Cybersecurity Today

Epizode

• Microsoft Threatens Security Researcher | Palo Alto VPN Exploited | Google Insider Trading Case 01.06.2026 11min

  Microsoft's dispute with a former security researcher takes a dramatic turn as the company raises the possibility of criminal action over the publication of proof-of-concept code for unpatched zero-day vulnerabilities. David Shipley examines the escalating conflict between Microsoft and "Nightmare Eclipse," the criticism from prominent security researchers including Kevin Beaumont and Katie Moussouris, and what the controversy could mean for the future of vulnerability disclosure. Cybersecurity Today would like to thank Material Security for sponsoring this podcast. Material Security provides faster, more complete detection and response for email, identity, and data threats inside Google Workspace and Microsoft 365. You can contact them at material[dot]security. The episode also explores a new category of insider risk after U.S. prosecutors charged Google security engineer Michael Spagnuolo with allegedly using confidential Google search trend data to earn more than $1.2 million on the prediction market Polymarket. The case highlights how prediction markets may create unexpected incentives around non-financial corporate information. Also covered: active exploitation of Palo Alto Networks' GlobalProtect VPN authentication bypass vulnerability CVE-2026-0257, now added to CISA's Known Exploited Vulnerabilities (KEV) catalogue, and a malware campaign that abuses legitimate ChatGPT sharing pages and Google Ads to trick users into downloading malicious software. Researchers also report similar abuse of Anthropic's Claude Artifacts feature. Chapters 00:00 Top Headlines Rundown 00:26 Microsoft vs Zero-Day Researcher 01:28 Responsible Disclosure Fallout 03:32 Why This Dispute Matters 04:32 Polymarket Insider Trading Case 06:07 Prediction Markets Create New Insider Risks 06:55 Palo Alto VPN Authentication Bypass 08:25 ChatGPT Pages Used to Deliver Malware 09:51 Wrap Up and Sign Off Cybersecurity Today is Canada's leading daily cybersecurity news podcast, covering ransomware, vulnerabilities, nation-state threats, cybercrime, security research, privacy, and critical infrastructure security. #Cybersecurity #Microsoft #PaloAltoNetworks #ChatGPT #OpenAI #Google #Polymarket #ThreatIntelligence #InfoSec #CyberSecurityToday
• Cybersecurity & Arctic Sovereignty: Protecting Canada's Most Vulnerable Infrastructure Cheryl Biswas 29.05.2026 29min

  Host David Shipley speaks with cybersecurity professional Cheryl Biswas about her journey into the industry and why she believes Arctic sovereignty must be viewed as a cybersecurity challenge as much as a geopolitical one. Biswas traces her path from political science and a help desk role at CP Rail to cybersecurity, inspired by the discovery of the Stuxnet malware and the global security community that formed around it. She discusses her experiences speaking at BSides Las Vegas, attending DEF CON, helping build a major Canadian bank's threat intelligence program, and recently earning her Certified Information Systems Security Professional (CISSP) designation. The conversation then shifts north. As Canada invests billions in Arctic defence, communications, transportation, and critical infrastructure, Biswas explains how every new connected system can create new cyber risks. The discussion covers threats to satellites, navigation systems used by ships and aircraft, undersea communications cables, government services, healthcare, energy systems, and the fragile supply chains that support northern communities. They also explore why collaboration with northern and Indigenous communities is essential, the importance of improving connectivity across the Arctic, and how Canada can work more closely with international partners to strengthen resilience in one of the world's most strategically important regions. Cheryl also shares advice for newcomers to cybersecurity and discusses the kind of strategic threat intelligence and research work she hopes to pursue in the future. Chapters 00:00 Weekend Show Kickoff 00:46 Cheryl's Cyber Origin Story 02:30 Stuxnet and Hacker Community 04:06 From BSides to DEF CON 05:10 Threat Intelligence Career Today 05:50 Arctic Sovereignty Meets Cyber 07:41 Canada's Arctic Reality Check 10:14 Why Cyber Matters Up North 12:07 Maritime and Navigation Risks 15:50 Undersea Cables and Fragile Supply 19:55 Solutions, Collaboration and Technology 24:22 Talk Feedback and How to Connect 25:42 Dream Role and Advice to Newcomers 29:16 Closing Reflections and Sendoff #Cybersecurity #ArcticSovereignty #Canada #CriticalInfrastructure #ThreatIntelligence #CISSP #CyberSecurityToday #DavidShipley #DEFCON #BSides #ArcticSecurity #NationalSecurity #CriticalInfrastructureProtection #ThreatIntel #CyberRisk
• CISA Orders Emergency Drupal Patch | Microsoft Server Bug | Google Fights Canada Surveillance Bill 27.05.2026 10min

