Cybersecurity Today

Identity, AI Agents, and the Session Token Time Bomb | Carey Frey (CSO, TELUS) on Cybersecurity Today In this Cybersecurity Today weekend edition, David Shipley interviews Carey Frey, Chief Security Officer at TELUS, about the evolution of identity security and why it's a growing risk in the age of generative and agentic AI. Frey recounts his career from Canada's Communications Security Establishment to leading TELUS's internal security and managed cybersecurity services, then explains how convenience-driven identity decisions led from PKI's unrealized promise to passwords, bearer/session tokens, and today's widespread session cookie theft. He describes lessons from TELUS's deployment of FIDO2 phishing-resistant tokens, the dangers of long-lived SSO tokens across SaaS ecosystems, and how agentic "auto-browse" could amplify harm via the "lethal trifecta" and ephemeral agents with poor auditability. Frey highlights the Syne/SignNet CISO Identity Handbook and calls for stronger cryptographic roots of trust, proof-based tokens, re-authentication across trust domains, and fine-grained delegation guardrails. Cybersecurity Today  would like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking stack, wired, wireless and cellular in one integrated solution that's built for performance and scale.  You can find them at Meter.com/cst 00:00 Sponsor Message 00:24 Weekend Edition Intro 00:32 Meet Carey Frey 02:07 Carey's Cyber Origin Story 03:47 Telus Security Two Hats 06:22 Identity's Broken Legacy 08:43 Why PKI Didn't Win 11:25 Passkeys Missed Moment 14:10 SSO Tokens Surprise 19:50 Session Theft Reality 23:18 Agentic AI Stakes 24:17 Building Identity Playbook 25:24 Identity Maturity Model 25:49 Fixing OAuth and SAML 27:00 Industry Call to Action 27:37 Where to Find the Handbook 28:06 Not a Vendor Pitch 30:13 Agentic AI Identity Gaps 31:30 Auto Browse Threat Scenario 33:12 Lethal Trifecta Explained 34:31 Ephemeral Agents and Forensics 37:08 Supply Chain Agent Malware 38:20 Crypto Roots of Trust 39:35 Proof Tokens and Reauth 40:17 Delegation Guardrails 42:34 Regulation or Market Forces 44:25 Practical Risk Decisions 46:20 Wrap Up and Next Resources 48:00 Sponsor and Closing Credits

Cisco SD-WAN Bug Actively Exploited, MCP Azure Takeover Demo, CarGurus Data Leak, and Secret Service Scam Recovery Host Jim Love covers four cybersecurity stories: CSA warns a critical Cisco Catalyst SD-WAN controller vulnerability (CVE-2026-20127) has been exploited since 2023, enabling authentication bypass and rogue peering sessions, and orders U.S. federal agencies to inventory systems, collect logs and forensic artifacts, hunt for compromise, and apply Cisco's fixes by 5:00 PM ET on February 27, 2026, with no workarounds. At RSA, researchers show how flaws in Model Context Protocol (MCP)—a key integration layer for agentic AI—could lead to remote code execution and even Azure tenant takeover, highlighting rising enterprise risk. ShinyHunters reportedly published 12.4 million stolen CarGurus records, raising phishing and fraud concerns tied to vehicle shopping and financing context. Finally, an Ontario tech support scam victim recovers funds through coordinated work by Ontario Provincial Police and the U.S. Secret Service, which traced and froze the money in time. Cybersecurity Today  would like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking stack, wired, wireless and cellular in one integrated solution that's built for performance and scale.  You can find them at Meter.com/cst LINKS Cisco Advisory Cisco Security Advisory – CVE-2026-20127 Authentication bypass vulnerability in Cisco Catalyst SD-WAN https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-rpa-EHchtZk CISA Supplemental Hunt and Hardening Guidance (Cisco SD-WAN Systems) https://www.cisa.gov/news-events/directives/supplemental-direction-ed-26-03-hunt-and-hardening-guidance-cisco-sd-wan-systems Threat Hunt Guide (Technical PDF) Cisco SD-WAN Threat Hunt Guide (jointly referenced in federal guidance) https://media.defense.gov/2026/Feb/25/2003880299/-1/-1/0/CISCO_SD-WAN_THREAT_HUNT_GUIDE.PDF 00:00 Sponsor Message 00:19 Cisco SD-WAN Under Attack 02:48 MCP Azure Takeover Demo 05:28 CarGurus Data Dump 07:16 Secret Service Scam Recovery 09:24 Closing Sponsor Thanks

