PodcastsEconomía y empresaCybersecurity Today

Cybersecurity Today

Jim Love
Cybersecurity Today
Último episodio

457 episodios

  • Cybersecurity Today

    AI Export Controls, FortiBleed, Third-Party Breaches & CISO Burnout | Cybersecurity Today Panel

    11/07/2026 | 1 h 1 min
    Can governments decide who gets access to advanced AI models? Are third-party breaches becoming impossible to control? And why are so many CISOs reaching burnout?
    In this special Cybersecurity Today Month in Review Panel, host Jim Love is joined by cybersecurity experts Laura Payne, David Shipley, and Mike Kim (Mycroft) to examine the biggest cybersecurity stories and trends from June 2026.
    The panel explores the controversy over U.S. export controls on Anthropic's Mythos and Fable AI models, what they reveal about digital sovereignty, and whether governments should be able to restrict access to frontier AI. They also discuss the continuing wave of third-party breaches, including Salesforce ecosystem compromises and the Clue breach, and why organizations must move beyond compliance toward practical risk management.
    The conversation examines FortiBleed, exposed administrator portals, credential reuse, and the difficult balance between software flaws, operational mistakes, and secure-by-default design. The panel also tackles one of cybersecurity's biggest human challenges: CISO burnout, executive accountability, organizational culture, and what separates successful security leaders from those set up to fail.
    The episode concludes with encouraging developments in international cybercrime enforcement, including Operation Riptide, and why better intelligence sharing and improved operational security are making it harder for cybercriminals to hide.
    Whether you're a CISO, security practitioner, IT leader, or simply interested in the rapidly changing cybersecurity landscape, this discussion offers practical insight into the trends shaping the industry.
    Panel
    Jim Love (Host)
    Laura Payne
    David Shipley
    Mike Kim (Mycroft)
    Topics covered
    AI export controls and digital sovereignty
    Anthropic Mythos and Fable
    Third-party and supply chain risk
    Salesforce ecosystem security
    FortiBleed and Fortinet security
    Secure-by-default strategies
    CISO burnout and executive accountability
    Operation Riptide
    Cybercrime investigations
    Security leadership and governance
    Chapters
    00:00 Sponsor NordLayer
    00:38 Meet the Panel
    02:40 Author Scam Warning
    04:51 Emotion Is the Target
    08:47 AI Model Export Controls
    10:01 Hype vs Real AI Security
    15:01 Sovereignty and Dependency
    20:35 Governments Push Back
    24:14 AI Internal Voice Risks
    26:12 Third Party Breach Fatigue
    30:05 Compliance Limits on Risk
    32:15 Blame Game to Risk Focus
    33:18 Standards and Priorities
    33:39 When Security Vendors Fail
    34:35 FortiBleed Numbers Explained
    35:44 Process Failures vs Bugs
    37:32 Why Fortinet Gets Heat
    39:05 Secure by Default Basics
    41:04 Budget Reality and Culture
    44:36 CISO Burnout and AI Pressure
    46:16 Liability and Shared Ownership
    50:12 What Great CISOs Do
    53:07 Operation Riptide Wins
    56:10 Deterrence and Due Process
    58:14 Sharing Intel for ROI
    59:09 Hopium and Wrap Up
    01:00:46 Sponsor NordLayer Message
  • Cybersecurity Today

    A questionable breach, bad routers at home and at work and AI gives defenders a win

    10/07/2026 | 12 min
    This episode covers a hacker's claim of stealing 35GB from Accenture—including source code, Azure personal access tokens, RSA keys, and SSH keys—while Accenture calls it an isolated, remediated matter, leaving uncertainty about potential downstream risk to its Fortune 500-heavy client base.
     
    It also highlights a deepfake image of Senator Mitch McConnell debunked after Google's invisible SynthID watermark identified it as AI-generated, noting watermarking depends on tool participation.
     
    The show warns of an undocumented Tenda router firmware backdoor using an alternate password ("RZadmin") with no patch available, and reports Ubiquiti fixes for seven critical UniFi OS vulnerabilities, including a max-severity command injection in UniFi Connect.
     
    Finally, it describes how Venture Employer Solutions used ML/LLMs to filter low-value logs before SIEM ingestion, cutting firewall log volume 83%, saving about $250K annually, and halving mean time to response.
     
    00:00 Sponsor NordLayer
    00:37 Headlines Intro
    01:08 Accenture Breach Claim
    04:25 Deepfake Watermark Win
    05:47 Tenda Router Backdoor
    07:22 UniFi Critical Fixes
    09:10 AI Cuts Log Noise
    11:09 Wrap Up And Thanks
    11:41 Sponsor Message
  • Cybersecurity Today

    Scattered Spider squashed, Rogue Agent AI flaw, 16 year-old Linux bug and new phish hunts marketers

    08/07/2026 | 13 min
    Cybersecurity Today host David Shipley covers how a newly unsealed U.S. complaint tied an alleged Scattered Spider member to a luxury retailer intrusion using a persistent Windows device ID, with prosecutors alleging help-desk social engineering, admin account takeover, data exfiltration, and an $8 million ransom demand; the episode also notes additional Scattered Spider-related guilty pleas in the U.K. and U.S.
     
