Cybersecurity Today
Updates on the latest cybersecurity threats to businesses, data breach disclosures, and how you can secure your firm in an increasingly risky time.
info_outline
The First Wave Of Sophisticated AI Generated Malware
01/21/2026
The First Wave Of Sophisticated AI Generated Malware
Critical Cybersecurity Updates: Microsoft, Goot Loader, Anthropic, and AI-Generated Malware In this episode of Cybersecurity Today, host Jim Love discusses the latest security patches and threats in the industry. Topics include Microsoft's recent patch for a Windows Admin Center flaw, the resurgence and evolution of Goot Loader malware, Anthropic's quiet patching of key vulnerabilities in their Git MCP server, and the emergence of Void Link, an advanced AI-generated malware targeting Linux-based servers. Tune in to learn about the implications of these updates and what steps you can take to protect your systems. Cybersecurity Today would like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking stack, wired, wireless and cellular in one integrated solution that's built for performance and scale. You can find them at Meter.com/cst 00:00 Introduction and Sponsor Message 00:20 Microsoft Patches Critical Windows Admin Center Flaw 02:54 Goot Loader Malware Resurgence 06:18 Anthropic Patches Git MCP Vulnerabilities 09:55 Void Link: AI-Generated Malware
/episode/index/show/cybersecuritytoday/id/39807935
info_outline
Cisco Patches Async OS Bug
01/19/2026
Cisco Patches Async OS Bug
Critical Security Flaws Patched by Cisco and Fortinet Amidst Recent Cyber Threats In this episode of Cybersecurity Today, host David Chipley covers several pressing cybersecurity issues. Cisco has patched a maximum severity zero-day vulnerability in its Async OS software, which has been exploited by a Chinese state-linked group. Fortinet has also addressed a critical vulnerability in its 40 Seam product, which is being actively exploited in the wild. The Dutch National Police are still recovering from a Citrix breach, emphasizing the need for modern infrastructure. Meanwhile, a spear-phishing campaign targeting US organizations uses Venezuela-themed lures. The episode wraps up with a discussion on a recent study revealing that training AI to produce insecure code can lead to broader problematic behaviour. Cybersecurity Today would like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking stack, wired, wireless and cellular in one integrated solution that's built for performance and scale. You can find them at Meter.com/cst 00:00 Introduction and Sponsor Message 00:46 Cisco Patches Critical Async OS Bug 02:26 Fortinet Vulnerability Exploited in the Wild 04:04 Dutch National Police and Aging IT Infrastructure 05:55 Spear Phishing Campaign with Venezuelan Lure 07:54 AI Writing Buggy Code: Unexpected Consequences 10:21 Conclusion and Final Thoughts
/episode/index/show/cybersecuritytoday/id/39778920
info_outline
She Hacks Purple: An Interview With Cybersecurity Expert Tanya Janca
01/17/2026
She Hacks Purple: An Interview With Cybersecurity Expert Tanya Janca
Building Secure Software with Tanya Janca: From Coding to Cybersecurity Advocacy In this episode of Cybersecurity Today, host Jim Love interviews Tanya Janca, also known as She Hacks Purple, a renowned Canadian application security expert and author. Tanya shares her journey from a software developer and musician to becoming a penetration tester and cybersecurity advocate. She discusses her work in training developers on secure coding practices and application security, emphasizing the need for integrated security training in academic programs and the software development lifecycle. Tanya also talks about the challenges women face in the cybersecurity field and her efforts to empower underrepresented groups through initiatives like WOsec and We Hack Purple. Sponsored by Meter, this episode dives deep into the importance of building security into software development and the potential role of AI in improving code security. 00:00 Introduction and Sponsor Message 00:18 Meet Tanya Janca: The Journey Begins 01:05 From Developer to Pen Tester 03:14 Empowering Women in Cybersecurity 13:11 Challenges in Academia and Training 19:18 The Need for Secure Coding 21:22 Challenges in Medical Device Security 22:18 The Economics of Open Source 24:43 Building Security into Development 26:14 Training and Cultural Shifts 32:33 AI and Secure Coding 39:03 Incident Response and Preparedness 39:54 Final Thoughts and Future Directions
/episode/index/show/cybersecuritytoday/id/39765785
info_outline
Staples Slips Up On Data Removal
01/16/2026
Staples Slips Up On Data Removal
