In this episode of Cybersecurity Today, host David Shipley discusses significant developments in the cybersecurity landscape. Apple releases security updates to address two actively exploited WebKit vulnerabilities. Scammers manipulate AI-powered search tools to recommend fake support numbers, reflecting a growing security risk. Bitdefender uncovers malware hidden in torrent subtitles for the movie 'One Battle After Another.' Lastly, an AI named Artemis outperforms human penetration testers in a Stanford hacking experiment, highlighting the evolving role of AI in cybersecurity. Also included are insights on the implications of these events for future cybersecurity challenges.

Cybersecurity Today would like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking stack, wired, wireless and cellular in one integrated solution that's built for performance and scale.

You can find them at Meter.com/cst

00:00 Introduction and Sponsor Message
00:52 Apple's Urgent Security Updates
03:24 AI-Powered Scams: A Growing Threat
06:59 Malware Hidden in Torrents
10:03 AI Outperforms Human Pen Testers
13:25 Conclusion and Contact Information

In this episode of Cybersecurity Today, host Jim Love discusses the shocking discovery of over 80,000 leaked credentials and secrets in online code formatting tools with Jake Knott, a principal security researcher from Watchtower. They delve into the vulnerabilities exposed by these tools, the inadvertent leaking of sensitive information, and how attackers can easily exploit these weaknesses. The conversation covers the types of secrets found, the responses from various organizations, and best practices to prevent such exposures. Tune in to understand the critical importance of protecting your credentials and the steps you can take to avoid falling victim to these types of security breaches.

00:00 Introduction and Sponsor Message
00:22 Accidental Data Leaks: A Growing Concern
00:55 Supply Chain Vulnerabilities
01:47 Shocking Discovery: 80,000+ Secrets Exposed
06:29 Interview with Jake Knott from Watchtower
08:19 The Risks of Using Online Tools
28:23 Best Practices and Mitigation Strategies
35:05 Conclusion and Final Thoughts

Cybersecurity Today: Spider-Man Phishing Kit, Gogs Zero-Day Exploits, and Recent Patches

In this episode, host Jim Love discusses recent cybersecurity issues including the Spider-Man phishing kit targeting European banks and cryptocurrency users, a zero-day vulnerability in the self-hosted Git service Gogs, and various security updates. The Spider-Man kit creates highly convincing phishing pages, while the Gogs vulnerability allows remote code execution by exploiting symbolic links. Additionally, updates are covered for a Windows PowerShell zero-day and a zero-click flaw in Google's Gemini Enterprise. The show emphasizes the importance of vigilance and timely patching to mitigate these threats.

00:00 Introduction and Technical Issues
00:20 Sponsor Message: Meter Networking Solutions
00:43 Spider-Man Phishing Kit Targets European Banks
03:13 Gogs Zero-Day Vulnerability Exploited
05:57 Windows PowerShell Zero-Day Patched
08:05 Google Patches Gemini Zero-Click Flaw
10:42 Conclusion and Weekend Show Teaser

Cybersecurity Today: Google Chrome's AI Safety Plan, React2Shell Fixes, & New Ransomware Tactics

In this episode of Cybersecurity Today, host Jim Love discusses Google's new security blueprint for AI-powered Chrome agents, highlighting measures against indirect prompt injections and model errors. Learn about Next JS's new tool for addressing the critical React2Shell vulnerability and the emerging threat from Storm 0249 using EDR tools for ransomware. The episode also covers new data showing manufacturers remain top ransomware targets. Sponsored by Meter.

00:00 Introduction and Sponsor Message
00:22 Google's New Security Plan for Chrome Agents
03:41 Next JS Scanner for React2Shell Vulnerability
05:41 Storm 0249: Malware Hidden in EDR Tools
07:45 Ransomware Targets Manufacturing Sector
09:34 Conclusion and Final Notes

Explosive React Vulnerability and AI Tool Flaws Uncovered: Major Implications for Cybersecurity

In this episode of Cybersecurity Today, host David Shipley discusses a new significant React vulnerability, React2Shell, that has caused widespread confusion and debate in the security community. This major flaw, affecting a widely used web framework, poses significant risks like remote code execution and malware deployment across numerous organizations. The episode also highlights flaws in AI coding tools discovered by researcher Ari Marzouk, which could compromise integrated development environments (IDEs) and software supply chains. Additionally, a ransomware breach at Marquis Software Solutions, impacting over 70 US banks and credit unions, is examined. Emphasis is placed on the critical need for robust security culture and proactive measures in the face of evolving threats.

