Cybersecurity Today

In this special Cybersecurity Today weekend interview, host David Shipley speaks with Amy Yee about leadership, resilience, and the human side of cybersecurity.

Amy shares her remarkable journey from electrical engineering and venture capital to becoming the inaugural Chief Digital Officer at Accreditation Canada and Health Standards Organization, where she helped build the digital foundation used by hundreds of healthcare organizations across Canada.

The conversation takes a deeply personal turn as Amy recounts leading through a ransomware attack that struck her organization before tabletop exercises and incident-response planning had become routine. She describes the chaos...

A special crossover episode of Cybersecurity Today and Hashtag Trending for June 19, 2026.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning after security researchers uncovered the FortiBleed dataset, exposing credentials tied to approximately 74,000 Fortinet firewall and SSL VPN devices across 194 countries. Researchers found the data on an exposed threat actor server containing attack tools, victim databases, logs, and thousands of verified usernames and passwords. Analysts report that tens of thousands of those credentials may still be active.

Host Jim Love breaks down:

• What FortiBleed is and how it wa...

Cybersecurity Today host David Shipley reports that the FTC says Americans lost $3.5 billion to imposter scams in 2025—nearly triple 2020—with social media tied to $2.1 billion in losses and total fraud reaching about $16 billion, while the FBI estimates cyber-enabled losses nearer $21 billion and potentially far higher. Security researchers, including Katie Moussouris, argue the U.S. government's forced Anthropic model shutdown over an alleged guardrail bypass was hasty and largely about prompt phrasing, with Axios citing personality differences as a driver. The DOJ seized deepfake pornography sites cfake.com and sock.com under the Take It Down Act after a three-country oper...

The U.S. government orders Anthropic to shut down foreign access to its Fable 5 and Mythos 5 AI models after the Pentagon labels the company a supply-chain risk.

David Shipley examines what may be  behind the decision and what it means for countries and businesses that depend on American AI platforms.

The FBI also disrupts Outsider Enterprise, a China-based phishing-as-a-service network linked to more than 9,000 fake websites, one million fraudulent URLs, 3.8 million stolen payment-card records and an estimated $1.9 billion in losses.

Also in this episode:

A critical Splunk vulnerability could allow an u...

Cybersecurity Today on the Weekend interviews the winning Canadian CyberTitan team ("S-ores"/a regex-based name) along with coach Phil, educator Tim, and CyberTitan manager Sheena to explain how CyberTitan (run by ICTC) connects to the international CyberPatriot program. They describe the competition mechanics—securing compromised Windows, Windows Server, and Linux virtual machines for points, plus Cisco Packet Tracer networking—and how Canadian teams compete through CyberPatriot before the top teams advance to a national CyberTitan final. Students Faye and Eric share why they joined, their learning "aha" moments in Windows tools and networking concepts, and the value of teamwork. The...

Anthropic is calling for governments to have the authority to stop deployment of advanced AI systems that pose unacceptable risks. CEO Dario Amodei points to the company's Mythos cybersecurity model as proof that AI has become a matter of national and strategic consequence, warning that cyber risks may soon be followed by biological and autonomy risks.

Meanwhile, security researcher Nightmare Eclipse has released RoguePlanet, a new Windows Defender zero-day that reportedly works against fully patched Windows 10 and Windows 11 systems. The disclosure comes shortly after Microsoft said it had no intention of pursuing action against security researchers, suggesting...

Instagram AI Support Hack Hits 20,225 Accounts; AI Worm 'Hades' Lies to Security Tools; Chrome Zero-Day Patch

Host David Shipley reports Meta says 20,225 Instagram accounts were hijacked after an AI support tool was tricked into sending reset links to attacker-controlled emails, with only MFA-protected accounts resisting. Step Security details a new Miasma-derived worm wave called Hades that targets config files for 14 AI coding tools, can inject instructions to hijack assistants, lies to AI security tools, and includes a "dead man switch" wipe if stolen GitHub tokens are revoked; Microsoft also removed some GitHub repos after 73 open-source projects were...

