PodcastsBusinessCybersecurity Today

Cybersecurity Today

Jim Love
Cybersecurity Today
Latest episode

454 episodes

  • Cybersecurity Today

    AI-Run Ransomware, New Oracle Critical Flaw, NetNut busted

    2026/07/06 | 14 mins.
    AI-Run Ransomware, New Oracle 9.8 Flaw Exploited, NetNut Proxy Network Busted, and Pegasus Hits EU Spyware Investigator
     
    This episode covers researchers' report of "Jade Puffer," the first ransomware attack run end-to-end by an autonomous AI agent, which exploited a patched Langflow RCE (CVE-2025-3248) but showed flaws like weak AES-128 ECB encryption and an unusable key.
     
    It also warns of active exploitation of a critical Oracle Payments vulnerability (CVE-2026-46817, CVSS 9.8) alongside ongoing fallout from a separate PeopleSoft zero-day (CVE-2026-35273) used by ShinyHunters/UNC6240.
     
    A joint operation involving Google disrupted the NetNut residential proxy botnet, affecting millions of hijacked devices.
     
    Researchers detail a likely $1M extortion-only payment tied to Union County, Ohio, and Citizen Lab reports EU lawmaker Stelios Kouloglou was hacked with Pegasus during spyware-abuse investigations via a HomeKit zero-day.
     
    00:00 Today's Cyber Headlines
    00:55 AI Agent Ransomware Debut
    03:32 Oracle Payments Under Attack
    06:00 NetNut Proxy Network Takedown
    08:29 Million Dollar Data Extortion
    10:50 Pegasus Hits EU Investigator
    12:48 Wrap Up and Sign Off
  • Cybersecurity Today

    Teams battles bots, Bioshocking AI browser guardrails, Fortibleed fuels ransomware

    2026/07/03 | 10 mins.
    Teams cracks down on meeting bots, AI guardrails get bypassed, FortiBleed fuels ransomware, and Nissan confirms PeopleSoft breach
     
    Microsoft rolls out a new Teams admin policy, "Manage External Bots and Their Access to Meetings," to detect third‑party bots, hold them in the lobby with labels, and require organizer approval, with future allow lists, full blocks, reports, and audit logs planned.
     
    Anthropic's Fable 5 returns globally after U.S. export controls are lifted, though higher‑risk requests may be routed to weaker models and Mythos restrictions remain, with Commerce reserving the right to reimpose controls.
     
    Researchers describe "Bioshocking," tricking AI browsers into abandoning guardrails via delusional puzzle prompts, while Adversa AI's "Guardfall" shows how Bash text rewriting can bypass command filters in many coding agents.
     
    SOC Radar links FortiBleed credential theft to InkRansom and Lynx ransomware activity across hundreds of FortiGate portals. Nissan confirms employee data theft tied to a PeopleSoft zero‑day campaign linked to ShinyHunters.
     
    00:00 Today's Cyber Headlines
    00:27 Teams Blocks Meeting Bots
    01:58 Anthropic Fable Returns
    03:22 Bioshocking Browser Attack
    05:09 Guardfall Shell Bypass
    06:51 FortiBleed Fuels Ransomware
    07:59 Nissan PeopleSoft Breach
    10:10 Wrap Up And Sign Off
  • Cybersecurity Today

    US puts $10m bounty on Russian hackers, new phish hunts hotels, Supreme Court reins in geofencing

    2026/07/01 | 11 mins.
    US Puts $10M Bounty on Russian Hackers, Supreme Court Limits Geofence Warrants, New phishing campaign targets hotels, AI Coding Agents Tricked into Malware and Canada's Electronic Spies Go After Ransomware Gangs. 
    The episode covers the US State Department's up to $10 million reward for information on Russia-linked hacker groups UNC 5792 and UNC 4221 tied to phishing campaigns that compromise Signal and WhatsApp accounts by stealing Signal backup recovery keys. 
    It also explains a US Supreme Court 6–3 ruling limiting geofence warrants by recognizing Fourth Amendment privacy protections for phone location data and requiring probable cause and narrower requests. 
    Mozilla ODIN researchers demonstrate a proof of concept where a clean GitHub repo can cause AI coding agents to run an init command that executes attacker-controlled code via DNS and opens a reverse shell.
    A hotel-focused phishing campaign using Calendly and Google redirects delivers ZIP files that install the Tonrat implant through PowerShell and a user-space Node.js runtime. 
    Finally, Canada's CSE says it disrupted infrastructure used by 10 major ransomware groups and reports incident volumes rising nearly 26% year over year.
    00:24 Top Headlines Rundown
    00:54 10 Million Bounty Russian Hackers
    02:42 Supreme Court Limits Geofence Warrants
    03:56 AI Coding Agent Repo Trap
    05:31 Listener Thanks And Reviews
    05:51 Hotel Front Desk Phishing Attack
    08:01 Canada Disrupts Ransomware Gangs
    09:45 Closing And Sign Off
  • Cybersecurity Today