Cybersecurity Today would like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking stack, wired, wireless and cellular in one integrated solution that's built for performance and scale.

You can find them at Meter.com/cst

00:00 Introduction and Sponsor Message
00:43 React Flaw Drama: A Deep Dive
04:58 AI Coding Tools: New Vulnerabilities
08:04 Ransomware Breach in Financial Sector
10:27 Conclusion and Call to Action

Cybersecurity Today: The Rise of Living Off the Land Strategies & More

In this episode of Cybersecurity Today's Month in Review, host Jim Love is joined by Laura Payne from White Tuque and David Shipley from Beauceron Security. They discuss several pressing cybersecurity issues, including the growing threat of 'living off the land' strategies where attackers use legitimate software to stay undetected, the risks associated with public Wi-Fi and QR codes, and the recent breaches involving Oracle's E-Business Suite and SonicWall's management devices. The panel also reflects on the often conflicting cybersecurity advice circulating today and emphasizes the importance of nuanced communication in security practices. Plus, find out who wins the 'Stinky' award for cybersecurity blunders and what you can do to stay safe. Special thanks to Meter for supporting this podcast. Tune in for a deep dive into these crucial cybersecurity topics and more.

00:00 Introduction and Sponsor Message
00:19 Welcome and Guest Introductions
00:50 Unique Coffee Partnership
02:27 Living Off the Land: Cybersecurity Tactics
04:33 Social Engineering and AI Threats
13:51 The Role of Social Media in Cyber Fraud
20:05 Microsoft's New Teams Feature: A Security Risk?
26:39 Oracle Vulnerability and Enterprise Security
27:26 Patching Core Systems: Challenges and Necessities
28:12 Clop Ransomware: A Persistent Threat
29:09 University Data Breaches: The Case of U Penn
30:18 Security Culture and Leadership Accountability
33:49 Debunking Security Myths: Juice Jacking and QR Codes
39:15 Public WiFi and VPNs: Proceed with Caution
41:18 The Importance of Effective Cybersecurity Communication
48:33 SonicWall Security Concerns and the Stinkies Awards
51:13 Wrapping Up: Reflections and Future Episodes

In this episode of 'Cybersecurity Today,' host Jim Love discusses several significant cybersecurity issues. Highlights include a maximum severity vulnerability in React Server Components dubbed React2Shell (CVE-2025-55182), a recently patched Windows shortcut flaw by Microsoft, and new attacks using the Evilginx phishing platform in schools. Additionally, the show explores a long-running campaign by 'Shady Panda,' which used browser extensions to harvest data, and an unexpected failure by Google's AI tool that led to the deletion of a developer's hard drive. The episode also thanks Meter for their continued support.

00:00 Introduction and Sponsor Message
00:48 React Vulnerability: React2Shell
03:13 Microsoft's Long-Standing Shortcut Flaw
04:50 Evilginx: Bypassing MFA in Education
06:59 Shady Panda's Malicious Extensions
09:13 Google's AI Mishap: Developer's Hard Drive Wiped
11:01 Conclusion and Final Thoughts

This episode of Cybersecurity Today, hosted by Jim Love, delves into various cybersecurity threats and latest news. Topics include 'living off the land' attacks using Microsoft's native utilities, spoofing Calendly invites for phishing Google and Meta credentials, a significant breach at the University of Pennsylvania linked to Oracle E-Business Suite vulnerabilities, and findings on AI jailbreaks tied to syntactic patterns by researchers from MIT, Northeastern University, and Meta. The episode emphasizes the ongoing challenges and evolving strategies in cybersecurity.

00:00 Introduction and Sponsor Message
00:43 Living Off the Land Attacks Explained
03:41 Fake Calendly Invites and Phishing Campaigns
05:47 Oracle Breach and Its Implications
07:55 AI Jailbreaks and Syntax Hacking
11:27 Conclusion and Final Thoughts