Cybersecurity Today
Updates on the latest cybersecurity threats to businesses, data breach disclosures, and how you can secure your firm in an increasingly risky time.
info_outline
Extinction Level Cyber Vulnerability Now Fixed
09/22/2025
Extinction Level Cyber Vulnerability Now Fixed
Cybersecurity Today: Major Vulnerabilities and Attacks Uncovered Join host David Shipley for today's cybersecurity updates on the last day of summer 2025. In this episode, we delve deep into Microsoft's critical Entra ID vulnerability, a cyber attack crippling major European airports, the rise of SpamGPT targeting phishing operations, and the alarming zero-click flaw in OpenAI's deep research agent. Hear about Canadian Police's big win against the shadowy Trade Ogre crypto platform and their $40 million asset seizure. Buckle up for a reality check on the evolving cyber threats and their impact on global security. 00:00 Introduction and Overview 00:55 Microsoft's Extinction Level Vulnerability 05:19 European Airports Cyber Attack 08:20 SpamGPT: AI for Cyber Criminals 09:53 Shadow Leak: Zero Click AI Vulnerability 12:09 Trade Ogre Takedown 14:50 Conclusion and Upcoming Events
/episode/index/show/cybersecuritytoday/id/38302750
info_outline
CST Replay: The Ransomware Ecosystem with Tammy Harper
09/20/2025
CST Replay: The Ransomware Ecosystem with Tammy Harper
Unveiling the Ransomware Ecosystem with Tammy Harper In this compelling episode, Jim is joined by Tammy Harper from Flair.io to re-air one of their most popular and insightful episodes. Dive into the intricate world of ransomware as Tammy, a seasoned threat intelligence researcher, provides an in-depth introduction to the ransomware ecosystem. Explore the basics and nuances of ransomware, from its origins to its modern-day complexities. Tammy discusses not only the operational structures and notable ransomware groups like Conti, LockBit, and Scattered Spider, but also the impact and evolution of ransomware as a service. She also elaborates on ransomware negotiation tactics and how initial access brokers operate. This episode is packed with invaluable information for anyone looking to understand the cybercrime underground economy. Don’t forget to leave your questions in the comments, and they might be addressed in future episodes! 00:00 Introduction and Episode Re-Run Announcement 00:29 Guest Introduction: Tammy Harper from Flair io 00:41 Exploring the Dark Web and Ransomware 02:21 Tammy Harper's Background and Expertise 03:40 Understanding the Ransomware Ecosystem 04:02 Ransomware Business Models and Initial Access Brokers 07:08 Double and Triple Extortion Tactics 11:23 History of Ransomware: From AIDS Trojan to WannaCry 13:02 The Rise of Ransomware as a Service (RaaS) 19:41 Conti: The Ransomware Giant 26:17 Conti's Tools of the Trade: EMOTET, ICEDID, and TrickBot 32:05 The Conti Leaks and Their Impact 34:04 LockBit and the Ransomware Cartel 37:07 National Hazard Agency: A Subgroup of LockBit 38:17 Release of Volume Two and Its Impact 39:08 Details of the Training Manual 40:52 Ransomware Negotiations 41:28 Ransom Chat Project 42:27 Conti vs. LockBit Negotiation Tactics 43:30 Professionalism in Ransomware Operations 47:07 Ransomware Chat Simulation 48:03 Ransom Look Project 49:11 Current Ransomware Landscape 50:32 Infiltration and Research Methods 51:47 Profiles of Emerging Ransomware Groups 01:05:21 Initial Access Market 01:10:26 Future of Ransomware and Law Enforcement Efforts 01:13:14 Conclusion and Final Thoughts
/episode/index/show/cybersecuritytoday/id/38288630
info_outline
Cybersecurity Today - The Good News Edition
09/19/2025
Cybersecurity Today - The Good News Edition
Cybersecurity Today: The Good News Edition In this episode, host Jim Love addresses a previous mistake regarding the location of Yellowknife and announces a special 'good news' edition. Key stories include Microsoft's dismantling of a global phishing-as-a-service operation Raccoon 0365, the recovery of nearly $2 million lost to a business email compromise scam by a Texas county, and the Commonwealth Bank of Australia's significant reduction in scam losses through AI-powered defenses. The episode emphasizes lessons learned in cybersecurity and the positive outcomes from recent countermeasures. Love also mentions that the usual host, David Shipley, will return on Monday. 00:00 Introduction and Apology 01:38 Good News Stories Overview 02:18 Microsoft Dismantles Raccoon 0365 03:59 Texas County Recovers $2 Million 05:51 CommBank's AI-Powered Scam Prevention 08:01 Conclusion and Contact Information
/episode/index/show/cybersecuritytoday/id/38261600
info_outline
Shai-Hulud Worm - A Self Propagating Supply Chain Threat
09/17/2025
Shai-Hulud Worm - A Self Propagating Supply Chain Threat
