Podcast Detail

SANS Stormcast Wednesday, September 17th, 2025: Phishing Resistants; More npm Attacks; ChatGPT MCP abuse

If you are not able to play the podcast using the player below: Use this direct link to the audio file: https://traffic.libsyn.com/securitypodcast/9616.mp3

previous
Podcast Logo
Phishing Resistants; More npm Attacks; ChatGPT MCP abuse
00:00

Why You Need Phishing-Resistant Authentication NOW.
The recent compromise of a number of high-profile npmjs.com accounts has yet again shown how dangerous a “simple” phishing email can be.
https://isc.sans.edu/diary/Why%20You%20Need%20Phishing%20Resistant%20Authentication%20NOW./32290

S1ngularity/nx Attackers Strike Again
A second wave of attacks has hit over a hundred npm-related GitHub repositories. The updated payload implements a worm that propagates itself to other repositories.
https://www.aikido.dev/blog/s1ngularity-nx-attackers-strike-again

ChatGPT’s Calendar Integration Can Be Exploited to Steal Emails
ChatGPT’s new MCP integration can be used, via prompt injection, to affect software connected to ChatGPT via MCP.
https://www.linkedin.com/posts/eito-miyamura-157305121_we-got-chatgpt-to-leak-your-private-email-activity-7372306174253256704-xoX1/

no transcript found