Cybersecurity Challenges: Data Privacy Failures, AI Risks, and New Malware Threats In this episode of Cybersecurity Today, host David Shipley covers a range of pressing issues. The discussion kicks off with Staples Canada reselling laptops without wiping customer data, highlighting loopholes in Canada’s privacy laws. Next, David delves into a new class of attacks known as ‘Reprompt’ that target Microsoft Co-pilot, exposing vulnerabilities in large language models. The episode also explores a critical flaw in ServiceNow’s virtual agent that allowed attackers to impersonate legitimate users, emphasizing the importance of robust identity verification. Lastly, a newly discovered advanced Linux malware framework designed for cloud environments is dissected, pointing to evolving threats that leverage customer mistakes. The episode concludes with a call to address these problems through better people, processes, and cultural practices. Cybersecurity Today would like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking stack, wired, wireless and cellular in one integrated solution that's built for performance and scale. You can find them at Meter.com/cst 00:00 Introduction and Sponsor Message 00:48 Staples' Privacy Lapse: A Recurring Issue 03:03 Microsoft Co-pilot Vulnerability: Reprompt Attack 05:22 ServiceNow's AI Vulnerability: Authentication Gaps 07:02 Advanced Linux Malware: A Cloud-First Threat 08:46 Conclusion and Key Takeaways 09:37 Closing Remarks and Sponsor Acknowledgment
/episode/index/show/cybersecuritytoday/id/39754610
info_outline
HPE Open View Vulnerability Hits CISA Known Exploited List
01/14/2026
HPE Open View Vulnerability Hits CISA Known Exploited List
Cybersecurity Today: Credit Card Skimming, Valley Rat Malware, WhatsApp Exploit & AI Defenses In this episode of Cybersecurity Today, hosted by Jim Love, we explore several critical cybersecurity threats and advancements. We cover a massive credit card skimming campaign active since early 2022, a severe bug in HPE OneView, the stealthy Valley Rat malware, and a potential zero-click exploit in WhatsApp. Additionally, we delve into AI-driven advancements in cybersecurity defense being developed at US National Laboratories. Stay informed and vigilant with the latest insights in cybersecurity. 00:00 Introduction and Sponsor Message 00:48 Credit Card Skimming Campaign Uncovered 02:49 Critical Vulnerability in HPE OneView 04:16 Valley Rat Malware Threat 06:22 Suspected Zero-Day Vulnerability in WhatsApp 08:29 AI-Powered Cyber Defenses in US National Labs 10:08 Conclusion and Sponsor Message
/episode/index/show/cybersecuritytoday/id/39724360
info_outline
FBI Warns of QR Code Phishing & Europol's Major Cybercrime Crackdown CST Monday Jan 12 2026
01/12/2026
FBI Warns of QR Code Phishing & Europol's Major Cybercrime Crackdown CST Monday Jan 12 2026
In this episode of Cybersecurity Today, host David Shipley covers the FBI's warning about North Korean state-sponsored QR code phishing campaigns targeting U.S. organizations. Additionally, he discusses Europol's arrest of 34 individuals in Spain tied to the infamous Black Acts crime syndicate and the uncertainty surrounding CISA's pre-ransomware notification initiative after the departure of its lead developer. Stay informed with the latest in cybersecurity news and learn how to protect yourself and your organization from emerging threats. Cybersecurity Today would like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking stack, wired, wireless and cellular in one integrated solution that's built for performance and scale. You can find them at Meter.com/cst 00:00 Introduction and Sponsor Message 00:20 FBI Warns of QR Code Phishing 04:44 Europol's Major Crackdown on Black Acts 07:11 Uncertainty Over Ransomware Alerts Program 09:41 US Withdraws from Cybersecurity Organizations 10:25 Conclusion and Final Thoughts
/episode/index/show/cybersecuritytoday/id/39693770
info_outline
Cybersecurity Today: The Month in Review - Key Stories and Insights
01/10/2026
Cybersecurity Today: The Month in Review - Key Stories and Insights
In this episode of Cybersecurity Today, brought to you by Meter, we review key events and stories from the past few weeks. Join host Jim along with experts Tammy Harper from Flair, Laura Payne from White Tuque, and David Shipley from Beauceron Security as they discuss major cybersecurity events that unfolded over the holidays, including the MongoDB vulnerability 'Mongo Bleed', the compromises at Rainbow Six Siege, and the ethical implications of hacktivism. The panel also explores the complexities of AI in cybersecurity, the vulnerability of critical infrastructure, and the dichotomy between ethical hacking and cybercrime in the industry. As always, we emphasize the intersection of cybersecurity with people, processes, and our daily lives. Cybersecurity Today would like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking stack, wired, wireless and cellular in one integrated solution that's built for performance and scale. You can find them at Meter.com/cst 00:00 Introduction and Sponsor Message 00:20 Panel Introduction and Holiday Recap 02:26 MongoDB Vulnerability: Mongo Bleed 05:15 AI and Responsible Disclosure 16:20 Gaming Security: Rainbow Six Siege Hack 20:13 Video Games and Malware Risks 24:54 Fake Video Propaganda and Infrastructure Attacks 25:48 The Dilemma of Cybersecurity Censorship 26:34 Deepfakes and Cognitive Warfare 27:37 Cyber Operations and Infrastructure Vulnerability 34:42 The Role of Private Companies in Cyber Conflicts 36:19 Internal Threats in Cybersecurity 43:20 Hacktivism: Ethics and Boundaries 49:03 Conclusion and Final Thoughts