Cybersecurity Worms, Steganography Attacks, Municipal Cyber Incidents and More... In this episode of Cybersecurity Today, host Jim Love delves into multiple cybersecurity threats affecting the tech landscape. He discusses the 'Shai Hulud' worm, which has infiltrated over 187 JavaScript libraries on NPM, exploiting developer tokens for spread, including those maintained by CrowdStrike. Love explains practical but challenging measures to mitigate such threats. He also explores steganography's role in hiding malicious scripts within seemingly benign image files, urging vigilance against embedding hidden commands. Additionally, the episode covers a cyber incident in Yellowknife, causing severe disruptions to municipal services and emphasizing the importance of cyber hygiene and support from higher government levels. Lastly, Jim examines how a Windows 11 patch has created a new vulnerability, stressing the need for enhanced monitoring and quick updates. 00:00 Introduction and Overview 00:21 The Shy Ude Worm: A New Threat 02:19 Steganography: Hiding in Plain Sight 05:30 Cybersecurity Incident in Yellowknife 07:24 Microsoft's Patch Problems 08:27 Conclusion and Contact Information
/episode/index/show/cybersecuritytoday/id/38247545
info_outline
NPM Attack Leave Hackers Empty Handed: Cybersecurity Today with David Shipley
09/15/2025
NPM Attack Leave Hackers Empty Handed: Cybersecurity Today with David Shipley
Cybersecurity Today: NPM Attack, Void Proxy Phishing, and Major Business Disruptions In this episode of Cybersecurity Today, host David Shipley discusses a recent massive NPM attack that, despite causing significant disruption, left hackers with minimal gains. We also cover a new, highly sophisticated phishing service called Void Proxy, which targets Microsoft and Google accounts. Additionally, we delve into the severe repercussions of cyber attacks on major companies like Jaguar Land Rover and Marks and Spencer, highlighting the wide-ranging impacts on supply chains and leadership. Join us for the latest updates and insights from the world of cybersecurity. 00:00 Introduction and Headlines 00:35 Massive NPM Attack: What Happened? 02:53 Void Proxy: A New Phishing Threat 05:31 Jaguar Land Rover Cyber Attack Impact 06:59 Marks and Spencer Leadership Change 08:04 Conclusion and Final Thoughts
/episode/index/show/cybersecuritytoday/id/38218000
info_outline
The Godfather of Zero Trust - A Discussion with John Kindervag
09/13/2025
The Godfather of Zero Trust - A Discussion with John Kindervag
Inside Zero Trust: John Kindervag and the Evolution of Cybersecurity In this episode of Cybersecurity Today: Weekend Edition, host Jim Love speaks with John Kindervag, the pioneer behind the Zero Trust model of cybersecurity. With over 25 years of industry experience, John delves into how the concept originated from his early work with firewalls, advocating for a system where no packet is trusted by default. He discusses the fundamental principles of Zero Trust, including defining protect surfaces, mapping transaction flows, and implementing microsegmentation. The conversation also touches on overcoming cultural and organizational challenges in cybersecurity, the inadequacies of traditional risk models, and adapting Zero Trust methodologies in the evolving landscape, including AI. Through thoughtful discourse and practical insights, John underscores the importance of strategic and tactical implementations in building resilient and secure systems. 00:00 Introduction to Cybersecurity Today 00:25 Meet John Kindervag: The Godfather of Zero Trust 01:50 The Birth of Zero Trust 04:08 Challenges and Evolution of Zero Trust 06:03 From Forrester to Practical Implementations 11:40 The Concept of Protect Surfaces 17:30 Risk vs. Danger in Cybersecurity 30:54 Farmers and Technology 31:48 The Importance of IT in Business 32:26 Introduction to Zero Trust 32:41 Five Steps to Zero Trust 33:14 Mapping Transaction Flows 34:25 Custom Architecture for Zero Trust 34:55 Defining Policies with the Kipling Method 36:04 Monitoring and Maintaining Zero Trust 36:28 The Concept of Anti-Fragile Systems 38:47 Challenges and Success Stories in Zero Trust 42:02 Microsegmentation and Protect Surfaces 45:39 AI and Zero Trust 49:22 Advice for Implementing Zero Trust 50:37 Military Insights and Decision Making 57:19 The Future of Zero Trust 59:07 Conclusion and Final Thoughts
/episode/index/show/cybersecuritytoday/id/38205985
info_outline
Microsoft Patches Zero Day And More
09/12/2025
Microsoft Patches Zero Day And More
Cybersecurity Today: Microsoft Patches, Canadian Data Breach, NVIDIA's New Tool, and a Senator's Call for Investigation In this episode of Cybersecurity Today, host Jim Love discusses Microsoft's September patch update addressing 81 security flaws, including two zero-day vulnerabilities. Highlights include a data breach in Canada affecting email and phone numbers, NVIDIA's release of an open-source LLM vulnerability scanner, and US Senator Ron Wyden's call for the FTC to investigate Microsoft's security practices. The episode also clears up the mystery behind the bricked SSDs after a Windows 11 update. 00:00 Microsoft Patches 81 Flaws 02:29 Canadian Government Data Breach 03:38 NVIDIA's Garrick: AI Vulnerability Scanner 05:01 Senator Urges FTC to Probe Microsoft 06:52 Mystery of Bricked SSDs Solved 08:24 Conclusion and Upcoming Interview
