Cybersecurity Today

The episode recounts how GitGuardian security researcher Guillaume Valadon, while monitoring public GitHub for leaked secrets, discovered a publicly accessible repository labeled "CISA-Private" containing highly sensitive CISA materials, including internal DHS/CISA credentials, cloud keys, tokens, plaintext passwords, logs, and files such as "Important AWS Tokens" and a CSV listing usernames and passwords for internal systems. Believing a contractor likely used GitHub to move work from a work device to a home device, Valadon escalated via responsible disclosure to CERT, then involved journalist Brian Krebs to reach CISA faster when the repo remained public. 
After additional outreach, the repository was made inaccessible within about a day, and Valadon praises CISA's response speed. The discussion emphasizes widespread poor secret hygiene, governance, training, and the need for organizations to monitor, rehearse, and automate detection and revocation of leaked secrets.
Cybersecurity Today would like to thank Material Security for sponsoring this podcast. Material Security provides faster, more complete detection and response for email, identity, and data threats inside Google Workspace and Microsoft 365. You can contact them at material[dot]security.
00:00 Weekend Welcome Sponsor
00:27 CISA Secrets Leak Found
03:29 Calling Brian Krebs
05:06 Meet GitGuardian Researcher
07:26 Why Leaks Happen Everywhere
10:49 Inside the CISA Repo
13:19 Disclosure and Takedown
17:04 Lessons for Organizations
22:47 Aftermath and Thanks
24:36 Show Wrap Sponsor Outro

GitHub confirms a major supply chain breach after a malicious Visual Studio Code extension reportedly gave attackers linked to TeamPCP access to roughly 3,800 internal repositories. The bigger issue: developer workstations now hold some of the most sensitive secrets in modern software organizations.
Also today: Microsoft begins phasing out SMS-based authentication for personal accounts, calling text-message authentication a growing fraud risk as it shifts toward phishing-resistant passkeys. Researchers also disclose a nine-year-old Linux privilege escalation flaw, CVE-2026-46333, nicknamed SSH-Keysign-Pwn, which can allow root-level access with local machine access. And Proton publicly threatens to leave Canada rather than comply with proposed surveillance legislation it says would undermine its no-logs privacy promise.
Cybersecurity Today would like to thank Material Security for sponsoring this podcast. Material Security provides faster, more complete detection and response for email, identity, and data threats inside Google Workspace and Microsoft 365. You can contact them at material[dot]security.
If cybersecurity, privacy, and digital infrastructure matter to your business, this is the daily briefing you need.

Timestamps:
00:00 Top Stories Rundown
00:24 GitHub Supply Chain Breach
01:09 Developer Workstations at Risk
02:31 Microsoft Ditches SMS MFA
04:15 Linux Root Escalation Flaw
06:11 Proton vs Canada Surveillance Bill
08:03 Wrap Up and Sign Off
#cybersecurity #github #microsoft #linux #protonvpn #privacy #databreach #supplychainattack #infosec #cybernews

A serious new Windows 11 BitLocker vulnerability, open-sourced offensive malware tools, a suspected Iranian cyber campaign targeting U.S. fuel infrastructure, and malware that appears designed to interfere with nuclear weapons simulation systems.
 Cybersecurity Today would like to thank Material Security for sponsoring this podcast. Material Security provides faster, more complete detection and response for email, identity, and data threats inside Google Workspace and Microsoft 365. You can contact them at material[dot]security.
David Shipley breaks down four major cybersecurity stories on Cybersecurity Today. First, a newly disclosed zero-day dubbed YellowKey reportedly defeats default Windows 11 BitLocker protection on systems using TPM-only encryption, giving attackers with physical access a path to unencrypted data through the Windows Recovery Environment. Microsoft is investigating, while security experts are urging stronger BitLocker configurations.
The episode also examines the TeamPCP threat group's decision to release offensive tooling publicly, dramatically lowering the barrier for copycat supply-chain attacks. Researchers have already spotted malicious NPM packages borrowing similar techniques, including persistence mechanisms aimed at developer environments such as Visual Studio Code and Claude Code.
David also looks at disturbing analysis of the FAST16 malware, which researchers believe was engineered to tamper with nuclear weapons simulation software including LS-DYNA and AutoDyn. And finally, U.S. officials reportedly suspect Iranian actors in cyberattacks targeting internet-exposed gas station automatic tank gauge systems, a reminder that weak operational technology security can quickly become a real-world infrastructure problem.
00:00 Sponsor Message
00:24 Headlines Overview
00:50 BitLocker Zero Day
03:32 TeamPCP Tools Leak
06:13 Copycat NPM Malware
06:50 Fast16 Nuclear Sabotage
08:37 Iran Gas Station Hacks
10:28 Hardening Critical Infrastructure
11:16 Wrap Up And Events
11:59 Sponsor Deep Dive
#Cybersecurity #Windows11 #BitLocker #ZeroDay #TeamPCP #IranCyberAttack #SupplyChainAttack #CriticalInfrastructure #CyberSecurityToday

