One of the most common tips for avoiding online scams is to only shop at reputable retailers. But what happens when those very retailers are turned into social engineering vectors? In this week’s episode of Security Intelligence, host Matt Kosinski and panelists Bryan Clark, Michelle Alvarez and Dave Bales talk about the streaming devices that promise to let you watch all your favorite shows for free—so long as you don’t mind turning your house into a botnet, that is. And to make matters worse, they’re often sold through legitimate online marketplaces.

We also cover:

The Shai-Hulud worm is back and wreaking havoc on the software supply chain
Developers leaking secrets and PII to unsecured, publicly available dev tools
What the Gainsight data breach teaches us about cyberattack timelines
How to jailbreak an AI model with the power of poetry

Chapters:

00:00 – Intro
1:34 - Shai-Hulud returns
10:50 - Developers can’t keep a secret
16:17 - Gainsight data breach hits 200 companies
22:39 - Is your house a botnet?
35:35 - Malicious poems break AI guardrails

The opinions expressed in this podcast are solely those of the participants and do not necessarily reflect the views of IBM or any other organization or entity.

Securing AI in 2026 — Approach for a Trustworthy and Resilient AI Future

Subscribe now on your favorite platform

YouTube

Spotify

Apple Podcasts

Casted

Explore more episodes

The dark web job market thrives, AI fraud rings rise and it’s holiday scam season

Trawling the honeypot: What it’s like to discover a new malware strain

Anthropic stops AI spies, the new OWASP Top 10 and the rise of small-time ransomware

Watch all episodes of Security Intelligence