Cyber Security Today

A serious new Windows 11 BitLocker vulnerability, open-sourced offensive malware tools, a suspected Iranian cyber campaign targeting U.S. fuel infrastructure, and malware that appears designed to interfere with nuclear weapons simulation systems.  Cybersecurity Today would like to thank Material Security for sponsoring this podcast. Material Security provides faster, more complete detection and response for email, identity, and data threats inside Google Workspace and Microsoft 365. You can contact them at material[dot]security. David Shipley breaks down four major cybersecurity stories on Cybersecurity Today. First, a newly disclosed zero-day dubbed YellowKey reportedly defeats default Windows 11 BitLocker protection on systems using TPM-only encryption, giving attackers with physical access a path to unencrypted data through the Windows Recovery Environment. Microsoft is investigating, while security experts are urging stronger BitLocker configurations. The episode also examines the TeamPCP threat group's decision to release offensive tooling publicly, dramatically lowering the barrier for copycat supply-chain attacks. Researchers have already spotted malicious NPM packages borrowing similar techniques, including persistence mechanisms aimed at developer environments such as Visual Studio Code and Claude Code. David also looks at disturbing analysis of the FAST16 malware, which researchers believe was engineered to tamper with nuclear weapons simulation software including LS-DYNA and AutoDyn. And finally, U.S. officials reportedly suspect Iranian actors in cyberattacks targeting internet-exposed gas station automatic tank gauge systems, a reminder that weak operational technology security can quickly become a real-world infrastructure problem. 00:00 Sponsor Message 00:24 Headlines Overview 00:50 BitLocker Zero Day 03:32 TeamPCP Tools Leak 06:13 Copycat NPM Malware 06:50 Fast16 Nuclear Sabotage 08:37 Iran Gas Station Hacks 10:28 Hardening Critical Infrastructure 11:16 Wrap Up And Events 11:59 Sponsor Deep Dive #Cybersecurity #Windows11 #BitLocker #ZeroDay #TeamPCP #IranCyberAttack #SupplyChainAttack #CriticalInfrastructure #CyberSecurityToday

A dangerous new Microsoft Exchange zero-day is being actively exploited, ransomware gangs are adopting nation-state-style tactics, two fired contractors were caught deleting U.S. government databases after accidentally recording themselves on Microsoft Teams, and Fortinet has patched critical remote code execution flaws. In this episode of Cybersecurity Today, David Shipley breaks down four major cybersecurity stories that security teams need to know. Cybersecurity Today would like to thank Material Security for supporting this podcast.  Material security provides. faster, more complete detection and response for email, identity, and data threats inside Google Workspace and Microsoft 365.  Contact them at  material[dot]security  Microsoft has confirmed active exploitation of a new Exchange Server zero-day, CVE-2026-42897, affecting Exchange Server 2016, Exchange Server 2019, and Exchange Subscription Edition. There is currently no patch, only mitigations through the Exchange Emergency Mitigation Service, with some trade-offs for Outlook Web App users. Security researcher Marcus Hutchins highlights an unusually disciplined ransomware affiliate operation using tradecraft more commonly associated with nation-state attackers, including a custom SentinelOne endpoint detection and response (EDR) killer and a stripped-down toolset designed to leave fewer forensic traces. In one of the more astonishing insider threat stories of the week, former OPEX Corporation contractors Muneeb and Sohaib Akhtar were allegedly caught deleting 96 U.S. government databases after leaving a Microsoft Teams recording running. Also in this episode: Fortinet has released urgent patches for critical unauthenticated remote code execution vulnerabilities in FortiAuthenticator (CVE-2026-44277) and FortiSandbox (CVE-2026-26083). If you're responsible for enterprise security, patch management, incident response, or cyber risk, this is one you need to see. Chapters: 00:00 Sponsor Message 00:24 Headlines Intro 00:49 Ransomware Nation-State Discipline 04:18 Exchange Zero-Day Mitigation 07:01 Fired Contractors Caught Recording 09:21 Fortinet Critical Vulnerabilities 11:07 Wrap Up and Sign Off 11:38 Sponsor Deep Dive Ad #Cybersecurity #MicrosoftExchange #ZeroDay #Ransomware #Fortinet #CyberAttack #Infosec #DavidShipley #CybersecurityToday

David Shipley interviews Jon Ferguson, VP at CIRA, about how the Canadian Internet Registration Authority evolved from early paper-based .ca registrations at UBC into a 142-person, member-based not-for-profit running .ca and authoritative Anycast DNS infrastructure now supporting 550+ TLDs globally. Ferguson explains how .ca's Canadian presence requirements help keep abuse rates low, and how CIRA reinvests surpluses into grants and cybersecurity tools, including Canadian Shield (DNS-based malware/phishing blocking and encrypted DNS with limited data retention) used by about 500,000 people and generating about 20 million blocks per month. They discuss CIRA's focus on municipalities, schools, hospitals, and universities, its move into endpoint security and a managed detection and response partner program with Calian, and concerns about AI-driven threats, online harm, and rebuilding trust and real-world connection. 00:00 Weekend Show Kickoff 01:30 Jon's Cyber Journey 03:06 Inside CIRA DNS Role 04:59 What Is CIRA 07:23 Origin Story Of Dot Ca 13:01 Anycast DNS Explained 16:27 Canadian Shield DNS Firewall 22:21 Serving Public Sector Needs 26:18 Endpoint And MDR Expansion 35:05 Mission Over Money 40:39 What Keeps Him Up 46:19 Hope And Balance Online 50:55 Wrap Up And Thanks

Google Cloud customers are reporting shocking surprise bills after compromised or misused API keys were allegedly used to access expensive Gemini AI services. In one case, Rod Dinan says his monthly Google Cloud costs jumped from under $50 to nearly $8,000. Sydney developer Isuru Fonseka says he was hit despite setting spending controls, raising broader questions about API key security, client-side exposure, billing alerts, and how quickly attackers can exploit AI infrastructure. Cybersecurity Today also covers prosecutors' allegations that two fired brothers sabotaged systems tied to government-related work after access wasn't revoked quickly enough, Santa Clara County's civil lawsuit accusing Meta of profiting from scam ads on Facebook and Instagram, and Horizon3.ai's warning that attackers can exploit newly exposed systems in as little as 73 seconds while many organisations still take 24 hours or longer to respond. If your organisation uses APIs, AI services, cloud billing controls, or internet-facing infrastructure, this episode matters. #Cybersecurity #GoogleCloud #GeminiAI #APIKeys #CloudSecurity #Meta #ScamAds #CyberAttack #CybersecurityToday #AIsecurity CHAPTERS 00:00 Google Cloud API Key Bill Shock 01:20 Real-World Victims: Surprise AI Charges 02:24 Why Spending Caps Didn't Stop the Damage 03:38 The Enterprise Cloud Security Risk 04:19 Fired Employees and Alleged Insider Sabotage 04:55 The Database Destruction Timeline 06:34 What This Incident Teaches Security Teams 07:10 Santa Clara County Sues Meta Over Scam Ads 08:46 Attackers Can Strike in 73 Seconds 10:14 Closing and Next Episode

Cybersecurity Today examines a troubling set of new security developments affecting schools, software supply chains, and account security. Instructure says it reached an "agreement" with the ShinyHunters threat group after the massive Canvas breach that may have affected up to 275 million users across 9,000 educational institutions. Reports indicate attackers exploited multiple cross-site scripting (XSS) vulnerabilities to hijack administrator sessions and post extortion demands. Checkmarx has been breached again. This time, attackers reportedly inserted a malicious Jenkins Application Security Testing (AST) plugin designed to steal credentials. The same threat actor, believed to be Team46/TeamTNT-linked infrastructure or Team PCP depending on reporting attribution, appears to have reused secrets allegedly stolen in the earlier Trivy supply-chain compromise. Microsoft and Google are warning organizations not to treat passkeys as a complete security solution. If weaker recovery methods or legacy credentials remain active, attackers can still bypass them. Google's Threat Intelligence Group also reports what it describes as the first observed evidence of hostile actors using AI to assist in zero-day vulnerability research and exploit development, signalling a new phase in attacker industrialization. Also in today's show: Santa Clara County sues Meta over alleged scam-ad profits. Chapters 00:00 Headlines Overview 00:28 Canvas Breach Deal Fallout 01:59 How the XSS Attack Worked 03:15 Checkmarx Supply Chain Attack 05:01 Credential Rotation Lessons 05:37 Why Passkeys Aren't Enough 07:19 Layered Defence Takeaways 08:35 AI-Assisted Zero-Day Development 10:10 Industrialized AI Threats 13:08 Meta Scam Ads Lawsuit 15:19 Wrap Up

A massive cybersecurity week. On this episode of Cybersecurity Today, David Shipley breaks down the reported breach of Instructure's Canvas learning platform, where attacks linked to the ShinyHunters extortion group may have exposed data tied to up to 275 million user accounts across more than 9,000 educational institutions. The incident disrupted access, delayed exams, and forced Instructure to disable its "Free for Teacher" program after attackers allegedly used it to post extortion messages. Also in this episode: the Gentlemen ransomware group suffers a major internal leak, exposing affiliate chats, tooling, victim data, and operational details — a rare look inside a live ransomware operation. Then, General Motors agrees to a $12.75 million California settlement over allegations involving OnStar-linked driver data collection and sharing, raising fresh questions about privacy in connected vehicles. And finally: security researchers report what appears to be the first documented AI-assisted operational technology (OT) cyberattack attempt targeting a water utility in Monterrey, Mexico. The attempt failed to reach industrial control systems, but combined with confirmed attacks on water infrastructure in Poland, it signals a worrying shift in critical infrastructure threats. If you work in cybersecurity, IT, infrastructure, education, or privacy, this episode matters. Chapters 00:00 Top Headlines Rundown 00:41 Canvas Mega Breach 02:44 ShinyHunters Background 03:26 Ransom Pressure Fallout 04:25 Gentlemen Ransomware Leak 05:18 Inside the Data Dump 06:18 GM OnStar Privacy Settlement 08:17 What Drivers Should Know 09:39 AI Meets OT Attacks 11:52 Monterrey Water Near Miss 13:29 Poland Water Systems Hit 15:07 Defending Critical Infrastructure 16:29 Wrap Up And Thanks #Cybersecurity #Canvas #ShinyHunters #Ransomware #OnStar #GeneralMotors #DataBreach #CriticalInfrastructure #WaterUtility #OperationalTechnology #ICS #CyberAttack #Privacy #DavidShipley #CybersecurityToday

