FBI Seizes Iran-Linked Handala Leak Site After Stryker Intune Wipe Attack: Cybersecurity Today

FBI Seizes Iran-Linked Handala Leak Site After Stryker Intune Wipe Attack; Apple iPhone Exploit Patch; North Korean Fake IT Workers Grow Cybersecurity Today  would like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking stack, wired, wireless and cellular in one integrated solution that's built for performance and scale.  You can find them at Meter.com/cst The episode reports that the FBI has seized the data leak site used by the Iran-linked hacktivist group Handala, which has been widely linked to the Stryker attack where attackers compromised admin accounts, stole data, and used Microsoft Intune to remotely wipe and factory reset roughly 80,000 managed devices. CISA and Microsoft warn organizations to harden Intune and identity controls with least privilege, role-based access, MFA, conditional access, and requiring multi-admin approval for sensitive actions like device wipes. Apple urges iPhone users to update after fixing actively exploited flaws used in targeted, sophisticated campaigns, noting risks even for those who think Apple devices aren't targeted. The show also highlights new FLAIR research showing North Korean operatives continue infiltrating Western firms as remote IT workers using stolen or fabricated identities, exploiting weak hiring verification and broad access. LINKS https://flare.io/learn/resources/north-korean-infiltrator-threat 00:00 Sponsor Message Meter 00:19 Headlines And Intro 00:46 FBI Seizes Handala Leak Site 02:31 CISA And Microsoft Intune Guidance 04:37 Apple iPhone Update Warning 06:10 North Korean Fake IT Workers 07:56 Links Sharing And Wrap Up 08:29 Sponsor Thanks And Sign Off

Medical Device Breaches, Anti-Scam Pledge Scrutiny, AI Font Trick, and Iran-Linked Cyber Updates. Cybersecurity Today  would like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking stack, wired, wireless and cellular in one integrated solution that's built for performance and scale.  You can find them at Meter.com/cst The episode covers several cybersecurity stories: Intuitive Surgical disclosed a March 12 phishing-led intrusion where stolen credentials enabled access to its internal administrative network and data theft (customer/business contacts and employee records), while clinical platforms and Da Vinci/Ion systems remained unaffected. Eleven tech and retail firms including Google, Amazon, and OpenAI pledged to share threat intel on scams, amid skepticism and Verafin figures estimating $4.4T in global financial crime in 2025 and rising AI-driven fraud. LayerX demonstrated a font/CSS "glyph substitution" technique that shows humans a malicious command while AI assistants read benign text; Microsoft addressed it, while others deemed it out of scope. In Iran-war updates, senior Iranian cyber figures were reportedly killed; Iran-linked group Handala's Stryker attack allegedly wiped nearly 80,000 devices via compromised admin accounts and Intune, with further unverified leak claims. Denver crosswalk speakers were hacked due to default passwords.   00:00 Sponsor Message Meter 00:19 Medical Device Breach 01:52 Phishing Still Wins 02:32 Tech Pledge Against Scams 03:43 Fraud Numbers And AI 05:49 Font Trick AI Bypass 07:22 Vendor Responses Lessons 09:03 Iran Cyber War Updates 10:00 Stryker Intune Wipe Attack 11:07 More Iranian Claims 12:17 Denver Crosswalk Hack 13:10 Wrap Up And Signoff 13:33 Sponsor Outro Meter

Alleged Canadian 'The Comm' Hacker Arrested, Interpol's Operation Synergia Takedown, Stryker Cyberattack Update and more.. Cybersecurity Today  would like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking stack, wired, wireless and cellular in one integrated solution that's built for performance and scale.  You can find them at Meter.com/cst Host David Shipley covers new details on the alleged takedown of "Waifu," a Canadian hacker tied to the cybercrime group The Com, after a harassment campaign against investigator Allison Nixon helped lead to his identification and arrest; he now faces U.S. charges including extortion and unauthorized computer access. The episode also highlights Interpol's six-month Operation Synergia, a major international crackdown that disabled 45,000 malicious IPs and led to 94 arrests across 72 countries, targeting ransomware, phishing, and malware infrastructure. An update on Stryker describes an attack on its Microsoft corporate systems allegedly involving Intune to wipe over 200,000 devices, with Stryker saying connected medical devices and services remain safe while ordering and operations are disrupted. Finally, Poland reports it stopped an attempted hack on its National Center for Nuclear Research that may have Iranian links, though officials caution indicators could be misdirection. 00:00 Sponsor Meter Intro 00:19 Headlines And Welcome 00:50 Calm Hacker Takedown 02:49 Threats Against Researcher 04:21 Unmasking And Arrest 05:46 Interpol Operation Synergy 08:10 Stryker Intune Attack Fallout 12:56 Iran Cyber War Updates 13:43 Poland Nuclear Hack Attempt 16:14 Wrap Up And Thanks 16:52 Sponsor Meter Outro

