Cisco Patches Async OS Bug

Critical Security Flaws Patched by Cisco and Fortinet Amidst Recent Cyber Threats In this episode of Cybersecurity Today, host David Chipley covers several pressing cybersecurity issues. Cisco has patched a maximum severity zero-day vulnerability in its Async OS software, which has been exploited by a Chinese state-linked group. Fortinet has also addressed a critical vulnerability in its 40 Seam product, which is being actively exploited in the wild. The Dutch National Police are still recovering from a Citrix breach, emphasizing the need for modern infrastructure. Meanwhile, a spear-phishing campaign targeting US organizations uses Venezuela-themed lures. The episode wraps up with a discussion on a recent study revealing that training AI to produce insecure code can lead to broader problematic behaviour. Cybersecurity Today would like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking stack, wired, wireless and cellular in one integrated solution that's built for performance and scale. You can find them at Meter.com/cst 00:00 Introduction and Sponsor Message 00:46 Cisco Patches Critical Async OS Bug 02:26 Fortinet Vulnerability Exploited in the Wild 04:04 Dutch National Police and Aging IT Infrastructure 05:55 Spear Phishing Campaign with Venezuelan Lure 07:54 AI Writing Buggy Code: Unexpected Consequences 10:21 Conclusion and Final Thoughts

Building Secure Software with Tanya Janca: From Coding to Cybersecurity Advocacy In this episode of Cybersecurity Today, host Jim Love interviews Tanya Janca, also known as She Hacks Purple, a renowned Canadian application security expert and author. Tanya shares her journey from a software developer and musician to becoming a penetration tester and cybersecurity advocate. She discusses her work in training developers on secure coding practices and application security, emphasizing the need for integrated security training in academic programs and the software development lifecycle. Tanya also talks about the challenges women face in the cybersecurity field and her efforts to empower underrepresented groups through initiatives like WOsec and We Hack Purple. Sponsored by Meter, this episode dives deep into the importance of building security into software development and the potential role of AI in improving code security. 00:00 Introduction and Sponsor Message 00:18 Meet Tanya Janca: The Journey Begins 01:05 From Developer to Pen Tester 03:14 Empowering Women in Cybersecurity 13:11 Challenges in Academia and Training 19:18 The Need for Secure Coding 21:22 Challenges in Medical Device Security 22:18 The Economics of Open Source 24:43 Building Security into Development 26:14 Training and Cultural Shifts 32:33 AI and Secure Coding 39:03 Incident Response and Preparedness 39:54 Final Thoughts and Future Directions

Cybersecurity Challenges: Data Privacy Failures, AI Risks, and New Malware Threats In this episode of Cybersecurity Today, host David Shipley covers a range of pressing issues. The discussion kicks off with Staples Canada reselling laptops without wiping customer data, highlighting loopholes in Canada's privacy laws. Next, David delves into a new class of attacks known as 'Reprompt' that target Microsoft Co-pilot, exposing vulnerabilities in large language models. The episode also explores a critical flaw in ServiceNow's virtual agent that allowed attackers to impersonate legitimate users, emphasizing the importance of robust identity verification. Lastly, a newly discovered advanced Linux malware framework designed for cloud environments is dissected, pointing to evolving threats that leverage customer mistakes. The episode concludes with a call to address these problems through better people, processes, and cultural practices. Cybersecurity Today would like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking stack, wired, wireless and cellular in one integrated solution that's built for performance and scale. You can find them at Meter.com/cst 00:00 Introduction and Sponsor Message 00:48 Staples' Privacy Lapse: A Recurring Issue 03:03 Microsoft Co-pilot Vulnerability: Reprompt Attack 05:22 ServiceNow's AI Vulnerability: Authentication Gaps 07:02 Advanced Linux Malware: A Cloud-First Threat 08:46 Conclusion and Key Takeaways 09:37 Closing Remarks and Sponsor Acknowledgment

