Scylla &Charybdis, Kyber, Trigonia, Namastex, GitHub, Crypto, Cables, Aaran Leyland - SWN #575
Get the full intelligence
Search transcripts, export clips, track mentions, and explore all topics from “Scylla &Charybdis, Kyber, Trigonia, Namastex, GitHub, Crypto, Cables, Aaran Leyland - SWN #575” inside PodZeus.
The Security Weekly News episode 575 dives into a high-stakes cybersecurity landscape where emerging threats are outpacing defensive capabilities. Doug White highlights a troubling trend: AI adoption in enterprises is accelerating faster than security teams can keep up, leading to a dangerous gap where high-risk AI applications are being deployed without proper remediation—only 15% of practitioners believe their organizations meet remediation SLAs, despite 57% of C-suite executives claiming they do. The episode then shifts to alarming ransomware developments, including Kyber ransomware using post-quantum Kyber 1024 encryption and Trigonia deploying custom, evasive data exfiltration tools that rotate connections every two gigabytes to avoid detection. A major supply chain compromise via the 'Canister Worm' attack exploited NPM package updates to distribute malware through the legitimate publisher of Mastic's Labs, corrupting AI tools like Namastix.ai—demonstrating how trusted open-source libraries can become vectors for widespread infection. Meanwhile, GitHub quietly began collecting pseudo-anonymous telemetry from CLI users without clear opt-out, raising privacy concerns. The episode also warns of fake crypto wallet apps impersonating legitimate ones on the App Store, designed to steal recovery phrases and drain wallets.
AI adoption is outpacing security remediation, with 57% of C-suite executives claiming SLA compliance while only 15% of practitioners agree.
Kyber ransomware now uses post-quantum Kyber 1024 encryption, signaling attackers are preparing for a quantum future.
Trigonia ransomware uses a custom tool called 'uploader_client.exe' that rotates connections every 2GB to evade detection.
The 'Canister Worm' attack compromised NPM packages via stolen publishing access, corrupting AI tools like Namastix.ai through malicious updates.
GitHub silently began collecting CLI user telemetry by default with no clear opt-out, raising privacy red flags.
…and 3 more takeaways available in PodZeus
AI Adoption vs. Security Readiness
“AI enterprise adoption is moving a lot faster than security practices can be developed, tested and implemented. I was like, yeah, you think?”
Kyber & Trigonia Ransomware Evolution
“They're getting out in front of it. Now, Rapid7 provided an analysis of two forks of this back in March. The Windows one was written in Rust and includes a quote, self-described experimental feature.”
Canister Worm Supply Chain Attack
“It got corrupted because there was an update push to that software that you installed and used for two years. And all of a sudden it corrupts, which to me is very, very scary.”
GitHub CLI Telemetry Controversy
GitHub quietly began collecting pseudo-anonymous client-side telemetry from CLI users by default, with no clear opt-out, sparking privacy concerns despite claims of improving AI agent usability.
Fake Crypto Wallet Apps & Scams
Kaspersky reports 26 fake crypto wallet apps impersonating legitimate ones on the App Store, designed to steal recovery phrases and private keys via Trojanized downloads.
“It does not give you a system on its own. What it does is this one's so cool. What it does is it quietly interferes with defenders update path.”
“It got corrupted because there was an update push to that software that you installed and used for two years. And all of a sudden it corrupts, which to me is very, very scary.”
“they're getting out in front of it. Now, Rapid7 provided an analysis of two forks of this back in March. The Windows one was written in Rust and includes a quote, self -described experimental”
Host
Guest
Doug White
person
Microsoft Defender
product
GitHub
organization
Kyber
other
Trigonia
other
App Store
other
Aaron Leyland
person
Canister Worm
other
NPM
other
Kaspersky
organization
DexterBot, Darksword, Eviltokens, Tubular Bells, Claude, Drift, Gmail, Josh Marpet... - SWN #569
Security Weekly News (Audio) • 32m • 4/3/2026
Staypuft, Claude, One Pixel, deepfakes, Raccoon, BOFH, Satoshi Nakamoto, Josh Marpet. - SWN #571
Security Weekly News (Audio) • 30m • 4/10/2026
Zuckbot, Rockstar, Klaude, Browsers Galore, Microsoft 365, ATC, Kieran Human and more - Kieran Human - SWN #572
Security Weekly News (Audio) • 36m • 4/14/2026
Dougbot, RedSun, ATHR, Vishing, Cisco, Google, Chrome, Severance, Shor, Josh Marpet.. - SWN #573
Security Weekly News (Audio) • 33m • 4/17/2026
Robosawmill, Gentleman, Vercel, GitHub, Claude, RS232, Josh Marpet, and More... - SWN #574
Security Weekly News (Audio) • 32m • 4/21/2026
Get the full intelligence
Search transcripts, export clips, track mentions, and explore all topics from “Scylla &Charybdis, Kyber, Trigonia, Namastex, GitHub, Crypto, Cables, Aaran Leyland - SWN #575” inside PodZeus.
Start discovering podcast insights today
Start with a 7-day trial and explore a growing catalog of popular podcasts. No credit card required.
No credit card required • 7-day trial • Cancel anytime