This week's panel dives into the cybersecurity stories that matter most for security leaders, IT teams, and anyone watching how AI is changing risk. Jim Love is joined by David Shipley (Beauceron Security), Laura Payne (White Tuque), and Jeff Williams (Contrast Security). Cybersecurity Today would like to thank Material Security for supporting this podcast.  Material security provides. faster, more complete detection and response for email, identity, and data threats inside Google Workspace and Microsoft 365.  Contact them at  material[dot]security  Topics include: Anthropic's Mythos AI security research and whether large language models can realistically replace traditional vulnerability testing Why "vibe coding" may be creating a wave of insecure software The growing risk of autonomous AI agents making damaging decisions The massive Instructure Canvas data breach affecting schools, students, and educators Alberta's voter list privacy failure and what it says about public sector data protection Microsoft's warning about the rapid surge in QR code phishing attacks bypassing traditional email security AI is accelerating software development. It may also be accelerating software insecurity. If your organisation is experimenting with AI coding tools, AI agents, or automated application development, this conversation is worth your time. #Cybersecurity #AI #DataBreach #QRPhishing #ApplicationSecurity #VibeCoding #Canvas #CyberSecurityToday #JimLove 00:00 Sponsor Message 00:22 Meet the Panel 00:55 Jeff Williams Introduction 02:21 AI Bug Hunting with Mythos 05:40 Cost and Limits of AI Security Testing 10:16 The Vibe Coding Security Problem 13:24 Context Window and Data Flow Limits 16:59 Spec-Driven AI Development 18:29 Software Liability and EU Regulation 24:47 When AI Agents Go Rogue 27:05 Trust in the AI Era 28:24 Enterprise Reality Check 29:03 Critical Thinking vs AI 30:31 Testing AI Agents Safely 31:30 Canvas Data Breach Fallout 34:45 Real-World Data Harm 38:00 Liability and Attack Methods 41:39 Alberta Voter List Privacy Failure 48:56 Government Breach Lessons 51:26 QR Code Phishing Surge 55:00 Wrap Up and Sponsor

In this special edition of Cybersecurity Today, David Shipley speaks with scam-fighting expert Erin West about the global fraud crisis, the rise of AI-powered scams, and why traditional law enforcement may be falling behind. Cybersecurity Today would like to thank Material Security for supporting this podcast.  Material security provides faster, more complete detection and response for email, identity, and data threats inside Google Workspace and Microsoft 365.  Contact them at  material[dot]security  From David's discussion with Erin West: The numbers are staggering. The FBI's Internet Crime Complaint Center reported more than $21 billion in cybercrime losses, but experts say actual losses could be dramatically higher because most victims never report fraud. Other key points of their discussion: Why pig butchering scams continue to grow globally How criminal operations are moving from Cambodia to Myanmar, Laos, Sri Lanka and beyond Why AI is making scam operations faster, cheaper and harder to detect The controversy around Meta and scam advertising revenue Why crypto ATMs remain a major fraud tool How cloned celebrity voices are being used in romance and impersonation scams Why banks, law enforcement, governments and tech platforms must act together How Operation Shamrock is trying to fight back through public education This is not just a story about money. It's about organized crime, industrial-scale fraud, and ordinary people being manipulated through trust, loneliness, and increasingly sophisticated technology, featuring scam-fighting prosecutor and Operation Shamrock founder Erin West. #Cybersecurity #Scams #Meta #OnlineFraud #AI #Cybercrime #PigButchering #CryptoScams #FacebookScams #CybersecurityToday

QR-code phishing is no longer a niche attack. Microsoft says QR phishing attacks jumped from 7.6 million in January to 18.7 million in March 2026 — a 146% increase in just three months. In this episode of Cybersecurity Today, David Shipley explains why QR-based attacks are bypassing traditional corporate defences and why security teams need to rethink phishing awareness immediately. We also cover a critical new Apache HTTP Server vulnerability with both denial-of-service and potential remote code execution impacts, a sustained DDoS and extortion campaign targeting Ubuntu developer Canonical, and a remarkable case in Taiwan where a university student allegedly used software-defined radio gear to trigger emergency braking on four high-speed trains. Finally, CISA's new "CI Fortify" guidance urges critical infrastructure operators to prepare for scenarios where they may need to disconnect from the internet and continue operating manually during a geopolitical cyber crisis. Cybersecurity Today would like to thank Material Security for supporting this podcast.  Material security provides. faster, more complete detection and response for email, identity, and data threats inside Google Workspace and Microsoft 365.  Contact them at  material[dot]security  Stories include: • Microsoft reports QR phishing attacks surged 146% in Q1 2026 • Apache HTTP Server CVE-2026-23918 urgent patch warning • Ubuntu developer Canonical hit by ongoing DDoS and extortion campaign • Taiwanese student allegedly halts high-speed trains with fake emergency radio signal • CISA tells critical infrastructure operators to prepare for isolation and manual operations Chapters: 00:00 Intro 01:02 QR phishing explodes in Q1 2026 06:15 Critical Apache HTTP Server flaw patched 09:15 Ubuntu maintainer Canonical hit by extortion DDoS attack 14:25 Taiwanese student wirelessly halts high-speed trains 20:32 CISA warns critical infrastructure to prepare for isolation 26:10 Closing thoughts

Microsoft Defender Deletes Trusted Certificates | 44,000 cPanel Servers Hit by Ransomware Microsoft Defender mistakenly flagged legitimate DigiCert root certificates as malware and removed them from Windows systems, breaking trust chains and causing widespread application failures. The issue was traced to a faulty detection signature (Trojan:Win32/CertyAgent), now fixed in update version 1.449.430.0.  At the same time, DigiCert confirmed a separate security incident where attackers compromised support systems and used internal tools to issue valid code-signing certificates. At least 60 certificates were revoked, including 27 linked to the Zong Stealer malware campaign.  Meanwhile, a critical cPanel vulnerability (CVE-2026-41940) is being actively exploited. Attackers used the flaw as a zero-day since February, compromising at least 44,000 servers and deploying new SORI ransomware using ChaCha20 and RSA-2048 encryption.  Also in this episode: The Linux "Copyfail" privilege escalation bug is now confirmed exploited and added to CISA's Known Exploited Vulnerabilities list A 10/10 critical vulnerability (CVE-2026-37541) in Open Vehicle Monitoring System could allow remote code execution in connected car environments This episode breaks down how these attacks work, why patch timing matters, and where organizations are most exposed right now. Cybersecurity Today would like to thank Material Security for supporting this podcast.  Material security provides. faster, more complete detection and response for email, identity, and data threats inside Google Workspace and Microsoft 365.  Contact them at  material[dot]security  Suggested Chapters (for retention and SEO) 00:00 Microsoft Defender deletes trusted certificates 02:20 DigiCert breach and stolen code-signing certificates 05:20 cPanel zero-day exploited, 44,000 servers compromised 08:40 Linux Copyfail vulnerability now actively exploited 10:40 Critical flaw in open-source car software  

Connected cars are no longer just vehicles — they are rolling networks of sensors, cameras, microphones, and constant data transmission. In this Cybersecurity Today Weekend Edition, David Shipley is joined by former CSIS intelligence officer Neil Bisson and cybersecurity expert Federico Simonetti to break down what that really means. They explain how modern vehicles: Continuously report location, behaviour, and system data to the cloud Contain dozens of interconnected computers controlling everything from steering to braking Can be vulnerable to man-in-the-middle attacks, remote access, and system compromise May expose drivers to surveillance — not just by companies, but potentially by nation states The conversation goes beyond theory. Real-world examples are discussed, including: Remote vehicle manipulation demonstrated by security researchers How infotainment systems can become entry points to critical controls Why some countries are already restricting certain vehicles from sensitive locations The panel also tackles the bigger issue: This is not just about one country or one manufacturer. Every connected vehicle expands the attack surface. And while solutions exist — from better authentication to architectural changes — the challenge is no longer technical. It's political, economic, and global. If you think your car is just transportation, this discussion may change your perspective. 00:00 Connected Cars: More Than Just Vehicles 01:20 Meet the Panel: Intelligence and Cybersecurity Perspectives 03:10 Every Car Is Now a Networked Computer 06:00 Surveillance Risks: Are Cars "Rolling Spy Vans"? 09:10 What Intelligence Agencies Can Do With Car Data 12:30 Sensors, GPS, Cameras — What Your Car Collects 16:20 Real Example: Tesla Camera Privacy Incident 19:00 Can Hackers Take Control of a Car? 22:30 Real-World Hacks: Jeep and Nissan Cases 26:40 The Regulatory Gap: No Enforced Cybersecurity Standards 30:10 Why Governments Are Struggling to Act 34:00 Cheap EVs vs National Security Risks 37:40 Can Software Fix the Problem? 41:20 Global Response: China, US, and Europe 45:10 Policy Ideas: Kill Switches, Car Bill of Rights 49:00 Prevention vs Detection in Cybersecurity 52:30 Are We Already Too Exposed? 55:10 Final Thoughts: Can Connected Cars Be Made Safe?

A U.S. federal investigation into WhatsApp encryption was shut down before reaching a conclusion — after an internal claim suggested Meta systems may access message content in ways that conflict with public descriptions. In this episode of Cybersecurity Today, Jim Love breaks down what's known, what isn't, and why the story isn't going away. Also in this episode: A newly disclosed Linux vulnerability (CVE-2026-31431) allows an unprivileged local attacker to gain root permissions — using a flaw that may have existed since 2017 BlueKit, a new phishing toolkit, shows how AI is now being built directly into cybercrime platforms More than three million Alberta voter records exposed after being posted online — not by hacking, but by alleged misuse of legally distributed data These stories highlight a growing pattern: the biggest risks aren't always new attacks — they're often hidden in how systems are designed, used, and trusted. Chapters: 00:00 WhatsApp encryption investigation shut down 02:15 Linux "copy fail" root vulnerability explained 04:30 BlueKit AI phishing platform 06:30 Alberta voter data leak Cybersecurity Today delivers clear, factual reporting on the stories that matter to IT professionals, business leaders, and anyone responsible for protecting data and systems.