    US Restricts Frontier AI models

    2026/06/29 | 11 mins.
    US Loosens Anthropic Claude Mythos Access, Unpatchable iPhone Exploit Emerges, and CISO Burnout Drives Fractional Shift
    Washington granted a partial reprieve allowing Anthropic's Claude Mythos to be released to more than 100 approved U.S. firms and institutions after export controls paused Mythos and the more restricted Fable 5, with access still limited to vetted American entities; the same day, OpenAI's GPT 5.6 was also restricted to government-approved partners under a Trump executive order requiring review of cyber-capable models. 
    The episode also covers Canadian hacktivist Aubrey Cottle's 18-month sentence for the 2021 Texas GOP hack and bail breaches, with possible U.S. charges pending. Researchers disclosed "USBliterate," an unpatchable physical USB exploit in the Secure ROM of older A12/A13 iPhones that aids forensic extraction.
    Finally, a survey finds rising CISO burnout, fewer full-time CISOs, growth in fractional CISO roles, and AI—especially shadow AI—overtaking liability as the top stressor.
    00:55 AI Export Controls Shift
    03:37 Anonymous Hacker Sentenced
    05:32 Unpatchable iPhone Boot Exploit
    07:30 CISO Burnout And Exodus
    09:40 Wrap Up And Sign Off
  • Cybersecurity Today

    Why Car Dealerships Are Prime Cyber Targets: Fraud, Resilience, and Security Leadership with Jennifer Hutton

    2026/06/27 | 37 mins.
    Cybersecurity Today would like to than Material Security for their support of this podcast. 
    On Cybersecurity Today on the Weekend, the host speaks with Jennifer Hutton, a cybersecurity leader in the car dealership sector, about how she entered cybersecurity through increasing cyber insurance requirements and why dealerships are prime targets because they hold bank-level sensitive data and run complex digital and IoT ecosystems. They discuss the rise of cyber-enabled fraud, including impersonation scams, smishing, and synthetic identity fraud, and the need to educate both employees and customers. Hutton describes gaps in industry resources, especially for smaller dealers, and contrasts regulatory pressures such as updated FTC safeguards rules in the U.S. She emphasizes servant leadership, empathy, and communicating risk in business terms, arguing that cyber risk is business risk. The conversation also covers supply chain disruption from the CDK ransomware incident and the importance of incident response, business continuity, and resiliency-focused planning.
    00:00 Weekend Show Kickoff
    01:14 Jennifer's Cyber Origin
    02:53 Why Dealerships Are Targets
    04:30 Scams And Synthetic IDs
    08:32 Industry Gaps And Sharing
    10:42 Regulation And Tech Shift
    13:48 Leading With Business Risk
    21:29 Servant Leadership And AI
    25:21 Empathy In Tech Teams
    28:16 CDK Ransomware Lessons
    29:53 Resilience Over Prevention
    32:08 Advice To Dealership Leaders
    34:49 Closing Thanks
More Business podcasts
About Cybersecurity Today
Updates on the latest cybersecurity threats to businesses, data breach disclosures, and how you can secure your firm in an increasingly risky time.
Podcast website

Listen to Cybersecurity Today, Aspire with Emma Grede and many other podcasts from around the world with the radio.net app

Get the free radio.net app

  • Stations and podcasts to bookmark
  • Stream via Wi-Fi or Bluetooth
  • Supports Carplay & Android Auto
  • Many other app features
Cybersecurity Today: Podcasts in Family