TClaude Outage Data Leak Fears, Microsoft GitHub Worm, IBM Hack Allegations, Meta AI Instagram Takeovers, and Canada's Bill C-8

David Shipley reports that Anthropic's Claude suffered a roughly two-hour outage affecting models including Opus, during which a user alleged receiving another customer's conversation; Anthropic says it has no evidence of a data leak and is investigating. A Team PCP self-spreading worm, Miasma, infected 73 Microsoft GitHub repositories across four accounts and now triggers via AI coding assistants when developers open cloned projects. A former IBM threat-intel executive, William Barlow, alleges IBM was hacked three times by foreign governments...

Host Jim Love and panelists David Shipley, Laura Payne, and Jeff Williams discuss a researcher ("Chaotic/Nightmare Eclipse") publicly disclosing multiple Windows zero-days affecting components including Defender and BitLocker, frustration with Microsoft's vulnerability disclosure process, and backlash to Microsoft's initially threatening tone before it was partially walked back; the panel debates responsible disclosure, the need for researcher support/organization, transparency vs liability, and how vulnerability reporting is straining under volume. They then examine a White House AI executive order focused on voluntary measures and 30-day model access, criticizing the lack of basic safety and cybersecurity protections amid FOMO about...

A newly disclosed attack called HTTP/2 Bomb can crash major web servers in seconds using a single computer and a modest internet connection. Researchers say the attack combines two known techniques into a powerful memory-exhaustion exploit affecting widely used platforms including Apache, NGINX, Microsoft IIS, and Envoy. The attack also highlights a growing trend in cybersecurity research: the use of artificial intelligence to uncover dangerous combinations of existing vulnerabilities.

The episode also examines President Trump's new executive order creating a voluntary framework for reviewing advanced AI models before public release. The administration says the goal is to...

Cybersecurity Today for June 2, 2026.

Microsoft has backed away from its hard-line stance against vulnerability researchers after widespread criticism from the security community. The dispute began after independent researcher Nightmare Eclipse published proof-of-concept code for unpatched Microsoft vulnerabilities, triggering a public debate over responsible disclosure, zero-days, and researcher relations.

Cybersecurity Today would like to thank Material Security for sponsoring this podcast. Material Security provides faster, more complete detection and response for email, identity, and data threats inside Google Workspace and Microsoft 365. You can contact them at material[dot]security.

Carnival Corporation disclosed a social-engineering...

Microsoft's dispute with a former security researcher takes a dramatic turn as the company raises the possibility of criminal action over the publication of proof-of-concept code for unpatched zero-day vulnerabilities. David Shipley examines the escalating conflict between Microsoft and "Nightmare Eclipse," the criticism from prominent security researchers including Kevin Beaumont and Katie Moussouris, and what the controversy could mean for the future of vulnerability disclosure.

Cybersecurity Today would like to thank Material Security for sponsoring this podcast. Material Security provides faster, more complete detection and response for email, identity, and data threats inside Google Workspace and Microsoft 365...

As concerns about artificial intelligence move from theory to reality, a growing public backlash is beginning to take shape.

In this episode of Project Synapse, Jim Love, Marcel Gagné, and John Pinard explore the rise of the AI "techlash" and the growing fears around job displacement, economic inequality, data centre expansion, and AI-driven cybersecurity risks.

The discussion covers warnings from AI researchers about workforce disruption, public resistance to AI adoption, the economics behind massive AI infrastructure investments, and emerging concerns around AI-powered vulnerability discovery and critical infrastructure security.

The panel also examines Canada's e...

Host David Shipley speaks with cybersecurity professional Cheryl Biswas about her journey into the industry and why she believes Arctic sovereignty must be viewed as a cybersecurity challenge as much as a geopolitical one.