A major open source Python tool was hijacked in a supply chain attack, exposing developer credentials, cloud secrets, and crypto wallets. Meanwhile, the FTC says Americans lost more than $2.1 billion to scams that began on social media, with Facebook leading reported losses. Cybersecurity Today thanks Meter for supporting this podcast. Meter delivers a complete networking stack — wired, wireless, and cellular — in one integrated solution built for performance and scale. Learn more at Meter.com/cst. Also in today's Cyber Security Today: Brazilian hackers return with fake Minecraft cheat downloads carrying credential-stealing malware A new ransomware strain destroys victim files so badly even paying the ransom may not help North Korean threat actors target crypto executives using fake Zoom and Teams meetings powered by AI deception tactics If you work in IT, cybersecurity, finance, or simply want to stay safe online, this episode breaks down what matters and what to watch next. Stories covered in this episode are based on reporting summarized in the show transcript.   #cybersecurity #ransomware #scams #python #hacking #northkorea #cryptocurrency #malware #technews

A rogue cyber weapon drove through Toronto blasting scam texts to thousands of phones. A major U.S. critical infrastructure provider confirms a cyberattack. And researchers reveal that Stuxnet may not have been the first cyber weapon after all. In today's Cybersecurity Today with David Shipley: • First known SMS blaster case in Canada uncovered in Toronto • Itron, a major utility technology supplier, discloses cyber intrusion • Researchers say a 2005 malware campaign predates Stuxnet • Venezuela energy sector attack reveals destructive "Lotus Wiper" malware • Why AI-powered attacks may change critical infrastructure risk forever If you care about cybersecurity, nation-state threats, infrastructure risk, and real-world attacks, this episode is essential listening. Hosted by David Shipley. Cybersecurity Today thanks Meter for supporting this podcast. Meter delivers a complete networking stack — wired, wireless, and cellular — in one integrated solution built for performance and scale. Learn more at Meter.com/cst. Chapters 00:00 Intro 00:36 Toronto SMS Cyber Weapon 05:12 Critical Infrastructure Supplier Hit 09:28 Stuxnet History Rewritten 14:32 Venezuela Energy Sector Attack 19:05 Final Thoughts #Cybersecurity #Stuxnet #CyberAttack #Toronto #CriticalInfrastructure #Hacking #Itron #CyberNews #DavidShipley

Inside the Vercel Breach: Highlighting OAuth Token Risk  In a special edition of Cybersecurity Today, host Jim Love and guest Jamie Blasco (CTO, Nudge Security) discuss Vercel, a major developer hosting platform, and a breach tied to OAuth grants and shadow AI. Reporting shared by Contrast Security's David Lindner describes how a Context AI employee downloaded Roblox AutoFarm scripts, got infected with an info stealer, and attackers harvested credentials, compromised Context AI, then used an over-permissioned OAuth token from a Vercel employee who had signed up to Context AI with an enterprise account and clicked "allow all," with Vercel working with Mandiant on a breach allegedly being sold for $2 million. The episode emphasizes that MFA may not mitigate OAuth abuse, urges admin-managed consent, continuous inventory and auditing of OAuth grants, and better visibility into risky third-party app access across Google Workspace and Microsoft 365. Cybersecurity Today would like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking stack, wired, wireless and cellular in one integrated solution that's built for performance and scale.  You can find them at Meter.com/cst 00:00 Special Edition Intro 00:14 Sponsor Message Meter 00:33 Supply Chain Hack Setup 01:16 Breach Seen In Wild 02:36 Meet Jamie Blasko 02:56 Who Is Vercel 04:34 How The Breach Happened 05:58 Context AI And Shadow IT 07:58 OAuth Controls And Audits 09:11 Impact And Open Questions 11:24 Why MFA Falls Short 12:22 Where To Get Help 14:07 Host Takeaways OAuth Risk 14:53 What To Do Next 16:06 Wrap Up And Feedback 16:42 Sponsor Close Meter 17:24 Final Sign Off          

Vercel Supply-Chain Breach via AI Tool, Meta Sued Over Scam Ads, and Ransomware Surges with "The Gentleman" David Shipley covers new details on the Vercel breach, which began when an employee used the third-party AI tool Context AI; after Context AI was breached, attackers leveraged Google OAuth access to pivot into Vercel systems and enumerate unencrypted "non-sensitive" environment variables that contained usable secrets, with a hacker claiming Vercel data and source code and demanding $2M, while Vercel says Next.js and other open-source projects are safe and shares Google OAuth indicators of compromise. The episode also discusses a proposed class-action lawsuit alleging Meta misled users about scam ads and profited from them, noting Meta's claim it removed 159M scam ads and shut down nearly 11M criminal accounts. Finally, it cites ZeroFox data showing ransomware incidents holding steady at 2,059 in Q1 2026 and highlights Check Point research indicating "The Gentleman" has a much larger victim footprint and uses tactics like disabling Defender, re-enabling SMB1, abusing GPO, and targeting VMware environments. Cybersecurity Today would like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking stack, wired, wireless and cellular in one integrated solution that's built for performance and scale.  You can find them at Meter.com/cst 00:00 Headlines and Sponsor 00:46 Vercel AI Supply Chain Breach 02:50 Meta Sued Over Scam Ads 04:55 Ransomware Numbers Q1 2026 06:46 Gentlemen Crew Exposed 08:56 Wrap Up and Thanks 09:42 Sponsor Message Meter

Microsoft Under Fire, NIST Scales Back NVD, FortiSandbox Critical Bugs, Vercel Breach Claims, Scattered Spider Member Pleads Guilty Host David Shipley covers five major stories: researcher "Chaotic Eclipse" publicly released Windows exploits—first "Blue Hammer," then "Red Sun," a Microsoft Defender flaw enabling privilege escalation on fully patched Windows 10/11 and Server—amid claims Microsoft mistreated them, highlighting strain on responsible disclosure as vendors face mounting vulnerability volume and AI-driven bug discovery. NIST announced it can no longer fully enrich all CVEs in the National Vulnerability Database, prioritizing only exploited-in-the-wild issues, federal software, and critical software, leaving the rest backlogged. In "FortiWatch," two critical FortiSandbox flaws allow auth bypass and remote command execution; patches are available. Vercel confirmed attackers accessed internal systems and urges customers to review and rotate environment variables amid unverified ShinyHunters ransom claims. Finally, alleged Scattered Spider member Tyler Buchanan pled guilty to an $8M crypto theft case, with reporting describing the group's social engineering tactics and escalating real-world violence tied to cybercrime. Cybersecurity Today  would like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking stack, wired, wireless and cellular in one integrated solution that's built for performance and scale.  You can find them at Meter.com/cst 00:00 Headlines And Sponsor 00:49 Microsoft Bug Drop 03:00 Disclosure System Strain 05:59 NVD Backlog Crisis 08:47 FortiWatch FortiSandbox 11:43 Vercel Breach Fallout 14:43 Scattered Spider Guilty Plea 18:54 Wrap Up And Thanks

Cybersecurity Today Month-in-Review: RSAC AI Hype, Agentic Risks, Mythos Claims, and Real-World Resilience Jim Love hosts a delayed March month-in-review with panelists David Shipley and Laura Payne, starting with RSAC takeaways: agentic AI everywhere, heightened marketing spectacle, and industry tension as AI becomes the new "cool kid." They discuss the surge of autonomous agents, including OpenClaw-style experimentation leading to stolen tokens and the ease of social-engineering LLMs, plus legal and brand risks of chatbots after the Air Canada precedent. The panel debates Anthropic's source-code leak and "Mythos" messaging, while acknowledging AI tools are finding real zero-days amid massive technical debt and rising exploit speed, raising questions about liability and EU accountability. They highlight a positive case: Stryker Medical's rapid recovery after 80,000 devices were wiped via Intune settings, and note additional incidents targeting healthcare, critical infrastructure PLCs, supply-chain attacks, and longer-term impacts from major source-code thefts. Cybersecurity Today  would like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking stack, wired, wireless and cellular in one integrated solution that's built for performance and scale.  You can find them at Meter.com/cst   00:00 Show Intro Sponsor 00:22 Panel Welcome Setup 01:56 RSAC Vibes Agentic AI 03:19 Conference Hype Booths 06:32 AI Free Fridays Skills 08:12 Marketing Hype Filters 11:38 Agent Networks Gone Wild 16:00 Social Engineering LLMs 19:45 Chatbots Liability Law 23:13 Anthropic Leak Mythos 25:17 AI Code Quality Debate 29:28 Technical Debt Bug Mining 30:40 AI Hacking Era 32:09 Paying Down Tech Debt 32:54 Software Liability Shift 34:24 AI Pen Testing Scale 37:53 Token Costs and Proof 40:08 Canary Traps and Ethics 41:26 Blast Radius Resilience 44:17 Stryker Wipe Recovery 46:52 More Attacks Recap 50:07 Fast Cheap Code Debate 53:26 War Rules and Agents 56:32 Back to Basics Close 01:00:18 Final Thanks Sponsor

WebEx SSO Vulnerability, booking.com Reservation Hijacking Risks, Windows Recall Scrutiny, and AI Vishing-as-a-Service Host Jim Love reports that Cisco disclosed a critical WebEx vulnerability (CVE-2026-2184) affecting SSO integration with Control Hub; although server-side fixes are applied and no exploitation is seen, SSO customers must update SAML certificate configuration to avoid disruption when the old certificate expires, amid recent Cisco firewall zero-day exploitation (CVE-2026-2131) tied to interlock ransomware. A booking.com breach exposed some customers' reservation data (names, contact and address details, reservation details, and messages) but not payment cards, increasing phishing "reservation hijacking" risk using real itinerary details. Researchers also highlight new concerns with Microsoft's Windows 11 Recall, where data may be intercepted after login via another process, though Microsoft says protections are intended. Finally, an underground $4,000 platform, ATHR, automates phishing/vishing with AI voice agents to steal verification codes and accounts across major services. Cybersecurity Today would like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking stack, wired, wireless and cellular in one integrated solution that's built for performance and scale. You can find them at Meter.com/cst 00:00 Top Security Headlines 00:32 Sponsor Message 00:50 WebEx Critical Flaw 02:36 Booking.com Breach Scams 05:20 Windows Recall Weaknesses 08:36 AI Voice Phishing Service 11:24 Wrap Up and Thanks