Discord Drops Persona Age Verification, SolarWinds Serv-U Critical RCEs, Splunk Windows Priv Esc, and Smart TV Screenshot Surveillance Lawsuits In this episode of Cybersecurity Today, host Jim Love covers Discord ending its age-verification experiment with Persona after user backlash and researcher findings that Persona's front-end code suggested up to 269 verification checks, including watch list screening and risk scoring, amid already-thin trust following an earlier breach that exposed government ID images. The show also highlights SolarWinds Serv-U 15.5.0.4 patches for four critical (CVSS 9.1) remote code execution vulnerabilities (CVE-2025-40538, CVE-2025-40539, CVE-2025-40540, CVE-2025-40541), noting they require high privileges and that self-hosted Windows/Linux instances must be upgraded, with estimates ranging from under 1,200 to over 12,000 internet-exposed servers. Splunk discloses a high-severity Windows privilege escalation flaw (CVE-2025-2386, CVSS 8.0) caused by incorrect install-directory permissions in versions before 10.0.0.2, 9.4.0.6, 9.3.0.8, and 9.2.10, enabling local users to potentially escalate privileges and tamper with logging. Finally, Texas Attorney General Ken Paxton sues Samsung, Sony, LG, Hisense, and TCL, alleging smart TVs use automated content recognition to capture screen content—potentially up to twice per second—and transmit it without meaningful consent, with implications for both home viewing and confidential business use; the episode emphasizes reviewing and disabling ACR settings and accounting for network-connected screens in security models.  Cybersecurity Today  would like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking stack, wired, wireless and cellular in one integrated solution that's built for performance and scale.  You can find them at Meter.com/cst 00:00 Sponsor Message Meter 00:20 Discord Age Verification Backlash 01:37 Persona Code Raises Alarms 03:08 SolarWinds Serv-U Critical RCEs 04:51 Splunk Windows Priv Esc 06:18 Smart TV Screenshot Surveillance 08:35 Wrap Up and Sponsor Thanks

AI-Accelerated FortiGate Breaches, Amazon Kiro Prod Disruption, Claude Code Security, Salt Typhoon Warning, and Youth Radicalization Risks Episode of Cybersecurity Today (hosted by David Shipley) covering: a Russian-speaking hacker using AI-written automation tools to breach 600+ Fortinet FortiGate firewalls across 55 countries by exploiting weak passwords and exposed management interfaces without MFA, with advice to lock down edge management access, enforce MFA, and strengthen password policies; an Amazon Kiro AI coding tool incident tied to a misconfigured role that allegedly deleted and recreated a production environment, causing a 13-hour disruption to AWS Cost Explorer services in one of two mainland China regions, prompting warnings about giving AI agents access to production and the need for guardrails and review processes; Anthropic's Claude Code Security launch, an AI-driven code vulnerability analysis feature that maps code interactions and data flows, provides severity and confidence scoring, keeps humans in the loop, and sparked stock drops for CrowdStrike and Cloudflare while noting limits for legacy code; an FBI warning that China-linked Salt Typhoon remains a serious threat in 80+ countries by exploiting basic weaknesses like unpatched systems, old code, reused passwords, and phishing, alongside concern over the FCC loosening US telecom cybersecurity requirements and calls for stronger critical infrastructure regulation and secure-by-default equipment; and a Canada-focused segment on youth online radicalization including a second RCMP terrorism peace bond in New Brunswick linked to the 764 extremist network (designated a terrorist organization in December 2025), plus reporting that the Tumbr Ridge, BC school shooting suspect had a ChatGPT account suspended in June 2025 and that OpenAI employees allegedly sought to notify authorities but were rebuffed, drawing condemnation from BC Premier David Eby and federal AI minister Evan Solomon and renewed calls for stronger cooperation, accountability, and intervention frameworks. Cybersecurity Today  would like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking stack, wired, wireless and cellular in one integrated solution that's built for performance and scale.  You can find them at Meter.com/cst 00:00 Sponsor: Meter + Today's Cybersecurity Headlines 00:48 AI-Automated Hacking: 600+ FortiGate Firewalls Breached 02:25 How to Defend: Lock Down Edge Management, MFA, Strong Passwords 03:28 Amazon's Kiro AI Coding Tool Incident: 'Deleted Prod' and Lessons Learned 06:44 Claude Code Security: AI-Powered AppSec for Developers (and the Hype) 10:20 FBI Warning: Salt Typhoon Still Hitting Telecoms Worldwide 13:32 Youth Radicalization & AI Safety Failures: 764 Network and Tumblr Ridge Aftermath 18:12 Wrap-Up + Sponsor Message: Meter Demo Info

