Cybersecurity Today

Jeff Gardner, former university CISO and doctoral researcher now at Morgan Stanley, argues cybersecurity has mistaken threat hunting for real risk management. He recounts a TLS epiphany, explains likelihood × impact, and shows simple five-point scales and prioritization. He also discusses training gaps, CISO burnout, and efforts to fold risk thinking into frameworks like NIST.

A takedown of an Iran-linked leak site tied to a major Stryker attack and mass device wipes. Guidance from CISA and Microsoft on hardening Intune, identity controls, and requiring multi-admin approval. Apple pushes urgent iPhone patches for actively exploited flaws. New research reveals North Korean operatives posing as remote IT workers to infiltrate Western firms.

A rundown of a phishing-led breach at a major medical device firm and why stolen credentials still cause big damage. Coverage of an 11-company pledge to share scam intel and rising AI-driven fraud estimates. A clever font/CSS trick that fools AI assistants gets tested and patched. Reports on Iran-linked cyberattacks, a massive Intune wipe claim, and hacked Denver crosswalk speakers due to default passwords.

A Canadian hacker allegedly tied to an online crime group was unmasked after a harassment campaign. Interpol’s six-month Operation Synergia disabled thousands of malicious IPs and led to dozens of arrests. A major corporate cyberattack reportedly exploited Intune to wipe devices, disrupting medical operations. Poland says it foiled a suspected hack on its nuclear research center with possible foreign links.

Krish Banerjee, Managing Director leading Data & AI for Accenture in Canada, offers practical AI leadership and transformation perspective. He covers Gemini in Workspace and how assistants like Copilot are converging. They dig into agent platforms, Nvidia’s enterprise push, why adoption lags capability, and ways to manage AI anxiety with training, guardrails, and task-focused redesign.

Researchers used an autonomous AI agent to chain exposed APIs and an SQL injection to access an internal chatbot database. A supply-chain campaign pushed 88 malicious NPM packages that download runtime loaders to steal developer keys. A study found most leaked passwords still meet complexity rules, underscoring credential-stuffing risk. Over 14,000 routers show persistent malware, and neural-network trojans hide backdoors triggered by specific inputs.

A breaking special on a massive Intune-based network wipe that crippled a global medical company. Coverage of a claimed Iran-linked retaliation and potential effects on hospitals and supply chains. Deep dives into cloud-management pitfalls, malvertising that targets developers, novel phishing using IPv6.ARPA, and archive tricks that evade antivirus.

A scam used Google ads and cloned install pages to trick developers into running malicious terminal commands. Attackers abused .arpa reverse DNS and IPv6 blocks to host stealthy phishing links. A ZIP header manipulation trick hides compressed malware from scanners. Pro-Iranian and pro-Russian hacktivists ramped up DDoS, defacements, breach claims, and disinformation targeting the region.

A rundown of a mass-market iOS exploit kit now used in crypto scams and wallet theft. An investigation into suspicious access to an FBI wiretap system and vendor exposure. A Windows Terminal abuse that drops a credential‑stealing Luma Stealer via encoded commands. Rising Iran-linked cyber campaigns, new backdoors, cloud exfiltration, and strikes that disrupted AWS data centers.

Chris "CJ" Johnson, MSP-focused cybersecurity practitioner and compliance lead; Neil Bisson, retired intelligence officer with national-security expertise; Laura Payne, pragmatic cybersecurity adviser for businesses; David Shipley, seasoned commentator on threats and geopolitics. They discuss Iran conflict spillover into cyber space. Topics include compromised IoT cameras, GPS/AIS spoofing, AI-enabled attack automation, risks to critical infrastructure, and practical resilience planning.