/episode/index/show/cybersecuritytoday/id/38189460
info_outline
iCloud Calendar Invites Disguise New Phishing Campaigns
09/10/2025
iCloud Calendar Invites Disguise New Phishing Campaigns
Phishing Scams, Leaked Stream Keys, Zero-Day Android Vulnerabilities, and Bounties on Russian Hackers In this episode of Cybersecurity Today, host Jim Love discusses several critical cybersecurity issues. Attackers are using iCloud calendar invites for phishing scams, leveraging Apple's system to bypass security checks. The US Department of Defense has exposed livestream credentials, risking hijack and fake content insertion. Billions of Android phones are vulnerable due to unpatched critical zero days, and Google has only fixed issues for Pixel devices so far. Additionally, the US State Department has placed a $10 million bounty on three Russian FSB hackers responsible for attacks on energy companies. Jim emphasizes the importance of securing digital assets and maintaining strong cybersecurity practices. 00:00 Introduction and Headlines 00:24 Phishing Scam via iCloud Calendar Invites 03:18 US Department of Defense Livestream Vulnerabilities 05:53 Critical Android Zero-Day Vulnerabilities 07:38 US Bounty on Russian FSB Hackers 09:42 Conclusion and Contact Information
/episode/index/show/cybersecuritytoday/id/38153070
info_outline
Hackers Say Thanks For Lousy Security In Large Fast Food Chain
09/08/2025
Hackers Say Thanks For Lousy Security In Large Fast Food Chain
Cybersecurity Today: Ghost Action Campaign, SalesLoft Breach, AI Vulnerabilities, and Restaurant Security Flaws Host David Shipley discusses the latest in cybersecurity, including the Ghost Action Campaign which compromised over 3000 secrets from GitHub repositories, the SalesLoft breach affecting major cybersecurity and SaaS firms, and new research showing how large language model chatbots like GPT-4 can be manipulated easily. Additionally, ethical hackers uncover significant vulnerabilities in the digital platforms of Restaurant Brands International. The episode emphasizes the importance of securing the software development ecosystem and maintaining robust social engineering defenses. 00:00 Introduction and Headlines 00:32 GitHub Supply Chain Attack: Ghost Action Campaign 02:51 SalesLoft Breach: A Deep Dive 05:01 The Summer of Salesforce Attacks 07:19 Manipulating AI: New Research Insights 09:14 Restaurant Brands International: Security Flaws Exposed 11:21 Conclusion and Sign-Off
/episode/index/show/cybersecuritytoday/id/38123925
info_outline
From CVE To Cyber Attack In Minutes With AI: Cybersecurity Today
09/06/2025
From CVE To Cyber Attack In Minutes With AI: Cybersecurity Today
The Future of Cybersecurity: AI, Exploits, and the CVE Database In this special crossover episode of Cybersecurity Today and Hashtag Trending, the hosts explore the use of artificial intelligence (AI) in cybersecurity. The conversation begins with an overview of the ongoing 'arms race' to find and exploit software vulnerabilities, focusing on how AI can change the game. The episode delves into the Common Vulnerability and Exposures (CVE) Database, its importance, and its management by the Mitre Corporation. The discussion then spotlights groundbreaking research by Israeli researchers Effie Wies and Nahman Khayet, who developed a method to automate the creation of exploits using AI, reducing the average exploit development time from 192 days to just 15 minutes. This revelation raises significant concerns about the future of cybersecurity and the need for organizations to accelerate their response times. The podcast also touches on the potential for AI to assist in writing more secure code and defending against vulnerabilities, calling for a more resilient approach to software development and deployment. 00:00 Introduction to the Crossover Show 00:22 The Arms Race in Cybersecurity 00:59 Understanding Zero-Day Exploits 02:13 The Common Vulnerability and Exposures Database (CVE) 05:17 The Impact of AI on Exploit Development 05:54 Interview with Nahman Khayet 08:48 The Future of AI in Cybersecurity 18:16 Challenges and Recommendations for Organizations 30:54 Conclusion and Final Thoughts
/episode/index/show/cybersecuritytoday/id/38109940
info_outline
Reminder of this week's schedule and preview of Weekend Edition.
09/05/2025
Reminder of this week's schedule and preview of Weekend Edition.
For this short week we had episodes on Tuesday and Thursday. We'll return to our Monday, Wednesday and Friday schedule starting next Monday. But we have an interview this weekend with the researchers who have issued a proof of concept showing that you can go from CVE to working exploit in 15 minutes and at the cost of less than a dollar using AI.