  CISA has ordered U.S. federal civilian agencies to urgently patch an actively exploited critical Drupal SQL injection vulnerability (CVE-2026-9082) affecting PostgreSQL-backed Drupal deployments, after Imperva reported more than 15,000 attack attempts across 65 countries. Microsoft has confirmed a strange Windows Server 2016 update issue where KB5087537 can break domain controller discovery when server hostnames are exactly 15 characters long, raising more questions about patch reliability as update complexity grows. Google has joined a coalition opposing Canada's proposed lawful access legislation, Bill C-22, warning that secret ministerial orders, possible encryption risks, and mandatory metadata retention could weaken security rather than improve it. Critics point to the Salt Typhoon telecom espionage campaign as evidence that lawful intercept systems themselves can become prime targets. Also in this episode: Check Point says Iran-linked threat group Nimbus Manticore has deployed new malware tools including MiniFast and MiniJunk V2, with researchers noting signs that MiniFast may have been developed with AI-assisted coding techniques. The campaign used SEO poisoning and fake Oracle SQL Developer downloads to lure victims. Timestamps: 00:00 Top Headlines Rundown 00:27 Emergency Drupal Patch Order 02:22 Microsoft Server Update Bug 04:02 Canada Lawful Access Battle 05:18 Google's Security Concerns 06:25 Salt Typhoon Lessons 07:35 Iran-Linked AI Malware 09:26 SEO Poisoning Attack 10:09 Wrap Up and Sign Off
• AI Vulnerability Explosion, Kim Wolf Botnet Arrest, Ghost CMS Hack, Iran Cyber Espionage 25.05.2026 13min

  Is AI about to trigger a cybersecurity vulnerability explosion? In this episode of Cybersecurity Today, David Shipley examines what some researchers are calling the early signs of a "vulnerability apocalypse" as Anthropic's Claude-powered Project Glasswing identifies thousands of potential software flaws at machine speed. The episode breaks down the real numbers behind the hype: over 10,000 candidate vulnerabilities flagged, 1,726 confirmed high or critical findings, 97 patched issues, and the growing concern that AI-driven bug hunting could overwhelm already stretched security teams. One example: a critical WolfSSL certificate forgery vulnerability (CVE-2026-5194, CVSS 9.1). Also in this episode: Canadian authorities arrest Ottawa suspect Jacob Butler, also known as "Dort," allegedly linked to the Kim Wolf botnet operation blamed for nearly 30 terabits-per-second distributed denial-of-service (DDoS) attacks and more than 25,000 incidents. We also cover active exploitation of a Ghost CMS SQL injection vulnerability (CVE-2026-26980), with attackers reportedly compromising hundreds of websites using ClickFix malware lures, including high-profile targets. And finally, an Iran-linked cyber espionage campaign dubbed "Screening Serpents" uses highly personalised fake recruitment approaches to target aerospace, defence, and telecom professionals with new remote access malware. If you work in cybersecurity, infrastructure, or IT leadership, this is one to watch. 00:00 Vunpocalypse Headlines 00:28 AI Finds Vulnerabilities 01:32 False Positives and Costs 02:39 WolfSSL Critical CVE 03:51 Patch Volume Pressure 04:28 Kim Wolf Botnet Arrest 05:13 Botnet Scale and Swatting 06:48 International Takedowns 07:41 Ghost CMS Mass Exploits 09:07 ClickFix Infection Chain 10:25 How to Remediate Ghost 10:39 Iran Spear Phishing Ops 12:51 Closing and Sign Off #Cybersecurity #CyberSecurityToday #AIsecurity #GhostCMS #DDoS #CyberEspionage #Anthropic #ClaudeAI #IranCyberThreat #InfoSec
• Researcher Finds Public GitHub Repo Exposing Sensitive CISA Credentials 23.05.2026 26min

