Cybersecurity Today

Medical Device Breaches, Anti-Scam Pledge Scrutiny, AI Font Trick, and Iran-Linked Cyber Updates.

Cybersecurity Today  would like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking stack, wired, wireless and cellular in one integrated solution that's built for performance and scale.  You can find them at Meter.com/cst

The episode covers several cybersecurity stories: Intuitive Surgic...

Alleged Canadian 'The Comm' Hacker Arrested, Interpol's Operation Synergia Takedown, Stryker Cyberattack Update and more..

Cybersecurity Today  would like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking stack, wired, wireless and cellular in one integrated solution that's built for performance and scale.  You can find them at Meter.com/cst

Host David Shipley covers new details on ...

Gemini in Google Workspace, Agentic AI, and Managing AI Anxiety (with Accenture's Krish Banerjee)

Cybersecurity Today  would like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking stack, wired, wireless and cellular in one integrated solution that's built for performance and scale.  You can find them at Meter.com/cst

In a special edition of Project Synapse shared with Cybersecurity ...

AI Agent Hacks McKinsey Chatbot in 2 Hours, NPM Phantom Raven, Router Malware & Trojaned AI Models

This episode covers how researchers at CodeWall used an autonomous AI security agent to gain read/write access to McKinsey's internal chatbot Lilli database in about two hours by chaining exposed APIs and an SQL injection, potentially exposing 46.5 million chats, 728,000 files, 57,000 accounts, and 95 system prompts, with McKinsey say...

Fake Claude Code Installs, Arpa Phishing, Zombie ZIP Malware Evasion, and Iran/Israel Cyber Retaliation

This episode covers four major security stories: the "InstaFix" campaign using Google sponsored ads and cloned Claude Code install pages to trick developers into pasting terminal commands that deploy the TeraStealer credential-stealing malware; a phishing technique abusing the special-use .arpa domain and IPv6 reverse DNS to evad...

Coruna iOS Exploit Kit Goes Mass-Market, FBI Wiretap Platform Breach Probe, Windows Terminal ClickFix, and Iran-War Cyber Escalation

This episode covers several major cybersecurity developments: Google's Threat Intelligence Group details Coruna, a sophisticated iOS exploit kit with 23 exploits and multiple chains affecting iOS 13–17.2.1, shifting from targeted surveillance use to cryptocurrency-scam distribution and a PlasmaLoader ...

Cybersecurity Today Month in Review: Iran Conflict Cyber Spillover, IoT Cameras, AI Hacking Tools, and Resilience Planning

In this weekend month-in-review episode, host Jim Love and panelists David Shipley, Laura Payne, Neil Bisson, and Chris "CJ" Johnson discuss cyber and infrastructure impacts tied to the US/Israel–Iran conflict, including reported compromise of traffic camera networks for targeting, Iran's defensive internet shu...

Wikipedia JavaScript Worm, ICE Contractor Data Leak Claim, and Leak Base Takedown

Wikipedia admins contained a self-propagating JavaScript worm that spread via infected user script files, executing in logged-in editors' browsers and using authenticated sessions to copy itself into other scripts, sometimes affecting global scripts; administrators restricted edits, reverted and suppressed changes, replaced compromised scripts, and co...

AI-Driven Warfare, Open-Source Attack Tooling, CISA Shakeups, Healthcare Ransomware, and GPS Jamming Risks

Host David Shipley covers reports that hacked Tehran traffic cameras and an AI-powered targeting system helped a joint U.S.-Israeli operation ("Epic Fury") track and strike Iran's leadership, highlighting the growing role of compromised infrastructure and AI in modern conflict. Researchers also link the open-source toolkit Cyb...

OpenClaw AI Agent Hijack, CISA Leadership Shakeup, Iran Cyber Campaign, Air-Gap Malware, and Robot Vacuum Flaw

Jim Love covers multiple cybersecurity stories: Oasis Security revealed "ClawJacked," a high-severity OpenClaw AI agent framework flaw caused by missing rate limiting on the local gateway, enabling malicious web pages to brute-force passwords via WebSockets, register a trusted device, and take over agents; OpenClaw patched...

Identity, AI Agents, and the Session Token Time Bomb | Carey Frey (CSO, TELUS) on Cybersecurity Today

In this Cybersecurity Today weekend edition, David Shipley interviews Carey Frey, Chief Security Officer at TELUS, about the evolution of identity security and why it's a growing risk in the age of generative and agentic AI. Frey recounts his career from Canada's Communications Security Establishment to leading TELUS's internal sec...

Cisco SD-WAN Bug Actively Exploited, MCP Azure Takeover Demo, CarGurus Data Leak, and Secret Service Scam Recovery

Host Jim Love covers four cybersecurity stories: CSA warns a critical Cisco Catalyst SD-WAN controller vulnerability (CVE-2026-20127) has been exploited since 2023, enabling authentication bypass and rogue peering sessions, and orders U.S. federal agencies to inventory systems, collect logs and forensic artifacts, hunt...

Discord Drops Persona Age Verification, SolarWinds Serv-U Critical RCEs, Splunk Windows Priv Esc, and Smart TV Screenshot Surveillance Lawsuits

In this episode of Cybersecurity Today, host Jim Love covers Discord ending its age-verification experiment with Persona after user backlash and researcher findings that Persona's front-end code suggested up to 269 verification checks, including watch list screening and risk scoring, amid a...

AI-Accelerated FortiGate Breaches, Amazon Kiro Prod Disruption, Claude Code Security, Salt Typhoon Warning, and Youth Radicalization Risks

Episode of Cybersecurity Today (hosted by David Shipley) covering: a Russian-speaking hacker using AI-written automation tools to breach 600+ Fortinet FortiGate firewalls across 55 countries by exploiting weak passwords and exposed management interfaces without MFA, with advice to lock down edge...

Jim Love discusses how rapid adoption of agentic AI is repeating the industry pattern of shipping technology without security, citing issues like vulnerabilities in Anthropic's MCP and insecure open-source agent tools. He interviews Ido Shlomo, co-founder and CTO of Token Security, who argues AI agents are fundamentally hard to secure because they are non-deterministic, have infinite input/output space, and often require broad perm...

CISA Orders Emergency Patch for Actively Exploited Dell Flaw; Texas Sues TP-Link; Massive ID Verification Data Leak; SSA Database Leak Allegations

Host Jim Love covers four cybersecurity stories: 

Cybersecurity Today  would like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking stack, wired, wireless and cellular in one integrated solution that's built for performance and scale.  Yo...

Info Stealers Target OpenClaw, a Robot Vacuum API Flaw Exposes Thousands, Best Buy Fraud Shows Zero Trust Context, and Canada Goose Data Leaked via Supplier

The episode covers multiple security incidents and lessons. Hudson Rock details how an info stealer malware infection can vacuum OpenClaw data, including authentication tokens, master keys, device private cryptographic keys, and the agent-defining soul.md file that can reveal a...

This episode covers multiple active threats and security changes. It warns of an actively exploited critical BeyondTrust remote access vulnerability (CVE-2026-1731, CVSS 9.9) enabling pre-authentication remote code execution in Remote Support and Privileged Remote Access, noting SaaS was patched while on-prem deployments require urgent manual updates and may already be compromised. Microsoft details an evolution of the ClickFix soc...