Cybersecurity Today

Cisco Source Code Stolen in Trivy Fallout, Axios Supply Chain Attack, and Active Exploitation of Fortinet and Citrix Flaws
David Shipley reports multiple major security incidents: attackers used credentials stolen in the Trivy supply-chain attack via a malicious GitHub action to breach Cisco's internal development environment, clone 300+ GitHub repos, steal source code (including AI products) and AWS keys, and impact customer-related code; Cisco contained the breach, re-imaged systems, and rotated credentials. A separate supply-chain attack hit the widely used JavaScript library Axios after its maintainer account was compromised, pushing poisoned NPM versions that installed a dropper/RAT via a fake dependency; users are told to downgrade affected versions, remove the dependency, rotate credentials, and review CI/CD logs. Active exploitation is confirmed for a Fortinet FortiClient EMS SQL injection (CVE-2026-21643) and for critical Citrix NetScaler flaws (CVE-2026-3055, possibly alongside CVE-2026-4368). Anthropic accidentally exposed details of a new model, "Code Mythos," described as highly capable in reasoning, coding, and cybersecurity. Finally, TechCrunch reports escalating allegations that compliance startup Delve helped fabricate audit evidence and worked with weak auditors. The episode also marks show episode 1,500.
00:00 Headlines and Sponsor
00:54 Cisco Trivy Breach
02:28 Axios NPM Attack
04:12 Fortinet SQLi Exploited
06:24 Citrix Bleed Returns
08:05 Anthropic Model Leak
10:24 Fake Compliance Scandal
12:30 Episode 1500 Milestone
14:03 Sponsor Closing Message

Mac Malware 'Infinity Stealer,' DarkSword iOS Exploits, China Telecom Espionage & TeamTNT Supply Chain Hits
Cybersecurity Today would like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking stack, wired, wireless and cellular in one integrated solution that's built for performance and scale. You can find them at Meter.com/cst
David Shipley reports from Seoul on major threats: Malwarebytes details Infinity Stealer, a new macOS info-stealer delivered via "ClickFix" social engineering and built as a compiled Python payload (Nuitka) that steals browser credentials, Keychain data, crypto wallets, and developer secrets while notifying attackers via Telegram. Proofpoint links Russia-aligned TA446 (Cold River/Star Blizzard) to spear-phishing using the DarkSword iOS exploit kit to deliver GhostBlade, with DarkSword now leaked on GitHub and Apple pushing unusual on-device warnings for vulnerable iOS versions. Rapid7 describes China-linked "Red Menshen" using the kernel-level BPFdoor backdoor to persist in global telecom networks. TeamTNT compromises the Telnyx PyPI package with WAV-steganography payloads that steal secrets and target Kubernetes. Iran-linked activity includes a symbolic FBI director email breach and escalating, deliberate healthcare disruption via attacks on Stryker and a Pay2Key incident.
00:00 Show Intro and Sponsor
00:53 Mac ClickFix Stealer
03:25 Dark Sword iOS Exploits
06:30 China Telecom Backdoor
08:47 TeamTNT PyPI Supply Chain
12:20 Iran Cyber and Healthcare
17:41 Wrap Up and Thanks
18:43 Sponsor Message

