Cybersecurity Today host David Shipley reports that the FTC says Americans lost $3.5 billion to imposter scams in 2025—nearly triple 2020—with social media tied to $2.1 billion in losses and total fraud reaching about $16 billion, while the FBI estimates…
Tag: Cybersecurity Today
Anthropic Models Blocked, FBI Takes Down $1.9B Phishing Network, Critical Splunk Flaw, and more
The U.S. government orders Anthropic to shut down foreign access to its Fable 5 and Mythos 5 AI models after the Pentagon labels the company a supply-chain risk. David Shipley examines what may be behind the decision and what it…
CyberTitan Champions: Inside Canada’s National High School Cybersecurity Competition (and CyberPatriot)
Cybersecurity Today on the Weekend interviews the winning Canadian CyberTitan team (“S-ores”/a regex-based name) along with coach Phil, educator Tim, and CyberTitan manager Sheena to explain how CyberTitan (run by ICTC) connects to the international CyberPatriot program. They describe the…
Anthropic Warns AI Risks Are Real, RoguePlanet Zero-Day Drops, Crypto Laundering Takedown
Anthropic is calling for governments to have the authority to stop deployment of advanced AI systems that pose unacceptable risks. CEO Dario Amodei points to the company’s Mythos cybersecurity model as proof that AI has become a matter of national…
AI Worms, Hacks, and Insurance Shifts
Instagram AI Support Hack Hits 20,225 Accounts; AI Worm ‘Hades’ Lies to Security Tools; Chrome Zero-Day Patch Host David Shipley reports Meta says 20,225 Instagram accounts were hijacked after an AI support tool was tricked into sending reset links to…
Claude Outage Data Leak, Microsoft GitHub Worm, IBM Hack, M Instagram Takeovers, Canada’s Bill C-8
TClaude Outage Data Leak Fears, Microsoft GitHub Worm, IBM Hack Allegations, Meta AI Instagram Takeovers, and Canada’s Bill C-8 David Shipley reports that Anthropic’s Claude suffered a roughly two-hour outage affecting models including Opus, during which a user alleged receiving…
Cybersecurity Today Month in Review: Microsoft Zero-Days, AI Deregulation
Host Jim Love and panelists David Shipley, Laura Payne, and Jeff Williams discuss a researcher (“Chaotic/Nightmare Eclipse”) publicly disclosing multiple Windows zero-days affecting components including Defender and BitLocker, frustration with Microsoft’s vulnerability disclosure process, and backlash to Microsoft’s initially threatening…
New HTTP/2 Bomb Attack, Trump’s AI Security Reviews, Android Zero-Day & The Patching Crisis
A newly disclosed attack called HTTP/2 Bomb can crash major web servers in seconds using a single computer and a modest internet connection. Researchers say the attack combines two known techniques into a powerful memory-exhaustion exploit affecting widely used platforms…
Carnival Data Breach Exposes Millions as Microsoft Backs Down on Researcher Threats
Cybersecurity Today for June 2, 2026. Microsoft has backed away from its hard-line stance against vulnerability researchers after widespread criticism from the security community. The dispute began after independent researcher Nightmare Eclipse published proof-of-concept code for unpatched Microsoft vulnerabilities, triggering…
Microsoft Threatens Security Researcher | Palo Alto VPN Exploited | Google Insider Trading Case
Microsoft’s dispute with a former security researcher takes a dramatic turn as the company raises the possibility of criminal action over the publication of proof-of-concept code for unpatched zero-day vulnerabilities. David Shipley examines the escalating conflict between Microsoft and “Nightmare…
Cybersecurity & Arctic Sovereignty: Protecting Canada’s Most Vulnerable Infrastructure Cheryl Biswas
Host David Shipley speaks with cybersecurity professional Cheryl Biswas about her journey into the industry and why she believes Arctic sovereignty must be viewed as a cybersecurity challenge as much as a geopolitical one. Biswas traces her path from political…
CISA Orders Emergency Drupal Patch | Microsoft Server Bug | Google Fights Canada Surveillance Bill
CISA has ordered U.S. federal civilian agencies to urgently patch an actively exploited critical Drupal SQL injection vulnerability (CVE-2026-9082) affecting PostgreSQL-backed Drupal deployments, after Imperva reported more than 15,000 attack attempts across 65 countries. Microsoft has confirmed a strange Windows…
AI Vulnerability Explosion, Kim Wolf Botnet Arrest, Ghost CMS Hack, Iran Cyber Espionage
Is AI about to trigger a cybersecurity vulnerability explosion? In this episode of Cybersecurity Today, David Shipley examines what some researchers are calling the early signs of a “vulnerability apocalypse” as Anthropic’s Claude-powered Project Glasswing identifies thousands of potential software…
Researcher Finds Public GitHub Repo Exposing Sensitive CISA Credentials
The episode recounts how GitGuardian security researcher Guillaume Valadon, while monitoring public GitHub for leaked secrets, discovered a publicly accessible repository labeled “CISA-Private” containing highly sensitive CISA materials, including internal DHS/CISA credentials, cloud keys, tokens, plaintext passwords, logs, and files…
GitHub Breach Exposes 3,800 Repos | Microsoft Kills SMS Authentication | Proton Fights Canada Bill
GitHub confirms a major supply chain breach after a malicious Visual Studio Code extension reportedly gave attackers linked to TeamPCP access to roughly 3,800 internal repositories. The bigger issue: developer workstations now hold some of the most sensitive secrets in…
Windows 11 BitLocker Zero-Day, TeamPCP Malware Leak, Iran Gas Station Hacks | Cybersecurity Today
A serious new Windows 11 BitLocker vulnerability, open-sourced offensive malware tools, a suspected Iranian cyber campaign targeting U.S. fuel infrastructure, and malware that appears designed to interfere with nuclear weapons simulation systems. Cybersecurity Today would like to thank Material Security…
Exchange Zero-Day Under Attack, Ransomware Gets Smarter, Fortinet Critical Flaws
A dangerous new Microsoft Exchange zero-day is being actively exploited, ransomware gangs are adopting nation-state-style tactics, two fired contractors were caught deleting U.S. government databases after accidentally recording themselves on Microsoft Teams, and Fortinet has patched critical remote code execution…
Inside CIRA: How Canada’s .ca Registry Became a Global DNS & Cybersecurity Force
David Shipley interviews Jon Ferguson, VP at CIRA, about how the Canadian Internet Registration Authority evolved from early paper-based .ca registrations at UBC into a 142-person, member-based not-for-profit running .ca and authoritative Anycast DNS infrastructure now supporting 550+ TLDs globally.…
How a Google API Key Became an $8,000 AI Bill, Meta Scam Ads Lawsuit, and 73-Second Cyber Attacks
Google Cloud customers are reporting shocking surprise bills after compromised or misused API keys were allegedly used to access expensive Gemini AI services. In one case, Rod Dinan says his monthly Google Cloud costs jumped from under $50 to nearly…
Canvas Breach ‘Deal’ With ShinyHunters, AI Zero-Day Warning, Checkmarx Hit Again
Cybersecurity Today examines a troubling set of new security developments affecting schools, software supply chains, and account security. Instructure says it reached an “agreement” with the ShinyHunters threat group after the massive Canvas breach that may have affected up to…