Cybersecurity Today - Archive

Fortinet EMS Zero-Day Exploited, Anthropic's AI Finds Thousands of Bugs, and Iranian Hackers Target US ICS Cybersecurity Today would like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking stack, wired, wireless and cellular in one integrated solution that's built for performance and scale. You can find them at Meter.com/cst Host David Shipley reports Fortinet issued emergency hotfixes for a new actively exploited FortiClient EMS unauthenticated RCE zero-day (CVE-2026-35616) affecting 7.4.0.5/7.4.0.6, with over 2,000 exposed instances online and a full fix coming in 7.4.0.7.

Host David Shiple covers major cybersecurity news: investigators attribute a record $285 million April 1 hack of crypto platform Drift Protocol to North Korea, describing a three-week setup involving a fake "Carbon Vote Token," wash trading to inflate value, social engineering to pre-approve backdoored transactions, Drift's removal of a timelock, and rapid collateralized withdrawals that crashed Drift's token and are now tracked by TRM Labs; the report notes North Korea's 2025 crypto theft total of $2.5B and lifetime total surpassing $7B after this incident, alongside mention of a North Korea-linked supply-chain

EV Charging Infrastructure Security: How Hackers Could Disrupt Chargers, Networks, and the Grid Cybersecurity Today would like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking stack, wired, wireless and cellular in one integrated solution that's built for performance and scale. You can find them at Meter.com/cst In this holiday weekend edition of Cybersecurity Today, Jim Love introduces David Shipley's interview with Steve Visconti, CEO of Xiid Corporation, about cybersecurity risks in electric vehicle (EV) charging infrastructure. Visconti explains Xiid's software-based security layer for

Cisco Source Code Stolen in Trivy Fallout, Axios Supply Chain Attack, and Active Exploitation of Fortinet and Citrix Flaws David Shipley reports multiple major security incidents: attackers used credentials stolen in the Trivy supply-chain attack via a malicious GitHub action to breach Cisco's internal development environment, clone 300+ GitHub repos, steal source code (including AI products) and AWS keys, and impact customer-related code; Cisco contained the breach, re-imaged systems, and rotated credentials. A separate supply-chain attack hit the widely used JavaScript library Axios after its maintainer account was compromised, pushing poisoned

Mac Malware 'Infinity Stealer,' DarkSword iOS Exploits, China Telecom Espionage & TeamTNT Supply Chain Hits Cybersecurity Today would like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking stack, wired, wireless and cellular in one integrated solution that's built for performance and scale. You can find them at Meter.com/cst David Shipley reports from Seoul on major threats: Malwarebytes details Infinity Stealer, a new macOS info-stealer delivered via "ClickFix" social engineering and built as a compiled Python payload (Nuitka) that steals browser credentials, Keychain data,

RSAC Recap: Agentic AI Takes Over, Security Funding Shifts, and Why CISOs Must Focus on Resilience Cybersecurity Today would like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking stack, wired, wireless and cellular in one integrated solution that's built for performance and scale. You can find them at Meter.com/cst Jim Love and co-host David Shipley recap the RSA Conference in San Francisco, noting that "zero trust" marketing has faded and "agentic AI" (especially "agentic SOC") dominated vendor messaging. David highlights a major market

Anonymous Tip System Breach Exposes Millions of Records, Google Warns Q-Day by 2029, and New AI Documentation Supply-Chain Risks Cybersecurity Today would like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking stack, wired, wireless and cellular in one integrated solution that's built for performance and scale. You can find them at Meter.com/cst Jim Love reports that a breach at P3 Global Intel, whose tip-submission systems are used by police, government agencies, and schools, allegedly exposed over 8 million submissions including highly sensitive personal

RSAC: Retiring "APT," FCC's US-Made Router Ban, Zoom Call Scraping, Iran-Targeting Wiper, and Cyber Terrorism Insurance From RSAC 2026, host David Shipley highlights ESET researcher Robert Lipowsky's argument to retire the overused "advanced persistent threat" label and instead describe actors by motivation and activity, noting blurred lines between nation-state and criminal tooling. He also reports RSAC vendor trends (zero trust fading, "agentic AI" everywhere) and standout booth themes. In Washington, the FCC bans authorization of any new Wi‑Fi router models not made in the United States, citing supply-chain risk and attacks

Compliance Startup Audit-Faking Claims, Trivy Supply-Chain Backdoor, Russia Targets Signal/WhatsApp, and Iran-Linked Stryker Disruption Cybersecurity Today would like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking stack, wired, wireless and cellular in one integrated solution that's built for performance and scale. You can find them at Meter.com/cst This episode covers allegations that Y Combinator-backed compliance startup Delve helped customers fake privacy and security audits by generating fabricated evidence that auditors then rubber-stamped, alongside Delve's denial and a report of sensitive Delve data being

Cybersecurity Isn't Managing Risk—It's Managing Threats... And That's the Problem Host David Shipley speaks with Jeff Gardiner, a former university CISO and now at Morgan Stanley, about Gardiner's doctoral research arguing that cybersecurity has structurally misclassified "risk management" as threat management. Gardiner explains that real risk is an expected loss calculation (impact × likelihood), while many cybersecurity frameworks and training emphasize vulnerabilities, exploitability, and system configuration without likelihood or business impact. He describes examples where teams labeled unlikely issues as "extremely high risk," discusses interviews where leaders universally expect cybersecurity staff

FBI Seizes Iran-Linked Handala Leak Site After Stryker Intune Wipe Attack; Apple iPhone Exploit Patch; North Korean Fake IT Workers Grow Cybersecurity Today would like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking stack, wired, wireless and cellular in one integrated solution that's built for performance and scale. You can find them at Meter.com/cst The episode reports that the FBI has seized the data leak site used by the Iran-linked hacktivist group Handala, which has been widely linked to the Stryker attack where

Medical Device Breaches, Anti-Scam Pledge Scrutiny, AI Font Trick, and Iran-Linked Cyber Updates. Cybersecurity Today would like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking stack, wired, wireless and cellular in one integrated solution that's built for performance and scale. You can find them at Meter.com/cst The episode covers several cybersecurity stories: Intuitive Surgical disclosed a March 12 phishing-led intrusion where stolen credentials enabled access to its internal administrative network and data theft (customer/business contacts and employee records), while clinical platforms and Da

Alleged Canadian 'The Comm' Hacker Arrested, Interpol's Operation Synergia Takedown, Stryker Cyberattack Update and more.. Cybersecurity Today would like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking stack, wired, wireless and cellular in one integrated solution that's built for performance and scale. You can find them at Meter.com/cst Host David Shipley covers new details on the alleged takedown of "Waifu," a Canadian hacker tied to the cybercrime group The Com, after a harassment campaign against investigator Allison Nixon helped lead to his identification

