Cybersecurity Today

Jim Love
  • 5.0 (1)
  • TECH NEWS
  • UPDATED DAILY

Updates on the latest cybersecurity threats to businesses, data breach disclosures, and how you can secure your firm in an increasingly risky time.

  1. 3 HR AGO

    Coruna iOS Exploit Kit Goes Mass-Market: Cybersecurity Today for March 9, 2026 with David Shipley

    Coruna iOS Exploit Kit Goes Mass-Market, FBI Wiretap Platform Breach Probe, Windows Terminal ClickFix, and Iran-War Cyber Escalation This episode covers several major cybersecurity developments: Google's Threat Intelligence Group details Coruna, a sophisticated iOS exploit kit with 23 exploits and multiple chains affecting iOS 13–17.2.1, shifting from targeted surveillance use to cryptocurrency-scam distribution and a PlasmaLoader payload aimed at stealing wallet data. The FBI is investigating suspicious activity involving its Digital Collection System Network used to support wiretaps and surveillance, with concerns about third-party vendor exposure and broader federal agency targeting. Microsoft reports a new ClickFix variation that abuses Windows Terminal to deploy the Luma Stealer via encoded commands, persistence, Defender exclusions, and browser injection. The show also reviews Iran-linked cyber activity by MuddyWater and others amid regional conflict, including new backdoors and cloud-based exfiltration, and reports that Iranian drone strikes hit AWS data centers in the UAE and Bahrain, causing outages and highlighting data centers as battlefield targets. Cybersecurity Today  would like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking stack, wired, wireless and cellular in one integrated solution that's built for performance and scale.  You can find them at Meter.com/cst 00:00 Sponsor Message Meter 00:19 Headlines And Intro 00:50 Coruna iOS Exploit Kit 04:06 FBI Wiretap Platform Breach 06:52 ClickFix Hits Windows Terminal 10:00 Iran War Cyber Campaigns 14:59 Drones Hit AWS Data Centers 17:57 Wrap Up And Thanks 18:35 Sponsor Close Meter

    20 min

  2. 2 DAYS AGO

    Cybersecurity Today Month in Review: World In Turmoil

    Cybersecurity Today Month in Review: Iran Conflict Cyber Spillover, IoT Cameras, AI Hacking Tools, and Resilience Planning In this weekend month-in-review episode, host Jim Love and panelists David Shipley, Laura Payne, Neil Bisson, and Chris "CJ" Johnson discuss cyber and infrastructure impacts tied to the US/Israel–Iran conflict, including reported compromise of traffic camera networks for targeting, Iran's defensive internet shutdown, propaganda via a hacked prayer app, and GPS/AIS spoofing that misdirected ships in the Strait of Hormuz, raising oil and helium supply-chain concerns. They warn of potential Iranian retaliation via DDoS, ransomware, and critical infrastructure attacks (especially water/OT), amplified by insecure IoT and camera vulnerabilities (e.g., Hikvision). The group critiques weakened government cyber capabilities (including CISA turmoil and CVE program risk), highlights AI-enabled attack automation (CyberStrike AI) shrinking time-to-exploit, and stresses practical resilience planning, including protecting AI API keys after an $82,000 billing incident and noting a law-enforcement takedown of LeakBase. Cybersecurity Today  would like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking stack, wired, wireless and cellular in one integrated solution that's built for performance and scale.  You can find them at Meter.com/cst 00:00 Sponsor Message Meter 00:18 Meet the Panel 01:41 MSPs and Security Assumptions 03:36 War and Cyber Spillover 06:52 Iran Internet Shutdown Explained 08:27 GPS Spoofing in Strait 10:32 Retaliation Risks to West 17:02 IoT Cameras as Targets 18:56 What IT Providers Should Do 22:03 Who Should Worry Most 26:18 Regulation and IoT Standards 28:58 Supply Chain and State Actors 31:36 CISA and CVE Turmoil 35:53 Ring Backlash and Big Tech 37:43 OpenAI Alerts and Privacy 39:25 AI Cultural Blind Spots 40:05 Therapy Duty to Report 41:17 Licensing AI Advice 42:16 Data Centers Under Fire 43:59 Continuity Without Claude 45:05 Power Grid Reality Check 46:47 MSPs and AI Dependence 49:58 Hype Versus Security Markets 51:02 CyberStrike AI Tooling 56:37 Nation State Plausible Deniability 59:58 Exploit Speed and Software Debt 01:03:37 Practical Tips and Wrap Up

    1h 13m

  3. 3 DAYS AGO

    Wikipedia Hit By JavaScript Worm, ICE Contractor Data Base Leaked and more...

