State of Cybercrime

The Axios supply chain attack proves attackers don’t need vulnerabilities if they can hit the assembly line. By compromising a single npm maintainer account, they were able to slip a trojan into Axios updates that executed automatically inside developer machines and CI/CD pipelines long before security tools could intervene. On this episode of State of Cybercrime, Matt and David examine how the Axios incident marks a shift toward supply chain abuse and what Google’s attribution to a North Korean-linked group reveals about the blurred lines between developer infrastructure, cybercrime, and geopolitics. Want to join us live? Save a seat here: https://www.varonis.com/state-of-cybercrimeMore from Varonis ⬇️ Visit our website: https://www.varonis.comLinkedIn: https://www.linkedin.com/company/varonisX/Twitter: https://twitter.com/varonisInstagram: https://www.instagram.com/varonislife/

ShinyHunters has once again placed Salesforce customers in their crosshairs – this time abusing guest user misconfigurations in public-facing Experience Cloud sites. The group claims to have compromised 400 organizations by pairing these overly-permissive settings with a modified version of the AuraInspector auditing tool to query Salesforce CRM objects without authentication. Join Matt and David for the latest episode of State of Cybercrime as they break down how this campaign fits squarely into the ShinyHunters playbook. They will also explore emerging AI security risks and examine the shifting momentum in the race to define the dominant LLM platform. Want to join us live? Save a seat here: https://www.varonis.com/state-of-cybercrimeMore from Varonis ⬇️ Visit our website: https://www.varonis.comLinkedIn: https://www.linkedin.com/company/varonisX/Twitter: https://twitter.com/varonisInstagram: https://www.instagram.com/varonislife/

OpenClaw – an opensource AI agent dubbed “Claude with hands” – has exploded across GitHub, rocketing from obscurity to 170,000 stars in just two weeks. It’s now the fastest spreading form of shadow IT, with users plugging it into critical environments long before understanding the risks. Combine that with Moltbook, the new social platform where AI agents interact at scale, and you’ve got a volatile new frontier – one where scores of human-controlled agents bury prompt injections in plain sight and create attack surfaces no one has prepared for. In this episode of State of Cybercrime, Matt and David unpack why OpenClaw and Moltbook represent a watershed moment in AI adoption and how easily enthusiasm is outpacing security. They’re joined by Moriah Hara, three-time award-winning Fortune 500 CISO, who brings her seasoned perspective to our new segment: “Voices from the Frontlines.” Want to join us live? Save a seat here: https://www.varonis.com/state-of-cybercrimeMore from Varonis ⬇️ Visit our website: https://www.varonis.comLinkedIn: https://www.linkedin.com/company/varonisX/Twitter: https://twitter.com/varonisInstagram: https://www.instagram.com/varonislife/

React2Shell, the zero-click RCE exploit, is rapidly becoming one of the most significant cybersecurity incidents this year. From emergency patches causing a massive Cloudflare outage to active exploitation by China and North Korea-linked groups, this flaw may be the next Log4Shell moment for enterprises and developers alike. Join Matt and David for an episode of State of Cybercrime that breaks down how attackers are weaponizing this vulnerability and what organizations must do to stay safe. They will also dive into the Shai-hulud 2.0 assault on cloud infrastructure as well as the biggest DDoS attack ever recorded. More from Varonis ⬇️ Visit our website: https://www.varonis.com LinkedIn: linkedin.com/company/varonis X/Twitter: x.com/varonis Instagram: instagram.com/varonislife Want to join us live? Save a seat here: https://www.varonis.com/state-of-cybercrime More from Varonis ⬇️ Visit our website: https://www.varonis.com LinkedIn: https://www.linkedin.com/company/varonis X/Twitter: https://twitter.com/varonis Instagram: https://www.instagram.com/varonislife/