/episode/index/show/cybersecuritytoday/id/39679710
info_outline
Window's Blue Screen of Death Vulnerability
01/09/2026
Window's Blue Screen of Death Vulnerability
Cybersecurity Today: Sideloaded App Issues, Fake Blue Screen Attacks, and Rising Ransomware Threats In this episode of Cybersecurity Today, host Jim Love discusses HSBC blocking sideloaded apps with its banking app, new social engineering attacks using fake Windows blue screens to install malware, and the discovery of long-standing compromised Chrome extensions. Additionally, a new report reveals a significant rise in ransomware victims in 2025 despite major takedowns of ransomware groups. Special thanks to Meter for their support. 00:00 Introduction and Sponsor Message 00:21 HSBC Blocks Sideloaded Apps 02:44 Fake Blue Screen of Death Malware 04:49 Compromised Chrome Extensions 06:33 Ransomware Trends in 2025 08:33 Conclusion and Sponsor Message
/episode/index/show/cybersecuritytoday/id/39669350
info_outline
Kimwolf Bot Strikes - "Routers Will Not Protect You"
01/07/2026
Kimwolf Bot Strikes - "Routers Will Not Protect You"
In this episode of Cybersecurity Today, host Jim Love discusses the latest in cybersecurity threats including the rapidly growing Kim Wolf botnet affecting millions of devices, the rising threats to file-sharing environments, and the intersection of cybercrime with physical supply chains. He also covers an audacious hacktivist takedown of white supremacist websites. Tune in to learn about the evolving landscape of cybersecurity and practical measures you can take to protect your systems. Thank you to our sponsor Meter for supporting this podcast. Cybersecurity Today would like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking stack, wired, wireless and cellular in one integrated solution that's built for performance and scale. You can find them at Meter.com/cst 00:00 Introduction and Sponsor Message 00:21 Kim Wolf Botnet: A Growing Threat 04:07 Mitigation Strategies for Kim Wolf 05:22 Corporate Data Breaches: Zestix and ShareFile 07:48 Cyber-Enabled Cargo Theft: The Lobster Heist 09:44 Hacktivism: Root Takes Down White Supremacist Sites 11:46 Conclusion and Contact Information
/episode/index/show/cybersecuritytoday/id/39637725
info_outline
Infrastructure Under Attack: Cybersecurity Today for Monday January 5, 2026
01/05/2026
Infrastructure Under Attack: Cybersecurity Today for Monday January 5, 2026
In this episode of 'Cybersecurity Today', host David Shipley discusses significant cyber events and their implications. The podcast explores hints by President Donald Trump regarding the use of cyber tactics in a U.S. operation that resulted in a power outage in Venezuela. The episode also delves into the April 2025 data breach at Nova Scotia Power, detailing the company's efforts to keep incident specifics confidential and the extensive recovery measures taken. Lastly, it updates listeners on the Trust Wallet compromise linked to the Sha-Hulud supply chain attack, elucidating how the breach occurred and its aftermath. The episode underscores the growing cyber threat landscape and the critical need for enhanced cybersecurity measures. 00:00 Introduction and Sponsor Message 00:46 US Cyber Operations in Venezuela 03:13 Implications for Cybersecurity Professionals 04:37 Nova Scotia Power Breach Details 08:52 Trust Wallet Hack Update 10:46 Conclusion and Final Thoughts
/episode/index/show/cybersecuritytoday/id/39611390
info_outline
Final Encore Episode - Research, Cybersecurity Awareness and Training
01/03/2026
Final Encore Episode - Research, Cybersecurity Awareness and Training
In this episode, host Jim Love discusses the importance of cybersecurity awareness and training, featuring insights from Michael Joyce of the Human-Centric Cybersecurity Partnership at the University of Montreal and David Shipley of Beauceron Security. They explore the impact of cybersecurity awareness programs, the decay of sustained vigilance post-training, and the nuances between phishing reporting and clicking behaviors. The conversation also critiques recent research claims that question the efficacy of phishing training, emphasizing the need for continuous, empirically supported approaches in cybersecurity education. The episode highlights the value of balanced, layered defenses involving both technical solutions and informed user behavior. 00:00 Introduction and Podcast Announcement 00:14 Sponsorship Acknowledgment 00:35 The Nature of Cybersecurity Awareness 01:09 Introduction to the Research Show 01:21 Guest Introductions 02:15 Human-Centric Cybersecurity Partnership 03:46 The Importance of Canadian Research 04:40 Cybersecurity and Culture 05:27 The Role of Research in Cybersecurity 07:12 David's Research and Collaboration with Michael 08:46 The Value of Independent Research 13:33 Cybersecurity Awareness Month Impact 17:23 Phishing Simulation and Reporting 23:49 Awareness Decay and Vigilance 30:55 The Importance of Reporting and Feedback Loops 40:00 Optimal Frequency for Cybersecurity Training 40:27 Critiques and Misconceptions in Phishing Training 42:00 Empirical Data and Training Effectiveness 43:19 Insights from Phishing Simulations 47:14 Understanding Why People Click 52:43 Challenges in Cybersecurity Research 01:04:06 The Importance of Layered Defenses 01:17:17 Concluding Thoughts on Cybersecurity Training
