Cisco Breached: Source Code Stolen - Cybersecurity Today

Cisco Source Code Stolen in Trivy Fallout, Axios Supply Chain Attack, and Active Exploitation of Fortinet and Citrix Flaws David Shipley reports multiple major security incidents: attackers used credentials stolen in the Trivy supply-chain attack via a malicious GitHub action to breach Cisco's internal development environment, clone 300+ GitHub repos, steal source code (including AI products) and AWS keys, and impact customer-related code; Cisco contained the breach, re-imaged systems, and rotated credentials. A separate supply-chain attack hit the widely used JavaScript library Axios after its maintainer account was compromised, pushing poisoned NPM versions that installed a dropper/RAT via a fake dependency; users are told to downgrade affected versions, remove the dependency, rotate credentials, and review CI/CD logs. Active exploitation is confirmed for a Fortinet FortiClient EMS SQL injection (CVE-2026-21643) and for critical Citrix NetScaler flaws (CVE-2026-3055, possibly alongside CVE-2026-4368). Anthropic accidentally exposed details of a new model, "Code Mythos," described as highly capable in reasoning, coding, and cybersecurity. Finally, TechCrunch reports escalating allegations that compliance startup Delve helped fabricate audit evidence and worked with weak auditors. The episode also marks show episode 1,500. 00:00 Headlines and Sponsor 00:54 Cisco Trivy Breach 02:28 Axios NPM Attack 04:12 Fortinet SQLi Exploited 06:24 Citrix Bleed Returns 08:05 Anthropic Model Leak 10:24 Fake Compliance Scandal 12:30 Episode 1500 Milestone 14:03 Sponsor Closing Message

Mac Malware 'Infinity Stealer,' DarkSword iOS Exploits, China Telecom Espionage & TeamTNT Supply Chain Hits Cybersecurity Today would like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking stack, wired, wireless and cellular in one integrated solution that's built for performance and scale. You can find them at Meter.com/cst David Shipley reports from Seoul on major threats: Malwarebytes details Infinity Stealer, a new macOS info-stealer delivered via "ClickFix" social engineering and built as a compiled Python payload (Nuitka) that steals browser credentials, Keychain data, crypto wallets, and developer secrets while notifying attackers via Telegram. Proofpoint links Russia-aligned TA446 (Cold River/Star Blizzard) to spear-phishing using the DarkSword iOS exploit kit to deliver GhostBlade, with DarkSword now leaked on GitHub and Apple pushing unusual on-device warnings for vulnerable iOS versions. Rapid7 describes China-linked "Red Menshen" using the kernel-level BPFdoor backdoor to persist in global telecom networks. TeamTNT compromises the Telnyx PyPI package with WAV-steganography payloads that steal secrets and target Kubernetes. Iran-linked activity includes a symbolic FBI director email breach and escalating, deliberate healthcare disruption via attacks on Stryker and a Pay2Key incident. 00:00 Show Intro and Sponsor 00:53 Mac ClickFix Stealer 03:25 Dark Sword iOS Exploits 06:30 China Telecom Backdoor 08:47 TeamTNT PyPI Supply Chain 12:20 Iran Cyber and Healthcare 17:41 Wrap Up and Thanks 18:43 Sponsor Message