Jim Love discusses how rapid adoption of agentic AI is repeating the industry pattern of shipping technology without security, citing issues like vulnerabilities in Anthropic's MCP and insecure open-source agent tools. He interviews Ido Shlomo, co-founder and CTO of Token Security, who argues AI agents are fundamentally hard to secure because they are non-deterministic, have infinite input/output space, and often require broad permissions to be useful.  Cybersecurity Today  would like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking stack, wired, wireless and cellular in one integrated solution that's built for performance and scale.  You can find them at Meter.com/cst Shlomo proposes focusing security on access, identity, attribution, least privilege, and auditability rather than trying to filter prompts and outputs, and describes Token's "intent-based permission management" approach that maps agents and sub-agents as non-human identities tied to their purpose and allowed actions. The conversation covers real-world risks such as developer tools like Claude Code running with extensive access, widespread over-provisioning of admin permissions and API keys, exposure of unencrypted local token files, and misconfigurations that leak data publicly. Shlomo recommends organizations build governance processes for agents—discovery/inventory, boundary setting, continuous monitoring, and secure decommissioning—and says AI is needed to help police AI. He also highlights emerging trends like agent teams and multi-day autonomous tasks, and notes Token Security is a top-10 finalist in the RSA Innovation Sandbox 2026, planning to present an intent-and-access-focused security model for AI agents. 00:00 Sponsor: Meter's integrated networking stack 00:19 Why agentic AI security is breaking (MCP & open-source chaos) 02:53 Meet Token Security: practical guardrails for AI agents 04:57 Why you can't just ban agents at work (shadow AI reality) 06:24 Tel Aviv's cybersecurity pipeline: gaming, military, and startups 08:57 Why AI/agents are fundamentally hard to secure (new OS + 'human spirit') 13:44 Trust, autonomy, and permissions: managing the blast radius 18:17 Real-world exposure: Claude Code and the developer identity attack surface 20:16 A workable approach: treat agents as untrusted processes with identity + least privilege 22:33 Zero Trust for Agents: Access ≠ Permission to Act 23:27 Token's "Intent-Based Permission Management" Explained 25:29 Building the Identity Map: Tracing What Agents Touch 26:52 The Secret Sauce: Using AI to Secure AI in Real Time 28:10 Real-World Case: 1,500 Agents and Wildly Over-Provisioned Access 30:57 CUA 'Computer-Use' Agents: Exciting, Personal… and Terrifying 34:44 Secure-by-Default & Sandboxing: Fixing 'Always Allow' Dark Patterns 35:36 What Security Teams Should Do Now: Inventory, Boundaries, Governance 37:59 What's Next: Agent Teams and Multi-Day Autonomous Work 40:10 Tony Stark Vision: Agents That Improve the Human Experience 41:02 RSA Innovation Sandbox: Token's Big Bet on Intent + Access 43:01 Wrap-Up, Audience Q&A, and Sponsor Message

CISA Orders Emergency Patch for Actively Exploited Dell Flaw; Texas Sues TP-Link; Massive ID Verification Data Leak; SSA Database Leak Allegations Host Jim Love covers four cybersecurity stories:  Cybersecurity Today  would like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking stack, wired, wireless and cellular in one integrated solution that's built for performance and scale.  You can find them at Meter.com/cst CISA ordered federal civilian agencies to patch an actively exploited critical Dell RecoverPoint for Virtual Machines vulnerability (CVE-2026-2769) within three days, citing hard-coded credentials that allow unauthenticated root access and links to a China-aligned threat cluster; Texas Attorney General filed suit against TP-Link alleging deceptive security and origin claims and risks tied to Chinese state-linked threats, while TP-Link denies the allegations and says it operates independently, stores U.S. user data on AWS, and bases core operations in the U.S.; researchers found an unsecured MongoDB database tied to AI-powered identity verification provider ID Merit exposing nearly 1 billion records with sensitive personal data, attributed to misconfiguration rather than compromise of the AI systems; and a MarketWatch report describes whistleblower Chuck Borges alleging SSA master data was copied to a cloud environment without oversight, contrasted by the Social Security Commissioner stating the core Numident database remained secure, with Love noting no confirmed public evidence but expressing concern about the implications if such foundational data were compromised. 00:00 Sponsor Message: Meter's Full-Stack Networking 00:19 Headlines: Dell Exploit, TP-Link Lawsuit, Massive Data Leak, SSA Claims 00:45 Urgent Patch Order: Actively Exploited Dell RecoverPoint CVE 02:19 Texas Sues TP-Link Over Router Security & China-Ties Allegations 03:31 AI Identity Verification Leak: Nearly 1 Billion Records Exposed 05:07 Did SSA Data Leak? Whistleblower vs. Official Denial 06:54 Host Take: What If the "Foundational" Database Was Compromised? 07:37 Wrap-Up + Sponsor Thanks and Where to Book a Demo

