Avsnitt
-
Cybersecurity Today on the Weekend interviews the winning Canadian CyberTitan team ("S-ores"/a regex-based name) along with coach Phil, educator Tim, and CyberTitan manager Sheena to explain how CyberTitan (run by ICTC) connects to the international CyberPatriot program. They describe the competition mechanics—securing compromised Windows, Windows Server, and Linux virtual machines for points, plus Cisco Packet Tracer networking—and how Canadian teams compete through CyberPatriot before the top teams advance to a national CyberTitan final. Students Faye and Eric share why they joined, their learning "aha" moments in Windows tools and networking concepts, and the value of teamwork. The guests discuss teacher benefits, free training materials, building diverse participation, sponsorship challenges, and hopes for a fully Canadian program with regional events and cloud-based cyber ranges like Field Effect's.
00:00 Weekend Show Intro
01:00 Tim's CyberTitan Journey
01:46 ICTC Explained
02:08 Who Can Compete
02:42 Why CyberTitan Matters
03:22 Origins and CyberPatriot Link
04:04 How The Competition Works
05:09 Meet Team Sors
07:07 Coach Phil's Role
09:44 Why Students Join
12:08 Student Aha Moments
15:13 Community and Teacher Wins
16:34 Sheena Runs The Show
17:29 Scale and National Reach
18:51 Coast To Coast Growth
19:40 XOR Team's Home District
19:55 Teams Across Toronto
20:39 Trophies Medals Coins
21:22 Eric Why Join
23:04 Faye Encouragement Story
25:51 Teachers Start Teams
27:52 Building Girls Pipeline
30:40 Cloud Range Future
33:49 2030 Vision Wrap -
Anthropic is calling for governments to have the authority to stop deployment of advanced AI systems that pose unacceptable risks. CEO Dario Amodei points to the company's Mythos cybersecurity model as proof that AI has become a matter of national and strategic consequence, warning that cyber risks may soon be followed by biological and autonomy risks.
Meanwhile, security researcher Nightmare Eclipse has released RoguePlanet, a new Windows Defender zero-day that reportedly works against fully patched Windows 10 and Windows 11 systems. The disclosure comes shortly after Microsoft said it had no intention of pursuing action against security researchers, suggesting the dispute between the company and the researcher is far from over.
And European authorities have dismantled AudiA6, a cryptocurrency laundering operation that Europol says used thousands of fraudulent exchange accounts to help obscure the proceeds of ransomware attacks and other cybercrime. Investigators linked the service to more than 15 ransomware and major cryptocurrency theft investigations worldwide.
Chapters
00:00 Top Stories Rundown
00:19 Crypto Laundering Takedown
02:02 Why Cashout Networks Matter
02:36 RoguePlanet Zero Day Drops
03:19 Microsoft Researcher Fallout
04:24 Exploit Reliability And What Next
05:37 Anthropic Wants Stop Powers
06:10 Mythos Model Cybersecurity Shock
07:37 Regulation Motives And Competition
08:37 Beyond Cyber Bio And Autonomy
09:20 Closing And Next Episodes -
Saknas det avsnitt?
-
Instagram AI Support Hack Hits 20,225 Accounts; AI Worm 'Hades' Lies to Security Tools; Chrome Zero-Day Patch
Host David Shipley reports Meta says 20,225 Instagram accounts were hijacked after an AI support tool was tricked into sending reset links to attacker-controlled emails, with only MFA-protected accounts resisting. Step Security details a new Miasma-derived worm wave called Hades that targets config files for 14 AI coding tools, can inject instructions to hijack assistants, lies to AI security tools, and includes a "dead man switch" wipe if stolen GitHub tokens are revoked; Microsoft also removed some GitHub repos after 73 open-source projects were compromised to inject an info stealer. University of Toronto and Vector Institute researchers demonstrated an AI worm using a free local model that spread across a simulated network via known flaws and misconfigurations. Google issued an emergency Chrome patch for actively exploited CVE-2026-11645 in V8, and insurers are tightening claims scrutiny and increasingly excluding AI-related liabilities.
