On this week’s show, Patrick Gray, Adam Boileau and James Wilson discuss the week’s cybersecurity news. They cover:

• Those pesky North Koreans shim a backdoor into a 100M-downloads-a-week npm package
• TeamPCP appear to have ransacked Cisco’s source and cloud environments
• AI is getting legitimately good at being told to “just go find some 0day in this”
• Kaspersky says Coruna and Triangulation do share code lineage
• Iranian hackers dump Kash Patel’s gmail spool
• Oh, and of course there’s a Citrix Netscaler memory leak being exploited in the wild

This week’s episode is sponsored by Dropzone AI, who make automated AI SOC analysts. Head honcho Ed Wu explains how they’ve built pre-canned ‘hunt packs’ to lead the AI off into your environment to find weird, interesting and security relevant things.

Show Notes:

Google links axios supply chain attack to North Korean group | The Record from Recorded Future News https://therecord.media/google-links-axios-supply-chain-attack-north-korea

Cisco source code stolen in Trivy-linked dev environment breach https://www.bleepingcomputer.com/news/security/cisco-source-code-stolen-in-trivy-linked-dev-environment-breach/

chiefofautism on X: “someone at ANTHROPIC just showed CLAUDE finding ZERO DAY vulnerabilities in a live conference demo” https://x.com/chiefofautism/status/2037951563931500669

h0mbre on X: “Claude is somehow better at kernel exploitation than creating meal plans.” https://x.com/h0mbre_/status/2037901957499658575

Vulnerability Research Is Cooked — Quarrelsome https://sockpuppet.org/blog/2026/03/30/vulnerability-research-is-cooked/

MAD Bugs: vim vs emacs vs Claude - Calif https://blog.calif.io/p/mad-bugs-vim-vs-emacs-vs-claude

MAD Bugs: Claude Wrote a Full FreeBSD Remote Kernel RCE with Root Shell (CVE-2026-4747) https://blog.calif.io/p/mad-bugs-claude-wrote-a-full-freebsd

A Risky Biz Experiment: Hunting for iOS 0day with AI - Risky Business Media https://risky.biz/RBFEATURES10/

Security leaders say the next two years are going to be ‘insane’ | CyberScoop https://cyberscoop.com/ai-cyberattacks-two-years-insane-vulnerabilities-kevin-mandia-alex-stamos-morgan-adamski-rsac-2026/

Coruna framework: an exploit kit and ties to Operation Triangulation | Securelist https://securelist.com/coruna-framework-updated-operation-triangulation-exploit/119228/

Apple says no one using Lockdown Mode has been hacked with spyware | TechCrunch https://techcrunch.com/2026/03/27/apple-says-no-one-using-lockdown-mode-has-been-hacked-with-spyware/

Reverse engineering Apple’s silent security fixes - Calif https://blog.calif.io/p/reverse-engineering-apples-silent

Jury finds Meta’s platforms are harmful to children in 1st wave of social media addiction lawsuits | PBS News https://www.pbs.org/newshour/nation/jury-finds-metas-platforms-are-harmful-to-children-in-1st-wave-of-social-media-addiction-lawsuits

Meta and YouTube found liable in social media addiction trial https://www.bbc.com/news/articles/c747x7gz249o

Iranian hackers publish emails allegedly stolen from Kash Patel https://www.nbcnews.com/tech/security/iranian-hackers-publish-emails-allegedly-stolen-kash-patel-rcna265490

Iran Us War: ‘Legitimate targets’: Iran issues warning to US tech firms including Google, Amazon, Microsoft, Nvidia - The Times of India https://timesofindia.indiatimes.com/world/middle-east/legitimate-targets-iran-issues-warning-to-us-tech-firms-including-google-amazon-microsoft-nvidia/articleshow/129450749.cms

Drop Site on X: “IRGC: From now on, for every assassination, an American company will be destroyed” https://x.com/DropSiteNews/status/2039011864944771339

OSINTtechnical on X: “Starlink shutdowns are forcing Russian troops even deeper into Ubiquiti’s ecosystem. “ https://x.com/osinttechnical/status/2022357574826578060

Citrix NetScaler products confirmed to be under exploitation | Cybersecurity Dive https://www.cybersecuritydive.com/news/citrix-netscaler-exploitation-vulnerabilities/816097/

CISA tells federal agencies to patch Citrix NetScaler bug by Thursday | The Record from Recorded Future News https://therecord.media/cisa-tells-federal-agencies-to-patch-citrix-netscaler-bug

Using a VPN May Subject You to NSA Spying | WIRED https://www.wired.com/story/using-a-vpn-may-subject-you-to-nsa-spying/

Post reporters called the White House. Their phones showed ‘Epstein Island.’ - The Washington Post https://www.washingtonpost.com/style/power/2026/03/27/white-house-google-database-epstein