Cyber Bites

* Malicious JetBrains Marketplace Plugins Discovered Stealing AI API Keys from Developers
* A Three-Stage Vulnerability Chain Turning Microsoft 365 Copilot Into a Silent Data Exfiltration Weapon
* The Digital Trove: How a Single Hack Exposed One Man’s Entire Life and Why We’re All Vulnerable
* FIFA Bug in World Cup Streaming Infrastructure Opened Door to Remote Takeover
* Passkeys vs Passwords: Readers Debate Whether a Smartphone PIN Can Really Be Safer Than a Complex Password



This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit edwinkwan.substack.com

* GitHub Announces Sweeping npm Security Overhaul to Combat Supply Chain Attacks
* Anthropic Rolls Out Claude Fable 5 in Limited-Time Free Release Before Usage-Based Pricing Kicks In
* OpenClaw AI Agent Found Vulnerable to Phishing Attacks, Leaking Sensitive User Data
* Apple Introduces Automatic Password Changing Feature for Compromised Credentials



This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit edwinkwan.substack.com

* Anthropic Expands Claude Mythos Preview Access to Australian Organisations Through Project Glasswing
* Cybercriminals Exploit ChatGPT Share Links to Distribute Malware Via Fake Outage Pages
* Google Chrome Bolsters Security With Session Cookie Theft Protection for All Users
* Hackers Exploit Meta’s AI Support Bot to Hijack High-Profile Instagram Accounts
* Critical HTTP/2 Bomb Vulnerability Exposes Major Web Servers to Remote Denial-of-Service Attacks



This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit edwinkwan.substack.com

* npm Introduces Human Approval Gates to Counter Software Supply Chain Attacks
* Anthropic’s AI Model Finds Over Ten Thousand Critical Vulnerabilities in Global Software Infrastructure
* Anthropic’s Restricted Claude Mythos Model Moves Closer to Public Release
* AI Emerges as a Game-Changer in Cyber Defence, Australian Signals Directorate Reports



This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit edwinkwan.substack.com

* Grafana Labs Confirms Ransomware Extortion Following TanStack Supply Chain Breach
* GitHub Confirms Internal Repository Breach After Employee Device Compromise
* Google Accidentally Exposes Details of Unpatched Chromium Vulnerability
* CISA Credentials Exposed in Public GitHub Repository for Six Months Before Takedown
* HackerOne Slashes Bug Bounty Payouts as AI Floods Open-Source Security Programs



This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit edwinkwan.substack.com