Cybersecurity Today: Credit Card Skimming, Valley Rat Malware, WhatsApp Exploit & AI Defenses In this episode of Cybersecurity Today, hosted by Jim Love, we explore several critical cybersecurity threats and advancements. We cover a massive credit card skimming campaign active since early 2022, a severe bug in HPE OneView, the stealthy Valley Rat malware, and a potential zero-click exploit in WhatsApp. Additionally, we delve into AI-driven advancements in cybersecurity defense being developed at US National Laboratories. Stay informed and vigilant with the latest insights in cybersecurity. 00:00 Introduction and Sponsor Message 00:48 Credit Card Skimming Campaign Uncovered 02:49 Critical Vulnerability in HPE OneView 04:16 Valley Rat Malware Threat 06:22 Suspected Zero-Day Vulnerability in WhatsApp 08:29 AI-Powered Cyber Defenses in US National Labs 10:08 Conclusion and Sponsor Message

In this episode of Cybersecurity Today, host David Shipley covers the FBI's warning about North Korean state-sponsored QR code phishing campaigns targeting U.S. organizations. Additionally, he discusses Europol's arrest of 34 individuals in Spain tied to the infamous Black Acts crime syndicate and the uncertainty surrounding CISA's pre-ransomware notification initiative after the departure of its lead developer. Stay informed with the latest in cybersecurity news and learn how to protect yourself and your organization from emerging threats. Cybersecurity Today would like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking stack, wired, wireless and cellular in one integrated solution that's built for performance and scale. You can find them at Meter.com/cst 00:00 Introduction and Sponsor Message 00:20 FBI Warns of QR Code Phishing 04:44 Europol's Major Crackdown on Black Acts 07:11 Uncertainty Over Ransomware Alerts Program 09:41 US Withdraws from Cybersecurity Organizations 10:25 Conclusion and Final Thoughts

In this episode of Cybersecurity Today, brought to you by Meter, we review key events and stories from the past few weeks. Join host Jim along with experts Tammy Harper from Flair, Laura Payne from White Tuque, and David Shipley from Beauceron Security as they discuss major cybersecurity events that unfolded over the holidays, including the MongoDB vulnerability 'Mongo Bleed', the compromises at Rainbow Six Siege, and the ethical implications of hacktivism. The panel also explores the complexities of AI in cybersecurity, the vulnerability of critical infrastructure, and the dichotomy between ethical hacking and cybercrime in the industry. As always, we emphasize the intersection of cybersecurity with people, processes, and our daily lives. Cybersecurity Today would like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking stack, wired, wireless and cellular in one integrated solution that's built for performance and scale. You can find them at Meter.com/cst 00:00 Introduction and Sponsor Message 00:20 Panel Introduction and Holiday Recap 02:26 MongoDB Vulnerability: Mongo Bleed 05:15 AI and Responsible Disclosure 16:20 Gaming Security: Rainbow Six Siege Hack 20:13 Video Games and Malware Risks 24:54 Fake Video Propaganda and Infrastructure Attacks 25:48 The Dilemma of Cybersecurity Censorship 26:34 Deepfakes and Cognitive Warfare 27:37 Cyber Operations and Infrastructure Vulnerability 34:42 The Role of Private Companies in Cyber Conflicts 36:19 Internal Threats in Cybersecurity 43:20 Hacktivism: Ethics and Boundaries 49:03 Conclusion and Final Thoughts

Cybersecurity Today: Sideloaded App Issues, Fake Blue Screen Attacks, and Rising Ransomware Threats In this episode of Cybersecurity Today, host Jim Love discusses HSBC blocking sideloaded apps with its banking app, new social engineering attacks using fake Windows blue screens to install malware, and the discovery of long-standing compromised Chrome extensions. Additionally, a new report reveals a significant rise in ransomware victims in 2025 despite major takedowns of ransomware groups. Special thanks to Meter for their support. 00:00 Introduction and Sponsor Message 00:21 HSBC Blocks Sideloaded Apps 02:44 Fake Blue Screen of Death Malware 04:49 Compromised Chrome Extensions 06:33 Ransomware Trends in 2025 08:33 Conclusion and Sponsor Message