Biswas traces her path from political science and a help desk role at CP Rail to cybersecurity, inspired by the discovery of the Stuxnet malware and the global security community that formed around it. She discusses her experiences speaking at BSides Las Vegas, attending DEF CON, helping build a major Canadian bank's threat intelligence program, and recently earning her Certified Information Systems Security...

CISA has ordered U.S. federal civilian agencies to urgently patch an actively exploited critical Drupal SQL injection vulnerability (CVE-2026-9082) affecting PostgreSQL-backed Drupal deployments, after Imperva reported more than 15,000 attack attempts across 65 countries. Microsoft has confirmed a strange Windows Server 2016 update issue where KB5087537 can break domain controller discovery when server hostnames are exactly 15 characters long, raising more questions about patch reliability as update complexity grows.

Google has joined a coalition opposing Canada's proposed lawful access legislation, Bill C-22, warning that secret ministerial orders, possible encryption risks, and mandatory metadata retention could weaken security rather than...

Is AI about to trigger a cybersecurity vulnerability explosion?

In this episode of Cybersecurity Today, David Shipley examines what some researchers are calling the early signs of a "vulnerability apocalypse" as Anthropic's Claude-powered Project Glasswing identifies thousands of potential software flaws at machine speed.

The episode breaks down the real numbers behind the hype: over 10,000 candidate vulnerabilities flagged, 1,726 confirmed high or critical findings, 97 patched issues, and the growing concern that AI-driven bug hunting could overwhelm already stretched security teams. One example: a critical WolfSSL certificate forgery vulnerability (CVE-2026-5194, CVSS 9.1).

Also in this...

The episode recounts how GitGuardian security researcher Guillaume Valadon, while monitoring public GitHub for leaked secrets, discovered a publicly accessible repository labeled "CISA-Private" containing highly sensitive CISA materials, including internal DHS/CISA credentials, cloud keys, tokens, plaintext passwords, logs, and files such as "Important AWS Tokens" and a CSV listing usernames and passwords for internal systems. Believing a contractor likely used GitHub to move work from a work device to a home device, Valadon escalated via responsible disclosure to CERT, then involved journalist Brian Krebs to reach CISA faster when the repo remained public. 

After additional outreach, t...

GitHub confirms a major supply chain breach after a malicious Visual Studio Code extension reportedly gave attackers linked to TeamPCP access to roughly 3,800 internal repositories. The bigger issue: developer workstations now hold some of the most sensitive secrets in modern software organizations.

Also today: Microsoft begins phasing out SMS-based authentication for personal accounts, calling text-message authentication a growing fraud risk as it shifts toward phishing-resistant passkeys. Researchers also disclose a nine-year-old Linux privilege escalation flaw, CVE-2026-46333, nicknamed SSH-Keysign-Pwn, which can allow root-level access with local machine access. And Proton publicly threatens to leave Canada rather than...

A serious new Windows 11 BitLocker vulnerability, open-sourced offensive malware tools, a suspected Iranian cyber campaign targeting U.S. fuel infrastructure, and malware that appears designed to interfere with nuclear weapons simulation systems.

 Cybersecurity Today would like to thank Material Security for sponsoring this podcast. Material Security provides faster, more complete detection and response for email, identity, and data threats inside Google Workspace and Microsoft 365. You can contact them at material[dot]security.

David Shipley breaks down four major cybersecurity stories on Cybersecurity Today. First, a newly disclosed zero-day dubbed YellowKey reportedly defeats default Windows 11 BitLocker pr...

A dangerous new Microsoft Exchange zero-day is being actively exploited, ransomware gangs are adopting nation-state-style tactics, two fired contractors were caught deleting U.S. government databases after accidentally recording themselves on Microsoft Teams, and Fortinet has patched critical remote code execution flaws.

In this episode of Cybersecurity Today, David Shipley breaks down four major cybersecurity stories that security teams need to know.

Cybersecurity Today would like to thank Material Security for supporting this podcast.  Material security provides. faster, more complete detection and response for email, identity, and data threats inside Google Workspace and Microsoft 365.  Contact th...

