Please consider supporting the DefSec podcast here.

Links to this week’s stories:

• https://thehackernews.com/2026/05/claude-mythos-ai-finds-10000-high.html
• https://www.tenable.com/blog/key-findings-from-the-verizon-dbir-2026
• https://krebsonsecurity.com/2026/05/cisa-admin-leaked-aws-govcloud-keys-on-github/
• https://www.bleepingcomputer.com/news/security/grafana-breach-caused-by-missed-token-rotation-after-tanstack-attack/
• https://www.bleepingcomputer.com/news/security/github-links-repo-breach-to-tanstack-npm-supply-chain-attack/
• https://thehackernews.com/2026/05/npm-adds-2fa-gated-publishing-and.html

Please consider supporting the DefSec podcast here.

Links to this week’s stories:

• https://www.securityweek.com/openai-hit-by-tanstack-supply-chain-attack/
• https://thehackernews.com/2026/05/developer-workstations-are-now-part-of.html
• https://thehackernews.com/2026/05/ivanti-fortinet-sap-vmware-n8n-patch.html
• https://www.theregister.com/cyber-crime/2026/05/14/security-pros-doubt-canvas-attackers-really-deleted-stolen-student-data/5240799

Please consider supporting the DefSec podcast here.

Links to this week’s stories:

• https://www.bleepingcomputer.com/news/security/instructure-reaches-agreement-with-shinyhunters-to-stop-data-leak/
• https://www.theregister.com/security/2026/05/06/1-in-8-workers-say-selling-company-logins-is-justifiable/5231104
• https://www.theregister.com/security/2026/05/02/ai-digs-up-decades-of-code-debt-patch-up/5219734
• https://www.theregister.com/security/2026/05/11/anthropics-bug-hunting-mythos-was-greatest-marketing-stunt-ever-says-curl-creator/5238111
• https://www.securityweek.com/cyber-insurance-data-gives-cisos-new-ammo-for-budget-talks/