    Wikipedia JavaScript Worm, ICE Contractor Data Leak Claim, and Leak Base Takedown Wikipedia admins contained a self-propagating JavaScript worm that spread via infected user script files, executing in logged-in editors' browsers and using authenticated sessions to copy itself into other scripts, sometimes affecting global scripts; administrators restricted edits, reverted and suppressed changes, replaced compromised scripts, and continue investigating the originating account.  A hacktivist group calling itself the Department of Peace claims it leaked records tied to DHS's Office of Industry Partnership involving 6,681 organizations that applied for ICE-related contracts, releasing the dataset via Distributed Denial of Secrets, while DHS has not confirmed the breach or data authenticity.  Finally, the FBI, Europol, and partners dismantled the Leak Base cybercrime forum, seized its database, conducted arrests and searches, and warned suspects through the forum's channels. Cybersecurity Today  would like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking stack, wired, wireless and cellular in one integrated solution that's built for performance and scale.  You can find them at Meter.com/cst 00:00 Sponsor Message 00:19 Headlines Intro 00:42 Wikipedia Worm Attack 01:19 How The Worm Spread 02:08 Containment And Lessons 02:53 Hacktivists Leak ICE Data 04:47 Leak Base Takedown 06:10 Database Seizure Fallout 07:12 Wrap Up And Weekend Preview 07:30 Sponsor Closing

    9 min

  4. 5 DAYS AGO

    AI Driven Warfare

    AI-Driven Warfare, Open-Source Attack Tooling, CISA Shakeups, Healthcare Ransomware, and GPS Jamming Risks Host David Shipley covers reports that hacked Tehran traffic cameras and an AI-powered targeting system helped a joint U.S.-Israeli operation ("Epic Fury") track and strike Iran's leadership, highlighting the growing role of compromised infrastructure and AI in modern conflict. Researchers also link the open-source toolkit Cyber Strike AI to automated attacks against Fortinet FortiGate devices, compromising over 600 systems across 55 countries and raising concerns about proliferating offensive AI tools. At CISA, CIO Robert Costello resigns amid leadership turmoil and staffing challenges. Healthcare ransomware disruptions include a University of Hawaii Cancer Center breach affecting nearly 1.2 million people and a major attack on the University of Mississippi Medical Center that shut clinics and disrupted Epic EMR access. Finally, GPS/AIS jamming and spoofing in the Middle East threatens shipping safety and global trade. Cybersecurity Today  would like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking stack, wired, wireless and cellular in one integrated solution that's built for performance and scale.  You can find them at Meter.com/cst 00:00 Sponsor Message 00:17 Headlines Overview 00:48 Epic Fury AI Warfare 04:12 Cyber Strike AI Toolkit 07:06 CISA CIO Resignation 09:06 Hawaii Cancer Center Breach 11:27 UMMC Ransomware Shutdown 13:53 GPS Jamming Shipping Risk 16:33 Wrap Up And Sponsor

