Scam Losses Surge - Cybersecurity Today

Cybersecurity Today host David Shipley reports that the FTC says Americans lost $3.5 billion to imposter scams in 2025—nearly triple 2020—with social media tied to $2.1 billion in losses and total fraud reaching about $16 billion, while the FBI estimates cyber-enabled losses nearer $21 billion and potentially far higher. Security researchers, including Katie Moussouris, argue the U.S. government's forced Anthropic model shutdown over an alleged guardrail bypass was hasty and largely about prompt phrasing, with Axios citing personality differences as a driver. The DOJ seized deepfake pornography sites cfake.com and sock.com under the Take It Down Act after a three-country operation involving Italy and France. Finally, Varonis details "SearchLeak" (CVE-2026-42824), a now-fixed critical Copilot attack chain enabling one-click data exfiltration via prompt injection, a sanitizer race condition, and CSP bypass through Bing. 00:00 Today's Cyber Headlines 00:29 Imposter Scams Surge 01:29 Fraud on Social Platforms 02:47 Anthropic Jailbreak Debate 04:15 Export Controls Fallout 05:05 DOJ Seizes Deepfake Sites 06:44 SearchLeak Copilot Attack 07:36 How SearchLeak Works 09:18 Why Old Bugs Return 10:08 Wrap Up and Sign Off

The U.S. government orders Anthropic to shut down foreign access to its Fable 5 and Mythos 5 AI models after the Pentagon labels the company a supply-chain risk. David Shipley examines what may be  behind the decision and what it means for countries and businesses that depend on American AI platforms. The FBI also disrupts Outsider Enterprise, a China-based phishing-as-a-service network linked to more than 9,000 fake websites, one million fraudulent URLs, 3.8 million stolen payment-card records and an estimated $1.9 billion in losses. Also in this episode: A critical Splunk vulnerability could allow an unauthenticated attacker to remotely execute code through a PostgreSQL sidecar service enabled by default in some deployments. A former Iowa school IT worker is sentenced after retaining access for 21 months and using it to delete accounts and disrupt school systems. And FortiWatch returns with a critical FortiSandbox command-injection vulnerability that requires no authentication. Cybersecurity Today is hosted by David Shipley. Chapters 00:00 Cybersecurity Today headlines 00:26 U.S. government shuts down Anthropic AI models 02:59 FBI takes down Outsider Enterprise phishing network 04:47 Critical Splunk vulnerability explained 06:31 Former school IT worker sentenced for cyberattack 08:29 FortiWatch: FortiSandbox command-injection vulnerability 10:08 What's ahead this week

Cybersecurity Today on the Weekend interviews the winning Canadian CyberTitan team ("S-ores"/a regex-based name) along with coach Phil, educator Tim, and CyberTitan manager Sheena to explain how CyberTitan (run by ICTC) connects to the international CyberPatriot program. They describe the competition mechanics—securing compromised Windows, Windows Server, and Linux virtual machines for points, plus Cisco Packet Tracer networking—and how Canadian teams compete through CyberPatriot before the top teams advance to a national CyberTitan final. Students Faye and Eric share why they joined, their learning "aha" moments in Windows tools and networking concepts, and the value of teamwork. The guests discuss teacher benefits, free training materials, building diverse participation, sponsorship challenges, and hopes for a fully Canadian program with regional events and cloud-based cyber ranges like Field Effect's. 00:00 Weekend Show Intro 01:00 Tim's CyberTitan Journey 01:46 ICTC Explained 02:08 Who Can Compete 02:42 Why CyberTitan Matters 03:22 Origins and CyberPatriot Link 04:04 How The Competition Works 05:09 Meet Team Sors 07:07 Coach Phil's Role 09:44 Why Students Join 12:08 Student Aha Moments 15:13 Community and Teacher Wins 16:34 Sheena Runs The Show 17:29 Scale and National Reach 18:51 Coast To Coast Growth 19:40 XOR Team's Home District 19:55 Teams Across Toronto 20:39 Trophies Medals Coins 21:22 Eric Why Join 23:04 Faye Encouragement Story 25:51 Teachers Start Teams 27:52 Building Girls Pipeline 30:40 Cloud Range Future 33:49 2030 Vision Wrap

