Attackers Targeting Code Editors and Critical Infrastructure with Vangelis Stykas & John Tuckner

18/11/2025 42 min Temporada 1 Episodio 16

Listen "Attackers Targeting Code Editors and Critical Infrastructure with Vangelis Stykas & John Tuckner"

Descargar episodio Ver en sitio original

Episode Synopsis

In this episode of Secure Disclosure, Mackenzie Jackson digs into the surge of malicious VS Code extensions with researcher John Tuckner, founder of Secure Annex. We break down how attackers are shifting toward targeting developers themselves, explore real-world malicious extensions like Ransom Vibe and Sleepy Duck, and discuss why marketplaces like Open VSX are struggling to keep malware out.We also cover new research on secret leaks in top AI companies, and in our Leaders & Legends segment, we speak with Vangelis Stykas (CTO & co-founder of Kumio) about the growing vulnerabilities inside global energy infrastructure, OT security gaps, and the rise of AI-powered pentesting.If you want insights on software supply chain risk, AI security, and critical infrastructure threats—this episode is for you.Links:RansomVibe Technical Blog: https://secureannex.com/blog/ransomvibe/SleepyDuck Technical Blog: https://secureannex.com/blog/sleepyduck-malwareWiz Secrets Inside AI top 50 Research: https://www.wiz.io/blog/forbes-ai-50-leaking-secretsChapters 00:00 — Intro01:07 — Malicious VS Code Extensions (with John Tuckner)15:31 — Secrets Leaking in AI Repositories18:55 — Sponsor Segment19:55 — Leaders & Legends: Securing Critical Infrastructure

More episodes of the podcast The Secure Disclosure

Shai Hulud The Second Coming & Malware for Hire: The Secure Disclosure Podcast 09/12/2025

The Accidental Founder: From Open-Source to AI Startup 11/11/2025

Secure Code and AI - Paul McCarty & Sooraj Shah on Securing AI Code 04/11/2025

Episode 13: Malicious VS Code Extensions & The Future of AI Security 29/10/2025

Building, Investing, and the Future of AI: Maarten Mortier on the New Era of Venture Capital 16/10/2025

AI, Code, and Confidence: The Future of Secure Development with Matias Madou 14/10/2025

Digital Identities, Fraud, and the Future of AI with Veriff & Timefold: The Secure Disclosure 06/10/2025

The Largest Breach That Wasn’t: Debug & Chalk + NPM’s Almost-Apocalypse 19/09/2025

Phishing, Zero-Clicks & World Champion Hackers: The Secure Disclosure 14/09/2025

Secrets in the Open: The NX Breach and Cloud Security’s Future - The Secure Disclosure Podcast 05/09/2025

Ver todos los episodios

ZARZA We are Zarza, the prestigious firm behind major projects in information technology.

Attackers Targeting Code Editors and Critical Infrastructure with Vangelis Stykas & John Tuckner

Listen "Attackers Targeting Code Editors and Critical Infrastructure with Vangelis Stykas & John Tuckner"

Episode Synopsis

More episodes of the podcast The Secure Disclosure

White Hat Hacking, Ethical Hackers…

Educational Technology: From traditional to digital

Bandwidth: Broadband or Narrowband?

Personnel recruitment via Web

Deep web or Invisible Internet

Subdomains, a glance with the experts!

Free Internet, a prediction in Nostradamus style

Educational Technology: From traditional to digital

Localhost, there’s no place like 127.0.0.1

Googling with breathtaking tricks you ignore

Gray Hat Hacking, those with ambiguous ethics…

Internet Predators on the prowl

Dot COM: The Internet’s dominant TLD