Gemini in Google Workspace, Agentic AI, and Managing AI Anxiety (with Accenture's Krish Banerjee) Cybersecurity Today would like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking stack, wired, wireless and cellular in one integrated solution that's built for performance and scale. You can find them at Meter.com/cst In a special edition of Project Synapse shared with Cybersecurity Today, host Jim Love and co-host John Pinard (a VP and CSO at a Canadian financial institution) speak with Krish Banerjee, Accenture's managing director and partner

AI Agent Hacks McKinsey Chatbot in 2 Hours, NPM Phantom Raven, Router Malware & Trojaned AI Models This episode covers how researchers at CodeWall used an autonomous AI security agent to gain read/write access to McKinsey's internal chatbot Lilli database in about two hours by chaining exposed APIs and an SQL injection, potentially exposing 46.5 million chats, 728,000 files, 57,000 accounts, and 95 system prompts, with McKinsey saying the issues were fixed and no unauthorized access was found. It also reports on the Phantom Raven supply-chain campaign that published 88 malicious

This includes our regular Wednesday/Thursday segment but with an update from this breaking story on the attack on a large US medical company.

Fake Claude Code Installs, Arpa Phishing, Zombie ZIP Malware Evasion, and Iran/Israel Cyber Retaliation This episode covers four major security stories: the "InstaFix" campaign using Google sponsored ads and cloned Claude Code install pages to trick developers into pasting terminal commands that deploy the TeraStealer credential-stealing malware; a phishing technique abusing the special-use .arpa domain and IPv6 reverse DNS to evade email and domain-based defenses, using attacker-controlled DNS zones, traffic distribution systems, and lures like surveys and account notices; the "Zombie ZIP" technique that manipulates ZIP headers to bypass AV/EDR scanning,

Coruna iOS Exploit Kit Goes Mass-Market, FBI Wiretap Platform Breach Probe, Windows Terminal ClickFix, and Iran-War Cyber Escalation This episode covers several major cybersecurity developments: Google's Threat Intelligence Group details Coruna, a sophisticated iOS exploit kit with 23 exploits and multiple chains affecting iOS 13–17.2.1, shifting from targeted surveillance use to cryptocurrency-scam distribution and a PlasmaLoader payload aimed at stealing wallet data. The FBI is investigating suspicious activity involving its Digital Collection System Network used to support wiretaps and surveillance, with concerns about third-party vendor exposure and broader federal agency targeting.

Cybersecurity Today Month in Review: Iran Conflict Cyber Spillover, IoT Cameras, AI Hacking Tools, and Resilience Planning In this weekend month-in-review episode, host Jim Love and panelists David Shipley, Laura Payne, Neil Bisson, and Chris "CJ" Johnson discuss cyber and infrastructure impacts tied to the US/Israel–Iran conflict, including reported compromise of traffic camera networks for targeting, Iran's defensive internet shutdown, propaganda via a hacked prayer app, and GPS/AIS spoofing that misdirected ships in the Strait of Hormuz, raising oil and helium supply-chain concerns. They warn of potential Iranian retaliation via DDoS,

Wikipedia JavaScript Worm, ICE Contractor Data Leak Claim, and Leak Base Takedown Wikipedia admins contained a self-propagating JavaScript worm that spread via infected user script files, executing in logged-in editors' browsers and using authenticated sessions to copy itself into other scripts, sometimes affecting global scripts; administrators restricted edits, reverted and suppressed changes, replaced compromised scripts, and continue investigating the originating account. A hacktivist group calling itself the Department of Peace claims it leaked records tied to DHS's Office of Industry Partnership involving 6,681 organizations that applied for ICE-related contracts, releasing the

AI-Driven Warfare, Open-Source Attack Tooling, CISA Shakeups, Healthcare Ransomware, and GPS Jamming Risks Host David Shipley covers reports that hacked Tehran traffic cameras and an AI-powered targeting system helped a joint U.S.-Israeli operation ("Epic Fury") track and strike Iran's leadership, highlighting the growing role of compromised infrastructure and AI in modern conflict. Researchers also link the open-source toolkit Cyber Strike AI to automated attacks against Fortinet FortiGate devices, compromising over 600 systems across 55 countries and raising concerns about proliferating offensive AI tools. At CISA, CIO Robert Costello resigns amid leadership

OpenClaw AI Agent Hijack, CISA Leadership Shakeup, Iran Cyber Campaign, Air-Gap Malware, and Robot Vacuum Flaw Jim Love covers multiple cybersecurity stories: Oasis Security revealed "ClawJacked," a high-severity OpenClaw AI agent framework flaw caused by missing rate limiting on the local gateway, enabling malicious web pages to brute-force passwords via WebSockets, register a trusted device, and take over agents; OpenClaw patched it within 24 hours and users are urged to update to version 2020 6.2 0.25 and tighten governance for non-human identities. CISA sees a leadership change as acting director Madhu

Identity, AI Agents, and the Session Token Time Bomb | Carey Frey (CSO, TELUS) on Cybersecurity Today In this Cybersecurity Today weekend edition, David Shipley interviews Carey Frey, Chief Security Officer at TELUS, about the evolution of identity security and why it's a growing risk in the age of generative and agentic AI. Frey recounts his career from Canada's Communications Security Establishment to leading TELUS's internal security and managed cybersecurity services, then explains how convenience-driven identity decisions led from PKI's unrealized promise to passwords, bearer/session tokens, and today's widespread session cookie

Cisco SD-WAN Bug Actively Exploited, MCP Azure Takeover Demo, CarGurus Data Leak, and Secret Service Scam Recovery Host Jim Love covers four cybersecurity stories: CSA warns a critical Cisco Catalyst SD-WAN controller vulnerability (CVE-2026-20127) has been exploited since 2023, enabling authentication bypass and rogue peering sessions, and orders U.S. federal agencies to inventory systems, collect logs and forensic artifacts, hunt for compromise, and apply Cisco's fixes by 5:00 PM ET on February 27, 2026, with no workarounds. At RSA, researchers show how flaws in Model Context Protocol (MCP)—a key integration layer

Discord Drops Persona Age Verification, SolarWinds Serv-U Critical RCEs, Splunk Windows Priv Esc, and Smart TV Screenshot Surveillance Lawsuits In this episode of Cybersecurity Today, host Jim Love covers Discord ending its age-verification experiment with Persona after user backlash and researcher findings that Persona's front-end code suggested up to 269 verification checks, including watch list screening and risk scoring, amid already-thin trust following an earlier breach that exposed government ID images. The show also highlights SolarWinds Serv-U 15.5.0.4 patches for four critical (CVSS 9.1) remote code execution vulnerabilities (CVE-2025-40538, CVE-2025-40539, CVE-2025-40540,