Anthropic is calling for governments to have the authority to stop deployment of advanced AI systems that pose unacceptable risks. CEO Dario Amodei points to the company's Mythos cybersecurity model as proof that AI has become a matter of national and strategic consequence, warning that cyber risks may soon be followed by biological and autonomy risks. Meanwhile, security researcher Nightmare Eclipse has released RoguePlanet, a new Windows Defender zero-day that reportedly works against fully patched Windows 10 and Windows 11 systems. The disclosure comes shortly after Microsoft said it had no intention of pursuing action against security researchers, suggesting the dispute between the company and the researcher is far from over. And European authorities have dismantled AudiA6, a cryptocurrency laundering operation that Europol says used thousands of fraudulent exchange accounts to help obscure the proceeds of ransomware attacks and other cybercrime. Investigators linked the service to more than 15 ransomware and major cryptocurrency theft investigations worldwide. Chapters 00:00 Top Stories Rundown 00:19 Crypto Laundering Takedown 02:02 Why Cashout Networks Matter 02:36 RoguePlanet Zero Day Drops 03:19 Microsoft Researcher Fallout 04:24 Exploit Reliability And What Next 05:37 Anthropic Wants Stop Powers 06:10 Mythos Model Cybersecurity Shock 07:37 Regulation Motives And Competition 08:37 Beyond Cyber Bio And Autonomy 09:20 Closing And Next Episodes

Instagram AI Support Hack Hits 20,225 Accounts; AI Worm 'Hades' Lies to Security Tools; Chrome Zero-Day Patch Host David Shipley reports Meta says 20,225 Instagram accounts were hijacked after an AI support tool was tricked into sending reset links to attacker-controlled emails, with only MFA-protected accounts resisting. Step Security details a new Miasma-derived worm wave called Hades that targets config files for 14 AI coding tools, can inject instructions to hijack assistants, lies to AI security tools, and includes a "dead man switch" wipe if stolen GitHub tokens are revoked; Microsoft also removed some GitHub repos after 73 open-source projects were compromised to inject an info stealer. University of Toronto and Vector Institute researchers demonstrated an AI worm using a free local model that spread across a simulated network via known flaws and misconfigurations. Google issued an emergency Chrome patch for actively exploited CVE-2026-11645 in V8, and insurers are tightening claims scrutiny and increasingly excluding AI-related liabilities. 00:00 Instagram AI Hack Fallout 01:36 AI Worm Hades Evolves 02:55 Microsoft Repo Compromise 03:54 Lab Built AI Worm Demo 05:27 Emergency Chrome Zero Day 07:07 Cyber Insurance Tightens Up 08:02 AI Liability Coverage Shrinks 09:16 Wrap Up and Sign Off

TClaude Outage Data Leak Fears, Microsoft GitHub Worm, IBM Hack Allegations, Meta AI Instagram Takeovers, and Canada's Bill C-8 David Shipley reports that Anthropic's Claude suffered a roughly two-hour outage affecting models including Opus, during which a user alleged receiving another customer's conversation; Anthropic says it has no evidence of a data leak and is investigating. A Team PCP self-spreading worm, Miasma, infected 73 Microsoft GitHub repositories across four accounts and now triggers via AI coding assistants when developers open cloned projects. A former IBM threat-intel executive, William Barlow, alleges IBM was hacked three times by foreign governments (including APT10 from 2013–2016) and concealed it; IBM denies wrongdoing and the claims are unproven. TechCrunch reports attackers hijacked Instagram accounts by persuading Meta's support chatbot to relink accounts to attacker emails, with ongoing reports despite Meta saying it's fixed. Canada's Senate passed critical-infrastructure cybersecurity law Bill C-8, mandating rules and incident reporting for telecom, finance, energy, and transportation. 00:00 Top Headlines Rundown 00:37 Claude Outage Data Leak Fears 02:17 Miasma Worm Hits Microsoft 03:52 IBM Breach Cover Up Claims 05:25 Meta AI Hands Over Instagram 06:40 Why Chatbots Fail Social Engineering 07:44 Canada Passes C-8 Cyber Law 09:58 Wrap Up and Sign Off