Info Stealers Target OpenClaw, a Robot Vacuum API Flaw Exposes Thousands, Best Buy Fraud Shows Zero Trust Context, and Canada Goose Data Leaked via Supplier The episode covers multiple security incidents and lessons. Hudson Rock details how an info stealer malware infection can vacuum OpenClaw data, including authentication tokens, master keys, device private cryptographic keys, and the agent-defining soul.md file that can reveal a "mirror" of a user's life; the attack was not targeted, raising concerns about upcoming dedicated OpenClaw-stealing modules. A hobbyist coder using an AI coding tool to reverse-engineer DJI Romo communications unintentionally accessed roughly 7,000 robot vacuums in 24 countries, enabling live camera and microphone access and floor-plan generation due to missing messaging-level access controls; DJI also shares infrastructure with portable home battery stations and initially claimed the flaw was fixed before a live demonstration showed it was not. Two Best Buy cases illustrate that Zero Trust must consider behavior and context: a Florida employee allegedly used a manager override code 149 times from March–December 2024 to buy discounted electronics, costing about $120,000, while a Georgia case involved over $40,000 in merchandise leaving a store over two weeks amid claims of blackmail. Finally, ShinyHunters leaked about 600,000 Canada Goose customer records, but Canada Goose found no breach in its systems; the data was attributed to a third-party payment processor breach from August 2025, with records largely dating from 2021–2023, underscoring supply-chain risk and ongoing fraud/phishing potential. The episode is sponsored by Meter, which provides an integrated wired, wireless, and cellular networking stack for enterprises. 00:00 Sponsor: Meter + Today's Cybersecurity Headlines 00:44 Info-Stealer Jackpot: OpenClaw Tokens, Keys & 'soul.md' Exposed 03:17 DIY App, Real-World Disaster: 7,000 Robot Vacuums Exposed via DJI Servers 05:34 Best Buy Insider Fraud: Why Zero Trust Needs Behavior Monitoring 07:36 Canada Goose Leak: When a Third-Party Payment Processor Gets Breached 09:28 Wrap-Up + Sponsor Message (Meter)

This episode covers multiple active threats and security changes. It warns of an actively exploited critical BeyondTrust remote access vulnerability (CVE-2026-1731, CVSS 9.9) enabling pre-authentication remote code execution in Remote Support and Privileged Remote Access, noting SaaS was patched while on-prem deployments require urgent manual updates and may already be compromised. Microsoft details an evolution of the ClickFix social engineering technique where victims are tricked into running NSLookup commands that use attacker-controlled DNS responses as a malware staging channel, leading to payload delivery (including a Python-based RAT) and persistence via startup shortcuts, alongside increased Lumma Stealer activity.  Cybersecurity Today  would like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking stack, wired, wireless and cellular in one integrated solution that's built for performance and scale.  You can find them at Meter.com/cst Researchers also report Mac-focused campaigns abusing AI-generated content and malicious search ads to push copy-paste terminal commands that install an info stealer (MaxSync) targeting Keychain, browsers, and crypto wallets. T The show describes fake recruiter campaigns targeting developers with coding tests containing malicious dependencies on repositories like NPM and PyPI, linked to the "Gala" operation and nearly 200 packages. Finally, it reviews NPM's authentication overhaul after a supply-chain worm incident—revoking classic long-lived tokens, moving to short-lived session credentials, encouraging MFA and OIDC trusted publishing—while noting remaining risks such as MFA phishing, non-mandatory MFA for unpublish, and the continued ability to create long-lived tokens. 00:00 Sponsor: Meter + Today's Cybersecurity Headlines 00:48 Urgent Patch: BeyondTrust Remote Access RCE (CVE-2026-1731) Actively Exploited 02:45 ClickFix Evolves: DNS Lookups (nslookup) Used as Malware Staging 04:34 Mac Malware via AI Search Results: Fake Terminal Commands Deliver Info-Stealer 06:08 Fake Recruiters, Real Malware: Coding Tests Poison Dev Environments 07:19 NPM Security Overhaul After Supply-Chain Worm—What's Better, What Still Risks 09:11 Wrap-Up, Thanks, and Sponsor Message

