Cybersecurity Today

Android Mirax RAT, North Korea's Friend-Request Hacks, Adobe PDF Zero-Day, and FBI Phishing Takedown | Cybersecurity Today
David Shipley covers multiple trust-based cyber threats: Mirax Android malware pushed via Meta ads posing as free streaming apps, functioning as a remote access trojan and turning infected phones into residential proxies, amid reports of widespread scam advertising on Meta platforms. Researchers link a North Korean APT37 campaign to Facebook friend requests that shift to Messenger and Telegram before delivering a tampered PDF viewer that installs Rock Rat and exfiltrates data via Zoho WorkDrive. Adobe issues an emergency patch for an Acrobat/Reader zero-day where opening a PDF can expose files, seen targeting oil and gas with Russian-language lures. The FBI and Indonesian authorities dismantle the Wall phishing marketplace designed to bypass MFA via session-cookie theft, as similar services quickly rebound. The FBI reports Americans lost nearly $21B to cybercrime in 2025, driven by investment and crypto fraud, with growing AI-enabled scams.
00:00 Headlines And Sponsor
00:57 Mirax Android Proxy Malware
02:47 Meta Scam Ad Machine
05:01 North Korea Friend Request Hack
07:44 Adobe Acrobat Zero Day Patch
10:11 FBI Wall Phishing Kit Takedown
12:28 Why Takedowns And MFA Fall Short
15:02 Cybercrime Losses Hit $21B
18:16 Wrap Up And Thanks
18:55 Meter Sponsor Message

Mythos Sparks Urgent Bank Meetings, AI Shrinks Exploit Windows, CEO Phishing Beats MFA + Crypto Fraud Bust
Cybersecurity Today  would like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking stack, wired, wireless and cellular in one integrated solution that's built for performance and scale.  You can find them at Meter.com/cst
Host David Shipley covers urgent meetings among U.S., Canadian, and U.K. financial leaders after Anthropic's Mythos announcement, with regulators and major banks assessing potential systemic risk; Mythos is described as capable of finding and chaining zero-days and is limited to a preview program (Project Glasswing) with select critical infrastructure and tech firms. The episode highlights how fast vulnerabilities are now exploited, citing a critical Marimo flaw patched in 0.2.3.0 that attackers probed within 9 hours and research showing AI can generate exploits from CVEs in 10–15 minutes. It then details "Venom," an invitation-only phishing-as-a-service targeting executives via QR codes to hijack sessions and register new devices, and Microsoft's warning about Storm-2755 redirecting Canadian paychecks by stealing M365 session cookies and altering direct-deposit details. Finally, Operation Atlantic is summarized: authorities identified 20,000 crypto-fraud victims, froze $12M, and linked $45M in stolen crypto tied to approval phishing.
00:00 Headlines and Sponsor
00:57 Mythos Shakes Finance
04:58 AI Exploit Window Collapses
08:11 Venom Targets Executives
11:54 Payroll Redirect Scam
14:35 Crypto Fraud Takedown
16:47 Wrap Up and Thanks
18:04 Sponsor Outro

AI-Powered AppSec, OWASP Origins, and Anthropic's "Mythos" Model: Jeff Williams on What Changes Next
Cybersecurity Today  would like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking stack, wired, wireless and cellular in one integrated solution that's built for performance and scale.  You can find them at Meter.com/cst
Jim hosts Jeff Williams (Contrast Security co-founder/CTO and former OWASP global chair) for a wide-ranging discussion that begins with Anthropic's new "Mythos" model, described as powerful for finding zero-day vulnerabilities, and expands into how AppSec must evolve. Williams explains Contrast's runtime instrumentation approach, recounts OWASP's early days, the creation of WebGoat and the OWASP Top 10, and notes that many common vulnerabilities persist despite years of maturity models. They debate open source versus commercial security scrutiny, the likely high cost and scalability limits of advanced AI vulnerability discovery, and why finding more bugs matters only if remediation improves too. Williams argues for AI-powered "software factories" with feedback loops, assurance evidence, and runtime monitoring, and flags the EU Product Liability Directive treating software as a product with no-fault liability for security defects, including those from embedded open source.
00:00 AppSec Stuck in Ruts
00:42 Show Intro and Sponsor
01:40 What Contrast Security Does
02:35 OWASP Origins and WebGoat
04:33 Why the Top 10 Persists
06:28 Mythos Model Overview
08:05 Open Source Scrutiny Myth
11:31 Cost and Adoption Barriers
15:04 Finding vs Fixing Bugs
15:55 AI Code Quality Reality
17:46 AI Powered Software Factory
23:11 Building with AI in Practice
25:18 AppSec Metrics and New Approaches
26:42 Staying Optimistic as a CISO
28:00 EU Product Liability Shift
32:13 Bug Bounties in an AI World
34:06 Wrap Up and Outro

