Cybersecurity Today

A massive cybersecurity week.
On this episode of Cybersecurity Today, David Shipley breaks down the reported breach of Instructure's Canvas learning platform, where attacks linked to the ShinyHunters extortion group may have exposed data tied to up to 275 million user accounts across more than 9,000 educational institutions. The incident disrupted access, delayed exams, and forced Instructure to disable its "Free for Teacher" program after attackers allegedly used it to post extortion messages.
Also in this episode: the Gentlemen ransomware group suffers a major internal leak, exposing affiliate chats, tooling, victim data, and operational details — a rare look inside a live ransomware operation.
Then, General Motors agrees to a $12.75 million California settlement over allegations involving OnStar-linked driver data collection and sharing, raising fresh questions about privacy in connected vehicles.
And finally: security researchers report what appears to be the first documented AI-assisted operational technology (OT) cyberattack attempt targeting a water utility in Monterrey, Mexico. The attempt failed to reach industrial control systems, but combined with confirmed attacks on water infrastructure in Poland, it signals a worrying shift in critical infrastructure threats.
If you work in cybersecurity, IT, infrastructure, education, or privacy, this episode matters.
Chapters
00:00 Top Headlines Rundown
00:41 Canvas Mega Breach
02:44 ShinyHunters Background
03:26 Ransom Pressure Fallout
04:25 Gentlemen Ransomware Leak
05:18 Inside the Data Dump
06:18 GM OnStar Privacy Settlement
08:17 What Drivers Should Know
09:39 AI Meets OT Attacks
11:52 Monterrey Water Near Miss
13:29 Poland Water Systems Hit
15:07 Defending Critical Infrastructure
16:29 Wrap Up And Thanks
#Cybersecurity #Canvas #ShinyHunters #Ransomware #OnStar #GeneralMotors #DataBreach #CriticalInfrastructure #WaterUtility #OperationalTechnology #ICS #CyberAttack #Privacy #DavidShipley #CybersecurityToday

This week's panel dives into the cybersecurity stories that matter most for security leaders, IT teams, and anyone watching how AI is changing risk.
Jim Love is joined by David Shipley (Beauceron Security), Laura Payne (White Tuque), and Jeff Williams (Contrast Security).
Cybersecurity Today would like to thank Material Security for supporting this podcast.  Material security provides. faster, more complete detection and response for email, identity, and data threats inside Google Workspace and Microsoft 365.  Contact them at  material[dot]security 

Topics include:
Anthropic's Mythos AI security research and whether large language models can realistically replace traditional vulnerability testing
Why "vibe coding" may be creating a wave of insecure software
The growing risk of autonomous AI agents making damaging decisions
The massive Instructure Canvas data breach affecting schools, students, and educators
Alberta's voter list privacy failure and what it says about public sector data protection
Microsoft's warning about the rapid surge in QR code phishing attacks bypassing traditional email security
AI is accelerating software development. It may also be accelerating software insecurity.
If your organisation is experimenting with AI coding tools, AI agents, or automated application development, this conversation is worth your time.
#Cybersecurity #AI #DataBreach #QRPhishing #ApplicationSecurity #VibeCoding #Canvas #CyberSecurityToday #JimLove
00:00 Sponsor Message
00:22 Meet the Panel
00:55 Jeff Williams Introduction
02:21 AI Bug Hunting with Mythos
05:40 Cost and Limits of AI Security Testing
10:16 The Vibe Coding Security Problem
13:24 Context Window and Data Flow Limits
16:59 Spec-Driven AI Development
18:29 Software Liability and EU Regulation
24:47 When AI Agents Go Rogue
27:05 Trust in the AI Era
28:24 Enterprise Reality Check
29:03 Critical Thinking vs AI
30:31 Testing AI Agents Safely
31:30 Canvas Data Breach Fallout
34:45 Real-World Data Harm
38:00 Liability and Attack Methods
41:39 Alberta Voter List Privacy Failure
48:56 Government Breach Lessons
51:26 QR Code Phishing Surge
55:00 Wrap Up and Sponsor

