Cyber Security Today

In this episode of 'Cybersecurity Today', host David Shipley discusses significant cyber events and their implications. The podcast explores hints by President Donald Trump regarding the use of cyber tactics in a U.S. operation that resulted in a power outage in Venezuela. The episode also delves into the April 2025 data breach at Nova Scotia Power, detailing the company's efforts to keep incident specifics confidential and the extensive recovery measures taken. Lastly, it updates listeners on the Trust Wallet compromise linked to the Sha-Hulud supply chain attack, elucidating how the breach occurred and its aftermath. The episode underscores the growing cyber threat landscape and the critical need for enhanced cybersecurity measures. 00:00 Introduction and Sponsor Message 00:46 US Cyber Operations in Venezuela 03:13 Implications for Cybersecurity Professionals 04:37 Nova Scotia Power Breach Details 08:52 Trust Wallet Hack Update 10:46 Conclusion and Final Thoughts

In this episode, host Jim Love discusses the importance of cybersecurity awareness and training, featuring insights from Michael Joyce of the Human-Centric Cybersecurity Partnership at the University of Montreal and David Shipley of Beauceron Security. They explore the impact of cybersecurity awareness programs, the decay of sustained vigilance post-training, and the nuances between phishing reporting and clicking behaviors. The conversation also critiques recent research claims that question the efficacy of phishing training, emphasizing the need for continuous, empirically supported approaches in cybersecurity education. The episode highlights the value of balanced, layered defenses involving both technical solutions and informed user behavior. 00:00 Introduction and Podcast Announcement 00:14 Sponsorship Acknowledgment 00:35 The Nature of Cybersecurity Awareness 01:09 Introduction to the Research Show 01:21 Guest Introductions 02:15 Human-Centric Cybersecurity Partnership 03:46 The Importance of Canadian Research 04:40 Cybersecurity and Culture 05:27 The Role of Research in Cybersecurity 07:12 David's Research and Collaboration with Michael 08:46 The Value of Independent Research 13:33 Cybersecurity Awareness Month Impact 17:23 Phishing Simulation and Reporting 23:49 Awareness Decay and Vigilance 30:55 The Importance of Reporting and Feedback Loops 40:00 Optimal Frequency for Cybersecurity Training 40:27 Critiques and Misconceptions in Phishing Training 42:00 Empirical Data and Training Effectiveness 43:19 Insights from Phishing Simulations 47:14 Understanding Why People Click 52:43 Challenges in Cybersecurity Research 01:04:06 The Importance of Layered Defenses 01:17:17 Concluding Thoughts on Cybersecurity Training

In this episode, the host shares a pre-recorded favorite interview with David Decary-Hetu, a criminologist at the University of Montreal. They discuss the dark web, its technology, and its role in cybercrime. Decary-Hetu explains how the dark web operates, its users, and the dynamics between researchers and law enforcement in tackling cyber threats. Key topics include the economics of illicit markets, the cat-and-mouse game between law enforcement and criminals, the role of cryptocurrencies, and the evolution of cyber threats. The episode offers insights into the social aspects of cybercrime and the measures being taken to combat it. 00:00 Introduction and Sponsor Message 00:52 Understanding the Dark Web 02:16 Interview with David Decary-Hetu 05:10 The Basics of the Dark Web 06:27 Technology Behind the Dark Web 14:49 Law Enforcement Challenges 21:50 Trust and Transactions on the Dark Web 23:45 Recruitment and Structure of Cybercriminals 26:42 Cultural Dynamics in Hacking Communities 27:32 Researching the Impact of Technology on Crime 29:01 Challenges in Policing the Dark Web 30:12 The Role of Social Engineering in Cybercrime 31:18 Law Enforcement Strategies and Conditional Deterrence 32:09 The Evolution of Cybercrime and Cryptocurrency 41:24 Legal and Ethical Considerations in Cybercrime 43:47 Advice for Policymakers and Corporations 48:44 Educational Resources and Conferences 50:57 Conclusion and Final Thoughts

Cybersecurity Today: MongoDB Vulnerability 'Mongo Bleed' Exploited, Rainbow Six Siege Hacked, Trust Wallet Compromise, and GrubHub Crypto Scams In this episode of Cybersecurity Today, David Shipley covers significant cybersecurity incidents that occurred over the holiday period. The major topics include the 'Mongo Bleed' vulnerability in MongoDB that was disclosed and then publicly exploited on Christmas Day, leading to potential data leaks. Ubisoft's Rainbow Six Siege faced a breach enabling attackers to manipulate in-game functions and distribute billions worth of in-game currency for free. Trust Wallet's browser extension was compromised, resulting in a loss of approximately $7 million in cryptocurrencies. Finally, a phishing scam using a legitimate GrubHub subdomain to promise fake Bitcoin rewards was also discussed. Immediate actions and preventive updates were highlighted for all these incidents. 00:00 Introduction and Sponsor Message 00:48 Mongo Bleed Vulnerability Exploit 04:10 Rainbow Six Siege Breach 08:13 Trust Wallet Extension Hack 10:30 GrubHub Bitcoin Scam 12:02 Conclusion and Sign-Off

This is an interview with former hacker Brian Black. Brian is now on the right side of the battle and bringing his skills to to the fight against hackers. He finds the weaknesses in corporate security so that it can be patched.  This was one of my favourite interviews this year. Listening to what Brian has learned and understanding how we can use that knowledge and experience kept me on the edge of my seat.  Once more I want to thank Meter for making this possible.  Visit them at meter.com/cst

Jim takes a break for some R&R during the holidays and shares his favorite podcast episodes from the year. He acknowledges that some listeners might have heard these episodes already, while others may find them new. The podcast's production is supported by Meter, a company providing integrated networking solutions. Additionally, support from listeners through the Buy Me a Coffee program has helped sustain the shows and expand their content offerings. Jim thanks Meter and the listeners, wishing everyone a Merry Christmas and a Happy New Year. 00:00 Introduction and Holiday Plans 00:33 Sponsor Acknowledgment 01:08 Support and Growth 01:55 Final Thoughts and Episode Introduction

Over the holidays we are rerunning some of our favourite episodes. This one first aired this summer and was one of my first conversations with the fascinating head of Operation Shamrock.  We'll be back with regular programming on January 5th. 