Android Mirax RAT, North Korea's Friend-Request Hacks, Adobe PDF Zero-Day, and FBI Phishing Takedown | Cybersecurity Today David Shipley covers multiple trust-based cyber threats: Mirax Android malware pushed via Meta ads posing as free streaming apps, functioning as a remote access trojan and turning infected phones into residential proxies, amid reports of widespread scam advertising on Meta platforms. Researchers link a North Korean APT37 campaign to Facebook friend requests that shift to Messenger and Telegram before delivering a tampered PDF viewer that installs Rock Rat and exfiltrates data via Zoho WorkDrive. Adobe issues an emergency patch for an Acrobat/Reader zero-day where opening a PDF can expose files, seen targeting oil and gas with Russian-language lures. The FBI and Indonesian authorities dismantle the Wall phishing marketplace designed to bypass MFA via session-cookie theft, as similar services quickly rebound. The FBI reports Americans lost nearly $21B to cybercrime in 2025, driven by investment and crypto fraud, with growing AI-enabled scams. 00:00 Headlines And Sponsor 00:57 Mirax Android Proxy Malware 02:47 Meta Scam Ad Machine 05:01 North Korea Friend Request Hack 07:44 Adobe Acrobat Zero Day Patch 10:11 FBI Wall Phishing Kit Takedown 12:28 Why Takedowns And MFA Fall Short 15:02 Cybercrime Losses Hit $21B 18:16 Wrap Up And Thanks 18:55 Meter Sponsor Message

Mythos Sparks Urgent Bank Meetings, AI Shrinks Exploit Windows, CEO Phishing Beats MFA + Crypto Fraud Bust Cybersecurity Today  would like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking stack, wired, wireless and cellular in one integrated solution that's built for performance and scale.  You can find them at Meter.com/cst Host David Shipley covers urgent meetings among U.S., Canadian, and U.K. financial leaders after Anthropic's Mythos announcement, with regulators and major banks assessing potential systemic risk; Mythos is described as capable of finding and chaining zero-days and is limited to a preview program (Project Glasswing) with select critical infrastructure and tech firms. The episode highlights how fast vulnerabilities are now exploited, citing a critical Marimo flaw patched in 0.2.3.0 that attackers probed within 9 hours and research showing AI can generate exploits from CVEs in 10–15 minutes. It then details "Venom," an invitation-only phishing-as-a-service targeting executives via QR codes to hijack sessions and register new devices, and Microsoft's warning about Storm-2755 redirecting Canadian paychecks by stealing M365 session cookies and altering direct-deposit details. Finally, Operation Atlantic is summarized: authorities identified 20,000 crypto-fraud victims, froze $12M, and linked $45M in stolen crypto tied to approval phishing. 00:00 Headlines and Sponsor 00:57 Mythos Shakes Finance 04:58 AI Exploit Window Collapses 08:11 Venom Targets Executives 11:54 Payroll Redirect Scam 14:35 Crypto Fraud Takedown 16:47 Wrap Up and Thanks 18:04 Sponsor Outro

AI-Powered AppSec, OWASP Origins, and Anthropic's "Mythos" Model: Jeff Williams on What Changes Next Cybersecurity Today  would like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking stack, wired, wireless and cellular in one integrated solution that's built for performance and scale.  You can find them at Meter.com/cst Jim hosts Jeff Williams (Contrast Security co-founder/CTO and former OWASP global chair) for a wide-ranging discussion that begins with Anthropic's new "Mythos" model, described as powerful for finding zero-day vulnerabilities, and expands into how AppSec must evolve. Williams explains Contrast's runtime instrumentation approach, recounts OWASP's early days, the creation of WebGoat and the OWASP Top 10, and notes that many common vulnerabilities persist despite years of maturity models. They debate open source versus commercial security scrutiny, the likely high cost and scalability limits of advanced AI vulnerability discovery, and why finding more bugs matters only if remediation improves too. Williams argues for AI-powered "software factories" with feedback loops, assurance evidence, and runtime monitoring, and flags the EU Product Liability Directive treating software as a product with no-fault liability for security defects, including those from embedded open source. 00:00 AppSec Stuck in Ruts 00:42 Show Intro and Sponsor 01:40 What Contrast Security Does 02:35 OWASP Origins and WebGoat 04:33 Why the Top 10 Persists 06:28 Mythos Model Overview 08:05 Open Source Scrutiny Myth 11:31 Cost and Adoption Barriers 15:04 Finding vs Fixing Bugs 15:55 AI Code Quality Reality 17:46 AI Powered Software Factory 23:11 Building with AI in Practice 25:18 AppSec Metrics and New Approaches 26:42 Staying Optimistic as a CISO 28:00 EU Product Liability Shift 32:13 Bug Bounties in an AI World 34:06 Wrap Up and Outro

Fortinet EMS Zero-Day Exploited, Anthropic's AI Finds Thousands of Bugs, and Iranian Hackers Target US ICS Cybersecurity Today  would like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking stack, wired, wireless and cellular in one integrated solution that's built for performance and scale.  You can find them at Meter.com/cst Host David Shipley reports Fortinet issued emergency hotfixes for a new actively exploited FortiClient EMS unauthenticated RCE zero-day (CVE-2026-35616) affecting 7.4.0.5/7.4.0.6, with over 2,000 exposed instances online and a full fix coming in 7.4.0.7. Anthropic says its Claude "Mythos" model (Project Glasswing) has found thousands of high-severity zero days and demonstrated advanced exploit chaining and sandbox escape, but will not be released publicly; it is being used with major partners and funded with up to $100M in credits plus $4M for open-source security. A postmortem details a North Korea–linked social-engineering supply-chain breach of Axios on NPM, part of a broader campaign spreading 1,700+ malicious packages across multiple ecosystems. US agencies warn Iranian-linked hackers are targeting Rockwell/Allen-Bradley PLCs in critical infrastructure. The White House proposes a $707M cut to CISA, reducing staffing while preserving $1.4B for core cybersecurity. 00:00 Headlines and Sponsor 00:55 Fortinet EMS Zero Day 03:21 AI Finds Zero Days 05:56 Axios Supply Chain Breach 08:02 North Korea Package Campaign 10:13 Iran Targets Industrial Control 12:22 CISA Budget Cuts Debate 14:05 Wrap Up and Thanks 14:59 Sponsor Message Meter

Host David Shiple covers major cybersecurity news: investigators attribute a record $285 million April 1 hack of crypto platform Drift Protocol to North Korea, describing a three-week setup involving a fake "Carbon Vote Token," wash trading to inflate value, social engineering to pre-approve backdoored transactions, Drift's removal of a timelock, and rapid collateralized withdrawals that crashed Drift's token and are now tracked by TRM Labs; the report notes North Korea's 2025 crypto theft total of $2.5B and lifetime total surpassing $7B after this incident, alongside mention of a North Korea-linked supply-chain compromise of the widely used Axios package. Stryker Medical says it has fully recovered from a March 11 Iran-linked wiper attack that used a compromised admin account and Microsoft Intune, prompting Microsoft guidance on multi-admin approval for wipes. The FBI labels a suspected China-linked breach of a U.S. surveillance system a "major incident," likening it to the 2024 Salt Typhoon campaign, while Sen. Mark Warner cites staffing cuts and leadership turmoil at CISA. TechCrunch reports embattled compliance startup Delve faces new claims it repackaged an open-source tool (Sim Studio) as its own "Pathways," as Delve denies broader fraud allegations, says it was targeted by a malicious actor, and Y Combinator cuts ties. Cybersecurity Today  would like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking stack, wired, wireless and cellular in one integrated solution that's built for performance and scale.  You can find them at Meter.com/cst 00:00 Headlines And Sponsor 00:54 North Korea Crypto Heist 01:16 How The Drift Hack Worked 03:20 Bigger DPRK Crypto Trend 04:24 Stryker Wiper Recovery 06:39 China Breach Major Incident 08:38 Policy And Staffing Fallout 09:37 Delve Startup In Crisis 10:29 Stolen Software Allegations 13:12 Delve Fights Back YC Cuts Ties 14:35 Wrap Up And Thanks 15:12 Sponsor Message Meter 00:00 Headlines And Sponsor 00:54 North Korea Crypto Heist 01:16 How The Drift Hack Worked 03:20 Bigger DPRK Crypto Trend 04:24 Stryker Wiper Recovery 06:39 China Breach Major Incident 08:38 Policy And Staffing Fallout 09:37 Delve Startup In Crisis 10:29 Stolen Software Allegations 13:12 Delve Fights Back YC Cuts Ties 14:35 Wrap Up And Thanks 15:12 Sponsor Message Meter

EV Charging Infrastructure Security: How Hackers Could Disrupt Chargers, Networks, and the Grid Cybersecurity Today  would like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking stack, wired, wireless and cellular in one integrated solution that's built for performance and scale.  You can find them at Meter.com/cst In this holiday weekend edition of Cybersecurity Today, Jim Love introduces David Shipley's interview with Steve Visconti, CEO of Xiid Corporation, about cybersecurity risks in electric vehicle (EV) charging infrastructure. Visconti explains Xiid's software-based security layer for IP networks, aimed at critical infrastructure across enterprise, public sector, and DOD environments, and its growing focus on OT/IoT such as EV charging systems. The discussion highlights how EV chargers connect vehicles, homes, back-office billing/control systems, cloud services, and potentially vehicle-to-grid power flows, creating large-scale attack surfaces that could enable disruption, DDoS activity, or broader grid instability. Visconti argues for "unreachability" architectures that close ports and remove static exposure while allowing only registered users and machine-to-machine access. The interview also touches on concerns about vulnerabilities leading to fires, supply-chain risks, and policy debates such as government-accessible vehicle kill switches. 00:00 Holiday Weekend Intro 01:46 Meet Steve Visconti 04:16 EV Charging Symposium 06:40 Vehicle to Grid Risks 09:16 Fires and Attack Vectors 12:14 Making Chargers Unreachable 14:37 Car as the Threat 19:05 Awareness and DDoS Reality 23:09 Government Kill Switch Debate 24:49 Wrap Up and Sponsor Thanks

