Cybersecurity Today

Jim Love
  • 5.0 (1)
  • TECH NEWS
  • UPDATED DAILY

Updates on the latest cybersecurity threats to businesses, data breach disclosures, and how you can secure your firm in an increasingly risky time.

  1. 1 DAY AGO

    AI Vulnerability Explosion, Kim Wolf Botnet Arrest, Ghost CMS Hack, Iran Cyber Espionage

    Is AI about to trigger a cybersecurity vulnerability explosion? In this episode of Cybersecurity Today, David Shipley examines what some researchers are calling the early signs of a "vulnerability apocalypse" as Anthropic's Claude-powered Project Glasswing identifies thousands of potential software flaws at machine speed. The episode breaks down the real numbers behind the hype: over 10,000 candidate vulnerabilities flagged, 1,726 confirmed high or critical findings, 97 patched issues, and the growing concern that AI-driven bug hunting could overwhelm already stretched security teams. One example: a critical WolfSSL certificate forgery vulnerability (CVE-2026-5194, CVSS 9.1). Also in this episode: Canadian authorities arrest Ottawa suspect Jacob Butler, also known as "Dort," allegedly linked to the Kim Wolf botnet operation blamed for nearly 30 terabits-per-second distributed denial-of-service (DDoS) attacks and more than 25,000 incidents. We also cover active exploitation of a Ghost CMS SQL injection vulnerability (CVE-2026-26980), with attackers reportedly compromising hundreds of websites using ClickFix malware lures, including high-profile targets. And finally, an Iran-linked cyber espionage campaign dubbed "Screening Serpents" uses highly personalised fake recruitment approaches to target aerospace, defence, and telecom professionals with new remote access malware. If you work in cybersecurity, infrastructure, or IT leadership, this is one to watch. 00:00 Vunpocalypse Headlines 00:28 AI Finds Vulnerabilities 01:32 False Positives and Costs 02:39 WolfSSL Critical CVE 03:51 Patch Volume Pressure 04:28 Kim Wolf Botnet Arrest 05:13 Botnet Scale and Swatting 06:48 International Takedowns 07:41 Ghost CMS Mass Exploits 09:07 ClickFix Infection Chain 10:25 How to Remediate Ghost 10:39 Iran Spear Phishing Ops 12:51 Closing and Sign Off #Cybersecurity #CyberSecurityToday #AIsecurity #GhostCMS #DDoS #CyberEspionage #Anthropic #ClaudeAI #IranCyberThreat #InfoSec

    13 min

  2. 3 DAYS AGO

    Researcher Finds Public GitHub Repo Exposing Sensitive CISA Credentials

    The episode recounts how GitGuardian security researcher Guillaume Valadon, while monitoring public GitHub for leaked secrets, discovered a publicly accessible repository labeled "CISA-Private" containing highly sensitive CISA materials, including internal DHS/CISA credentials, cloud keys, tokens, plaintext passwords, logs, and files such as "Important AWS Tokens" and a CSV listing usernames and passwords for internal systems. Believing a contractor likely used GitHub to move work from a work device to a home device, Valadon escalated via responsible disclosure to CERT, then involved journalist Brian Krebs to reach CISA faster when the repo remained public.  After additional outreach, the repository was made inaccessible within about a day, and Valadon praises CISA's response speed. The discussion emphasizes widespread poor secret hygiene, governance, training, and the need for organizations to monitor, rehearse, and automate detection and revocation of leaked secrets. Cybersecurity Today would like to thank Material Security for sponsoring this podcast. Material Security provides faster, more complete detection and response for email, identity, and data threats inside Google Workspace and Microsoft 365. You can contact them at material[dot]security. 00:00 Weekend Welcome Sponsor 00:27 CISA Secrets Leak Found 03:29 Calling Brian Krebs 05:06 Meet GitGuardian Researcher 07:26 Why Leaks Happen Everywhere 10:49 Inside the CISA Repo 13:19 Disclosure and Takedown 17:04 Lessons for Organizations 22:47 Aftermath and Thanks 24:36 Show Wrap Sponsor Outro