/episode/index/show/cybersecuritytoday/id/38097695
info_outline
Cloudflare Fends Off A Record Breaking 11.5 Tbps DDoS Attack
09/04/2025
Cloudflare Fends Off A Record Breaking 11.5 Tbps DDoS Attack
In this episode of Cybersecurity Today, host Jim Love covers the latest and most critical stories in the world of cyber threats and digital defense: • Cloudflare fends off a record-breaking 11.5 Tbps DDoS attack, highlighting the relentless scale and sophistication of modern cyber assaults. • WhatsApp patches a dangerous zero-click exploit targeting Apple users, with advice for high-risk individuals to stay protected. • Frostbite 10: Ten critical vulnerabilities in supermarket refrigeration systems could threaten food safety nationwide. • Over 1,100 Ollama AI servers found exposed online, raising alarms about the risks of self-hosted AI and poor security practices. • Hacker group issues an ultimatum to Google, but so far, no evidence of a breach—reminding us to stay vigilant against social engineering. • Palo Alto Networks becomes the latest victim in a supply chain breach involving stolen OAuth tokens, with lessons for all organizations on token hygiene and monitoring. Stay informed, stay secure! For tips, feedback, or more info, visit technewsday.com or .ca. Cybersecurity #DDoS #ZeroClick #AI #DataBreach #Infosec
/episode/index/show/cybersecuritytoday/id/38081150
info_outline
1,000 Developers Compromised By NX Build System Breach
09/02/2025
1,000 Developers Compromised By NX Build System Breach
Cybersecurity Today: Major Attacks on NX Build System, Sitecore, and Salesforce In this episode, David Shipley covers a string of significant cybersecurity breaches and vulnerabilities. Highlights include a compromise of the NX build system affecting over 1000 developers, remote code execution flaws in Sitecore's experience platform, and escalating Salesforce data theft attacks. The episode underscores the amplified risk introduced by AI in development, emphasizes the need for stringent security practices, and highlights sophisticated attacks by nation-state actors and criminal groups. Practical advice given includes the importance of patching systems, securing integrations, and educating teams on evolving threats. 00:00 Introduction and Headlines 00:28 NX Build System Compromise 01:54 AI-Driven Development Risks 04:25 Sitecore Vulnerabilities 05:36 Nation-State Threats 07:00 Salesforce Data Theft Campaign 09:51 Conclusion and Sign-Off
/episode/index/show/cybersecuritytoday/id/38055180
info_outline
Cybersecurity Today: Month In Review Panel for August 2025
08/30/2025
Cybersecurity Today: Month In Review Panel for August 2025
Cybersecurity Today: Navigating AI Advancements and Future Trends In this episode of 'Cybersecurity Today,' host Jim Love and panelists Tammy Harper, Laura Payne, and David Shipley discuss recent developments in cybersecurity, shifting focus to AI's impact on the industry. They explore emerging threats such as AI-generated ransomware and the efficiency of exploiting vulnerabilities using AI. The conversation emphasizes the need for improved policy and regulation, the role of MFA in safeguarding systems, and the implications of youth unemployment due to AI disruption. Predictions for the coming year include the necessity for better legislation, ethical considerations in AI deployment, and the continued importance of maintaining fundamental cybersecurity measures amidst rapid technological advances. 00:00 Introduction and Overview 00:36 Meet the Panelists 02:32 New Cybersecurity Awareness Platform 05:07 Biometric Guidance and Privacy 13:04 AI-Driven Exploits and Security Challenges 22:21 Hack Back Legislation Debate 30:21 MFA Implementation and Insurance Implications 36:30 Understanding the Role of Underwriting in Insurance 36:58 The Importance of Cybersecurity in Insurance 37:43 Scenarios and Broker Consultations 38:57 The Scattered Spiders and Cybersecurity Threats 43:07 Youth Unemployment and Cybersecurity 44:43 The Rise of Social Engineering 47:47 AI and Its Implications 49:28 The Future of AI and Cybersecurity 50:45 Challenges and Solutions in AI Security 51:09 Final Thoughts and Recommendations
/episode/index/show/cybersecuritytoday/id/38028340
info_outline
Zipline Phishing, Google Urges Password Resets, and AI-Driven Threats: Cybersecurity Today
08/29/2025
Zipline Phishing, Google Urges Password Resets, and AI-Driven Threats: Cybersecurity Today
In this episode of Cybersecurity Today, host Jim Love delves into the latest cyber threats and risks. Key topics include the new phishing campaign Zipline that flips traditional tactics, Google's call for 2.5 billion Gmail users to reset passwords due to a phishing attack by Shiny Hunters, and the emergence of AI-driven ransomware like Prompt Lock. The episode also covers a hijack of the NX build platform leading to a sophisticated supply chain attack, and a whistleblower's claims that the Social Security Administration put personal data at risk by improperly handling sensitive information. Tune in to stay informed on these evolving cyber threats and defensive measures. 00:00 Introduction to Cybersecurity News 00:31 Zipline Phishing: A New Threat 02:14 Google Urges Password Resets 03:51 AI-Powered Ransomware: Prompt Lock 05:48 NX Supply Chain Attack 07:35 Social Security Data at Risk 09:20 Conclusion and Upcoming Shows
