Cybersecurity Today

In this special Cybersecurity Today weekend interview, host David Shipley speaks with Amy Yee about leadership, resilience, and the human side of cybersecurity.

Amy shares her remarkable journey from electrical engineering and venture capital to becoming the inaugural Chief Digital Officer at Accreditation Canada and Health Standards Organization, where she helped build the digital foundation used by hundreds of healthcare organiza...

A special crossover episode of Cybersecurity Today and Hashtag Trending for June 19, 2026.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning after security researchers uncovered the FortiBleed dataset, exposing credentials tied to approximately 74,000 Fortinet firewall and SSL VPN devices across 194 countries. Researchers found the data on an exposed threat actor server containing attack ...

Cybersecurity Today host David Shipley reports that the FTC says Americans lost $3.5 billion to imposter scams in 2025—nearly triple 2020—with social media tied to $2.1 billion in losses and total fraud reaching about $16 billion, while the FBI estimates cyber-enabled losses nearer $21 billion and potentially far higher. Security researchers, including Katie Moussouris, argue the U.S. government's forced Anthropic model...

The U.S. government orders Anthropic to shut down foreign access to its Fable 5 and Mythos 5 AI models after the Pentagon labels the company a supply-chain risk.

David Shipley examines what may be  behind the decision and what it means for countries and businesses that depend on American AI platforms.

The FBI also disrupts Outsider Enterprise, a China-based phishing-as-a-service network linked to more than 9,000 fake websites,...

Cybersecurity Today on the Weekend interviews the winning Canadian CyberTitan team ("S-ores"/a regex-based name) along with coach Phil, educator Tim, and CyberTitan manager Sheena to explain how CyberTitan (run by ICTC) connects to the international CyberPatriot program. They describe the competition mechanics—securing compromised Windows, Windows Server, and Linux virtual machines for points, plus Cisco Packet Tracer network...

Anthropic is calling for governments to have the authority to stop deployment of advanced AI systems that pose unacceptable risks. CEO Dario Amodei points to the company's Mythos cybersecurity model as proof that AI has become a matter of national and strategic consequence, warning that cyber risks may soon be followed by biological and autonomy risks.

Meanwhile, security researcher Nightmare Eclipse has released RoguePlanet, a new...

Instagram AI Support Hack Hits 20,225 Accounts; AI Worm 'Hades' Lies to Security Tools; Chrome Zero-Day Patch

Host David Shipley reports Meta says 20,225 Instagram accounts were hijacked after an AI support tool was tricked into sending reset links to attacker-controlled emails, with only MFA-protected accounts resisting. Step Security details a new Miasma-derived worm wave called Hades that targets config files for 14 AI coding to...

TClaude Outage Data Leak Fears, Microsoft GitHub Worm, IBM Hack Allegations, Meta AI Instagram Takeovers, and Canada's Bill C-8

David Shipley reports that Anthropic's Claude suffered a roughly two-hour outage affecting models including Opus, during which a user alleged receiving another customer's conversation; Anthropic says it has no evidence of a data leak and is investigating. A Team PCP self-spreading worm, Miasma, infected 73...

Host Jim Love and panelists David Shipley, Laura Payne, and Jeff Williams discuss a researcher ("Chaotic/Nightmare Eclipse") publicly disclosing multiple Windows zero-days affecting components including Defender and BitLocker, frustration with Microsoft's vulnerability disclosure process, and backlash to Microsoft's initially threatening tone before it was partially walked back; the panel debates responsible disclosure, the need fo...

A newly disclosed attack called HTTP/2 Bomb can crash major web servers in seconds using a single computer and a modest internet connection. Researchers say the attack combines two known techniques into a powerful memory-exhaustion exploit affecting widely used platforms including Apache, NGINX, Microsoft IIS, and Envoy. The attack also highlights a growing trend in cybersecurity research: the use of artificial intelligence to unco...

Cybersecurity Today for June 2, 2026.

Microsoft has backed away from its hard-line stance against vulnerability researchers after widespread criticism from the security community. The dispute began after independent researcher Nightmare Eclipse published proof-of-concept code for unpatched Microsoft vulnerabilities, triggering a public debate over responsible disclosure, zero-days, and researcher relations.

Cybersecurity Today woul...

Microsoft's dispute with a former security researcher takes a dramatic turn as the company raises the possibility of criminal action over the publication of proof-of-concept code for unpatched zero-day vulnerabilities. David Shipley examines the escalating conflict between Microsoft and "Nightmare Eclipse," the criticism from prominent security researchers including Kevin Beaumont and Katie Moussouris, and what the controversy coul...

Host David Shipley speaks with cybersecurity professional Cheryl Biswas about her journey into the industry and why she believes Arctic sovereignty must be viewed as a cybersecurity challenge as much as a geopolitical one.

Biswas traces her path from political science and a help desk role at CP Rail to cybersecurity, inspired by the discovery of the Stuxnet malware and the global security community that formed around it. She discus...

CISA has ordered U.S. federal civilian agencies to urgently patch an actively exploited critical Drupal SQL injection vulnerability (CVE-2026-9082) affecting PostgreSQL-backed Drupal deployments, after Imperva reported more than 15,000 attack attempts across 65 countries. Microsoft has confirmed a strange Windows Server 2016 update issue where KB5087537 can break domain controller discovery when server hostnames are exactly 15 char...

Is AI about to trigger a cybersecurity vulnerability explosion?

In this episode of Cybersecurity Today, David Shipley examines what some researchers are calling the early signs of a "vulnerability apocalypse" as Anthropic's Claude-powered Project Glasswing identifies thousands of potential software flaws at machine speed.

The episode breaks down the real numbers behind the hype: over 10,000 candidate vulnerabilities flagged, 1,726 ...

The episode recounts how GitGuardian security researcher Guillaume Valadon, while monitoring public GitHub for leaked secrets, discovered a publicly accessible repository labeled "CISA-Private" containing highly sensitive CISA materials, including internal DHS/CISA credentials, cloud keys, tokens, plaintext passwords, logs, and files such as "Important AWS Tokens" and a CSV listing usernames and passwords for internal systems. Beli...

GitHub confirms a major supply chain breach after a malicious Visual Studio Code extension reportedly gave attackers linked to TeamPCP access to roughly 3,800 internal repositories. The bigger issue: developer workstations now hold some of the most sensitive secrets in modern software organizations.

Also today: Microsoft begins phasing out SMS-based authentication for personal accounts, calling text-message authentication a growing...

A serious new Windows 11 BitLocker vulnerability, open-sourced offensive malware tools, a suspected Iranian cyber campaign targeting U.S. fuel infrastructure, and malware that appears designed to interfere with nuclear weapons simulation systems.

 Cybersecurity Today would like to thank Material Security for sponsoring this podcast. Material Security provides faster, more complete detection and response for email, identity, and dat...

A dangerous new Microsoft Exchange zero-day is being actively exploited, ransomware gangs are adopting nation-state-style tactics, two fired contractors were caught deleting U.S. government databases after accidentally recording themselves on Microsoft Teams, and Fortinet has patched critical remote code execution flaws.

In this episode of Cybersecurity Today, David Shipley breaks down four major cybersecurity stories that security...