  The episode recounts how GitGuardian security researcher Guillaume Valadon, while monitoring public GitHub for leaked secrets, discovered a publicly accessible repository labeled "CISA-Private" containing highly sensitive CISA materials, including internal DHS/CISA credentials, cloud keys, tokens, plaintext passwords, logs, and files such as "Important AWS Tokens" and a CSV listing usernames and passwords for internal systems. Believing a contractor likely used GitHub to move work from a work device to a home device, Valadon escalated via responsible disclosure to CERT, then involved journalist Brian Krebs to reach CISA faster when the repo remained public.  After additional outreach, the repository was made inaccessible within about a day, and Valadon praises CISA's response speed. The discussion emphasizes widespread poor secret hygiene, governance, training, and the need for organizations to monitor, rehearse, and automate detection and revocation of leaked secrets. Cybersecurity Today would like to thank Material Security for sponsoring this podcast. Material Security provides faster, more complete detection and response for email, identity, and data threats inside Google Workspace and Microsoft 365. You can contact them at material[dot]security. 00:00 Weekend Welcome Sponsor 00:27 CISA Secrets Leak Found 03:29 Calling Brian Krebs 05:06 Meet GitGuardian Researcher 07:26 Why Leaks Happen Everywhere 10:49 Inside the CISA Repo 13:19 Disclosure and Takedown 17:04 Lessons for Organizations 22:47 Aftermath and Thanks 24:36 Show Wrap Sponsor Outro
• GitHub Breach Exposes 3,800 Repos | Microsoft Kills SMS Authentication | Proton Fights Canada Bill 22.05.2026 9min

  GitHub confirms a major supply chain breach after a malicious Visual Studio Code extension reportedly gave attackers linked to TeamPCP access to roughly 3,800 internal repositories. The bigger issue: developer workstations now hold some of the most sensitive secrets in modern software organizations. Also today: Microsoft begins phasing out SMS-based authentication for personal accounts, calling text-message authentication a growing fraud risk as it shifts toward phishing-resistant passkeys. Researchers also disclose a nine-year-old Linux privilege escalation flaw, CVE-2026-46333, nicknamed SSH-Keysign-Pwn, which can allow root-level access with local machine access. And Proton publicly threatens to leave Canada rather than comply with proposed surveillance legislation it says would undermine its no-logs privacy promise. Cybersecurity Today would like to thank Material Security for sponsoring this podcast. Material Security provides faster, more complete detection and response for email, identity, and data threats inside Google Workspace and Microsoft 365. You can contact them at material[dot]security. If cybersecurity, privacy, and digital infrastructure matter to your business, this is the daily briefing you need. Timestamps: 00:00 Top Stories Rundown 00:24 GitHub Supply Chain Breach 01:09 Developer Workstations at Risk 02:31 Microsoft Ditches SMS MFA 04:15 Linux Root Escalation Flaw 06:11 Proton vs Canada Surveillance Bill 08:03 Wrap Up and Sign Off #cybersecurity #github #microsoft #linux #protonvpn #privacy #databreach #supplychainattack #infosec #cybernews
• Windows 11 BitLocker Zero-Day, TeamPCP Malware Leak, Iran Gas Station Hacks | Cybersecurity Today 20.05.2026 13min

  A serious new Windows 11 BitLocker vulnerability, open-sourced offensive malware tools, a suspected Iranian cyber campaign targeting U.S. fuel infrastructure, and malware that appears designed to interfere with nuclear weapons simulation systems.  Cybersecurity Today would like to thank Material Security for sponsoring this podcast. Material Security provides faster, more complete detection and response for email, identity, and data threats inside Google Workspace and Microsoft 365. You can contact them at material[dot]security. David Shipley breaks down four major cybersecurity stories on Cybersecurity Today. First, a newly disclosed zero-day dubbed YellowKey reportedly defeats default Windows 11 BitLocker protection on systems using TPM-only encryption, giving attackers with physical access a path to unencrypted data through the Windows Recovery Environment. Microsoft is investigating, while security experts are urging stronger BitLocker configurations. The episode also examines the TeamPCP threat group's decision to release offensive tooling publicly, dramatically lowering the barrier for copycat supply-chain attacks. Researchers have already spotted malicious NPM packages borrowing similar techniques, including persistence mechanisms aimed at developer environments such as Visual Studio Code and Claude Code. David also looks at disturbing analysis of the FAST16 malware, which researchers believe was engineered to tamper with nuclear weapons simulation software including LS-DYNA and AutoDyn. And finally, U.S. officials reportedly suspect Iranian actors in cyberattacks targeting internet-exposed gas station automatic tank gauge systems, a reminder that weak operational technology security can quickly become a real-world infrastructure problem. 00:00 Sponsor Message 00:24 Headlines Overview 00:50 BitLocker Zero Day 03:32 TeamPCP Tools Leak 06:13 Copycat NPM Malware 06:50 Fast16 Nuclear Sabotage 08:37 Iran Gas Station Hacks 10:28 Hardening Critical Infrastructure 11:16 Wrap Up And Events 11:59 Sponsor Deep Dive #Cybersecurity #Windows11 #BitLocker #ZeroDay #TeamPCP #IranCyberAttack #SupplyChainAttack #CriticalInfrastructure #CyberSecurityToday
• Exchange Zero-Day Under Attack, Ransomware Gets Smarter, Fortinet Critical Flaws 19.05.2026 12min