    27 min

  3. 4 DAYS AGO

    GitHub Breach Exposes 3,800 Repos | Microsoft Kills SMS Authentication | Proton Fights Canada Bill

    GitHub confirms a major supply chain breach after a malicious Visual Studio Code extension reportedly gave attackers linked to TeamPCP access to roughly 3,800 internal repositories. The bigger issue: developer workstations now hold some of the most sensitive secrets in modern software organizations. Also today: Microsoft begins phasing out SMS-based authentication for personal accounts, calling text-message authentication a growing fraud risk as it shifts toward phishing-resistant passkeys. Researchers also disclose a nine-year-old Linux privilege escalation flaw, CVE-2026-46333, nicknamed SSH-Keysign-Pwn, which can allow root-level access with local machine access. And Proton publicly threatens to leave Canada rather than comply with proposed surveillance legislation it says would undermine its no-logs privacy promise. Cybersecurity Today would like to thank Material Security for sponsoring this podcast. Material Security provides faster, more complete detection and response for email, identity, and data threats inside Google Workspace and Microsoft 365. You can contact them at material[dot]security. If cybersecurity, privacy, and digital infrastructure matter to your business, this is the daily briefing you need. Timestamps: 00:00 Top Stories Rundown 00:24 GitHub Supply Chain Breach 01:09 Developer Workstations at Risk 02:31 Microsoft Ditches SMS MFA 04:15 Linux Root Escalation Flaw 06:11 Proton vs Canada Surveillance Bill 08:03 Wrap Up and Sign Off #cybersecurity #github #microsoft #linux #protonvpn #privacy #databreach #supplychainattack #infosec #cybernews

    9 min

  4. 6 DAYS AGO

    Windows 11 BitLocker Zero-Day, TeamPCP Malware Leak, Iran Gas Station Hacks | Cybersecurity Today

    A serious new Windows 11 BitLocker vulnerability, open-sourced offensive malware tools, a suspected Iranian cyber campaign targeting U.S. fuel infrastructure, and malware that appears designed to interfere with nuclear weapons simulation systems.  Cybersecurity Today would like to thank Material Security for sponsoring this podcast. Material Security provides faster, more complete detection and response for email, identity, and data threats inside Google Workspace and Microsoft 365. You can contact them at material[dot]security. David Shipley breaks down four major cybersecurity stories on Cybersecurity Today. First, a newly disclosed zero-day dubbed YellowKey reportedly defeats default Windows 11 BitLocker protection on systems using TPM-only encryption, giving attackers with physical access a path to unencrypted data through the Windows Recovery Environment. Microsoft is investigating, while security experts are urging stronger BitLocker configurations. The episode also examines the TeamPCP threat group's decision to release offensive tooling publicly, dramatically lowering the barrier for copycat supply-chain attacks. Researchers have already spotted malicious NPM packages borrowing similar techniques, including persistence mechanisms aimed at developer environments such as Visual Studio Code and Claude Code. David also looks at disturbing analysis of the FAST16 malware, which researchers believe was engineered to tamper with nuclear weapons simulation software including LS-DYNA and AutoDyn. And finally, U.S. officials reportedly suspect Iranian actors in cyberattacks targeting internet-exposed gas station automatic tank gauge systems, a reminder that weak operational technology security can quickly become a real-world infrastructure problem. 00:00 Sponsor Message 00:24 Headlines Overview 00:50 BitLocker Zero Day 03:32 TeamPCP Tools Leak 06:13 Copycat NPM Malware 06:50 Fast16 Nuclear Sabotage 08:37 Iran Gas Station Hacks 10:28 Hardening Critical Infrastructure 11:16 Wrap Up And Events 11:59 Sponsor Deep Dive #Cybersecurity #Windows11 #BitLocker #ZeroDay #TeamPCP #IranCyberAttack #SupplyChainAttack #CriticalInfrastructure #CyberSecurityToday

