In this episode of Cybersecurity Today, host Jim Love discusses the shocking discovery of over 80,000 leaked credentials and secrets in online code formatting tools with Jake Knott, a principal security researcher from Watchtower. They delve into the vulnerabilities exposed by these tools, the inadvertent leaking of sensitive information, and how attackers can easily exploit these weaknesses. The conversation covers the types of secrets found, the responses from various organizations, and best practices to prevent such exposures. Tune in to understand the critical importance of protecting your credentials and the steps you can take to avoid falling victim to these types of security breaches.

00:00 Introduction and Sponsor Message
00:22 Accidental Data Leaks: A Growing Concern
00:55 Supply Chain Vulnerabilities
01:47 Shocking Discovery: 80,000+ Secrets Exposed
06:29 Interview with Jake Knott from Watchtower
08:19 The Risks of Using Online Tools
28:23 Best Practices and Mitigation Strategies
35:05 Conclusion and Final Thoughts

Cybersecurity Today: Spider-Man Phishing Kit, Gogs Zero-Day Exploits, and Recent Patches

In this episode, host Jim Love discusses recent cybersecurity issues including the Spider-Man phishing kit targeting European banks and cryptocurrency users, a zero-day vulnerability in the self-hosted Git service Gogs, and various security updates. The Spider-Man kit creates highly convincing phishing pages, while the Gogs vulnerability allows remote code execution by exploiting symbolic links. Additionally, updates are covered for a Windows PowerShell zero-day and a zero-click flaw in Google's Gemini Enterprise. The show emphasizes the importance of vigilance and timely patching to mitigate these threats.

00:00 Introduction and Technical Issues
00:20 Sponsor Message: Meter Networking Solutions
00:43 Spider-Man Phishing Kit Targets European Banks
03:13 Gogs Zero-Day Vulnerability Exploited
05:57 Windows PowerShell Zero-Day Patched
08:05 Google Patches Gemini Zero-Click Flaw
10:42 Conclusion and Weekend Show Teaser

Cybersecurity Today: Google Chrome's AI Safety Plan, React2Shell Fixes, & New Ransomware Tactics

In this episode of Cybersecurity Today, host Jim Love discusses Google's new security blueprint for AI-powered Chrome agents, highlighting measures against indirect prompt injections and model errors. Learn about Next JS's new tool for addressing the critical React2Shell vulnerability and the emerging threat from Storm 0249 using EDR tools for ransomware. The episode also covers new data showing manufacturers remain top ransomware targets. Sponsored by Meter.

00:00 Introduction and Sponsor Message
00:22 Google's New Security Plan for Chrome Agents
03:41 Next JS Scanner for React2Shell Vulnerability
05:41 Storm 0249: Malware Hidden in EDR Tools
07:45 Ransomware Targets Manufacturing Sector
09:34 Conclusion and Final Notes