Cybersecurity Today

Alleged Canadian 'The Comm' Hacker Arrested, Interpol's Operation Synergia Takedown, Stryker Cyberattack Update and more..
Cybersecurity Today  would like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking stack, wired, wireless and cellular in one integrated solution that's built for performance and scale.  You can find them at Meter.com/cst
Host David Shipley covers new details on the alleged takedown of "Waifu," a Canadian hacker tied to the cybercrime group The Com, after a harassment campaign against investigator Allison Nixon helped lead to his identification and arrest; he now faces U.S. charges including extortion and unauthorized computer access. The episode also highlights Interpol's six-month Operation Synergia, a major international crackdown that disabled 45,000 malicious IPs and led to 94 arrests across 72 countries, targeting ransomware, phishing, and malware infrastructure. An update on Stryker describes an attack on its Microsoft corporate systems allegedly involving Intune to wipe over 200,000 devices, with Stryker saying connected medical devices and services remain safe while ordering and operations are disrupted. Finally, Poland reports it stopped an attempted hack on its National Center for Nuclear Research that may have Iranian links, though officials caution indicators could be misdirection.
00:00 Sponsor Meter Intro
00:19 Headlines And Welcome
00:50 Calm Hacker Takedown
02:49 Threats Against Researcher
04:21 Unmasking And Arrest
05:46 Interpol Operation Synergy
08:10 Stryker Intune Attack Fallout
12:56 Iran Cyber War Updates
13:43 Poland Nuclear Hack Attempt
16:14 Wrap Up And Thanks
16:52 Sponsor Meter Outro

Gemini in Google Workspace, Agentic AI, and Managing AI Anxiety (with Accenture's Krish Banerjee)
Cybersecurity Today  would like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking stack, wired, wireless and cellular in one integrated solution that's built for performance and scale.  You can find them at Meter.com/cst
In a special edition of Project Synapse shared with Cybersecurity Today, host Jim Love and co-host John Pinard (a VP and CSO at a Canadian financial institution) speak with Krish Banerjee, Accenture's managing director and partner leading AI in Canada. They discuss Google integrating Gemini into Workspace and how AI assistants like Gemini and Microsoft Copilot are converging, along with recent moves around agent platforms and the business models of AI, including Meta and Nvidia's evolving strategies and Nvidia's push toward enterprise agent infrastructure amid rapidly rising compute demand. The conversation explores why AI adoption lags capability, emphasizing task-based redesign, human-in-the-loop guardrails, and not "AI-washing" broken processes. They also address AI anxiety, training and culture change, impacts on education and jobs, and practical ways to use agents to stay informed and productive.
00:00 Sponsor Message
00:20 Show Intro and Guests
01:12 Gemini Comes to Workspace
03:38 AI Tool Leapfrogging
05:06 Agent Network Acquisitions
07:53 Nvidia Bets on Enterprise Agents
11:08 Why AI Adoption Lags
14:27 Agentic AI and Process Redesign
16:19 Security Guardrails and Human Oversight
24:05 Accenture Transformation and Training
26:55 AI Anxiety in the Workplace
30:22 Tasks Not Jobs
32:12 Outcome First Thinking
34:15 Personal AI Assistants
37:24 Building Agents Together
38:35 Executive Learning Curve
44:31 Kids And AI Natives
50:15 Critical Thinking And Trust
54:15 Company Advice Focus Value
55:58 Wrap Up And Sponsor

AI Agent Hacks McKinsey Chatbot in 2 Hours, NPM Phantom Raven, Router Malware & Trojaned AI Models
This episode covers how researchers at CodeWall used an autonomous AI security agent to gain read/write access to McKinsey's internal chatbot Lilli database in about two hours by chaining exposed APIs and an SQL injection, potentially exposing 46.5 million chats, 728,000 files, 57,000 accounts, and 95 system prompts, with McKinsey saying the issues were fixed and no unauthorized access was found. It also reports on the Phantom Raven supply-chain campaign that published 88 malicious NPM packages using a runtime-downloaded payload to steal developer system data like SSH keys and host details. A study warns that 83% of 800 million compromised passwords still meet complexity rules, highlighting credential-stuffing risk and the need for breach checks and MFA. The show notes 14,000+ routers infected with persistent malware often requiring factory resets plus hardening, and discusses Trojan backdoors embedded in AI models that trigger misbehavior under specific inputs, calling for new AI security testing and validation.
Cybersecurity Today  would like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking stack, wired, wireless and cellular in one integrated solution that's built for performance and scale.  You can find them at Meter.com/cst
00:00 Sponsor Meter Intro
00:20 Headlines And Welcome
00:55 AI Agent Hacks McKinsey Bot
03:44 Phantom Raven NPM Malware
05:55 Strong Passwords Still Leaked
07:55 Router Malware That Persists
09:36 Trojan Backdoors In AI Models
12:01 Call For AI Backdoor Research
12:30 Sponsor Meter Outro
13:13 Sign Off

This includes our regular Wednesday/Thursday segment but with an update from this breaking story on the attack on a large US medical company.

Fake Claude Code Installs, Arpa Phishing, Zombie ZIP Malware Evasion, and Iran/Israel Cyber Retaliation
This episode covers four major security stories: the "InstaFix" campaign using Google sponsored ads and cloned Claude Code install pages to trick developers into pasting terminal commands that deploy the TeraStealer credential-stealing malware; a phishing technique abusing the special-use .arpa domain and IPv6 reverse DNS to evade email and domain-based defenses, using attacker-controlled DNS zones, traffic distribution systems, and lures like surveys and account notices; the "Zombie ZIP" technique that manipulates ZIP headers to bypass AV/EDR scanning, tied to CVE-2026-0866 and demonstrated to evade most VirusTotal engines; and a surge in pro-Iranian and pro-Russian hacktivist retaliation targeting Israel and regional entities with DDoS, defacements, breach claims, and disinformation, alongside Israel's humorous counter-psychological video response.
Cybersecurity Today  would like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking stack, wired, wireless and cellular in one integrated solution that's built for performance and scale.  You can find them at Meter.com/cst
00:00 Sponsor Message Meter
00:19 Headlines And Intro
00:51 Fake Claude Install Scam
04:25 Arpa Domain Phishing
08:30 Zombie Zip Malware Trick
10:57 Cyber Retaliation Surge
13:44 Israel's PSYOP Video
14:25 Wrap Up And Sponsor