Cisco Source Code Stolen in Trivy Fallout, Axios Supply Chain Attack, and Active Exploitation of Fortinet and Citrix Flaws David Shipley reports multiple major security incidents: attackers used credentials stolen in the Trivy supply-chain attack via a malicious GitHub action to breach Cisco's internal development environment, clone 300+ GitHub repos, steal source code (including AI products) and AWS keys, and impact customer-related code; Cisco contained the breach, re-imaged systems, and rotated credentials. A separate supply-chain attack hit the widely used JavaScript library Axios after its maintainer account was compromised, pushing poisoned NPM versions that installed a dropper/RAT via a fake dependency; users are told to downgrade affected versions, remove the dependency, rotate credentials, and review CI/CD logs. Active exploitation is confirmed for a Fortinet FortiClient EMS SQL injection (CVE-2026-21643) and for critical Citrix NetScaler flaws (CVE-2026-3055, possibly alongside CVE-2026-4368). Anthropic accidentally exposed details of a new model, "Code Mythos," described as highly capable in reasoning, coding, and cybersecurity. Finally, TechCrunch reports escalating allegations that compliance startup Delve helped fabricate audit evidence and worked with weak auditors. The episode also marks show episode 1,500. 00:00 Headlines and Sponsor 00:54 Cisco Trivy Breach 02:28 Axios NPM Attack 04:12 Fortinet SQLi Exploited 06:24 Citrix Bleed Returns 08:05 Anthropic Model Leak 10:24 Fake Compliance Scandal 12:30 Episode 1500 Milestone 14:03 Sponsor Closing Message

Mac Malware 'Infinity Stealer,' DarkSword iOS Exploits, China Telecom Espionage & TeamTNT Supply Chain Hits Cybersecurity Today would like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking stack, wired, wireless and cellular in one integrated solution that's built for performance and scale. You can find them at Meter.com/cst David Shipley reports from Seoul on major threats: Malwarebytes details Infinity Stealer, a new macOS info-stealer delivered via "ClickFix" social engineering and built as a compiled Python payload (Nuitka) that steals browser credentials, Keychain data, crypto wallets, and developer secrets while notifying attackers via Telegram. Proofpoint links Russia-aligned TA446 (Cold River/Star Blizzard) to spear-phishing using the DarkSword iOS exploit kit to deliver GhostBlade, with DarkSword now leaked on GitHub and Apple pushing unusual on-device warnings for vulnerable iOS versions. Rapid7 describes China-linked "Red Menshen" using the kernel-level BPFdoor backdoor to persist in global telecom networks. TeamTNT compromises the Telnyx PyPI package with WAV-steganography payloads that steal secrets and target Kubernetes. Iran-linked activity includes a symbolic FBI director email breach and escalating, deliberate healthcare disruption via attacks on Stryker and a Pay2Key incident. 00:00 Show Intro and Sponsor 00:53 Mac ClickFix Stealer 03:25 Dark Sword iOS Exploits 06:30 China Telecom Backdoor 08:47 TeamTNT PyPI Supply Chain 12:20 Iran Cyber and Healthcare 17:41 Wrap Up and Thanks 18:43 Sponsor Message

RSAC Recap: Agentic AI Takes Over, Security Funding Shifts, and Why CISOs Must Focus on Resilience Cybersecurity Today  would like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking stack, wired, wireless and cellular in one integrated solution that's built for performance and scale.  You can find them at Meter.com/cst Jim Love and co-host David Shipley recap the RSA Conference in San Francisco, noting that "zero trust" marketing has faded and "agentic AI" (especially "agentic SOC") dominated vendor messaging. David highlights a major market shift: AI is pressuring cybersecurity company valuations and could reduce funding, accelerate consolidation, and raise security costs due to heavy compute requirements, even as demand increases. They discuss how AI disproportionately benefits attackers, including new phishing-as-a-service capabilities, while organizations cut security hiring in anticipation of AI gains. David's standout booth, MindGuard, used a 1990s metaphor to argue AI security is as immature as cybersecurity was decades ago. He also interviews Commvault CSO Bill O'Connell on the evolving CISO role, communicating risk, the importance of recovery and "ResOps," and celebrating CISOs, including Time magazine's CISO of the year concept. 00:00 Weekend Show Kickoff 00:46 RSAC Recap Setup 01:06 Zero Trust Is Dead 01:48 Agentic SOC Everywhere 03:41 AI Shifts Security Valuations 06:55 Peak Security And Consolidation 07:55 Costs And Layoffs Warning 09:35 Attackers Gain The Edge 11:48 RSAC Booth Spectacle 13:39 MindGuard Nineties Metaphor 15:40 Commvault CISO Interview Begins 17:22 Backup To Cyber Resilience 18:04 Modern CISO Role Evolution 19:55 Translating Risk For Leaders 21:44 Risk Versus FUD 22:22 AI Hype And CISO Relevance 23:29 Defining AI And Controls 24:33 Agentic AI And Backups 25:49 Resilience Over Prevention 27:52 ResOps And Practicing Recovery 31:06 Advice For New CISOs 33:30 Celebrating The CISO Role 35:43 Is The Job Worth It 37:06 Host Wrap And Audience Feedback 39:18 Korea Trip And Show Signoff 40:13 Sponsor Message And Closing

Anonymous Tip System Breach Exposes Millions of Records, Google Warns Q-Day by 2029, and New AI Documentation Supply-Chain Risks Cybersecurity Today  would like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking stack, wired, wireless and cellular in one integrated solution that's built for performance and scale.  You can find them at Meter.com/cst Jim Love reports that a breach at P3 Global Intel, whose tip-submission systems are used by police, government agencies, and schools, allegedly exposed over 8 million submissions including highly sensitive personal data and raised concerns about anonymity due to features that could disclose tipster IP information; the company says it has not confirmed misuse. Google warns "Q Day," when quantum computers could break widely used public-key encryption, may arrive as early as 2029, intensifying urgency around "harvest now, decrypt later" and adoption of post-quantum cryptography standards. The episode also highlights AI-era supply-chain threats where community-generated documentation can be poisoned with indirect prompt injections that influence AI-generated code, and notes upcoming GitHub Copilot policy changes to use prompts and code context from certain users for training unless they opt out, making data governance critical. 00:00 Headlines And Sponsor 00:45 Anonymous Tip Line Breach 03:42 Quantum Q Day Timeline 06:10 Poisoned Documentation Attacks 08:57 Copilot Training Data Changes 10:27 Wrap Up And Meter Thanks

RSAC: Retiring "APT," FCC's US-Made Router Ban, Zoom Call Scraping, Iran-Targeting Wiper, and Cyber Terrorism Insurance From RSAC 2026, host David Shipley highlights ESET researcher Robert Lipowsky's argument to retire the overused "advanced persistent threat" label and instead describe actors by motivation and activity, noting blurred lines between nation-state and criminal tooling. He also reports RSAC vendor trends (zero trust fading, "agentic AI" everywhere) and standout booth themes. In Washington, the FCC bans authorization of any new Wi‑Fi router models not made in the United States, citing supply-chain risk and attacks like Volt Flax and Salt Typhoon, impacting an industry largely manufacturing abroad unless exemptions are granted with plans to reshore. The episode details Webinar TV allegedly joining public Zoom links to record calls and publish AI-generated podcast recaps, and a Kubernetes-targeting campaign linked to the Trivy supply-chain attack that deploys an Iran-checking wiper. Finally, Treasury seeks comments on expanding the terrorism risk insurance backstop (TRIP) to cover cyber losses. Cybersecurity Today  would like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking stack, wired, wireless and cellular in one integrated solution that's built for performance and scale.  You can find them at Meter.com/cst   00:00 Sponsor Meter Intro 00:18 Headlines Preview 00:58 Retiring The APT Label 02:51 RSAC Floor Trends 05:08 FCC Router Ban 06:43 Zoom Calls Turned Podcasts 09:29 Iran Targeting Wiper 10:57 Cyber Terrorism Insurance Debate 13:15 Wrap Up And Thanks 13:44 Sponsor Meter Outro

Compliance Startup Audit-Faking Claims, Trivy Supply-Chain Backdoor, Russia Targets Signal/WhatsApp, and Iran-Linked Stryker Disruption Cybersecurity Today  would like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking stack, wired, wireless and cellular in one integrated solution that's built for performance and scale.  You can find them at Meter.com/cst This episode covers allegations that Y Combinator-backed compliance startup Delve helped customers fake privacy and security audits by generating fabricated evidence that auditors then rubber-stamped, alongside Delve's denial and a report of sensitive Delve data being externally accessible. It also details a TeamTNT/Team PCP-style supply-chain compromise of Aqua Security's Trivy scanner via GitHub build and tag tampering, briefly distributing a backdoored release that stole cloud credentials, SSH keys, tokens, and more, with guidance to treat affected environments as fully compromised and rotate secrets. The FBI and CISA warn of Russian intelligence-linked phishing targeting Signal and WhatsApp accounts through social engineering and malicious QR codes. Finally, it describes the real-world impact of an Iran-linked Handala cyberattack on Stryker, disrupting custom implant logistics and delaying surgeries. 00:00 Sponsor Message Meter 00:18 Headlines Overview 00:48 Delve Audit Allegations 03:27 Trivy Scanner Backdoor 06:01 Russian Phishing Signals 08:54 Stryker Attack Fallout 11:30 Wrap Up And RSAC 11:48 Sponsor Message Meter

Cybersecurity Isn't Managing Risk—It's Managing Threats... And That's the Problem Host David Shipley speaks with Jeff Gardiner, a former university CISO and now at Morgan Stanley, about Gardiner's doctoral research arguing that cybersecurity has structurally misclassified "risk management" as threat management.  Gardiner explains that real risk is an expected loss calculation (impact × likelihood), while many cybersecurity frameworks and training emphasize vulnerabilities, exploitability, and system configuration without likelihood or business impact. He describes examples where teams labeled unlikely issues as "extremely high risk," discusses interviews where leaders universally expect cybersecurity staff to be risk managers, and cites findings that only about 11% of cybersecurity professionals actually perform risk calculations. Gardiner outlines a practical approach using qualitative likelihood and impact scales, prioritization, and clearer business framing, and notes ongoing discussions with NIST to improve the NICE framework. Cybersecurity Today  would like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking stack, wired, wireless and cellular in one integrated solution that's built for performance and scale.  You can find them at Meter.com/cst 00:00 Sponsor Message 00:19 Meet Jeff Gardiner 01:51 Career Journey Origins 03:23 TLS Risk Epiphany 05:06 What Is Compute Canada 06:38 Risk Versus Threat 08:35 Why Labels Matter 11:13 Likelihood And Impact 12:26 Teaching Risk Qualitatively 15:29 Why Prioritize Risk 20:36 Training Frameworks Flaw 25:13 Research Frustrations 25:51 Risk Management Wins 26:44 Why CISOs Burn Out 27:43 Speaking Executive Risk 29:22 Teach Risk Broadly 31:36 Biases and Better Judgments 35:17 Sexy Scary vs Real Risk 36:12 Convincing the Room 39:15 Start Simple Frameworks 41:36 Risk Quadrants and Delegation 45:30 Mentorship and NIST V3 47:57 Wrap Up and Sponsor