00:00 Instagram AI Hack Fallout
01:36 AI Worm Hades Evolves
02:55 Microsoft Repo Compromise
03:54 Lab Built AI Worm Demo
05:27 Emergency Chrome Zero Day
07:07 Cyber Insurance Tightens Up
08:02 AI Liability Coverage Shrinks
09:16 Wrap Up and Sign Off -
TClaude Outage Data Leak Fears, Microsoft GitHub Worm, IBM Hack Allegations, Meta AI Instagram Takeovers, and Canada's Bill C-8
David Shipley reports that Anthropic's Claude suffered a roughly two-hour outage affecting models including Opus, during which a user alleged receiving another customer's conversation; Anthropic says it has no evidence of a data leak and is investigating. A Team PCP self-spreading worm, Miasma, infected 73 Microsoft GitHub repositories across four accounts and now triggers via AI coding assistants when developers open cloned projects. A former IBM threat-intel executive, William Barlow, alleges IBM was hacked three times by foreign governments (including APT10 from 2013–2016) and concealed it; IBM denies wrongdoing and the claims are unproven. TechCrunch reports attackers hijacked Instagram accounts by persuading Meta's support chatbot to relink accounts to attacker emails, with ongoing reports despite Meta saying it's fixed. Canada's Senate passed critical-infrastructure cybersecurity law Bill C-8, mandating rules and incident reporting for telecom, finance, energy, and transportation.
00:00 Top Headlines Rundown
00:37 Claude Outage Data Leak Fears
02:17 Miasma Worm Hits Microsoft
03:52 IBM Breach Cover Up Claims
05:25 Meta AI Hands Over Instagram
06:40 Why Chatbots Fail Social Engineering
07:44 Canada Passes C-8 Cyber Law
09:58 Wrap Up and Sign Off -
Host Jim Love and panelists David Shipley, Laura Payne, and Jeff Williams discuss a researcher ("Chaotic/Nightmare Eclipse") publicly disclosing multiple Windows zero-days affecting components including Defender and BitLocker, frustration with Microsoft's vulnerability disclosure process, and backlash to Microsoft's initially threatening tone before it was partially walked back; the panel debates responsible disclosure, the need for researcher support/organization, transparency vs liability, and how vulnerability reporting is straining under volume. They then examine a White House AI executive order focused on voluntary measures and 30-day model access, criticizing the lack of basic safety and cybersecurity protections amid FOMO about losing to China and an AI investment bubble. The conversation covers AI-driven harms and studies on reduced brain activity and "cognitive surrender," while noting benefits when AI is used as a tutor. Shipley highlights Canada's Senate passing Bill C-8 on critical infrastructure cybersecurity, and the group urges outcome-focused security, architecture/risk prioritization, and critical thinking against AI-enabled social engineering.
Cybersecurity Today would like to thank Material Security for sponsoring this podcast. Material Security provides faster, more complete detection and response for email, identity, and data threats inside Google Workspace and Microsoft 365. You can contact them at material[dot]security.
00:00 Sponsor Message
00:24 Show Welcome Panel
01:17 Microsoft Zero Day Fallout
04:19 Researcher Backlash Drama
06:46 Unionizing Bug Hunters
13:10 Product Liability Debate
23:23 Regulation vs Transparency
26:00 AI Bubble Investor Risk
28:01 White House AI Order
32:24 Cybersecurity Gaps Telecom
33:19 Telecom Trust Breakdown
34:32 AI Harms and Exploitation
35:36 Studies on Cognitive Surrender
38:13 Markets Regulation and Politics
40:13 Canada Cyber Law Win
42:33 Adoption Hype and Subsidy Bubble
48:50 Patch Deluge and AppSec Strain
52:10 Defenses Beyond Patching
54:17 Outcomes Critical Thinking and CIA
01:01:49 Education Disruption and Closing
01:04:14 Sponsor Message Material Security -
A newly disclosed attack called HTTP/2 Bomb can crash major web servers in seconds using a single computer and a modest internet connection. Researchers say the attack combines two known techniques into a powerful memory-exhaustion exploit affecting widely used platforms including Apache, NGINX, Microsoft IIS, and Envoy. The attack also highlights a growing trend in cybersecurity research: the use of artificial intelligence to uncover dangerous combinations of existing vulnerabilities.
The episode also examines President Trump's new executive order creating a voluntary framework for reviewing advanced AI models before public release. The administration says the goal is to improve cybersecurity and national security visibility while avoiding mandatory regulation or licensing requirements.
Next, a new Cloud Security Alliance report warns that organizations are struggling to keep up with the growing volume of vulnerabilities. Security teams increasingly face difficult choices about which flaws to patch first as cloud environments, containers, APIs, and third-party software continue to expand the attack surface.
Finally, CISA warns that attackers are actively exploiting both a newly patched Android vulnerability and a years-old Linux flaw. The contrast highlights a simple reality: cybercriminals do not care whether a vulnerability is new or old. They care whether it remains exploitable.
