Adversarial Podcast Ep. 24 – Global Lumma takedown, Coinbase employee bribed, malicious MCP integrations and NPM packages cover art

Adversarial Podcast Ep. 24 – Global Lumma takedown, Coinbase employee bribed, malicious MCP integrations and NPM packages

Adversarial Podcast Ep. 24 – Global Lumma takedown, Coinbase employee bribed, malicious MCP integrations and NPM packages

Listen for free

View show details

About this listen

00:00 Intro

02:49 Authorities Carry Out Elaborate Global Takedown of Infostealer Heavily Used by Cybercriminals

14:29 Coinbase says hackers bribed staff to steal customer data and are demanding $20 million ransom

26:24 Fake OpenAI MCP Integration

32:25 Malicious npm Packages Infect 3,200+ Cursor Users With Backdoor, Steal Credentials

36:03 Destructive malware available in NPM repo went unnoticed for 2 years

48:10 Sam & Jony introduce io

58:23 Discussion: how risky are local admin rights?

Authorities Carry Out Elaborate Global Takedown of Infostealer Heavily Used by Cybercriminals

In May 2025, an international coalition led by Microsoft, the U.S. Department of Justice, Europol, and Japan's Cybercrime Control Center dismantled the Lumma Stealer malware operation.

https://www.wired.com/story/lumma-stealer-takedown-disrupted/

Coinbase says hackers bribed staff to steal customer data and are demanding $20 million ransom

Hackers bribed overseas Coinbase customer support agents to steal sensitive user data, leading to a breach prompting a $20M ransom, which Coinbase refused, instead offering a $20M bounty for information leading to the attackers' arrest.

https://www.cnbc.com/2025/05/15/coinbase-says-hackers-bribed-staff-to-steal-customer-data-and-are-demanding-20-million-ransom.html

Fake OpenAI MCP Integration

A fake OpenAI MCP integration was found by a security researcher, showing the importance of security in emerging technologies.

https://www.linkedin.com/feed/update/urn:li:activity:7331118878384615424/

Malicious npm Packages Infect 3,200+ Cursor Users With Backdoor, Steal Credentials

Three malicious npm packages targeting macOS users of the AI-powered code editor Cursor have infected over 3,200 developers by harvesting credentials.

https://thehackernews.com/2025/05/malicious-npm-packages-infect-3200.html

Destructive malware available in NPM repo went unnoticed for 2 years

A destructive malware campaign infiltrated the npm ecosystem for over two years, with malicious packages disguised as legitimate tools targeting popular JavaScript frameworks.

https://arstechnica.com/information-technology/2025/05/destructive-malware-available-in-npm-repo-went-unnoticed-for-2-years/

Sam & Jony introduce io

OpenAI has announced the acquisition of Jony Ive's AI hardware startup, io.

https://openai.com/sam-and-jony/

Hosts:

  • Jerry Perullo (Founder, https://adversarial.com/)
  • Sounil Yu (Founder, https://www.knostic.ai/)
  • Mario Duarte (Founder, stealth startup)

Producer: Tillson Galloway (https://tillsongalloway.com)

What listeners say about Adversarial Podcast Ep. 24 – Global Lumma takedown, Coinbase employee bribed, malicious MCP integrations and NPM packages

Average Customer Ratings

Reviews - Please select the tabs below to change the source of reviews.

Audible.com.au reviews

Amazon Reviews
No Reviews are Available
In the spirit of reconciliation, Audible acknowledges the Traditional Custodians of country throughout Australia and their connections to land, sea and community. We pay our respect to their elders past and present and extend that respect to all Aboriginal and Torres Strait Islander peoples today.