Global Cybercrime Crackdowns and Rising Threats This episode of 'Cybersecurity Today' hosted by David Shipley covers significant cybersecurity news. Nigerian police arrested three suspects linked to a Microsoft 365 phishing platform known as Raccoon O365. U.S. prosecutors charged 54 individuals in an ATM malware scheme tied to a Venezuelan criminal organization. Two incident responders pleaded guilty to conducting ransomware attacks while employed to help victims of such attacks. Denmark officially blamed Russia for a cyber attack on a water utility, exacerbating geopolitical tensions. Each segment highlights the intricate and international nature of modern cybercrime and the ongoing challenges in cybersecurity. 00:00 Introduction and Sponsor Message 00:20 Nigerian Police Arrest Phishing Suspects 03:28 US ATM Malware Scheme Uncovered 05:46 Insider Ransomware Attackers Plead Guilty 08:21 Denmark Blames Russia for Cyber Attack 11:08 Conclusion and Holiday Wishes 12:20 Sponsor Message and Closing

Cybersecurity Today brings you a special year-end episode, featuring noteworthy guests Tammy Harper from Flare, Laura Payne from White Tuque, David Shipley from Beauceron Security, and John Pinard, co-host of Project Synapse. This episode delves into the pivotal cybersecurity stories of 2025, including a detailed discussion on MFA phishing attacks, the effectiveness of cybersecurity training, and the troubling trends in ransomware payments. Also covered are the evolving roles of AI in both defending and perpetrating cyber crimes. The guests share their insights, hopes, and concerns for the industry's future, emphasizing the importance of awareness, empathy, and community. Tune in as they reflect on the past year's challenges and successes, and look forward to more resilient and innovative cybersecurity practices in 2026. 00:00 Introduction and Sponsor Message 00:20 Meet the Panelists 01:30 Reflecting on the Year: Achievements and Goals 02:08 Naughty and Nice: Cybersecurity Challenges 03:44 The Rise of Fake Torrents and Piracy 07:07 Ransomware and Data Extortion Trends 18:00 The Importance of Multi-Factor Authentication (MFA) 26:15 The Persistent Threat of Email Phishing 27:24 AI Vulnerabilities and Security Concerns 28:18 The Role of AI in Social Engineering 29:07 The Impact of AI on Cybersecurity 31:15 The Future of AI and Security Measures 34:40 The Human Element in Cybersecurity 39:49 Hopes and Predictions for the Future 45:33 Final Thoughts and Reflections

Cybersecurity Today: Cisco Zero Day Exploited & Maritime Cyber Attack Unfolds In this episode of Cybersecurity Today, host David Shipley discusses a series of critical cybersecurity incidents, including the exploitation of a zero-day flaw in Cisco email security infrastructure by a China-linked group, a Hollywood-style attack on an Italian ferry involving remote access malware, and a new data theft spree by the ClOP ransomware gang targeting file-sharing servers. Shipley also highlights the broader implications of cybersecurity on physical safety and national security. This episode is brought to you by Meter, a complete networking stack provider for enterprises. 00:00 Introduction and Sponsor Message 00:20 Massive Patch List and Zero-Day Flaw in Cisco 03:41 Latvian Arrested in Italian Ferry Cyberattack 06:31 ClOP Ransomware Gang's New Target 08:54 Conclusion and Upcoming Episodes

In this episode of Cybersecurity Today, host Jim Love discusses a range of pressing cybersecurity threats. The show covers the escalating React2Shell vulnerability, which has led to widespread automated exploitation campaigns involving crypto miners and back doors. Additionally, Jim reports on the Black Force phishing kit, which bypasses multifactor authentication and is gaining traction among cybercriminals. Microsoft OAuth consent attacks are also highlighted, with users being tricked into granting access to their accounts. Finally, the episode touches on PornHub's data breach involving the Shiny Hunters cybercrime group and the importance of patching vulnerabilities and being cautious during the holiday season. 00:00 Introduction and Sponsor Message 00:22 React2Shell Vulnerability Deep Dive 03:46 Black Force Phishing Toolkit 05:44 Microsoft OAuth Consent Phishing 07:29 PornHub Data Breach by Shiny Hunters 10:21 Holiday Cybersecurity Tips and Final Thoughts

In this episode of Cybersecurity Today, host David Shipley discusses significant developments in the cybersecurity landscape. Apple releases security updates to address two actively exploited WebKit vulnerabilities. Scammers manipulate AI-powered search tools to recommend fake support numbers, reflecting a growing security risk. Bitdefender uncovers malware hidden in torrent subtitles for the movie 'One Battle After Another.' Lastly, an AI named Artemis outperforms human penetration testers in a Stanford hacking experiment, highlighting the evolving role of AI in cybersecurity. Also included are insights on the implications of these events for future cybersecurity challenges. Cybersecurity Today would like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking stack, wired, wireless and cellular in one integrated solution that's built for performance and scale. You can find them at Meter.com/cst 00:00 Introduction and Sponsor Message 00:52 Apple's Urgent Security Updates 03:24 AI-Powered Scams: A Growing Threat 06:59 Malware Hidden in Torrents 10:03 AI Outperforms Human Pen Testers 13:25 Conclusion and Contact Information

In this episode of Cybersecurity Today, host Jim Love discusses the shocking discovery of over 80,000 leaked credentials and secrets in online code formatting tools with Jake Knott, a principal security researcher from Watchtower. They delve into the vulnerabilities exposed by these tools, the inadvertent leaking of sensitive information, and how attackers can easily exploit these weaknesses. The conversation covers the types of secrets found, the responses from various organizations, and best practices to prevent such exposures. Tune in to understand the critical importance of protecting your credentials and the steps you can take to avoid falling victim to these types of security breaches. 00:00 Introduction and Sponsor Message 00:22 Accidental Data Leaks: A Growing Concern 00:55 Supply Chain Vulnerabilities 01:47 Shocking Discovery: 80,000+ Secrets Exposed 06:29 Interview with Jake Knott from Watchtower 08:19 The Risks of Using Online Tools 28:23 Best Practices and Mitigation Strategies 35:05 Conclusion and Final Thoughts

Cybersecurity Today: Spider-Man Phishing Kit, Gogs Zero-Day Exploits, and Recent Patches In this episode, host Jim Love discusses recent cybersecurity issues including the Spider-Man phishing kit targeting European banks and cryptocurrency users, a zero-day vulnerability in the self-hosted Git service Gogs, and various security updates. The Spider-Man kit creates highly convincing phishing pages, while the Gogs vulnerability allows remote code execution by exploiting symbolic links. Additionally, updates are covered for a Windows PowerShell zero-day and a zero-click flaw in Google's Gemini Enterprise. The show emphasizes the importance of vigilance and timely patching to mitigate these threats. 00:00 Introduction and Technical Issues 00:20 Sponsor Message: Meter Networking Solutions 00:43 Spider-Man Phishing Kit Targets European Banks 03:13 Gogs Zero-Day Vulnerability Exploited 05:57 Windows PowerShell Zero-Day Patched 08:05 Google Patches Gemini Zero-Click Flaw 10:42 Conclusion and Weekend Show Teaser