David Shipley interviews Jon Ferguson, VP at CIRA, about how the Canadian Internet Registration Authority evolved from early paper-based .ca registrations at UBC into a 142-person, member-based not-for-profit running .ca and authoritative Anycast DNS infrastructure now supporting 550+ TLDs globally. Ferguson explains how .ca's Canadian presence requirements help keep abuse rates low, and how CIRA reinvests surpluses into grants and cybersecurity tools, including Canadian Shield (DNS-based malware/phishing blocking and encrypted DNS with limited data retention) used by about 500,000 people and generating about 20 million blocks per month. They discuss CIRA's focus on municipalities, schools, hospitals, and universities, its move into...

Google Cloud customers are reporting shocking surprise bills after compromised or misused API keys were allegedly used to access expensive Gemini AI services. In one case, Rod Dinan says his monthly Google Cloud costs jumped from under $50 to nearly $8,000. Sydney developer Isuru Fonseka says he was hit despite setting spending controls, raising broader questions about API key security, client-side exposure, billing alerts, and how quickly attackers can exploit AI infrastructure.

Cybersecurity Today also covers prosecutors' allegations that two fired brothers sabotaged systems tied to government-related work after access wasn't revoked quickly enough, Santa Clara County's civil lawsuit...

Cybersecurity Today examines a troubling set of new security developments affecting schools, software supply chains, and account security.

Instructure says it reached an "agreement" with the ShinyHunters threat group after the massive Canvas breach that may have affected up to 275 million users across 9,000 educational institutions. Reports indicate attackers exploited multiple cross-site scripting (XSS) vulnerabilities to hijack administrator sessions and post extortion demands.

Checkmarx has been breached again. This time, attackers reportedly inserted a malicious Jenkins Application Security Testing (AST) plugin designed to steal credentials. The same threat actor, believed to be Team46/TeamTNT-linked infrastructure or...

A massive cybersecurity week.

On this episode of Cybersecurity Today, David Shipley breaks down the reported breach of Instructure's Canvas learning platform, where attacks linked to the ShinyHunters extortion group may have exposed data tied to up to 275 million user accounts across more than 9,000 educational institutions. The incident disrupted access, delayed exams, and forced Instructure to disable its "Free for Teacher" program after attackers allegedly used it to post extortion messages.

Also in this episode: the Gentlemen ransomware group suffers a major internal leak, exposing affiliate chats, tooling, victim data, and operational details — a rare lo...

This week's panel dives into the cybersecurity stories that matter most for security leaders, IT teams, and anyone watching how AI is changing risk.

Jim Love is joined by David Shipley (Beauceron Security), Laura Payne (White Tuque), and Jeff Williams (Contrast Security).

Cybersecurity Today would like to thank Material Security for supporting this podcast.  Material security provides. faster, more complete detection and response for email, identity, and data threats inside Google Workspace and Microsoft 365.  Contact them at  material[dot]security 

Topics include:

Anthropic's Mythos AI security research and whether large lang...

In this special edition of Cybersecurity Today, David Shipley speaks with scam-fighting expert Erin West about the global fraud crisis, the rise of AI-powered scams, and why traditional law enforcement may be falling behind.

Cybersecurity Today would like to thank Material Security for supporting this podcast.  Material security provides faster, more complete detection and response for email, identity, and data threats inside Google Workspace and Microsoft 365.  Contact them at  material[dot]security 

From David's discussion with Erin West:

The numbers are staggering.

The FBI's Internet Crime Complaint Center reported more than $21 bill...

QR-code phishing is no longer a niche attack. Microsoft says QR phishing attacks jumped from 7.6 million in January to 18.7 million in March 2026 — a 146% increase in just three months. In this episode of Cybersecurity Today, David Shipley explains why QR-based attacks are bypassing traditional corporate defences and why security teams need to rethink phishing awareness immediately.

We also cover a critical new Apache HTTP Server vulnerability with both denial-of-service and potential remote code execution impacts, a sustained DDoS and extortion campaign targeting Ubuntu developer Canonical, and a remarkable case in Taiwan where a university student allegedly used software-defined ra...

