Cybersecurity Today

CISA has ordered U.S. federal civilian agencies to urgently patch an actively exploited critical Drupal SQL injection vulnerability (CVE-2026-9082) affecting PostgreSQL-backed Drupal deployments, after Imperva reported more than 15,000 attack attempts across 65 countries. Microsoft has confirmed a strange Windows Server 2016 update issue where KB5087537 can break domain controller discovery when server hostnames are exactly 15 characters long, raising more questions about patch reliability as update complexity grows.
Google has joined a coalition opposing Canada's proposed lawful access legislation, Bill C-22, warning that secret ministerial orders, possible encryption risks, and mandatory metadata retention could weaken security rather than improve it. Critics point to the Salt Typhoon telecom espionage campaign as evidence that lawful intercept systems themselves can become prime targets.
Also in this episode: Check Point says Iran-linked threat group Nimbus Manticore has deployed new malware tools including MiniFast and MiniJunk V2, with researchers noting signs that MiniFast may have been developed with AI-assisted coding techniques. The campaign used SEO poisoning and fake Oracle SQL Developer downloads to lure victims.
Timestamps:
00:00 Top Headlines Rundown
00:27 Emergency Drupal Patch Order
02:22 Microsoft Server Update Bug
04:02 Canada Lawful Access Battle
05:18 Google's Security Concerns
06:25 Salt Typhoon Lessons
07:35 Iran-Linked AI Malware
09:26 SEO Poisoning Attack
10:09 Wrap Up and Sign Off

Is AI about to trigger a cybersecurity vulnerability explosion?
In this episode of Cybersecurity Today, David Shipley examines what some researchers are calling the early signs of a "vulnerability apocalypse" as Anthropic's Claude-powered Project Glasswing identifies thousands of potential software flaws at machine speed.
The episode breaks down the real numbers behind the hype: over 10,000 candidate vulnerabilities flagged, 1,726 confirmed high or critical findings, 97 patched issues, and the growing concern that AI-driven bug hunting could overwhelm already stretched security teams. One example: a critical WolfSSL certificate forgery vulnerability (CVE-2026-5194, CVSS 9.1).
Also in this episode: Canadian authorities arrest Ottawa suspect Jacob Butler, also known as "Dort," allegedly linked to the Kim Wolf botnet operation blamed for nearly 30 terabits-per-second distributed denial-of-service (DDoS) attacks and more than 25,000 incidents.
We also cover active exploitation of a Ghost CMS SQL injection vulnerability (CVE-2026-26980), with attackers reportedly compromising hundreds of websites using ClickFix malware lures, including high-profile targets.
And finally, an Iran-linked cyber espionage campaign dubbed "Screening Serpents" uses highly personalised fake recruitment approaches to target aerospace, defence, and telecom professionals with new remote access malware.
If you work in cybersecurity, infrastructure, or IT leadership, this is one to watch.
00:00 Vunpocalypse Headlines
00:28 AI Finds Vulnerabilities
01:32 False Positives and Costs
02:39 WolfSSL Critical CVE
03:51 Patch Volume Pressure
04:28 Kim Wolf Botnet Arrest
05:13 Botnet Scale and Swatting
06:48 International Takedowns
07:41 Ghost CMS Mass Exploits
09:07 ClickFix Infection Chain
10:25 How to Remediate Ghost
10:39 Iran Spear Phishing Ops
12:51 Closing and Sign Off
#Cybersecurity #CyberSecurityToday #AIsecurity #GhostCMS #DDoS #CyberEspionage #Anthropic #ClaudeAI #IranCyberThreat #InfoSec

