Stenobird

Episode

Breaking in with CrashFix, supply chain security, and CMMC phase 1 - Anna Pham, David Zendzian, Jacob Horne - ESW #449

Podcast
Enterprise Security Weekly (Video)
Published
Mar 9, 2026
Duration seconds
5673
Processing state
not_requested
Canonical source
https://eswvideo.libsyn.com/breaking-in-with-crashfix-supply-chain-security-and-cmmc-phase-1-anna-pham-david-zendzian-jacob-horne-esw-449
Audio
https://dts.podtrac.com/redirect.mp3/traffic.libsyn.com/secure/eswvideo/ESW_449_1--0437c7b4-5698-45f0-be11-c1f4a65b5907--sd-converted--41092ca3-b618-40c7-a11b-b9a8d97cfc89.mp4?dest-id=376667
JSON
/v1/public/podcasts/enterprise-security-weekly-video-787162/episodes/breaking-in-with-crashfix-supply-chain-security-and-cmmc-phase-1-anna-pham-david-zendzian-jacob-horne-esw-449
Markdown
/podcast/enterprise-security-weekly-video-787162/breaking-in-with-crashfix-supply-chain-security-and-cmmc-phase-1-anna-pham-david-zendzian-jacob-horne-esw-449.md

Actions

  • POST https://stenobird.com/v1/public/podcasts/enterprise-security-weekly-video-787162/episodes/breaking-in-with-crashfix-supply-chain-security-and-cmmc-phase-1-anna-pham-david-zendzian-jacob-horne-esw-449/transcription-requests
    Idempotently request low-priority transcript generation for this episode.
  • GET https://stenobird.com/podcast/enterprise-security-weekly-video-787162/breaking-in-with-crashfix-supply-chain-security-and-cmmc-phase-1-anna-pham-david-zendzian-jacob-horne-esw-449.md
    Read the agent-friendly Markdown representation of this episode resource.

Summary

Interview with Anna Pham Breaking in with ClickFix: Anatomy of a modern endpoint attack Cybersecurity company Huntress just published a report on a new ClickFix variant they've discovered, which they've dubbed CrashFix. This technique was developed by KongTuke to serve as the primary lure within a new custom malicious browser extension also created by the group. In short, the team observed the threat actors using KongTuke's malicious browser extension to display a fake security warning, claiming the browser had "stopped abnormally" and prompting users to run a "scan" to remediate the threats. Upon "running the scan," the user is presented with a fake "Security issues detected" alert and instructed to manually "fix" the issue by opening the Windows Run dialog, pasting from their clipboard, and pressing Enter. The malicious extension silently copies a PowerShell command to the clipboard, disguised as a legitimate repair command. From there, they execute the malicious command. Segment Resources: BLOG - Dissecting CrashFix: KongTuke's New Toy Interview with David Zendzian Continuous compliance and real security lifecycle management Supply chain attacks are not just on the rise; attackers are learning from the past, making these attacks even more effective and dangerous than before. It was just over a month ago when the Shai-Hulud attack first impacted NPM packages, forcing enterprises around the world into lockdown. While only 187 packages were compromised in that initial incident, it served as a wake-up call for many: an accurate inventory of systems is good, but a clear, real-time Software Bill of Materials (SBOM) for applications is non-negotiable. In this world of manifest based infrastructure and container based applications with (real) "devsecops", the dream of conti…