Stories in this episode
HTTP/2 Bomb Can Crash Web Servers in Seconds
Researchers disclose a denial-of-service technique capable of exhausting server memory in under a minute, while OpenAI's Codex helps uncover a novel attack chain.
Trump Creates Voluntary AI Security Reviews as Government Seeks Visibility Into Frontier Models
A new executive order establishes voluntary reviews of advanced AI systems before public release, raising questions about visibility, oversight, and national security.
The Cybersecurity Industry's Patch-Everything Strategy May Be Breaking Down
A Cloud Security Alliance report suggests organizations are overwhelmed by vulnerability volume and increasingly forced to choose which risks to address.
CISA Warning Shows Attackers Don't Care Whether a Vulnerability Is New or Old
Active exploitation of both a newly patched Android flaw and an older Linux vulnerability demonstrates that attackers focus on opportunities, not disclosure dates.Cybersecurity Today brings you the latest cybersecurity news, threat intelligence, breach reports, vulnerability disclosures, ransomware developments, cybercrime investigations, and security research affecting organizations around the world.
#Cybersecurity #CyberSecurityToday #InfoSec #CyberNews #Ransomware #ThreatIntelligence #VulnerabilityManagement #AndroidSecurity #LinuxSecurity #ArtificialIntelligence #HTTP2 #CISA #CloudSecurity #OpenAI #PatchManagement
-
Cybersecurity Today for June 2, 2026.
Microsoft has backed away from its hard-line stance against vulnerability researchers after widespread criticism from the security community. The dispute began after independent researcher Nightmare Eclipse published proof-of-concept code for unpatched Microsoft vulnerabilities, triggering a public debate over responsible disclosure, zero-days, and researcher relations.
Cybersecurity Today would like to thank Material Security for sponsoring this podcast. Material Security provides faster, more complete detection and response for email, identity, and data threats inside Google Workspace and Microsoft 365. You can contact them at material[dot]security.
Carnival Corporation disclosed a social-engineering attack that led to the theft of sensitive personal information affecting nearly six million people. Exposed data includes names, contact information, dates of birth, and government identification details. The ShinyHunters cybercrime group has claimed responsibility and alleges the breach involved even more records.
Password manager provider Dashlane temporarily locked some customers out of their accounts after large-scale password-guessing attacks triggered automated security protections. Access was later restored, although some users reported lingering issues.
The episode also examines a software supply-chain attack uncovered by Wiz involving 32 Red Hat Cloud Services NPM packages. Attackers compromised a Red Hat employee's GitHub account and inserted Miasma malware designed to steal Google Cloud and Microsoft Azure credentials.
Timestamps:
00:00 Sponsor Message
00:28 Headlines And Intro
00:55 Microsoft Researcher Dispute
02:58 Carnival Cruise Data Breach
04:48 Dashlane Lockouts Explained
06:09 Miasma Malware Supply-Chain Attack
08:10 Wrap Up And Sign Off
08:31 Sponsor Deep Dive#Cybersecurity #DataBreach #Carnival #Microsoft #Dashlane #RedHat #SupplyChainAttack #CyberSecurityToday
-
Microsoft's dispute with a former security researcher takes a dramatic turn as the company raises the possibility of criminal action over the publication of proof-of-concept code for unpatched zero-day vulnerabilities. David Shipley examines the escalating conflict between Microsoft and "Nightmare Eclipse," the criticism from prominent security researchers including Kevin Beaumont and Katie Moussouris, and what the controversy could mean for the future of vulnerability disclosure.
Cybersecurity Today would like to thank Material Security for sponsoring this podcast. Material Security provides faster, more complete detection and response for email, identity, and data threats inside Google Workspace and Microsoft 365. You can contact them at material[dot]security.
The episode also explores a new category of insider risk after U.S. prosecutors charged Google security engineer Michael Spagnuolo with allegedly using confidential Google search trend data to earn more than $1.2 million on the prediction market Polymarket. The case highlights how prediction markets may create unexpected incentives around non-financial corporate information.
Also covered: active exploitation of Palo Alto Networks' GlobalProtect VPN authentication bypass vulnerability CVE-2026-0257, now added to CISA's Known Exploited Vulnerabilities (KEV) catalogue, and a malware campaign that abuses legitimate ChatGPT sharing pages and Google Ads to trick users into downloading malicious software. Researchers also report similar abuse of Anthropic's Claude Artifacts feature.