AI-Accelerated FortiGate Breaches, Amazon Kiro Prod Disruption, Claude Code Security, Salt Typhoon Warning, and Youth Radicalization Risks Episode of Cybersecurity Today (hosted by David Shipley) covering: a Russian-speaking hacker using AI-written automation tools to breach 600+ Fortinet FortiGate firewalls across 55 countries by exploiting weak passwords and exposed management interfaces without MFA, with advice to lock down edge management access, enforce MFA, and strengthen password policies; an Amazon Kiro AI coding tool incident tied to a misconfigured role that allegedly deleted and recreated a production environment, causing a 13-hour disruption to

Jim Love discusses how rapid adoption of agentic AI is repeating the industry pattern of shipping technology without security, citing issues like vulnerabilities in Anthropic's MCP and insecure open-source agent tools. He interviews Ido Shlomo, co-founder and CTO of Token Security, who argues AI agents are fundamentally hard to secure because they are non-deterministic, have infinite input/output space, and often require broad permissions to be useful. Cybersecurity Today would like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking stack, wired, wireless and cellular

CISA Orders Emergency Patch for Actively Exploited Dell Flaw; Texas Sues TP-Link; Massive ID Verification Data Leak; SSA Database Leak Allegations Host Jim Love covers four cybersecurity stories: Cybersecurity Today would like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking stack, wired, wireless and cellular in one integrated solution that's built for performance and scale. You can find them at Meter.com/cst CISA ordered federal civilian agencies to patch an actively exploited critical Dell RecoverPoint for Virtual Machines vulnerability (CVE-2026-2769) within three days, citing

Info Stealers Target OpenClaw, a Robot Vacuum API Flaw Exposes Thousands, Best Buy Fraud Shows Zero Trust Context, and Canada Goose Data Leaked via Supplier The episode covers multiple security incidents and lessons. Hudson Rock details how an info stealer malware infection can vacuum OpenClaw data, including authentication tokens, master keys, device private cryptographic keys, and the agent-defining soul.md file that can reveal a "mirror" of a user's life; the attack was not targeted, raising concerns about upcoming dedicated OpenClaw-stealing modules. A hobbyist coder using an AI coding tool to reverse-engineer

This episode covers multiple active threats and security changes. It warns of an actively exploited critical BeyondTrust remote access vulnerability (CVE-2026-1731, CVSS 9.9) enabling pre-authentication remote code execution in Remote Support and Privileged Remote Access, noting SaaS was patched while on-prem deployments require urgent manual updates and may already be compromised. Microsoft details an evolution of the ClickFix social engineering technique where victims are tricked into running NSLookup commands that use attacker-controlled DNS responses as a malware staging channel, leading to payload delivery (including a Python-based RAT) and persistence via startup

This special Valentine's Day episode of Cybersecurity Today examines romance scams (often called pig butchering) and how fraudsters exploit trust, vulnerability, and loneliness. Host Jim Love speaks with McAfee Head of Threat Research Abhishek Karnik about new findings showing the scale and demographics of these scams, including widespread encounters with fake or AI-generated profiles, frequent financial solicitations, and that men are also heavily impacted. Cybersecurity Today would like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking stack, wired, wireless and cellular in one

This special Valentine's Day episode of Cybersecurity Today examines romance scams (often called pig butchering) and how fraudsters exploit trust, vulnerability, and loneliness. Host Jim Love speaks with McAfee Head of Threat Research Abhishek Karnik about new findings showing the scale and demographics of these scams, including widespread encounters with fake or AI-generated profiles, frequent financial solicitations, and that men are also heavily impacted. Cybersecurity Today would like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking stack, wired, wireless and cellular in one

In this episode of Cybersecurity Today with host Jim Love, we discuss six critical exploited Microsoft vulnerabilities, new phishing tactics using your own servers, and a zero-click vulnerability in Claude's code desktop extensions. We also explore trends in modern romance scams highlighting the younger, tech-savvy adult targets. Tune in for expert insights and practical tips to stay secure. Special thanks to Meter for their support. Hashtag Trending would like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking stack, wired, wireless and cellular in

In this episode of Cybersecurity Today, host Jim Love discusses the increasing risks posed by unsupported edge devices in global infrastructure. Highlighted by a recent cyber incident in Poland's energy sector, edge devices are becoming critical vulnerabilities due to their role in network security. The Cybersecurity and Infrastructure Security Agency (CISA) has issued new advisories urging immediate action to update or remove unsupported edge devices. The episode also covers issues with Microsoft Exchange online wrongly flagging legitimate emails as phishing, Google's warning on post-quantum cybersecurity preparedness, and continuing exposures tied to

In today's episode of Cybersecurity Today, host David Shipley discusses the latest developments and challenges in cybersecurity, including integrating AI into various systems, the rise of AI-driven security flaws, and the violent turn of cryptocurrency crime. The episode highlights a partnership between Open Claw and VirusTotal to scan AI skills for malware, the success of Anthropic's AI in identifying security vulnerabilities, and a violent home invasion linked to cryptocurrency theft. Additionally, the show covers the RCMP's first terrorism-related peace bond for a minor, and New York's proposed moratorium on data center

Welcome to Cybersecurity Today's Month In Review Join host Jim Love, alongside cybersecurity experts David Shipley, Laura Payne, and Mike Puglia, as they dive into last month's major topics in the cybersecurity world. This episode covers ongoing issues with Microsoft patches, continuous security concerns with Fortinet, and the risks and ramifications of AI activities. They also discuss the implications of poor software quality and the persistent threats in the cyber world. Plus, hear the latest on Mage Cart scams and the debate over local admin rights. Don't miss this packed episode

In this episode of Cybersecurity Today, host Jim Love discusses the latest advancements in AI-driven cyber attacks and their implications for security infrastructure. The episode covers a variety of topics, including the vulnerabilities in OpenClaw Marketplace, a rapid AI-assisted AWS attack, and data breaches linked to the Shiny Hunters group targeting Harvard and the University of Pennsylvania. From discussing the porous architecture of AI agents to exploring how attackers exploited AWS credentials in unsecured S3 buckets, this episode sheds light on the accelerated risks posed by AI in cybersecurity. Additionally, Jim