/episode/index/show/cybersecuritytoday/id/39598190
info_outline
Inside the Dark Web: Exploring Cybercrime with Expert David Décary-Hétu
12/31/2025
Inside the Dark Web: Exploring Cybercrime with Expert David Décary-Hétu
In this episode, the host shares a pre-recorded favorite interview with David Decary-Hetu, a criminologist at the University of Montreal. They discuss the dark web, its technology, and its role in cybercrime. Decary-Hetu explains how the dark web operates, its users, and the dynamics between researchers and law enforcement in tackling cyber threats. Key topics include the economics of illicit markets, the cat-and-mouse game between law enforcement and criminals, the role of cryptocurrencies, and the evolution of cyber threats. The episode offers insights into the social aspects of cybercrime and the measures being taken to combat it. 00:00 Introduction and Sponsor Message 00:52 Understanding the Dark Web 02:16 Interview with David Decary-Hetu 05:10 The Basics of the Dark Web 06:27 Technology Behind the Dark Web 14:49 Law Enforcement Challenges 21:50 Trust and Transactions on the Dark Web 23:45 Recruitment and Structure of Cybercriminals 26:42 Cultural Dynamics in Hacking Communities 27:32 Researching the Impact of Technology on Crime 29:01 Challenges in Policing the Dark Web 30:12 The Role of Social Engineering in Cybercrime 31:18 Law Enforcement Strategies and Conditional Deterrence 32:09 The Evolution of Cybercrime and Cryptocurrency 41:24 Legal and Ethical Considerations in Cybercrime 43:47 Advice for Policymakers and Corporations 48:44 Educational Resources and Conferences 50:57 Conclusion and Final Thoughts
/episode/index/show/cybersecuritytoday/id/39572685
info_outline
MongoDB - MongoBleed Vulnerability Exploit Reported On Christmas Day
12/29/2025
MongoDB - MongoBleed Vulnerability Exploit Reported On Christmas Day
Cybersecurity Today: MongoDB Vulnerability 'Mongo Bleed' Exploited, Rainbow Six Siege Hacked, Trust Wallet Compromise, and GrubHub Crypto Scams In this episode of Cybersecurity Today, David Shipley covers significant cybersecurity incidents that occurred over the holiday period. The major topics include the 'Mongo Bleed' vulnerability in MongoDB that was disclosed and then publicly exploited on Christmas Day, leading to potential data leaks. Ubisoft's Rainbow Six Siege faced a breach enabling attackers to manipulate in-game functions and distribute billions worth of in-game currency for free. Trust Wallet's browser extension was compromised, resulting in a loss of approximately $7 million in cryptocurrencies. Finally, a phishing scam using a legitimate GrubHub subdomain to promise fake Bitcoin rewards was also discussed. Immediate actions and preventive updates were highlighted for all these incidents. 00:00 Introduction and Sponsor Message 00:48 Mongo Bleed Vulnerability Exploit 04:10 Rainbow Six Siege Breach 08:13 Trust Wallet Extension Hack 10:30 GrubHub Bitcoin Scam 12:02 Conclusion and Sign-Off
/episode/index/show/cybersecuritytoday/id/39550305
info_outline
A Hacker Tells His Story
12/28/2025
A Hacker Tells His Story
This is an interview with former hacker Brian Black. Brian is now on the right side of the battle and bringing his skills to to the fight against hackers. He finds the weaknesses in corporate security so that it can be patched. This was one of my favourite interviews this year. Listening to what Brian has learned and understanding how we can use that knowledge and experience kept me on the edge of my seat. Once more I want to thank Meter for making this possible. Visit them at meter.com/cst
/episode/index/show/cybersecuritytoday/id/39543400
info_outline
The Ransomware Ecosystem: An Encore Holiday Episode
12/26/2025
The Ransomware Ecosystem: An Encore Holiday Episode
Jim takes a break for some R&R during the holidays and shares his favorite podcast episodes from the year. He acknowledges that some listeners might have heard these episodes already, while others may find them new. The podcast's production is supported by Meter, a company providing integrated networking solutions. Additionally, support from listeners through the Buy Me a Coffee program has helped sustain the shows and expand their content offerings. Jim thanks Meter and the listeners, wishing everyone a Merry Christmas and a Happy New Year. 00:00 Introduction and Holiday Plans 00:33 Sponsor Acknowledgment 01:08 Support and Growth 01:55 Final Thoughts and Episode Introduction
/episode/index/show/cybersecuritytoday/id/39535430
info_outline
Year End Repeat: Pig Butchering: Operation Shamrock Fights Back
12/24/2025
Year End Repeat: Pig Butchering: Operation Shamrock Fights Back
Over the holidays we are rerunning some of our favourite episodes. This one first aired this summer and was one of my first conversations with the fascinating head of Operation Shamrock. We'll be back with regular programming on January 5th.
