- 12 minutes 42 secondsA questionable breach, bad routers at home and at work and AI gives defenders a winThis episode covers a hacker's claim of stealing 35GB from Accenture—including source code, Azure personal access tokens, RSA keys, and SSH keys—while Accenture calls it an isolated, remediated matter, leaving uncertainty about potential downstream risk to its Fortune 500-heavy client base. It also highlights a deepfake image of Senator Mitch McConnell debunked after Google's invisible SynthID watermark identified it as AI-generated, noting watermarking depends on tool participation. The show warns of an undocumented Tenda router firmware backdoor using an alternate password ("RZadmin") with no patch available, and reports Ubiquiti fixes for seven critical UniFi OS vulnerabilities, including a max-severity command injection in UniFi Connect. Finally, it describes how Venture Employer Solutions used ML/LLMs to filter low-value logs before SIEM ingestion, cutting firewall log volume 83%, saving about $250K annually, and halving mean time to response. 00:00 Sponsor NordLayer 00:37 Headlines Intro 01:08 Accenture Breach Claim 04:25 Deepfake Watermark Win 05:47 Tenda Router Backdoor 07:22 UniFi Critical Fixes 09:10 AI Cuts Log Noise 11:09 Wrap Up And Thanks 11:41 Sponsor Message10 July 2026, 2:00 am
- 13 minutes 53 secondsScattered Spider squashed, Rogue Agent AI flaw, 16 year-old Linux bug and new phish hunts marketersCybersecurity Today host David Shipley covers how a newly unsealed U.S. complaint tied an alleged Scattered Spider member to a luxury retailer intrusion using a persistent Windows device ID, with prosecutors alleging help-desk social engineering, admin account takeover, data exfiltration, and an $8 million ransom demand; the episode also notes additional Scattered Spider-related guilty pleas in the U.K. and U.S. The show reports Google patched "Rogue Agent," a Dialogflow CX permission-boundary issue involving Python code blocks in Cloud Run that could enable data theft or credential prompts across agents in a shared project. It details "Janus Escape" (CVE-2026-53359), a 16-year-old Linux KVM use-after-free enabling guest-to-host escapes in cloud environments, patched in June. The show explores Apple's shift to out-of-band security updates due to AI-accelerated exploitation, and a multi-platform redirect phishing campaign using fake job interviews and browser-in-browser Google login prompts targeting marketers' Google accounts. 00:00 Sponsor NordLayer 00:36 Headlines Intro 01:03 Scattered Spider Traced 03:16 More Spider Arrests 04:31 Google Rogue Agent 06:24 Linux Janus Escape 08:04 Apple Patching Shift 10:04 Marketer Phish Chain 12:17 Wrap Up Thanks 12:53 Sponsor Message8 July 2026, 2:00 am
- 14 minutes 26 secondsAI-Run Ransomware, New Oracle Critical Flaw, NetNut bustedAI-Run Ransomware, New Oracle 9.8 Flaw Exploited, NetNut Proxy Network Busted, and Pegasus Hits EU Spyware Investigator This episode covers researchers' report of "Jade Puffer," the first ransomware attack run end-to-end by an autonomous AI agent, which exploited a patched Langflow RCE (CVE-2025-3248) but showed flaws like weak AES-128 ECB encryption and an unusable key. It also warns of active exploitation of a critical Oracle Payments vulnerability (CVE-2026-46817, CVSS 9.8) alongside ongoing fallout from a separate PeopleSoft zero-day (CVE-2026-35273) used by ShinyHunters/UNC6240. A joint operation involving Google disrupted the NetNut residential proxy botnet, affecting millions of hijacked devices. Researchers detail a likely $1M extortion-only payment tied to Union County, Ohio, and Citizen Lab reports EU lawmaker Stelios Kouloglou was hacked with Pegasus during spyware-abuse investigations via a HomeKit zero-day. 00:00 Today's Cyber Headlines 00:55 AI Agent Ransomware Debut 03:32 Oracle Payments Under Attack 06:00 NetNut Proxy Network Takedown 08:29 Million Dollar Data Extortion 10:50 Pegasus Hits EU Investigator 12:48 Wrap Up and Sign Off6 July 2026, 2:00 am