Gemini in Google Workspace, Agentic AI, and Managing AI Anxiety (with Accenture's Krish Banerjee) Cybersecurity Today  would like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking stack, wired, wireless and cellular in one integrated solution that's built for performance and scale.  You can find them at Meter.com/cst In a special edition of Project Synapse shared with Cybersecurity Today, host Jim Love and co-host John Pinard (a VP and CSO at a Canadian financial institution) speak with Krish Banerjee, Accenture's managing director and partner leading AI in Canada. They discuss Google integrating Gemini into Workspace and how AI assistants like Gemini and Microsoft Copilot are converging, along with recent moves around agent platforms and the business models of AI, including Meta and Nvidia's evolving strategies and Nvidia's push toward enterprise agent infrastructure amid rapidly rising compute demand. The conversation explores why AI adoption lags capability, emphasizing task-based redesign, human-in-the-loop guardrails, and not "AI-washing" broken processes. They also address AI anxiety, training and culture change, impacts on education and jobs, and practical ways to use agents to stay informed and productive. 00:00 Sponsor Message 00:20 Show Intro and Guests 01:12 Gemini Comes to Workspace 03:38 AI Tool Leapfrogging 05:06 Agent Network Acquisitions 07:53 Nvidia Bets on Enterprise Agents 11:08 Why AI Adoption Lags 14:27 Agentic AI and Process Redesign 16:19 Security Guardrails and Human Oversight 24:05 Accenture Transformation and Training 26:55 AI Anxiety in the Workplace 30:22 Tasks Not Jobs 32:12 Outcome First Thinking 34:15 Personal AI Assistants 37:24 Building Agents Together 38:35 Executive Learning Curve 44:31 Kids And AI Natives 50:15 Critical Thinking And Trust 54:15 Company Advice Focus Value 55:58 Wrap Up And Sponsor

AI Agent Hacks McKinsey Chatbot in 2 Hours, NPM Phantom Raven, Router Malware & Trojaned AI Models This episode covers how researchers at CodeWall used an autonomous AI security agent to gain read/write access to McKinsey's internal chatbot Lilli database in about two hours by chaining exposed APIs and an SQL injection, potentially exposing 46.5 million chats, 728,000 files, 57,000 accounts, and 95 system prompts, with McKinsey saying the issues were fixed and no unauthorized access was found. It also reports on the Phantom Raven supply-chain campaign that published 88 malicious NPM packages using a runtime-downloaded payload to steal developer system data like SSH keys and host details. A study warns that 83% of 800 million compromised passwords still meet complexity rules, highlighting credential-stuffing risk and the need for breach checks and MFA. The show notes 14,000+ routers infected with persistent malware often requiring factory resets plus hardening, and discusses Trojan backdoors embedded in AI models that trigger misbehavior under specific inputs, calling for new AI security testing and validation. Cybersecurity Today  would like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking stack, wired, wireless and cellular in one integrated solution that's built for performance and scale.  You can find them at Meter.com/cst 00:00 Sponsor Meter Intro 00:20 Headlines And Welcome 00:55 AI Agent Hacks McKinsey Bot 03:44 Phantom Raven NPM Malware 05:55 Strong Passwords Still Leaked 07:55 Router Malware That Persists 09:36 Trojan Backdoors In AI Models 12:01 Call For AI Backdoor Research 12:30 Sponsor Meter Outro 13:13 Sign Off

This includes our regular Wednesday/Thursday segment but with an update from this breaking story on the attack on a large US medical company.

Fake Claude Code Installs, Arpa Phishing, Zombie ZIP Malware Evasion, and Iran/Israel Cyber Retaliation This episode covers four major security stories: the "InstaFix" campaign using Google sponsored ads and cloned Claude Code install pages to trick developers into pasting terminal commands that deploy the TeraStealer credential-stealing malware; a phishing technique abusing the special-use .arpa domain and IPv6 reverse DNS to evade email and domain-based defenses, using attacker-controlled DNS zones, traffic distribution systems, and lures like surveys and account notices; the "Zombie ZIP" technique that manipulates ZIP headers to bypass AV/EDR scanning, tied to CVE-2026-0866 and demonstrated to evade most VirusTotal engines; and a surge in pro-Iranian and pro-Russian hacktivist retaliation targeting Israel and regional entities with DDoS, defacements, breach claims, and disinformation, alongside Israel's humorous counter-psychological video response. Cybersecurity Today  would like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking stack, wired, wireless and cellular in one integrated solution that's built for performance and scale.  You can find them at Meter.com/cst 00:00 Sponsor Message Meter 00:19 Headlines And Intro 00:51 Fake Claude Install Scam 04:25 Arpa Domain Phishing 08:30 Zombie Zip Malware Trick 10:57 Cyber Retaliation Surge 13:44 Israel's PSYOP Video 14:25 Wrap Up And Sponsor