RSAC Recap: Agentic AI Takes Over, Security Funding Shifts, and Why CISOs Must Focus on Resilience Cybersecurity Today  would like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking stack, wired, wireless and cellular in one integrated solution that's built for performance and scale.  You can find them at Meter.com/cst Jim Love and co-host David Shipley recap the RSA Conference in San Francisco, noting that "zero trust" marketing has faded and "agentic AI" (especially "agentic SOC") dominated vendor messaging. David highlights a major market shift: AI is pressuring cybersecurity company valuations and could reduce funding, accelerate consolidation, and raise security costs due to heavy compute requirements, even as demand increases. They discuss how AI disproportionately benefits attackers, including new phishing-as-a-service capabilities, while organizations cut security hiring in anticipation of AI gains. David's standout booth, MindGuard, used a 1990s metaphor to argue AI security is as immature as cybersecurity was decades ago. He also interviews Commvault CSO Bill O'Connell on the evolving CISO role, communicating risk, the importance of recovery and "ResOps," and celebrating CISOs, including Time magazine's CISO of the year concept. 00:00 Weekend Show Kickoff 00:46 RSAC Recap Setup 01:06 Zero Trust Is Dead 01:48 Agentic SOC Everywhere 03:41 AI Shifts Security Valuations 06:55 Peak Security And Consolidation 07:55 Costs And Layoffs Warning 09:35 Attackers Gain The Edge 11:48 RSAC Booth Spectacle 13:39 MindGuard Nineties Metaphor 15:40 Commvault CISO Interview Begins 17:22 Backup To Cyber Resilience 18:04 Modern CISO Role Evolution 19:55 Translating Risk For Leaders 21:44 Risk Versus FUD 22:22 AI Hype And CISO Relevance 23:29 Defining AI And Controls 24:33 Agentic AI And Backups 25:49 Resilience Over Prevention 27:52 ResOps And Practicing Recovery 31:06 Advice For New CISOs 33:30 Celebrating The CISO Role 35:43 Is The Job Worth It 37:06 Host Wrap And Audience Feedback 39:18 Korea Trip And Show Signoff 40:13 Sponsor Message And Closing

Anonymous Tip System Breach Exposes Millions of Records, Google Warns Q-Day by 2029, and New AI Documentation Supply-Chain Risks Cybersecurity Today  would like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking stack, wired, wireless and cellular in one integrated solution that's built for performance and scale.  You can find them at Meter.com/cst Jim Love reports that a breach at P3 Global Intel, whose tip-submission systems are used by police, government agencies, and schools, allegedly exposed over 8 million submissions including highly sensitive personal data and raised concerns about anonymity due to features that could disclose tipster IP information; the company says it has not confirmed misuse. Google warns "Q Day," when quantum computers could break widely used public-key encryption, may arrive as early as 2029, intensifying urgency around "harvest now, decrypt later" and adoption of post-quantum cryptography standards. The episode also highlights AI-era supply-chain threats where community-generated documentation can be poisoned with indirect prompt injections that influence AI-generated code, and notes upcoming GitHub Copilot policy changes to use prompts and code context from certain users for training unless they opt out, making data governance critical. 00:00 Headlines And Sponsor 00:45 Anonymous Tip Line Breach 03:42 Quantum Q Day Timeline 06:10 Poisoned Documentation Attacks 08:57 Copilot Training Data Changes 10:27 Wrap Up And Meter Thanks

RSAC: Retiring "APT," FCC's US-Made Router Ban, Zoom Call Scraping, Iran-Targeting Wiper, and Cyber Terrorism Insurance From RSAC 2026, host David Shipley highlights ESET researcher Robert Lipowsky's argument to retire the overused "advanced persistent threat" label and instead describe actors by motivation and activity, noting blurred lines between nation-state and criminal tooling. He also reports RSAC vendor trends (zero trust fading, "agentic AI" everywhere) and standout booth themes. In Washington, the FCC bans authorization of any new Wi‑Fi router models not made in the United States, citing supply-chain risk and attacks like Volt Flax and Salt Typhoon, impacting an industry largely manufacturing abroad unless exemptions are granted with plans to reshore. The episode details Webinar TV allegedly joining public Zoom links to record calls and publish AI-generated podcast recaps, and a Kubernetes-targeting campaign linked to the Trivy supply-chain attack that deploys an Iran-checking wiper. Finally, Treasury seeks comments on expanding the terrorism risk insurance backstop (TRIP) to cover cyber losses. Cybersecurity Today  would like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking stack, wired, wireless and cellular in one integrated solution that's built for performance and scale.  You can find them at Meter.com/cst   00:00 Sponsor Meter Intro 00:18 Headlines Preview 00:58 Retiring The APT Label 02:51 RSAC Floor Trends 05:08 FCC Router Ban 06:43 Zoom Calls Turned Podcasts 09:29 Iran Targeting Wiper 10:57 Cyber Terrorism Insurance Debate 13:15 Wrap Up And Thanks 13:44 Sponsor Meter Outro