FBI Seizes Iran-Linked Handala Leak Site After Stryker Intune Wipe Attack; Apple iPhone Exploit Patch; North Korean Fake IT Workers Grow Cybersecurity Today  would like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking stack, wired, wireless and cellular in one integrated solution that's built for performance and scale.  You can find them at Meter.com/cst The episode reports that the FBI has seized the data leak site used by the Iran-linked hacktivist group Handala, which has been widely linked to the Stryker attack where attackers compromised admin accounts, stole data, and used Microsoft Intune to remotely wipe and factory reset roughly 80,000 managed devices. CISA and Microsoft warn organizations to harden Intune and identity controls with least privilege, role-based access, MFA, conditional access, and requiring multi-admin approval for sensitive actions like device wipes. Apple urges iPhone users to update after fixing actively exploited flaws used in targeted, sophisticated campaigns, noting risks even for those who think Apple devices aren't targeted. The show also highlights new FLAIR research showing North Korean operatives continue infiltrating Western firms as remote IT workers using stolen or fabricated identities, exploiting weak hiring verification and broad access. LINKS https://flare.io/learn/resources/north-korean-infiltrator-threat 00:00 Sponsor Message Meter 00:19 Headlines And Intro 00:46 FBI Seizes Handala Leak Site 02:31 CISA And Microsoft Intune Guidance 04:37 Apple iPhone Update Warning 06:10 North Korean Fake IT Workers 07:56 Links Sharing And Wrap Up 08:29 Sponsor Thanks And Sign Off

Medical Device Breaches, Anti-Scam Pledge Scrutiny, AI Font Trick, and Iran-Linked Cyber Updates. Cybersecurity Today  would like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking stack, wired, wireless and cellular in one integrated solution that's built for performance and scale.  You can find them at Meter.com/cst The episode covers several cybersecurity stories: Intuitive Surgical disclosed a March 12 phishing-led intrusion where stolen credentials enabled access to its internal administrative network and data theft (customer/business contacts and employee records), while clinical platforms and Da Vinci/Ion systems remained unaffected. Eleven tech and retail firms including Google, Amazon, and OpenAI pledged to share threat intel on scams, amid skepticism and Verafin figures estimating $4.4T in global financial crime in 2025 and rising AI-driven fraud. LayerX demonstrated a font/CSS "glyph substitution" technique that shows humans a malicious command while AI assistants read benign text; Microsoft addressed it, while others deemed it out of scope. In Iran-war updates, senior Iranian cyber figures were reportedly killed; Iran-linked group Handala's Stryker attack allegedly wiped nearly 80,000 devices via compromised admin accounts and Intune, with further unverified leak claims. Denver crosswalk speakers were hacked due to default passwords.   00:00 Sponsor Message Meter 00:19 Medical Device Breach 01:52 Phishing Still Wins 02:32 Tech Pledge Against Scams 03:43 Fraud Numbers And AI 05:49 Font Trick AI Bypass 07:22 Vendor Responses Lessons 09:03 Iran Cyber War Updates 10:00 Stryker Intune Wipe Attack 11:07 More Iranian Claims 12:17 Denver Crosswalk Hack 13:10 Wrap Up And Signoff 13:33 Sponsor Outro Meter

Alleged Canadian 'The Comm' Hacker Arrested, Interpol's Operation Synergia Takedown, Stryker Cyberattack Update and more.. Cybersecurity Today  would like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking stack, wired, wireless and cellular in one integrated solution that's built for performance and scale.  You can find them at Meter.com/cst Host David Shipley covers new details on the alleged takedown of "Waifu," a Canadian hacker tied to the cybercrime group The Com, after a harassment campaign against investigator Allison Nixon helped lead to his identification and arrest; he now faces U.S. charges including extortion and unauthorized computer access. The episode also highlights Interpol's six-month Operation Synergia, a major international crackdown that disabled 45,000 malicious IPs and led to 94 arrests across 72 countries, targeting ransomware, phishing, and malware infrastructure. An update on Stryker describes an attack on its Microsoft corporate systems allegedly involving Intune to wipe over 200,000 devices, with Stryker saying connected medical devices and services remain safe while ordering and operations are disrupted. Finally, Poland reports it stopped an attempted hack on its National Center for Nuclear Research that may have Iranian links, though officials caution indicators could be misdirection. 00:00 Sponsor Meter Intro 00:19 Headlines And Welcome 00:50 Calm Hacker Takedown 02:49 Threats Against Researcher 04:21 Unmasking And Arrest 05:46 Interpol Operation Synergy 08:10 Stryker Intune Attack Fallout 12:56 Iran Cyber War Updates 13:43 Poland Nuclear Hack Attempt 16:14 Wrap Up And Thanks 16:52 Sponsor Meter Outro

Gemini in Google Workspace, Agentic AI, and Managing AI Anxiety (with Accenture's Krish Banerjee) Cybersecurity Today  would like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking stack, wired, wireless and cellular in one integrated solution that's built for performance and scale.  You can find them at Meter.com/cst In a special edition of Project Synapse shared with Cybersecurity Today, host Jim Love and co-host John Pinard (a VP and CSO at a Canadian financial institution) speak with Krish Banerjee, Accenture's managing director and partner leading AI in Canada. They discuss Google integrating Gemini into Workspace and how AI assistants like Gemini and Microsoft Copilot are converging, along with recent moves around agent platforms and the business models of AI, including Meta and Nvidia's evolving strategies and Nvidia's push toward enterprise agent infrastructure amid rapidly rising compute demand. The conversation explores why AI adoption lags capability, emphasizing task-based redesign, human-in-the-loop guardrails, and not "AI-washing" broken processes. They also address AI anxiety, training and culture change, impacts on education and jobs, and practical ways to use agents to stay informed and productive. 00:00 Sponsor Message 00:20 Show Intro and Guests 01:12 Gemini Comes to Workspace 03:38 AI Tool Leapfrogging 05:06 Agent Network Acquisitions 07:53 Nvidia Bets on Enterprise Agents 11:08 Why AI Adoption Lags 14:27 Agentic AI and Process Redesign 16:19 Security Guardrails and Human Oversight 24:05 Accenture Transformation and Training 26:55 AI Anxiety in the Workplace 30:22 Tasks Not Jobs 32:12 Outcome First Thinking 34:15 Personal AI Assistants 37:24 Building Agents Together 38:35 Executive Learning Curve 44:31 Kids And AI Natives 50:15 Critical Thinking And Trust 54:15 Company Advice Focus Value 55:58 Wrap Up And Sponsor

AI Agent Hacks McKinsey Chatbot in 2 Hours, NPM Phantom Raven, Router Malware & Trojaned AI Models This episode covers how researchers at CodeWall used an autonomous AI security agent to gain read/write access to McKinsey's internal chatbot Lilli database in about two hours by chaining exposed APIs and an SQL injection, potentially exposing 46.5 million chats, 728,000 files, 57,000 accounts, and 95 system prompts, with McKinsey saying the issues were fixed and no unauthorized access was found. It also reports on the Phantom Raven supply-chain campaign that published 88 malicious NPM packages using a runtime-downloaded payload to steal developer system data like SSH keys and host details. A study warns that 83% of 800 million compromised passwords still meet complexity rules, highlighting credential-stuffing risk and the need for breach checks and MFA. The show notes 14,000+ routers infected with persistent malware often requiring factory resets plus hardening, and discusses Trojan backdoors embedded in AI models that trigger misbehavior under specific inputs, calling for new AI security testing and validation. Cybersecurity Today  would like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking stack, wired, wireless and cellular in one integrated solution that's built for performance and scale.  You can find them at Meter.com/cst 00:00 Sponsor Meter Intro 00:20 Headlines And Welcome 00:55 AI Agent Hacks McKinsey Bot 03:44 Phantom Raven NPM Malware 05:55 Strong Passwords Still Leaked 07:55 Router Malware That Persists 09:36 Trojan Backdoors In AI Models 12:01 Call For AI Backdoor Research 12:30 Sponsor Meter Outro 13:13 Sign Off

This includes our regular Wednesday/Thursday segment but with an update from this breaking story on the attack on a large US medical company.

Fake Claude Code Installs, Arpa Phishing, Zombie ZIP Malware Evasion, and Iran/Israel Cyber Retaliation This episode covers four major security stories: the "InstaFix" campaign using Google sponsored ads and cloned Claude Code install pages to trick developers into pasting terminal commands that deploy the TeraStealer credential-stealing malware; a phishing technique abusing the special-use .arpa domain and IPv6 reverse DNS to evade email and domain-based defenses, using attacker-controlled DNS zones, traffic distribution systems, and lures like surveys and account notices; the "Zombie ZIP" technique that manipulates ZIP headers to bypass AV/EDR scanning, tied to CVE-2026-0866 and demonstrated to evade most VirusTotal engines; and a surge in pro-Iranian and pro-Russian hacktivist retaliation targeting Israel and regional entities with DDoS, defacements, breach claims, and disinformation, alongside Israel's humorous counter-psychological video response. Cybersecurity Today  would like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking stack, wired, wireless and cellular in one integrated solution that's built for performance and scale.  You can find them at Meter.com/cst 00:00 Sponsor Message Meter 00:19 Headlines And Intro 00:51 Fake Claude Install Scam 04:25 Arpa Domain Phishing 08:30 Zombie Zip Malware Trick 10:57 Cyber Retaliation Surge 13:44 Israel's PSYOP Video 14:25 Wrap Up And Sponsor

Coruna iOS Exploit Kit Goes Mass-Market, FBI Wiretap Platform Breach Probe, Windows Terminal ClickFix, and Iran-War Cyber Escalation This episode covers several major cybersecurity developments: Google's Threat Intelligence Group details Coruna, a sophisticated iOS exploit kit with 23 exploits and multiple chains affecting iOS 13–17.2.1, shifting from targeted surveillance use to cryptocurrency-scam distribution and a PlasmaLoader payload aimed at stealing wallet data. The FBI is investigating suspicious activity involving its Digital Collection System Network used to support wiretaps and surveillance, with concerns about third-party vendor exposure and broader federal agency targeting. Microsoft reports a new ClickFix variation that abuses Windows Terminal to deploy the Luma Stealer via encoded commands, persistence, Defender exclusions, and browser injection. The show also reviews Iran-linked cyber activity by MuddyWater and others amid regional conflict, including new backdoors and cloud-based exfiltration, and reports that Iranian drone strikes hit AWS data centers in the UAE and Bahrain, causing outages and highlighting data centers as battlefield targets. Cybersecurity Today  would like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking stack, wired, wireless and cellular in one integrated solution that's built for performance and scale.  You can find them at Meter.com/cst 00:00 Sponsor Message Meter 00:19 Headlines And Intro 00:50 Coruna iOS Exploit Kit 04:06 FBI Wiretap Platform Breach 06:52 ClickFix Hits Windows Terminal 10:00 Iran War Cyber Campaigns 14:59 Drones Hit AWS Data Centers 17:57 Wrap Up And Thanks 18:35 Sponsor Close Meter