Microsoft Defender Deletes Trusted Certificates | 44,000 cPanel Servers Hit by Ransomware

Microsoft Defender mistakenly flagged legitimate DigiCert root certificates as malware and removed them from Windows systems, breaking trust chains and causing widespread application failures. The issue was traced to a faulty detection signature (Trojan:Win32/CertyAgent), now fixed in update version 1.449.430.0. 
At the same time, DigiCert confirmed a separate security incident where attackers compromised support systems and used internal tools to issue valid code-signing certificates. At least 60 certificates were revoked, including 27 linked to the Zong Stealer malware campaign. 

Meanwhile, a critical cPanel vulnerability (CV...

Connected cars are no longer just vehicles — they are rolling networks of sensors, cameras, microphones, and constant data transmission.

In this Cybersecurity Today Weekend Edition, David Shipley is joined by former CSIS intelligence officer Neil Bisson and cybersecurity expert Federico Simonetti to break down what that really means.

They explain how modern vehicles:

Continuously report location, behaviour, and system data to the cloud
Contain dozens of interconnected computers controlling everything from steering to braking
Can be vulnerable to man-in-the-middle attacks, remote access, and system compromise
May expose drivers to surveillance — not...

A U.S. federal investigation into WhatsApp encryption was shut down before reaching a conclusion — after an internal claim suggested Meta systems may access message content in ways that conflict with public descriptions.

In this episode of Cybersecurity Today, Jim Love breaks down what's known, what isn't, and why the story isn't going away.

Also in this episode:

A newly disclosed Linux vulnerability (CVE-2026-31431) allows an unprivileged local attacker to gain root permissions — using a flaw that may have existed since 2017
BlueKit, a new phishing toolkit, shows how AI is now bein...

A major open source Python tool was hijacked in a supply chain attack, exposing developer credentials, cloud secrets, and crypto wallets. Meanwhile, the FTC says Americans lost more than $2.1 billion to scams that began on social media, with Facebook leading reported losses.

Cybersecurity Today thanks Meter for supporting this podcast. Meter delivers a complete networking stack — wired, wireless, and cellular — in one integrated solution built for performance and scale. Learn more at Meter.com/cst.

Also in today's Cyber Security Today:

Brazilian hackers return with fake Minecraft cheat downloads carrying credential-stealing malware
A ne...

A rogue cyber weapon drove through Toronto blasting scam texts to thousands of phones. A major U.S. critical infrastructure provider confirms a cyberattack. And researchers reveal that Stuxnet may not have been the first cyber weapon after all.

In today's Cybersecurity Today with David Shipley:

• First known SMS blaster case in Canada uncovered in Toronto
• Itron, a major utility technology supplier, discloses cyber intrusion
• Researchers say a 2005 malware campaign predates Stuxnet
• Venezuela energy sector attack reveals destructive "Lotus Wiper" malware
• Why AI-powered attacks may change critical infrastructure risk forever

If you c...

  📍 again, we'd like to thank Meter for their support in bringing you this podcast Meter delivers full stack networking infrastructure, wired, wireless, and cellular to leading enterprises. Working with their partners, meter designs, deploys and manages everything required to get performant, reliable and secure connectivity in a space.

They design the hardware, the firmware, they build the software, they manage deployments, and they run support. It's a single integrated solution that scales from branch offices to warehouses and large campuses to data centers. Book a demo at meter.com/htt. That's METE r.com/htt. If you're aroun...

Inside the Vercel Breach: Highlighting OAuth Token Risk 

In a special edition of Cybersecurity Today, host Jim Love and guest Jamie Blasco (CTO, Nudge Security) discuss Vercel, a major developer hosting platform, and a breach tied to OAuth grants and shadow AI. Reporting shared by Contrast Security's David Lindner describes how a Context AI employee downloaded Roblox AutoFarm scripts, got infected with an info stealer, and attackers harvested credentials, compromised Context AI, then used an over-permissioned OAuth token from a Vercel employee who had signed up to Context AI with an enterprise account and clicked "allow all," w...