A Chinese state-sponsored group weaponized Anthropic’s Claude tool to launch the first large-scale AI-driven espionage campaign, targeting more than 30 organizations across tech, finance, manufacturing, and government. This wasn’t an AI agent merely assisting hackers – it was autonomously performing reconnaissance, exploit development, and data exfiltration. Join Matt and David on the next State of Cybercrime as they break down this game-changing leap for attackers. They will also dive into the latest Citrix and Cisco zero-day exploits and share critical updates on emerging AI regulations. Want to join us live? Save a seat here: https://www.varonis.com/state-of-cybercrimeMore from Varonis ⬇️ Visit our website: https://www.varonis.comLinkedIn: https://www.linkedin.com/company/varonisX/Twitter: https://twitter.com/varonisInstagram: https://www.instagram.com/varonislife/

More from Varonis ⬇️ Visit our website: https://www.varonis.com LinkedIn: linkedin.com/company/varonis X/Twitter: x.com/varonis Instagram: instagram.com/varonislife Want to join us live? Save a seat here: https://www.varonis.com/state-of-cybercrimeMore from Varonis ⬇️ Visit our website: https://www.varonis.comLinkedIn: https://www.linkedin.com/company/varonisX/Twitter: https://twitter.com/varonisInstagram: https://www.instagram.com/varonislife/

This month marked the discovery of one of the largest NPM compromises in history. Though AI-assisted social engineering, a profilic developer dubbed Qix was phished. His account was then maliciously used to publish poisoned packages, many of which were used to manipulate crypto transactions. Thankfully, it was detected before too many users downloaded these packages, but it highlights how vulnerable we can be if these upstream components get compromised. In this special State of Cybercrime episode, Matt and David break down this NPM compromise, and cover everything else new in the world of cybercrime. Want to join us live? Save a seat here: https://www.varonis.com/state-of-cybercrimeMore from Varonis ⬇️ Visit our website: https://www.varonis.comLinkedIn: https://www.linkedin.com/company/varonisX/Twitter: https://twitter.com/varonisInstagram: https://www.instagram.com/varonislife/

One phone call was all it took for ShinyHunters to breach some of the world's biggest brands. By exploiting Salesforce to infiltrate Google, Cisco, and many others, this group has shown just how vulnerable organizations can be when well-known SaaS platforms become the attack vector. In this special State of Cybercrime episode, Matt and David break down how ShinyHunters pulled off one of the largest CRM–focused attacks of the year without exploiting a single software vulnerability. Want to join us live? Save a seat here: https://www.varonis.com/state-of-cybercrimeMore from Varonis ⬇️ Visit our website: https://www.varonis.comLinkedIn: https://www.linkedin.com/company/varonisX/Twitter: https://twitter.com/varonisInstagram: https://www.instagram.com/varonislife/

After their hidden breach of the National Guard, the cybercrime group was discovered to have targeted a major telecommunications firm named Visat. After their hidden breach of the National Guard, the cybercrime group was found to have attacked a large telecommunications company called Visat. The interesting part—these attacks are not disruptive; Salt Typhoon merely gathers information, hoards credentials and finds vulnerabilities. Because of their stealthy nature, these attacks are only detected after the attackers have already left. To what aim remains to be seen. Matt and David dive into these attacks, and talk about what else is happening in the world of cybercrime. Want to join us live? Save a seat here: https://www.varonis.com/state-of-cybercrimeMore from Varonis ⬇️ Visit our website: https://www.varonis.comLinkedIn: https://www.linkedin.com/company/varonisX/Twitter: https://twitter.com/varonisInstagram: https://www.instagram.com/varonislife/

In this episode, Matt and David explore a recently patched Copilot vulnerability that allowed attackers to craft emails that prompted Copilot to send sensitive information to an attacker's server. This prompt injection attack begs the question: What other vulnerabilities will AI bring to data? They also follow up with Scattered Spider & Dragonforce's continued assault on UK Retail and how their tactics are beginning to spread to insurance organizations. Want to join us live? Save a seat here: https://www.varonis.com/state-of-cybercrimeMore from Varonis ⬇️ Visit our website: https://www.varonis.comLinkedIn: https://www.linkedin.com/company/varonisX/Twitter: https://twitter.com/varonisInstagram: https://www.instagram.com/varonislife/