In this episode of Cybersecurity Today, Jim Love covers major vulnerabilities and security threats, including the exposure of over 3 million Fortinet devices, a critical flaw in Docker's AI assistant, and a sophisticated Android malware campaign using Hugging Face repositories. Discover the latest updates on these critical issues and gain insights into the measures being taken to mitigate these threats. Sponsored by Meter, providing integrated networking solutions for performance and scale. Cybersecurity Today would like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking

Cybersecurity Today: Google's Proxy Network Takedown, AI Agent Hijack, and More In today's episode of Cybersecurity Today, host David Shipley covers major cybersecurity stories, including Google's disruption of the massive residential proxy network IP Idea, the hijacking vulnerability of AI agent platform MT Book, and attackers abusing single sign-on platforms. We also delve into the coordinated cyber attack on Poland's energy sector by Russian state-linked actors and the misuse of eScan antivirus updates to deliver malware. Stay informed about the latest in cybersecurity with us! Cybersecurity Today would like to thank

In this episode of Cybersecurity Today, host Jim Love welcomes David Shipley, CEO of Beauceron Security, as a guest. Together, they delve into the latest research from Beauceron Security with assistance from he University of Montreal. They discuss the effectiveness of phishing simulations, the importance of reporting suspicious activities, and the psychological factors that lead to clicking on phishing emails. The episode also highlights the surprising advantages small businesses have over larger organizations in phishing defense, and how management's attitude towards cybersecurity significantly impacts a company's overall security culture. Don't miss

In this episode of Cybersecurity Today, host Jim Love explores the burgeoning world of actionable AI agents, examining key developments from companies like Google and Anthropic. The episode delves into the rapid rise of MoltBot, an open-source AI agent tool that has taken the developer community by storm. Jim also highlights the significant security concerns associated with these advanced AI systems, including delegated control, exposable credentials, and the potential for real-world consequences due to misuse. The podcast wraps up with a discussion on the future implications of these technologies and a

Cybersecurity Today: WhatsApp Privacy Lawsuit, Google's Personal AI, Canada Computers Breach, and Mass Password Leak In this episode, host Jim Love discusses pressing cybersecurity issues, including a lawsuit against WhatsApp for allegedly misleading users about message privacy, concerns over Google's new personal AI and its data security implications, a delayed response to a credit card skimming attack at Canada Computers, and the exposure of 149 million stolen passwords. Sponsored by Meter, the podcast also highlights the risks of using the same passwords and the importance of timely breach responses. Cybersecurity Today

Cybersecurity Today: Critical Fortinet Flaws, Windows 11 Issues, and Major Cloud Security Near Miss In today's episode of Cybersecurity Today, host David Shipley covers several pressing cybersecurity topics including the continued exploitation of Fortinet flaws despite recent patches, Windows 11 systems failing to boot after January updates, a thwarted cyber attack on Poland's energy sector by the Sandworm group, a sophisticated phishing campaign targeting the energy sector, and a critical AWS vulnerability that posed a significant risk to cloud security globally. Stay informed on these key issues and more. Cybersecurity Today

Discovering Void Link: The AI-Generated Malware Shaking Up Cybersecurity In this episode, we explore the fascinating discovery of 'Void Link,' one of the first documented cases of advanced malware authored almost entirely by artificial intelligence. Hosts delve into an eye-opening interview with experts from Checkpoint Research—Pedro Drimel and Sven Rath—who were integral to uncovering this next-gen cyber threat. Learn how Void Link's design, rapid development, and sophisticated features signify a new age in malware creation, and understand the implications for cybersecurity, particularly in cloud and Linux environments. This episode provides a

Fortinet Firewall Breached, Hidden Linux Vulnerability & Ransomware Boss Pleads Guilty | Cybersecurity Today In this episode of Cybersecurity Today, host David Shipley discusses the latest breach involving Fortinet FortiGate firewalls, an 11-year-old critical Linux vulnerability that was recently discovered, and a rare courtroom case where a ransomware boss pleaded guilty. The episode also highlights a report on widespread credential exposure in the retail sector. Stay informed on the latest cybersecurity news and developments. Sponsored by Meter. 00:00 Introduction and Sponsor Message 00:39 Fortinet Firewalls Breached 02:05 Critical Linux Vulnerability Exposed

Critical Cybersecurity Updates: Microsoft, Goot Loader, Anthropic, and AI-Generated Malware In this episode of Cybersecurity Today, host Jim Love discusses the latest security patches and threats in the industry. Topics include Microsoft's recent patch for a Windows Admin Center flaw, the resurgence and evolution of Goot Loader malware, Anthropic's quiet patching of key vulnerabilities in their Git MCP server, and the emergence of Void Link, an advanced AI-generated malware targeting Linux-based servers. Tune in to learn about the implications of these updates and what steps you can take to protect your

Critical Security Flaws Patched by Cisco and Fortinet Amidst Recent Cyber Threats In this episode of Cybersecurity Today, host David Chipley covers several pressing cybersecurity issues. Cisco has patched a maximum severity zero-day vulnerability in its Async OS software, which has been exploited by a Chinese state-linked group. Fortinet has also addressed a critical vulnerability in its 40 Seam product, which is being actively exploited in the wild. The Dutch National Police are still recovering from a Citrix breach, emphasizing the need for modern infrastructure. Meanwhile, a spear-phishing campaign targeting US

Building Secure Software with Tanya Janca: From Coding to Cybersecurity Advocacy In this episode of Cybersecurity Today, host Jim Love interviews Tanya Janca, also known as She Hacks Purple, a renowned Canadian application security expert and author. Tanya shares her journey from a software developer and musician to becoming a penetration tester and cybersecurity advocate. She discusses her work in training developers on secure coding practices and application security, emphasizing the need for integrated security training in academic programs and the software development lifecycle. Tanya also talks about the challenges women

Cybersecurity Challenges: Data Privacy Failures, AI Risks, and New Malware Threats In this episode of Cybersecurity Today, host David Shipley covers a range of pressing issues. The discussion kicks off with Staples Canada reselling laptops without wiping customer data, highlighting loopholes in Canada's privacy laws. Next, David delves into a new class of attacks known as 'Reprompt' that target Microsoft Co-pilot, exposing vulnerabilities in large language models. The episode also explores a critical flaw in ServiceNow's virtual agent that allowed attackers to impersonate legitimate users, emphasizing the importance of robust identity

Cybersecurity Today: Credit Card Skimming, Valley Rat Malware, WhatsApp Exploit & AI Defenses In this episode of Cybersecurity Today, hosted by Jim Love, we explore several critical cybersecurity threats and advancements. We cover a massive credit card skimming campaign active since early 2022, a severe bug in HPE OneView, the stealthy Valley Rat malware, and a potential zero-click exploit in WhatsApp. Additionally, we delve into AI-driven advancements in cybersecurity defense being developed at US National Laboratories. Stay informed and vigilant with the latest insights in cybersecurity. 00:00 Introduction and Sponsor Message