    17 min

  5. 2 MAR

    CISA Leadership Shakeup, OpenClaw Hijack, Robot Vacuums and More

    OpenClaw AI Agent Hijack, CISA Leadership Shakeup, Iran Cyber Campaign, Air-Gap Malware, and Robot Vacuum Flaw Jim Love covers multiple cybersecurity stories: Oasis Security revealed "ClawJacked," a high-severity OpenClaw AI agent framework flaw caused by missing rate limiting on the local gateway, enabling malicious web pages to brute-force passwords via WebSockets, register a trusted device, and take over agents; OpenClaw patched it within 24 hours and users are urged to update to version 2020 6.2 0.25 and tighten governance for non-human identities. CISA sees a leadership change as acting director Madhu Gottumukkala steps down amid criticism and reports he uploaded sensitive contracting documents to public ChatGPT and canceled key security tool contracts; Nick Anderson becomes acting director. The episode also discusses a coordinated cyber campaign alongside US/Israeli operations against Iran and risks of Iranian retaliation against exposed US critical infrastructure, North Korea's Scarcruft using "Ruby Jumper" to bridge air-gapped networks via USB, and a DJI Romo robot vacuum MQTT flaw that exposed control and camera access across 7,000 devices before being patched. 00:00 Sponsor Message Meter 00:19 Headlines And Intro 00:46 Claw Jacked AI Agents 02:21 CISA Leadership Shakeup 06:02 Cyber Front In Iran War 08:48 North Korea Air Gap Breach 10:06 Robot Vacuum Takeover 13:04 Wrap Up And Thanks

    14 min

  6. 28 FEB

    Cybersecurity Today Weekend with Carey Frey, VP and Chief Security Officer at TELUS

    Identity, AI Agents, and the Session Token Time Bomb | Carey Frey (CSO, TELUS) on Cybersecurity Today In this Cybersecurity Today weekend edition, David Shipley interviews Carey Frey, Chief Security Officer at TELUS, about the evolution of identity security and why it's a growing risk in the age of generative and agentic AI. Frey recounts his career from Canada's Communications Security Establishment to leading TELUS's internal security and managed cybersecurity services, then explains how convenience-driven identity decisions led from PKI's unrealized promise to passwords, bearer/session tokens, and today's widespread session cookie theft. He describes lessons from TELUS's deployment of FIDO2 phishing-resistant tokens, the dangers of long-lived SSO tokens across SaaS ecosystems, and how agentic "auto-browse" could amplify harm via the "lethal trifecta" and ephemeral agents with poor auditability. Frey highlights the Syne/SignNet CISO Identity Handbook and calls for stronger cryptographic roots of trust, proof-based tokens, re-authentication across trust domains, and fine-grained delegation guardrails. Cybersecurity Today  would like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking stack, wired, wireless and cellular in one integrated solution that's built for performance and scale.  You can find them at Meter.com/cst 00:00 Sponsor Message 00:24 Weekend Edition Intro 00:32 Meet Carey Frey 02:07 Carey's Cyber Origin Story 03:47 Telus Security Two Hats 06:22 Identity's Broken Legacy 08:43 Why PKI Didn't Win 11:25 Passkeys Missed Moment 14:10 SSO Tokens Surprise 19:50 Session Theft Reality 23:18 Agentic AI Stakes 24:17 Building Identity Playbook 25:24 Identity Maturity Model 25:49 Fixing OAuth and SAML 27:00 Industry Call to Action 27:37 Where to Find the Handbook 28:06 Not a Vendor Pitch 30:13 Agentic AI Identity Gaps 31:30 Auto Browse Threat Scenario 33:12 Lethal Trifecta Explained 34:31 Ephemeral Agents and Forensics 37:08 Supply Chain Agent Malware 38:20 Crypto Roots of Trust 39:35 Proof Tokens and Reauth 40:17 Delegation Guardrails 42:34 Regulation or Market Forces 44:25 Practical Risk Decisions 46:20 Wrap Up and Next Resources 48:00 Sponsor and Closing Credits

