00:00 Intro

03:10 NPM supply chain attack leaves attackers empty handed

24:44 Why is Atlassian buying a browser company?

37:20 Apple's new Memory Integrity Enforcement

52:56 Salesloft breach leads to downstream hacks

Hackers left empty-handed after massive NPM supply-chain attack

Hackers briefly compromised popular NPM packages like chalk and debug-js, infecting ~10% of cloud environments, but despite the massive supply-chain reach they only netted about $600 in stolen cryptocurrency.

https://www.bleepingcomputer.com/news/security/hackers-left-empty-handed-after-massive-npm-supply-chain-attack/

Why is Atlassian Buying a Browser Company?

Atlassian is buying The Browser Company (makers of Arc and Dia) for $610M to gain control of the browser channel, secure its AI agent (Rovo) distribution, and enter the emerging “enterprise browser” market, even though success is uncertain against Google and Microsoft.

https://nextword.substack.com/p/why-is-atlassian-buying-a-browser

Memory Integrity Enforcement: A complete vision for memory safety in Apple devices

Apple’s new Memory Integrity Enforcement (MIE) brings always-on hardware-software memory safety to iPhone 17, making advanced spyware exploits far harder.

https://security.apple.com/blog/memory-integrity-enforcement/

Salesloft breached to steal OAuth tokens for Salesforce data-theft attacks

Hackers exploited Salesloft’s Drift–Salesforce integration to steal OAuth tokens and exfiltrate sensitive Salesforce data, tracked as UNC6395.

https://www.bleepingcomputer.com/news/security/salesloft-breached-to-steal-oauth-tokens-for-salesforce-data-theft-attacks/

Hosts:

Jerry Perullo (Founder, https://adversarial.com/)

Sounil Yu (Founder, https://www.knostic.ai/)

Mario Duarte (Founder, stealth startup)

Producer: Tillson Galloway (https://tillsongalloway.com)