In this episode of Cybersecurity Today, host David Shipley covers the FBI's warning about North Korean state-sponsored QR code phishing campaigns targeting U.S. organizations. Additionally, he discusses Europol's arrest of 34 individuals in Spain tied to the infamous Black Acts crime syndicate and the uncertainty surrounding CISA's pre-ransomware notification initiative after the departure of its lead developer. Stay informed with the latest in cybersecurity news and learn how to protect yourself and your organization from emerging threats. Cybersecurity Today would like to thank Meter for their support in bringing you this

In this episode of Cybersecurity Today, brought to you by Meter, we review key events and stories from the past few weeks. Join host Jim along with experts Tammy Harper from Flair, Laura Payne from White Tuque, and David Shipley from Beauceron Security as they discuss major cybersecurity events that unfolded over the holidays, including the MongoDB vulnerability 'Mongo Bleed', the compromises at Rainbow Six Siege, and the ethical implications of hacktivism. The panel also explores the complexities of AI in cybersecurity, the vulnerability of critical infrastructure, and the dichotomy between

Cybersecurity Today: Sideloaded App Issues, Fake Blue Screen Attacks, and Rising Ransomware Threats In this episode of Cybersecurity Today, host Jim Love discusses HSBC blocking sideloaded apps with its banking app, new social engineering attacks using fake Windows blue screens to install malware, and the discovery of long-standing compromised Chrome extensions. Additionally, a new report reveals a significant rise in ransomware victims in 2025 despite major takedowns of ransomware groups. Special thanks to Meter for their support. 00:00 Introduction and Sponsor Message 00:21 HSBC Blocks Sideloaded Apps 02:44 Fake Blue Screen

In this episode of Cybersecurity Today, host Jim Love discusses the latest in cybersecurity threats including the rapidly growing Kim Wolf botnet affecting millions of devices, the rising threats to file-sharing environments, and the intersection of cybercrime with physical supply chains. He also covers an audacious hacktivist takedown of white supremacist websites. Tune in to learn about the evolving landscape of cybersecurity and practical measures you can take to protect your systems. Thank you to our sponsor Meter for supporting this podcast. Cybersecurity Today would like to thank Meter for their

In this episode of 'Cybersecurity Today', host David Shipley discusses significant cyber events and their implications. The podcast explores hints by President Donald Trump regarding the use of cyber tactics in a U.S. operation that resulted in a power outage in Venezuela. The episode also delves into the April 2025 data breach at Nova Scotia Power, detailing the company's efforts to keep incident specifics confidential and the extensive recovery measures taken. Lastly, it updates listeners on the Trust Wallet compromise linked to the Sha-Hulud supply chain attack, elucidating how the breach

In this episode, host Jim Love discusses the importance of cybersecurity awareness and training, featuring insights from Michael Joyce of the Human-Centric Cybersecurity Partnership at the University of Montreal and David Shipley of Beauceron Security. They explore the impact of cybersecurity awareness programs, the decay of sustained vigilance post-training, and the nuances between phishing reporting and clicking behaviors. The conversation also critiques recent research claims that question the efficacy of phishing training, emphasizing the need for continuous, empirically supported approaches in cybersecurity education. The episode highlights the value of balanced, layered

In this episode, the host shares a pre-recorded favorite interview with David Decary-Hetu, a criminologist at the University of Montreal. They discuss the dark web, its technology, and its role in cybercrime. Decary-Hetu explains how the dark web operates, its users, and the dynamics between researchers and law enforcement in tackling cyber threats. Key topics include the economics of illicit markets, the cat-and-mouse game between law enforcement and criminals, the role of cryptocurrencies, and the evolution of cyber threats. The episode offers insights into the social aspects of cybercrime and the

Cybersecurity Today: MongoDB Vulnerability 'Mongo Bleed' Exploited, Rainbow Six Siege Hacked, Trust Wallet Compromise, and GrubHub Crypto Scams In this episode of Cybersecurity Today, David Shipley covers significant cybersecurity incidents that occurred over the holiday period. The major topics include the 'Mongo Bleed' vulnerability in MongoDB that was disclosed and then publicly exploited on Christmas Day, leading to potential data leaks. Ubisoft's Rainbow Six Siege faced a breach enabling attackers to manipulate in-game functions and distribute billions worth of in-game currency for free. Trust Wallet's browser extension was compromised, resulting in

This is an interview with former hacker Brian Black. Brian is now on the right side of the battle and bringing his skills to to the fight against hackers. He finds the weaknesses in corporate security so that it can be patched. This was one of my favourite interviews this year. Listening to what Brian has learned and understanding how we can use that knowledge and experience kept me on the edge of my seat. Once more I want to thank Meter for making this possible. Visit them at meter.com/cst

Jim takes a break for some R&R during the holidays and shares his favorite podcast episodes from the year. He acknowledges that some listeners might have heard these episodes already, while others may find them new. The podcast's production is supported by Meter, a company providing integrated networking solutions. Additionally, support from listeners through the Buy Me a Coffee program has helped sustain the shows and expand their content offerings. Jim thanks Meter and the listeners, wishing everyone a Merry Christmas and a Happy New Year. 00:00 Introduction and Holiday Plans

Over the holidays we are rerunning some of our favourite episodes. This one first aired this summer and was one of my first conversations with the fascinating head of Operation Shamrock. We'll be back with regular programming on January 5th.

Global Cybercrime Crackdowns and Rising Threats This episode of 'Cybersecurity Today' hosted by David Shipley covers significant cybersecurity news. Nigerian police arrested three suspects linked to a Microsoft 365 phishing platform known as Raccoon O365. U.S. prosecutors charged 54 individuals in an ATM malware scheme tied to a Venezuelan criminal organization. Two incident responders pleaded guilty to conducting ransomware attacks while employed to help victims of such attacks. Denmark officially blamed Russia for a cyber attack on a water utility, exacerbating geopolitical tensions. Each segment highlights the intricate and international nature

Cybersecurity Today brings you a special year-end episode, featuring noteworthy guests Tammy Harper from Flare, Laura Payne from White Tuque, David Shipley from Beauceron Security, and John Pinard, co-host of Project Synapse. This episode delves into the pivotal cybersecurity stories of 2025, including a detailed discussion on MFA phishing attacks, the effectiveness of cybersecurity training, and the troubling trends in ransomware payments. Also covered are the evolving roles of AI in both defending and perpetrating cyber crimes. The guests share their insights, hopes, and concerns for the industry's future, emphasizing the