Cybersecurity Today: Google Chrome's AI Safety Plan, React2Shell Fixes, & New Ransomware Tactics In this episode of Cybersecurity Today, host Jim Love discusses Google's new security blueprint for AI-powered Chrome agents, highlighting measures against indirect prompt injections and model errors. Learn about Next JS's new tool for addressing the critical React2Shell vulnerability and the emerging threat from Storm 0249 using EDR tools for ransomware. The episode also covers new data showing manufacturers remain top ransomware targets. Sponsored by Meter. 00:00 Introduction and Sponsor Message 00:22 Google's New Security Plan for Chrome Agents 03:41 Next JS Scanner for React2Shell Vulnerability 05:41 Storm 0249: Malware Hidden in EDR Tools 07:45 Ransomware Targets Manufacturing Sector 09:34 Conclusion and Final Notes

Explosive React Vulnerability and AI Tool Flaws Uncovered: Major Implications for Cybersecurity In this episode of Cybersecurity Today, host David Shipley discusses a new significant React vulnerability, React2Shell, that has caused widespread confusion and debate in the security community. This major flaw, affecting a widely used web framework, poses significant risks like remote code execution and malware deployment across numerous organizations. The episode also highlights flaws in AI coding tools discovered by researcher Ari Marzouk, which could compromise integrated development environments (IDEs) and software supply chains. Additionally, a ransomware breach at Marquis Software Solutions, impacting over 70 US banks and credit unions, is examined. Emphasis is placed on the critical need for robust security culture and proactive measures in the face of evolving threats. Cybersecurity Today would like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking stack, wired, wireless and cellular in one integrated solution that's built for performance and scale. You can find them at Meter.com/cst 00:00 Introduction and Sponsor Message 00:43 React Flaw Drama: A Deep Dive 04:58 AI Coding Tools: New Vulnerabilities 08:04 Ransomware Breach in Financial Sector 10:27 Conclusion and Call to Action

Cybersecurity Today: The Rise of Living Off the Land Strategies & More In this episode of Cybersecurity Today's Month in Review, host Jim Love is joined by Laura Payne from White Tuque and David Shipley from Beauceron Security. They discuss several pressing cybersecurity issues, including the growing threat of 'living off the land' strategies where attackers use legitimate software to stay undetected, the risks associated with public Wi-Fi and QR codes, and the recent breaches involving Oracle's E-Business Suite and SonicWall's management devices. The panel also reflects on the often conflicting cybersecurity advice circulating today and emphasizes the importance of nuanced communication in security practices. Plus, find out who wins the 'Stinky' award for cybersecurity blunders and what you can do to stay safe. Special thanks to Meter for supporting this podcast. Tune in for a deep dive into these crucial cybersecurity topics and more. 00:00 Introduction and Sponsor Message 00:19 Welcome and Guest Introductions 00:50 Unique Coffee Partnership 02:27 Living Off the Land: Cybersecurity Tactics 04:33 Social Engineering and AI Threats 13:51 The Role of Social Media in Cyber Fraud 20:05 Microsoft's New Teams Feature: A Security Risk? 26:39 Oracle Vulnerability and Enterprise Security 27:26 Patching Core Systems: Challenges and Necessities 28:12 Clop Ransomware: A Persistent Threat 29:09 University Data Breaches: The Case of U Penn 30:18 Security Culture and Leadership Accountability 33:49 Debunking Security Myths: Juice Jacking and QR Codes 39:15 Public WiFi and VPNs: Proceed with Caution 41:18 The Importance of Effective Cybersecurity Communication 48:33 SonicWall Security Concerns and the Stinkies Awards 51:13 Wrapping Up: Reflections and Future Episodes

In this episode of 'Cybersecurity Today,' host Jim Love discusses several significant cybersecurity issues. Highlights include a maximum severity vulnerability in React Server Components dubbed React2Shell (CVE-2025-55182), a recently patched Windows shortcut flaw by Microsoft, and new attacks using the Evilginx phishing platform in schools. Additionally, the show explores a long-running campaign by 'Shady Panda,' which used browser extensions to harvest data, and an unexpected failure by Google's AI tool that led to the deletion of a developer's hard drive. The episode also thanks Meter for their continued support. 00:00 Introduction and Sponsor Message 00:48 React Vulnerability: React2Shell 03:13 Microsoft's Long-Standing Shortcut Flaw 04:50 Evilginx: Bypassing MFA in Education 06:59 Shady Panda's Malicious Extensions 09:13 Google's AI Mishap: Developer's Hard Drive Wiped 11:01 Conclusion and Final Thoughts

  This episode of Cybersecurity Today, hosted by Jim Love, delves into various cybersecurity threats and latest news. Topics include 'living off the land' attacks using Microsoft's native utilities, spoofing Calendly invites for phishing Google and Meta credentials, a significant breach at the University of Pennsylvania linked to Oracle E-Business Suite vulnerabilities, and findings on AI jailbreaks tied to syntactic patterns by researchers from MIT, Northeastern University, and Meta. The episode emphasizes the ongoing challenges and evolving strategies in cybersecurity. 00:00 Introduction and Sponsor Message 00:43 Living Off the Land Attacks Explained 03:41 Fake Calendly Invites and Phishing Campaigns 05:47 Oracle Breach and Its Implications 07:55 AI Jailbreaks and Syntax Hacking 11:27 Conclusion and Final Thoughts

In this episode of Cybersecurity Today, host David Shipley discusses a range of pressing cybersecurity issues. Topics include the surge in QR code parking scams, with recent cases in Monaco, Ottawa, and across Europe; an Australian man sentenced for evil twin WiFi attacks targeting travelers; the shutdown of the Code Red emergency notification system due to ransomware; and critical vulnerabilities in Microsoft Teams' guest access feature. Shipley also examines the newly launched hacklore.org website aiming to debunk cybersecurity myths, while critiquing its dismissal of real-world threats. Stay informed on how criminals exploit simple deception, human assumptions, and technology lapses to perpetrate fraud and data breaches. 00:00 Introduction and Sponsor Message 00:21 Hack Lore vs. Real Cyber Threats 03:45 QR Code Parking Scams 07:24 Evil Twin WiFi Attacks 09:43 Ransomware Attack on Code Red 11:44 Microsoft Teams Security Flaw 15:09 Conclusion and Final Thoughts

