Defensive Security Podcast Episode 299

Summary

In this episode of the Defensive Security Podcast, hosts Jerry Bell and Andrew Kalat discuss various cybersecurity topics, including a Disney employee’s mishap with an AI tool that led to a significant hack, vulnerabilities in VMware ESX hypervisors, and a developer’s sabotage of their ex-employer. They also explore the implications of GitHub repository exposure and the growing risks associated with third-party vendors in cybersecurity.

Link to support Andy and Jerry’s work creating the Defensive Security Podcast: https://www.patreon.com/defensivesec

Story links:

• https://www.wsj.com/tech/cybersecurity/disney-employee-ai-tool-hacker-cyberattack-3700c931
• https://doublepulsar.com/use-one-virtual-machine-to-own-them-all-active-exploitation-of-esxicape-0091ccc5bdfc
• https://www.theregister.com/2025/03/08/developer_server_kill_switch/
• https://arstechnica.com/information-technology/2025/02/copilot-exposes-private-github-pages-some-removed-by-microsoft/
• https://www.darkreading.com/cyber-risk/third-party-risk-top-cybersecurity-claims