Host Jim Love and panelists David Shipley, Laura Payne, and Jeff Williams discuss a researcher ("Chaotic/Nightmare Eclipse") publicly disclosing multiple Windows zero-days affecting components including Defender and BitLocker, frustration with Microsoft's vulnerability disclosure process, and backlash to Microsoft's initially threatening tone before it was partially walked back; the panel debates responsible disclosure, the need for researcher support/organization, transparency vs liability, and how vulnerability reporting is straining under volume. They then examine a White House AI executive order focused on voluntary measures and 30-day model access, criticizing the lack of basic safety and cybersecurity protections amid FOMO about losing to China and an AI investment bubble. The conversation covers AI-driven harms and studies on reduced brain activity and "cognitive surrender," while noting benefits when AI is used as a tutor. Shipley highlights Canada's Senate passing Bill C-8 on critical infrastructure cybersecurity, and the group urges outcome-focused security, architecture/risk prioritization, and critical thinking against AI-enabled social engineering. Cybersecurity Today would like to thank Material Security for sponsoring this podcast. Material Security provides faster, more complete detection and response for email, identity, and data threats inside Google Workspace and Microsoft 365. You can contact them at material[dot]security. 00:00 Sponsor Message 00:24 Show Welcome Panel 01:17 Microsoft Zero Day Fallout 04:19 Researcher Backlash Drama 06:46 Unionizing Bug Hunters 13:10 Product Liability Debate 23:23 Regulation vs Transparency 26:00 AI Bubble Investor Risk 28:01 White House AI Order 32:24 Cybersecurity Gaps Telecom 33:19 Telecom Trust Breakdown 34:32 AI Harms and Exploitation 35:36 Studies on Cognitive Surrender 38:13 Markets Regulation and Politics 40:13 Canada Cyber Law Win 42:33 Adoption Hype and Subsidy Bubble 48:50 Patch Deluge and AppSec Strain 52:10 Defenses Beyond Patching 54:17 Outcomes Critical Thinking and CIA 01:01:49 Education Disruption and Closing 01:04:14 Sponsor Message Material Security

A newly disclosed attack called HTTP/2 Bomb can crash major web servers in seconds using a single computer and a modest internet connection. Researchers say the attack combines two known techniques into a powerful memory-exhaustion exploit affecting widely used platforms including Apache, NGINX, Microsoft IIS, and Envoy. The attack also highlights a growing trend in cybersecurity research: the use of artificial intelligence to uncover dangerous combinations of existing vulnerabilities. The episode also examines President Trump's new executive order creating a voluntary framework for reviewing advanced AI models before public release. The administration says the goal is to improve cybersecurity and national security visibility while avoiding mandatory regulation or licensing requirements. Next, a new Cloud Security Alliance report warns that organizations are struggling to keep up with the growing volume of vulnerabilities. Security teams increasingly face difficult choices about which flaws to patch first as cloud environments, containers, APIs, and third-party software continue to expand the attack surface. Finally, CISA warns that attackers are actively exploiting both a newly patched Android vulnerability and a years-old Linux flaw. The contrast highlights a simple reality: cybercriminals do not care whether a vulnerability is new or old. They care whether it remains exploitable. Stories in this episode HTTP/2 Bomb Can Crash Web Servers in Seconds Researchers disclose a denial-of-service technique capable of exhausting server memory in under a minute, while OpenAI's Codex helps uncover a novel attack chain. Trump Creates Voluntary AI Security Reviews as Government Seeks Visibility Into Frontier Models A new executive order establishes voluntary reviews of advanced AI systems before public release, raising questions about visibility, oversight, and national security. The Cybersecurity Industry's Patch-Everything Strategy May Be Breaking Down A Cloud Security Alliance report suggests organizations are overwhelmed by vulnerability volume and increasingly forced to choose which risks to address. CISA Warning Shows Attackers Don't Care Whether a Vulnerability Is New or Old Active exploitation of both a newly patched Android flaw and an older Linux vulnerability demonstrates that attackers focus on opportunities, not disclosure dates. Cybersecurity Today brings you the latest cybersecurity news, threat intelligence, breach reports, vulnerability disclosures, ransomware developments, cybercrime investigations, and security research affecting organizations around the world. #Cybersecurity #CyberSecurityToday #InfoSec #CyberNews #Ransomware #ThreatIntelligence #VulnerabilityManagement #AndroidSecurity #LinuxSecurity #ArtificialIntelligence #HTTP2 #CISA #CloudSecurity #OpenAI #PatchManagement

