Exposed: Bank Leak, Copilot Zero-Click, AI Agent Hijacks, Stryker Wipe & Josh Marpet - SWN #563

This episode is all about trust getting abused at scale.

We start with Chinese-nexus operators pivoting fast onto Qatar using conflict lures and familiar tradecraft.

Then we hit banking, because they deserve it: Lloyds, Halifax, and Bank of Scotland customers seeing other people's transactions in-app, a straight confidentiality failure, not "someone hacked my phone".

From there it's the Middle East conflict exposing what "cloud resilience" really means when the problem isn't cyber, it's physical disruption and dependency chains. Then Meta's takedown of 150,000 scam-linked accounts shows the fraud supply chain is still running hot, and the platforms are now part of the battleground whether they like it or not.

The Microsoft story is the one to watch: a critical Excel bug that turns Copilot Agent into a zero-click data leak path. And the AI agent theme keeps going with Context7: attackers slipping instructions into "helpful" context and getting agents to do dumb, destructive things on their behalf.

We finish with Stryker having the worst day with a major outage, disputed claims, and a reminder that if your management plane gets hit, you can lose the whole estate fast. Look at Intune.

No hype. Just the stuff that actually breaks systems, me talking too fast, which to be honest 'slow' is why I turn most podcasts off.

Show Notes: https://securityweekly.com/swn-563