Zuckbot, Rockstar, Klaude, Browsers Galore, Microsoft 365, ATC, Kieran Human and more - Kieran Human - SWN #572
Get the full intelligence
Search transcripts, export clips, track mentions, and explore all topics from “Zuckbot, Rockstar, Klaude, Browsers Galore, Microsoft 365, ATC, Kieran Human and more - Kieran Human - SWN #572” inside PodZeus.
The Security Weekly News episode 572 dives into a cascade of high-stakes cyber threats, from the massive data wipe at Striker Medical—where attackers allegedly exploited a compromised Microsoft 365 account to erase tens of thousands of machines—to a fake Claude AI site distributing the PlugX malware via a deceptive MSI installer. The episode underscores how attackers now operate in 3D: compromising third-party vendors like Anodot to breach high-profile targets like Rockstar Games, exposing 78.6 million records including in-game economies and support tickets. A stark warning emerges: even with MFA, credentials can be bypassed through email forwarding, SIM swapping, or malicious browser extensions—especially AI-powered ones, which are 60% more likely to contain known CVEs. The show stresses that zero trust isn’t optional; it’s essential. Kieran Heumann from ThreatLocker emphasizes that assuming breach is the foundation of resilience, and that tools like ZTCA (Zero Trust Cloud Access) can block unauthorized logins even from privileged accounts by enforcing device trust. The episode ends with a satirical yet chilling look at Meta’s AI Zuckbot—training an AI avatar of Zuckerberg to replace human leadership—hinting at a future where AI billionaires outlive their creators, and the real danger isn’t just data theft, but the erosion of human oversight in critical systems.
AI browser extensions are 60% more likely to contain known vulnerabilities than non-AI extensions, making them a top attack vector.
Attackers are using 3D attack chains—compromising third parties like Anodot to breach Rockstar Games and Striker Medical.
Even with MFA, attackers can bypass security via email forwarding rules, SIM swapping, or phishing via malicious extensions.
Striker Medical’s breach was likely enabled by a single compromised Microsoft 365 account with no additional controls beyond MFA.
Zero trust must include device-level verification—like ThreatLocker’s ZTCA—to prevent privileged account abuse.
…and 3 more takeaways available in PodZeus
Welcome to Security Weekly News #572
Doug White kicks off the episode with a humorous intro, teasing the week’s topics including Zuckbot, Rockstar breach, fake Claude, and Striker data wipe. He highlights the show’s mission to keep security pros informed with expert analysis.
Rockstar Games Breach via Anodot Compromise
“You need to be thinking in 3D rather than 2D when it comes to your security posture because if MrFooFoo.com is compromised and that allows them to get into HappyTentacle.org which is linked to your customer site, well, we all know what happens then.”
Fake Claude AI Site Delivers PlugX Malware
“It looks like a legitimate MSI fall file that you would download and install so that you could have Claude and turn Claude loose on your local machine, which is terrifying to me, but it basically installs PlugX.”
AI Browser Extensions Are 60% More Vulnerable
“AI extensions had 16.31%... that's about 60% more likely than just all extensions in general to have a CVE already out.”
Microsoft 365 Inbox Rules: The Silent Threat
Attackers abuse mailbox rules to hide, delete, or forward emails—including MFA codes and security alerts—without detection. Proofpoint reports 10% of compromised accounts had malicious rules post-breach.
“AI Zuck has replaced most all of the employees with forked instances of itself and is now talking with itself. And yes, this is how the world ends. Not with a bang, but with AI billionaires run amok.”
“It looks like a legitimate MSI fall file that you would download and install so that you could have Claude and turn Claude loose on your local machine, which is terrifying to me, but it basically installs PlugX.”
“you need a response. And it's not just how do I fix it? It's legal. It's who's going to be... I mean, I'll tell you... I went to all this FEMA training, which sounds really boring. And it was, but it actually helped”
Host
Guest
Kieran Heumann
person
Striker Medical
organization
Doug White
person
Microsoft 365
product
Rockstar Games
organization
ThreatLocker
organization
PlugX
other
Shiny Hunters
organization
Outlook Lite
product
Pine
product
DexterBot, Darksword, Eviltokens, Tubular Bells, Claude, Drift, Gmail, Josh Marpet... - SWN #569
Security Weekly News (Audio) • 32m • 4/3/2026
Staypuft, Claude, One Pixel, deepfakes, Raccoon, BOFH, Satoshi Nakamoto, Josh Marpet. - SWN #571
Security Weekly News (Audio) • 30m • 4/10/2026
Dougbot, RedSun, ATHR, Vishing, Cisco, Google, Chrome, Severance, Shor, Josh Marpet.. - SWN #573
Security Weekly News (Audio) • 33m • 4/17/2026
Robosawmill, Gentleman, Vercel, GitHub, Claude, RS232, Josh Marpet, and More... - SWN #574
Security Weekly News (Audio) • 32m • 4/21/2026
Scylla &Charybdis, Kyber, Trigonia, Namastex, GitHub, Crypto, Cables, Aaran Leyland - SWN #575
Security Weekly News (Audio) • 32m • 4/24/2026
Get the full intelligence
Search transcripts, export clips, track mentions, and explore all topics from “Zuckbot, Rockstar, Klaude, Browsers Galore, Microsoft 365, ATC, Kieran Human and more - Kieran Human - SWN #572” inside PodZeus.
Start discovering podcast insights today
Start with a 7-day trial and explore a growing catalog of popular podcasts. No credit card required.
No credit card required • 7-day trial • Cancel anytime