/episode/index/show/cybersecuritytoday/id/38016880
info_outline
A Simple Phrase Defeats GPT5 Security
08/27/2025
A Simple Phrase Defeats GPT5 Security
In this episode of Cybersecurity Today, host Jim Love discusses recent developments in cybersecurity, including a method to bypass GPT5 model safeguards, malware issues in the Google Play Store, NIST's new AI-specific security controls, and a cyber attack that led to a government shutdown in Nevada. The episode also covers a CRM-related breach linked to the Shiny Hunters collective, who used OAuth tokens to gain unauthorized access. Key takeaways emphasize the need for stronger security frameworks and vigilance against evolving cyber threats. 00:00 Introduction and Overview 00:27 Exploiting GPT-5: A Simple Prompt Attack 02:20 Google Play Store's Malware Struggles 04:11 NIST's New AI Security Controls 06:06 Nevada Government Cyber Attack 08:23 Shiny Hunters' CRM Breach 10:41 Conclusion and Contact Information
/episode/index/show/cybersecuritytoday/id/37974110
info_outline
From CVE To Cyber Attack In Minutes With AI: Cybersecurity Today
08/25/2025
From CVE To Cyber Attack In Minutes With AI: Cybersecurity Today
Host David Shipley explores the latest in cybersecurity, including the rapid development of AI-generated exploits for critical vulnerabilities, record-high searches of digital devices at US borders, and a fired developer jailed for sabotaging his former employer. Additionally, the episode highlights Interpol's Operation Serengeti 2.0, which led to significant arrests and recoveries in the fight against cybercrime in Africa. The episode underscores the speed at which cyber threats can materialize and the importance of global and collaborative defenses. 00:00 Introduction to Cybersecurity Today 00:35 AI-Driven Exploits: A New Era of Cyber Threats 02:48 Record Device Searches at US Borders 04:43 Insider Threats: The Hidden Dangers Within Organizations 06:25 Operation Serengeti 2.0: A Major Blow to Cyber Crime 07:27 Conclusion and Final Thoughts
/episode/index/show/cybersecuritytoday/id/37942160
info_outline
The Evolving Landscape of Cybersecurity Training: Effective Strategies and Misleading Headlines
08/23/2025
The Evolving Landscape of Cybersecurity Training: Effective Strategies and Misleading Headlines
In this episode of Cybersecurity Today, host Jim Love explores the complex dynamics of cybersecurity training with guests Michael Joyce and David Shipley. They discuss the importance of continuous awareness and the temporal decay of training effects. The conversation highlights the critical balance between training frequency and effectiveness, with data suggesting that monthly phishing simulations and quarterly training interventions offer optimal results. Despite recent headlines claiming phishing training is ineffective, the discussion underscores the nuanced understanding required to navigate cybersecurity education. The episode also delves into academic versus business perspectives, emphasizing the importance of empirical research and critical thinking in developing effective cybersecurity strategies. 00:00 Understanding Human Vigilance and Awareness Decay 00:33 Introduction to Cybersecurity Today 00:46 Meet the Experts: Michael Joyce and David Shipley 01:39 Exploring the Human-Centric Cybersecurity Partnership 03:38 The Role of Liberal Arts in Cybersecurity 04:23 Challenges in Cybersecurity: Technology vs. Human Behavior 06:34 The Importance of Independent Research in Cybersecurity 12:30 Analyzing Cybersecurity Awareness Month 18:32 Phishing Simulations and Security Fatigue 23:14 The Impact of Training on Phishing Awareness 39:38 Experimenting with Phishing Training Frequency 39:51 Critiques and Insights on Cybersecurity Training 41:51 Optimal Training Intervals and Their Impact 43:23 The Role of Awareness in Cybersecurity 44:13 Understanding Phishing Reporting and Skills Decay 45:22 Ethical Considerations in Phishing Simulations 46:38 New Data on Why People Click Phishing Links 55:52 The Importance of Psychological Safety 57:23 Debunking Misleading Headlines on Phishing Training 01:05:44 The Complexity of Cybersecurity Research 01:16:41 Final Thoughts and Recommendations
/episode/index/show/cybersecuritytoday/id/37927910
info_outline
Cybersecurity Today: Massive Data Exposures, Microsoft Failures, and PayPal Breach Claims
08/22/2025
Cybersecurity Today: Massive Data Exposures, Microsoft Failures, and PayPal Breach Claims
In this episode of Cybersecurity Today, host Jim Love covers a range of recent cybersecurity incidents. A major privacy failure has hit Elon Musk's Grok chatbot, exposing over 370,000 private conversations with sensitive information. Microsoft's recent security update has caused SSD and HDD failures, complicating data recovery. Hackers have exploited Microsoft's own login infrastructure to create phishing traps, making it difficult for users to spot fake login pages. The leader of the Wrapper Bot DDoS gang has been arrested following a detailed investigation. Finally, a hacker group claims to have 15.8 million PayPal credentials, although these claims are disputed by PayPal and security researchers. Jim also invites listeners to share their thoughts and comments through various contact methods. 00:00 Agro Leak Exposes 370,000 Chats 02:22 Microsoft Scrambles to Fix SSD Failures 03:52 Hackers Hijack Microsoft Infrastructure 05:40 Leader of Wrapper Bot DDoS Gang Arrested 07:14 Hackers Claim 15.8 Million PayPal Logins Stolen 08:34 Conclusion and Contact Information