This special Valentine's Day episode of Cybersecurity Today examines romance scams (often called pig butchering) and how fraudsters exploit trust, vulnerability, and loneliness.  Host Jim Love speaks with McAfee Head of Threat Research Abhishek Karnik  about new findings showing the scale and demographics of these scams, including widespread encounters with fake or AI-generated profiles, frequent financial solicitations, and that men are also heavily impacted.  Cybersecurity Today  would like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking stack, wired, wireless and cellular in one integrated solution that's built for performance and scale.  You can find them at Meter.com/cst The episode features survivor Beth Highland's detailed account of being manipulated via Tinder through long-term messaging, an AI video call, forged documents, and a crypto payout scheme that led her to send about $26,000 via Bitcoin ATMs before her financial advisor—trained in romance fraud—helped her recognize the scam and stop further losses, including a demanded $50,000 "activation fee." Beth discusses emotional aftereffects, stigma, reporting, red flags, and her book, "Diary of a Romance Scam:  When Swiping Right Goes Wrong," along with her advocacy work. The conversation broadens to the role of AI in making scams more realistic (deepfakes, voice/video, document generation), the importance of privacy and not overposting, involving trusted family/advisors, institutional training and intervention points along the fraud "kill chain," and using technology and education to detect and reduce scams. LINKS  Beth Hyland's Book - Diary of a Romance Scam: When Swiping Right Goes Wrong https://www.amazon.com/Diary-Romance-Scam-Swiping-Right/dp/1662962843 00:00 Sponsor: Meter's all-in-one networking stack 00:18 Valentine's Day on the dark side: heartbreak meets cybercrime 02:15 Romance scams ("pig butchering") are everywhere—who gets targeted 04:15 McAfee research: fake profiles, AI, and the real victim demographics 07:07 How scammers hook you: profiling, psychology, and long-game manipulation 09:01 Beth's story begins: post-divorce, isolation, and trying Tinder 10:36 The perfect match: mirroring, fast intimacy, and early red flags 14:32 AI video call + the push-pull breakup: emotional control tactics 17:09 The money trap: Qatar story, bank access, and Bitcoin ATM payments 23:34 The $50K "activation fee" and the wake-up call from a financial advisor 26:25 Cutting him off—and getting pulled back in by guilt and gaslighting 30:18 How to help victims: listening, tools, and where to get support 33:17 Turning pain into purpose: Beth's book and grieving a romance scam 34:47 Turning Pain Into Purpose: Supporting Romance-Scam Survivors 35:56 Stop Blaming Victims: Changing the Language Around Scams 38:38 "It Can Happen to Anybody": Why Smart People Get Hooked 40:58 Social Engineering 101: How Scams Exploit Different Emotions 42:14 Why McAfee Is Focusing on Consumer Scams (and the AI Factor) 45:43 AI Deepfakes & Low-Cost Tools: The New Scam Industrialization 49:19 Oversharing, Spearphishing & Replay Attacks: How Victims Get Retargeted 53:24 Practical Red Flags: Meeting in Person, Isolation Tactics, Family Checks 57:08 Training the "Kill Chain": Banks, Cashiers, Advisors & Early Intervention 01:00:33 Tech Fighting Tech: Detection, Identity Protection & Digital Assistants 01:02:57 What's Next: Agentic AI, Bigger Attack Surfaces & Trust-and-Safety by Design 01:08:03 Wrap-Up: Start the Conversation, Resources, and Final Thanks