/episode/index/show/cybersecuritytoday/id/39524200
info_outline
Arrests In 0365 Scheme: Cybersecurity Today With David Shipley
12/22/2025
Arrests In 0365 Scheme: Cybersecurity Today With David Shipley
Global Cybercrime Crackdowns and Rising Threats This episode of 'Cybersecurity Today' hosted by David Shipley covers significant cybersecurity news. Nigerian police arrested three suspects linked to a Microsoft 365 phishing platform known as Raccoon O365. U.S. prosecutors charged 54 individuals in an ATM malware scheme tied to a Venezuelan criminal organization. Two incident responders pleaded guilty to conducting ransomware attacks while employed to help victims of such attacks. Denmark officially blamed Russia for a cyber attack on a water utility, exacerbating geopolitical tensions. Each segment highlights the intricate and international nature of modern cybercrime and the ongoing challenges in cybersecurity. 00:00 Introduction and Sponsor Message 00:20 Nigerian Police Arrest Phishing Suspects 03:28 US ATM Malware Scheme Uncovered 05:46 Insider Ransomware Attackers Plead Guilty 08:21 Denmark Blames Russia for Cyber Attack 11:08 Conclusion and Holiday Wishes 12:20 Sponsor Message and Closing
/episode/index/show/cybersecuritytoday/id/39490125
info_outline
Year-End Review: The Highs and Lows of Cybersecurity in 2025
12/20/2025
Year-End Review: The Highs and Lows of Cybersecurity in 2025
Cybersecurity Today brings you a special year-end episode, featuring noteworthy guests Tammy Harper from Flare, Laura Payne from White Tuque, David Shipley from Beauceron Security, and John Pinard, co-host of Project Synapse. This episode delves into the pivotal cybersecurity stories of 2025, including a detailed discussion on MFA phishing attacks, the effectiveness of cybersecurity training, and the troubling trends in ransomware payments. Also covered are the evolving roles of AI in both defending and perpetrating cyber crimes. The guests share their insights, hopes, and concerns for the industry’s future, emphasizing the importance of awareness, empathy, and community. Tune in as they reflect on the past year's challenges and successes, and look forward to more resilient and innovative cybersecurity practices in 2026. 00:00 Introduction and Sponsor Message 00:20 Meet the Panelists 01:30 Reflecting on the Year: Achievements and Goals 02:08 Naughty and Nice: Cybersecurity Challenges 03:44 The Rise of Fake Torrents and Piracy 07:07 Ransomware and Data Extortion Trends 18:00 The Importance of Multi-Factor Authentication (MFA) 26:15 The Persistent Threat of Email Phishing 27:24 AI Vulnerabilities and Security Concerns 28:18 The Role of AI in Social Engineering 29:07 The Impact of AI on Cybersecurity 31:15 The Future of AI and Security Measures 34:40 The Human Element in Cybersecurity 39:49 Hopes and Predictions for the Future 45:33 Final Thoughts and Reflections
/episode/index/show/cybersecuritytoday/id/39480020
info_outline
On the Zero Day of Christmas - Cisco Devices Under Attack
12/19/2025
On the Zero Day of Christmas - Cisco Devices Under Attack
Cybersecurity Today: Cisco Zero Day Exploited & Maritime Cyber Attack Unfolds In this episode of Cybersecurity Today, host David Shipley discusses a series of critical cybersecurity incidents, including the exploitation of a zero-day flaw in Cisco email security infrastructure by a China-linked group, a Hollywood-style attack on an Italian ferry involving remote access malware, and a new data theft spree by the ClOP ransomware gang targeting file-sharing servers. Shipley also highlights the broader implications of cybersecurity on physical safety and national security. This episode is brought to you by Meter, a complete networking stack provider for enterprises. 00:00 Introduction and Sponsor Message 00:20 Massive Patch List and Zero-Day Flaw in Cisco 03:41 Latvian Arrested in Italian Ferry Cyberattack 06:31 ClOP Ransomware Gang's New Target 08:54 Conclusion and Upcoming Episodes
/episode/index/show/cybersecuritytoday/id/39458225
info_outline