    The show reports Google patched "Rogue Agent," a Dialogflow CX permission-boundary issue involving Python code blocks in Cloud Run that could enable data theft or credential prompts across agents in a shared project.
     
    It details "Janus Escape" (CVE-2026-53359), a 16-year-old Linux KVM use-after-free enabling guest-to-host escapes in cloud environments, patched in June.
     
    The show explores Apple's shift to out-of-band security updates due to AI-accelerated exploitation, and a multi-platform redirect phishing campaign using fake job interviews and browser-in-browser Google login prompts targeting marketers' Google accounts.


    00:00 Sponsor NordLayer
    00:36 Headlines Intro
    01:03 Scattered Spider Traced
    03:16 More Spider Arrests
    04:31 Google Rogue Agent
    06:24 Linux Janus Escape
    08:04 Apple Patching Shift
    10:04 Marketer Phish Chain
    12:17 Wrap Up Thanks
    12:53 Sponsor Message
  • Cybersecurity Today

    AI-Run Ransomware, New Oracle Critical Flaw, NetNut busted

    06/07/2026 | 14 min
    AI-Run Ransomware, New Oracle 9.8 Flaw Exploited, NetNut Proxy Network Busted, and Pegasus Hits EU Spyware Investigator
     
    This episode covers researchers' report of "Jade Puffer," the first ransomware attack run end-to-end by an autonomous AI agent, which exploited a patched Langflow RCE (CVE-2025-3248) but showed flaws like weak AES-128 ECB encryption and an unusable key.
     
    It also warns of active exploitation of a critical Oracle Payments vulnerability (CVE-2026-46817, CVSS 9.8) alongside ongoing fallout from a separate PeopleSoft zero-day (CVE-2026-35273) used by ShinyHunters/UNC6240.
     
    A joint operation involving Google disrupted the NetNut residential proxy botnet, affecting millions of hijacked devices.
     
    Researchers detail a likely $1M extortion-only payment tied to Union County, Ohio, and Citizen Lab reports EU lawmaker Stelios Kouloglou was hacked with Pegasus during spyware-abuse investigations via a HomeKit zero-day.
     
    00:00 Today's Cyber Headlines
    00:55 AI Agent Ransomware Debut
    03:32 Oracle Payments Under Attack
    06:00 NetNut Proxy Network Takedown
    08:29 Million Dollar Data Extortion
    10:50 Pegasus Hits EU Investigator
    12:48 Wrap Up and Sign Off
  • Cybersecurity Today

    Teams battles bots, Bioshocking AI browser guardrails, Fortibleed fuels ransomware

    03/07/2026 | 10 min
    Teams cracks down on meeting bots, AI guardrails get bypassed, FortiBleed fuels ransomware, and Nissan confirms PeopleSoft breach
     
    Microsoft rolls out a new Teams admin policy, "Manage External Bots and Their Access to Meetings," to detect third‑party bots, hold them in the lobby with labels, and require organizer approval, with future allow lists, full blocks, reports, and audit logs planned.
     
    Anthropic's Fable 5 returns globally after U.S. export controls are lifted, though higher‑risk requests may be routed to weaker models and Mythos restrictions remain, with Commerce reserving the right to reimpose controls.
     
    Researchers describe "Bioshocking," tricking AI browsers into abandoning guardrails via delusional puzzle prompts, while Adversa AI's "Guardfall" shows how Bash text rewriting can bypass command filters in many coding agents.
     
    SOC Radar links FortiBleed credential theft to InkRansom and Lynx ransomware activity across hundreds of FortiGate portals. Nissan confirms employee data theft tied to a PeopleSoft zero‑day campaign linked to ShinyHunters.
     
    00:00 Today's Cyber Headlines
    00:27 Teams Blocks Meeting Bots
    01:58 Anthropic Fable Returns
    03:22 Bioshocking Browser Attack
    05:09 Guardfall Shell Bypass
    06:51 FortiBleed Fuels Ransomware
    07:59 Nissan PeopleSoft Breach
    10:10 Wrap Up And Sign Off
Más podcasts de Economía y empresa
Acerca de Cybersecurity Today
Updates on the latest cybersecurity threats to businesses, data breach disclosures, and how you can secure your firm in an increasingly risky time.
Sitio web del podcast

Escucha Cybersecurity Today, The Diary Of A CEO with Steven Bartlett y muchos más podcasts de todo el mundo con la aplicación de radio.net

Descarga la app gratuita: radio.net

  • Añadir radios y podcasts a favoritos
  • Transmisión por Wi-Fi y Bluetooth
  • Carplay & Android Auto compatible
  • Muchas otras funciones de la app
Cybersecurity Today: Podcasts del grupo