A dangerous new Microsoft Exchange zero-day is being actively exploited, ransomware gangs are adopting nation-state-style tactics, two fired contractors were caught deleting U.S. government databases after accidentally recording themselves on Microsoft Teams, and Fortinet has patched critical remote code execution flaws.
In this episode of Cybersecurity Today, David Shipley breaks down four major cybersecurity stories that security teams need to know.
Cybersecurity Today would like to thank Material Security for supporting this podcast.  Material security provides. faster, more complete detection and response for email, identity, and data threats inside Google Workspace and Microsoft 365.  Contact them at  material[dot]security 

Microsoft has confirmed active exploitation of a new Exchange Server zero-day, CVE-2026-42897, affecting Exchange Server 2016, Exchange Server 2019, and Exchange Subscription Edition. There is currently no patch, only mitigations through the Exchange Emergency Mitigation Service, with some trade-offs for Outlook Web App users.
Security researcher Marcus Hutchins highlights an unusually disciplined ransomware affiliate operation using tradecraft more commonly associated with nation-state attackers, including a custom SentinelOne endpoint detection and response (EDR) killer and a stripped-down toolset designed to leave fewer forensic traces.
In one of the more astonishing insider threat stories of the week, former OPEX Corporation contractors Muneeb and Sohaib Akhtar were allegedly caught deleting 96 U.S. government databases after leaving a Microsoft Teams recording running.
Also in this episode: Fortinet has released urgent patches for critical unauthenticated remote code execution vulnerabilities in FortiAuthenticator (CVE-2026-44277) and FortiSandbox (CVE-2026-26083).
If you're responsible for enterprise security, patch management, incident response, or cyber risk, this is one you need to see.
Chapters:
00:00 Sponsor Message
00:24 Headlines Intro
00:49 Ransomware Nation-State Discipline
04:18 Exchange Zero-Day Mitigation
07:01 Fired Contractors Caught Recording
09:21 Fortinet Critical Vulnerabilities
11:07 Wrap Up and Sign Off
11:38 Sponsor Deep Dive Ad
#Cybersecurity #MicrosoftExchange #ZeroDay #Ransomware #Fortinet #CyberAttack #Infosec #DavidShipley #CybersecurityToday

David Shipley interviews Jon Ferguson, VP at CIRA, about how the Canadian Internet Registration Authority evolved from early paper-based .ca registrations at UBC into a 142-person, member-based not-for-profit running .ca and authoritative Anycast DNS infrastructure now supporting 550+ TLDs globally. Ferguson explains how .ca's Canadian presence requirements help keep abuse rates low, and how CIRA reinvests surpluses into grants and cybersecurity tools, including Canadian Shield (DNS-based malware/phishing blocking and encrypted DNS with limited data retention) used by about 500,000 people and generating about 20 million blocks per month. They discuss CIRA's focus on municipalities, schools, hospitals, and universities, its move into endpoint security and a managed detection and response partner program with Calian, and concerns about AI-driven threats, online harm, and rebuilding trust and real-world connection.
00:00 Weekend Show Kickoff
01:30 Jon's Cyber Journey
03:06 Inside CIRA DNS Role
04:59 What Is CIRA
07:23 Origin Story Of Dot Ca
13:01 Anycast DNS Explained
16:27 Canadian Shield DNS Firewall
22:21 Serving Public Sector Needs
26:18 Endpoint And MDR Expansion
35:05 Mission Over Money
40:39 What Keeps Him Up
46:19 Hope And Balance Online
50:55 Wrap Up And Thanks