Full Segment Notes
Borg, GitLost, ColdFusion, GodDamn, GhostApproval, OWA, Epaphroditus, Locutus, Josh Marpet, and More on this episode of the Security Weekly News.
Announcements
- Every week there’s another breach tied to an unpatched vulnerability. And with thousands of new CVEs each year, most teams simply can’t keep up.So what actually deserves your attention?Join the Vulnerability Management Virtual Cybersecurity Summit on July 29th to hear how security teams are prioritizing real-world threats, reducing exposure, and staying ahead of exploitation.Security Weekly listeners can register for free at https://securityweekly.com/vulnmanagement using the promo code: CSS26-SW
- CyberRisk TV is proud to be an official media partner of Black Hat USA 2026! We'll be broadcasting live from the Black Hat LIVEWIRE Studio with executive interviews covering the latest cybersecurity trends, emerging threats, new technologies, and the conversations shaping the industry.Our Event Momentum Packages help your message reach security professionals long after the conference ends. Fewer than 10 interview opportunities remain, so visit https://securityweekly.com/exec today and reserve your spot before they're gone.
List of Articles
Doug White
- GitLost Exposes Agentic AI Data Exfiltration Risks
- CISA orders feds to patch max severity ColdFusion flaw by Friday
- ‘GodDamn’ ransomware deploys PoisonX driver to kill EDR
- ‘GhostApproval’ technique leads AI coding tools to alter files outside of sandbox
- Microsoft to switch off OWA Light after nearly two decades
- 15-Year-Old Linux Vulnerability ‘GhostLock’ Earns Researchers $92k From Google
- Why the tech industry wants to take away your screen
- Suspecting AI cheating, Ivy League prof ordered an in-person final; scores fell 50%
Joshua Marpet
- Vulnerability Confusion – GhostApproval
Anthropic initially declined the report as "outside our threat model," then it turned out their fix had already shipped February 5, nine days BEFORE Wiz's report arrived, and they later added explicit symlink warnings in 2.1.32. So "vendor rejected it" and "vendor patched it" are both technically true, and the real story is how messy coordinated disclosure gets when six vendors get the same bug.






