Cybersecurity Today

A deep dive into info-stealer malware that lifted tokens, cryptographic keys, and a revealing soul.md file from OpenClaw devices. A hobbyist AI project accidentally exposed 7,000 robot vacuums worldwide, including live cameras and floor plans. Two Best Buy fraud cases show why Zero Trust needs behavioral and contextual checks. A supplier breach leaked hundreds of thousands of customer records, highlighting supply-chain risk.

This episode covers multiple active threats and security changes. It warns of an actively exploited critical BeyondTrust remote access vulnerability (CVE-2026-1731, CVSS 9.9) enabling pre-authentication remote code execution in Remote Support and Privileged Remote Access, noting SaaS was patched while on-prem deployments require urgent manual updates and may already be compromised. Microsoft details an evolution of the ClickFix social engineering technique where victims are tricked into running NSLookup commands that use attacker-controlled DNS responses as a malware staging channel, leading to payload delivery (including a Python-based RAT) and persistence via startup shortcuts, alongside increased Lumma Stealer activity. Cybersecurity Today would like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking stack, wired, wireless and cellular in one integrated solution that's built for performance and scale. You can find them at Meter.com/cst Researchers also report Mac-focused campaigns abusing AI-generated content and malicious search ads to push copy-paste terminal commands that install an info stealer (MaxSync) targeting Keychain, browsers, and crypto wallets. T The show describes fake recruiter campaigns targeting developers with coding tests containing malicious dependencies on repositories like NPM and PyPI, linked to the "Gala" operation and nearly 200 packages. Finally, it reviews NPM's authentication overhaul after a supply-chain worm incident—revoking classic long-lived tokens, moving to short-lived session credentials, encouraging MFA and OIDC trusted publishing—while noting remaining risks such as MFA phishing, non-mandatory MFA for unpublish, and the continued ability to create long-lived tokens. 00:00 Sponsor: Meter + Today's Cybersecurity Headlines 00:48 Urgent Patch: BeyondTrust Remote Access RCE (CVE-2026-1731) Actively Exploited 02:45 ClickFix Evolves: DNS Lookups (nslookup) Used as Malware Staging 04:34 Mac Malware via AI Search Results: Fake Terminal Commands Deliver Info-Stealer 06:08 Fake Recruiters, Real Malware: Coding Tests Poison Dev Environments 07:19 NPM Security Overhaul After Supply-Chain Worm—What's Better, What Still Risks 09:11 Wrap-Up, Thanks, and Sponsor Message

This special Valentine's Day episode of Cybersecurity Today examines romance scams (often called pig butchering) and how fraudsters exploit trust, vulnerability, and loneliness. Host Jim Love speaks with McAfee Head of Threat Research Abhishek Karnik about new findings showing the scale and demographics of these scams, including widespread encounters with fake or AI-generated profiles, frequent financial solicitations, and that men are also heavily impacted. Cybersecurity Today would like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking stack, wired, wireless and cellular in one integrated solution that's built for performance and scale. You can find them at Meter.com/cst The episode features survivor Beth Highland's detailed account of being manipulated via Tinder through long-term messaging, an AI video call, forged documents, and a crypto payout scheme that led her to send about $26,000 via Bitcoin ATMs before her financial advisor—trained in romance fraud—helped her recognize the scam and stop further losses, including a demanded $50,000 "activation fee." Beth discusses emotional aftereffects, stigma, reporting, red flags, and her book, "Diary of a Romance Scam: When Swiping Right Goes Wrong," along with her advocacy work. The conversation broadens to the role of AI in making scams more realistic (deepfakes, voice/video, document generation), the importance of privacy and not overposting, involving trusted family/advisors, institutional training and intervention points along the fraud "kill chain," and using technology and education to detect and reduce scams. LINKS Beth Hyland's Book - Diary of a Romance Scam: When Swiping Right Goes Wrong https://www.amazon.com/Diary-Romance-Scam-Swiping-Right/dp/1662962843 00:00 Sponsor: Meter's all-in-one networking stack 00:18 Valentine's Day on the dark side: heartbreak meets cybercrime 02:15 Romance scams ("pig butchering") are everywhere—who gets targeted 04:15 McAfee research: fake profiles, AI, and the real victim demographics 07:07 How scammers hook you: profiling, psychology, and long-game manipulation 09:01 Beth's story begins: post-divorce, isolation, and trying Tinder 10:36 The perfect match: mirroring, fast intimacy, and early red flags 14:32 AI video call + the push-pull breakup: emotional control tactics 17:09 The money trap: Qatar story, bank access, and Bitcoin ATM payments 23:34 The $50K "activation fee" and the wake-up call from a financial advisor 26:25 Cutting him off—and getting pulled back in by guilt and gaslighting 30:18 How to help victims: listening, tools, and where to get support 33:17 Turning pain into purpose: Beth's book and grieving a romance scam 34:47 Turning Pain Into Purpose: Supporting Romance-Scam Survivors 35:56 Stop Blaming Victims: Changing the Language Around Scams 38:38 "It Can Happen to Anybody": Why Smart People Get Hooked 40:58 Social Engineering 101: How Scams Exploit Different Emotions 42:14 Why McAfee Is Focusing on Consumer Scams (and the AI Factor) 45:43 AI Deepfakes & Low-Cost Tools: The New Scam Industrialization 49:19 Oversharing, Spearphishing & Replay Attacks: How Victims Get Retargeted 53:24 Practical Red Flags: Meeting in Person, Isolation Tactics, Family Checks 57:08 Training the "Kill Chain": Banks, Cashiers, Advisors & Early Intervention 01:00:33 Tech Fighting Tech: Detection, Identity Protection & Digital Assistants 01:02:57 What's Next: Agentic AI, Bigger Attack Surfaces & Trust-and-Safety by Design 01:08:03 Wrap-Up: Start the Conversation, Resources, and Final Thanks