React2Shell Vulnerability, Black Force Phishing Kit, Microsoft OAuth Attacks, and PornHub Data Breach
12/17/2025
React2Shell Vulnerability, Black Force Phishing Kit, Microsoft OAuth Attacks, and PornHub Data Breach
In this episode of Cybersecurity Today, host Jim Love discusses a range of pressing cybersecurity threats. The show covers the escalating React2Shell vulnerability, which has led to widespread automated exploitation campaigns involving crypto miners and back doors. Additionally, Jim reports on the Black Force phishing kit, which bypasses multifactor authentication and is gaining traction among cybercriminals. Microsoft OAuth consent attacks are also highlighted, with users being tricked into granting access to their accounts. Finally, the episode touches on PornHub's data breach involving the Shiny Hunters cybercrime group and the importance of patching vulnerabilities and being cautious during the holiday season. 00:00 Introduction and Sponsor Message 00:22 React2Shell Vulnerability Deep Dive 03:46 Black Force Phishing Toolkit 05:44 Microsoft OAuth Consent Phishing 07:29 PornHub Data Breach by Shiny Hunters 10:21 Holiday Cybersecurity Tips and Final Thoughts
/episode/index/show/cybersecuritytoday/id/39437020
info_outline
Cybersecurity Today: Apple Security Updates, AI Search Engine Scams, Torrent Malware, and Stanford's AI Penetration Testing
12/15/2025
Cybersecurity Today: Apple Security Updates, AI Search Engine Scams, Torrent Malware, and Stanford's AI Penetration Testing
In this episode of Cybersecurity Today, host David Shipley discusses significant developments in the cybersecurity landscape. Apple releases security updates to address two actively exploited WebKit vulnerabilities. Scammers manipulate AI-powered search tools to recommend fake support numbers, reflecting a growing security risk. Bitdefender uncovers malware hidden in torrent subtitles for the movie 'One Battle After Another.' Lastly, an AI named Artemis outperforms human penetration testers in a Stanford hacking experiment, highlighting the evolving role of AI in cybersecurity. Also included are insights on the implications of these events for future cybersecurity challenges. Cybersecurity Today would like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking stack, wired, wireless and cellular in one integrated solution that's built for performance and scale. You can find them at Meter.com/cst 00:00 Introduction and Sponsor Message 00:52 Apple's Urgent Security Updates 03:24 AI-Powered Scams: A Growing Threat 06:59 Malware Hidden in Torrents 10:03 AI Outperforms Human Pen Testers 13:25 Conclusion and Contact Information
/episode/index/show/cybersecuritytoday/id/39405745
info_outline
The Hidden Danger of Storing Secrets Online | Interview with Jake Knott from Watchtower
12/13/2025
The Hidden Danger of Storing Secrets Online | Interview with Jake Knott from Watchtower
In this episode of Cybersecurity Today, host Jim Love discusses the shocking discovery of over 80,000 leaked credentials and secrets in online code formatting tools with Jake Knott, a principal security researcher from Watchtower. They delve into the vulnerabilities exposed by these tools, the inadvertent leaking of sensitive information, and how attackers can easily exploit these weaknesses. The conversation covers the types of secrets found, the responses from various organizations, and best practices to prevent such exposures. Tune in to understand the critical importance of protecting your credentials and the steps you can take to avoid falling victim to these types of security breaches. 00:00 Introduction and Sponsor Message 00:22 Accidental Data Leaks: A Growing Concern 00:55 Supply Chain Vulnerabilities 01:47 Shocking Discovery: 80,000+ Secrets Exposed 06:29 Interview with Jake Knott from Watchtower 08:19 The Risks of Using Online Tools 28:23 Best Practices and Mitigation Strategies 35:05 Conclusion and Final Thoughts
/episode/index/show/cybersecuritytoday/id/39390945
info_outline
Spiderman and Cybersecurity.
12/12/2025
Spiderman and Cybersecurity.
