Cybersecurity Today

A massive data exposure by Ernst & Young leaves a 4TB database unprotected online, risking sensitive information. Insider threats emerge as a former L3 Harris executive admits to selling zero-day exploits to a Russian broker. A sophisticated zero-day spyware campaign targets Chrome, highlighting the urgency of updated security. Additionally, nation-state hackers breach a US telecom provider, raising alarms about the vulnerabilities in critical infrastructure. Tune in for insights on these alarming cybersecurity incidents and lessons learned.

Discover Russia's surprising shift in tackling cyber crime, highlighted by recent arrests of major hackers. Learn about a deceptive phishing scam that exploits fake death notices to lift passwords from LastPass users. Uncover a critical vulnerability that has exposed thousands of AI server API keys. Explore how a massive malware campaign on YouTube spreads risks through seemingly harmless videos. Lastly, dive into the dual nature of AI as both an innovative tool for cybersecurity and a potential threat through flawed coding.

In this episode of Cybersecurity Today, host David Shipley covers the latest updates from the Pwn2Own 2025 event in Ireland, where top hackers earned over $1 million for uncovering 73 zero-day vulnerabilities. Despite significant hype, AI's impact on cybersecurity remains limited. We also dive into a critical Microsoft WSUS flaw under active exploitation and its implications for U.S. government cyber defenses amid a federal shutdown. Lastly, ESET reports reveal North Korea's increased cyber espionage targeting European drone manufacturers. Stay informed on the ever-evolving landscape of cybersecurity threats and defenses. 00:00 Introduction and Headlines 00:29 Pwn to Own 2025 Highlights 02:35 AI's Role in Cybersecurity 03:43 Microsoft's Critical WSUS Vulnerability 07:24 US Government Shutdown and Cyber Attacks 10:04 North Korean Cyber Espionage 12:46 Conclusion and Call to Action

Graham Berry, an experienced CISO and white-hat hacker, shares his journey from tinkering with a Tandy TRS-80 to advocating for SMB cybersecurity. He highlights the urgent need for small businesses to understand and act on their cyber risks, often triggered by close calls. Berry discusses effective communication during crises, the importance of cyber insurance, and how to engage clients in security measures. He also addresses emerging threats from AI and emphasizes proactive strategies to protect critical data.

A new self-spreading malware called 'Glass Worm' has been discovered hidden in popular Visual Studio Code extensions, leading to major security concerns. It stealthily steals developer credentials by using invisible characters. In addition, AI-powered IDEs have significant flaws, putting millions of developers at risk. A recent survey indicates that AI-driven attacks will surpass ransomware as the primary cybersecurity worry by 2026. Experts provide crucial advice for developers on mitigating these emerging threats.

Ransomware and extortion represent over half of all cyber attacks globally, showcasing a troubling trend in financially motivated crimes. A significant breach at the Kansas City National Security Campus highlights vulnerabilities stemming from SharePoint flaws. Meanwhile, Anthropic introduces an open-source AI sandbox, isolating code to enhance safety before deployment. Discover how AI tools can effectively identify scams, with insights from the host's personal experiences in spotting phishing attempts. Stay updated on these critical cybersecurity developments!

In this episode of Cybersecurity Today, host David Shipley covers the latest developments in cyber threats and law enforcement victories. Topics include: cybercriminals using TikTok videos to disseminate malware through click-fix attacks, Europol shutting down a massive SIM farm powering 49 million fake online accounts, and Microsoft's emergency patch release for a critical ASP.NET Core vulnerability rated 9.9 in severity. The episode also highlights community efforts in raising cybersecurity awareness. 00:00 Introduction and Headlines 00:23 TikTok Malware Campaign 03:43 Europol's Major SIM Farm Bust 07:45 Microsoft's Critical ASP.NET Core Vulnerability 11:55 Community Shoutouts and Conclusion

David Decary-Hetu, a criminologist at the University of Montreal specializing in the dark web, shares fascinating insights about this elusive online territory. He demystifies how the dark web operates, the technology behind it like Tor, and its role in various criminal activities. David discusses the dynamics of online criminal networks, the recruitment of young individuals into cybercrime, and the surprising resilience of dark web markets post-takedown. He also emphasizes the transformative impact of cryptocurrencies on cybercrime and the legal challenges that arise from ever-evolving technology.

Researchers have uncovered that unencrypted satellite data can be easily intercepted with inexpensive equipment, raising alarms about privacy. A new botnet is on the loose, probing for vulnerable RDP services, intensifying the threat of ransomware. In a shocking turn, Canadian Tire suffered a data breach impacting customer details. An Android vulnerability allows hackers to siphon off two-factor authentication codes, highlighting the urgency for quicker security updates. Meanwhile, two brothers are in court defending a $25 million crypto heist as legal, challenging regulatory boundaries.

The FBI's recent takedown of the Breach Forums signals a crackdown on cybercriminals linked to major extortion campaigns. A critical vulnerability in Oracle's E-Business Suite raises alarms, allowing unauthorized data access. Meanwhile, the Asuru botnet, utilizing compromised IoT devices, threatens large-scale DDoS attacks. The show also highlights cybersecurity awareness efforts from the Indiana Toll Road, emphasizing the need for immediate action by organizations and consumers to bolster their defenses.