Vercel Supply-Chain Breach via AI Tool, Meta Sued Over Scam Ads, and Ransomware Surges with "The Gentleman"

David Shipley covers new details on the Vercel breach, which began when an employee used the third-party AI tool Context AI; after Context AI was breached, attackers leveraged Google OAuth access to pivot into Vercel systems and enumerate unencrypted "non-sensitive" environment variables that contained usable secrets, with a hacker claiming Vercel data and source code and demanding $2M, while Vercel says Next.js and other open-source projects are safe and shares Google OAuth indicators of compromise. The episode also discusses...

Microsoft Under Fire, NIST Scales Back NVD, FortiSandbox Critical Bugs, Vercel Breach Claims, Scattered Spider Member Pleads Guilty

Host David Shipley covers five major stories: researcher "Chaotic Eclipse" publicly released Windows exploits—first "Blue Hammer," then "Red Sun," a Microsoft Defender flaw enabling privilege escalation on fully patched Windows 10/11 and Server—amid claims Microsoft mistreated them, highlighting strain on responsible disclosure as vendors face mounting vulnerability volume and AI-driven bug discovery. NIST announced it can no longer fully enrich all CVEs in the National Vulnerability Database, prioritizing only exploited-in-the-wild issues, federal software, and critical software, leaving the rest...

Cybersecurity Today Month-in-Review: RSAC AI Hype, Agentic Risks, Mythos Claims, and Real-World Resilience

Jim Love hosts a delayed March month-in-review with panelists David Shipley and Laura Payne, starting with RSAC takeaways: agentic AI everywhere, heightened marketing spectacle, and industry tension as AI becomes the new "cool kid." They discuss the surge of autonomous agents, including OpenClaw-style experimentation leading to stolen tokens and the ease of social-engineering LLMs, plus legal and brand risks of chatbots after the Air Canada precedent. The panel debates Anthropic's source-code leak and "Mythos" messaging, while acknowledging AI tools are finding real zero-days amid...

WebEx SSO Vulnerability, booking.com Reservation Hijacking Risks, Windows Recall Scrutiny, and AI Vishing-as-a-Service

Host Jim Love reports that Cisco disclosed a critical WebEx vulnerability (CVE-2026-2184) affecting SSO integration with Control Hub; although server-side fixes are applied and no exploitation is seen, SSO customers must update SAML certificate configuration to avoid disruption when the old certificate expires, amid recent Cisco firewall zero-day exploitation (CVE-2026-2131) tied to interlock ransomware. A booking.com breach exposed some customers' reservation data (names, contact and address details, reservation details, and messages) but not payment cards, increasing phishing "reservation hijacking" risk...

Android Mirax RAT, North Korea's Friend-Request Hacks, Adobe PDF Zero-Day, and FBI Phishing Takedown | Cybersecurity Today

David Shipley covers multiple trust-based cyber threats: Mirax Android malware pushed via Meta ads posing as free streaming apps, functioning as a remote access trojan and turning infected phones into residential proxies, amid reports of widespread scam advertising on Meta platforms. Researchers link a North Korean APT37 campaign to Facebook friend requests that shift to Messenger and Telegram before delivering a tampered PDF viewer that installs Rock Rat and exfiltrates data via Zoho WorkDrive. Adobe issues an emergency patch for an...

Mythos Sparks Urgent Bank Meetings, AI Shrinks Exploit Windows, CEO Phishing Beats MFA + Crypto Fraud Bust

Cybersecurity Today  would like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking stack, wired, wireless and cellular in one integrated solution that's built for performance and scale.  You can find them at Meter.com/cst

Host David Shipley covers urgent meetings among U.S., Canadian, and U.K. financial leaders after Anthropic's Mythos announcement, with regulators and major banks assessing potential systemic risk; Mythos is described as capable of finding and ch...