  A dangerous new Microsoft Exchange zero-day is being actively exploited, ransomware gangs are adopting nation-state-style tactics, two fired contractors were caught deleting U.S. government databases after accidentally recording themselves on Microsoft Teams, and Fortinet has patched critical remote code execution flaws. In this episode of Cybersecurity Today, David Shipley breaks down four major cybersecurity stories that security teams need to know. Cybersecurity Today would like to thank Material Security for supporting this podcast.  Material security provides. faster, more complete detection and response for email, identity, and data threats inside Google Workspace and Microsoft 365.  Contact them at  material[dot]security  Microsoft has confirmed active exploitation of a new Exchange Server zero-day, CVE-2026-42897, affecting Exchange Server 2016, Exchange Server 2019, and Exchange Subscription Edition. There is currently no patch, only mitigations through the Exchange Emergency Mitigation Service, with some trade-offs for Outlook Web App users. Security researcher Marcus Hutchins highlights an unusually disciplined ransomware affiliate operation using tradecraft more commonly associated with nation-state attackers, including a custom SentinelOne endpoint detection and response (EDR) killer and a stripped-down toolset designed to leave fewer forensic traces. In one of the more astonishing insider threat stories of the week, former OPEX Corporation contractors Muneeb and Sohaib Akhtar were allegedly caught deleting 96 U.S. government databases after leaving a Microsoft Teams recording running. Also in this episode: Fortinet has released urgent patches for critical unauthenticated remote code execution vulnerabilities in FortiAuthenticator (CVE-2026-44277) and FortiSandbox (CVE-2026-26083). If you're responsible for enterprise security, patch management, incident response, or cyber risk, this is one you need to see. Chapters: 00:00 Sponsor Message 00:24 Headlines Intro 00:49 Ransomware Nation-State Discipline 04:18 Exchange Zero-Day Mitigation 07:01 Fired Contractors Caught Recording 09:21 Fortinet Critical Vulnerabilities 11:07 Wrap Up and Sign Off 11:38 Sponsor Deep Dive Ad #Cybersecurity #MicrosoftExchange #ZeroDay #Ransomware #Fortinet #CyberAttack #Infosec #DavidShipley #CybersecurityToday
• Inside CIRA: How Canada's .ca Registry Became a Global DNS & Cybersecurity Force 16.05.2026 53min

  David Shipley interviews Jon Ferguson, VP at CIRA, about how the Canadian Internet Registration Authority evolved from early paper-based .ca registrations at UBC into a 142-person, member-based not-for-profit running .ca and authoritative Anycast DNS infrastructure now supporting 550+ TLDs globally. Ferguson explains how .ca's Canadian presence requirements help keep abuse rates low, and how CIRA reinvests surpluses into grants and cybersecurity tools, including Canadian Shield (DNS-based malware/phishing blocking and encrypted DNS with limited data retention) used by about 500,000 people and generating about 20 million blocks per month. They discuss CIRA's focus on municipalities, schools, hospitals, and universities, its move into endpoint security and a managed detection and response partner program with Calian, and concerns about AI-driven threats, online harm, and rebuilding trust and real-world connection. 00:00 Weekend Show Kickoff 01:30 Jon's Cyber Journey 03:06 Inside CIRA DNS Role 04:59 What Is CIRA 07:23 Origin Story Of Dot Ca 13:01 Anycast DNS Explained 16:27 Canadian Shield DNS Firewall 22:21 Serving Public Sector Needs 26:18 Endpoint And MDR Expansion 35:05 Mission Over Money 40:39 What Keeps Him Up 46:19 Hope And Balance Online 50:55 Wrap Up And Thanks
• How a Google API Key Became an $8,000 AI Bill, Meta Scam Ads Lawsuit, and 73-Second Cyber Attacks 15.05.2026 10min