The Intersection of Espionage Techniques and Cybersecurity Threats This episode explores the parallels between espionage and cybersecurity, particularly focusing on social engineering tactics used in both domains. Hosted by Jim Love, the podcast features insights from Neil Bisson, a retired intelligence officer from CSIS, and David Shipley, CEO of Beauceron Security. They discuss the vulnerabilities in human behavior that can be exploited, the similarity between human intelligence operations and phishing attacks, and how AI is transforming the landscape of social engineering. Practical advice on recognizing and mitigating these threats is also provided. The episode underscores the importance of empathy, skepticism, and continuous education in defending against sophisticated cyber threats. 00:00 Introduction and Sponsor Message 00:25 Linking Espionage and Cybersecurity 01:06 The Role of Social Engineering in Cyber Attacks 02:25 Guest Introductions: Neil Bisson and David Shipley 03:24 Recruitment Tactics in Intelligence 05:56 Phishing vs. Intelligence Recruitment 07:48 AI's Role in Modern Social Engineering 10:45 Building Trust and Rapport in Intelligence 16:19 Ethical Considerations in Intelligence Work 20:01 Future of Cybersecurity and Social Engineering 24:31 The Art of Subtle Manipulation 26:01 Clandestine Tactics and Voluntary Information 26:24 Incremental Trust Building 26:46 Psychological Manipulation and Cult Recruitment 27:34 Human Connection and Vulnerability 28:53 AI and Social Engineering 30:25 The Threat of AI in Recruitment 33:20 Emotional Manipulation in Espionage 36:19 Defending Against Manipulation 38:12 Empathy and Information as Defense 45:49 Final Thoughts and Audience Engagement

In this episode, the host addresses a previous mistake in naming a company involved in a breach, correcting SitusAMC for Ascensus, and extends apologies. Key topics include US banks assessing a breach fallout from financial tech vendor SitusAMC, ransomware group CioP targeting Broadcom through Oracle's vulnerabilities, a new malware campaign hiding in Blender 3D models named SteelC, supply chain attacks in the JavaScript ecosystem through NPM packages with Shai-Hulud malware, and a phishing scam using lookalike domains to deceive Microsoft account holders. Listeners are reminded to manually type URLs to avoid phishing scams, and are informed about the Thanksgiving weekend schedule change. 00:00 Introduction and Apology 01:26 Cybersecurity Headlines 02:13 US Banks Data Theft Incident 03:44 Broadcom and Oracle ERP Breach 05:29 Blender Malware Campaign 07:45 Shai-Hulud NPM Package Attack 09:41 Phishing Campaign Targeting Microsoft Accounts 11:39 Final Thoughts and Thanksgiving Wishes

In today's episode of Cybersecurity Today, hosted by Jim Love, several major cybersecurity incidents are discussed. US banks are assessing the impact of a security breach at SitusAMC, where the ALFV ransomware group claimed to have stolen three terabytes of data. CIOP has targeted Broadcom through Oracle's E-Business Suite vulnerabilities. A new malware campaign hides inside Blender 3D models, exploiting the auto-run feature to deploy Steel C malware. The JavaScript ecosystem faces a supply chain attack from the Shai-Hulud malware compromising 500 NPM packages. Additionally, a phishing campaign leveraging visual deception with look-alike domains is targeting Microsoft account holders. The show is brought to you by Meter, which provides integrated networking solutions. 00:00 Introduction and Sponsor Message 00:21 US Banks Data Theft Incident 02:24 Broadcom and Oracle ERP Breach 04:09 Blender Files Supply Chain Attack 06:24 NPM Packages Compromised 08:21 Phishing Campaign Targeting Microsoft Accounts 10:19 Conclusion and Sponsor Message

In this episode, host David Shipley discusses some of the most pressing issues in cybersecurity today. Checkout.com refuses to pay a ransom to cyber extortion group Shiny Hunters and instead donates to cybersecurity research. The U.S. SEC ends its long-standing case against SolarWinds and their CISO Tim Brown, highlighting ongoing debates about cybersecurity accountability. Additionally, the FCC reverses cybersecurity mandates originally set after the Salt Typhoon hacks, drawing criticism and raising questions about national security preparedness. The episode emphasizes the critical role of policy and regulation in affecting cybersecurity outcomes and encourages the tech community to participate actively in shaping better laws and frameworks. Cybersecurity Today would like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking stack, wired, wireless and cellular in one integrated solution that's built for performance and scale. You can find them at Meter.com/cst   00:00 Introduction and Sponsor Message 00:51 Checkout.com Refuses Ransom and Supports Cyber Research 04:10 SEC Ends Case Against SolarWinds and CISO 08:36 FCC Reverses Cybersecurity Mandates 12:22 The Importance of Policy in Cybersecurity 14:42 Conclusion and Call to Action

In this episode of Cybersecurity Today, host Jim Love welcomes retired intelligence officer Neil Bisson and regular guest David Shipley for an in-depth discussion on current cybersecurity threats facing both Canada and the US. They explore the roles of major state actors like China, Russia, Iran, and North Korea in cyber espionage and sabotage, alongside the motivations driving such activities. The conversation delves into the challenges faced by corporations and critical infrastructure, the importance of understanding motivations behind cyber attacks, and the need for greater cooperation between the private sector and intelligence agencies. The episode also highlights the crucial steps individuals and organizations should take to protect themselves in this rapidly evolving cyber landscape. 00:00 Introduction and Sponsor Message 00:40 Meet Neil Bisson: A Retired Intelligence Officer 02:43 The Evolution of Intelligence Collection 04:29 The Role of Big Data in Modern Espionage 06:30 Corporate Espionage and Technological Advancements 11:45 National Security Threats and Private Sector Vulnerabilities 16:42 Global Players in Cybersecurity Threats 21:44 The Overlooked Cyber Capabilities of India 23:58 State-Sponsored Cybercrime: A Symbiotic Relationship 24:50 Critical Infrastructure Vulnerabilities 25:32 Cyber Attacks and International Relations 27:54 The Role of Intelligence Agencies 33:58 The Huawei Controversy 37:18 Balancing National Security and Economic Interests 41:55 The Future of Cybersecurity 45:39 Conclusion and Final Thoughts

In this episode of Cybersecurity Today, host Jim Love discusses several major cybersecurity events. CloudFlare faced significant outages affecting major platforms like Amazon and YouTube, along with continued issues for Microsoft 365 users. NordVPN warned of a surge in fake shopping websites as Black Friday approaches, with phishing attempts climbing 36% between August and October. An AI transcription tool caused a privacy breach at an Ontario hospital, leading to a privacy probe. Finally, Salesforce is investigating a data theft wave linked to Gainsight, illustrating the risks of OAuth token misuse. The episode is supported by Meter, a network infrastructure provider. 00:00 Introduction and Sponsor Message 00:44 CloudFlare Outages and Their Impact 02:34 Surge in Fake Shopping Websites 04:56 AI Privacy Breach at Ontario Hospital 08:41 Salesforce Data Theft Investigation 11:26 Conclusion and Sponsor Message