/episode/index/show/cybersecuritytoday/id/37917145
info_outline
Cybersecurity Breaches: Salesforce, Workday, and Critical Infrastructure Hacked
08/20/2025
Cybersecurity Breaches: Salesforce, Workday, and Critical Infrastructure Hacked
In today's episode of 'Cybersecurity Today,' hosted by Jim Love, we cover several key issues in the cybersecurity landscape. Firstly, a breach involving Workday and social engineering attacks targeting Salesforce customers is discussed. Next, the risks posed by a recent Windows update potentially causing data corruption on SSDs and HDDs are highlighted. We also delve into a critical infrastructure breach where Russian hackers remotely accessed a Norwegian dam's control system. Additionally, the episode covers Google's vulnerabilities in its AI and Gmail services, and finally, Apple's significant privacy victory against the UK’s backdoor encryption mandate. The episode concludes with a call for listener support through donations to sustain the program. 00:00 Introduction and Headlines 00:23 Workday Data Breach Explained 02:15 Windows Update Issues 04:05 Norwegian Dam Cyber Attack 05:49 Google's Security Challenges 07:12 Apple's Privacy Victory 08:19 Conclusion and Listener Support
/episode/index/show/cybersecuritytoday/id/37885880
info_outline
Breaking Cybersecurity News: Canada's House of Commons Breached and Windows 10 Support Ending Soon
08/18/2025
Breaking Cybersecurity News: Canada's House of Commons Breached and Windows 10 Support Ending Soon
In this episode of Cybersecurity Today, host David Shipley reports from Fredericton, New Brunswick, amidst severe forest fires. The main story covers a data breach in Canada’s House of Commons involving parliamentary employee information, attributed to a recent Microsoft vulnerability. The episode also discusses Fortinet’s recent high-severity vulnerability patches and Microsoft's reminder of Windows 10 support ending in October 2025. Additionally, there’s rare good news as researchers gain insights into the iMac 3.0 malware after a source code leak. The episode encourages vigilance, patching, and awareness of upcoming support changes while offering contact information and solicitation for audience engagement. 00:00 Introduction and Headlines 00:35 Canada's House of Commons Data Breach 03:48 Fortinet Vulnerabilities and Patches 05:49 Windows 10 End of Life Announcement 07:17 Malware Source Code Leak Insights 09:08 Conclusion and Viewer Engagement
/episode/index/show/cybersecuritytoday/id/37858150
info_outline
Exploring the Ransomware Ecosystem with Tammy Harper
08/16/2025
Exploring the Ransomware Ecosystem with Tammy Harper
In this episode of 'Cybersecurity Today,' the host welcomes Tammy Harper from Flair.io for an in-depth exploration into the ransomware ecosystem. Tammy, a seasoned threat intelligence researcher and certified dark web investigator, shines a light on the complex world of ransomware, its history, business models, and the various threat actor groups involved. The discussion covers initial access brokers, notable ransomware groups like Conti and LockBit, and modern shifts in the ransomware landscape fueled by AI and affiliate models. This episode offers a comprehensive guide for understanding how ransomware operates and the tactics used by cybercriminals, making it a must-watch for anyone interested in cybersecurity. 00:00 Introduction 00:50 Meet Tammy Harper: Expert in Ransomware 01:59 Understanding the Ransomware Ecosystem 03:26 Ransomware Business Models and Initial Access Brokers 06:39 Double and Triple Extortion Explained 10:50 The Evolution of Ransomware 15:43 The Role of Cryptocurrency in Ransomware 19:22 The Rise and Fall of Conti 25:56 Tools of the Trade: EMOTET, ICEDID, and TrickBot 33:35 LockBit and the Ransomware Cartel 36:37 The National Hazard Agency and Ba Lord 38:13 LockBit Training Materials 40:23 Ransomware Negotiations 40:54 Ransom Chat Project 41:58 Conti vs. LockBit Negotiation Tactics 47:30 Modern Ransomware Groups 51:18 Medusa and Other Emerging Groups 01:04:52 Initial Access Market 01:09:41 Conclusion and Final Thoughts
/episode/index/show/cybersecuritytoday/id/37843160
info_outline
300 Million In Crypto Fraud Funds Frozen: Cybersecurity Today
08/15/2025
300 Million In Crypto Fraud Funds Frozen: Cybersecurity Today