Cybersecurity Today: Cisco Zero Day Exploited & Maritime Cyber Attack Unfolds In this episode of Cybersecurity Today, host David Shipley discusses a series of critical cybersecurity incidents, including the exploitation of a zero-day flaw in Cisco email security infrastructure by a China-linked group, a Hollywood-style attack on an Italian ferry involving remote access malware, and a new data theft spree by the ClOP ransomware gang targeting file-sharing servers. Shipley also highlights the broader implications of cybersecurity on physical safety and national security. This episode is brought to you by Meter, a

In this episode of Cybersecurity Today, host Jim Love discusses a range of pressing cybersecurity threats. The show covers the escalating React2Shell vulnerability, which has led to widespread automated exploitation campaigns involving crypto miners and back doors. Additionally, Jim reports on the Black Force phishing kit, which bypasses multifactor authentication and is gaining traction among cybercriminals. Microsoft OAuth consent attacks are also highlighted, with users being tricked into granting access to their accounts. Finally, the episode touches on PornHub's data breach involving the Shiny Hunters cybercrime group and the importance of

In this episode of Cybersecurity Today, host David Shipley discusses significant developments in the cybersecurity landscape. Apple releases security updates to address two actively exploited WebKit vulnerabilities. Scammers manipulate AI-powered search tools to recommend fake support numbers, reflecting a growing security risk. Bitdefender uncovers malware hidden in torrent subtitles for the movie 'One Battle After Another.' Lastly, an AI named Artemis outperforms human penetration testers in a Stanford hacking experiment, highlighting the evolving role of AI in cybersecurity. Also included are insights on the implications of these events for future cybersecurity

In this episode of Cybersecurity Today, host Jim Love discusses the shocking discovery of over 80,000 leaked credentials and secrets in online code formatting tools with Jake Knott, a principal security researcher from Watchtower. They delve into the vulnerabilities exposed by these tools, the inadvertent leaking of sensitive information, and how attackers can easily exploit these weaknesses. The conversation covers the types of secrets found, the responses from various organizations, and best practices to prevent such exposures. Tune in to understand the critical importance of protecting your credentials and the steps

Cybersecurity Today: Spider-Man Phishing Kit, Gogs Zero-Day Exploits, and Recent Patches In this episode, host Jim Love discusses recent cybersecurity issues including the Spider-Man phishing kit targeting European banks and cryptocurrency users, a zero-day vulnerability in the self-hosted Git service Gogs, and various security updates. The Spider-Man kit creates highly convincing phishing pages, while the Gogs vulnerability allows remote code execution by exploiting symbolic links. Additionally, updates are covered for a Windows PowerShell zero-day and a zero-click flaw in Google's Gemini Enterprise. The show emphasizes the importance of vigilance and timely

Cybersecurity Today: Google Chrome's AI Safety Plan, React2Shell Fixes, & New Ransomware Tactics In this episode of Cybersecurity Today, host Jim Love discusses Google's new security blueprint for AI-powered Chrome agents, highlighting measures against indirect prompt injections and model errors. Learn about Next JS's new tool for addressing the critical React2Shell vulnerability and the emerging threat from Storm 0249 using EDR tools for ransomware. The episode also covers new data showing manufacturers remain top ransomware targets. Sponsored by Meter. 00:00 Introduction and Sponsor Message 00:22 Google's New Security Plan for Chrome

Explosive React Vulnerability and AI Tool Flaws Uncovered: Major Implications for Cybersecurity In this episode of Cybersecurity Today, host David Shipley discusses a new significant React vulnerability, React2Shell, that has caused widespread confusion and debate in the security community. This major flaw, affecting a widely used web framework, poses significant risks like remote code execution and malware deployment across numerous organizations. The episode also highlights flaws in AI coding tools discovered by researcher Ari Marzouk, which could compromise integrated development environments (IDEs) and software supply chains. Additionally, a ransomware breach at

Cybersecurity Today: The Rise of Living Off the Land Strategies & More In this episode of Cybersecurity Today's Month in Review, host Jim Love is joined by Laura Payne from White Tuque and David Shipley from Beauceron Security. They discuss several pressing cybersecurity issues, including the growing threat of 'living off the land' strategies where attackers use legitimate software to stay undetected, the risks associated with public Wi-Fi and QR codes, and the recent breaches involving Oracle's E-Business Suite and SonicWall's management devices. The panel also reflects on the often conflicting

In this episode of 'Cybersecurity Today,' host Jim Love discusses several significant cybersecurity issues. Highlights include a maximum severity vulnerability in React Server Components dubbed React2Shell (CVE-2025-55182), a recently patched Windows shortcut flaw by Microsoft, and new attacks using the Evilginx phishing platform in schools. Additionally, the show explores a long-running campaign by 'Shady Panda,' which used browser extensions to harvest data, and an unexpected failure by Google's AI tool that led to the deletion of a developer's hard drive. The episode also thanks Meter for their continued support. 00:00 Introduction

This episode of Cybersecurity Today, hosted by Jim Love, delves into various cybersecurity threats and latest news. Topics include 'living off the land' attacks using Microsoft's native utilities, spoofing Calendly invites for phishing Google and Meta credentials, a significant breach at the University of Pennsylvania linked to Oracle E-Business Suite vulnerabilities, and findings on AI jailbreaks tied to syntactic patterns by researchers from MIT, Northeastern University, and Meta. The episode emphasizes the ongoing challenges and evolving strategies in cybersecurity. 00:00 Introduction and Sponsor Message 00:43 Living Off the Land Attacks

In this episode of Cybersecurity Today, host David Shipley discusses a range of pressing cybersecurity issues. Topics include the surge in QR code parking scams, with recent cases in Monaco, Ottawa, and across Europe; an Australian man sentenced for evil twin WiFi attacks targeting travelers; the shutdown of the Code Red emergency notification system due to ransomware; and critical vulnerabilities in Microsoft Teams' guest access feature. Shipley also examines the newly launched hacklore.org website aiming to debunk cybersecurity myths, while critiquing its dismissal of real-world threats. Stay informed on how criminals

The Intersection of Espionage Techniques and Cybersecurity Threats This episode explores the parallels between espionage and cybersecurity, particularly focusing on social engineering tactics used in both domains. Hosted by Jim Love, the podcast features insights from Neil Bisson, a retired intelligence officer from CSIS, and David Shipley, CEO of Beauceron Security. They discuss the vulnerabilities in human behavior that can be exploited, the similarity between human intelligence operations and phishing attacks, and how AI is transforming the landscape of social engineering. Practical advice on recognizing and mitigating these threats is also