Several high-profile UK retailers have suffered serious cyberattacks that have disrupted operations for weeks and, in some cases, exposed sensitive customer data. The social engineering techniques used in the attack align with the notorious Scattered Spider group, but a new ransomware group named Dragonforce has claimed responsibility. Matt and David delve into the details of these attacks, what we know about these cybercriminal groups, and whether they are affiliated. They also cover the Coinbase breach — a calculated, high-stakes extortion scheme where hackers bribed overseas contractors to steal sensitive user data and demand a $20 million ransom. Watch now! Want to join us live? Save a seat here: https://www.varonis.com/state-of-cybercrimeMore from Varonis ⬇️ Visit our website: https://www.varonis.comLinkedIn: https://www.linkedin.com/company/varonisX/Twitter: https://twitter.com/varonisInstagram: https://www.instagram.com/varonislife/

📌 We apologize for the technical issues experienced while filming this episode. Now onto the episode details: Oracle recently faced a major security scare after a hacker claimed to have stolen 6 million data records — a breach that has everyone talking. After initially denying the breach, Oracle is now saying their Oracle Cloud Infrastructure has not been compromised, but the exposed data came from old legacy servers. Join Matt and David, along with special guest Joseph Avanzato from Varonis Threat Labs, as they explore the hacker's claims, Oracle's response, and the broader lessons about cloud security and incident management.As always, our hosts will update you on the latest cybersecurity news and share tips on protecting your digital assets. Want to join us live? Save a seat here: https://www.varonis.com/state-of-cybercrimeMore from Varonis ⬇️ Visit our website: https://www.varonis.comLinkedIn: https://www.linkedin.com/company/varonisX/Twitter: https://twitter.com/varonisInstagram: https://www.instagram.com/varonislife/

The Bybit crypto exchange was hacked for a record-breaking $1.5 billion theft of Ether cryptocurrency – perhaps the largest scale theft of all time. The FBI has linked the attack to TraderTraitor, a sub-cluster of the Lazarus Group, who leveraged a compromised machine of Safe{Wallet} to execute a supply chain attack on the Bybit platform. Matt and David review how this attack unfolded, and share updates on DeepSeek AI and Salt Typhoon. Listen now! Want to join us live? Save a seat here: https://www.varonis.com/state-of-cybercrimeMore from Varonis ⬇️ Visit our website: https://www.varonis.comLinkedIn: https://www.linkedin.com/company/varonisX/Twitter: https://twitter.com/varonisInstagram: https://www.instagram.com/varonislife/

DeepSeek, the Chinese AI startup dominating news feeds, has experienced exponential growth while wiping almost $1 trillion off the U.S. stock market. However, the model's rise has now been overshadowed by a surge of malicious attacks. On this special episode of State of Cybercrime, Matt and David explore the rise of this innovative AI tool, the subsequent attacks, and the potential vulnerabilities of the AI model. DeepSeek won’t be the last shadow AI app you have to worry about.So what steps can you take to ensure you can discover and stop shadow AI apps from inhaling your corporate secrets? Read our latest blog for more insights and immediate actions you can take to protect your organization from shadow AI. 📌 DeepSeek Discovery: How to Find and Stop Shadow AI: https://www.varonis.com/blog/deepseek Want to join us live? Save a seat here: https://www.varonis.com/state-of-cybercrimeMore from Varonis ⬇️ Visit our website: https://www.varonis.comLinkedIn: https://www.linkedin.com/company/varonisX/Twitter: https://twitter.com/varonisInstagram: https://www.instagram.com/varonislife/

