Security Now (Audio) SN 1063: Mongo's Too Easy - AI Bug Bounties Gone Wild
47 snips
Feb 4, 2026 Supply-chain updates turning apps into infection vectors and why auto-updates can be dangerous. AI rapidly finding and patching dozens of critical vulnerabilities and the new risks of autonomous code agents. Accidental destructive behavior from AI developer tools and how to survive catastrophic deletions. MongoDB instances left exposed and why low-skill ransom campaigns keep succeeding.
AI Snips
Chapters
Transcript
Episode notes
Notepad++ Update Compromise
- Don Ho's Notepad++ updater was compromised and used to deliver targeted malware to selected users between June and December 2025.
- Steve warns frequent automatic updates increase supply-chain attack opportunities and suggests manual installs for trust-sensitive apps.
Antivirus Update Server Breach
- eScan's update server was breached and delivered a malicious reload.exe, showing antivirus update infrastructure can itself be an infection vector.
- Kaspersky and Morphosec found the implant persisted, blocked updates by modifying hosts, and targeted South Asian machines.
Rethink Third-Party Antivirus
- Avoid installing third-party antivirus on Windows unless you trust it absolutely because AV runs with high privileges and can become a catastrophic single point of failure.
- Steve recommends relying on built-in Windows protections instead of adding extra kernel-level AV products.