EPISODE · Aug 23, 2025 · 24 MIN
Legacy Exploits, Poisoned Packages, and Password Hijacks
from You've Already Been Hacked · host Professor CyberRisk
## 🎙️ Hosts- Professor CyberRisk- Cyber Cowboy---## 🌐 Live Cyber Maps- Bitdefender Threat Map: https://threatmap.bitdefender.com/- Check Point Threat Map: https://threatmap.checkpoint.com/- Kaspersky Cyber Threat Map: https://cybermap.kaspersky.com/- Talos Intelligence – ebc_spam Map: https://talosintelligence.com/ebc_spam---## 📢 Episode Information**Title:** _Legacy Exploits, Poisoned Packages, and Password Hijacks**Episode Number:** 3x20---## 🧠 OverviewThis week, Professor CyberRisk and Cyber Cowboy dissect the latest wave of cyber threats—from Russian espionage campaigns targeting unpatched Cisco gear to stealthy clickjacking attacks on password managers. Whether you're an enterprise defender or a solo dev, these stories will make you rethink your patching strategy, supply chain hygiene, and user awareness training.---## 🎤 Guest InformationNone this episode---## 🧵 Topics Covered- Russian state-sponsored exploitation of legacy Cisco vulnerabilities- DOM-based clickjacking targeting browser password managers- Apple’s emergency patch for zero-day CVE-2025-43300- Malicious PyPI packages infiltrating developer environments- AsyncRAT delivered via fake verification prompts---## 🚨 Top Stories**FBI Warns of Russian Espionage via Unpatched Cisco Devices** Summary: Russian group Static Tundra exploits CVE-2018-0171 in Cisco IOS/IOS XE. Why it Matters: Legacy vulnerabilities still pose major risks. What You Should Be Doing: Audit Cisco gear, patch or disable Smart Install, monitor traffic. Cited link: [The Hacker News](https://thehackernews.com/)---## 🧩 Additional Cybersecurity News – Titles and URLs**DOM-Based Clickjacking Targets Password Managers** https://thehackernews.com/**Apple Patches Zero-Day CVE-2025-43300** https://thehackernews.com/**Weaponized PyPI Packages Target Developers** https://cybersecuritynews.com/weekly-cybersecurity-news-recap/**AsyncRAT Delivered via Fake Verification Prompts** https://cybersecuritynews.com/weekly-cybersecurity-news-recap/---## 📚 Resources & LinksNone this episode---## 📣 Call to Action- **Subscribe:** Stay updated on cybersecurity threats.- **Leave a Review:** Let us know what you think.- **Join the Conversation:** Follow our community and ask questions.---## 💼 Sponsor (if applicable)No sponsors this episode---## 🌐 Podcast Socials & Website- Website: https://www.youvealreadybeenhacked.com- X: [@professorcyberrisk](https://twitter.com/professorcyberrisk)- YouTube: https://www.youtube.com/@YABHPodcast- Discord/Community: https://discord.gg/cz3xdsrqAE
What this episode covers
## 🎙️ Hosts- Professor CyberRisk- Cyber Cowboy---## 🌐 Live Cyber Maps- Bitdefender Threat Map: https://threatmap.bitdefender.com/- Check Point Threat Map: https://threatmap.checkpoint.com/- Kaspersky Cyber Threat Map: https://cybermap.kaspersky.com/- Talos Intelligence – ebc_spam Map: https://talosintelligence.com/ebc_spam---## 📢 Episode Information**Title:** _Legacy Exploits, Poisoned Packages, and Password Hijacks**Episode Number:** 3x20---## 🧠 OverviewThis week, Professor CyberRisk and Cyber Cowboy dissect the latest wave of cyber threats—from Russian espionage campaigns targeting unpatched Cisco gear to stealthy clickjacking attacks on password managers. Whether you're an enterprise defender or a solo dev, these stories will make you rethink your patching strategy, supply chain hygiene, and user awareness training.---## 🎤 Guest InformationNone this episode---## 🧵 Topics Covered- Russian state-sponsored exploitation of legacy Cisco vulnerabilities- DOM-based clickjacking targeting browser password managers- Apple’s emergency patch for zero-day CVE-2025-43300- Malicious PyPI packages infiltrating developer environments- AsyncRAT delivered via fake verification prompts---## 🚨 Top Stories**FBI Warns of Russian Espionage via Unpatched Cisco Devices** Summary: Russian group Static Tundra exploits CVE-2018-0171 in Cisco IOS/IOS XE. Why it Matters: Legacy vulnerabilities still pose major risks. What You Should Be Doing: Audit Cisco gear, patch or disable Smart Install, monitor traffic. Cited link: [The Hacker News](https://thehackernews.com/)---## 🧩 Additional Cybersecurity News – Titles and URLs**DOM-Based Clickjacking Targets Password Managers** https://thehackernews.com/**Apple Patches Zero-Day CVE-2025-43300** https://thehackernews.com/**Weaponized PyPI Packages Target Developers** https://cybersecuritynews.com/weekly-cybersecurity-news-recap/**AsyncRAT Delivered via Fake Verification Prompts** https://cybersecuritynews.com/weekly-cybersecurity-news-recap/---## 📚 Resources & LinksNone this episode---## 📣 Call to Action- **Subscribe:** Stay updated on cybersecurity threats.- **Leave a Review:** Let us know what you think.- **Join the Conversation:** Follow our community and ask questions.---## 💼 Sponsor (if applicable)No sponsors this episode---## 🌐 Podcast Socials & Website- Website: https://www.youvealreadybeenhacked.com- X: [@professorcyberrisk](https://twitter.com/professorcyberrisk)- YouTube: https://www.youtube.com/@YABHPodcast- Discord/Community: https://discord.gg/cz3xdsrqAE
NOW PLAYING
Legacy Exploits, Poisoned Packages, and Password Hijacks
No transcript for this episode yet
Similar Episodes
Mar 19, 2026 ·34m
Feb 18, 2026 ·11m
Feb 11, 2026 ·45m
Nov 12, 2025 ·35m
Oct 17, 2025 ·40m