Cybersecurity Today host David Shipley covers how a newly unsealed U.S. complaint tied an alleged Scattered Spider member to a luxury retailer intrusion using a persistent Windows device ID, with prosecutors alleging help-desk social engineering, admin account takeover, data exfiltration, and an $8 million ransom demand; the episode also notes additional Scattered Spider-related guilty pleas in the U.K. and U.S.
The show reports Google patched “Rogue Agent,” a Dialogflow CX permission-boundary issue involving Python code blocks in Cloud Run that could enable data theft or credential prompts across agents in a shared project.
It details “Janus Escape” (CVE-2026-53359), a 16-year-old Linux KVM use-after-free enabling guest-to-host escapes in cloud environments, patched in June.
The show explores Apple’s shift to out-of-band security updates due to AI-accelerated exploitation, and a multi-platform redirect phishing campaign using fake job interviews and browser-in-browser Google login prompts targeting marketers’ Google accounts.
00:00 Sponsor NordLayer
00:36 Headlines Intro
01:03 Scattered Spider Traced
03:16 More Spider Arrests
04:31 Google Rogue Agent
06:24 Linux Janus Escape
08:04 Apple Patching Shift
10:04 Marketer Phish Chain
12:17 Wrap Up Thanks
12:53 Sponsor Message
This article has been indexed from Cybersecurity Today
Read the original article: