Host David Shipley speaks with cybersecurity professional Cheryl Biswas about her journey into the industry and why she believes Arctic sovereignty must be viewed as a cybersecurity challenge as much as a geopolitical one. Biswas traces her path from political science and a help desk role at CP Rail to cybersecurity, inspired by the discovery of the Stuxnet malware and the global security community that formed around it. She discusses her experiences speaking at BSides Las Vegas, attending DEF C...
May 29, 2026•30 min
CISA has ordered U.S. federal civilian agencies to urgently patch an actively exploited critical Drupal SQL injection vulnerability (CVE-2026-9082) affecting PostgreSQL-backed Drupal deployments, after Imperva reported more than 15,000 attack attempts across 65 countries. Microsoft has confirmed a strange Windows Server 2016 update issue where KB5087537 can break domain controller discovery when server hostnames are exactly 15 characters long, raising more questions about patch reliability as up...
May 27, 2026•11 min
Is AI about to trigger a cybersecurity vulnerability explosion? In this episode of Cybersecurity Today, David Shipley examines what some researchers are calling the early signs of a "vulnerability apocalypse" as Anthropic's Claude-powered Project Glasswing identifies thousands of potential software flaws at machine speed. The episode breaks down the real numbers behind the hype: over 10,000 candidate vulnerabilities flagged, 1,726 confirmed high or critical findings, 97 patched issues, and the g...
May 25, 2026•13 min
The episode recounts how GitGuardian security researcher Guillaume Valadon, while monitoring public GitHub for leaked secrets, discovered a publicly accessible repository labeled "CISA-Private" containing highly sensitive CISA materials, including internal DHS/CISA credentials, cloud keys, tokens, plaintext passwords, logs, and files such as "Important AWS Tokens" and a CSV listing usernames and passwords for internal systems. Believing a contractor likely used GitHub to move work from a work de...
May 23, 2026•27 min
GitHub confirms a major supply chain breach after a malicious Visual Studio Code extension reportedly gave attackers linked to TeamPCP access to roughly 3,800 internal repositories. The bigger issue: developer workstations now hold some of the most sensitive secrets in modern software organizations. Also today: Microsoft begins phasing out SMS-based authentication for personal accounts, calling text-message authentication a growing fraud risk as it shifts toward phishing-resistant passkeys. Rese...
May 22, 2026•9 min
A serious new Windows 11 BitLocker vulnerability, open-sourced offensive malware tools, a suspected Iranian cyber campaign targeting U.S. fuel infrastructure, and malware that appears designed to interfere with nuclear weapons simulation systems. Cybersecurity Today would like to thank Material Security for sponsoring this podcast. Material Security provides faster, more complete detection and response for email, identity, and data threats inside Google Workspace and Microsoft 365. You can conta...
May 20, 2026•13 min
A dangerous new Microsoft Exchange zero-day is being actively exploited, ransomware gangs are adopting nation-state-style tactics, two fired contractors were caught deleting U.S. government databases after accidentally recording themselves on Microsoft Teams, and Fortinet has patched critical remote code execution flaws. In this episode of Cybersecurity Today, David Shipley breaks down four major cybersecurity stories that security teams need to know. Cybersecurity Today would like to thank Mate...
May 19, 2026•13 min
David Shipley interviews Jon Ferguson, VP at CIRA, about how the Canadian Internet Registration Authority evolved from early paper-based .ca registrations at UBC into a 142-person, member-based not-for-profit running .ca and authoritative Anycast DNS infrastructure now supporting 550+ TLDs globally. Ferguson explains how .ca's Canadian presence requirements help keep abuse rates low, and how CIRA reinvests surpluses into grants and cybersecurity tools, including Canadian Shield (DNS-based malwar...
May 16, 2026•53 min
Google Cloud customers are reporting shocking surprise bills after compromised or misused API keys were allegedly used to access expensive Gemini AI services. In one case, Rod Dinan says his monthly Google Cloud costs jumped from under $50 to nearly $8,000. Sydney developer Isuru Fonseka says he was hit despite setting spending controls, raising broader questions about API key security, client-side exposure, billing alerts, and how quickly attackers can exploit AI infrastructure. Cybersecurity T...
May 15, 2026•10 min
Cybersecurity Today examines a troubling set of new security developments affecting schools, software supply chains, and account security. Instructure says it reached an "agreement" with the ShinyHunters threat group after the massive Canvas breach that may have affected up to 275 million users across 9,000 educational institutions. Reports indicate attackers exploited multiple cross-site scripting (XSS) vulnerabilities to hijack administrator sessions and post extortion demands. Checkmarx has b...