Chapters
00:00 Top Headlines Rundown
00:26 Microsoft vs Zero-Day Researcher
01:28 Responsible Disclosure Fallout
03:32 Why This Dispute Matters
04:32 Polymarket Insider Trading Case
06:07 Prediction Markets Create New Insider Risks
06:55 Palo Alto VPN Authentication Bypass
08:25 ChatGPT Pages Used to Deliver Malware
09:51 Wrap Up and Sign OffCybersecurity Today is Canada's leading daily cybersecurity news podcast, covering ransomware, vulnerabilities, nation-state threats, cybercrime, security research, privacy, and critical infrastructure security.
#Cybersecurity #Microsoft #PaloAltoNetworks #ChatGPT #OpenAI #Google #Polymarket #ThreatIntelligence #InfoSec #CyberSecurityToday
-
Host David Shipley speaks with cybersecurity professional Cheryl Biswas about her journey into the industry and why she believes Arctic sovereignty must be viewed as a cybersecurity challenge as much as a geopolitical one.
Biswas traces her path from political science and a help desk role at CP Rail to cybersecurity, inspired by the discovery of the Stuxnet malware and the global security community that formed around it. She discusses her experiences speaking at BSides Las Vegas, attending DEF CON, helping build a major Canadian bank's threat intelligence program, and recently earning her Certified Information Systems Security Professional (CISSP) designation.
The conversation then shifts north. As Canada invests billions in Arctic defence, communications, transportation, and critical infrastructure, Biswas explains how every new connected system can create new cyber risks. The discussion covers threats to satellites, navigation systems used by ships and aircraft, undersea communications cables, government services, healthcare, energy systems, and the fragile supply chains that support northern communities.
They also explore why collaboration with northern and Indigenous communities is essential, the importance of improving connectivity across the Arctic, and how Canada can work more closely with international partners to strengthen resilience in one of the world's most strategically important regions.
Cheryl also shares advice for newcomers to cybersecurity and discusses the kind of strategic threat intelligence and research work she hopes to pursue in the future.
Chapters
00:00 Weekend Show Kickoff
00:46 Cheryl's Cyber Origin Story
02:30 Stuxnet and Hacker Community
04:06 From BSides to DEF CON
05:10 Threat Intelligence Career Today
05:50 Arctic Sovereignty Meets Cyber
07:41 Canada's Arctic Reality Check
10:14 Why Cyber Matters Up North
12:07 Maritime and Navigation Risks
15:50 Undersea Cables and Fragile Supply
19:55 Solutions, Collaboration and Technology
24:22 Talk Feedback and How to Connect
25:42 Dream Role and Advice to Newcomers
29:16 Closing Reflections and Sendoff#Cybersecurity #ArcticSovereignty #Canada #CriticalInfrastructure #ThreatIntelligence #CISSP #CyberSecurityToday #DavidShipley #DEFCON #BSides #ArcticSecurity #NationalSecurity #CriticalInfrastructureProtection #ThreatIntel #CyberRisk
-
CISA has ordered U.S. federal civilian agencies to urgently patch an actively exploited critical Drupal SQL injection vulnerability (CVE-2026-9082) affecting PostgreSQL-backed Drupal deployments, after Imperva reported more than 15,000 attack attempts across 65 countries. Microsoft has confirmed a strange Windows Server 2016 update issue where KB5087537 can break domain controller discovery when server hostnames are exactly 15 characters long, raising more questions about patch reliability as update complexity grows.
Google has joined a coalition opposing Canada's proposed lawful access legislation, Bill C-22, warning that secret ministerial orders, possible encryption risks, and mandatory metadata retention could weaken security rather than improve it. Critics point to the Salt Typhoon telecom espionage campaign as evidence that lawful intercept systems themselves can become prime targets.
Also in this episode: Check Point says Iran-linked threat group Nimbus Manticore has deployed new malware tools including MiniFast and MiniJunk V2, with researchers noting signs that MiniFast may have been developed with AI-assisted coding techniques. The campaign used SEO poisoning and fake Oracle SQL Developer downloads to lure victims.
Timestamps:
00:00 Top Headlines Rundown
00:27 Emergency Drupal Patch Order
02:22 Microsoft Server Update Bug
04:02 Canada Lawful Access Battle
05:18 Google's Security Concerns
06:25 Salt Typhoon Lessons
07:35 Iran-Linked AI Malware
09:26 SEO Poisoning Attack
10:09 Wrap Up and Sign Off -
Is AI about to trigger a cybersecurity vulnerability explosion?
