Tomato, JDownloader, TempPCP, Bad Vibes, Dirty Frag, Giedi Prime, Aaran Leyland... - SWN #580
Get the full intelligence
Search transcripts, export clips, track mentions, and explore all topics from “Tomato, JDownloader, TempPCP, Bad Vibes, Dirty Frag, Giedi Prime, Aaran Leyland... - SWN #580” inside PodZeus.
The Security Weekly News episode 580 delivers a satirical yet urgent warning about the accelerating threat landscape, where even trusted tools like JDownloader and Linux are being weaponized through supply chain attacks. The episode opens with a darkly humorous critique of the internet’s dangers—from ordering synthetic peptides to downloading malicious installers disguised as legitimate software. A major breach of JDownloader distributed malware via compromised Windows and Linux installers, while the 'Temp PCP' group launched a 'mini Shaihalud' campaign targeting popular open-source packages like PyPy and Mistral AI. The show then pivots to the rise of 'vibe coding'—AI-assisted development that's rapidly replacing traditional programming, raising serious security and accountability concerns. A groundbreaking report from Google's threat intelligence group claims the first known AI-generated zero-day exploit, highlighting how LLMs are now crafting sophisticated attacks against two-factor authentication systems. Meanwhile, critical Linux vulnerabilities like 'Copy Fail' and 'Dirty Frag'—both capable of root privilege escalation—have been exploited in the wild, underscoring the urgent need for system patching. The episode culminates in a fiery debate over ransomware payments, as Instructure paid 'Shiny Hunters' after a massive Canvas data breach affecting 275 million users.
JDownloader was compromised between May 6–7, 2026, distributing malicious installers that deployed Python-based RATs—proof that even trusted tools can be weaponized.
The 'Temp PCP' group executed a 'mini Shaihalud' supply chain attack on open-source packages including PyPy, Mistral AI, and OpenSearch, using obfuscated JavaScript to steal credentials.
AI is now creating zero-day exploits in the wild—Google Threat Intelligence reported the first known case of an LLM generating a Python script that exploits two-factor authentication flaws.
Critical Linux vulnerabilities 'Copy Fail' and 'Dirty Frag' allow unprivileged users to escalate to root, with evidence they’ve already been exploited in the wild.
Instructure paid ransom to 'Shiny Hunters' after a breach exposing 275 million users’ data, but such payments may violate OFAC sanctions and expose insurers and financial institutions to legal liability.
…and 3 more takeaways available in PodZeus
The Internet Was a Bad Idea
Doug opens with a satirical critique of the internet’s dangers, questioning whether downloading anything—like orange-eye-changing peptides or durian gum—was ever a good idea, setting the tone for a week of digital peril.
JDownloader Compromised: The Malware Delivery System
“If you did download this installer between the 6th of May and the 7th of May basically you may have gotten one of these too”
Temp PCP’s Mini Shaihalud Campaign
“It profiles your environment, then runs a massive credential stealer, which basically can grab just about anything off your system and it sends them all to file V2 get session dot org”
The Rise of Vibe Coding and AI-Driven Threats
“You're going to have to audit that code because Jim from HR, who vibe coded up a way to access all the account data from home. Yeah. Maybe didn't ask the right questions”
AI Creates First Known Zero-Day Exploit
“A group of prominent cybercrime threat actors used an LLM to create a Python script that could exploit two-factor authentication”
“Paying is not just bad policy. In some payment paths, well, it's potentially a federal crime, end up with a subpoena”
“It profiles your environment, then runs a massive credential stealer, which basically can grab just about anything off your system and it sends them all to file V2 get session dot org”
“You're going to have to audit that code because Jim from HR, who vibe coded up a way to access all the account data from home. Yeah. Maybe didn't ask the right questions”
Host
Guest
Shiny Hunters
other
Instructure
organization
JDownloader
product
Canvas
product
Dune
media
Temp PCP
other
Copy Fail
other
OFAC
organization
FCC
organization
Dirty Frag
other
DexterBot, Darksword, Eviltokens, Tubular Bells, Claude, Drift, Gmail, Josh Marpet... - SWN #569
Security Weekly News (Audio) • 32m • 4/3/2026
Staypuft, Claude, One Pixel, deepfakes, Raccoon, BOFH, Satoshi Nakamoto, Josh Marpet. - SWN #571
Security Weekly News (Audio) • 30m • 4/10/2026
Zuckbot, Rockstar, Klaude, Browsers Galore, Microsoft 365, ATC, Kieran Human and more - Kieran Human - SWN #572
Security Weekly News (Audio) • 36m • 4/14/2026
Dougbot, RedSun, ATHR, Vishing, Cisco, Google, Chrome, Severance, Shor, Josh Marpet.. - SWN #573
Security Weekly News (Audio) • 33m • 4/17/2026
Robosawmill, Gentleman, Vercel, GitHub, Claude, RS232, Josh Marpet, and More... - SWN #574
Security Weekly News (Audio) • 32m • 4/21/2026
Get the full intelligence
Search transcripts, export clips, track mentions, and explore all topics from “Tomato, JDownloader, TempPCP, Bad Vibes, Dirty Frag, Giedi Prime, Aaran Leyland... - SWN #580” inside PodZeus.
Start discovering podcast insights today
Start with a 7-day trial and explore a growing catalog of popular podcasts. No credit card required.
No credit card required • 7-day trial • Cancel anytime