Cybersecurity Today

Most people never think about root certificates. But almost everything online depends on them.
This week, Microsoft Defender made a move that sounds small on the surface — removing a root certificate from Windows computers. In reality, it's the kind of action that can quietly ripple across systems, applications, and entire trust chains.

Because when a root certificate is no longer trusted, everything tied to it becomes questionable too.
This isn't just a security update. It's a reminder of how fragile the foundation of the internet actually is — and how much power sits with the companies that control those trust decisions. At the same time, it raises a bigger question. Who gets to decide what is "trusted"?
In this episode, we unpack what actually happened, why Microsoft made the call, and what it reveals about the current state of cybersecurity — where threats move fast, responses are increasingly aggressive, and the line between protection and disruption is getting thinner.
Because sometimes, securing the system means breaking parts of it.
In this episode, we get into:
What a root certificate actually is (and why it matters)
Why Microsoft Defender removed it — and what triggered the decision
How this affects apps, websites, and enterprise systems
The hidden risks inside certificate trust chains
And the growing power of platform-level security decisions

Chapters
00:00 The invisible layer of trust
01:05 What just got removed
03:20 Why Microsoft stepped in
06:00 What breaks when trust is revoked
08:40 The bigger security shift
11:10 Who controls the internet's trust layer

Connected cars are no longer just vehicles — they are rolling networks of sensors, cameras, microphones, and constant data transmission.
In this Cybersecurity Today Weekend Edition, David Shipley is joined by former CSIS intelligence officer Neil Bisson and cybersecurity expert Federico Simonetti to break down what that really means.
They explain how modern vehicles:
Continuously report location, behaviour, and system data to the cloud
Contain dozens of interconnected computers controlling everything from steering to braking
Can be vulnerable to man-in-the-middle attacks, remote access, and system compromise
May expose drivers to surveillance — not just by companies, but potentially by nation states
The conversation goes beyond theory. Real-world examples are discussed, including:
Remote vehicle manipulation demonstrated by security researchers
How infotainment systems can become entry points to critical controls
Why some countries are already restricting certain vehicles from sensitive locations
The panel also tackles the bigger issue:
This is not just about one country or one manufacturer. Every connected vehicle expands the attack surface.
And while solutions exist — from better authentication to architectural changes — the challenge is no longer technical. It's political, economic, and global.
If you think your car is just transportation, this discussion may change your perspective.
00:00 Connected Cars: More Than Just Vehicles
01:20 Meet the Panel: Intelligence and Cybersecurity Perspectives
03:10 Every Car Is Now a Networked Computer
06:00 Surveillance Risks: Are Cars "Rolling Spy Vans"?
09:10 What Intelligence Agencies Can Do With Car Data
12:30 Sensors, GPS, Cameras — What Your Car Collects
16:20 Real Example: Tesla Camera Privacy Incident
19:00 Can Hackers Take Control of a Car?
22:30 Real-World Hacks: Jeep and Nissan Cases
26:40 The Regulatory Gap: No Enforced Cybersecurity Standards
30:10 Why Governments Are Struggling to Act
34:00 Cheap EVs vs National Security Risks
37:40 Can Software Fix the Problem?
41:20 Global Response: China, US, and Europe
45:10 Policy Ideas: Kill Switches, Car Bill of Rights
49:00 Prevention vs Detection in Cybersecurity
52:30 Are We Already Too Exposed?
55:10 Final Thoughts: Can Connected Cars Be Made Safe?

A U.S. federal investigation into WhatsApp encryption was shut down before reaching a conclusion — after an internal claim suggested Meta systems may access message content in ways that conflict with public descriptions.
In this episode of Cybersecurity Today, Jim Love breaks down what's known, what isn't, and why the story isn't going away.
Also in this episode:
A newly disclosed Linux vulnerability (CVE-2026-31431) allows an unprivileged local attacker to gain root permissions — using a flaw that may have existed since 2017
BlueKit, a new phishing toolkit, shows how AI is now being built directly into cybercrime platforms
More than three million Alberta voter records exposed after being posted online — not by hacking, but by alleged misuse of legally distributed data
These stories highlight a growing pattern: the biggest risks aren't always new attacks — they're often hidden in how systems are designed, used, and trusted.
Chapters:
00:00 WhatsApp encryption investigation shut down
02:15 Linux "copy fail" root vulnerability explained
04:30 BlueKit AI phishing platform
06:30 Alberta voter data leak
Cybersecurity Today delivers clear, factual reporting on the stories that matter to IT professionals, business leaders, and anyone responsible for protecting data and systems.

A major open source Python tool was hijacked in a supply chain attack, exposing developer credentials, cloud secrets, and crypto wallets. Meanwhile, the FTC says Americans lost more than $2.1 billion to scams that began on social media, with Facebook leading reported losses.
Cybersecurity Today thanks Meter for supporting this podcast. Meter delivers a complete networking stack — wired, wireless, and cellular — in one integrated solution built for performance and scale. Learn more at Meter.com/cst.
Also in today's Cyber Security Today:
Brazilian hackers return with fake Minecraft cheat downloads carrying credential-stealing malware
A new ransomware strain destroys victim files so badly even paying the ransom may not help
North Korean threat actors target crypto executives using fake Zoom and Teams meetings powered by AI deception tactics
If you work in IT, cybersecurity, finance, or simply want to stay safe online, this episode breaks down what matters and what to watch next.
Stories covered in this episode are based on reporting summarized in the show transcript.
 
#cybersecurity #ransomware #scams #python #hacking #northkorea #cryptocurrency #malware #technews

A rogue cyber weapon drove through Toronto blasting scam texts to thousands of phones. A major U.S. critical infrastructure provider confirms a cyberattack. And researchers reveal that Stuxnet may not have been the first cyber weapon after all.
In today's Cybersecurity Today with David Shipley:
• First known SMS blaster case in Canada uncovered in Toronto
• Itron, a major utility technology supplier, discloses cyber intrusion
• Researchers say a 2005 malware campaign predates Stuxnet
• Venezuela energy sector attack reveals destructive "Lotus Wiper" malware
• Why AI-powered attacks may change critical infrastructure risk forever
If you care about cybersecurity, nation-state threats, infrastructure risk, and real-world attacks, this episode is essential listening.
Hosted by David Shipley.
Cybersecurity Today thanks Meter for supporting this podcast. Meter delivers a complete networking stack — wired, wireless, and cellular — in one integrated solution built for performance and scale. Learn more at Meter.com/cst.
Chapters
00:00 Intro
00:36 Toronto SMS Cyber Weapon
05:12 Critical Infrastructure Supplier Hit
09:28 Stuxnet History Rewritten
14:32 Venezuela Energy Sector Attack
19:05 Final Thoughts
#Cybersecurity #Stuxnet #CyberAttack #Toronto #CriticalInfrastructure #Hacking #Itron #CyberNews #DavidShipley