In this episode of Cybersecurity Today, David Shipley examines what some researchers are calling the early signs of a "vulnerability apocalypse" as Anthropic's Claude-powered Project Glasswing identifies thousands of potential software flaws at machine speed.
The episode breaks down the real numbers behind the hype: over 10,000 candidate vulnerabilities flagged, 1,726 confirmed high or critical findings, 97 patched issues, and the growing concern that AI-driven bug hunting could overwhelm already stretched security teams. One example: a critical WolfSSL certificate forgery vulnerability (CVE-2026-5194, CVSS 9.1).
Also in this episode: Canadian authorities arrest Ottawa suspect Jacob Butler, also known as "Dort," allegedly linked to the Kim Wolf botnet operation blamed for nearly 30 terabits-per-second distributed denial-of-service (DDoS) attacks and more than 25,000 incidents.
We also cover active exploitation of a Ghost CMS SQL injection vulnerability (CVE-2026-26980), with attackers reportedly compromising hundreds of websites using ClickFix malware lures, including high-profile targets.
And finally, an Iran-linked cyber espionage campaign dubbed "Screening Serpents" uses highly personalised fake recruitment approaches to target aerospace, defence, and telecom professionals with new remote access malware.
If you work in cybersecurity, infrastructure, or IT leadership, this is one to watch.
00:00 Vunpocalypse Headlines
00:28 AI Finds Vulnerabilities
01:32 False Positives and Costs
02:39 WolfSSL Critical CVE
03:51 Patch Volume Pressure
04:28 Kim Wolf Botnet Arrest
05:13 Botnet Scale and Swatting
06:48 International Takedowns
07:41 Ghost CMS Mass Exploits
09:07 ClickFix Infection Chain
10:25 How to Remediate Ghost
10:39 Iran Spear Phishing Ops
12:51 Closing and Sign Off#Cybersecurity #CyberSecurityToday #AIsecurity #GhostCMS #DDoS #CyberEspionage #Anthropic #ClaudeAI #IranCyberThreat #InfoSec
-
The episode recounts how GitGuardian security researcher Guillaume Valadon, while monitoring public GitHub for leaked secrets, discovered a publicly accessible repository labeled "CISA-Private" containing highly sensitive CISA materials, including internal DHS/CISA credentials, cloud keys, tokens, plaintext passwords, logs, and files such as "Important AWS Tokens" and a CSV listing usernames and passwords for internal systems. Believing a contractor likely used GitHub to move work from a work device to a home device, Valadon escalated via responsible disclosure to CERT, then involved journalist Brian Krebs to reach CISA faster when the repo remained public.
After additional outreach, the repository was made inaccessible within about a day, and Valadon praises CISA's response speed. The discussion emphasizes widespread poor secret hygiene, governance, training, and the need for organizations to monitor, rehearse, and automate detection and revocation of leaked secrets.
Cybersecurity Today would like to thank Material Security for sponsoring this podcast. Material Security provides faster, more complete detection and response for email, identity, and data threats inside Google Workspace and Microsoft 365. You can contact them at material[dot]security.
00:00 Weekend Welcome Sponsor
00:27 CISA Secrets Leak Found
03:29 Calling Brian Krebs
05:06 Meet GitGuardian Researcher
07:26 Why Leaks Happen Everywhere
10:49 Inside the CISA Repo
13:19 Disclosure and Takedown
17:04 Lessons for Organizations
22:47 Aftermath and Thanks
24:36 Show Wrap Sponsor Outro -
GitHub confirms a major supply chain breach after a malicious Visual Studio Code extension reportedly gave attackers linked to TeamPCP access to roughly 3,800 internal repositories. The bigger issue: developer workstations now hold some of the most sensitive secrets in modern software organizations.
Also today: Microsoft begins phasing out SMS-based authentication for personal accounts, calling text-message authentication a growing fraud risk as it shifts toward phishing-resistant passkeys. Researchers also disclose a nine-year-old Linux privilege escalation flaw, CVE-2026-46333, nicknamed SSH-Keysign-Pwn, which can allow root-level access with local machine access. And Proton publicly threatens to leave Canada rather than comply with proposed surveillance legislation it says would undermine its no-logs privacy promise.
Cybersecurity Today would like to thank Material Security for sponsoring this podcast. Material Security provides faster, more complete detection and response for email, identity, and data threats inside Google Workspace and Microsoft 365. You can contact them at material[dot]security.