  Google Cloud customers are reporting shocking surprise bills after compromised or misused API keys were allegedly used to access expensive Gemini AI services. In one case, Rod Dinan says his monthly Google Cloud costs jumped from under $50 to nearly $8,000. Sydney developer Isuru Fonseka says he was hit despite setting spending controls, raising broader questions about API key security, client-side exposure, billing alerts, and how quickly attackers can exploit AI infrastructure. Cybersecurity Today also covers prosecutors' allegations that two fired brothers sabotaged systems tied to government-related work after access wasn't revoked quickly enough, Santa Clara County's civil lawsuit accusing Meta of profiting from scam ads on Facebook and Instagram, and Horizon3.ai's warning that attackers can exploit newly exposed systems in as little as 73 seconds while many organisations still take 24 hours or longer to respond. If your organisation uses APIs, AI services, cloud billing controls, or internet-facing infrastructure, this episode matters. #Cybersecurity #GoogleCloud #GeminiAI #APIKeys #CloudSecurity #Meta #ScamAds #CyberAttack #CybersecurityToday #AIsecurity CHAPTERS 00:00 Google Cloud API Key Bill Shock 01:20 Real-World Victims: Surprise AI Charges 02:24 Why Spending Caps Didn't Stop the Damage 03:38 The Enterprise Cloud Security Risk 04:19 Fired Employees and Alleged Insider Sabotage 04:55 The Database Destruction Timeline 06:34 What This Incident Teaches Security Teams 07:10 Santa Clara County Sues Meta Over Scam Ads 08:46 Attackers Can Strike in 73 Seconds 10:14 Closing and Next Episode
• Canvas Breach 'Deal' With ShinyHunters, AI Zero-Day Warning, Checkmarx Hit Again 13.05.2026 16min

  Cybersecurity Today examines a troubling set of new security developments affecting schools, software supply chains, and account security. Instructure says it reached an "agreement" with the ShinyHunters threat group after the massive Canvas breach that may have affected up to 275 million users across 9,000 educational institutions. Reports indicate attackers exploited multiple cross-site scripting (XSS) vulnerabilities to hijack administrator sessions and post extortion demands. Checkmarx has been breached again. This time, attackers reportedly inserted a malicious Jenkins Application Security Testing (AST) plugin designed to steal credentials. The same threat actor, believed to be Team46/TeamTNT-linked infrastructure or Team PCP depending on reporting attribution, appears to have reused secrets allegedly stolen in the earlier Trivy supply-chain compromise. Microsoft and Google are warning organizations not to treat passkeys as a complete security solution. If weaker recovery methods or legacy credentials remain active, attackers can still bypass them. Google's Threat Intelligence Group also reports what it describes as the first observed evidence of hostile actors using AI to assist in zero-day vulnerability research and exploit development, signalling a new phase in attacker industrialization. Also in today's show: Santa Clara County sues Meta over alleged scam-ad profits. Chapters 00:00 Headlines Overview 00:28 Canvas Breach Deal Fallout 01:59 How the XSS Attack Worked 03:15 Checkmarx Supply Chain Attack 05:01 Credential Rotation Lessons 05:37 Why Passkeys Aren't Enough 07:19 Layered Defence Takeaways 08:35 AI-Assisted Zero-Day Development 10:10 Industrialized AI Threats 13:08 Meta Scam Ads Lawsuit 15:19 Wrap Up
• Canvas Breach Exposes 275M Accounts | AI Targets Water Systems | GM OnStar Settlement 11.05.2026 16min

  A massive cybersecurity week. On this episode of Cybersecurity Today, David Shipley breaks down the reported breach of Instructure's Canvas learning platform, where attacks linked to the ShinyHunters extortion group may have exposed data tied to up to 275 million user accounts across more than 9,000 educational institutions. The incident disrupted access, delayed exams, and forced Instructure to disable its "Free for Teacher" program after attackers allegedly used it to post extortion messages. Also in this episode: the Gentlemen ransomware group suffers a major internal leak, exposing affiliate chats, tooling, victim data, and operational details — a rare look inside a live ransomware operation. Then, General Motors agrees to a $12.75 million California settlement over allegations involving OnStar-linked driver data collection and sharing, raising fresh questions about privacy in connected vehicles. And finally: security researchers report what appears to be the first documented AI-assisted operational technology (OT) cyberattack attempt targeting a water utility in Monterrey, Mexico. The attempt failed to reach industrial control systems, but combined with confirmed attacks on water infrastructure in Poland, it signals a worrying shift in critical infrastructure threats. If you work in cybersecurity, IT, infrastructure, education, or privacy, this episode matters. Chapters 00:00 Top Headlines Rundown 00:41 Canvas Mega Breach 02:44 ShinyHunters Background 03:26 Ransom Pressure Fallout 04:25 Gentlemen Ransomware Leak 05:18 Inside the Data Dump 06:18 GM OnStar Privacy Settlement 08:17 What Drivers Should Know 09:39 AI Meets OT Attacks 11:52 Monterrey Water Near Miss 13:29 Poland Water Systems Hit 15:07 Defending Critical Infrastructure 16:29 Wrap Up And Thanks #Cybersecurity #Canvas #ShinyHunters #Ransomware #OnStar #GeneralMotors #DataBreach #CriticalInfrastructure #WaterUtility #OperationalTechnology #ICS #CyberAttack #Privacy #DavidShipley #CybersecurityToday
• Cybersecurity Today Month in Review: AI Coding Risks, Canvas Breach, QR Phishing Surge 09.05.2026 57min