Cybersecurity Today: Spider-Man Phishing Kit, Gogs Zero-Day Exploits, and Recent Patches In this episode, host Jim Love discusses recent cybersecurity issues including the Spider-Man phishing kit targeting European banks and cryptocurrency users, a zero-day vulnerability in the self-hosted Git service Gogs, and various security updates. The Spider-Man kit creates highly convincing phishing pages, while the Gogs vulnerability allows remote code execution by exploiting symbolic links. Additionally, updates are covered for a Windows PowerShell zero-day and a zero-click flaw in Google's Gemini Enterprise. The show emphasizes the importance of vigilance and timely patching to mitigate these threats. 00:00 Introduction and Technical Issues 00:20 Sponsor Message: Meter Networking Solutions 00:43 Spider-Man Phishing Kit Targets European Banks 03:13 Gogs Zero-Day Vulnerability Exploited 05:57 Windows PowerShell Zero-Day Patched 08:05 Google Patches Gemini Zero-Click Flaw 10:42 Conclusion and Weekend Show Teaser
/episode/index/show/cybersecuritytoday/id/39379060
info_outline
Google Chrome's AI Safety Plan? More AI
12/10/2025
Google Chrome's AI Safety Plan? More AI
Cybersecurity Today: Google Chrome's AI Safety Plan, React2Shell Fixes, & New Ransomware Tactics In this episode of Cybersecurity Today, host Jim Love discusses Google's new security blueprint for AI-powered Chrome agents, highlighting measures against indirect prompt injections and model errors. Learn about Next JS's new tool for addressing the critical React2Shell vulnerability and the emerging threat from Storm 0249 using EDR tools for ransomware. The episode also covers new data showing manufacturers remain top ransomware targets. Sponsored by Meter. 00:00 Introduction and Sponsor Message 00:22 Google's New Security Plan for Chrome Agents 03:41 Next JS Scanner for React2Shell Vulnerability 05:41 Storm 0249: Malware Hidden in EDR Tools 07:45 Ransomware Targets Manufacturing Sector 09:34 Conclusion and Final Notes
/episode/index/show/cybersecuritytoday/id/39350205
info_outline
DevelopmentTools May Allow Remote Compromise
12/08/2025
DevelopmentTools May Allow Remote Compromise
Explosive React Vulnerability and AI Tool Flaws Uncovered: Major Implications for Cybersecurity In this episode of Cybersecurity Today, host David Shipley discusses a new significant React vulnerability, React2Shell, that has caused widespread confusion and debate in the security community. This major flaw, affecting a widely used web framework, poses significant risks like remote code execution and malware deployment across numerous organizations. The episode also highlights flaws in AI coding tools discovered by researcher Ari Marzouk, which could compromise integrated development environments (IDEs) and software supply chains. Additionally, a ransomware breach at Marquis Software Solutions, impacting over 70 US banks and credit unions, is examined. Emphasis is placed on the critical need for robust security culture and proactive measures in the face of evolving threats. Cybersecurity Today would like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking stack, wired, wireless and cellular in one integrated solution that's built for performance and scale. You can find them at Meter.com/cst 00:00 Introduction and Sponsor Message 00:43 React Flaw Drama: A Deep Dive 04:58 AI Coding Tools: New Vulnerabilities 08:04 Ransomware Breach in Financial Sector 10:27 Conclusion and Call to Action
/episode/index/show/cybersecuritytoday/id/39317710
info_outline
Cybersecurity Today Month In Review - December 5th, 2025
12/06/2025
Cybersecurity Today Month In Review - December 5th, 2025
Cybersecurity Today: The Rise of Living Off the Land Strategies & More In this episode of Cybersecurity Today's Month in Review, host Jim Love is joined by Laura Payne from White Tuque and David Shipley from Beauceron Security. They discuss several pressing cybersecurity issues, including the growing threat of 'living off the land' strategies where attackers use legitimate software to stay undetected, the risks associated with public Wi-Fi and QR codes, and the recent breaches involving Oracle's E-Business Suite and SonicWall’s management devices. The panel also reflects on the often conflicting cybersecurity advice circulating today and emphasizes the importance of nuanced communication in security practices. Plus, find out who wins the 'Stinky' award for cybersecurity blunders and what you can do to stay safe. Special thanks to Meter for supporting this podcast. Tune in for a deep dive into these crucial cybersecurity topics and more. 00:00 Introduction and Sponsor Message 00:19 Welcome and Guest Introductions 00:50 Unique Coffee Partnership 02:27 Living Off the Land: Cybersecurity Tactics 04:33 Social Engineering and AI Threats 13:51 The Role of Social Media in Cyber Fraud 20:05 Microsoft's New Teams Feature: A Security Risk? 26:39 Oracle Vulnerability and Enterprise Security 27:26 Patching Core Systems: Challenges and Necessities 28:12 Clop Ransomware: A Persistent Threat 29:09 University Data Breaches: The Case of U Penn 30:18 Security Culture and Leadership Accountability 33:49 Debunking Security Myths: Juice Jacking and QR Codes 39:15 Public WiFi and VPNs: Proceed with Caution 41:18 The Importance of Effective Cybersecurity Communication 48:33 SonicWall Security Concerns and the Stinkies Awards 51:13 Wrapping Up: Reflections and Future Episodes