If cybersecurity, privacy, and digital infrastructure matter to your business, this is the daily briefing you need.
Timestamps:
00:00 Top Stories Rundown
00:24 GitHub Supply Chain Breach
01:09 Developer Workstations at Risk
02:31 Microsoft Ditches SMS MFA
04:15 Linux Root Escalation Flaw
06:11 Proton vs Canada Surveillance Bill
08:03 Wrap Up and Sign Off#cybersecurity #github #microsoft #linux #protonvpn #privacy #databreach #supplychainattack #infosec #cybernews
-
A serious new Windows 11 BitLocker vulnerability, open-sourced offensive malware tools, a suspected Iranian cyber campaign targeting U.S. fuel infrastructure, and malware that appears designed to interfere with nuclear weapons simulation systems.
Cybersecurity Today would like to thank Material Security for sponsoring this podcast. Material Security provides faster, more complete detection and response for email, identity, and data threats inside Google Workspace and Microsoft 365. You can contact them at material[dot]security.
David Shipley breaks down four major cybersecurity stories on Cybersecurity Today. First, a newly disclosed zero-day dubbed YellowKey reportedly defeats default Windows 11 BitLocker protection on systems using TPM-only encryption, giving attackers with physical access a path to unencrypted data through the Windows Recovery Environment. Microsoft is investigating, while security experts are urging stronger BitLocker configurations.
The episode also examines the TeamPCP threat group's decision to release offensive tooling publicly, dramatically lowering the barrier for copycat supply-chain attacks. Researchers have already spotted malicious NPM packages borrowing similar techniques, including persistence mechanisms aimed at developer environments such as Visual Studio Code and Claude Code.
David also looks at disturbing analysis of the FAST16 malware, which researchers believe was engineered to tamper with nuclear weapons simulation software including LS-DYNA and AutoDyn. And finally, U.S. officials reportedly suspect Iranian actors in cyberattacks targeting internet-exposed gas station automatic tank gauge systems, a reminder that weak operational technology security can quickly become a real-world infrastructure problem.
00:00 Sponsor Message
00:24 Headlines Overview
00:50 BitLocker Zero Day
03:32 TeamPCP Tools Leak
06:13 Copycat NPM Malware
06:50 Fast16 Nuclear Sabotage
08:37 Iran Gas Station Hacks
10:28 Hardening Critical Infrastructure
11:16 Wrap Up And Events
11:59 Sponsor Deep Dive#Cybersecurity #Windows11 #BitLocker #ZeroDay #TeamPCP #IranCyberAttack #SupplyChainAttack #CriticalInfrastructure #CyberSecurityToday
-
A dangerous new Microsoft Exchange zero-day is being actively exploited, ransomware gangs are adopting nation-state-style tactics, two fired contractors were caught deleting U.S. government databases after accidentally recording themselves on Microsoft Teams, and Fortinet has patched critical remote code execution flaws.
In this episode of Cybersecurity Today, David Shipley breaks down four major cybersecurity stories that security teams need to know.
Cybersecurity Today would like to thank Material Security for supporting this podcast. Material security provides. faster, more complete detection and response for email, identity, and data threats inside Google Workspace and Microsoft 365. Contact them at material[dot]security
Microsoft has confirmed active exploitation of a new Exchange Server zero-day, CVE-2026-42897, affecting Exchange Server 2016, Exchange Server 2019, and Exchange Subscription Edition. There is currently no patch, only mitigations through the Exchange Emergency Mitigation Service, with some trade-offs for Outlook Web App users.Security researcher Marcus Hutchins highlights an unusually disciplined ransomware affiliate operation using tradecraft more commonly associated with nation-state attackers, including a custom SentinelOne endpoint detection and response (EDR) killer and a stripped-down toolset designed to leave fewer forensic traces.
In one of the more astonishing insider threat stories of the week, former OPEX Corporation contractors Muneeb and Sohaib Akhtar were allegedly caught deleting 96 U.S. government databases after leaving a Microsoft Teams recording running.
Also in this episode: Fortinet has released urgent patches for critical unauthenticated remote code execution vulnerabilities in FortiAuthenticator (CVE-2026-44277) and FortiSandbox (CVE-2026-26083).
If you're responsible for enterprise security, patch management, incident response, or cyber risk, this is one you need to see.