HP is investigating reports that a BIOS update pushed through Windows Update is leaving some premium business laptops stuck in boot loops, raising fresh questions about automated firmware updates and recovery safeguards.
Jim Love covers five tech stories for Monday, May 25, 2026. HP is dealing with complaints from users of ZBook Ultra G1a and EliteBook X G1a laptops after a BIOS update reportedly caused crashes, freezing, and repeated boot failures. In AI, the economics are starting to look less magical: Microsoft is reportedly replacing many internal Anthropic Claude coding licences with GitHub Copilot CLI, while reports suggest Uber exhausted its annual AI coding budget in just four months. Starbucks has shut down its North American AI-powered computer vision inventory pilot after operational complexity in real stores proved harder than expected. And the Financial Times reports consulting firms are facing client pressure to abandon traditional hourly billing as AI changes how knowledge work is priced and delivered.
If you work in enterprise IT, AI strategy, digital transformation, or business technology, this episode looks at where the hype is meeting operational reality.
00:00 Today's Tech Headlines
00:29 HP BIOS Update Boot Loops
02:05 The Real Cost of AI Coding
04:21 Starbucks Scraps AI Inventory
05:45 AI and the Hype Cycle Reality Check
07:23 Consulting Firms Under AI Pressure
08:55 Wrap Up and Support the Show
#AI #ArtificialIntelligence #HP #Starbucks #Microsoft #GitHubCopilot #Anthropic #EnterpriseIT #TechNews #HashtagTrending

The episode recounts how GitGuardian security researcher Guillaume Valadon, while monitoring public GitHub for leaked secrets, discovered a publicly accessible repository labeled "CISA-Private" containing highly sensitive CISA materials, including internal DHS/CISA credentials, cloud keys, tokens, plaintext passwords, logs, and files such as "Important AWS Tokens" and a CSV listing usernames and passwords for internal systems. Believing a contractor likely used GitHub to move work from a work device to a home device, Valadon escalated via responsible disclosure to CERT, then involved journalist Brian Krebs to reach CISA faster when the repo remained public. 
After additional outreach, the repository was made inaccessible within about a day, and Valadon praises CISA's response speed. The discussion emphasizes widespread poor secret hygiene, governance, training, and the need for organizations to monitor, rehearse, and automate detection and revocation of leaked secrets.
Cybersecurity Today would like to thank Material Security for sponsoring this podcast. Material Security provides faster, more complete detection and response for email, identity, and data threats inside Google Workspace and Microsoft 365. You can contact them at material[dot]security.
00:00 Weekend Welcome Sponsor
00:27 CISA Secrets Leak Found
03:29 Calling Brian Krebs
05:06 Meet GitGuardian Researcher
07:26 Why Leaks Happen Everywhere
10:49 Inside the CISA Repo
13:19 Disclosure and Takedown
17:04 Lessons for Organizations
22:47 Aftermath and Thanks
24:36 Show Wrap Sponsor Outro

GitHub confirms a major supply chain breach after a malicious Visual Studio Code extension reportedly gave attackers linked to TeamPCP access to roughly 3,800 internal repositories. The bigger issue: developer workstations now hold some of the most sensitive secrets in modern software organizations.
Also today: Microsoft begins phasing out SMS-based authentication for personal accounts, calling text-message authentication a growing fraud risk as it shifts toward phishing-resistant passkeys. Researchers also disclose a nine-year-old Linux privilege escalation flaw, CVE-2026-46333, nicknamed SSH-Keysign-Pwn, which can allow root-level access with local machine access. And Proton publicly threatens to leave Canada rather than comply with proposed surveillance legislation it says would undermine its no-logs privacy promise.
Cybersecurity Today would like to thank Material Security for sponsoring this podcast. Material Security provides faster, more complete detection and response for email, identity, and data threats inside Google Workspace and Microsoft 365. You can contact them at material[dot]security.
If cybersecurity, privacy, and digital infrastructure matter to your business, this is the daily briefing you need.

Timestamps:
00:00 Top Stories Rundown
00:24 GitHub Supply Chain Breach
01:09 Developer Workstations at Risk
02:31 Microsoft Ditches SMS MFA
04:15 Linux Root Escalation Flaw
06:11 Proton vs Canada Surveillance Bill
08:03 Wrap Up and Sign Off
#cybersecurity #github #microsoft #linux #protonvpn #privacy #databreach #supplychainattack #infosec #cybernews