Cyber Crime Crackdown: $300 Million in Crypto Frozen, FBI Accounts Hacked, and Critical Microsoft Patches Released In this episode of Cybersecurity Today, host Jim Love covers major recent events in cybercrime and cybersecurity. Over $300 million in cryptocurrency tied to cybercrime has been frozen through coordinated efforts by the private sector and law enforcement in the US and Canada. Cyber criminals are selling active FBI and other law enforcement email accounts for as low as $40, posing significant risks of impersonation and fraud. Microsoft's latest Patch Tuesday addresses over 100 vulnerabilities, including critical flaws in various services and applications. Nova Scotia Power faces criticism for seeking to hide details about a major cybersecurity breach that affected 280,000 customers, with regulators emphasizing the need for public accountability. Jim signs off by encouraging listeners to support and provide feedback for the show. 00:00 Cybercrime Crypto Crackdown 02:34 FBI Email Accounts for Sale 04:05 Microsoft Patch Tuesday Updates 06:16 Nova Scotia Power Cybersecurity Breach 07:43 Show Wrap-Up and Listener Engagement
/episode/index/show/cybersecuritytoday/id/37832160
info_outline
Urgent Vulnerabilities: Patching Exchange, Citrix, and Fortinet
08/13/2025
Urgent Vulnerabilities: Patching Exchange, Citrix, and Fortinet
In this episode of Cybersecurity Today, host David Shipley covers critical security updates and vulnerabilities affecting Microsoft Exchange, Citrix NetScaler, and Fortinet SSL VPNs. With over 29,000 unpatched Exchange servers posing a risk for admin escalation and potential full domain compromise, urgent action is needed. Citrix Bleed 2 is actively being exploited, with significant incidents reported in the Netherlands and thousands of devices still unpatched globally. Fortinet SSL VPNs are experiencing a spike in brute force attacks, hinting at a possible new vulnerability on the horizon. Lastly, Shipley highlights notable moments from DEFCON 33, including innovative security hacks and sobering realities of the hacker community. Tune in for detailed breakdowns and insights on how to stay vigilant against these threats. 00:00 Introduction and Overview 00:32 Microsoft Exchange Vulnerability 02:54 Citrix Bleed Two Exploits 05:21 Fortinet SSL VPN Brute Force Attacks 07:39 Insights from DEFCON 33 13:46 Conclusion and Final Thoughts
/episode/index/show/cybersecuritytoday/id/37790220
info_outline
Cyber Attacks, Jailbreaking GPT-5, and Hacker Summer Camp 2025 Highlights
08/11/2025
Cyber Attacks, Jailbreaking GPT-5, and Hacker Summer Camp 2025 Highlights
In today's episode of Cybersecurity Today, host David Shipley covers critical updates on recent cyber attacks and breaches impacting the US Federal judiciary's case management systems, and SonicWall firewall compromises. He also discusses researchers' new jailbreak method against GPT-5, which bypasses ethical guardrails to produce harmful instructions. Shipley shares insights and standout sessions from Hacker Summer Camp 2025, including BSides Las Vegas, the I Am the Cavalry track, and Defcon, highlighting ongoing efforts and challenges in the cybersecurity landscape. Stay informed, stay secure, and join the conversation in this detailed overview of current cybersecurity issues and innovations. 00:00 Introduction and Headlines 00:31 US Federal Judiciary Cyber Attack 02:29 SonicWall Ransomware Attacks 04:14 AI Jailbreak Techniques 07:44 Hacker Summer Camp 2025 Highlights 08:10 BSides Las Vegas and Community Insights 09:29 Healthcare Cybersecurity and Crash Cart Project 12:11 Defcon Reflections and Final Thoughts 13:45 Conclusion and Listener Engagement
/episode/index/show/cybersecuritytoday/id/37753950
info_outline
Cybersecurity Today Month In Review: August 9, 2025
08/09/2025
Cybersecurity Today Month In Review: August 9, 2025
Cybersecurity Today: July Review - Massive Lawsuits, AI Warnings, and Major Breaches In this episode of Cybersecurity Today: The Month in Review, host Jim Love and an expert panel, including David Shipley, Anton Levaja, and Tammy Harper, discuss the most significant cybersecurity stories from July. Key topics include the $380 million lawsuit between Clorox and Cognizant following a massive ransomware attack, the ongoing legal battle between Delta and CrowdStrike, and breached forums like XSS leading to significant law enforcement actions. The panel also dives into AI-related risks in software development, recent supply chain attacks, and legislative developments in Europe affecting cybersecurity. Watch to stay informed about the latest trends and challenges in the cybersecurity landscape. 00:00 Introduction and Panelist Introductions 01:28 Major Cybersecurity Lawsuits: Clorox vs. Cognizant and Delta vs. CrowdStrike 04:11 Reflections on Legal Implications and Industry Impact 13:01 Tammy Harper on XSS Forum Seizure 17:52 Law Enforcement Tactics and Dark Web Trust Issues 23:47 Anton Levaja on Supply Chain Attacks 30:18 AI Wiping Code and Backup Issues 31:18 Security Concerns with Model Control Protocol 31:56 Challenges with AI in Code Review 34:02 The Problem with AI-Generated Code 40:43 The SharePoint Apocalypse 43:36 Impact of Business Decisions on Technology 49:16 Final Thoughts and Upcoming Stories 49:25 Current and Upcoming Tech Legislation
/episode/index/show/cybersecuritytoday/id/37741515
info_outline
Cybersecurity Alerts: Black Hat Exposes AI and Firmware Vulnerabilities
08/08/2025
Cybersecurity Alerts: Black Hat Exposes AI and Firmware Vulnerabilities
