Security Weekly Podcast Network (Audio) North Korea, DOJ, APT 28, Anthropic, OpenClaw, Supply Chain, Josh Marpet, and More - SWN #560
Mar 3, 2026
Coverage of North Korea's USB air-gap tactics and an MSHTML exploit used to escape browser context. A deep dive into developer supply chain attacks and exposed API keys. Discussion of OpenClaw agent flaws and a major third-party data exposure. Debate over Anthropic's risk designation and new EU ICT supply chain guidance.
AI Snips
Chapters
Transcript
Episode notes
Air Gap Crossing By Treating USB As A Network
- North Korean APT37 treats removable media as a network layer to move data across air gaps.
- Zed Skiller observed LNK-based decoys, batch files, PowerShell, and shellcode enabling bi-directional persistence and Cloud C2 for exfiltration.
Legacy MSHTML Lets Browser Content Escape To Shell
- APT28 exploited MSHTML hyperlink navigation logic in ieframe.dll to escape browser security boundaries.
- The flaw allowed attacker content to get Windows Shell to act outside expected browser context, leveraging legacy IE components still embedded in Windows.
Steganography In NPM Packages Targets Developer Secrets
- Attackers used 26 malicious NPM packages and steganography to target developers for credential and secret harvesting.
- Socket found character-level stego in Pastebin dead-drops and 31 virtual deployments masking staging infrastructure.