Cybersecurity Today

This episode covers multiple active threats and security changes. It warns of an actively exploited critical BeyondTrust remote access vulnerability (CVE-2026-1731, CVSS 9.9) enabling pre-authentication remote code execution in Remote Support and Privileged Remote Access, noting SaaS was patched while on-prem deployments require urgent manual updates and may already be compromised. Microsoft details an evolution of the ClickFix social engineering technique where victims are tricked into running NSLookup commands that use attacker-controlled DNS responses as a malware staging channel, leading to payload delivery (including a Python-based RAT) and persistence via startup shortcuts, alongside increased Lumma Stealer activity. 
Cybersecurity Today  would like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking stack, wired, wireless and cellular in one integrated solution that's built for performance and scale.  You can find them at Meter.com/cst
Researchers also report Mac-focused campaigns abusing AI-generated content and malicious search ads to push copy-paste terminal commands that install an info stealer (MaxSync) targeting Keychain, browsers, and crypto wallets. T
The show describes fake recruiter campaigns targeting developers with coding tests containing malicious dependencies on repositories like NPM and PyPI, linked to the "Gala" operation and nearly 200 packages. Finally, it reviews NPM's authentication overhaul after a supply-chain worm incident—revoking classic long-lived tokens, moving to short-lived session credentials, encouraging MFA and OIDC trusted publishing—while noting remaining risks such as MFA phishing, non-mandatory MFA for unpublish, and the continued ability to create long-lived tokens.
00:00 Sponsor: Meter + Today's Cybersecurity Headlines
00:48 Urgent Patch: BeyondTrust Remote Access RCE (CVE-2026-1731) Actively Exploited
02:45 ClickFix Evolves: DNS Lookups (nslookup) Used as Malware Staging
04:34 Mac Malware via AI Search Results: Fake Terminal Commands Deliver Info-Stealer
06:08 Fake Recruiters, Real Malware: Coding Tests Poison Dev Environments
07:19 NPM Security Overhaul After Supply-Chain Worm—What's Better, What Still Risks
09:11 Wrap-Up, Thanks, and Sponsor Message

This special Valentine's Day episode of Cybersecurity Today examines romance scams (often called pig butchering) and how fraudsters exploit trust, vulnerability, and loneliness. 
Host Jim Love speaks with McAfee Head of Threat Research Abhishek Karnik  about new findings showing the scale and demographics of these scams, including widespread encounters with fake or AI-generated profiles, frequent financial solicitations, and that men are also heavily impacted. 
Cybersecurity Today  would like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking stack, wired, wireless and cellular in one integrated solution that's built for performance and scale.  You can find them at Meter.com/cst
The episode features survivor Beth Highland's detailed account of being manipulated via Tinder through long-term messaging, an AI video call, forged documents, and a crypto payout scheme that led her to send about $26,000 via Bitcoin ATMs before her financial advisor—trained in romance fraud—helped her recognize the scam and stop further losses, including a demanded $50,000 "activation fee." Beth discusses emotional aftereffects, stigma, reporting, red flags, and her book, "Diary of a Romance Scam: 
When Swiping Right Goes Wrong," along with her advocacy work. The conversation broadens to the role of AI in making scams more realistic (deepfakes, voice/video, document generation), the importance of privacy and not overposting, involving trusted family/advisors, institutional training and intervention points along the fraud "kill chain," and using technology and education to detect and reduce scams.
LINKS 
Beth Hyland's Book - Diary of a Romance Scam: When Swiping Right Goes Wrong
https://www.amazon.com/Diary-Romance-Scam-Swiping-Right/dp/1662962843

00:00 Sponsor: Meter's all-in-one networking stack
00:18 Valentine's Day on the dark side: heartbreak meets cybercrime
02:15 Romance scams ("pig butchering") are everywhere—who gets targeted
04:15 McAfee research: fake profiles, AI, and the real victim demographics
07:07 How scammers hook you: profiling, psychology, and long-game manipulation
09:01 Beth's story begins: post-divorce, isolation, and trying Tinder
10:36 The perfect match: mirroring, fast intimacy, and early red flags
14:32 AI video call + the push-pull breakup: emotional control tactics
17:09 The money trap: Qatar story, bank access, and Bitcoin ATM payments
23:34 The $50K "activation fee" and the wake-up call from a financial advisor
26:25 Cutting him off—and getting pulled back in by guilt and gaslighting
30:18 How to help victims: listening, tools, and where to get support
33:17 Turning pain into purpose: Beth's book and grieving a romance scam
34:47 Turning Pain Into Purpose: Supporting Romance-Scam Survivors
35:56 Stop Blaming Victims: Changing the Language Around Scams
38:38 "It Can Happen to Anybody": Why Smart People Get Hooked
40:58 Social Engineering 101: How Scams Exploit Different Emotions
42:14 Why McAfee Is Focusing on Consumer Scams (and the AI Factor)
45:43 AI Deepfakes & Low-Cost Tools: The New Scam Industrialization
49:19 Oversharing, Spearphishing & Replay Attacks: How Victims Get Retargeted
53:24 Practical Red Flags: Meeting in Person, Isolation Tactics, Family Checks
57:08 Training the "Kill Chain": Banks, Cashiers, Advisors & Early Intervention
01:00:33 Tech Fighting Tech: Detection, Identity Protection & Digital Assistants
01:02:57 What's Next: Agentic AI, Bigger Attack Surfaces & Trust-and-Safety by Design
01:08:03 Wrap-Up: Start the Conversation, Resources, and Final Thanks