    13 min

  5. 19 MAY

    Exchange Zero-Day Under Attack, Ransomware Gets Smarter, Fortinet Critical Flaws

    A dangerous new Microsoft Exchange zero-day is being actively exploited, ransomware gangs are adopting nation-state-style tactics, two fired contractors were caught deleting U.S. government databases after accidentally recording themselves on Microsoft Teams, and Fortinet has patched critical remote code execution flaws. In this episode of Cybersecurity Today, David Shipley breaks down four major cybersecurity stories that security teams need to know. Cybersecurity Today would like to thank Material Security for supporting this podcast.  Material security provides. faster, more complete detection and response for email, identity, and data threats inside Google Workspace and Microsoft 365.  Contact them at  material[dot]security  Microsoft has confirmed active exploitation of a new Exchange Server zero-day, CVE-2026-42897, affecting Exchange Server 2016, Exchange Server 2019, and Exchange Subscription Edition. There is currently no patch, only mitigations through the Exchange Emergency Mitigation Service, with some trade-offs for Outlook Web App users. Security researcher Marcus Hutchins highlights an unusually disciplined ransomware affiliate operation using tradecraft more commonly associated with nation-state attackers, including a custom SentinelOne endpoint detection and response (EDR) killer and a stripped-down toolset designed to leave fewer forensic traces. In one of the more astonishing insider threat stories of the week, former OPEX Corporation contractors Muneeb and Sohaib Akhtar were allegedly caught deleting 96 U.S. government databases after leaving a Microsoft Teams recording running. Also in this episode: Fortinet has released urgent patches for critical unauthenticated remote code execution vulnerabilities in FortiAuthenticator (CVE-2026-44277) and FortiSandbox (CVE-2026-26083). If you're responsible for enterprise security, patch management, incident response, or cyber risk, this is one you need to see. Chapters: 00:00 Sponsor Message 00:24 Headlines Intro 00:49 Ransomware Nation-State Discipline 04:18 Exchange Zero-Day Mitigation 07:01 Fired Contractors Caught Recording 09:21 Fortinet Critical Vulnerabilities 11:07 Wrap Up and Sign Off 11:38 Sponsor Deep Dive Ad #Cybersecurity #MicrosoftExchange #ZeroDay #Ransomware #Fortinet #CyberAttack #Infosec #DavidShipley #CybersecurityToday

    13 min

  6. 16 MAY

    Inside CIRA: How Canada's .ca Registry Became a Global DNS & Cybersecurity Force

    David Shipley interviews Jon Ferguson, VP at CIRA, about how the Canadian Internet Registration Authority evolved from early paper-based .ca registrations at UBC into a 142-person, member-based not-for-profit running .ca and authoritative Anycast DNS infrastructure now supporting 550+ TLDs globally. Ferguson explains how .ca's Canadian presence requirements help keep abuse rates low, and how CIRA reinvests surpluses into grants and cybersecurity tools, including Canadian Shield (DNS-based malware/phishing blocking and encrypted DNS with limited data retention) used by about 500,000 people and generating about 20 million blocks per month. They discuss CIRA's focus on municipalities, schools, hospitals, and universities, its move into endpoint security and a managed detection and response partner program with Calian, and concerns about AI-driven threats, online harm, and rebuilding trust and real-world connection. 00:00 Weekend Show Kickoff 01:30 Jon's Cyber Journey 03:06 Inside CIRA DNS Role 04:59 What Is CIRA 07:23 Origin Story Of Dot Ca 13:01 Anycast DNS Explained 16:27 Canadian Shield DNS Firewall 22:21 Serving Public Sector Needs 26:18 Endpoint And MDR Expansion 35:05 Mission Over Money 40:39 What Keeps Him Up 46:19 Hope And Balance Online 50:55 Wrap Up And Thanks