Fortinet EMS Zero-Day Exploited, Anthropic's AI Finds Thousands of Bugs, and Iranian Hackers Target US ICS
Cybersecurity Today  would like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking stack, wired, wireless and cellular in one integrated solution that's built for performance and scale.  You can find them at Meter.com/cst
Host David Shipley reports Fortinet issued emergency hotfixes for a new actively exploited FortiClient EMS unauthenticated RCE zero-day (CVE-2026-35616) affecting 7.4.0.5/7.4.0.6, with over 2,000 exposed instances online and a full fix coming in 7.4.0.7. Anthropic says its Claude "Mythos" model (Project Glasswing) has found thousands of high-severity zero days and demonstrated advanced exploit chaining and sandbox escape, but will not be released publicly; it is being used with major partners and funded with up to $100M in credits plus $4M for open-source security. A postmortem details a North Korea–linked social-engineering supply-chain breach of Axios on NPM, part of a broader campaign spreading 1,700+ malicious packages across multiple ecosystems. US agencies warn Iranian-linked hackers are targeting Rockwell/Allen-Bradley PLCs in critical infrastructure. The White House proposes a $707M cut to CISA, reducing staffing while preserving $1.4B for core cybersecurity.
00:00 Headlines and Sponsor
00:55 Fortinet EMS Zero Day
03:21 AI Finds Zero Days
05:56 Axios Supply Chain Breach
08:02 North Korea Package Campaign
10:13 Iran Targets Industrial Control
12:22 CISA Budget Cuts Debate
14:05 Wrap Up and Thanks
14:59 Sponsor Message Meter

Host David Shiple covers major cybersecurity news: investigators attribute a record $285 million April 1 hack of crypto platform Drift Protocol to North Korea, describing a three-week setup involving a fake "Carbon Vote Token," wash trading to inflate value, social engineering to pre-approve backdoored transactions, Drift's removal of a timelock, and rapid collateralized withdrawals that crashed Drift's token and are now tracked by TRM Labs; the report notes North Korea's 2025 crypto theft total of $2.5B and lifetime total surpassing $7B after this incident, alongside mention of a North Korea-linked supply-chain compromise of the widely used Axios package. Stryker Medical says it has fully recovered from a March 11 Iran-linked wiper attack that used a compromised admin account and Microsoft Intune, prompting Microsoft guidance on multi-admin approval for wipes. The FBI labels a suspected China-linked breach of a U.S. surveillance system a "major incident," likening it to the 2024 Salt Typhoon campaign, while Sen. Mark Warner cites staffing cuts and leadership turmoil at CISA. TechCrunch reports embattled compliance startup Delve faces new claims it repackaged an open-source tool (Sim Studio) as its own "Pathways," as Delve denies broader fraud allegations, says it was targeted by a malicious actor, and Y Combinator cuts ties.
Cybersecurity Today  would like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking stack, wired, wireless and cellular in one integrated solution that's built for performance and scale.  You can find them at Meter.com/cst
00:00 Headlines And Sponsor
00:54 North Korea Crypto Heist
01:16 How The Drift Hack Worked
03:20 Bigger DPRK Crypto Trend
04:24 Stryker Wiper Recovery
06:39 China Breach Major Incident
08:38 Policy And Staffing Fallout
09:37 Delve Startup In Crisis
10:29 Stolen Software Allegations
13:12 Delve Fights Back YC Cuts Ties
14:35 Wrap Up And Thanks
15:12 Sponsor Message Meter
00:00 Headlines And Sponsor
00:54 North Korea Crypto Heist
01:16 How The Drift Hack Worked
03:20 Bigger DPRK Crypto Trend
04:24 Stryker Wiper Recovery
06:39 China Breach Major Incident
08:38 Policy And Staffing Fallout
09:37 Delve Startup In Crisis
10:29 Stolen Software Allegations
13:12 Delve Fights Back YC Cuts Ties
14:35 Wrap Up And Thanks
15:12 Sponsor Message Meter