In this episode of 'Cybersecurity Today,' host Jim Love covers multiple pressing topics: CloudFlare's major outage affecting services like OpenAI and Discord, Microsoft's new AI feature in Windows 11 and its potential malware risks, a new red team tool that exploits cloud-based EDR systems, and a new tactic using calendar invites as a stealth attack vector. Additionally, a critical SAP vulnerability scoring a perfect 10 on the CVSS scale is discussed alongside a peculiar event where Anthropic's AI mistakenly tried to report a cybercrime to the FBI. The episode wraps up with a mention of the book 'Alyssa, A Tale of Quantum Kisses' and a thank you to Meter for sponsoring the podcast. Tune in for essential cybersecurity insights. 00:00 Introduction and Sponsor Message 00:22 CloudFlare Outage Causes Major Disruptions 02:55 Microsoft's New AI Features and Malware Risks 05:22 Silent but Deadly: New Red Team Tool 07:39 Calendar Invites as a Stealth Attack Vector 10:04 Critical SAP Vulnerability 12:11 Anthropic's AI and the FBI Incident 14:06 Conclusion and Final Thoughts

Critical Cybersecurity Updates: Fortinet Zero Day, North Korean Infiltration & JLR Cyber Attack In this episode of Cybersecurity Today, host David Chipley discusses the latest critical updates in the cybersecurity world. Fortinet faces a massive zero-day vulnerability actively exploited, leading to major security patches. North Korean IT workers have infiltrated 136 companies, massively impacting corporate security and funneling millions to the DPRK. Jaguar Land Rover's cyber attack results in a startling $220 million loss, affecting the UK's economy. Lastly, we delve into widespread copy-pasted flaws across leading AI platforms like Meta and Nvidia. Stay updated, stay secure! 00:00 Introduction and Sponsor Message 00:55 Fortinet Zero-Day Vulnerability 04:32 North Korean IT Worker Infiltration 07:45 Jaguar Land Rover Cyber Attack Impact 10:19 AI Platforms Hit with Copy-Pasted Flaw 13:42 Conclusion and Upcoming Events

In this episode of Cybersecurity Today, host Jim Love is joined by Tammy Harper, a senior threat intelligence researcher at Flare, to explore the future landscape of cybercrime. The conversation delves into various aspects like the evolution of underground markets, state-backed cyber sanctuaries, and decentralized escrow systems. Harper presents insights on extortion as a service, the implications of artificial intelligence in cybercrime, and the potential impact of quantum computing on encryption. The episode also discusses the changing nature of digital sovereignty and its effects on cybersecurity. This thorough examination offers a glimpse into the challenges and transformations in the world of cyber threats. 00:00 Introduction and Guest Introduction 01:14 Overview of Tammy Harper's Work 01:56 Future of Cybercrime: Key Pillars 03:43 The Underground Economy 08:18 Decentralization of Underground Forums 17:28 State-Backed Sanctuaries and Cybercrime Tourism 24:01 Extortion as a Service (EAS) 31:37 Affiliate Programs in Cybercrime 34:41 Usernames and Credibility in Cybercrime 36:25 Recruitment and the Perfect Storm 37:22 Money Mules and Financial Crimes 38:45 Ransomware Negotiators and Trust Issues 41:22 Artificial Intelligence in Cybercrime 49:16 Quantum Computing and Encryption 58:55 Digital Sovereignty and the Future of Cybercrime 01:05:48 Conclusion and Final Thoughts

In this episode, host Jim Love discusses several significant cybersecurity events and updates. The Washington Post confirmed a security breach affecting nearly 10,000 individuals due to an exploited Oracle E-Business Suite vulnerability. CrowdStrike's 2025 Global Threat Report highlights the rise of 'enterprising adversaries' and a surge in malware-free intrusions. In addition, a new phishing scam targets iPhone users by mimicking Apple's device recovery alerts. Finally, a listener raised concerns about security issues with SonicWall's management devices and systems. The show concludes with information on upcoming content and thanks to Meter for sponsoring the podcast. 00:00 Introduction and Sponsor Message 00:40 Oracle Breach Affects Thousands 02:53 CrowdStrike's Global Threat Report 07:04 New iPhone Phishing Scam 08:35 Listener Concerns About SonicWall 12:10 Conclusion and Upcoming Episodes

In this episode of Cybersecurity Today, host David Shipley covers the latest threats in the cybersecurity landscape. Highlights include the emergence of the quantum root redirect (QRR) phishing kit, a sophisticated automated phishing platform targeting Microsoft 365 credentials across 90 countries. The hospitality industry is also being hit with a new 'click fix' phishing campaign, compromising booking systems and targeting hotel guests. Researchers discover new vulnerabilities in ChatGPT, exposing private data via indirect prompt injection attacks. Additionally, the University of Pennsylvania confirms a massive data breach, highlighting the risks of not implementing comprehensive MFA protocols. Stay informed with the latest cybersecurity news and insights to protect your organization. Cybersecurity Today would like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking stack, wired, wireless and cellular in one integrated solution that's built for performance and scale. You can find them at Meter.com/cst 00:00 Introduction and Sponsor Message 00:46 Quantum Root Redirect: A New Phishing Threat 03:47 Click Fix Phishing Attacks on Hotels 07:58 ChatGPT Vulnerabilities and AI Security Risks 11:37 University of Pennsylvania Data Breach 15:12 Conclusion and Call to Action

Cybersecurity Today would like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking stack, wired, wireless and cellular in one integrated solution that's built for performance and scale. You can find them at Meter.com/cst In today's episode, we cover the breach at the US Congressional Budget Office and its implications on national security, Microsoft Teams' chat feature being exploited for phishing attacks, and the increasing use of AI in cyber attacks. We also highlight how Canadian veterans are being retrained for careers in cybersecurity through the Coding for Veterans program. Hosted by Jim Love, we thank Meter for supporting this podcast with their complete networking stack solutions. 00:00 Introduction and Sponsor Message 00:51 US Congressional Budget Office Breach 02:27 Microsoft Teams Phishing Exploit 03:42 AI in Cybersecurity Attacks 06:09 Veterans in Cybersecurity 07:44 Conclusion and Sponsor Message

