In this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news, including:

• China has been rummaging in F5’s networks for a couple of years
• Meanwhile China tries to deflect by accusing the NSA of hacking its national timing system
• Salesforce hackers use their stolen data trove to dox NSA, ICE employees
• Crypto stealing, proxy-deploying, blockchain-C2-ing VS Code worm charms us with its chutzpah
• Adam gets humbled by new Linux-capabilities backdoor trick
• Microsoft ignores its own guidance on avoiding BinaryFormatter, gets WSUS owned.

This episode is sponsored by Push Security. Co-founder and Chief Product Officer Jacques Louw joins to talk through how Push traced a LinkedIn phishing campaign targeting CEOs, and the new logging capabilities that proved critical to understanding it.

Show Notes:

Why the F5 Hack Created an ‘Imminent Threat’ for Thousands of Networks | WIRED https://www.wired.com/story/f5-hack-networking-software-big-ip/

Breach at US-based cybersecurity provider F5 blamed on China, sources say | Reuters https://www.reuters.com/technology/breach-us-based-cybersecurity-provider-f5-blamed-china-bloomberg-news-reports-2025-10-16/

Network security devices endanger orgs with ’90s era flaws | CSO Online https://www.csoonline.com/article/4074945/network-security-devices-endanger-orgs-with-90s-era-flaws.html

China claims it caught US attempting cyberattack on national time center | The Record from Recorded Future News https://therecord.media/china-attack-national-time-center

Hackers Dox Hundreds of DHS, ICE, FBI, and DOJ Officials https://www.404media.co/hackers-dox-hundreds-of-dhs-ice-fbi-and-doj-officials/

Hackers Say They Have Personal Data of Thousands of NSA and Other Government Officials https://www.404media.co/hackers-say-they-have-personal-data-of-thousands-of-nsa-and-other-government-officials/

ICE amps up its surveillance powers, targeting immigrants and antifa - The Washington Post https://archive.md/W5u5R#selection-1313.147-1313.674

John Bolton Indictment Provides Interesting Details About Hack of His AOL Account and Extortion Attempt https://www.zetter-zeroday.com/john-bolton-indictment-provides-interesting-details-about-hack-of-his-aol-account-and-extortion-attempt/?ref=zero-day-newsletter

US court orders spyware company NSO to stop targeting WhatsApp, reduces damages | Reuters https://www.reuters.com/sustainability/society-equity/us-court-orders-spyware-company-nso-stop-targeting-whatsapp-reduces-damages-2025-10-18/

Apple alerts exploit developer that his iPhone was targeted with government spyware | TechCrunch https://techcrunch.com/2025/10/21/apple-alerts-exploit-developer-that-his-iphone-was-targeted-with-government-spyware/

A New Attack Lets Hackers Steal 2-Factor Authentication Codes From Android Phones | WIRED https://www.wired.com/story/a-new-attack-lets-hackers-steal-2-factor-authentication-codes-from-android-phones/

GlassWorm: First Self-Propagating Worm Using Invisible Code Hits OpenVSX Marketplace | Koi Blog https://www.koi.ai/blog/glassworm-first-self-propagating-worm-using-invisible-code-hits-openvsx-marketplace

European police bust network selling thousands of phone numbers to scammers | The Record from Recorded Future News https://therecord.media/europe-sim-farms-raided-latvia-austria-estonia

Stephan Berger on X: “We recently took over an APT investigation from another forensic company. While reviewing analysis reports from the other company, we discovered that the attackers had been active in the network for months and had deployed multiple backdoors. One way they could regain root” / X https://x.com/malmoeb/status/1979811891829502271

Linux Capabilities Revisited | dfir.ch https://dfir.ch/posts/linux_capabilities/

CVE-2025-59287 WSUS Remote Code Execution | HawkTrace https://hawktrace.com/blog/CVE-2025-59287

TARmageddon (CVE-2025-62518): RCE Vulnerability Highlights the Challenges of Open Source Abandonware | Edera Blog https://edera.dev/stories/tarmageddon

Browser threat detection & response | Push Security | Push Security https://pushsecurity.com/hunt

How Push stopped a high risk LinkedIn spear-phishing attack https://pushsecurity.com/blog/how-push-stopped-a-high-risk-linkedin-spear-phishing-attack/