This special Valentine's Day episode of Cybersecurity Today examines romance scams (often called pig butchering) and how fraudsters exploit trust, vulnerability, and loneliness.  Host Jim Love speaks with McAfee Head of Threat Research Abhishek Karnik  about new findings showing the scale and demographics of these scams, including widespread encounters with fake or AI-generated profiles, frequent financial solicitations, and that men are also heavily impacted.  Cybersecurity Today  would like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking stack, wired, wireless and cellular in one integrated solution that's built for performance and scale.  You can find them at Meter.com/cst The episode features survivor Beth Highland's detailed account of being manipulated via Tinder through long-term messaging, an AI video call, forged documents, and a crypto payout scheme that led her to send about $26,000 via Bitcoin ATMs before her financial advisor—trained in romance fraud—helped her recognize the scam and stop further losses, including a demanded $50,000 "activation fee." Beth discusses emotional aftereffects, stigma, reporting, red flags, and her book, "Diary of a Romance Scam:  When Swiping Right Goes Wrong," along with her advocacy work. The conversation broadens to the role of AI in making scams more realistic (deepfakes, voice/video, document generation), the importance of privacy and not overposting, involving trusted family/advisors, institutional training and intervention points along the fraud "kill chain," and using technology and education to detect and reduce scams. LINKS  Beth Hyland's Book - Diary of a Romance Scam: When Swiping Right Goes Wrong https://www.amazon.com/Diary-Romance-Scam-Swiping-Right/dp/1662962843 00:00 Sponsor: Meter's all-in-one networking stack 00:18 Valentine's Day on the dark side: heartbreak meets cybercrime 02:15 Romance scams ("pig butchering") are everywhere—who gets targeted 04:15 McAfee research: fake profiles, AI, and the real victim demographics 07:07 How scammers hook you: profiling, psychology, and long-game manipulation 09:01 Beth's story begins: post-divorce, isolation, and trying Tinder 10:36 The perfect match: mirroring, fast intimacy, and early red flags 14:32 AI video call + the push-pull breakup: emotional control tactics 17:09 The money trap: Qatar story, bank access, and Bitcoin ATM payments 23:34 The $50K "activation fee" and the wake-up call from a financial advisor 26:25 Cutting him off—and getting pulled back in by guilt and gaslighting 30:18 How to help victims: listening, tools, and where to get support 33:17 Turning pain into purpose: Beth's book and grieving a romance scam 34:47 Turning Pain Into Purpose: Supporting Romance-Scam Survivors 35:56 Stop Blaming Victims: Changing the Language Around Scams 38:38 "It Can Happen to Anybody": Why Smart People Get Hooked 40:58 Social Engineering 101: How Scams Exploit Different Emotions 42:14 Why McAfee Is Focusing on Consumer Scams (and the AI Factor) 45:43 AI Deepfakes & Low-Cost Tools: The New Scam Industrialization 49:19 Oversharing, Spearphishing & Replay Attacks: How Victims Get Retargeted 53:24 Practical Red Flags: Meeting in Person, Isolation Tactics, Family Checks 57:08 Training the "Kill Chain": Banks, Cashiers, Advisors & Early Intervention 01:00:33 Tech Fighting Tech: Detection, Identity Protection & Digital Assistants 01:02:57 What's Next: Agentic AI, Bigger Attack Surfaces & Trust-and-Safety by Design 01:08:03 Wrap-Up: Start the Conversation, Resources, and Final Thanks

In this episode of Cybersecurity Today with host Jim Love, we discuss six critical exploited Microsoft vulnerabilities, new phishing tactics using your own servers, and a zero-click vulnerability in Claude's code desktop extensions. We also explore trends in modern romance scams highlighting the younger, tech-savvy adult targets. Tune in for expert insights and practical tips to stay secure. Special thanks to Meter for their support. Hashtag Trending would like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking stack, wired, wireless and cellular in one integrated solution that's built for performance and scale. You can find them at Meter.com/htt 00:00 Introduction and Sponsor Message 00:45 Microsoft Vulnerabilities: A Growing Concern 02:38 Phishing Attacks Using Your Own Servers 04:16 Zero-Click Vulnerability in Claude AI 06:25 Romance Scams: Not Just Targeting the Elderly 09:14 Conclusion and Weekend Edition Teaser

In this episode of Cybersecurity Today, host Jim Love discusses the increasing risks posed by unsupported edge devices in global infrastructure. Highlighted by a recent cyber incident in Poland's energy sector, edge devices are becoming critical vulnerabilities due to their role in network security. The Cybersecurity and Infrastructure Security Agency (CISA) has issued new advisories urging immediate action to update or remove unsupported edge devices. The episode also covers issues with Microsoft Exchange online wrongly flagging legitimate emails as phishing, Google's warning on post-quantum cybersecurity preparedness, and continuing exposures tied to the Open Claw security incident. Meter, a full-stack networking infrastructure provider, sponsors this episode. Cybersecurity Today would like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking stack, wired, wireless and cellular in one integrated solution that's built for performance and scale. You can find them at Meter.com/cst 00:00 Introduction and Sponsor Message 00:20 Unsupported Edge Devices: A Growing Risk 05:33 Microsoft Exchange Phishing False Positives 07:27 Google's Call for Post-Quantum Cybersecurity 09:49 Ongoing Open Claw Security Concerns 12:39 Conclusion and Sponsor Message