Compliance Startup Audit-Faking Claims, Trivy Supply-Chain Backdoor, Russia Targets Signal/WhatsApp, and Iran-Linked Stryker Disruption Cybersecurity Today  would like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking stack, wired, wireless and cellular in one integrated solution that's built for performance and scale.  You can find them at Meter.com/cst This episode covers allegations that Y Combinator-backed compliance startup Delve helped customers fake privacy and security audits by generating fabricated evidence that auditors then rubber-stamped, alongside Delve's denial and a report of sensitive Delve data being externally accessible. It also details a TeamTNT/Team PCP-style supply-chain compromise of Aqua Security's Trivy scanner via GitHub build and tag tampering, briefly distributing a backdoored release that stole cloud credentials, SSH keys, tokens, and more, with guidance to treat affected environments as fully compromised and rotate secrets. The FBI and CISA warn of Russian intelligence-linked phishing targeting Signal and WhatsApp accounts through social engineering and malicious QR codes. Finally, it describes the real-world impact of an Iran-linked Handala cyberattack on Stryker, disrupting custom implant logistics and delaying surgeries. 00:00 Sponsor Message Meter 00:18 Headlines Overview 00:48 Delve Audit Allegations 03:27 Trivy Scanner Backdoor 06:01 Russian Phishing Signals 08:54 Stryker Attack Fallout 11:30 Wrap Up And RSAC 11:48 Sponsor Message Meter

Cybersecurity Isn't Managing Risk—It's Managing Threats... And That's the Problem Host David Shipley speaks with Jeff Gardiner, a former university CISO and now at Morgan Stanley, about Gardiner's doctoral research arguing that cybersecurity has structurally misclassified "risk management" as threat management.  Gardiner explains that real risk is an expected loss calculation (impact × likelihood), while many cybersecurity frameworks and training emphasize vulnerabilities, exploitability, and system configuration without likelihood or business impact. He describes examples where teams labeled unlikely issues as "extremely high risk," discusses interviews where leaders universally expect cybersecurity staff to be risk managers, and cites findings that only about 11% of cybersecurity professionals actually perform risk calculations. Gardiner outlines a practical approach using qualitative likelihood and impact scales, prioritization, and clearer business framing, and notes ongoing discussions with NIST to improve the NICE framework. Cybersecurity Today  would like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking stack, wired, wireless and cellular in one integrated solution that's built for performance and scale.  You can find them at Meter.com/cst 00:00 Sponsor Message 00:19 Meet Jeff Gardiner 01:51 Career Journey Origins 03:23 TLS Risk Epiphany 05:06 What Is Compute Canada 06:38 Risk Versus Threat 08:35 Why Labels Matter 11:13 Likelihood And Impact 12:26 Teaching Risk Qualitatively 15:29 Why Prioritize Risk 20:36 Training Frameworks Flaw 25:13 Research Frustrations 25:51 Risk Management Wins 26:44 Why CISOs Burn Out 27:43 Speaking Executive Risk 29:22 Teach Risk Broadly 31:36 Biases and Better Judgments 35:17 Sexy Scary vs Real Risk 36:12 Convincing the Room 39:15 Start Simple Frameworks 41:36 Risk Quadrants and Delegation 45:30 Mentorship and NIST V3 47:57 Wrap Up and Sponsor