RSAC Recap: Agentic AI Takes Over, Security Funding Shifts, and Why CISOs Must Focus on Resilience
Cybersecurity Today  would like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking stack, wired, wireless and cellular in one integrated solution that's built for performance and scale.  You can find them at Meter.com/cst
Jim Love and co-host David Shipley recap the RSA Conference in San Francisco, noting that "zero trust" marketing has faded and "agentic AI" (especially "agentic SOC") dominated vendor messaging. David highlights a major market shift: AI is pressuring cybersecurity company valuations and could reduce funding, accelerate consolidation, and raise security costs due to heavy compute requirements, even as demand increases. They discuss how AI disproportionately benefits attackers, including new phishing-as-a-service capabilities, while organizations cut security hiring in anticipation of AI gains. David's standout booth, MindGuard, used a 1990s metaphor to argue AI security is as immature as cybersecurity was decades ago. He also interviews Commvault CSO Bill O'Connell on the evolving CISO role, communicating risk, the importance of recovery and "ResOps," and celebrating CISOs, including Time magazine's CISO of the year concept.
00:00 Weekend Show Kickoff
00:46 RSAC Recap Setup
01:06 Zero Trust Is Dead
01:48 Agentic SOC Everywhere
03:41 AI Shifts Security Valuations
06:55 Peak Security And Consolidation
07:55 Costs And Layoffs Warning
09:35 Attackers Gain The Edge
11:48 RSAC Booth Spectacle
13:39 MindGuard Nineties Metaphor
15:40 Commvault CISO Interview Begins
17:22 Backup To Cyber Resilience
18:04 Modern CISO Role Evolution
19:55 Translating Risk For Leaders
21:44 Risk Versus FUD
22:22 AI Hype And CISO Relevance
23:29 Defining AI And Controls
24:33 Agentic AI And Backups
25:49 Resilience Over Prevention
27:52 ResOps And Practicing Recovery
31:06 Advice For New CISOs
33:30 Celebrating The CISO Role
35:43 Is The Job Worth It
37:06 Host Wrap And Audience Feedback
39:18 Korea Trip And Show Signoff
40:13 Sponsor Message And Closing

Anonymous Tip System Breach Exposes Millions of Records, Google Warns Q-Day by 2029, and New AI Documentation Supply-Chain Risks
Cybersecurity Today  would like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking stack, wired, wireless and cellular in one integrated solution that's built for performance and scale.  You can find them at Meter.com/cst
Jim Love reports that a breach at P3 Global Intel, whose tip-submission systems are used by police, government agencies, and schools, allegedly exposed over 8 million submissions including highly sensitive personal data and raised concerns about anonymity due to features that could disclose tipster IP information; the company says it has not confirmed misuse. Google warns "Q Day," when quantum computers could break widely used public-key encryption, may arrive as early as 2029, intensifying urgency around "harvest now, decrypt later" and adoption of post-quantum cryptography standards. The episode also highlights AI-era supply-chain threats where community-generated documentation can be poisoned with indirect prompt injections that influence AI-generated code, and notes upcoming GitHub Copilot policy changes to use prompts and code context from certain users for training unless they opt out, making data governance critical.
00:00 Headlines And Sponsor
00:45 Anonymous Tip Line Breach
03:42 Quantum Q Day Timeline
06:10 Poisoned Documentation Attacks
08:57 Copilot Training Data Changes
10:27 Wrap Up And Meter Thanks

RSAC: Retiring "APT," FCC's US-Made Router Ban, Zoom Call Scraping, Iran-Targeting Wiper, and Cyber Terrorism Insurance
From RSAC 2026, host David Shipley highlights ESET researcher Robert Lipowsky's argument to retire the overused "advanced persistent threat" label and instead describe actors by motivation and activity, noting blurred lines between nation-state and criminal tooling. He also reports RSAC vendor trends (zero trust fading, "agentic AI" everywhere) and standout booth themes. In Washington, the FCC bans authorization of any new Wi‑Fi router models not made in the United States, citing supply-chain risk and attacks like Volt Flax and Salt Typhoon, impacting an industry largely manufacturing abroad unless exemptions are granted with plans to reshore. The episode details Webinar TV allegedly joining public Zoom links to record calls and publish AI-generated podcast recaps, and a Kubernetes-targeting campaign linked to the Trivy supply-chain attack that deploys an Iran-checking wiper. Finally, Treasury seeks comments on expanding the terrorism risk insurance backstop (TRIP) to cover cyber losses.
Cybersecurity Today  would like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking stack, wired, wireless and cellular in one integrated solution that's built for performance and scale.  You can find them at Meter.com/cst
 
00:00 Sponsor Meter Intro
00:18 Headlines Preview
00:58 Retiring The APT Label
02:51 RSAC Floor Trends
05:08 FCC Router Ban
06:43 Zoom Calls Turned Podcasts
09:29 Iran Targeting Wiper
10:57 Cyber Terrorism Insurance Debate
13:15 Wrap Up And Thanks
13:44 Sponsor Meter Outro