Cybersecurity Today

Jim Love

Updates on the latest cybersecurity threats to businesses, data breach disclosures, and how you can secure your firm in an increasingly risky time.

  1. 7 hr ago

    AI Export Controls, FortiBleed, Third-Party Breaches & CISO Burnout | Cybersecurity Today Panel

    Can governments decide who gets access to advanced AI models? Are third-party breaches becoming impossible to control? And why are so many CISOs reaching burnout? In this special Cybersecurity Today Month in Review Panel, host Jim Love is joined by cybersecurity experts Laura Payne, David Shipley, and Mike Kim (Mycroft) to examine the biggest cybersecurity stories and trends from June 2026. The panel explores the controversy over U.S. export controls on Anthropic's Mythos and Fable AI models, what they reveal about digital sovereignty, and whether governments should be able to restrict access to frontier AI. They also discuss the continuing wave of third-party breaches, including Salesforce ecosystem compromises and the Clue breach, and why organizations must move beyond compliance toward practical risk management. The conversation examines FortiBleed, exposed administrator portals, credential reuse, and the difficult balance between software flaws, operational mistakes, and secure-by-default design. The panel also tackles one of cybersecurity's biggest human challenges: CISO burnout, executive accountability, organizational culture, and what separates successful security leaders from those set up to fail. The episode concludes with encouraging developments in international cybercrime enforcement, including Operation Riptide, and why better intelligence sharing and improved operational security are making it harder for cybercriminals to hide. Whether you're a CISO, security practitioner, IT leader, or simply interested in the rapidly changing cybersecurity landscape, this discussion offers practical insight into the trends shaping the industry. Panel Jim Love (Host) Laura Payne David Shipley Mike Kim (Mycroft) Topics covered AI export controls and digital sovereignty Anthropic Mythos and Fable Third-party and supply chain risk Salesforce ecosystem security FortiBleed and Fortinet security Secure-by-default strategies CISO burnout and executive accountability Operation Riptide Cybercrime investigations Security leadership and governance Chapters 00:00 Sponsor NordLayer 00:38 Meet the Panel 02:40 Author Scam Warning 04:51 Emotion Is the Target 08:47 AI Model Export Controls 10:01 Hype vs Real AI Security 15:01 Sovereignty and Dependency 20:35 Governments Push Back 24:14 AI Internal Voice Risks 26:12 Third Party Breach Fatigue 30:05 Compliance Limits on Risk 32:15 Blame Game to Risk Focus 33:18 Standards and Priorities 33:39 When Security Vendors Fail 34:35 FortiBleed Numbers Explained 35:44 Process Failures vs Bugs 37:32 Why Fortinet Gets Heat 39:05 Secure by Default Basics 41:04 Budget Reality and Culture 44:36 CISO Burnout and AI Pressure 46:16 Liability and Shared Ownership 50:12 What Great CISOs Do 53:07 Operation Riptide Wins 56:10 Deterrence and Due Process 58:14 Sharing Intel for ROI 59:09 Hopium and Wrap Up 01:00:46 Sponsor NordLayer Message

    1hr 2min
  2. 1 Jul

    US puts $10m bounty on Russian hackers, new phish hunts hotels, Supreme Court reins in geofencing

    US Puts $10M Bounty on Russian Hackers, Supreme Court Limits Geofence Warrants, New phishing campaign targets hotels, AI Coding Agents Tricked into Malware and Canada's Electronic Spies Go After Ransomware Gangs.  The episode covers the US State Department's up to $10 million reward for information on Russia-linked hacker groups UNC 5792 and UNC 4221 tied to phishing campaigns that compromise Signal and WhatsApp accounts by stealing Signal backup recovery keys.  It also explains a US Supreme Court 6–3 ruling limiting geofence warrants by recognizing Fourth Amendment privacy protections for phone location data and requiring probable cause and narrower requests.  Mozilla ODIN researchers demonstrate a proof of concept where a clean GitHub repo can cause AI coding agents to run an init command that executes attacker-controlled code via DNS and opens a reverse shell. A hotel-focused phishing campaign using Calendly and Google redirects delivers ZIP files that install the Tonrat implant through PowerShell and a user-space Node.js runtime.  Finally, Canada's CSE says it disrupted infrastructure used by 10 major ransomware groups and reports incident volumes rising nearly 26% year over year. 00:24 Top Headlines Rundown 00:54 10 Million Bounty Russian Hackers 02:42 Supreme Court Limits Geofence Warrants 03:56 AI Coding Agent Repo Trap 05:31 Listener Thanks And Reviews 05:51 Hotel Front Desk Phishing Attack 08:01 Canada Disrupts Ransomware Gangs 09:45 Closing And Sign Off

    11 min
  3. 27 Jun

    Why Car Dealerships Are Prime Cyber Targets: Fraud, Resilience, and Security Leadership with Jennifer Hutton

    Cybersecurity Today would like to than Material Security for their support of this podcast.  On Cybersecurity Today on the Weekend, the host speaks with Jennifer Hutton, a cybersecurity leader in the car dealership sector, about how she entered cybersecurity through increasing cyber insurance requirements and why dealerships are prime targets because they hold bank-level sensitive data and run complex digital and IoT ecosystems. They discuss the rise of cyber-enabled fraud, including impersonation scams, smishing, and synthetic identity fraud, and the need to educate both employees and customers. Hutton describes gaps in industry resources, especially for smaller dealers, and contrasts regulatory pressures such as updated FTC safeguards rules in the U.S. She emphasizes servant leadership, empathy, and communicating risk in business terms, arguing that cyber risk is business risk. The conversation also covers supply chain disruption from the CDK ransomware incident and the importance of incident response, business continuity, and resiliency-focused planning. 00:00 Weekend Show Kickoff 01:14 Jennifer's Cyber Origin 02:53 Why Dealerships Are Targets 04:30 Scams And Synthetic IDs 08:32 Industry Gaps And Sharing 10:42 Regulation And Tech Shift 13:48 Leading With Business Risk 21:29 Servant Leadership And AI 25:21 Empathy In Tech Teams 28:16 CDK Ransomware Lessons 29:53 Resilience Over Prevention 32:08 Advice To Dealership Leaders 34:49 Closing Thanks

    37 min

About

Updates on the latest cybersecurity threats to businesses, data breach disclosures, and how you can secure your firm in an increasingly risky time.

You Might Also Like