FBI Seizes Iran-Linked Handala Leak Site After Stryker Intune Wipe Attack; Apple iPhone Exploit Patch; North Korean Fake IT Workers Grow Cybersecurity Today  would like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking stack, wired, wireless and cellular in one integrated solution that's built for performance and scale.  You can find them at Meter.com/cst The episode reports that the FBI has seized the data leak site used by the Iran-linked hacktivist group Handala, which has been widely linked to the Stryker attack where attackers compromised admin accounts, stole data, and used Microsoft Intune to remotely wipe and factory reset roughly 80,000 managed devices. CISA and Microsoft warn organizations to harden Intune and identity controls with least privilege, role-based access, MFA, conditional access, and requiring multi-admin approval for sensitive actions like device wipes. Apple urges iPhone users to update after fixing actively exploited flaws used in targeted, sophisticated campaigns, noting risks even for those who think Apple devices aren't targeted. The show also highlights new FLAIR research showing North Korean operatives continue infiltrating Western firms as remote IT workers using stolen or fabricated identities, exploiting weak hiring verification and broad access. LINKS https://flare.io/learn/resources/north-korean-infiltrator-threat 00:00 Sponsor Message Meter 00:19 Headlines And Intro 00:46 FBI Seizes Handala Leak Site 02:31 CISA And Microsoft Intune Guidance 04:37 Apple iPhone Update Warning 06:10 North Korean Fake IT Workers 07:56 Links Sharing And Wrap Up 08:29 Sponsor Thanks And Sign Off

Medical Device Breaches, Anti-Scam Pledge Scrutiny, AI Font Trick, and Iran-Linked Cyber Updates. Cybersecurity Today  would like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking stack, wired, wireless and cellular in one integrated solution that's built for performance and scale.  You can find them at Meter.com/cst The episode covers several cybersecurity stories: Intuitive Surgical disclosed a March 12 phishing-led intrusion where stolen credentials enabled access to its internal administrative network and data theft (customer/business contacts and employee records), while clinical platforms and Da Vinci/Ion systems remained unaffected. Eleven tech and retail firms including Google, Amazon, and OpenAI pledged to share threat intel on scams, amid skepticism and Verafin figures estimating $4.4T in global financial crime in 2025 and rising AI-driven fraud. LayerX demonstrated a font/CSS "glyph substitution" technique that shows humans a malicious command while AI assistants read benign text; Microsoft addressed it, while others deemed it out of scope. In Iran-war updates, senior Iranian cyber figures were reportedly killed; Iran-linked group Handala's Stryker attack allegedly wiped nearly 80,000 devices via compromised admin accounts and Intune, with further unverified leak claims. Denver crosswalk speakers were hacked due to default passwords.   00:00 Sponsor Message Meter 00:19 Medical Device Breach 01:52 Phishing Still Wins 02:32 Tech Pledge Against Scams 03:43 Fraud Numbers And AI 05:49 Font Trick AI Bypass 07:22 Vendor Responses Lessons 09:03 Iran Cyber War Updates 10:00 Stryker Intune Wipe Attack 11:07 More Iranian Claims 12:17 Denver Crosswalk Hack 13:10 Wrap Up And Signoff 13:33 Sponsor Outro Meter

Alleged Canadian 'The Comm' Hacker Arrested, Interpol's Operation Synergia Takedown, Stryker Cyberattack Update and more.. Cybersecurity Today  would like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking stack, wired, wireless and cellular in one integrated solution that's built for performance and scale.  You can find them at Meter.com/cst Host David Shipley covers new details on the alleged takedown of "Waifu," a Canadian hacker tied to the cybercrime group The Com, after a harassment campaign against investigator Allison Nixon helped lead to his identification and arrest; he now faces U.S. charges including extortion and unauthorized computer access. The episode also highlights Interpol's six-month Operation Synergia, a major international crackdown that disabled 45,000 malicious IPs and led to 94 arrests across 72 countries, targeting ransomware, phishing, and malware infrastructure. An update on Stryker describes an attack on its Microsoft corporate systems allegedly involving Intune to wipe over 200,000 devices, with Stryker saying connected medical devices and services remain safe while ordering and operations are disrupted. Finally, Poland reports it stopped an attempted hack on its National Center for Nuclear Research that may have Iranian links, though officials caution indicators could be misdirection. 00:00 Sponsor Meter Intro 00:19 Headlines And Welcome 00:50 Calm Hacker Takedown 02:49 Threats Against Researcher 04:21 Unmasking And Arrest 05:46 Interpol Operation Synergy 08:10 Stryker Intune Attack Fallout 12:56 Iran Cyber War Updates 13:43 Poland Nuclear Hack Attempt 16:14 Wrap Up And Thanks 16:52 Sponsor Meter Outro