Cybersecurity Today

Mac malware called Infinity Stealer uses social‑engineering to harvest browser credentials, Keychain items, crypto wallets and developer secrets. A leaked iOS exploit kit named DarkSword is being used in targeted phishing to deliver mobile implants while Apple issues unusual on‑device warnings. A kernel BPFdoor persists inside global telecom infrastructure. A PyPI supply‑chain compromise uses WAV steganography to exfiltrate secrets and target Kubernetes.

Bill O'Connell, Commvault Chief Security Officer with decades in security, talks backup, resilience, and ResOps. He and the hosts discuss agentic AI takeover, AI-driven funding and hiring shifts, and how AI empowers attackers. They also cover translating risk for leaders and why recovery planning and practicing restores matter more than prevention alone.

A major tip-submission system reportedly exposed millions of sensitive records and features that could compromise promised anonymity. Google warns quantum computers might break current encryption by 2029, raising urgent risks of archived data being decrypted later. The show also explores AI supply-chain threats from poisoned documentation and upcoming Copilot training policy changes that affect data governance.

A debate over retiring the overused APT label in favor of describing actors by motivation and activity. Trade show trends from RSAC, including fading zero trust talk and a surge in agentic AI hype. The FCC's move to block new non-US-made Wi Fi routers and its supply chain rationale. Reports of public Zoom calls being scraped into AI‑generated podcasts. A Kubernetes supply chain campaign deploying an Iran‑targeting wiper. Treasury weighing cyber terrorism insurance changes.

Allegations that a compliance startup produced fabricated audit evidence and exposed sensitive data. A popular security scanner briefly shipped a backdoored release that stole cloud credentials and keys. U.S. agencies warn of social‑engineering attacks that hijack Signal and WhatsApp via malicious QR codes and verification tricks. An Iran‑linked cyberattack disrupted medical implant logistics and delayed surgeries.

Jeff Gardner, former university CISO and doctoral researcher now at Morgan Stanley, argues cybersecurity has mistaken threat hunting for real risk management. He recounts a TLS epiphany, explains likelihood × impact, and shows simple five-point scales and prioritization. He also discusses training gaps, CISO burnout, and efforts to fold risk thinking into frameworks like NIST.

A takedown of an Iran-linked leak site tied to a major Stryker attack and mass device wipes. Guidance from CISA and Microsoft on hardening Intune, identity controls, and requiring multi-admin approval. Apple pushes urgent iPhone patches for actively exploited flaws. New research reveals North Korean operatives posing as remote IT workers to infiltrate Western firms.

A rundown of a phishing-led breach at a major medical device firm and why stolen credentials still cause big damage. Coverage of an 11-company pledge to share scam intel and rising AI-driven fraud estimates. A clever font/CSS trick that fools AI assistants gets tested and patched. Reports on Iran-linked cyberattacks, a massive Intune wipe claim, and hacked Denver crosswalk speakers due to default passwords.

A Canadian hacker allegedly tied to an online crime group was unmasked after a harassment campaign. Interpol’s six-month Operation Synergia disabled thousands of malicious IPs and led to dozens of arrests. A major corporate cyberattack reportedly exploited Intune to wipe devices, disrupting medical operations. Poland says it foiled a suspected hack on its nuclear research center with possible foreign links.

Krish Banerjee, Managing Director leading Data & AI for Accenture in Canada, offers practical AI leadership and transformation perspective. He covers Gemini in Workspace and how assistants like Copilot are converging. They dig into agent platforms, Nvidia’s enterprise push, why adoption lags capability, and ways to manage AI anxiety with training, guardrails, and task-focused redesign.