In this episode, the host addresses a previous mistake in naming a company involved in a breach, correcting SitusAMC for Ascensus, and extends apologies. Key topics include US banks assessing a breach fallout from financial tech vendor SitusAMC, ransomware group CioP targeting Broadcom through Oracle's vulnerabilities, a new malware campaign hiding in Blender 3D models named SteelC, supply chain attacks in the JavaScript ecosystem through NPM packages with Shai-Hulud malware, and a phishing scam using lookalike domains to deceive Microsoft account holders. Listeners are reminded to manually type URLs to avoid

In today's episode of Cybersecurity Today, hosted by Jim Love, several major cybersecurity incidents are discussed. US banks are assessing the impact of a security breach at SitusAMC, where the ALFV ransomware group claimed to have stolen three terabytes of data. CIOP has targeted Broadcom through Oracle's E-Business Suite vulnerabilities. A new malware campaign hides inside Blender 3D models, exploiting the auto-run feature to deploy Steel C malware. The JavaScript ecosystem faces a supply chain attack from the Shai-Hulud malware compromising 500 NPM packages. Additionally, a phishing campaign leveraging visual deception

In this episode, host David Shipley discusses some of the most pressing issues in cybersecurity today. Checkout.com refuses to pay a ransom to cyber extortion group Shiny Hunters and instead donates to cybersecurity research. The U.S. SEC ends its long-standing case against SolarWinds and their CISO Tim Brown, highlighting ongoing debates about cybersecurity accountability. Additionally, the FCC reverses cybersecurity mandates originally set after the Salt Typhoon hacks, drawing criticism and raising questions about national security preparedness. The episode emphasizes the critical role of policy and regulation in affecting cybersecurity outcomes and

In this episode of Cybersecurity Today, host Jim Love welcomes retired intelligence officer Neil Bisson and regular guest David Shipley for an in-depth discussion on current cybersecurity threats facing both Canada and the US. They explore the roles of major state actors like China, Russia, Iran, and North Korea in cyber espionage and sabotage, alongside the motivations driving such activities. The conversation delves into the challenges faced by corporations and critical infrastructure, the importance of understanding motivations behind cyber attacks, and the need for greater cooperation between the private sector and

In this episode of Cybersecurity Today, host Jim Love discusses several major cybersecurity events. CloudFlare faced significant outages affecting major platforms like Amazon and YouTube, along with continued issues for Microsoft 365 users. NordVPN warned of a surge in fake shopping websites as Black Friday approaches, with phishing attempts climbing 36% between August and October. An AI transcription tool caused a privacy breach at an Ontario hospital, leading to a privacy probe. Finally, Salesforce is investigating a data theft wave linked to Gainsight, illustrating the risks of OAuth token misuse. The

In this episode of 'Cybersecurity Today,' host Jim Love covers multiple pressing topics: CloudFlare's major outage affecting services like OpenAI and Discord, Microsoft's new AI feature in Windows 11 and its potential malware risks, a new red team tool that exploits cloud-based EDR systems, and a new tactic using calendar invites as a stealth attack vector. Additionally, a critical SAP vulnerability scoring a perfect 10 on the CVSS scale is discussed alongside a peculiar event where Anthropic's AI mistakenly tried to report a cybercrime to the FBI. The episode wraps up

Critical Cybersecurity Updates: Fortinet Zero Day, North Korean Infiltration & JLR Cyber Attack In this episode of Cybersecurity Today, host David Chipley discusses the latest critical updates in the cybersecurity world. Fortinet faces a massive zero-day vulnerability actively exploited, leading to major security patches. North Korean IT workers have infiltrated 136 companies, massively impacting corporate security and funneling millions to the DPRK. Jaguar Land Rover's cyber attack results in a startling $220 million loss, affecting the UK's economy. Lastly, we delve into widespread copy-pasted flaws across leading AI platforms like Meta

In this episode of Cybersecurity Today, host Jim Love is joined by Tammy Harper, a senior threat intelligence researcher at Flare, to explore the future landscape of cybercrime. The conversation delves into various aspects like the evolution of underground markets, state-backed cyber sanctuaries, and decentralized escrow systems. Harper presents insights on extortion as a service, the implications of artificial intelligence in cybercrime, and the potential impact of quantum computing on encryption. The episode also discusses the changing nature of digital sovereignty and its effects on cybersecurity. This thorough examination offers a

In this episode, host Jim Love discusses several significant cybersecurity events and updates. The Washington Post confirmed a security breach affecting nearly 10,000 individuals due to an exploited Oracle E-Business Suite vulnerability. CrowdStrike's 2025 Global Threat Report highlights the rise of 'enterprising adversaries' and a surge in malware-free intrusions. In addition, a new phishing scam targets iPhone users by mimicking Apple's device recovery alerts. Finally, a listener raised concerns about security issues with SonicWall's management devices and systems. The show concludes with information on upcoming content and thanks to Meter for

In this episode of Cybersecurity Today, host David Shipley covers the latest threats in the cybersecurity landscape. Highlights include the emergence of the quantum root redirect (QRR) phishing kit, a sophisticated automated phishing platform targeting Microsoft 365 credentials across 90 countries. The hospitality industry is also being hit with a new 'click fix' phishing campaign, compromising booking systems and targeting hotel guests. Researchers discover new vulnerabilities in ChatGPT, exposing private data via indirect prompt injection attacks. Additionally, the University of Pennsylvania confirms a massive data breach, highlighting the risks of not

Cybersecurity Today would like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking stack, wired, wireless and cellular in one integrated solution that's built for performance and scale. You can find them at Meter.com/cst In today's episode, we cover the breach at the US Congressional Budget Office and its implications on national security, Microsoft Teams' chat feature being exploited for phishing attacks, and the increasing use of AI in cyber attacks. We also highlight how Canadian veterans are being retrained for careers in cybersecurity

Unveiling the Double-Edged Sword of AI in Cybersecurity with Brian Black In this episode of Cybersecurity Today, host Jim Love interviews Brian Black, the head of security engineering at Deep Instinct and a former black hat hacker. Brian shares his journey into hacking from a young age, his transition to ethical hacking, and his experiences working with major companies. The discussion delves into the effectiveness of cybersecurity defenses against modern AI-driven attacks, the importance of understanding organizational data, and the challenges of maintaining robust security in the age of AI. Brian

In this episode of 'Cybersecurity Today,' hosted by Jim Love, the focus is on recent developments and tactics in cybersecurity. The episode discusses Meter's networking solutions, the innovative tactics of the ransomware group Killen using common Windows tools, and three new open-source offerings aimed at improving security: Heisenberg for software bills of materials, OpenAI's Aardvark for automated vulnerability detection, and Open PCC for securing AI data flows. The show emphasizes the importance of detecting unusual behaviors in legitimate tools and highlights the need for proactive security measures in development pipelines. Listeners