May 13, 2026•16 min
A massive cybersecurity week. On this episode of Cybersecurity Today, David Shipley breaks down the reported breach of Instructure's Canvas learning platform, where attacks linked to the ShinyHunters extortion group may have exposed data tied to up to 275 million user accounts across more than 9,000 educational institutions. The incident disrupted access, delayed exams, and forced Instructure to disable its "Free for Teacher" program after attackers allegedly used it to post extortion messages. ...
May 11, 2026•17 min
This week's panel dives into the cybersecurity stories that matter most for security leaders, IT teams, and anyone watching how AI is changing risk. Jim Love is joined by David Shipley (Beauceron Security), Laura Payne (White Tuque), and Jeff Williams (Contrast Security). Cybersecurity Today would like to thank Material Security for supporting this podcast. Material security provides. faster, more complete detection and response for email, identity, and data threats inside Google Workspace and M...
May 09, 2026•58 min
In this special edition of Cybersecurity Today, David Shipley speaks with scam-fighting expert Erin West about the global fraud crisis, the rise of AI-powered scams, and why traditional law enforcement may be falling behind. Cybersecurity Today would like to thank Material Security for supporting this podcast. Material security provides faster, more complete detection and response for email, identity, and data threats inside Google Workspace and Microsoft 365. Contact them at material[dot]securi...
May 08, 2026•26 min
QR-code phishing is no longer a niche attack. Microsoft says QR phishing attacks jumped from 7.6 million in January to 18.7 million in March 2026 — a 146% increase in just three months. In this episode of Cybersecurity Today, David Shipley explains why QR-based attacks are bypassing traditional corporate defences and why security teams need to rethink phishing awareness immediately. We also cover a critical new Apache HTTP Server vulnerability with both denial-of-service and potential remote cod...
May 06, 2026•20 min
Microsoft Defender Deletes Trusted Certificates | 44,000 cPanel Servers Hit by Ransomware Microsoft Defender mistakenly flagged legitimate DigiCert root certificates as malware and removed them from Windows systems, breaking trust chains and causing widespread application failures. The issue was traced to a faulty detection signature (Trojan:Win32/CertyAgent), now fixed in update version 1.449.430.0. At the same time, DigiCert confirmed a separate security incident where attackers compromised su...
May 04, 2026•14 min
Connected cars are no longer just vehicles — they are rolling networks of sensors, cameras, microphones, and constant data transmission. In this Cybersecurity Today Weekend Edition, David Shipley is joined by former CSIS intelligence officer Neil Bisson and cybersecurity expert Federico Simonetti to break down what that really means. They explain how modern vehicles: Continuously report location, behaviour, and system data to the cloud Contain dozens of interconnected computers controlling every...
May 02, 2026•45 min
A U.S. federal investigation into WhatsApp encryption was shut down before reaching a conclusion — after an internal claim suggested Meta systems may access message content in ways that conflict with public descriptions. In this episode of Cybersecurity Today, Jim Love breaks down what's known, what isn't, and why the story isn't going away. Also in this episode: A newly disclosed Linux vulnerability (CVE-2026-31431) allows an unprivileged local attacker to gain root permissions — using a flaw t...
May 01, 2026•10 min
A major open source Python tool was hijacked in a supply chain attack, exposing developer credentials, cloud secrets, and crypto wallets. Meanwhile, the FTC says Americans lost more than $2.1 billion to scams that began on social media, with Facebook leading reported losses. Cybersecurity Today thanks Meter for supporting this podcast. Meter delivers a complete networking stack — wired, wireless, and cellular — in one integrated solution built for performance and scale. Learn more at Meter.com/c...
Apr 29, 2026•12 min
A rogue cyber weapon drove through Toronto blasting scam texts to thousands of phones. A major U.S. critical infrastructure provider confirms a cyberattack. And researchers reveal that Stuxnet may not have been the first cyber weapon after all. In today's Cybersecurity Today with David Shipley: • First known SMS blaster case in Canada uncovered in Toronto • Itron, a major utility technology supplier, discloses cyber intrusion • Researchers say a 2005 malware campaign predates Stuxnet • Venezuela...
Apr 27, 2026•16 min
📍 again, we'd like to thank Meter for their support in bringing you this podcast Meter delivers full stack networking infrastructure, wired, wireless, and cellular to leading enterprises. Working with their partners, meter designs, deploys and manages everything required to get performant, reliable and secure connectivity in a space. They design the hardware, the firmware, they build the software, they manage deployments, and they run support. It's a single integrated solution that scales from ...
Apr 25, 2026•1 hr 10 min
Inside the Vercel Breach: Highlighting OAuth Token Risk In a special edition of Cybersecurity Today, host Jim Love and guest Jamie Blasco (CTO, Nudge Security) discuss Vercel, a major developer hosting platform, and a breach tied to OAuth grants and shadow AI. Reporting shared by Contrast Security's David Lindner describes how a Context AI employee downloaded Roblox AutoFarm scripts, got infected with an info stealer, and attackers harvested credentials, compromised Context AI, then used an over...
Apr 24, 2026•18 min
Vercel Supply-Chain Breach via AI Tool, Meta Sued Over Scam Ads, and Ransomware Surges with "The Gentleman" David Shipley covers new details on the Vercel breach, which began when an employee used the third-party AI tool Context AI; after Context AI was breached, attackers leveraged Google OAuth access to pivot into Vercel systems and enumerate unencrypted "non-sensitive" environment variables that contained usable secrets, with a hacker claiming Vercel data and source code and demanding $2M, wh...
Apr 22, 2026•11 min
Microsoft Under Fire, NIST Scales Back NVD, FortiSandbox Critical Bugs, Vercel Breach Claims, Scattered Spider Member Pleads Guilty Host David Shipley covers five major stories: researcher "Chaotic Eclipse" publicly released Windows exploits—first "Blue Hammer," then "Red Sun," a Microsoft Defender flaw enabling privilege escalation on fully patched Windows 10/11 and Server—amid claims Microsoft mistreated them, highlighting strain on responsible disclosure as vendors face mounting vulnerability...
Apr 20, 2026•21 min
Cybersecurity Today Month-in-Review: RSAC AI Hype, Agentic Risks, Mythos Claims, and Real-World Resilience Jim Love hosts a delayed March month-in-review with panelists David Shipley and Laura Payne, starting with RSAC takeaways: agentic AI everywhere, heightened marketing spectacle, and industry tension as AI becomes the new "cool kid." They discuss the surge of autonomous agents, including OpenClaw-style experimentation leading to stolen tokens and the ease of social-engineering LLMs, plus leg...
Apr 18, 2026•1 hr 2 min
WebEx SSO Vulnerability, booking.com Reservation Hijacking Risks, Windows Recall Scrutiny, and AI Vishing-as-a-Service Host Jim Love reports that Cisco disclosed a critical WebEx vulnerability (CVE-2026-2184) affecting SSO integration with Control Hub; although server-side fixes are applied and no exploitation is seen, SSO customers must update SAML certificate configuration to avoid disruption when the old certificate expires, amid recent Cisco firewall zero-day exploitation (CVE-2026-2131) tie...
Apr 17, 2026•13 min
Android Mirax RAT, North Korea's Friend-Request Hacks, Adobe PDF Zero-Day, and FBI Phishing Takedown | Cybersecurity Today David Shipley covers multiple trust-based cyber threats: Mirax Android malware pushed via Meta ads posing as free streaming apps, functioning as a remote access trojan and turning infected phones into residential proxies, amid reports of widespread scam advertising on Meta platforms. Researchers link a North Korean APT37 campaign to Facebook friend requests that shift to Mes...
Apr 15, 2026•20 min
Mythos Sparks Urgent Bank Meetings, AI Shrinks Exploit Windows, CEO Phishing Beats MFA + Crypto Fraud Bust Cybersecurity Today would like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking stack, wired, wireless and cellular in one integrated solution that's built for performance and scale. You can find them at Meter.com/cst Host David Shipley covers urgent meetings among U.S., Canadian, and U.K. financial leaders after Anthropic's Mythos announce...
Apr 13, 2026•19 min
AI-Powered AppSec, OWASP Origins, and Anthropic's "Mythos" Model: Jeff Williams on What Changes Next Cybersecurity Today would like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking stack, wired, wireless and cellular in one integrated solution that's built for performance and scale. You can find them at Meter.com/cst Jim hosts Jeff Williams (Contrast Security co-founder/CTO and former OWASP global chair) for a wide-ranging discussion that begins...
Apr 11, 2026•36 min
Fortinet EMS Zero-Day Exploited, Anthropic's AI Finds Thousands of Bugs, and Iranian Hackers Target US ICS Cybersecurity Today would like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking stack, wired, wireless and cellular in one integrated solution that's built for performance and scale. You can find them at Meter.com/cst Host David Shipley reports Fortinet issued emergency hotfixes for a new actively exploited FortiClient EMS unauthenticated R...
Apr 09, 2026•16 min
Host David Shiple covers major cybersecurity news: investigators attribute a record $285 million April 1 hack of crypto platform Drift Protocol to North Korea, describing a three-week setup involving a fake "Carbon Vote Token," wash trading to inflate value, social engineering to pre-approve backdoored transactions, Drift's removal of a timelock, and rapid collateralized withdrawals that crashed Drift's token and are now tracked by TRM Labs; the report notes North Korea's 2025 crypto theft total...
Apr 07, 2026•16 min