In this special edition of Cybersecurity Today, David Shipley speaks with scam-fighting expert Erin West about the global fraud crisis, the rise of AI-powered scams, and why traditional law enforcement may be falling behind.
Cybersecurity Today would like to thank Material Security for supporting this podcast.  Material security provides faster, more complete detection and response for email, identity, and data threats inside Google Workspace and Microsoft 365.  Contact them at  material[dot]security 
From David's discussion with Erin West:
The numbers are staggering.
The FBI's Internet Crime Complaint Center reported more than $21 billion in cybercrime losses, but experts say actual losses could be dramatically higher because most victims never report fraud.
Other key points of their discussion:
Why pig butchering scams continue to grow globally
How criminal operations are moving from Cambodia to Myanmar, Laos, Sri Lanka and beyond
Why AI is making scam operations faster, cheaper and harder to detect
The controversy around Meta and scam advertising revenue
Why crypto ATMs remain a major fraud tool
How cloned celebrity voices are being used in romance and impersonation scams
Why banks, law enforcement, governments and tech platforms must act together
How Operation Shamrock is trying to fight back through public education
This is not just a story about money.
It's about organized crime, industrial-scale fraud, and ordinary people being manipulated through trust, loneliness, and increasingly sophisticated technology, featuring scam-fighting prosecutor and Operation Shamrock founder Erin West.
#Cybersecurity #Scams #Meta #OnlineFraud #AI #Cybercrime #PigButchering #CryptoScams #FacebookScams #CybersecurityToday

QR-code phishing is no longer a niche attack. Microsoft says QR phishing attacks jumped from 7.6 million in January to 18.7 million in March 2026 — a 146% increase in just three months. In this episode of Cybersecurity Today, David Shipley explains why QR-based attacks are bypassing traditional corporate defences and why security teams need to rethink phishing awareness immediately.
We also cover a critical new Apache HTTP Server vulnerability with both denial-of-service and potential remote code execution impacts, a sustained DDoS and extortion campaign targeting Ubuntu developer Canonical, and a remarkable case in Taiwan where a university student allegedly used software-defined radio gear to trigger emergency braking on four high-speed trains.
Finally, CISA's new "CI Fortify" guidance urges critical infrastructure operators to prepare for scenarios where they may need to disconnect from the internet and continue operating manually during a geopolitical cyber crisis.
Cybersecurity Today would like to thank Material Security for supporting this podcast.  Material security provides. faster, more complete detection and response for email, identity, and data threats inside Google Workspace and Microsoft 365.  Contact them at  material[dot]security 
Stories include:
• Microsoft reports QR phishing attacks surged 146% in Q1 2026
• Apache HTTP Server CVE-2026-23918 urgent patch warning
• Ubuntu developer Canonical hit by ongoing DDoS and extortion campaign
• Taiwanese student allegedly halts high-speed trains with fake emergency radio signal
• CISA tells critical infrastructure operators to prepare for isolation and manual operations
Chapters:
00:00 Intro
01:02 QR phishing explodes in Q1 2026
06:15 Critical Apache HTTP Server flaw patched
09:15 Ubuntu maintainer Canonical hit by extortion DDoS attack
14:25 Taiwanese student wirelessly halts high-speed trains
20:32 CISA warns critical infrastructure to prepare for isolation
26:10 Closing thoughts

Microsoft Defender Deletes Trusted Certificates | 44,000 cPanel Servers Hit by Ransomware
Microsoft Defender mistakenly flagged legitimate DigiCert root certificates as malware and removed them from Windows systems, breaking trust chains and causing widespread application failures. The issue was traced to a faulty detection signature (Trojan:Win32/CertyAgent), now fixed in update version 1.449.430.0. 
At the same time, DigiCert confirmed a separate security incident where attackers compromised support systems and used internal tools to issue valid code-signing certificates. At least 60 certificates were revoked, including 27 linked to the Zong Stealer malware campaign. 

Meanwhile, a critical cPanel vulnerability (CVE-2026-41940) is being actively exploited. Attackers used the flaw as a zero-day since February, compromising at least 44,000 servers and deploying new SORI ransomware using ChaCha20 and RSA-2048 encryption. 
Also in this episode:

The Linux "Copyfail" privilege escalation bug is now confirmed exploited and added to CISA's Known Exploited Vulnerabilities list

A 10/10 critical vulnerability (CVE-2026-37541) in Open Vehicle Monitoring System could allow remote code execution in connected car environments

This episode breaks down how these attacks work, why patch timing matters, and where organizations are most exposed right now.
Cybersecurity Today would like to thank Material Security for supporting this podcast.  Material security provides. faster, more complete detection and response for email, identity, and data threats inside Google Workspace and Microsoft 365.  Contact them at  material[dot]security 
Suggested Chapters (for retention and SEO)
00:00 Microsoft Defender deletes trusted certificates
02:20 DigiCert breach and stolen code-signing certificates
05:20 cPanel zero-day exploited, 44,000 servers compromised
08:40 Linux Copyfail vulnerability now actively exploited
10:40 Critical flaw in open-source car software