  This week's panel dives into the cybersecurity stories that matter most for security leaders, IT teams, and anyone watching how AI is changing risk. Jim Love is joined by David Shipley (Beauceron Security), Laura Payne (White Tuque), and Jeff Williams (Contrast Security). Cybersecurity Today would like to thank Material Security for supporting this podcast.  Material security provides. faster, more complete detection and response for email, identity, and data threats inside Google Workspace and Microsoft 365.  Contact them at  material[dot]security  Topics include: Anthropic's Mythos AI security research and whether large language models can realistically replace traditional vulnerability testing Why "vibe coding" may be creating a wave of insecure software The growing risk of autonomous AI agents making damaging decisions The massive Instructure Canvas data breach affecting schools, students, and educators Alberta's voter list privacy failure and what it says about public sector data protection Microsoft's warning about the rapid surge in QR code phishing attacks bypassing traditional email security AI is accelerating software development. It may also be accelerating software insecurity. If your organisation is experimenting with AI coding tools, AI agents, or automated application development, this conversation is worth your time. #Cybersecurity #AI #DataBreach #QRPhishing #ApplicationSecurity #VibeCoding #Canvas #CyberSecurityToday #JimLove 00:00 Sponsor Message 00:22 Meet the Panel 00:55 Jeff Williams Introduction 02:21 AI Bug Hunting with Mythos 05:40 Cost and Limits of AI Security Testing 10:16 The Vibe Coding Security Problem 13:24 Context Window and Data Flow Limits 16:59 Spec-Driven AI Development 18:29 Software Liability and EU Regulation 24:47 When AI Agents Go Rogue 27:05 Trust in the AI Era 28:24 Enterprise Reality Check 29:03 Critical Thinking vs AI 30:31 Testing AI Agents Safely 31:30 Canvas Data Breach Fallout 34:45 Real-World Data Harm 38:00 Liability and Attack Methods 41:39 Alberta Voter List Privacy Failure 48:56 Government Breach Lessons 51:26 QR Code Phishing Surge 55:00 Wrap Up and Sponsor
• Meta allegedly made billions from scam advertising while online fraud explodes worldwide. 08.05.2026 25min

  In this special edition of Cybersecurity Today, David Shipley speaks with scam-fighting expert Erin West about the global fraud crisis, the rise of AI-powered scams, and why traditional law enforcement may be falling behind. Cybersecurity Today would like to thank Material Security for supporting this podcast.  Material security provides faster, more complete detection and response for email, identity, and data threats inside Google Workspace and Microsoft 365.  Contact them at  material[dot]security  From David's discussion with Erin West: The numbers are staggering. The FBI's Internet Crime Complaint Center reported more than $21 billion in cybercrime losses, but experts say actual losses could be dramatically higher because most victims never report fraud. Other key points of their discussion: Why pig butchering scams continue to grow globally How criminal operations are moving from Cambodia to Myanmar, Laos, Sri Lanka and beyond Why AI is making scam operations faster, cheaper and harder to detect The controversy around Meta and scam advertising revenue Why crypto ATMs remain a major fraud tool How cloned celebrity voices are being used in romance and impersonation scams Why banks, law enforcement, governments and tech platforms must act together How Operation Shamrock is trying to fight back through public education This is not just a story about money. It's about organized crime, industrial-scale fraud, and ordinary people being manipulated through trust, loneliness, and increasingly sophisticated technology, featuring scam-fighting prosecutor and Operation Shamrock founder Erin West. #Cybersecurity #Scams #Meta #OnlineFraud #AI #Cybercrime #PigButchering #CryptoScams #FacebookScams #CybersecurityToday
• QR Phishing Explodes, Ubuntu Under Attack, CISA Warns Critical Infrastructure Prepare for Isolation 06.05.2026 19min