Chapters:
00:00 Sponsor Message
00:24 Headlines Intro
00:49 Ransomware Nation-State Discipline
04:18 Exchange Zero-Day Mitigation
07:01 Fired Contractors Caught Recording
09:21 Fortinet Critical Vulnerabilities
11:07 Wrap Up and Sign Off
11:38 Sponsor Deep Dive Ad#Cybersecurity #MicrosoftExchange #ZeroDay #Ransomware #Fortinet #CyberAttack #Infosec #DavidShipley #CybersecurityToday
-
David Shipley interviews Jon Ferguson, VP at CIRA, about how the Canadian Internet Registration Authority evolved from early paper-based .ca registrations at UBC into a 142-person, member-based not-for-profit running .ca and authoritative Anycast DNS infrastructure now supporting 550+ TLDs globally. Ferguson explains how .ca's Canadian presence requirements help keep abuse rates low, and how CIRA reinvests surpluses into grants and cybersecurity tools, including Canadian Shield (DNS-based malware/phishing blocking and encrypted DNS with limited data retention) used by about 500,000 people and generating about 20 million blocks per month. They discuss CIRA's focus on municipalities, schools, hospitals, and universities, its move into endpoint security and a managed detection and response partner program with Calian, and concerns about AI-driven threats, online harm, and rebuilding trust and real-world connection.
00:00 Weekend Show Kickoff
01:30 Jon's Cyber Journey
03:06 Inside CIRA DNS Role
04:59 What Is CIRA
07:23 Origin Story Of Dot Ca
13:01 Anycast DNS Explained
16:27 Canadian Shield DNS Firewall
22:21 Serving Public Sector Needs
26:18 Endpoint And MDR Expansion
35:05 Mission Over Money
40:39 What Keeps Him Up
46:19 Hope And Balance Online
50:55 Wrap Up And Thanks -
Google Cloud customers are reporting shocking surprise bills after compromised or misused API keys were allegedly used to access expensive Gemini AI services. In one case, Rod Dinan says his monthly Google Cloud costs jumped from under $50 to nearly $8,000. Sydney developer Isuru Fonseka says he was hit despite setting spending controls, raising broader questions about API key security, client-side exposure, billing alerts, and how quickly attackers can exploit AI infrastructure.
Cybersecurity Today also covers prosecutors' allegations that two fired brothers sabotaged systems tied to government-related work after access wasn't revoked quickly enough, Santa Clara County's civil lawsuit accusing Meta of profiting from scam ads on Facebook and Instagram, and Horizon3.ai's warning that attackers can exploit newly exposed systems in as little as 73 seconds while many organisations still take 24 hours or longer to respond.
If your organisation uses APIs, AI services, cloud billing controls, or internet-facing infrastructure, this episode matters.
#Cybersecurity #GoogleCloud #GeminiAI #APIKeys #CloudSecurity #Meta #ScamAds #CyberAttack #CybersecurityToday #AIsecurity
CHAPTERS
00:00 Google Cloud API Key Bill Shock
01:20 Real-World Victims: Surprise AI Charges
02:24 Why Spending Caps Didn't Stop the Damage
03:38 The Enterprise Cloud Security Risk
04:19 Fired Employees and Alleged Insider Sabotage
04:55 The Database Destruction Timeline
06:34 What This Incident Teaches Security Teams
07:10 Santa Clara County Sues Meta Over Scam Ads
08:46 Attackers Can Strike in 73 Seconds
10:14 Closing and Next Episode -
Cybersecurity Today examines a troubling set of new security developments affecting schools, software supply chains, and account security.
Instructure says it reached an "agreement" with the ShinyHunters threat group after the massive Canvas breach that may have affected up to 275 million users across 9,000 educational institutions. Reports indicate attackers exploited multiple cross-site scripting (XSS) vulnerabilities to hijack administrator sessions and post extortion demands.
Checkmarx has been breached again. This time, attackers reportedly inserted a malicious Jenkins Application Security Testing (AST) plugin designed to steal credentials. The same threat actor, believed to be Team46/TeamTNT-linked infrastructure or Team PCP depending on reporting attribution, appears to have reused secrets allegedly stolen in the earlier Trivy supply-chain compromise.
Microsoft and Google are warning organizations not to treat passkeys as a complete security solution. If weaker recovery methods or legacy credentials remain active, attackers can still bypass them.
Google's Threat Intelligence Group also reports what it describes as the first observed evidence of hostile actors using AI to assist in zero-day vulnerability research and exploit development, signalling a new phase in attacker industrialization.
Also in today's show: Santa Clara County sues Meta over alleged scam-ad profits.