Unveiling the Double-Edged Sword of AI in Cybersecurity with Brian Black In this episode of Cybersecurity Today, host Jim Love interviews Brian Black, the head of security engineering at Deep Instinct and a former black hat hacker. Brian shares his journey into hacking from a young age, his transition to ethical hacking, and his experiences working with major companies. The discussion delves into the effectiveness of cybersecurity defenses against modern AI-driven attacks, the importance of understanding organizational data, and the challenges of maintaining robust security in the age of AI. Brian emphasizes the need for preemptive security measures and shares insights on the evolving threats posed by AI as well as the need for continuous education and adaptation in the cybersecurity field. 00:00 Introduction and Sponsor Message 00:21 Meet Brian Black: From Black Hat to Good Guy 00:55 Brian's Early Hacking Days 02:46 Transition to Ethical Hacking 04:11 Life in the Hacking Community 08:54 Advice for Aspiring Hackers and Parents 11:05 Corporate Career and Red Teaming 13:12 The Importance of Basics in Cybersecurity 21:41 Multifactor Authentication: The Good and the Bad 24:19 Challenges in Vendor Security Testing 27:41 Weaknesses in Cyber Defense 28:22 AI Speed vs Human Speed 28:37 AI in Cybersecurity Attacks 30:08 Dark AI Tools and Their Capabilities 32:54 AI Agents and Offensive Strategies 35:43 Challenges in Cybersecurity Defense 41:48 The Role of Red Teaming 42:46 Hiring the Right Red Team 46:59 Burnout in Cybersecurity 48:17 AI as a Double-Edged Sword 52:43 Deep Instinct's Approach to Security 53:58 Conclusion and Final Thoughts

In this episode of 'Cybersecurity Today,' hosted by Jim Love, the focus is on recent developments and tactics in cybersecurity. The episode discusses Meter's networking solutions, the innovative tactics of the ransomware group Killen using common Windows tools, and three new open-source offerings aimed at improving security: Heisenberg for software bills of materials, OpenAI's Aardvark for automated vulnerability detection, and Open PCC for securing AI data flows. The show emphasizes the importance of detecting unusual behaviors in legitimate tools and highlights the need for proactive security measures in development pipelines. Listeners are encouraged to explore these initiatives further through show notes and upcoming discussions. 00:00 Introduction and Sponsor Message 00:43 Ransomware Tactics: Using Everyday Tools 02:05 Heisenberg: Active Supply Chain Defense 03:38 Aardvark: Autonomous Security Researcher 04:56 Open PCC: Securing Enterprise AI Data 06:38 Final Thoughts and Resources 07:02 Closing and Upcoming Episodes

  In this episode of Cybersecurity Today, host Jim Love dives into several shocking security lapses and emerging threats. Highlights include ransomware negotiators at Digital Mint accused of being behind attacks, a new AI vulnerability that exploits Windows' built-in stack, and a misuse of OpenAI's API for command and control in malware operations. Additionally, AMD confirms a flaw in its Zen 5 CPUs that could lead to predictable encryption keys, and the Louvre faces scrutiny after a major theft reveals poor password practices and maintenance failures. The episode underscores the importance of basic security measures like strong passwords and regular audits despite advanced technological systems in place. 00:00 Introduction and Sponsor Message 00:48 Ransomware Negotiators Turned Hackers 02:08 AI Stack Vulnerabilities in Windows 04:04 Backdoor Exploits OpenAI's API 05:24 AMD's Encryption Key Flaw 06:59 Louvre Heist and Security Lapses 08:24 Conclusion and Call to Action

In this episode, host David Shipley discusses a significant cybersecurity breach at the University of Pennsylvania, which involved offensive emails sent from legitimate university addresses. The attackers claim to have accessed sensitive data, though their statements remain unverified. Shipley emphasizes the importance of vigilant communication and rapid response systems in mitigating damage. The episode also covers urgent cybersecurity alerts issued by Western agencies for Microsoft Exchange and WSUS servers, highlighting the necessity of continuous system updates and robust security measures. Lastly, Australia's cybersecurity agency warns against ongoing attacks on unpatched Cisco devices, urging immediate action. The episode underscores the theme of 'vigilance' in cybersecurity, stressing the role of culture and leadership in maintaining robust security practices. 00:00 Introduction and Sponsor Message 00:41 University of Pennsylvania Cyber Attack 05:26 US Government's Urgent Warning on Exchange and WSUS Servers 09:39 Australia's Bad Candy Cisco Router Attacks 12:19 Final Thoughts on Cybersecurity Vigilance 14:16 Conclusion and Sponsor Message

In this episode of 'Cybersecurity Today,' the panel, including Laura Payne from White TOK and David Shipley from Boer on Securities, reviews the major cybersecurity events of October. Key topics include DNS failures at AWS and Microsoft, the rise of AI and its associated security concerns, and several severe cloud and on-premises vulnerabilities in platforms like SharePoint and WSUS. The discussion highlights a surge in sophisticated phishing threats, the integration of AI in cyber attacks, and the critical importance of multifactor authentication. The panel also examines the implications of recent security breaches affecting critical infrastructure and the broader impact of cybersecurity on financial sectors. Ethical concerns about AI's use in creating inappropriate content and the urgent need for better regulatory frameworks for tech and cloud providers are underscored. The episode concludes with a humorous moment as Jim dons a gifted white TOK, bringing a smile to the discussion. 00:00 Introduction and Sponsor Message 00:18 Panel Introduction and AI Discussion 01:02 Cloud Outages and Their Impact 02:52 DNS and Internet Fragility 07:07 Botnets and Cybersecurity Threats 14:09 Industrial Control Systems Vulnerabilities 26:29 AI in Cybersecurity 35:37 Voice Deepfakes and Authentication Risks 38:32 Creative Scams and Real-Time Voice Translators 39:22 The Importance of Safe Words and Persistent Surveillance Issues 40:17 Hybrid Scams and Financial Crimes in Canada 41:44 Corporate Reputation and Financial Crimes Agency 42:41 Challenges with Digital Banking and Security 44:49 The Role of AI and Security in Financial Transactions 45:55 The Impact of Open Banking and Real-Time Payments 50:57 Email Filters and Cybersecurity Awareness 58:03 Microsoft's Security Challenges and Vulnerabilities 01:03:39 Legal Consequences for Cybercriminals 01:12:17 Final Thoughts and Acknowledgements

In this episode of Cybersecurity Today, host Jim Love covers a series of alarming cybersecurity incidents. Key highlights include Ernst and Young exposing a massive 4TB database to the open internet, a former L3 Harris executive guilty of selling zero-day exploits to a Russian broker, a sophisticated zero-day spyware campaign hitting Chrome, and a nation-state cyberattack on US telecom provider Ribbon Communications. Tune in to understand the critical lessons from these breaches and the emerging risks in cybersecurity. 00:00 EY's Massive Data Exposure 02:05 US Defense Contractor's Insider Threat 03:33 Chrome's Zero Day Vulnerability 05:24 Nation-State Hackers Breach US Telecom 06:51 Conclusion and Contact Information