In this episode, host Jim Love thanks listeners for their support of his book 'Elisa, A Tale of Quantum Kisses,' which is available for 99 cents on Kindle. The show then dives into pressing cybersecurity issues discussed at Black Hat USA, including vulnerabilities in AI assistants via prompt injection attacks, and critical flaws in Broadcom chips used by Dell laptops that can lead to stealth backdoors. Microsoft Exchange zero-day vulnerabilities actively being exploited are also covered, along with a listener report about a Canadian domain registrar's expired security certificate. The episode emphasizes the importance of keeping systems and software updated to mitigate these security risks. 00:00 Introduction and Book Promotion 00:58 Cybersecurity Headlines 01:25 AI Assistant Vulnerabilities 03:36 Broadcom Chip Flaws in Dell Laptops 06:10 Microsoft Exchange Zero-Day Exploits 08:18 Listener's Domain Registrar Experience 10:36 Show Wrap-Up and Listener Engagement
/episode/index/show/cybersecuritytoday/id/37727160
info_outline
Cybersecurity Threats and Trends: From North Korean Spies to AI-Driven Attacks
08/06/2025
Cybersecurity Threats and Trends: From North Korean Spies to AI-Driven Attacks
In this episode, host Jim Love explores a variety of pressing cybersecurity threats and developments. The episode begins with an invitation for listeners to share their summer reading choices. The main content highlights include North Korean operatives infiltrating US companies through fake identities and AI-generated resumes, the ability of large language models to autonomously execute cyber attacks, a vulnerability in the AI-powered code editor Cursor allowing silent RCE attacks, and the rise of malicious Progressive Web Apps targeting mobile users. The show also discusses the risks associated with clicking unsubscribe links in spam emails. Listeners are encouraged to support the show and contribute through the website. 00:00 Introduction and Summer Reading Request 00:59 North Korean Spies in US Tech Firms 03:25 AI's Role in Cyber Attacks 05:18 Critical Vulnerability in AI Code Editor 07:36 Malicious Mobile Browser Hijacks 09:30 Unsubscribe Links as Phishing Traps 10:50 Conclusion and Listener Engagement
/episode/index/show/cybersecuritytoday/id/37696805
info_outline
Cybersecurity Today: Hamilton's Ransomware Crisis and Emerging AI and OAuth Threats
08/04/2025
Cybersecurity Today: Hamilton's Ransomware Crisis and Emerging AI and OAuth Threats
In this episode of 'Cybersecurity Today,' host David Chipley discusses several major security incidents and threats. Hamilton, Ontario faces a $5 million insurance denial following a ransomware attack due to incomplete deployment of Multi-Factor Authentication (MFA). The episode also highlights a severe vulnerability, CVE-2025-54135, in the AI-powered Code Editor 'Cursor', which could allow prompt injection attacks. Further topics include a new ransomware attack exploiting Microsoft SharePoint vulnerabilities investigated by Palo Alto Networks, and a campaign leveraging fake OAuth apps to compromise Microsoft 365 accounts. The episode underscores the importance of robust security measures, emphasizing MFA, OAuth hygiene, and prompt patching. 00:00 Introduction and Headlines 00:38 Hamilton's Ransomware Attack and Insurance Denial 02:52 AI-Powered Code Editor Vulnerability 04:57 Palo Alto Networks Investigates SharePoint Exploitation 06:51 Fake OAuth Apps and Microsoft 365 Breaches 08:48 Conclusion and Upcoming Events
/episode/index/show/cybersecuritytoday/id/37655925
info_outline
Combating the Grandparent Scam: A Deep Dive into Cybersecurity and Law Enforcement Efforts
08/02/2025
Combating the Grandparent Scam: A Deep Dive into Cybersecurity and Law Enforcement Efforts
This episode explores the 'Grandparent Scam,' a prevalent and profitable fraud targeting seniors by exploiting their concern for their grandchildren. Experts Deirdre and John from Ireland's National Cybersecurity Center and the Ontario Provincial Police share insights into the scam's mechanics, the emotional impact on victims, and the challenges law enforcement faces in combating such crimes. They discuss the effectiveness of public-private partnerships, the importance of victim-centric approaches, and emerging fraud trends such as investment scams and bank imposter scams. The episode emphasizes the critical role of education, awareness, and reporting in preventing and mitigating the impact of these cyber frauds. 00:00 Introduction to the Grandparent Scam 00:37 The Emotional and Financial Impact on Victims 01:26 Fighting Back: The Role of Law Enforcement 02:38 Meet the Experts: Deirdre's Journey 04:44 Meet the Experts: John's Journey 06:35 The Global Scale of Cyber Fraud 08:11 Challenges in Handling Individual Fraud Cases 10:24 Community-Based Approaches to Support Victims 14:37 The Sophistication of Modern Scams 20:57 The Grandparent Scam: A Detailed Breakdown 28:01 Understanding Social Engineering 28:19 Cybersecurity Conversations with Vulnerable Populations 28:50 Fraud Prevention Initiatives 31:07 Challenges in Communicating Cybersecurity 32:35 Emerging Fraud Trends 35:35 The Importance of Reporting Fraud 37:53 Future Threats and Scams 40:58 The Role of Public-Private Partnerships 41:46 Final Thoughts and Next Steps
/episode/index/show/cybersecuritytoday/id/37639365