In this episode of Cybersecurity Today, host Jim Love discusses the latest in cybersecurity threats including the rapidly growing Kim Wolf botnet affecting millions of devices, the rising threats to file-sharing environments, and the intersection of cybercrime with physical supply chains. He also covers an audacious hacktivist takedown of white supremacist websites. Tune in to learn about the evolving landscape of cybersecurity and practical measures you can take to protect your systems. Thank you to our sponsor Meter for supporting this podcast. Cybersecurity Today would like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking stack, wired, wireless and cellular in one integrated solution that's built for performance and scale. You can find them at Meter.com/cst 00:00 Introduction and Sponsor Message 00:21 Kim Wolf Botnet: A Growing Threat 04:07 Mitigation Strategies for Kim Wolf 05:22 Corporate Data Breaches: Zestix and ShareFile 07:48 Cyber-Enabled Cargo Theft: The Lobster Heist 09:44 Hacktivism: Root Takes Down White Supremacist Sites 11:46 Conclusion and Contact Information

In this episode of 'Cybersecurity Today', host David Shipley discusses significant cyber events and their implications. The podcast explores hints by President Donald Trump regarding the use of cyber tactics in a U.S. operation that resulted in a power outage in Venezuela. The episode also delves into the April 2025 data breach at Nova Scotia Power, detailing the company's efforts to keep incident specifics confidential and the extensive recovery measures taken. Lastly, it updates listeners on the Trust Wallet compromise linked to the Sha-Hulud supply chain attack, elucidating how the breach occurred and its aftermath. The episode underscores the growing cyber threat landscape and the critical need for enhanced cybersecurity measures. 00:00 Introduction and Sponsor Message 00:46 US Cyber Operations in Venezuela 03:13 Implications for Cybersecurity Professionals 04:37 Nova Scotia Power Breach Details 08:52 Trust Wallet Hack Update 10:46 Conclusion and Final Thoughts

In this episode, host Jim Love discusses the importance of cybersecurity awareness and training, featuring insights from Michael Joyce of the Human-Centric Cybersecurity Partnership at the University of Montreal and David Shipley of Beauceron Security. They explore the impact of cybersecurity awareness programs, the decay of sustained vigilance post-training, and the nuances between phishing reporting and clicking behaviors. The conversation also critiques recent research claims that question the efficacy of phishing training, emphasizing the need for continuous, empirically supported approaches in cybersecurity education. The episode highlights the value of balanced, layered defenses involving both technical solutions and informed user behavior. 00:00 Introduction and Podcast Announcement 00:14 Sponsorship Acknowledgment 00:35 The Nature of Cybersecurity Awareness 01:09 Introduction to the Research Show 01:21 Guest Introductions 02:15 Human-Centric Cybersecurity Partnership 03:46 The Importance of Canadian Research 04:40 Cybersecurity and Culture 05:27 The Role of Research in Cybersecurity 07:12 David's Research and Collaboration with Michael 08:46 The Value of Independent Research 13:33 Cybersecurity Awareness Month Impact 17:23 Phishing Simulation and Reporting 23:49 Awareness Decay and Vigilance 30:55 The Importance of Reporting and Feedback Loops 40:00 Optimal Frequency for Cybersecurity Training 40:27 Critiques and Misconceptions in Phishing Training 42:00 Empirical Data and Training Effectiveness 43:19 Insights from Phishing Simulations 47:14 Understanding Why People Click 52:43 Challenges in Cybersecurity Research 01:04:06 The Importance of Layered Defenses 01:17:17 Concluding Thoughts on Cybersecurity Training