cloud environments, this ABAP code injection flaw carries a near-maximum CVSS score of 9.9. What makes it especially dangerous is its low complexity: attackers armed with only low-privileged credentials can remotely inject code and achieve a full system takeover—no user interaction required.Discovered by SecurityBridge and patched by SAP in August 2025, the vulnerability is already being actively exploited in the wild. Attackers have been observed manipulating business data, creating new privileged SAP users, stealing password hashes, and modifying core business processes. In the worst cases, compromised systems could face fraud, espionage, massive data theft, or devastating ransomware attacks capable of halting operations across entire enterprises.SAP systems sit at the heart of global businesses, managing financials, supply chains, HR, and more. A compromise here can not only disrupt operations but also undermine strategic decisions by quietly altering key data. The danger is amplified by the speed with which attackers can reverse-engineer SAP’s patch, making unpatched environments an open door to compromise.Experts stress that applying SAP’s August security notes (3627998 and 3633838) is non-negotiable. Yet patching complex, highly customized ERP landscapes isn’t easy—often requiring rigorous testing before production deployment. In the meantime, organizations must harden their defenses by restricting authorizations, monitoring RFC activity, segmenting networks, and practicing incident response drills.This episode breaks down how CVE-2025-42957 works, why it matters, and what organizations must do now to prevent catastrophic breaches. With SAP systems increasingly interconnected and cloud-driven, this vulnerability is a stark reminder that ERP security must be continuous, holistic, and relentlessly proactive.#SAP #S4HANA #CVE202542957 #ERP #Cybersecurity #Ransomware #DataTheft #EnterpriseSecurity #SecurityBridge #PatchManagement #SAPSecurity #ABAPInjection
--------
32:04
--------
32:04
Fake Job Interviews, Real Hacks: How North Korean Spies Steal Billions in Crypto
North Korean cybercriminals have escalated their social engineering operations, deploying a wave of sophisticated campaigns designed to infiltrate cryptocurrency and decentralized finance (DeFi) organizations. At the center of these operations is the “Contagious Interview” campaign, where hackers impersonate recruiters and trick job seekers into downloading malicious software under the guise of skill assessments or interview tasks. Victims are often lured into copying commands from fabricated error messages, unknowingly executing malware that grants attackers access to sensitive systems.But the threat doesn’t stop there. Hackers are also posing as investment institution employees on platforms like Telegram, exploiting trust and urgency to gain persistent access to financial networks. These operations leverage advanced malware—like InvisibleFerret and BeaverTail—capable of keylogging, remote desktop control, credential theft, and long-term persistence through encrypted channels. Backed by the Lazarus Group and other North Korean units, these cyber campaigns are not random attacks but coordinated efforts to steal billions in digital assets, bypass international sanctions, and fund Pyongyang’s regime.Experts warn that these campaigns are becoming more effective because they target the weakest point in cybersecurity: the human element. With phishing responsible for 68% of reported breaches in 2024, the rise of fake interviews, insider threats, and RMM tool abuse poses a growing danger to the crypto industry and beyond. This episode explores the psychology behind social engineering, the tactics North Korean operatives are using, and the critical defenses organizations and individuals must adopt to stay ahead.#NorthKorea #Cybercrime #ContagiousInterview #SocialEngineering #CryptoHacks #DeFi #Phishing #LazarusGroup #Malware #Cybersecurity
--------
30:21
--------
30:21