Chapters
00:00 Headlines Overview
00:28 Canvas Breach Deal Fallout
01:59 How the XSS Attack Worked
03:15 Checkmarx Supply Chain Attack
05:01 Credential Rotation Lessons
05:37 Why Passkeys Aren't Enough
07:19 Layered Defence Takeaways
08:35 AI-Assisted Zero-Day Development
10:10 Industrialized AI Threats
13:08 Meta Scam Ads Lawsuit
15:19 Wrap Up -
A massive cybersecurity week.
On this episode of Cybersecurity Today, David Shipley breaks down the reported breach of Instructure's Canvas learning platform, where attacks linked to the ShinyHunters extortion group may have exposed data tied to up to 275 million user accounts across more than 9,000 educational institutions. The incident disrupted access, delayed exams, and forced Instructure to disable its "Free for Teacher" program after attackers allegedly used it to post extortion messages.
Also in this episode: the Gentlemen ransomware group suffers a major internal leak, exposing affiliate chats, tooling, victim data, and operational details — a rare look inside a live ransomware operation.
Then, General Motors agrees to a $12.75 million California settlement over allegations involving OnStar-linked driver data collection and sharing, raising fresh questions about privacy in connected vehicles.
And finally: security researchers report what appears to be the first documented AI-assisted operational technology (OT) cyberattack attempt targeting a water utility in Monterrey, Mexico. The attempt failed to reach industrial control systems, but combined with confirmed attacks on water infrastructure in Poland, it signals a worrying shift in critical infrastructure threats.
If you work in cybersecurity, IT, infrastructure, education, or privacy, this episode matters.
Chapters
00:00 Top Headlines Rundown
00:41 Canvas Mega Breach
02:44 ShinyHunters Background
03:26 Ransom Pressure Fallout
04:25 Gentlemen Ransomware Leak
05:18 Inside the Data Dump
06:18 GM OnStar Privacy Settlement
08:17 What Drivers Should Know
09:39 AI Meets OT Attacks
11:52 Monterrey Water Near Miss
13:29 Poland Water Systems Hit
15:07 Defending Critical Infrastructure
16:29 Wrap Up And Thanks#Cybersecurity #Canvas #ShinyHunters #Ransomware #OnStar #GeneralMotors #DataBreach #CriticalInfrastructure #WaterUtility #OperationalTechnology #ICS #CyberAttack #Privacy #DavidShipley #CybersecurityToday
-
This week's panel dives into the cybersecurity stories that matter most for security leaders, IT teams, and anyone watching how AI is changing risk.
Jim Love is joined by David Shipley (Beauceron Security), Laura Payne (White Tuque), and Jeff Williams (Contrast Security).
Cybersecurity Today would like to thank Material Security for supporting this podcast. Material security provides. faster, more complete detection and response for email, identity, and data threats inside Google Workspace and Microsoft 365. Contact them at material[dot]security
Topics include:Anthropic's Mythos AI security research and whether large language models can realistically replace traditional vulnerability testing
Why "vibe coding" may be creating a wave of insecure software
The growing risk of autonomous AI agents making damaging decisions
The massive Instructure Canvas data breach affecting schools, students, and educators
Alberta's voter list privacy failure and what it says about public sector data protection
Microsoft's warning about the rapid surge in QR code phishing attacks bypassing traditional email securityAI is accelerating software development. It may also be accelerating software insecurity.
If your organisation is experimenting with AI coding tools, AI agents, or automated application development, this conversation is worth your time.
#Cybersecurity #AI #DataBreach #QRPhishing #ApplicationSecurity #VibeCoding #Canvas #CyberSecurityToday #JimLove
00:00 Sponsor Message
00:22 Meet the Panel
00:55 Jeff Williams Introduction
02:21 AI Bug Hunting with Mythos
05:40 Cost and Limits of AI Security Testing
10:16 The Vibe Coding Security Problem
13:24 Context Window and Data Flow Limits
16:59 Spec-Driven AI Development
18:29 Software Liability and EU Regulation
24:47 When AI Agents Go Rogue
27:05 Trust in the AI Era
28:24 Enterprise Reality Check
29:03 Critical Thinking vs AI
30:31 Testing AI Agents Safely
31:30 Canvas Data Breach Fallout
34:45 Real-World Data Harm
38:00 Liability and Attack Methods
41:39 Alberta Voter List Privacy Failure
48:56 Government Breach Lessons
51:26 QR Code Phishing Surge
55:00 Wrap Up and Sponsor - Visa fler
