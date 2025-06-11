Imagine waking up to find that your trusted code library used by developers everywhere has turned into a malicious gremlin, quietly unlocking backdoors and phoning home to someone you definitely didn’t invite to the party. Or picture 40,000 live camera feeds from hospitals, homes, and office break rooms now on tap for anyone with a bit of search-fu.

Welcome to this week’s wild ride through the threatscape.

If you haven't listened to the latest Security Weekly News podcast yet

Doug White and Josh Marpet dive headfirst into the mess. From nation-state shenanigans to AI writing code with all the security savvy of a drunken raccoon, this episode covers the full spectrum.

Case in point: the NPM disaster . Akita Security flagged 17 of 20 GlueStack packages as compromised. The payload? A remote access Trojan wrapped in so much obfuscation it might as well have been written by a drunk linguist on a bender. Doug lays it out: “They used more than half a dozen layers of obfuscation... it was like a baker’s dozen of malware tricks.” Think Japanese Unicode variables, base64, steganography—hell, they practically sent a carrier pigeon with a cipher wheel.

And then there’s the fake API tools. Packages like express-api-sync that claim to sync databases but actually wait quietly for a command to wipe out everything like it’s digital Thanos. Uploaded by users with names like “bot sailor”—which, if nothing else, sounds like a rejected Mega Man villain.

How security researchers accessed 40,000 IoT camera feeds, and why DHS is warning that your webcam might now be a spy. The Roundcube RCE flaw putting over 84,000 webmail servers at risk—and why patching might be worth the CEO’s wrath. A peek into IBM’s quantum future with Project Starling, where 200 qubits hum along in modular, error-corrected harmony. UK regulators playing hardball with 4chan under the new Online Safety Act—and what happens when global jurisdiction meets troll central.

Doug and Josh go deep—dissecting not just the what, but the why and the what-next.