In today's episode of Cybersecurity Today, host David Shipley discusses the latest developments and challenges in cybersecurity, including integrating AI into various systems, the rise of AI-driven security flaws, and the violent turn of cryptocurrency crime. The episode highlights a partnership between Open Claw and VirusTotal to scan AI skills for malware, the success of Anthropic's AI in identifying security vulnerabilities, and a violent home invasion linked to cryptocurrency theft. Additionally, the show covers the RCMP's first terrorism-related peace bond for a minor, and New York's proposed moratorium on data center development amidst growing concerns over environmental and economic impacts. Cybersecurity Today would like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking stack, wired, wireless and cellular in one integrated solution that's built for performance and scale. You can find them at Meter.com/cst 00:00 Introduction and Sponsor Message 00:18 AI Agents and Security Challenges 00:49 Open Claw and Virus Total Partnership 05:29 AI in Vulnerability Research 08:00 Cryptocurrency Crime Turns Violent 10:19 Youth Radicalization and Terrorism 12:16 Data Center Moratorium and Energy Policy 13:56 Conclusion and Thank You

Welcome to Cybersecurity Today's Month In Review   Join host Jim Love, alongside cybersecurity experts David Shipley, Laura Payne, and Mike Puglia, as they dive into last month's major topics in the cybersecurity world. This episode covers ongoing issues with Microsoft patches, continuous security concerns with Fortinet, and the risks and ramifications of AI activities. They also discuss the implications of poor software quality and the persistent threats in the cyber world. Plus, hear the latest on Mage Cart scams and the debate over local admin rights. Don't miss this packed episode full of insights and expert analysis. Cybersecurity Today would like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking stack, wired, wireless and cellular in one integrated solution that's built for performance and scale. You can find them at Meter.com/cst 00:00 Introduction and Sponsor Message 00:41 Podcast Achievements and Audience Appreciation 01:36 Introducing the Panel 02:15 Discussion on Microsoft's Patch Issues 04:50 Software Quality and Development Practices 08:43 Challenges in Software Patching and Security 17:36 Fortinet's Continuous Security Issues 29:18 The Rise of Claude Bot and Agent Networks 31:37 Security Concerns and Vulnerabilities 33:34 The Real-World Impact of Cybersecurity Threats 37:34 The Global Cybercrime Landscape 39:37 Challenges and Future of Cybersecurity 50:02 Final Thoughts and Reflections

In this episode of Cybersecurity Today, host Jim Love discusses the latest advancements in AI-driven cyber attacks and their implications for security infrastructure. The episode covers a variety of topics, including the vulnerabilities in OpenClaw Marketplace, a rapid AI-assisted AWS attack, and data breaches linked to the Shiny Hunters group targeting Harvard and the University of Pennsylvania.  From discussing the porous architecture of AI agents to exploring how attackers exploited AWS credentials in unsecured S3 buckets, this episode sheds light on the accelerated risks posed by AI in cybersecurity. Additionally, Jim Love speaks about the critical need for proactive measures and the inadequacies in current security frameworks. Hashtag Trending would like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking stack, wired, wireless and cellular in one integrated solution that's built for performance and scale. You can find them at Meter.com/htt 00:00 Introduction and Sponsor Message 00:20 Open Clause Marketplace and AI Threats 00:46 AI Agents and Security Risks 01:09 OpenClaw's Vulnerabilities 02:06 Malicious Skills in OpenClaw 03:37 Strategies for CIOs 04:38 AWS Breach Accelerated by AI 08:27 Shiny Hunters and University Data Breaches 10:48 Conclusion and Sponsor Message

In this episode of Cybersecurity Today, Jim Love covers major vulnerabilities and security threats, including the exposure of over 3 million Fortinet devices, a critical flaw in Docker's AI assistant, and a sophisticated Android malware campaign using Hugging Face repositories. Discover the latest updates on these critical issues and gain insights into the measures being taken to mitigate these threats. Sponsored by Meter, providing integrated networking solutions for performance and scale. Cybersecurity Today would like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking stack, wired, wireless and cellular in one integrated solution that's built for performance and scale. You can find them at Meter.com/cst 00:00 Introduction and Sponsor Message 00:43 Fortinet Devices Vulnerability 03:35 Docker AI Assistant Security Flaw 06:27 Hugging Face Android Malware Campaign 09:25 Conclusion and Sponsor Message

