Attackers Targeting Code Editors and Critical Infrastructure with Vangelis Stykas & John Tuckner

https://is1-ssl.mzstatic.com/image/thumb/Podcasts211/v4/c9/a9/16/c9a9164e-d900-5027-7149-9aba9b1a8dba/mza_5797065989387187777.jpg/600x600bb.jpg

The Secure Disclosure

Mackenzie Jackson

17 episodes

1 week ago

Cyber, Sake, News, Research and more The Disclosure is a weekly cybersecurity podcast that brings the latest in news, research, and leaders into a 45-minute podcast. Hosted by Mackenzie Jackson, we bring new guests each week to share their research and expertise in the space.

Technology

RSS

All content for The Secure Disclosure is the property of Mackenzie Jackson and is served directly from their servers with no modification, redirects, or rehosting. The podcast is not affiliated with or endorsed by Podjoint in any way.

Technology

https://d3t3ozftmdmh3i.cloudfront.net/staging/podcast_uploaded_nologo/44244469/44244469-1755199569666-4c615cb139fa1.jpg

Attackers Targeting Code Editors and Critical Infrastructure with Vangelis Stykas & John Tuckner

The Secure Disclosure

42 minutes 1 second

1 month ago

Attackers Targeting Code Editors and Critical Infrastructure with Vangelis Stykas & John Tuckner

In this episode of Secure Disclosure, Mackenzie Jackson digs into the surge of malicious VS Code extensions with researcher John Tuckner, founder of Secure Annex. We break down how attackers are shifting toward targeting developers themselves, explore real-world malicious extensions like Ransom Vibe and Sleepy Duck, and discuss why marketplaces like Open VSX are struggling to keep malware out.We also cover new research on secret leaks in top AI companies, and in our Leaders & Legends segment, we speak with Vangelis Stykas (CTO & co-founder of Kumio) about the growing vulnerabilities inside global energy infrastructure, OT security gaps, and the rise of AI-powered pentesting.If you want insights on software supply chain risk, AI security, and critical infrastructure threats—this episode is for you.Links:RansomVibe Technical Blog: https://secureannex.com/blog/ransomvibe/SleepyDuck Technical Blog: https://secureannex.com/blog/sleepyduck-malwareWiz Secrets Inside AI top 50 Research: https://www.wiz.io/blog/forbes-ai-50-leaking-secretsChapters 00:00 — Intro01:07 — Malicious VS Code Extensions (with John Tuckner)15:31 — Secrets Leaking in AI Repositories18:55 — Sponsor Segment19:55 — Leaders & Legends: Securing Critical Infrastructure