In this episode of Cybersecurity Today, host Jim Love dives into several shocking security lapses and emerging threats. Highlights include ransomware negotiators at Digital Mint accused of being behind attacks, a new AI vulnerability that exploits Windows' built-in stack, and a misuse of OpenAI's API for command and control in malware operations. Additionally, AMD confirms a flaw in its Zen 5 CPUs that could lead to predictable encryption keys, and the Louvre faces scrutiny after a major theft reveals poor password practices and maintenance failures. The episode underscores the importance

In this episode, host David Shipley discusses a significant cybersecurity breach at the University of Pennsylvania, which involved offensive emails sent from legitimate university addresses. The attackers claim to have accessed sensitive data, though their statements remain unverified. Shipley emphasizes the importance of vigilant communication and rapid response systems in mitigating damage. The episode also covers urgent cybersecurity alerts issued by Western agencies for Microsoft Exchange and WSUS servers, highlighting the necessity of continuous system updates and robust security measures. Lastly, Australia's cybersecurity agency warns against ongoing attacks on unpatched Cisco

In this episode of 'Cybersecurity Today,' the panel, including Laura Payne from White TOK and David Shipley from Boer on Securities, reviews the major cybersecurity events of October. Key topics include DNS failures at AWS and Microsoft, the rise of AI and its associated security concerns, and several severe cloud and on-premises vulnerabilities in platforms like SharePoint and WSUS. The discussion highlights a surge in sophisticated phishing threats, the integration of AI in cyber attacks, and the critical importance of multifactor authentication. The panel also examines the implications of recent security

In this episode of Cybersecurity Today, host Jim Love covers a series of alarming cybersecurity incidents. Key highlights include Ernst and Young exposing a massive 4TB database to the open internet, a former L3 Harris executive guilty of selling zero-day exploits to a Russian broker, a sophisticated zero-day spyware campaign hitting Chrome, and a nation-state cyberattack on US telecom provider Ribbon Communications. Tune in to understand the critical lessons from these breaches and the emerging risks in cybersecurity. 00:00 EY's Massive Data Exposure 02:05 US Defense Contractor's Insider Threat 03:33 Chrome's

In this episode of Cybersecurity Today, host Jim Love explores the potential shift in Russia's stance on cyber criminals, including arrests of major network operators. Discover the latest phishing scams where hackers fabricate death notices to steal passwords, a critical vulnerability exposing thousands of AI servers, and a massive malware campaign on YouTube. Plus, discuss the dual nature of AI in cybersecurity—both as a transformative technology and a new threat. Join the conversation on the future of cybersecurity! 00:00 Introduction: Cybersecurity Headlines 00:26 Russia's Crackdown on Cybercriminals 02:47 Phishing Scam Targets

In this episode of Cybersecurity Today, host David Shipley covers the latest updates from the Pwn2Own 2025 event in Ireland, where top hackers earned over $1 million for uncovering 73 zero-day vulnerabilities. Despite significant hype, AI's impact on cybersecurity remains limited. We also dive into a critical Microsoft WSUS flaw under active exploitation and its implications for U.S. government cyber defenses amid a federal shutdown. Lastly, ESET reports reveal North Korea's increased cyber espionage targeting European drone manufacturers. Stay informed on the ever-evolving landscape of cybersecurity threats and defenses. 00:00 Introduction

In this episode of Cybersecurity Today, host Jim Love sits down with Graham Barrie a CISO and white hat hacker, to discuss the critical importance of cybersecurity for small and medium-sized businesses. From the moment Berry fell in love with technology through a Tandy TRS 80 to his current role helping businesses secure their data, this conversation covers the evolution of cybersecurity. They delve into how Berry assists businesses in understanding cybersecurity risks, communicating effectively with clients, and preparing for and recovering from cyber incidents. This episode is packed with insightful

In today's episode, host Jim Love discusses the discovery of the 'Glass Worm,' a self-spreading malware hidden in Visual Studio Code extensions downloaded over 35,000 times. The worm, hiding its malicious JavaScript in invisible unicode characters, steals developer credentials and drains crypto wallets. He also covers the security flaws in AI-powered IDEs like Cursor and Windsurf, leaving 1.8 million developers vulnerable. Lastly, a new survey from ISACA reveals that AI-driven attacks are now the top cybersecurity concern for 2026, overtaking ransomware and insider threats. Love advises how developers and security teams

In this episode of Cybersecurity Today, your host Jim Love discusses Microsoft's latest findings on how ransomware and extortion account for over half of all cyber attacks globally, highlighting the shift toward financially driven crimes. Learn about the breach at the Kansas City National Security Campus due to a SharePoint vulnerability and how Anthropic's new open-source sandbox aims to make AI coding safer. Additionally, discover how AI tools can help spot scams as Jim shares his personal experience and practical tips. Stay informed on the latest cybersecurity trends and essential defense

In this episode of Cybersecurity Today, host David Shipley covers the latest developments in cyber threats and law enforcement victories. Topics include: cybercriminals using TikTok videos to disseminate malware through click-fix attacks, Europol shutting down a massive SIM farm powering 49 million fake online accounts, and Microsoft's emergency patch release for a critical ASP.NET Core vulnerability rated 9.9 in severity. The episode also highlights community efforts in raising cybersecurity awareness. 00:00 Introduction and Headlines 00:23 TikTok Malware Campaign 03:43 Europol's Major SIM Farm Bust 07:45 Microsoft's Critical ASP.NET Core Vulnerability 11:55

In this episode, Jim Love interviews David Décary-Hétu, a criminologist at the Universite´de Montréal, discussing the dark web and its impact on criminal activity and cybersecurity. They delve into what the dark web is, how it operates, its primary users, and its role in cybercrime. They also explore the dynamics of online criminal networks, challenges faced by law enforcement, and the surprising aspects of online illicit activities. The importance of monitoring online conversations and understanding cyber threats is emphasized, with insights into the use of cryptocurrencies and the evolution of cybercrime

This episode of Cybersecurity Today, hosted by Jim Love, covers several critical topics in the realm of cybersecurity. Researchers found that unencrypted data from satellites is accessible with cheap equipment, leading to potential eavesdropping on sensitive information worldwide. A new botnet campaign is aggressively scanning for unsecured RDP services, posing a significant threat of ransomware and data theft. Canadian Tire Corporation experienced a data breach affecting customer information. An Android vulnerability allows hackers to steal two-factor authentication codes, prompting discussions on the need for faster security patch rollouts. Lastly, two brothers