Cybersecurity Today for June 2, 2026. Microsoft has backed away from its hard-line stance against vulnerability researchers after widespread criticism from the security community. The dispute began after independent researcher Nightmare Eclipse published proof-of-concept code for unpatched Microsoft vulnerabilities, triggering a public debate over responsible disclosure, zero-days, and researcher relations. Cybersecurity Today would like to thank Material Security for sponsoring this podcast. Material Security provides faster, more complete detection and response for email, identity, and data threats inside Google Workspace and Microsoft 365. You can contact them at material[dot]security. Carnival Corporation disclosed a social-engineering attack that led to the theft of sensitive personal information affecting nearly six million people. Exposed data includes names, contact information, dates of birth, and government identification details. The ShinyHunters cybercrime group has claimed responsibility and alleges the breach involved even more records. Password manager provider Dashlane temporarily locked some customers out of their accounts after large-scale password-guessing attacks triggered automated security protections. Access was later restored, although some users reported lingering issues. The episode also examines a software supply-chain attack uncovered by Wiz involving 32 Red Hat Cloud Services NPM packages. Attackers compromised a Red Hat employee's GitHub account and inserted Miasma malware designed to steal Google Cloud and Microsoft Azure credentials. Timestamps: 00:00 Sponsor Message 00:28 Headlines And Intro 00:55 Microsoft Researcher Dispute 02:58 Carnival Cruise Data Breach 04:48 Dashlane Lockouts Explained 06:09 Miasma Malware Supply-Chain Attack 08:10 Wrap Up And Sign Off 08:31 Sponsor Deep Dive #Cybersecurity #DataBreach #Carnival #Microsoft #Dashlane #RedHat #SupplyChainAttack #CyberSecurityToday

Microsoft's dispute with a former security researcher takes a dramatic turn as the company raises the possibility of criminal action over the publication of proof-of-concept code for unpatched zero-day vulnerabilities. David Shipley examines the escalating conflict between Microsoft and "Nightmare Eclipse," the criticism from prominent security researchers including Kevin Beaumont and Katie Moussouris, and what the controversy could mean for the future of vulnerability disclosure. Cybersecurity Today would like to thank Material Security for sponsoring this podcast. Material Security provides faster, more complete detection and response for email, identity, and data threats inside Google Workspace and Microsoft 365. You can contact them at material[dot]security. The episode also explores a new category of insider risk after U.S. prosecutors charged Google security engineer Michael Spagnuolo with allegedly using confidential Google search trend data to earn more than $1.2 million on the prediction market Polymarket. The case highlights how prediction markets may create unexpected incentives around non-financial corporate information. Also covered: active exploitation of Palo Alto Networks' GlobalProtect VPN authentication bypass vulnerability CVE-2026-0257, now added to CISA's Known Exploited Vulnerabilities (KEV) catalogue, and a malware campaign that abuses legitimate ChatGPT sharing pages and Google Ads to trick users into downloading malicious software. Researchers also report similar abuse of Anthropic's Claude Artifacts feature. Chapters 00:00 Top Headlines Rundown 00:26 Microsoft vs Zero-Day Researcher 01:28 Responsible Disclosure Fallout 03:32 Why This Dispute Matters 04:32 Polymarket Insider Trading Case 06:07 Prediction Markets Create New Insider Risks 06:55 Palo Alto VPN Authentication Bypass 08:25 ChatGPT Pages Used to Deliver Malware 09:51 Wrap Up and Sign Off Cybersecurity Today is Canada's leading daily cybersecurity news podcast, covering ransomware, vulnerabilities, nation-state threats, cybercrime, security research, privacy, and critical infrastructure security. #Cybersecurity #Microsoft #PaloAltoNetworks #ChatGPT #OpenAI #Google #Polymarket #ThreatIntelligence #InfoSec #CyberSecurityToday