/episode/index/show/cybersecuritytoday/id/39305605
info_outline
Shady Panda Hides For Years In Legitimate Browser Extensions: Cybersecurity Today
12/05/2025
Shady Panda Hides For Years In Legitimate Browser Extensions: Cybersecurity Today
In this episode of 'Cybersecurity Today,' host Jim Love discusses several significant cybersecurity issues. Highlights include a maximum severity vulnerability in React Server Components dubbed React2Shell (CVE-2025-55182), a recently patched Windows shortcut flaw by Microsoft, and new attacks using the Evilginx phishing platform in schools. Additionally, the show explores a long-running campaign by 'Shady Panda,' which used browser extensions to harvest data, and an unexpected failure by Google's AI tool that led to the deletion of a developer's hard drive. The episode also thanks Meter for their continued support. 00:00 Introduction and Sponsor Message 00:48 React Vulnerability: React2Shell 03:13 Microsoft's Long-Standing Shortcut Flaw 04:50 Evilginx: Bypassing MFA in Education 06:59 Shady Panda's Malicious Extensions 09:13 Google's AI Mishap: Developer's Hard Drive Wiped 11:01 Conclusion and Final Thoughts
/episode/index/show/cybersecuritytoday/id/39287880
info_outline
Living off the Land Attacks and Emerging Cyber Threats
12/03/2025
Living off the Land Attacks and Emerging Cyber Threats
This episode of Cybersecurity Today, hosted by Jim Love, delves into various cybersecurity threats and latest news. Topics include 'living off the land' attacks using Microsoft's native utilities, spoofing Calendly invites for phishing Google and Meta credentials, a significant breach at the University of Pennsylvania linked to Oracle E-Business Suite vulnerabilities, and findings on AI jailbreaks tied to syntactic patterns by researchers from MIT, Northeastern University, and Meta. The episode emphasizes the ongoing challenges and evolving strategies in cybersecurity. 00:00 Introduction and Sponsor Message 00:43 Living Off the Land Attacks Explained 03:41 Fake Calendly Invites and Phishing Campaigns 05:47 Oracle Breach and Its Implications 07:55 AI Jailbreaks and Syntax Hacking 11:27 Conclusion and Final Thoughts
/episode/index/show/cybersecuritytoday/id/39246325
info_outline
Cybersecurity Today: QR Code Parking Scams, Evil Twin WiFi Attacks & Microsoft's Teams Flaw
12/01/2025
Cybersecurity Today: QR Code Parking Scams, Evil Twin WiFi Attacks & Microsoft's Teams Flaw
In this episode of Cybersecurity Today, host David Shipley discusses a range of pressing cybersecurity issues. Topics include the surge in QR code parking scams, with recent cases in Monaco, Ottawa, and across Europe; an Australian man sentenced for evil twin WiFi attacks targeting travelers; the shutdown of the Code Red emergency notification system due to ransomware; and critical vulnerabilities in Microsoft Teams' guest access feature. Shipley also examines the newly launched hacklore.org website aiming to debunk cybersecurity myths, while critiquing its dismissal of real-world threats. Stay informed on how criminals exploit simple deception, human assumptions, and technology lapses to perpetrate fraud and data breaches. 00:00 Introduction and Sponsor Message 00:21 Hack Lore vs. Real Cyber Threats 03:45 QR Code Parking Scams 07:24 Evil Twin WiFi Attacks 09:43 Ransomware Attack on Code Red 11:44 Microsoft Teams Security Flaw 15:09 Conclusion and Final Thoughts
/episode/index/show/cybersecuritytoday/id/39215775
info_outline
Espionage and Intelligence - What Cybersecurity Professionals Can Learn
11/28/2025
Espionage and Intelligence - What Cybersecurity Professionals Can Learn
The Intersection of Espionage Techniques and Cybersecurity Threats This episode explores the parallels between espionage and cybersecurity, particularly focusing on social engineering tactics used in both domains. Hosted by Jim Love, the podcast features insights from Neil Bisson, a retired intelligence officer from CSIS, and David Shipley, CEO of Beauceron Security. They discuss the vulnerabilities in human behavior that can be exploited, the similarity between human intelligence operations and phishing attacks, and how AI is transforming the landscape of social engineering. Practical advice on recognizing and mitigating these threats is also provided. The episode underscores the importance of empathy, skepticism, and continuous education in defending against sophisticated cyber threats. 00:00 Introduction and Sponsor Message 00:25 Linking Espionage and Cybersecurity 01:06 The Role of Social Engineering in Cyber Attacks 02:25 Guest Introductions: Neil Bisson and David Shipley 03:24 Recruitment Tactics in Intelligence 05:56 Phishing vs. Intelligence Recruitment 07:48 AI's Role in Modern Social Engineering 10:45 Building Trust and Rapport in Intelligence 16:19 Ethical Considerations in Intelligence Work 20:01 Future of Cybersecurity and Social Engineering 24:31 The Art of Subtle Manipulation 26:01 Clandestine Tactics and Voluntary Information 26:24 Incremental Trust Building 26:46 Psychological Manipulation and Cult Recruitment 27:34 Human Connection and Vulnerability 28:53 AI and Social Engineering 30:25 The Threat of AI in Recruitment 33:20 Emotional Manipulation in Espionage 36:19 Defending Against Manipulation 38:12 Empathy and Information as Defense 45:49 Final Thoughts and Audience Engagement
/episode/index/show/cybersecuritytoday/id/39195125