    49 min

  7. 27 FEB

    Cisco SD-WAN Bug Actively Exploited

    Cisco SD-WAN Bug Actively Exploited, MCP Azure Takeover Demo, CarGurus Data Leak, and Secret Service Scam Recovery Host Jim Love covers four cybersecurity stories: CSA warns a critical Cisco Catalyst SD-WAN controller vulnerability (CVE-2026-20127) has been exploited since 2023, enabling authentication bypass and rogue peering sessions, and orders U.S. federal agencies to inventory systems, collect logs and forensic artifacts, hunt for compromise, and apply Cisco's fixes by 5:00 PM ET on February 27, 2026, with no workarounds. At RSA, researchers show how flaws in Model Context Protocol (MCP)—a key integration layer for agentic AI—could lead to remote code execution and even Azure tenant takeover, highlighting rising enterprise risk. ShinyHunters reportedly published 12.4 million stolen CarGurus records, raising phishing and fraud concerns tied to vehicle shopping and financing context. Finally, an Ontario tech support scam victim recovers funds through coordinated work by Ontario Provincial Police and the U.S. Secret Service, which traced and froze the money in time. Cybersecurity Today  would like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking stack, wired, wireless and cellular in one integrated solution that's built for performance and scale.  You can find them at Meter.com/cst LINKS Cisco Advisory Cisco Security Advisory – CVE-2026-20127 Authentication bypass vulnerability in Cisco Catalyst SD-WAN https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-rpa-EHchtZk CISA Supplemental Hunt and Hardening Guidance (Cisco SD-WAN Systems) https://www.cisa.gov/news-events/directives/supplemental-direction-ed-26-03-hunt-and-hardening-guidance-cisco-sd-wan-systems Threat Hunt Guide (Technical PDF) Cisco SD-WAN Threat Hunt Guide (jointly referenced in federal guidance) https://media.defense.gov/2026/Feb/25/2003880299/-1/-1/0/CISCO_SD-WAN_THREAT_HUNT_GUIDE.PDF 00:00 Sponsor Message 00:19 Cisco SD-WAN Under Attack 02:48 MCP Azure Takeover Demo 05:28 CarGurus Data Dump 07:16 Secret Service Scam Recovery 09:24 Closing Sponsor Thanks

    10 min

  8. 25 FEB

    Discord Finds Age Identification May Have Privacy Concerns

    Discord Drops Persona Age Verification, SolarWinds Serv-U Critical RCEs, Splunk Windows Priv Esc, and Smart TV Screenshot Surveillance Lawsuits In this episode of Cybersecurity Today, host Jim Love covers Discord ending its age-verification experiment with Persona after user backlash and researcher findings that Persona's front-end code suggested up to 269 verification checks, including watch list screening and risk scoring, amid already-thin trust following an earlier breach that exposed government ID images. The show also highlights SolarWinds Serv-U 15.5.0.4 patches for four critical (CVSS 9.1) remote code execution vulnerabilities (CVE-2025-40538, CVE-2025-40539, CVE-2025-40540, CVE-2025-40541), noting they require high privileges and that self-hosted Windows/Linux instances must be upgraded, with estimates ranging from under 1,200 to over 12,000 internet-exposed servers. Splunk discloses a high-severity Windows privilege escalation flaw (CVE-2025-2386, CVSS 8.0) caused by incorrect install-directory permissions in versions before 10.0.0.2, 9.4.0.6, 9.3.0.8, and 9.2.10, enabling local users to potentially escalate privileges and tamper with logging. Finally, Texas Attorney General Ken Paxton sues Samsung, Sony, LG, Hisense, and TCL, alleging smart TVs use automated content recognition to capture screen content—potentially up to twice per second—and transmit it without meaningful consent, with implications for both home viewing and confidential business use; the episode emphasizes reviewing and disabling ACR settings and accounting for network-connected screens in security models.  Cybersecurity Today  would like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking stack, wired, wireless and cellular in one integrated solution that's built for performance and scale.  You can find them at Meter.com/cst 00:00 Sponsor Message Meter 00:20 Discord Age Verification Backlash 01:37 Persona Code Raises Alarms 03:08 SolarWinds Serv-U Critical RCEs 04:51 Splunk Windows Priv Esc 06:18 Smart TV Screenshot Surveillance 08:35 Wrap Up and Sponsor Thanks

    9 min
See All (105)

Hosts & Guests

About

Updates on the latest cybersecurity threats to businesses, data breach disclosures, and how you can secure your firm in an increasingly risky time.

Information

You Might Also Like