    53 min

  7. 15 MAY

    How a Google API Key Became an $8,000 AI Bill, Meta Scam Ads Lawsuit, and 73-Second Cyber Attacks

    Google Cloud customers are reporting shocking surprise bills after compromised or misused API keys were allegedly used to access expensive Gemini AI services. In one case, Rod Dinan says his monthly Google Cloud costs jumped from under $50 to nearly $8,000. Sydney developer Isuru Fonseka says he was hit despite setting spending controls, raising broader questions about API key security, client-side exposure, billing alerts, and how quickly attackers can exploit AI infrastructure. Cybersecurity Today also covers prosecutors' allegations that two fired brothers sabotaged systems tied to government-related work after access wasn't revoked quickly enough, Santa Clara County's civil lawsuit accusing Meta of profiting from scam ads on Facebook and Instagram, and Horizon3.ai's warning that attackers can exploit newly exposed systems in as little as 73 seconds while many organisations still take 24 hours or longer to respond. If your organisation uses APIs, AI services, cloud billing controls, or internet-facing infrastructure, this episode matters. #Cybersecurity #GoogleCloud #GeminiAI #APIKeys #CloudSecurity #Meta #ScamAds #CyberAttack #CybersecurityToday #AIsecurity CHAPTERS 00:00 Google Cloud API Key Bill Shock 01:20 Real-World Victims: Surprise AI Charges 02:24 Why Spending Caps Didn't Stop the Damage 03:38 The Enterprise Cloud Security Risk 04:19 Fired Employees and Alleged Insider Sabotage 04:55 The Database Destruction Timeline 06:34 What This Incident Teaches Security Teams 07:10 Santa Clara County Sues Meta Over Scam Ads 08:46 Attackers Can Strike in 73 Seconds 10:14 Closing and Next Episode

    10 min

  8. 13 MAY

    Canvas Breach 'Deal' With ShinyHunters, AI Zero-Day Warning, Checkmarx Hit Again

    Cybersecurity Today examines a troubling set of new security developments affecting schools, software supply chains, and account security. Instructure says it reached an "agreement" with the ShinyHunters threat group after the massive Canvas breach that may have affected up to 275 million users across 9,000 educational institutions. Reports indicate attackers exploited multiple cross-site scripting (XSS) vulnerabilities to hijack administrator sessions and post extortion demands. Checkmarx has been breached again. This time, attackers reportedly inserted a malicious Jenkins Application Security Testing (AST) plugin designed to steal credentials. The same threat actor, believed to be Team46/TeamTNT-linked infrastructure or Team PCP depending on reporting attribution, appears to have reused secrets allegedly stolen in the earlier Trivy supply-chain compromise. Microsoft and Google are warning organizations not to treat passkeys as a complete security solution. If weaker recovery methods or legacy credentials remain active, attackers can still bypass them. Google's Threat Intelligence Group also reports what it describes as the first observed evidence of hostile actors using AI to assist in zero-day vulnerability research and exploit development, signalling a new phase in attacker industrialization. Also in today's show: Santa Clara County sues Meta over alleged scam-ad profits. Chapters 00:00 Headlines Overview 00:28 Canvas Breach Deal Fallout 01:59 How the XSS Attack Worked 03:15 Checkmarx Supply Chain Attack 05:01 Credential Rotation Lessons 05:37 Why Passkeys Aren't Enough 07:19 Layered Defence Takeaways 08:35 AI-Assisted Zero-Day Development 10:10 Industrialized AI Threats 13:08 Meta Scam Ads Lawsuit 15:19 Wrap Up

    16 min
See All (105)

Hosts & Guests

About

Updates on the latest cybersecurity threats to businesses, data breach disclosures, and how you can secure your firm in an increasingly risky time.

Information

You Might Also Like