  QR-code phishing is no longer a niche attack. Microsoft says QR phishing attacks jumped from 7.6 million in January to 18.7 million in March 2026 — a 146% increase in just three months. In this episode of Cybersecurity Today, David Shipley explains why QR-based attacks are bypassing traditional corporate defences and why security teams need to rethink phishing awareness immediately. We also cover a critical new Apache HTTP Server vulnerability with both denial-of-service and potential remote code execution impacts, a sustained DDoS and extortion campaign targeting Ubuntu developer Canonical, and a remarkable case in Taiwan where a university student allegedly used software-defined radio gear to trigger emergency braking on four high-speed trains. Finally, CISA's new "CI Fortify" guidance urges critical infrastructure operators to prepare for scenarios where they may need to disconnect from the internet and continue operating manually during a geopolitical cyber crisis. Cybersecurity Today would like to thank Material Security for supporting this podcast.  Material security provides. faster, more complete detection and response for email, identity, and data threats inside Google Workspace and Microsoft 365.  Contact them at  material[dot]security  Stories include: • Microsoft reports QR phishing attacks surged 146% in Q1 2026 • Apache HTTP Server CVE-2026-23918 urgent patch warning • Ubuntu developer Canonical hit by ongoing DDoS and extortion campaign • Taiwanese student allegedly halts high-speed trains with fake emergency radio signal • CISA tells critical infrastructure operators to prepare for isolation and manual operations Chapters: 00:00 Intro 01:02 QR phishing explodes in Q1 2026 06:15 Critical Apache HTTP Server flaw patched 09:15 Ubuntu maintainer Canonical hit by extortion DDoS attack 14:25 Taiwanese student wirelessly halts high-speed trains 20:32 CISA warns critical infrastructure to prepare for isolation 26:10 Closing thoughts
• Microsoft Defender Deletes Trusted Certificates | 44,000 cPanel Servers Hit by Ransomware 04.05.2026 13min

  Microsoft Defender Deletes Trusted Certificates | 44,000 cPanel Servers Hit by Ransomware Microsoft Defender mistakenly flagged legitimate DigiCert root certificates as malware and removed them from Windows systems, breaking trust chains and causing widespread application failures. The issue was traced to a faulty detection signature (Trojan:Win32/CertyAgent), now fixed in update version 1.449.430.0.  At the same time, DigiCert confirmed a separate security incident where attackers compromised support systems and used internal tools to issue valid code-signing certificates. At least 60 certificates were revoked, including 27 linked to the Zong Stealer malware campaign.  Meanwhile, a critical cPanel vulnerability (CVE-2026-41940) is being actively exploited. Attackers used the flaw as a zero-day since February, compromising at least 44,000 servers and deploying new SORI ransomware using ChaCha20 and RSA-2048 encryption.  Also in this episode: The Linux "Copyfail" privilege escalation bug is now confirmed exploited and added to CISA's Known Exploited Vulnerabilities list A 10/10 critical vulnerability (CVE-2026-37541) in Open Vehicle Monitoring System could allow remote code execution in connected car environments This episode breaks down how these attacks work, why patch timing matters, and where organizations are most exposed right now. Cybersecurity Today would like to thank Material Security for supporting this podcast.  Material security provides. faster, more complete detection and response for email, identity, and data threats inside Google Workspace and Microsoft 365.  Contact them at  material[dot]security  Suggested Chapters (for retention and SEO) 00:00 Microsoft Defender deletes trusted certificates 02:20 DigiCert breach and stolen code-signing certificates 05:20 cPanel zero-day exploited, 44,000 servers compromised 08:40 Linux Copyfail vulnerability now actively exploited 10:40 Critical flaw in open-source car software  
• Connected Cars Are Rolling Spy Networks — And They Can Be Hacked 02.05.2026 44min

  Connected cars are no longer just vehicles — they are rolling networks of sensors, cameras, microphones, and constant data transmission. In this Cybersecurity Today Weekend Edition, David Shipley is joined by former CSIS intelligence officer Neil Bisson and cybersecurity expert Federico Simonetti to break down what that really means. They explain how modern vehicles: Continuously report location, behaviour, and system data to the cloud Contain dozens of interconnected computers controlling everything from steering to braking Can be vulnerable to man-in-the-middle attacks, remote access, and system compromise May expose drivers to surveillance — not just by companies, but potentially by nation states The conversation goes beyond theory. Real-world examples are discussed, including: Remote vehicle manipulation demonstrated by security researchers How infotainment systems can become entry points to critical controls Why some countries are already restricting certain vehicles from sensitive locations The panel also tackles the bigger issue: This is not just about one country or one manufacturer. Every connected vehicle expands the attack surface. And while solutions exist — from better authentication to architectural changes — the challenge is no longer technical. It's political, economic, and global. If you think your car is just transportation, this discussion may change your perspective. 00:00 Connected Cars: More Than Just Vehicles 01:20 Meet the Panel: Intelligence and Cybersecurity Perspectives 03:10 Every Car Is Now a Networked Computer 06:00 Surveillance Risks: Are Cars "Rolling Spy Vans"? 09:10 What Intelligence Agencies Can Do With Car Data 12:30 Sensors, GPS, Cameras — What Your Car Collects 16:20 Real Example: Tesla Camera Privacy Incident 19:00 Can Hackers Take Control of a Car? 22:30 Real-World Hacks: Jeep and Nissan Cases 26:40 The Regulatory Gap: No Enforced Cybersecurity Standards 30:10 Why Governments Are Struggling to Act 34:00 Cheap EVs vs National Security Risks 37:40 Can Software Fix the Problem? 41:20 Global Response: China, US, and Europe 45:10 Policy Ideas: Kill Switches, Car Bill of Rights 49:00 Prevention vs Detection in Cybersecurity 52:30 Are We Already Too Exposed? 55:10 Final Thoughts: Can Connected Cars Be Made Safe?
• WhatsApp Encryption Under Fire After Probe Shut Down 01.05.2026 10min