Cybersecurity Today Month in Review: Iran Conflict Cyber Spillover, IoT Cameras, AI Hacking Tools, and Resilience Planning In this weekend month-in-review episode, host Jim Love and panelists David Shipley, Laura Payne, Neil Bisson, and Chris "CJ" Johnson discuss cyber and infrastructure impacts tied to the US/Israel–Iran conflict, including reported compromise of traffic camera networks for targeting, Iran's defensive internet shutdown, propaganda via a hacked prayer app, and GPS/AIS spoofing that misdirected ships in the Strait of Hormuz, raising oil and helium supply-chain concerns. They warn of potential Iranian retaliation via DDoS, ransomware, and critical infrastructure attacks (especially water/OT), amplified by insecure IoT and camera vulnerabilities (e.g., Hikvision). The group critiques weakened government cyber capabilities (including CISA turmoil and CVE program risk), highlights AI-enabled attack automation (CyberStrike AI) shrinking time-to-exploit, and stresses practical resilience planning, including protecting AI API keys after an $82,000 billing incident and noting a law-enforcement takedown of LeakBase. Cybersecurity Today  would like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking stack, wired, wireless and cellular in one integrated solution that's built for performance and scale.  You can find them at Meter.com/cst 00:00 Sponsor Message Meter 00:18 Meet the Panel 01:41 MSPs and Security Assumptions 03:36 War and Cyber Spillover 06:52 Iran Internet Shutdown Explained 08:27 GPS Spoofing in Strait 10:32 Retaliation Risks to West 17:02 IoT Cameras as Targets 18:56 What IT Providers Should Do 22:03 Who Should Worry Most 26:18 Regulation and IoT Standards 28:58 Supply Chain and State Actors 31:36 CISA and CVE Turmoil 35:53 Ring Backlash and Big Tech 37:43 OpenAI Alerts and Privacy 39:25 AI Cultural Blind Spots 40:05 Therapy Duty to Report 41:17 Licensing AI Advice 42:16 Data Centers Under Fire 43:59 Continuity Without Claude 45:05 Power Grid Reality Check 46:47 MSPs and AI Dependence 49:58 Hype Versus Security Markets 51:02 CyberStrike AI Tooling 56:37 Nation State Plausible Deniability 59:58 Exploit Speed and Software Debt 01:03:37 Practical Tips and Wrap Up

Wikipedia JavaScript Worm, ICE Contractor Data Leak Claim, and Leak Base Takedown Wikipedia admins contained a self-propagating JavaScript worm that spread via infected user script files, executing in logged-in editors' browsers and using authenticated sessions to copy itself into other scripts, sometimes affecting global scripts; administrators restricted edits, reverted and suppressed changes, replaced compromised scripts, and continue investigating the originating account.  A hacktivist group calling itself the Department of Peace claims it leaked records tied to DHS's Office of Industry Partnership involving 6,681 organizations that applied for ICE-related contracts, releasing the dataset via Distributed Denial of Secrets, while DHS has not confirmed the breach or data authenticity.  Finally, the FBI, Europol, and partners dismantled the Leak Base cybercrime forum, seized its database, conducted arrests and searches, and warned suspects through the forum's channels. Cybersecurity Today  would like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking stack, wired, wireless and cellular in one integrated solution that's built for performance and scale.  You can find them at Meter.com/cst 00:00 Sponsor Message 00:19 Headlines Intro 00:42 Wikipedia Worm Attack 01:19 How The Worm Spread 02:08 Containment And Lessons 02:53 Hacktivists Leak ICE Data 04:47 Leak Base Takedown 06:10 Database Seizure Fallout 07:12 Wrap Up And Weekend Preview 07:30 Sponsor Closing

AI-Driven Warfare, Open-Source Attack Tooling, CISA Shakeups, Healthcare Ransomware, and GPS Jamming Risks Host David Shipley covers reports that hacked Tehran traffic cameras and an AI-powered targeting system helped a joint U.S.-Israeli operation ("Epic Fury") track and strike Iran's leadership, highlighting the growing role of compromised infrastructure and AI in modern conflict. Researchers also link the open-source toolkit Cyber Strike AI to automated attacks against Fortinet FortiGate devices, compromising over 600 systems across 55 countries and raising concerns about proliferating offensive AI tools. At CISA, CIO Robert Costello resigns amid leadership turmoil and staffing challenges. Healthcare ransomware disruptions include a University of Hawaii Cancer Center breach affecting nearly 1.2 million people and a major attack on the University of Mississippi Medical Center that shut clinics and disrupted Epic EMR access. Finally, GPS/AIS jamming and spoofing in the Middle East threatens shipping safety and global trade. Cybersecurity Today  would like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking stack, wired, wireless and cellular in one integrated solution that's built for performance and scale.  You can find them at Meter.com/cst 00:00 Sponsor Message 00:17 Headlines Overview 00:48 Epic Fury AI Warfare 04:12 Cyber Strike AI Toolkit 07:06 CISA CIO Resignation 09:06 Hawaii Cancer Center Breach 11:27 UMMC Ransomware Shutdown 13:53 GPS Jamming Shipping Risk 16:33 Wrap Up And Sponsor

OpenClaw AI Agent Hijack, CISA Leadership Shakeup, Iran Cyber Campaign, Air-Gap Malware, and Robot Vacuum Flaw Jim Love covers multiple cybersecurity stories: Oasis Security revealed "ClawJacked," a high-severity OpenClaw AI agent framework flaw caused by missing rate limiting on the local gateway, enabling malicious web pages to brute-force passwords via WebSockets, register a trusted device, and take over agents; OpenClaw patched it within 24 hours and users are urged to update to version 2020 6.2 0.25 and tighten governance for non-human identities. CISA sees a leadership change as acting director Madhu Gottumukkala steps down amid criticism and reports he uploaded sensitive contracting documents to public ChatGPT and canceled key security tool contracts; Nick Anderson becomes acting director. The episode also discusses a coordinated cyber campaign alongside US/Israeli operations against Iran and risks of Iranian retaliation against exposed US critical infrastructure, North Korea's Scarcruft using "Ruby Jumper" to bridge air-gapped networks via USB, and a DJI Romo robot vacuum MQTT flaw that exposed control and camera access across 7,000 devices before being patched. 00:00 Sponsor Message Meter 00:19 Headlines And Intro 00:46 Claw Jacked AI Agents 02:21 CISA Leadership Shakeup 06:02 Cyber Front In Iran War 08:48 North Korea Air Gap Breach 10:06 Robot Vacuum Takeover 13:04 Wrap Up And Thanks

Identity, AI Agents, and the Session Token Time Bomb | Carey Frey (CSO, TELUS) on Cybersecurity Today In this Cybersecurity Today weekend edition, David Shipley interviews Carey Frey, Chief Security Officer at TELUS, about the evolution of identity security and why it's a growing risk in the age of generative and agentic AI. Frey recounts his career from Canada's Communications Security Establishment to leading TELUS's internal security and managed cybersecurity services, then explains how convenience-driven identity decisions led from PKI's unrealized promise to passwords, bearer/session tokens, and today's widespread session cookie theft. He describes lessons from TELUS's deployment of FIDO2 phishing-resistant tokens, the dangers of long-lived SSO tokens across SaaS ecosystems, and how agentic "auto-browse" could amplify harm via the "lethal trifecta" and ephemeral agents with poor auditability. Frey highlights the Syne/SignNet CISO Identity Handbook and calls for stronger cryptographic roots of trust, proof-based tokens, re-authentication across trust domains, and fine-grained delegation guardrails. Cybersecurity Today  would like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking stack, wired, wireless and cellular in one integrated solution that's built for performance and scale.  You can find them at Meter.com/cst 00:00 Sponsor Message 00:24 Weekend Edition Intro 00:32 Meet Carey Frey 02:07 Carey's Cyber Origin Story 03:47 Telus Security Two Hats 06:22 Identity's Broken Legacy 08:43 Why PKI Didn't Win 11:25 Passkeys Missed Moment 14:10 SSO Tokens Surprise 19:50 Session Theft Reality 23:18 Agentic AI Stakes 24:17 Building Identity Playbook 25:24 Identity Maturity Model 25:49 Fixing OAuth and SAML 27:00 Industry Call to Action 27:37 Where to Find the Handbook 28:06 Not a Vendor Pitch 30:13 Agentic AI Identity Gaps 31:30 Auto Browse Threat Scenario 33:12 Lethal Trifecta Explained 34:31 Ephemeral Agents and Forensics 37:08 Supply Chain Agent Malware 38:20 Crypto Roots of Trust 39:35 Proof Tokens and Reauth 40:17 Delegation Guardrails 42:34 Regulation or Market Forces 44:25 Practical Risk Decisions 46:20 Wrap Up and Next Resources 48:00 Sponsor and Closing Credits