Cybersecurity Today: Google's Proxy Network Takedown, AI Agent Hijack, and More In today's episode of Cybersecurity Today, host David Shipley covers major cybersecurity stories, including Google's disruption of the massive residential proxy network IP Idea, the hijacking vulnerability of AI agent platform MT Book, and attackers abusing single sign-on platforms. We also delve into the coordinated cyber attack on Poland's energy sector by Russian state-linked actors and the misuse of eScan antivirus updates to deliver malware. Stay informed about the latest in cybersecurity with us! Cybersecurity Today would like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking stack, wired, wireless and cellular in one integrated solution that's built for performance and scale. You can find them at Meter.com/cst 00:00 Introduction and Sponsor Message 00:52 Massive Residential Proxy Network Disrupted by Google 02:41 AI Agent Platform Security Flaw Exposed 04:46 Single Sign-On Platforms Targeted by Attackers 06:28 Coordinated Cyber Attack on Poland's Energy Sector 08:15 Antivirus Software Compromised by Attackers 09:45 Conclusion and Call to Action 10:13 Sponsor Message and Closing Remarks

In this episode of Cybersecurity Today, host Jim Love welcomes David Shipley, CEO of Beauceron Security, as a guest. Together, they delve into the latest research from Beauceron  Security with assistance from he University of Montreal. They discuss the effectiveness of phishing simulations, the importance of reporting suspicious activities, and the psychological factors that lead to clicking on phishing emails. The episode also highlights the surprising advantages small businesses have over larger organizations in phishing defense, and how management's attitude towards cybersecurity significantly impacts a company's overall security culture. Don't miss this thorough, insightful conversation that will change how you think about cybersecurity training and culture! Cybersecurity Today would like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking stack, wired, wireless and cellular in one integrated solution that's built for performance and scale. You can find them at Meter.com/cst 00:00 Introduction and Sponsor Message 00:19 Meet the Guest: David Shipley 01:46 David's Research with University of Montreal 02:17 Phishing Simulation Training Insights 03:16 The Importance of Real Research 04:30 Human Risk Management vs. Security Awareness 05:49 Understanding Phishing and Its Impact 11:10 The Role of Technology and Human Resilience 14:34 Effective Phishing Training Strategies 19:02 Analyzing Click Behavior and Reporting 27:17 Why People Click: Survey Insights 36:07 High Click Rates and Psychological Safety 38:13 Management's Role in Cybersecurity Culture 39:29 Impact of Tenure and Compensation on Click Rates 40:58 The Importance of Security Awareness Programs 43:35 Feedback and Reporting in Cybersecurity 54:12 Small Companies vs. Large Companies in Cybersecurity 56:44 Surprising Findings and Future Directions 01:02:12 Conclusion and Report Availability

In this episode of Cybersecurity Today, host Jim Love explores the burgeoning world of actionable AI agents, examining key developments from companies like Google and Anthropic. The episode delves into the rapid rise of MoltBot, an open-source AI agent tool that has taken the developer community by storm. Jim also highlights the significant security concerns associated with these advanced AI systems, including delegated control, exposable credentials, and the potential for real-world consequences due to misuse. The podcast wraps up with a discussion on the future implications of these technologies and a preview of upcoming research by David Shipley from Beauceron Security on phishing. Brought to you with the support of Meter, delivering integrated networking solutions for optimized performance and scale. Cybersecurity Today would like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking stack, wired, wireless and cellular in one integrated solution that's built for performance and scale. You can find them at Meter.com/cst 00:00 Introduction and Sponsor Message 00:24 Emerging AI Agents: Google and Anthropic 01:59 The Rise of Molt Bot 07:51 Security Concerns with AI Agents 11:09 Looking Ahead: The Future of AI Agents 13:47 Conclusion and Upcoming Episodes

Cybersecurity Today: WhatsApp Privacy Lawsuit, Google's Personal AI, Canada Computers Breach, and Mass Password Leak In this episode, host Jim Love discusses pressing cybersecurity issues, including a lawsuit against WhatsApp for allegedly misleading users about message privacy, concerns over Google's new personal AI and its data security implications, a delayed response to a credit card skimming attack at Canada Computers, and the exposure of 149 million stolen passwords. Sponsored by Meter, the podcast also highlights the risks of using the same passwords and the importance of timely breach responses. Cybersecurity Today would like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking stack, wired, wireless and cellular in one integrated solution that's built for performance and scale. You can find them at Meter.com/cst 00:00 Introduction and Sponsor Message 00:21 WhatsApp Privacy Lawsuit 02:48 Google's Personal AI Security Concerns 05:58 Canada Computers Payment Card Breach 09:10 149 Million Stolen Passwords Exposed 12:16 Conclusion and Sponsor Message