In this episode of Secure Disclosure, host Mackenzie Jackson takes you on a journey through the evolving world of cyber threats and the people on the frontlines. We kick things off with a deep dive into phishing attacks with Jacques Louw and the surprising ways they continue to outsmart defenses in 2025. Then, we unravel the story of a dangerous WhatsApp zero-click vulnerability that, when paired with an Apple iOS flaw, gave attackers full control of victims’ devices, all without a single tap.We also take a lighter turn at the Cyber Sake Bar, where we sit down with the world’s number one competitive hacker, Philippe Dourassov, to talk about the thrill of international hacking competitions, how he accidentally hacked Discord, and why he’s now building his own startup. Along the way, we highlight the crucial role of defense, the impact of AI on modern attacks, and even taste test Japanese vs Californian sake.LinksPush Security Phishing Report - https://pushsecurity.com/resources/phishing-evolutionWhatsApp Vulnerability - https://www.bitdefender.com/en-us/blog/hotforsecurity/whatsapp-zero-click-spyware-attack-android⏱️ Chapters00:00 Intro – Welcome & Overview01:32 The Evolution of Phishing Attacks- Jacques Louw Push Security 21:31 WhatsApp Segment – Zero-Click Vulnerability Deep Dive26:18 Sponsor Segment – Aikido Security Spotlight27:01 Sake Segment – Philippe Dourassov on Competitive Hacking

In this episode of Secure Disclosure, host Mackenzie Jackson unpacks the NX breach with malware researcher Charlie Ericson and GitGuardian’s Guillaume Valadon, revealing how stolen tokens exposed thousands of secrets on GitHub. Analyst James Berthoty then offers an exclusive preview of Lacio Tech’s Cloud Security Report, cutting through the AI hype to highlight real trends. Finally, Ashish Rajan joins the Cyber & Saki segment to share his vision for the future of cloud security.00:00 – Introduction01:15 – The NX Breach Explained06:25 – Secrets in Public Repos20:47 – Cloud Security Report Sneak Peek with James Berthoty36:25 – Cyber & Saki with Ashish Rajan

In this episode of The Secure Disclosure, host Mackenzie Jackson is joined by Darktrace VP Nathaniel Jones to unpack the newly discovered AutoColor malware exploiting SAP NetWeaver vulnerabilities. We also cover the WinRAR zero-day actively exploited by RomCom APT and wrap up with an unforgettable interview with Len No, a real cyborg hacker with 11 implants who demonstrates what’s possible when the human body meets hacking.

Timestamps & Chapters:

00:00 – Intro

01:07 – AutoColor used in SAP NetWeaver Vuln

18:39 – Sponsor: Aikido Security

19:25 – WinRAR Zero-Day

23:30 – Interview with Len Noe

In this episode, we bring you insights from Black Hat and DEF CON 2025. We start with a breakdown of Erlang OTP CVE-2025-32433, a critical remote code execution flaw scoring a perfect 10, and why it’s being exploited in real-world infrastructure.Next, we sit down with Dustin Lehr, author of the Security Champions Program Success Guide, to discuss how to build effective security champion programs inside organizations — from finding the right people to measuring success.Finally, at the Cyber Sake Bar, we chat with Steve Giguere from Lera about the growing field of AI security. We explore risks like prompt injection, agentic AI systems, and what securing AI models really means for modern applications.Perfect for anyone interested in cybersecurity, secure development, and the future of AI security.00:00 – Intro & Hacker Summer Camp Recap01:22 – Critical Vulnerability: Erlang OTP CVE-2025-3243307:04 – Interview with Dustin Lehr: Building Security Champions29:00 – Sponsor Segment: Aikido Security & Safechain29:45 – Cyber and Sake with Steve Giguere: Securing AI Models44:09 – Prompt Injections, Agentic AI & Closing Thoughts

In this episode of Disclosure, Mackenzie Jackson takes listeners deep into the fast-evolving—and increasingly risky—world of AI-assisted coding. First, security researcher Wout Debaenst exposes a massive vulnerability in Base44’s AI coding platform that made private applications accessible to anyone with minimal effort, highlighting how “vibe coding” can create the next wave of supply chain attacks.Next, malware researcher Charlie Ericson returns to reveal a fresh PyPI phishing campaign eerily similar to last week’s npm compromise, underscoring the fragility of our open-source ecosystems.Finally, Mackenzie heads to the Cyber Sake Bar for a candid conversation with Khachatur Virabyan, co-founder of Trag, exploring how AI can change code quality. Along the way, they sip sake, swap war stories, and debate the future of software development in the age of AI.00:00 - Introduction1:19 - Base44 Breach & The Risks of AI Coding Platforms 09:24 - PyPI Phishing Campaign and Open Source Security Gaps 17:08 - AI-Assisted Code Quality with Trag 34:02 - Cybersecurity “Would You Rather” and Closing

In this episode, we talk to Visha Bernard, Chief Hacker at Eye Security, about the catastrophic SharePoint vulnerability that was exploited by suspected nation-state actors.We cover how Eye Security’s team discovered the exploit, the flawed patching timeline from Microsoft, how Google Gemini was used to find a bypass, and what organizations must do now to secure their SharePoint servers.From government targets to AI-assisted exploitation, this is a deep dive into one of the most severe security incidents of the year.Chapters00:00 Introduction to the SharePoint Vulnerability01:00 Eye Security's Initial Discovery03:30 Uncovering the Zero-Day Exploit05:30 Internet-Wide Scanning and Findings07:00 Patch Analysis and Flaws10:00 Emergency Fix and Security Research12:00 Threat Actor Attribution13:20 Advice for Organizations and Closing Remarks

This week, we're exposing the untold truths behind major headlines:McDonald's Data BreachOver 60 million job applicants’ data compromised via Paradox.ai’s AI chatbot "Olivia." But was it just a weak password — or something far worse? We break it down and challenge the media’s misleading narrative.XAI Secret Key LeakResearcher Philippe Katrigeli joins us to reveal how a Doge/X developer accidentally leaked powerful internal API keys — and what that meant for access to Tesla and SpaceX LLMs. We talk entropy, GitHub mistakes, and the dangers of hardcoded secrets.Sources: https://krebsonsecurity.com/2025/05/xai-dev-leaks-api-key-for-private-spacex-tesla-llms/600 Laravel Apps Vulnerable to RCESecurity researcher Rémy Matas walks us through how 260,000 leaked Laravel app keys were matched with live endpoints, resulting in 600+ apps being exposed to remote code execution. They even built a tool for it: Laravel CryptoKiller.Sources: https://www.synacktiv.com/en/publications/laravel-appkey-leakage-analysishttps://blog.gitguardian.com/exploiting-public-app_key-leaks/🍶 AI Pentesting & The Future of HackingIn our signature “Sake with a Hacker” segment, we sip with Walt DeBond of Allseek to discuss how agentic AI is poised to revolutionize penetration testing, and whether AI will replace human hackers in the next five years.Chapters:0:00 - Introduction 0:54 - McDonalds Breach 3:28 - Xai API Key Leak14:02 - 600 Laravel APP_KEY Leaks 26:10 - Cyber And Sake with Wout Debaenst