Cisco SD-WAN Bug Actively Exploited, MCP Azure Takeover Demo, CarGurus Data Leak, and Secret Service Scam Recovery Host Jim Love covers four cybersecurity stories: CSA warns a critical Cisco Catalyst SD-WAN controller vulnerability (CVE-2026-20127) has been exploited since 2023, enabling authentication bypass and rogue peering sessions, and orders U.S. federal agencies to inventory systems, collect logs and forensic artifacts, hunt for compromise, and apply Cisco's fixes by 5:00 PM ET on February 27, 2026, with no workarounds. At RSA, researchers show how flaws in Model Context Protocol (MCP)—a key integration layer for agentic AI—could lead to remote code execution and even Azure tenant takeover, highlighting rising enterprise risk. ShinyHunters reportedly published 12.4 million stolen CarGurus records, raising phishing and fraud concerns tied to vehicle shopping and financing context. Finally, an Ontario tech support scam victim recovers funds through coordinated work by Ontario Provincial Police and the U.S. Secret Service, which traced and froze the money in time. Cybersecurity Today  would like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking stack, wired, wireless and cellular in one integrated solution that's built for performance and scale.  You can find them at Meter.com/cst LINKS Cisco Advisory Cisco Security Advisory – CVE-2026-20127 Authentication bypass vulnerability in Cisco Catalyst SD-WAN https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-rpa-EHchtZk CISA Supplemental Hunt and Hardening Guidance (Cisco SD-WAN Systems) https://www.cisa.gov/news-events/directives/supplemental-direction-ed-26-03-hunt-and-hardening-guidance-cisco-sd-wan-systems Threat Hunt Guide (Technical PDF) Cisco SD-WAN Threat Hunt Guide (jointly referenced in federal guidance) https://media.defense.gov/2026/Feb/25/2003880299/-1/-1/0/CISCO_SD-WAN_THREAT_HUNT_GUIDE.PDF 00:00 Sponsor Message 00:19 Cisco SD-WAN Under Attack 02:48 MCP Azure Takeover Demo 05:28 CarGurus Data Dump 07:16 Secret Service Scam Recovery 09:24 Closing Sponsor Thanks

Discord Drops Persona Age Verification, SolarWinds Serv-U Critical RCEs, Splunk Windows Priv Esc, and Smart TV Screenshot Surveillance Lawsuits In this episode of Cybersecurity Today, host Jim Love covers Discord ending its age-verification experiment with Persona after user backlash and researcher findings that Persona's front-end code suggested up to 269 verification checks, including watch list screening and risk scoring, amid already-thin trust following an earlier breach that exposed government ID images. The show also highlights SolarWinds Serv-U 15.5.0.4 patches for four critical (CVSS 9.1) remote code execution vulnerabilities (CVE-2025-40538, CVE-2025-40539, CVE-2025-40540, CVE-2025-40541), noting they require high privileges and that self-hosted Windows/Linux instances must be upgraded, with estimates ranging from under 1,200 to over 12,000 internet-exposed servers. Splunk discloses a high-severity Windows privilege escalation flaw (CVE-2025-2386, CVSS 8.0) caused by incorrect install-directory permissions in versions before 10.0.0.2, 9.4.0.6, 9.3.0.8, and 9.2.10, enabling local users to potentially escalate privileges and tamper with logging. Finally, Texas Attorney General Ken Paxton sues Samsung, Sony, LG, Hisense, and TCL, alleging smart TVs use automated content recognition to capture screen content—potentially up to twice per second—and transmit it without meaningful consent, with implications for both home viewing and confidential business use; the episode emphasizes reviewing and disabling ACR settings and accounting for network-connected screens in security models.  Cybersecurity Today  would like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking stack, wired, wireless and cellular in one integrated solution that's built for performance and scale.  You can find them at Meter.com/cst 00:00 Sponsor Message Meter 00:20 Discord Age Verification Backlash 01:37 Persona Code Raises Alarms 03:08 SolarWinds Serv-U Critical RCEs 04:51 Splunk Windows Priv Esc 06:18 Smart TV Screenshot Surveillance 08:35 Wrap Up and Sponsor Thanks

AI-Accelerated FortiGate Breaches, Amazon Kiro Prod Disruption, Claude Code Security, Salt Typhoon Warning, and Youth Radicalization Risks Episode of Cybersecurity Today (hosted by David Shipley) covering: a Russian-speaking hacker using AI-written automation tools to breach 600+ Fortinet FortiGate firewalls across 55 countries by exploiting weak passwords and exposed management interfaces without MFA, with advice to lock down edge management access, enforce MFA, and strengthen password policies; an Amazon Kiro AI coding tool incident tied to a misconfigured role that allegedly deleted and recreated a production environment, causing a 13-hour disruption to AWS Cost Explorer services in one of two mainland China regions, prompting warnings about giving AI agents access to production and the need for guardrails and review processes; Anthropic's Claude Code Security launch, an AI-driven code vulnerability analysis feature that maps code interactions and data flows, provides severity and confidence scoring, keeps humans in the loop, and sparked stock drops for CrowdStrike and Cloudflare while noting limits for legacy code; an FBI warning that China-linked Salt Typhoon remains a serious threat in 80+ countries by exploiting basic weaknesses like unpatched systems, old code, reused passwords, and phishing, alongside concern over the FCC loosening US telecom cybersecurity requirements and calls for stronger critical infrastructure regulation and secure-by-default equipment; and a Canada-focused segment on youth online radicalization including a second RCMP terrorism peace bond in New Brunswick linked to the 764 extremist network (designated a terrorist organization in December 2025), plus reporting that the Tumbr Ridge, BC school shooting suspect had a ChatGPT account suspended in June 2025 and that OpenAI employees allegedly sought to notify authorities but were rebuffed, drawing condemnation from BC Premier David Eby and federal AI minister Evan Solomon and renewed calls for stronger cooperation, accountability, and intervention frameworks. Cybersecurity Today  would like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking stack, wired, wireless and cellular in one integrated solution that's built for performance and scale.  You can find them at Meter.com/cst 00:00 Sponsor: Meter + Today's Cybersecurity Headlines 00:48 AI-Automated Hacking: 600+ FortiGate Firewalls Breached 02:25 How to Defend: Lock Down Edge Management, MFA, Strong Passwords 03:28 Amazon's Kiro AI Coding Tool Incident: 'Deleted Prod' and Lessons Learned 06:44 Claude Code Security: AI-Powered AppSec for Developers (and the Hype) 10:20 FBI Warning: Salt Typhoon Still Hitting Telecoms Worldwide 13:32 Youth Radicalization & AI Safety Failures: 764 Network and Tumblr Ridge Aftermath 18:12 Wrap-Up + Sponsor Message: Meter Demo Info

Jim Love discusses how rapid adoption of agentic AI is repeating the industry pattern of shipping technology without security, citing issues like vulnerabilities in Anthropic's MCP and insecure open-source agent tools. He interviews Ido Shlomo, co-founder and CTO of Token Security, who argues AI agents are fundamentally hard to secure because they are non-deterministic, have infinite input/output space, and often require broad permissions to be useful.  Cybersecurity Today  would like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking stack, wired, wireless and cellular in one integrated solution that's built for performance and scale.  You can find them at Meter.com/cst Shlomo proposes focusing security on access, identity, attribution, least privilege, and auditability rather than trying to filter prompts and outputs, and describes Token's "intent-based permission management" approach that maps agents and sub-agents as non-human identities tied to their purpose and allowed actions. The conversation covers real-world risks such as developer tools like Claude Code running with extensive access, widespread over-provisioning of admin permissions and API keys, exposure of unencrypted local token files, and misconfigurations that leak data publicly. Shlomo recommends organizations build governance processes for agents—discovery/inventory, boundary setting, continuous monitoring, and secure decommissioning—and says AI is needed to help police AI. He also highlights emerging trends like agent teams and multi-day autonomous tasks, and notes Token Security is a top-10 finalist in the RSA Innovation Sandbox 2026, planning to present an intent-and-access-focused security model for AI agents. 00:00 Sponsor: Meter's integrated networking stack 00:19 Why agentic AI security is breaking (MCP & open-source chaos) 02:53 Meet Token Security: practical guardrails for AI agents 04:57 Why you can't just ban agents at work (shadow AI reality) 06:24 Tel Aviv's cybersecurity pipeline: gaming, military, and startups 08:57 Why AI/agents are fundamentally hard to secure (new OS + 'human spirit') 13:44 Trust, autonomy, and permissions: managing the blast radius 18:17 Real-world exposure: Claude Code and the developer identity attack surface 20:16 A workable approach: treat agents as untrusted processes with identity + least privilege 22:33 Zero Trust for Agents: Access ≠ Permission to Act 23:27 Token's "Intent-Based Permission Management" Explained 25:29 Building the Identity Map: Tracing What Agents Touch 26:52 The Secret Sauce: Using AI to Secure AI in Real Time 28:10 Real-World Case: 1,500 Agents and Wildly Over-Provisioned Access 30:57 CUA 'Computer-Use' Agents: Exciting, Personal… and Terrifying 34:44 Secure-by-Default & Sandboxing: Fixing 'Always Allow' Dark Patterns 35:36 What Security Teams Should Do Now: Inventory, Boundaries, Governance 37:59 What's Next: Agent Teams and Multi-Day Autonomous Work 40:10 Tony Stark Vision: Agents That Improve the Human Experience 41:02 RSA Innovation Sandbox: Token's Big Bet on Intent + Access 43:01 Wrap-Up, Audience Q&A, and Sponsor Message

CISA Orders Emergency Patch for Actively Exploited Dell Flaw; Texas Sues TP-Link; Massive ID Verification Data Leak; SSA Database Leak Allegations Host Jim Love covers four cybersecurity stories:  Cybersecurity Today  would like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking stack, wired, wireless and cellular in one integrated solution that's built for performance and scale.  You can find them at Meter.com/cst CISA ordered federal civilian agencies to patch an actively exploited critical Dell RecoverPoint for Virtual Machines vulnerability (CVE-2026-2769) within three days, citing hard-coded credentials that allow unauthenticated root access and links to a China-aligned threat cluster; Texas Attorney General filed suit against TP-Link alleging deceptive security and origin claims and risks tied to Chinese state-linked threats, while TP-Link denies the allegations and says it operates independently, stores U.S. user data on AWS, and bases core operations in the U.S.; researchers found an unsecured MongoDB database tied to AI-powered identity verification provider ID Merit exposing nearly 1 billion records with sensitive personal data, attributed to misconfiguration rather than compromise of the AI systems; and a MarketWatch report describes whistleblower Chuck Borges alleging SSA master data was copied to a cloud environment without oversight, contrasted by the Social Security Commissioner stating the core Numident database remained secure, with Love noting no confirmed public evidence but expressing concern about the implications if such foundational data were compromised. 00:00 Sponsor Message: Meter's Full-Stack Networking 00:19 Headlines: Dell Exploit, TP-Link Lawsuit, Massive Data Leak, SSA Claims 00:45 Urgent Patch Order: Actively Exploited Dell RecoverPoint CVE 02:19 Texas Sues TP-Link Over Router Security & China-Ties Allegations 03:31 AI Identity Verification Leak: Nearly 1 Billion Records Exposed 05:07 Did SSA Data Leak? Whistleblower vs. Official Denial 06:54 Host Take: What If the "Foundational" Database Was Compromised? 07:37 Wrap-Up + Sponsor Thanks and Where to Book a Demo