This special Valentine's Day episode of Cybersecurity Today examines romance scams (often called pig butchering) and how fraudsters exploit trust, vulnerability, and loneliness. Host Jim Love speaks with McAfee Head of Threat Research Abhishek Karnik about new findings showing the scale and demographics of these scams, including widespread encounters with fake or AI-generated profiles, frequent financial solicitations, and that men are also heavily impacted. Cybersecurity Today would like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking stack, wired, wireless and cellular in one integrated solution that's built for performance and scale. You can find them at Meter.com/cst The episode features survivor Beth Highland's detailed account of being manipulated via Tinder through long-term messaging, an AI video call, forged documents, and a crypto payout scheme that led her to send about $26,000 via Bitcoin ATMs before her financial advisor—trained in romance fraud—helped her recognize the scam and stop further losses, including a demanded $50,000 "activation fee." Beth discusses emotional aftereffects, stigma, reporting, red flags, and her book, "Diary of a Romance Scam: When Swiping Right Goes Wrong," along with her advocacy work. The conversation broadens to the role of AI in making scams more realistic (deepfakes, voice/video, document generation), the importance of privacy and not overposting, involving trusted family/advisors, institutional training and intervention points along the fraud "kill chain," and using technology and education to detect and reduce scams. LINKS Beth Hyland's Book - Diary of a Romance Scam: When Swiping Right Goes Wrong https://www.amazon.com/Diary-Romance-Scam-Swiping-Right/dp/1662962843 00:00 Sponsor: Meter's all-in-one networking stack 00:18 Valentine's Day on the dark side: heartbreak meets cybercrime 02:15 Romance scams ("pig butchering") are everywhere—who gets targeted 04:15 McAfee research: fake profiles, AI, and the real victim demographics 07:07 How scammers hook you: profiling, psychology, and long-game manipulation 09:01 Beth's story begins: post-divorce, isolation, and trying Tinder 10:36 The perfect match: mirroring, fast intimacy, and early red flags 14:32 AI video call + the push-pull breakup: emotional control tactics 17:09 The money trap: Qatar story, bank access, and Bitcoin ATM payments 23:34 The $50K "activation fee" and the wake-up call from a financial advisor 26:25 Cutting him off—and getting pulled back in by guilt and gaslighting 30:18 How to help victims: listening, tools, and where to get support 33:17 Turning pain into purpose: Beth's book and grieving a romance scam 34:47 Turning Pain Into Purpose: Supporting Romance-Scam Survivors 35:56 Stop Blaming Victims: Changing the Language Around Scams 38:38 "It Can Happen to Anybody": Why Smart People Get Hooked 40:58 Social Engineering 101: How Scams Exploit Different Emotions 42:14 Why McAfee Is Focusing on Consumer Scams (and the AI Factor) 45:43 AI Deepfakes & Low-Cost Tools: The New Scam Industrialization 49:19 Oversharing, Spearphishing & Replay Attacks: How Victims Get Retargeted 53:24 Practical Red Flags: Meeting in Person, Isolation Tactics, Family Checks 57:08 Training the "Kill Chain": Banks, Cashiers, Advisors & Early Intervention 01:00:33 Tech Fighting Tech: Detection, Identity Protection & Digital Assistants 01:02:57 What's Next: Agentic AI, Bigger Attack Surfaces & Trust-and-Safety by Design 01:08:03 Wrap-Up: Start the Conversation, Resources, and Final Thanks