- 10 minutes 58 secondsTeams battles bots, Bioshocking AI browser guardrails, Fortibleed fuels ransomwareTeams cracks down on meeting bots, AI guardrails get bypassed, FortiBleed fuels ransomware, and Nissan confirms PeopleSoft breach Microsoft rolls out a new Teams admin policy, "Manage External Bots and Their Access to Meetings," to detect third‑party bots, hold them in the lobby with labels, and require organizer approval, with future allow lists, full blocks, reports, and audit logs planned. Anthropic's Fable 5 returns globally after U.S. export controls are lifted, though higher‑risk requests may be routed to weaker models and Mythos restrictions remain, with Commerce reserving the right to reimpose controls. Researchers describe "Bioshocking," tricking AI browsers into abandoning guardrails via delusional puzzle prompts, while Adversa AI's "Guardfall" shows how Bash text rewriting can bypass command filters in many coding agents. SOC Radar links FortiBleed credential theft to InkRansom and Lynx ransomware activity across hundreds of FortiGate portals. Nissan confirms employee data theft tied to a PeopleSoft zero‑day campaign linked to ShinyHunters. 00:00 Today's Cyber Headlines 00:27 Teams Blocks Meeting Bots 01:58 Anthropic Fable Returns 03:22 Bioshocking Browser Attack 05:09 Guardfall Shell Bypass 06:51 FortiBleed Fuels Ransomware 07:59 Nissan PeopleSoft Breach 10:10 Wrap Up And Sign Off3 July 2026, 2:00 am
- 11 minutes 13 secondsUS puts $10m bounty on Russian hackers, new phish hunts hotels, Supreme Court reins in geofencing
US Puts $10M Bounty on Russian Hackers, Supreme Court Limits Geofence Warrants, New phishing campaign targets hotels, AI Coding Agents Tricked into Malware and Canada's Electronic Spies Go After Ransomware Gangs.
The episode covers the US State Department's up to $10 million reward for information on Russia-linked hacker groups UNC 5792 and UNC 4221 tied to phishing campaigns that compromise Signal and WhatsApp accounts by stealing Signal backup recovery keys.
It also explains a US Supreme Court 6–3 ruling limiting geofence warrants by recognizing Fourth Amendment privacy protections for phone location data and requiring probable cause and narrower requests.
Mozilla ODIN researchers demonstrate a proof of concept where a clean GitHub repo can cause AI coding agents to run an init command that executes attacker-controlled code via DNS and opens a reverse shell.
A hotel-focused phishing campaign using Calendly and Google redirects delivers ZIP files that install the Tonrat implant through PowerShell and a user-space Node.js runtime.
Finally, Canada's CSE says it disrupted infrastructure used by 10 major ransomware groups and reports incident volumes rising nearly 26% year over year.
00:24 Top Headlines Rundown 00:54 10 Million Bounty Russian Hackers 02:42 Supreme Court Limits Geofence Warrants 03:56 AI Coding Agent Repo Trap 05:31 Listener Thanks And Reviews 05:51 Hotel Front Desk Phishing Attack 08:01 Canada Disrupts Ransomware Gangs 09:45 Closing And Sign Off
1 July 2026, 2:30 am - 11 minutes 14 secondsUS Restricts Frontier AI models
US Loosens Anthropic Claude Mythos Access, Unpatchable iPhone Exploit Emerges, and CISO Burnout Drives Fractional Shift
Washington granted a partial reprieve allowing Anthropic's Claude Mythos to be released to more than 100 approved U.S. firms and institutions after export controls paused Mythos and the more restricted Fable 5, with access still limited to vetted American entities; the same day, OpenAI's GPT 5.6 was also restricted to government-approved partners under a Trump executive order requiring review of cyber-capable models.