  A U.S. federal investigation into WhatsApp encryption was shut down before reaching a conclusion — after an internal claim suggested Meta systems may access message content in ways that conflict with public descriptions. In this episode of Cybersecurity Today, Jim Love breaks down what's known, what isn't, and why the story isn't going away. Also in this episode: A newly disclosed Linux vulnerability (CVE-2026-31431) allows an unprivileged local attacker to gain root permissions — using a flaw that may have existed since 2017 BlueKit, a new phishing toolkit, shows how AI is now being built directly into cybercrime platforms More than three million Alberta voter records exposed after being posted online — not by hacking, but by alleged misuse of legally distributed data These stories highlight a growing pattern: the biggest risks aren't always new attacks — they're often hidden in how systems are designed, used, and trusted. Chapters: 00:00 WhatsApp encryption investigation shut down 02:15 Linux "copy fail" root vulnerability explained 04:30 BlueKit AI phishing platform 06:30 Alberta voter data leak Cybersecurity Today delivers clear, factual reporting on the stories that matter to IT professionals, business leaders, and anyone responsible for protecting data and systems.
• Massive Python Supply Chain Hack, $2.1B Scam Losses, North Korea Targets Crypto Execs 29.04.2026 12min

  A major open source Python tool was hijacked in a supply chain attack, exposing developer credentials, cloud secrets, and crypto wallets. Meanwhile, the FTC says Americans lost more than $2.1 billion to scams that began on social media, with Facebook leading reported losses. Cybersecurity Today thanks Meter for supporting this podcast. Meter delivers a complete networking stack — wired, wireless, and cellular — in one integrated solution built for performance and scale. Learn more at Meter.com/cst. Also in today's Cyber Security Today: Brazilian hackers return with fake Minecraft cheat downloads carrying credential-stealing malware A new ransomware strain destroys victim files so badly even paying the ransom may not help North Korean threat actors target crypto executives using fake Zoom and Teams meetings powered by AI deception tactics If you work in IT, cybersecurity, finance, or simply want to stay safe online, this episode breaks down what matters and what to watch next. Stories covered in this episode are based on reporting summarized in the show transcript.   #cybersecurity #ransomware #scams #python #hacking #northkorea #cryptocurrency #malware #technews
• Cyber Weapon in Toronto, Grid Attack, Stuxnet Lie Exposed 27.04.2026 15min

  A rogue cyber weapon drove through Toronto blasting scam texts to thousands of phones. A major U.S. critical infrastructure provider confirms a cyberattack. And researchers reveal that Stuxnet may not have been the first cyber weapon after all. In today's Cybersecurity Today with David Shipley: • First known SMS blaster case in Canada uncovered in Toronto • Itron, a major utility technology supplier, discloses cyber intrusion • Researchers say a 2005 malware campaign predates Stuxnet • Venezuela energy sector attack reveals destructive "Lotus Wiper" malware • Why AI-powered attacks may change critical infrastructure risk forever If you care about cybersecurity, nation-state threats, infrastructure risk, and real-world attacks, this episode is essential listening. Hosted by David Shipley. Cybersecurity Today thanks Meter for supporting this podcast. Meter delivers a complete networking stack — wired, wireless, and cellular — in one integrated solution built for performance and scale. Learn more at Meter.com/cst. Chapters 00:00 Intro 00:36 Toronto SMS Cyber Weapon 05:12 Critical Infrastructure Supplier Hit 09:28 Stuxnet History Rewritten 14:32 Venezuela Energy Sector Attack 19:05 Final Thoughts #Cybersecurity #Stuxnet #CyberAttack #Toronto #CriticalInfrastructure #Hacking #Itron #CyberNews #DavidShipley