In this episode of Cybersecurity Today, host Jim Love explores the potential shift in Russia's stance on cyber criminals, including arrests of major network operators. Discover the latest phishing scams where hackers fabricate death notices to steal passwords, a critical vulnerability exposing thousands of AI servers, and a massive malware campaign on YouTube. Plus, discuss the dual nature of AI in cybersecurity—both as a transformative technology and a new threat. Join the conversation on the future of cybersecurity! 00:00 Introduction: Cybersecurity Headlines 00:26 Russia's Crackdown on Cybercriminals 02:47 Phishing Scam Targets LastPass Users 04:59 AI Server Vulnerability Exposes API Keys 07:28 YouTube Ghost Network Spreads Malware 09:17 The Dual Role of AI in Cybersecurity 12:18 Conclusion and Future Plans

In this episode of Cybersecurity Today, host David Shipley covers the latest updates from the Pwn2Own 2025 event in Ireland, where top hackers earned over $1 million for uncovering 73 zero-day vulnerabilities. Despite significant hype, AI's impact on cybersecurity remains limited. We also dive into a critical Microsoft WSUS flaw under active exploitation and its implications for U.S. government cyber defenses amid a federal shutdown. Lastly, ESET reports reveal North Korea's increased cyber espionage targeting European drone manufacturers. Stay informed on the ever-evolving landscape of cybersecurity threats and defenses. 00:00 Introduction and Headlines 00:29 Pwn to Own 2025 Highlights 02:35 AI's Role in Cybersecurity 03:43 Microsoft's Critical WSUS Vulnerability 07:24 US Government Shutdown and Cyber Attacks 10:04 North Korean Cyber Espionage 12:46 Conclusion and Call to Action

In this episode of Cybersecurity Today, host Jim Love sits down with Graham Barrie a CISO and white hat hacker, to discuss the critical importance of cybersecurity for small and medium-sized businesses. From the moment Berry fell in love with technology through a Tandy TRS 80 to his current role helping businesses secure their data, this conversation covers the evolution of cybersecurity. They delve into how Berry assists businesses in understanding cybersecurity risks, communicating effectively with clients, and preparing for and recovering from cyber incidents. This episode is packed with insightful stories, practical advice, and a deep dive into the realities of cybersecurity for businesses of all sizes. 00:00 The Urgency of Cybersecurity 00:33 Introduction to the Podcast 01:00 Meet Graham Berry: A White Hat Hacker 01:31 Graham's Journey into Technology 04:04 From Technology to Cybersecurity 05:49 The Reality of Cyber Threats for Small Businesses 10:44 The Importance of Cyber Insurance 14:23 Engaging with Clients on Cybersecurity 17:08 Turning Around a Reluctant Client 20:10 The Growing Demand for Cyber Coverage 22:12 Third Party Risk Management 22:50 Effective Tabletop Exercises 23:58 Engaging Executives in Cybersecurity 26:43 Importance of Cyber Insurance 28:33 Successful Recovery Stories 34:16 Challenges with AI in Security 38:57 Looking Forward in Security 40:21 Conclusion and Farewell

In today's episode, host Jim Love discusses the discovery of the 'Glass Worm,' a self-spreading malware hidden in Visual Studio Code extensions downloaded over 35,000 times. The worm, hiding its malicious JavaScript in invisible unicode characters, steals developer credentials and drains crypto wallets. He also covers the security flaws in AI-powered IDEs like Cursor and Windsurf, leaving 1.8 million developers vulnerable. Lastly, a new survey from ISACA reveals that AI-driven attacks are now the top cybersecurity concern for 2026, overtaking ransomware and insider threats. Love advises how developers and security teams can mitigate these threats. 00:00 Introduction and Shoutout 01:10 Cybersecurity Headlines 01:46 Glass Worm Malware in Visual Studio Code 04:06 AI-Powered IDEs with Security Flaws 06:00 AI-Driven Cybersecurity Threats 07:50 Conclusion and Contact Information

In this episode of Cybersecurity Today, your host Jim Love discusses Microsoft's latest findings on how ransomware and extortion account for over half of all cyber attacks globally, highlighting the shift toward financially driven crimes. Learn about the breach at the Kansas City National Security Campus due to a SharePoint vulnerability and how Anthropic's new open-source sandbox aims to make AI coding safer. Additionally, discover how AI tools can help spot scams as Jim shares his personal experience and practical tips. Stay informed on the latest cybersecurity trends and essential defense strategies. 00:00 Introduction and Headlines 00:26 Ransomware Dominates Cyber Attacks 02:12 Nuclear Facility Breach via SharePoint Flaw 04:27 Anthropic's AI Code Sandbox 06:01 Using AI to Spot Scams 07:27 Conclusion and Viewer Engagement

In this episode of Cybersecurity Today, host David Shipley covers the latest developments in cyber threats and law enforcement victories. Topics include: cybercriminals using TikTok videos to disseminate malware through click-fix attacks, Europol shutting down a massive SIM farm powering 49 million fake online accounts, and Microsoft's emergency patch release for a critical ASP.NET Core vulnerability rated 9.9 in severity. The episode also highlights community efforts in raising cybersecurity awareness. 00:00 Introduction and Headlines 00:23 TikTok Malware Campaign 03:43 Europol's Major SIM Farm Bust 07:45 Microsoft's Critical ASP.NET Core Vulnerability 11:55 Community Shoutouts and Conclusion

In this episode, Jim Love interviews David Décary-Hétu, a criminologist at the Universite´de Montréal, discussing the dark web and its impact on criminal activity and cybersecurity. They delve into what the dark web is, how it operates, its primary users, and its role in cybercrime. They also explore the dynamics of online criminal networks, challenges faced by law enforcement, and the surprising aspects of online illicit activities. The importance of monitoring online conversations and understanding cyber threats is emphasized, with insights into the use of cryptocurrencies and the evolution of cybercrime tactics. 00:00 Introduction to Cybercrime and the Dark Web 00:45 Meet David Décary-Hétu: Criminology Researcher and Dark Web Expert 01:06 Understanding the Basics of the Dark Web 05:34 The Technology Behind the Dark Web 20:40 Law Enforcement Challenges and Trust Building 26:03 Cultural Differences in Hacking Communities 26:28 Training Police Officers vs. Research Approaches 26:40 Impact of Technology on Crime 28:09 International Networks and Language Barriers 30:26 Law Enforcement Strategies and Challenges 38:46 The Role of Cryptocurrency in Cybercrime 40:31 Legal and Ethical Considerations in Cybersecurity 42:55 Advice for Policymakers and Corporations 47:48 Educational Resources and Conferences 50:06 Conclusion and Final Thoughts