The episode also covers Canadian hacktivist Aubrey Cottle's 18-month sentence for the 2021 Texas GOP hack and bail breaches, with possible U.S. charges pending. Researchers disclosed "USBliterate," an unpatchable physical USB exploit in the Secure ROM of older A12/A13 iPhones that aids forensic extraction.
Finally, a survey finds rising CISO burnout, fewer full-time CISOs, growth in fractional CISO roles, and AI—especially shadow AI—overtaking liability as the top stressor.
00:55 AI Export Controls Shift
03:37 Anonymous Hacker Sentenced
05:32 Unpatchable iPhone Boot Exploit
07:30 CISO Burnout And Exodus
09:40 Wrap Up And Sign Off
29 June 2026, 2:15 am - 37 minutes 15 secondsWhy Car Dealerships Are Prime Cyber Targets: Fraud, Resilience, and Security Leadership with Jennifer Hutton
Cybersecurity Today would like to than Material Security for their support of this podcast.
On Cybersecurity Today on the Weekend, the host speaks with Jennifer Hutton, a cybersecurity leader in the car dealership sector, about how she entered cybersecurity through increasing cyber insurance requirements and why dealerships are prime targets because they hold bank-level sensitive data and run complex digital and IoT ecosystems. They discuss the rise of cyber-enabled fraud, including impersonation scams, smishing, and synthetic identity fraud, and the need to educate both employees and customers. Hutton describes gaps in industry resources, especially for smaller dealers, and contrasts regulatory pressures such as updated FTC safeguards rules in the U.S. She emphasizes servant leadership, empathy, and communicating risk in business terms, arguing that cyber risk is business risk. The conversation also covers supply chain disruption from the CDK ransomware incident and the importance of incident response, business continuity, and resiliency-focused planning.
00:00 Weekend Show Kickoff 01:14 Jennifer's Cyber Origin 02:53 Why Dealerships Are Targets 04:30 Scams And Synthetic IDs 08:32 Industry Gaps And Sharing 10:42 Regulation And Tech Shift 13:48 Leading With Business Risk 21:29 Servant Leadership And AI 25:21 Empathy In Tech Teams 28:16 CDK Ransomware Lessons 29:53 Resilience Over Prevention 32:08 Advice To Dealership Leaders 34:49 Closing Thanks
27 June 2026, 4:15 am - 10 minutes 56 secondsMalware gaslights AIMac Malware Gaslights AI, Major Info-Stealer Takedown, OpenAI's Patch the Planet, and FortiBleed Fallout Mac malware called "Gaslight," attributed to North Korea-aligned actors, plants fake system messages designed to derail AI-based analysis while stealing data and exfiltrating it via a Telegram bot. Microsoft and Europol disrupted the Amadey and SteelC info-stealer ecosystem by seizing/shuttering infrastructure after identifying 140,000 infections in early May and over 200 command-and-control domains and IPs, as part of Operation Endgame. OpenAI announced "Patch the Planet," a joint effort with Trail of Bits and HackerOne to help open-source projects find and fix bugs amid AI-generated report flooding, alongside a new GPT 5.5 Cyber benchmark result. New FortiBleed reporting underscores that the campaign relies on credential reuse against exposed FortiGate devices and may require rotating far more than just firewall passwords. 00:00 Sponsor Message 00:25 Headlines Overview 00:55 Mac Malware Gaslight 02:00 Telegram C2 And Stealer 02:50 Info Stealer Takedown 04:08 Operation Endgame Impact 04:47 OpenAI Patch The Planet 06:16 AI Models And Export Rules 07:08 FortiBleed Recap 08:13 Inside The FortiGate 08:59 Rotate Credentials Now 09:26 Closing And Sign Off26 June 2026, 3:55 am
- 10 minutes 38 secondsFortiBleed: Fortinet Says It's Not a Bug
Fortinet finally weighs in on FortiBleed - it's not a bug. Plus a healthcare AI firm loses 1.4 million people's data to a single phishing email, a trading bot built to prey on others gets played for $15 million, and LastPass lands back on a breach list it didn't cause. 00:00 Headlines 00:28 Xsolis Phishing Fallout 01:47 Texas License Vendor Hack 02:59 MEV Bot Gets Robbed 05:26 FortiBleed Fortinet Response 06:42 LastPass Caught in Clue 08:40 Wrap Up and Sign Off
24 June 2026, 4:15 am - 10 minutes 3 secondsStolen OAuth Tokens Hit Security Firms, AryStinger Router Botnet Emerges, AI Deepfake Cyberstalking
A breach at market intelligence platform Klue allowed attackers to steal OAuth tokens linking Clue to customers' Salesforce environments, enabling quiet API-driven data extraction from firms including Huntress, Recorded Future, Tanium, and Jamf; Clue revoked tokens, removed the legacy integration credential involved, and engaged CrowdStrike as Icarus threatens extortion, echoing earlier Salesforce token-theft campaigns affecting nearly 1,000 companies.
