State of Cybercrime

The Axios supply chain attack proves attackers don’t need vulnerabilities if they can hit the assembly line. By compromising a single npm maintainer account, they were able to slip a trojan into Axios updates that executed automatically inside developer machines and CI/CD pipelines long before security tools could intervene. On this episode of State of Cybercrime, Matt and David examine how the Axios incident marks a shift toward supply chain abuse and what Google’s attribution to a North Korean-linked group reveals about the blurred lines between developer infrastructure, cybercrime, and geopolitics. 

 

Want to join us live? Save a seat here: https://www.varonis.com/state-of-cybercrime
More from Varonis ⬇️
Visit our website: https://www.varonis.com
LinkedIn: https://www.linkedin.com/company/varonis
X/Twitter: https://twitter.com/varonis
Instagram: https://www.instagram.com/varonislife/

ShinyHunters has once again placed Salesforce customers in their crosshairs – this time abusing guest user misconfigurations in public-facing Experience Cloud sites. The group claims to have compromised 400 organizations by pairing these overly-permissive settings with a modified version of the AuraInspector auditing tool to query Salesforce CRM objects without authentication. Join Matt and David for the latest episode of State of Cybercrime as they break down how this campaign fits squarely into the ShinyHunters playbook. They will also explore emerging AI security risks and examine the shifting momentum in the race to define the dominant LLM platform.

Want to join us live? Save a seat here: https://www.varonis.com/state-of-cybercrime
More from Varonis ⬇️
Visit our website: https://www.varonis.com
LinkedIn: https://www.linkedin.com/company/varonis
X/Twitter: https://twitter.com/varonis
Instagram: https://www.instagram.com/varonislife/

OpenClaw – an opensource AI agent dubbed “Claude with hands” – has exploded across GitHub, rocketing from obscurity to 170,000 stars in just two weeks. It’s now the fastest spreading form of shadow IT, with users plugging it into critical environments long before understanding the risks. Combine that with Moltbook, the new social platform where AI agents interact at scale, and you’ve got a volatile new frontier – one where scores of human-controlled agents bury prompt injections in plain sight and create attack surfaces no one has prepared for. In this episode of State of Cybercrime, Matt and David unpack why OpenClaw and Moltbook represent a watershed moment in AI adoption and how easily enthusiasm is outpacing security. They’re joined by Moriah Hara, three-time award-winning Fortune 500 CISO, who brings her seasoned perspective to our new segment: “Voices from the Frontlines.”

Want to join us live? Save a seat here: https://www.varonis.com/state-of-cybercrime
More from Varonis ⬇️
Visit our website: https://www.varonis.com
LinkedIn: https://www.linkedin.com/company/varonis
X/Twitter: https://twitter.com/varonis
Instagram: https://www.instagram.com/varonislife/

React2Shell, the zero-click RCE exploit, is rapidly becoming one of the most significant cybersecurity incidents this year.

From emergency patches causing a massive Cloudflare outage to active exploitation by China and North Korea-linked groups, this flaw may be the next Log4Shell moment for enterprises and developers alike.

Join Matt and David for an episode of State of Cybercrime that breaks down how attackers are weaponizing this vulnerability and what organizations must do to stay safe. They will also dive into the Shai-hulud 2.0 assault on cloud infrastructure as well as the biggest DDoS attack ever recorded.

More from Varonis ⬇️
Visit our website: https://www.varonis.com
LinkedIn: linkedin.com/company/varonis
X/Twitter: x.com/varonis
Instagram: instagram.com/varonislife
Want to join us live? Save a seat here:
https://www.varonis.com/state-of-cybercrime

More from Varonis ⬇️ 

Visit our website: https://www.varonis.com

LinkedIn: https://www.linkedin.com/company/varonis

X/Twitter: https://twitter.com/varonis

Instagram: https://www.instagram.com/varonislife/

A Chinese state-sponsored group weaponized Anthropic’s Claude tool to launch the first large-scale AI-driven espionage campaign, targeting more than 30 organizations across tech, finance, manufacturing, and government.
 
This wasn’t an AI agent merely assisting hackers – it was autonomously performing reconnaissance, exploit development, and data exfiltration.
 
Join Matt and David on the next State of Cybercrime as they break down this game-changing leap for attackers. They will also dive into the latest Citrix and Cisco zero-day exploits and share critical updates on emerging AI regulations.

Want to join us live? Save a seat here: https://www.varonis.com/state-of-cybercrime
More from Varonis ⬇️
Visit our website: https://www.varonis.com
LinkedIn: https://www.linkedin.com/company/varonis
X/Twitter: https://twitter.com/varonis
Instagram: https://www.instagram.com/varonislife/