Cybersecurity Today

Discover Russia's surprising shift in tackling cyber crime, highlighted by recent arrests of major hackers. Learn about a deceptive phishing scam that exploits fake death notices to lift passwords from LastPass users. Uncover a critical vulnerability that has exposed thousands of AI server API keys. Explore how a massive malware campaign on YouTube spreads risks through seemingly harmless videos. Lastly, dive into the dual nature of AI as both an innovative tool for cybersecurity and a potential threat through flawed coding.

In this episode of Cybersecurity Today, host David Shipley covers the latest updates from the Pwn2Own 2025 event in Ireland, where top hackers earned over $1 million for uncovering 73 zero-day vulnerabilities. Despite significant hype, AI's impact on cybersecurity remains limited. We also dive into a critical Microsoft WSUS flaw under active exploitation and its implications for U.S. government cyber defenses amid a federal shutdown. Lastly, ESET reports reveal North Korea's increased cyber espionage targeting European drone manufacturers. Stay informed on the ever-evolving landscape of cybersecurity threats and defenses. 00:00 Introduction and Headlines 00:29 Pwn to Own 2025 Highlights 02:35 AI's Role in Cybersecurity 03:43 Microsoft's Critical WSUS Vulnerability 07:24 US Government Shutdown and Cyber Attacks 10:04 North Korean Cyber Espionage 12:46 Conclusion and Call to Action

In this episode of Cybersecurity Today, host Jim Love sits down with Graham Barrie a CISO and white hat hacker, to discuss the critical importance of cybersecurity for small and medium-sized businesses. From the moment Berry fell in love with technology through a Tandy TRS 80 to his current role helping businesses secure their data, this conversation covers the evolution of cybersecurity. They delve into how Berry assists businesses in understanding cybersecurity risks, communicating effectively with clients, and preparing for and recovering from cyber incidents. This episode is packed with insightful stories, practical advice, and a deep dive into the realities of cybersecurity for businesses of all sizes. 00:00 The Urgency of Cybersecurity 00:33 Introduction to the Podcast 01:00 Meet Graham Berry: A White Hat Hacker 01:31 Graham's Journey into Technology 04:04 From Technology to Cybersecurity 05:49 The Reality of Cyber Threats for Small Businesses 10:44 The Importance of Cyber Insurance 14:23 Engaging with Clients on Cybersecurity 17:08 Turning Around a Reluctant Client 20:10 The Growing Demand for Cyber Coverage 22:12 Third Party Risk Management 22:50 Effective Tabletop Exercises 23:58 Engaging Executives in Cybersecurity 26:43 Importance of Cyber Insurance 28:33 Successful Recovery Stories 34:16 Challenges with AI in Security 38:57 Looking Forward in Security 40:21 Conclusion and Farewell

A new self-spreading malware called 'Glass Worm' has been discovered hidden in popular Visual Studio Code extensions, leading to major security concerns. It stealthily steals developer credentials by using invisible characters. In addition, AI-powered IDEs have significant flaws, putting millions of developers at risk. A recent survey indicates that AI-driven attacks will surpass ransomware as the primary cybersecurity worry by 2026. Experts provide crucial advice for developers on mitigating these emerging threats.

Ransomware and extortion represent over half of all cyber attacks globally, showcasing a troubling trend in financially motivated crimes. A significant breach at the Kansas City National Security Campus highlights vulnerabilities stemming from SharePoint flaws. Meanwhile, Anthropic introduces an open-source AI sandbox, isolating code to enhance safety before deployment. Discover how AI tools can effectively identify scams, with insights from the host's personal experiences in spotting phishing attempts. Stay updated on these critical cybersecurity developments!

In this episode of Cybersecurity Today, host David Shipley covers the latest developments in cyber threats and law enforcement victories. Topics include: cybercriminals using TikTok videos to disseminate malware through click-fix attacks, Europol shutting down a massive SIM farm powering 49 million fake online accounts, and Microsoft's emergency patch release for a critical ASP.NET Core vulnerability rated 9.9 in severity. The episode also highlights community efforts in raising cybersecurity awareness. 00:00 Introduction and Headlines 00:23 TikTok Malware Campaign 03:43 Europol's Major SIM Farm Bust 07:45 Microsoft's Critical ASP.NET Core Vulnerability 11:55 Community Shoutouts and Conclusion

David Decary-Hetu, a criminologist at the University of Montreal specializing in the dark web, shares fascinating insights about this elusive online territory. He demystifies how the dark web operates, the technology behind it like Tor, and its role in various criminal activities. David discusses the dynamics of online criminal networks, the recruitment of young individuals into cybercrime, and the surprising resilience of dark web markets post-takedown. He also emphasizes the transformative impact of cryptocurrencies on cybercrime and the legal challenges that arise from ever-evolving technology.

Researchers have uncovered that unencrypted satellite data can be easily intercepted with inexpensive equipment, raising alarms about privacy. A new botnet is on the loose, probing for vulnerable RDP services, intensifying the threat of ransomware. In a shocking turn, Canadian Tire suffered a data breach impacting customer details. An Android vulnerability allows hackers to siphon off two-factor authentication codes, highlighting the urgency for quicker security updates. Meanwhile, two brothers are in court defending a $25 million crypto heist as legal, challenging regulatory boundaries.

The FBI's recent takedown of the Breach Forums signals a crackdown on cybercriminals linked to major extortion campaigns. A critical vulnerability in Oracle's E-Business Suite raises alarms, allowing unauthorized data access. Meanwhile, the Asuru botnet, utilizing compromised IoT devices, threatens large-scale DDoS attacks. The show also highlights cybersecurity awareness efforts from the Indiana Toll Road, emphasizing the need for immediate action by organizations and consumers to bolster their defenses.

In this engaging discussion, Craig Taylor, a vCISO with over 25 years of experience and founder of CyberHoot, dives into the evolving role of virtual CISOs. He highlights the reasons why SMBs turn to vCISOs due to budget constraints and the shortage of cybersecurity talent. Taylor shares insights on cultivating a cybersecurity culture, the psychological aspects that influence security behavior, and the common challenges faced by vCISOs. He also offers practical advice on hiring the right vCISO and emphasizes the importance of effective cyber education for organizations.