This special Valentine's Day episode of Cybersecurity Today examines romance scams (often called pig butchering) and how fraudsters exploit trust, vulnerability, and loneliness. 
Host Jim Love speaks with McAfee Head of Threat Research Abhishek Karnik  about new findings showing the scale and demographics of these scams, including widespread encounters with fake or AI-generated profiles, frequent financial solicitations, and that men are also heavily impacted. 
Cybersecurity Today  would like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking stack, wired, wireless and cellular in one integrated solution that's built for performance and scale.  You can find them at Meter.com/cst
The episode features survivor Beth Highland's detailed account of being manipulated via Tinder through long-term messaging, an AI video call, forged documents, and a crypto payout scheme that led her to send about $26,000 via Bitcoin ATMs before her financial advisor—trained in romance fraud—helped her recognize the scam and stop further losses, including a demanded $50,000 "activation fee." Beth discusses emotional aftereffects, stigma, reporting, red flags, and her book, "Diary of a Romance Scam: 
When Swiping Right Goes Wrong," along with her advocacy work. The conversation broadens to the role of AI in making scams more realistic (deepfakes, voice/video, document generation), the importance of privacy and not overposting, involving trusted family/advisors, institutional training and intervention points along the fraud "kill chain," and using technology and education to detect and reduce scams.
LINKS 
Beth Hyland's Book - Diary of a Romance Scam: When Swiping Right Goes Wrong
https://www.amazon.com/Diary-Romance-Scam-Swiping-Right/dp/1662962843

00:00 Sponsor: Meter's all-in-one networking stack
00:18 Valentine's Day on the dark side: heartbreak meets cybercrime
02:15 Romance scams ("pig butchering") are everywhere—who gets targeted
04:15 McAfee research: fake profiles, AI, and the real victim demographics
07:07 How scammers hook you: profiling, psychology, and long-game manipulation
09:01 Beth's story begins: post-divorce, isolation, and trying Tinder
10:36 The perfect match: mirroring, fast intimacy, and early red flags
14:32 AI video call + the push-pull breakup: emotional control tactics
17:09 The money trap: Qatar story, bank access, and Bitcoin ATM payments
23:34 The $50K "activation fee" and the wake-up call from a financial advisor
26:25 Cutting him off—and getting pulled back in by guilt and gaslighting
30:18 How to help victims: listening, tools, and where to get support
33:17 Turning pain into purpose: Beth's book and grieving a romance scam
34:47 Turning Pain Into Purpose: Supporting Romance-Scam Survivors
35:56 Stop Blaming Victims: Changing the Language Around Scams
38:38 "It Can Happen to Anybody": Why Smart People Get Hooked
40:58 Social Engineering 101: How Scams Exploit Different Emotions
42:14 Why McAfee Is Focusing on Consumer Scams (and the AI Factor)
45:43 AI Deepfakes & Low-Cost Tools: The New Scam Industrialization
49:19 Oversharing, Spearphishing & Replay Attacks: How Victims Get Retargeted
53:24 Practical Red Flags: Meeting in Person, Isolation Tactics, Family Checks
57:08 Training the "Kill Chain": Banks, Cashiers, Advisors & Early Intervention
01:00:33 Tech Fighting Tech: Detection, Identity Protection & Digital Assistants
01:02:57 What's Next: Agentic AI, Bigger Attack Surfaces & Trust-and-Safety by Design
01:08:03 Wrap-Up: Start the Conversation, Resources, and Final Thanks

In this episode of Cybersecurity Today with host Jim Love, we discuss six critical exploited Microsoft vulnerabilities, new phishing tactics using your own servers, and a zero-click vulnerability in Claude's code desktop extensions. We also explore trends in modern romance scams highlighting the younger, tech-savvy adult targets. Tune in for expert insights and practical tips to stay secure. Special thanks to Meter for their support.
Hashtag Trending would like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking stack, wired, wireless and cellular in one integrated solution that's built for performance and scale.
You can find them at Meter.com/htt
00:00 Introduction and Sponsor Message
00:45 Microsoft Vulnerabilities: A Growing Concern
02:38 Phishing Attacks Using Your Own Servers
04:16 Zero-Click Vulnerability in Claude AI
06:25 Romance Scams: Not Just Targeting the Elderly
09:14 Conclusion and Weekend Edition Teaser

In this episode of Cybersecurity Today, host Jim Love discusses the increasing risks posed by unsupported edge devices in global infrastructure. Highlighted by a recent cyber incident in Poland's energy sector, edge devices are becoming critical vulnerabilities due to their role in network security. The Cybersecurity and Infrastructure Security Agency (CISA) has issued new advisories urging immediate action to update or remove unsupported edge devices. The episode also covers issues with Microsoft Exchange online wrongly flagging legitimate emails as phishing, Google's warning on post-quantum cybersecurity preparedness, and continuing exposures tied to the Open Claw security incident. Meter, a full-stack networking infrastructure provider, sponsors this episode.
Cybersecurity Today would like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking stack, wired, wireless and cellular in one integrated solution that's built for performance and scale.
You can find them at Meter.com/cst
00:00 Introduction and Sponsor Message
00:20 Unsupported Edge Devices: A Growing Risk
05:33 Microsoft Exchange Phishing False Positives
07:27 Google's Call for Post-Quantum Cybersecurity
09:49 Ongoing Open Claw Security Concerns
12:39 Conclusion and Sponsor Message