In this episode of Cybersecurity Today with host Jim Love, we discuss six critical exploited Microsoft vulnerabilities, new phishing tactics using your own servers, and a zero-click vulnerability in Claude's code desktop extensions. We also explore trends in modern romance scams highlighting the younger, tech-savvy adult targets. Tune in for expert insights and practical tips to stay secure. Special thanks to Meter for their support. Hashtag Trending would like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking stack, wired, wireless and cellular in one integrated solution that's built for performance and scale. You can find them at Meter.com/htt 00:00 Introduction and Sponsor Message 00:45 Microsoft Vulnerabilities: A Growing Concern 02:38 Phishing Attacks Using Your Own Servers 04:16 Zero-Click Vulnerability in Claude AI 06:25 Romance Scams: Not Just Targeting the Elderly 09:14 Conclusion and Weekend Edition Teaser

Discussion of unsupported internet-facing edge devices as growing global vulnerabilities after a Poland energy sector incident. Coverage of CISA directives to inventory, update, or remove those devices. Talk about Microsoft Exchange misclassifying legitimate mail as phishing. Google's push to begin migrating to post-quantum cryptography. Ongoing exposures tied to the OpenClaw security incident.

In today's episode of Cybersecurity Today, host David Shipley discusses the latest developments and challenges in cybersecurity, including integrating AI into various systems, the rise of AI-driven security flaws, and the violent turn of cryptocurrency crime. The episode highlights a partnership between Open Claw and VirusTotal to scan AI skills for malware, the success of Anthropic's AI in identifying security vulnerabilities, and a violent home invasion linked to cryptocurrency theft. Additionally, the show covers the RCMP's first terrorism-related peace bond for a minor, and New York's proposed moratorium on data center development amidst growing concerns over environmental and economic impacts. Cybersecurity Today would like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking stack, wired, wireless and cellular in one integrated solution that's built for performance and scale. You can find them at Meter.com/cst 00:00 Introduction and Sponsor Message 00:18 AI Agents and Security Challenges 00:49 Open Claw and Virus Total Partnership 05:29 AI in Vulnerability Research 08:00 Cryptocurrency Crime Turns Violent 10:19 Youth Radicalization and Terrorism 12:16 Data Center Moratorium and Energy Policy 13:56 Conclusion and Thank You

Welcome to Cybersecurity Today's Month In Review Join host Jim Love, alongside cybersecurity experts David Shipley, Laura Payne, and Mike Puglia, as they dive into last month's major topics in the cybersecurity world. This episode covers ongoing issues with Microsoft patches, continuous security concerns with Fortinet, and the risks and ramifications of AI activities. They also discuss the implications of poor software quality and the persistent threats in the cyber world. Plus, hear the latest on Mage Cart scams and the debate over local admin rights. Don't miss this packed episode full of insights and expert analysis. Cybersecurity Today would like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking stack, wired, wireless and cellular in one integrated solution that's built for performance and scale. You can find them at Meter.com/cst 00:00 Introduction and Sponsor Message 00:41 Podcast Achievements and Audience Appreciation 01:36 Introducing the Panel 02:15 Discussion on Microsoft's Patch Issues 04:50 Software Quality and Development Practices 08:43 Challenges in Software Patching and Security 17:36 Fortinet's Continuous Security Issues 29:18 The Rise of Claude Bot and Agent Networks 31:37 Security Concerns and Vulnerabilities 33:34 The Real-World Impact of Cybersecurity Threats 37:34 The Global Cybercrime Landscape 39:37 Challenges and Future of Cybersecurity 50:02 Final Thoughts and Reflections

In this episode of Cybersecurity Today, host Jim Love discusses the latest advancements in AI-driven cyber attacks and their implications for security infrastructure. The episode covers a variety of topics, including the vulnerabilities in OpenClaw Marketplace, a rapid AI-assisted AWS attack, and data breaches linked to the Shiny Hunters group targeting Harvard and the University of Pennsylvania. From discussing the porous architecture of AI agents to exploring how attackers exploited AWS credentials in unsecured S3 buckets, this episode sheds light on the accelerated risks posed by AI in cybersecurity. Additionally, Jim Love speaks about the critical need for proactive measures and the inadequacies in current security frameworks. Hashtag Trending would like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking stack, wired, wireless and cellular in one integrated solution that's built for performance and scale. You can find them at Meter.com/htt 00:00 Introduction and Sponsor Message 00:20 Open Clause Marketplace and AI Threats 00:46 AI Agents and Security Risks 01:09 OpenClaw's Vulnerabilities 02:06 Malicious Skills in OpenClaw 03:37 Strategies for CIOs 04:38 AWS Breach Accelerated by AI 08:27 Shiny Hunters and University Data Breaches 10:48 Conclusion and Sponsor Message

A rundown of a widespread Fortinet authentication bypass impacting millions of devices and how attackers maintain persistent access. A critical flaw in Docker's AI assistant that let image metadata trigger hidden actions and possible remote code execution. A stealthy Android malware campaign using Hugging Face to deliver remote access trojans and evade app-store checks.