This episode of Cybersecurity Today, hosted by Jim Love, covers several critical topics in the realm of cybersecurity. Researchers found that unencrypted data from satellites is accessible with cheap equipment, leading to potential eavesdropping on sensitive information worldwide. A new botnet campaign is aggressively scanning for unsecured RDP services, posing a significant threat of ransomware and data theft. Canadian Tire Corporation experienced a data breach affecting customer information. An Android vulnerability allows hackers to steal two-factor authentication codes, prompting discussions on the need for faster security patch rollouts. Lastly, two brothers on trial for a $25 million crypto heist argue that their actions are legal within the blockchain's rules, raising questions about the future of crypto regulation. 00:00 Introduction to Cybersecurity News 00:26 Eavesdropping on Satellite Data 02:02 Massive Botnet Targeting RDP Services 03:58 Canadian Tire Data Breach 05:40 Android Vulnerability: Pick Napping 08:09 Crypto Heist: The Perra Bueno Brothers 10:06 Conclusion and Sign Off

In this episode of Cybersecurity Today, host David Shipley discusses several major events, including the FBI's takedown of the Breach Forums portal. This site was associated with a significant Salesforce data breach and extortion campaign led by groups like Shiny Hunters and Scattered Lapses Hunters. Oracle users are also warned about a new critical vulnerability in the E-Business Suite, which could allow unauthorized data access without requiring login credentials. Additionally, the resurgence of the Asuru botnet, leveraging compromised IoT devices to execute large-scale DDoS attacks, raises concerns. The episode emphasizes the need for immediate patching and robust security measures by organizations and consumers alike. A positive note highlights a cybersecurity awareness initiative by the Indiana Toll Road. 00:00 FBI Takes Down Breach Forums 03:42 Oracle E-Business Suite Vulnerability 07:39 Massive Botnet Threatening US Networks 11:04 Community Cybersecurity Awareness 11:47 Conclusion and Sign-Off

In this episode of Cybersecurity Today, Jim hosts Craig Taylor, a seasoned virtual Chief Information Security Officer (vCISO) with over 25 years of experience. They discuss the evolution and significance of the vCISO role, Taylor's career path, and the founding of his company, Cyber Hoot, which provides cybersecurity education and vCISO services. Taylor shares insights into why companies, especially SMBs, opt for vCISO services due to budget constraints and the scarcity of cybersecurity professionals. He also talks about the common challenges faced by vCISOs, such as managing burnout and ensuring client adherence to security recommendations. The conversation delves into the importance of cybersecurity culture, the need for effective education, and the integration of cybersecurity in business practices. Taylor offers practical advice on hiring the right vCISO and highlights the benefits his company provides. The episode concludes with a discussion on the psychology behind successful cybersecurity practices and Taylor's thoughts on the future of the industry. 00:00 Introduction to Cybersecurity Today 00:04 Meet Craig Taylor: The Virtual CISO 00:47 The Early Days of Virtual CISOs 02:15 Building a Cybersecurity Company 03:40 The Rise of Virtual CISO Services 05:01 Challenges and Realities of Cybersecurity 06:42 The Importance of Cyber Literacy 20:38 Managing Cybersecurity Risks 28:05 Understanding Administrative Risks in Onboarding and Offboarding 28:39 Challenges with MSPs and Cybersecurity 29:27 The Importance of Basic Security Measures 31:52 Dealing with Technology Debt 32:52 Balancing Budget and Security Needs 35:13 Real-Life Cybersecurity Incidents 40:17 The Role of Education in Cybersecurity 46:12 Hiring the Right VCISO 51:33 Conclusion and Final Thoughts

Cybersecurity Today: Teenage Ransomware Arrests, GoAnywhere Critical Flaw, and Google AI Vulnerability In this episode of Cybersecurity Today, hosted by Jim Love, two teenagers were arrested in London for a ransomware attack on Kiddo International preschools, involving child data extortion. The show discusses a critical vulnerability in GoAnywhere MFT servers actively exploited by ransomware operators, emphasizing the need for immediate patching. It also highlights an urgent warning from CSA about a 2021 Windows flaw now under active attack. Additionally, researchers have found a new method to exploit Google's Gemini AI through invisible unicode characters, with Google declining to patch the issue. The episode concludes with security recommendations and a note on the show's upcoming special weekend edition for Canadian Thanksgiving. 00:00 Introduction and Headlines 00:28 Teenagers Arrested for Preschool Ransomware Attack 01:57 Critical Vulnerability in Go Anywhere MFT Servers 03:21 Urgent Alert for 2021 Windows Flaw 04:32 Google Gemini AI's Invisible Prompt Flaw 06:16 Conclusion and Sign-Off

North Korean Hackers Target Crypto Wealth, LinkedIn Fights Data Scraping, and AI Tools Leak Corporate Data In this episode of Cybersecurity Today, host Jim Love covers the latest cybersecurity headlines including North Korean hackers targeting wealthy crypto investors, LinkedIn suing a firm for creating fake accounts to scrape user data, a massive ransomware campaign by the CIOp gang targeting Oracle's E-Business Suite, and new research highlighting AI tools as the top channel for corporate data leaks. Listen in for insights and key takeaways to protect your digital assets and corporate data. 00:00 North Korean Hackers Target Wealthy Crypto Holders 02:09 LinkedIn Sues Over 1 Million Fake Accounts 03:46 Ransomware Attack on Oracle's E-Business Suite 05:42 AI Tools: The New Channel for Corporate Data Leaks 07:53 Conclusion and Contact Information

AI Browsers Turn Rogue, Discord Data Breach, and Surge in Palo Alto Scans In this episode of Cybersecurity Today, host David Shipley discusses several significant cybersecurity concerns. Firstly, researchers at Layer X have uncovered a flaw in the Perplexity Comet AI browser that allows malicious prompts to turn the browser into a data thief with just a single click. Additionally, Discord has disclosed a data breach affecting users' personal information due to a third-party customer service provider compromise. Cybersecurity researchers have also reported a massive surge in scans targeting Palo Alto Network's login portals, suggesting potential reconnaissance for future attacks. Finally, the US Department of Defense has opted to reduce its mandatory cybersecurity training to allow military personnel to focus on their core missions, a move that has raised concerns given the intertwined nature of cyber and kinetic warfare. 00:00 Introduction and Headlines 00:32 AI Browser Security Flaw: Comet Jacking 03:11 Discord Data Breach: What Happened? 05:59 Surge in Scans Targeting Palo Alto Devices 08:07 US Department of Defense Cuts Cybersecurity Training 10:23 Conclusion and Viewer Engagement