Researchers also detail AriStinger, a new botnet infecting 4,000+ end-of-life D-Link routers to scan, proxy, tunnel, execute commands, and hijack DNS, with many infections in South Korea and China. The episode covers federal cyberstalking charges against Anthony Belford for allegedly using fake accounts and AI-generated nude images, and ESET's report that the "Gentleman" ransomware crew is developing modular EDR-killing tools to disable endpoint defenses.
00:00 Top Stories Teaser 00:29 Clue OAuth Token Breach 02:32 Salesforce Token Attack Trend 04:14 AryStinger Router Botnet 05:33 AI Deepfake Cyberstalking Case 07:50 Gentleman EDR Killer Arsenal 09:37 Wrap Up And Sign Off
22 June 2026, 12:15 am - 29 minutes 59 seconds5 People You Meet In Cybersecurity - David Shipley Interviews Amy Lee
In this special Cybersecurity Today weekend interview, host David Shipley speaks with Amy Yee about leadership, resilience, and the human side of cybersecurity.
Amy shares her remarkable journey from electrical engineering and venture capital to becoming the inaugural Chief Digital Officer at Accreditation Canada and Health Standards Organization, where she helped build the digital foundation used by hundreds of healthcare organizations across Canada.
The conversation takes a deeply personal turn as Amy recounts leading through a ransomware attack that struck her organization before tabletop exercises and incident-response planning had become routine. She describes the chaos of the first 48 hours, the emotional toll on staff, the difficult weeks that followed, and the lessons learned during a 60-day recovery effort.
Amy also discusses her popular conference talk inspired by Mitch Albom's The Five People You Meet in Heaven, reimagined for cybersecurity. She explores five people every cyber professional encounters during their career: the person they protected, the person who challenged them, the person who gave them a chance, the person they failed, and the person they inspired.
This is a conversation about cybersecurity, leadership, resilience, mentorship, and finding meaning in a profession that often works behind the scenes.
Topics covered:
Ransomware incident response Cybersecurity leadership Healthcare cybersecurity Digital transformation Executive crisis management Building cyber resilience Career growth in technology Mentorship and leadership lessons The human side of cybersecurity
Guest: Amy Yee Host: David Shipley Podcast: Cybersecurity Today
#Cybersecurity #Ransomware #Leadership #
Chapters
00:00 Weekend Show Intro 01:22 Amy's Career Origin 02:13 Becoming Chief Digital Officer 03:56 Ransomware Wake Up Call 06:46 Inside the First 48 Hours 08:26 The Low Point Weeks In 10:57 Finding a Path Forward 11:55 Leadership Lessons After Incidents 15:01 Five People in Cyber 17:16 Invisible Impact and Resilience 19:38 The Five Archetypes Explained 21:42 Stories From the Community 24:14 Wired for Change Podcast 27:30 Advice to Younger Amy 28:49 Closing and Off Mic Wrap
20 June 2026, 4:15 am - More Episodes? Get the App