Coruna iOS Exploit Kit Goes Mass-Market, FBI Wiretap Platform Breach Probe, Windows Terminal ClickFix, and Iran-War Cyber Escalation This episode covers several major cybersecurity developments: Google's Threat Intelligence Group details Coruna, a sophisticated iOS exploit kit with 23 exploits and multiple chains affecting iOS 13–17.2.1, shifting from targeted surveillance use to cryptocurrency-scam distribution and a PlasmaLoader payload aimed at stealing wallet data. The FBI is investigating suspicious activity involving its Digital Collection System Network used to support wiretaps and surveillance, with concerns about third-party vendor exposure and broader federal agency targeting. Microsoft reports a new ClickFix variation that abuses Windows Terminal to deploy the Luma Stealer via encoded commands, persistence, Defender exclusions, and browser injection. The show also reviews Iran-linked cyber activity by MuddyWater and others amid regional conflict, including new backdoors and cloud-based exfiltration, and reports that Iranian drone strikes hit AWS data centers in the UAE and Bahrain, causing outages and highlighting data centers as battlefield targets. Cybersecurity Today  would like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking stack, wired, wireless and cellular in one integrated solution that's built for performance and scale.  You can find them at Meter.com/cst 00:00 Sponsor Message Meter 00:19 Headlines And Intro 00:50 Coruna iOS Exploit Kit 04:06 FBI Wiretap Platform Breach 06:52 ClickFix Hits Windows Terminal 10:00 Iran War Cyber Campaigns 14:59 Drones Hit AWS Data Centers 17:57 Wrap Up And Thanks 18:35 Sponsor Close Meter

Cybersecurity Today Month in Review: Iran Conflict Cyber Spillover, IoT Cameras, AI Hacking Tools, and Resilience Planning In this weekend month-in-review episode, host Jim Love and panelists David Shipley, Laura Payne, Neil Bisson, and Chris "CJ" Johnson discuss cyber and infrastructure impacts tied to the US/Israel–Iran conflict, including reported compromise of traffic camera networks for targeting, Iran's defensive internet shutdown, propaganda via a hacked prayer app, and GPS/AIS spoofing that misdirected ships in the Strait of Hormuz, raising oil and helium supply-chain concerns. They warn of potential Iranian retaliation via DDoS, ransomware, and critical infrastructure attacks (especially water/OT), amplified by insecure IoT and camera vulnerabilities (e.g., Hikvision). The group critiques weakened government cyber capabilities (including CISA turmoil and CVE program risk), highlights AI-enabled attack automation (CyberStrike AI) shrinking time-to-exploit, and stresses practical resilience planning, including protecting AI API keys after an $82,000 billing incident and noting a law-enforcement takedown of LeakBase. Cybersecurity Today  would like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking stack, wired, wireless and cellular in one integrated solution that's built for performance and scale.  You can find them at Meter.com/cst 00:00 Sponsor Message Meter 00:18 Meet the Panel 01:41 MSPs and Security Assumptions 03:36 War and Cyber Spillover 06:52 Iran Internet Shutdown Explained 08:27 GPS Spoofing in Strait 10:32 Retaliation Risks to West 17:02 IoT Cameras as Targets 18:56 What IT Providers Should Do 22:03 Who Should Worry Most 26:18 Regulation and IoT Standards 28:58 Supply Chain and State Actors 31:36 CISA and CVE Turmoil 35:53 Ring Backlash and Big Tech 37:43 OpenAI Alerts and Privacy 39:25 AI Cultural Blind Spots 40:05 Therapy Duty to Report 41:17 Licensing AI Advice 42:16 Data Centers Under Fire 43:59 Continuity Without Claude 45:05 Power Grid Reality Check 46:47 MSPs and AI Dependence 49:58 Hype Versus Security Markets 51:02 CyberStrike AI Tooling 56:37 Nation State Plausible Deniability 59:58 Exploit Speed and Software Debt 01:03:37 Practical Tips and Wrap Up

Wikipedia JavaScript Worm, ICE Contractor Data Leak Claim, and Leak Base Takedown Wikipedia admins contained a self-propagating JavaScript worm that spread via infected user script files, executing in logged-in editors' browsers and using authenticated sessions to copy itself into other scripts, sometimes affecting global scripts; administrators restricted edits, reverted and suppressed changes, replaced compromised scripts, and continue investigating the originating account.  A hacktivist group calling itself the Department of Peace claims it leaked records tied to DHS's Office of Industry Partnership involving 6,681 organizations that applied for ICE-related contracts, releasing the dataset via Distributed Denial of Secrets, while DHS has not confirmed the breach or data authenticity.  Finally, the FBI, Europol, and partners dismantled the Leak Base cybercrime forum, seized its database, conducted arrests and searches, and warned suspects through the forum's channels. Cybersecurity Today  would like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking stack, wired, wireless and cellular in one integrated solution that's built for performance and scale.  You can find them at Meter.com/cst 00:00 Sponsor Message 00:19 Headlines Intro 00:42 Wikipedia Worm Attack 01:19 How The Worm Spread 02:08 Containment And Lessons 02:53 Hacktivists Leak ICE Data 04:47 Leak Base Takedown 06:10 Database Seizure Fallout 07:12 Wrap Up And Weekend Preview 07:30 Sponsor Closing