On this episode of State of Cybercrime, Matt and David cover the most recent Chinese state-sponsored APT attack by Silk Typhoon on the U.S. Treasury Department. They discuss how the attackers used a remote support tool to enable unauthorized access to Treasury workstations and unclassified documents. They also dive into some of the most pressing cybersecurity news and recent breaches you should know about. Want to join us live? Save a seat here: https://www.varonis.com/state-of-cybercrimeMore from Varonis ⬇️ Visit our website: https://www.varonis.comLinkedIn: https://www.linkedin.com/company/varonisX/Twitter: https://twitter.com/varonisInstagram: https://www.instagram.com/varonislife/

In this episode, Matt and David delve into the evolving story of Salt Typhoon, a Chinese state-sponsored group, and their use of the innovative 'GhostSpider' backdoor to infiltrate telecommunication service providers. This sophisticated and far-reaching cyberattack, which is much larger than previously understood, has compromised sensitive cellular logs and data from government entities, telecom providers, and millions of Americans. Don’t miss this opportunity to stay informed and keep your organization safe! Want to join us live? Save a seat here: https://www.varonis.com/state-of-cybercrimeMore from Varonis ⬇️ Visit our website: https://www.varonis.comLinkedIn: https://www.linkedin.com/company/varonisX/Twitter: https://twitter.com/varonisInstagram: https://www.instagram.com/varonislife/

Russia's APT29, a.k.a "Midnight Blizzard," is arguably one of the world's most notorious threat actors. You might recall their involvement in the 2019 SolarWinds attack where they operated under the alias "Cozy Bear."The group is back with more relentless attacks—breaching cloud credentials and targeting over 100 organizations worldwide.In this episode of State of Cybercrime, Matt and David dive into some of the hottest cybersecurity news and recent breaches, including Midnight Blizzard. Discover how these sophisticated attacks are happening and what you can do to stay a step ahead. Want to join us live? Save a seat here: https://www.varonis.com/state-of-cybercrimeMore from Varonis ⬇️ Visit our website: https://www.varonis.comLinkedIn: https://www.linkedin.com/company/varonisX/Twitter: https://twitter.com/varonisInstagram: https://www.instagram.com/varonislife/

Hosts Matt Radolec and David Gibson explain how cybercriminals are manipulating AI models like ChatGPT to plant false memories and steal data, along with other cybercrime-related stories like Salt Typhoon. Salt Typhoon is a Chinese hacking group that has reportedly breached multiple key U.S. broadband providers, raising significant concerns about the security of sensitive communications data. The hackers may have had access to these networks for months, raising significant concerns about the security of sensitive communications data. More from Varonis ⬇️ Visit our website: https://www.varonis.com LinkedIn: https://www.linkedin.com/company/varonis X/Twitter: https://twitter.com/varonis Instagram: https://www.instagram.com/varonislife/ #Cybercrime #DataSecurity Want to join us live? Save a seat here: https://www.varonis.com/state-of-cybercrimeMore from Varonis ⬇️ Visit our website: https://www.varonis.comLinkedIn: https://www.linkedin.com/company/varonisX/Twitter: https://twitter.com/varonisInstagram: https://www.instagram.com/varonislife/

The North Korean Lazarus group is running multiple high-risk campaigns: one exploiting Windows and another installing malware through fraudulent blockchain job offers. State of Cybercrime hosts Matt Radolec and David Gibson discuss the various APT groups, including a prolific ransomware-as-a-service operation and a Chinese cyber espionage gang known as Volt Typhoon, and other vulnerable vulnerabilities in this episode, including: + Lazarus FudModule rootkit attacks and the concurrent Eager Crypto Beavers campaign + RansomHub attacks on Halliburton, Change Healthcare, and hundreds more + Large-scale extortion of AWS environments through exposed ENV files + Hundreds of exposed servers from Volt Typhoon’s ISP targeting + Payment gateway breach of over 1.7 million credit card owners Want to join us live? Save a seat here: https://www.varonis.com/state-of-cybercrimeMore from Varonis ⬇️ Visit our website: https://www.varonis.comLinkedIn: https://www.linkedin.com/company/varonisX/Twitter: https://twitter.com/varonisInstagram: https://www.instagram.com/varonislife/