Cybersecurity Today

Fortinet EMS Zero-Day Exploited, Anthropic's AI Finds Thousands of Bugs, and Iranian Hackers Target US ICS
Cybersecurity Today  would like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking stack, wired, wireless and cellular in one integrated solution that's built for performance and scale.  You can find them at Meter.com/cst
Host David Shipley reports Fortinet issued emergency hotfixes for a new actively exploited FortiClient EMS unauthenticated RCE zero-day (CVE-2026-35616) affecting 7.4.0.5/7.4.0.6, with over 2,000 exposed instances online and a full fix coming in 7.4.0.7. Anthropic says its Claude "Mythos" model (Project Glasswing) has found thousands of high-severity zero days and demonstrated advanced exploit chaining and sandbox escape, but will not be released publicly; it is being used with major partners and funded with up to $100M in credits plus $4M for open-source security. A postmortem details a North Korea–linked social-engineering supply-chain breach of Axios on NPM, part of a broader campaign spreading 1,700+ malicious packages across multiple ecosystems. US agencies warn Iranian-linked hackers are targeting Rockwell/Allen-Bradley PLCs in critical infrastructure. The White House proposes a $707M cut to CISA, reducing staffing while preserving $1.4B for core cybersecurity.
00:00 Headlines and Sponsor
00:55 Fortinet EMS Zero Day
03:21 AI Finds Zero Days
05:56 Axios Supply Chain Breach
08:02 North Korea Package Campaign
10:13 Iran Targets Industrial Control
12:22 CISA Budget Cuts Debate
14:05 Wrap Up and Thanks
14:59 Sponsor Message Meter

Host David Shiple covers major cybersecurity news: investigators attribute a record $285 million April 1 hack of crypto platform Drift Protocol to North Korea, describing a three-week setup involving a fake "Carbon Vote Token," wash trading to inflate value, social engineering to pre-approve backdoored transactions, Drift's removal of a timelock, and rapid collateralized withdrawals that crashed Drift's token and are now tracked by TRM Labs; the report notes North Korea's 2025 crypto theft total of $2.5B and lifetime total surpassing $7B after this incident, alongside mention of a North Korea-linked supply-chain compromise of the widely used Axios package. Stryker Medical says it has fully recovered from a March 11 Iran-linked wiper attack that used a compromised admin account and Microsoft Intune, prompting Microsoft guidance on multi-admin approval for wipes. The FBI labels a suspected China-linked breach of a U.S. surveillance system a "major incident," likening it to the 2024 Salt Typhoon campaign, while Sen. Mark Warner cites staffing cuts and leadership turmoil at CISA. TechCrunch reports embattled compliance startup Delve faces new claims it repackaged an open-source tool (Sim Studio) as its own "Pathways," as Delve denies broader fraud allegations, says it was targeted by a malicious actor, and Y Combinator cuts ties.
Cybersecurity Today  would like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking stack, wired, wireless and cellular in one integrated solution that's built for performance and scale.  You can find them at Meter.com/cst
00:00 Headlines And Sponsor
00:54 North Korea Crypto Heist
01:16 How The Drift Hack Worked
03:20 Bigger DPRK Crypto Trend
04:24 Stryker Wiper Recovery
06:39 China Breach Major Incident
08:38 Policy And Staffing Fallout
09:37 Delve Startup In Crisis
10:29 Stolen Software Allegations
13:12 Delve Fights Back YC Cuts Ties
14:35 Wrap Up And Thanks
15:12 Sponsor Message Meter
00:00 Headlines And Sponsor
00:54 North Korea Crypto Heist
01:16 How The Drift Hack Worked
03:20 Bigger DPRK Crypto Trend
04:24 Stryker Wiper Recovery
06:39 China Breach Major Incident
08:38 Policy And Staffing Fallout
09:37 Delve Startup In Crisis
10:29 Stolen Software Allegations
13:12 Delve Fights Back YC Cuts Ties
14:35 Wrap Up And Thanks
15:12 Sponsor Message Meter

EV Charging Infrastructure Security: How Hackers Could Disrupt Chargers, Networks, and the Grid
Cybersecurity Today  would like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking stack, wired, wireless and cellular in one integrated solution that's built for performance and scale.  You can find them at Meter.com/cst
In this holiday weekend edition of Cybersecurity Today, Jim Love introduces David Shipley's interview with Steve Visconti, CEO of Xiid Corporation, about cybersecurity risks in electric vehicle (EV) charging infrastructure. Visconti explains Xiid's software-based security layer for IP networks, aimed at critical infrastructure across enterprise, public sector, and DOD environments, and its growing focus on OT/IoT such as EV charging systems. The discussion highlights how EV chargers connect vehicles, homes, back-office billing/control systems, cloud services, and potentially vehicle-to-grid power flows, creating large-scale attack surfaces that could enable disruption, DDoS activity, or broader grid instability. Visconti argues for "unreachability" architectures that close ports and remove static exposure while allowing only registered users and machine-to-machine access. The interview also touches on concerns about vulnerabilities leading to fires, supply-chain risks, and policy debates such as government-accessible vehicle kill switches.
00:00 Holiday Weekend Intro
01:46 Meet Steve Visconti
04:16 EV Charging Symposium
06:40 Vehicle to Grid Risks
09:16 Fires and Attack Vectors
12:14 Making Chargers Unreachable
14:37 Car as the Threat
19:05 Awareness and DDoS Reality
23:09 Government Kill Switch Debate
24:49 Wrap Up and Sponsor Thanks

Cisco Source Code Stolen in Trivy Fallout, Axios Supply Chain Attack, and Active Exploitation of Fortinet and Citrix Flaws
David Shipley reports multiple major security incidents: attackers used credentials stolen in the Trivy supply-chain attack via a malicious GitHub action to breach Cisco's internal development environment, clone 300+ GitHub repos, steal source code (including AI products) and AWS keys, and impact customer-related code; Cisco contained the breach, re-imaged systems, and rotated credentials. A separate supply-chain attack hit the widely used JavaScript library Axios after its maintainer account was compromised, pushing poisoned NPM versions that installed a dropper/RAT via a fake dependency; users are told to downgrade affected versions, remove the dependency, rotate credentials, and review CI/CD logs. Active exploitation is confirmed for a Fortinet FortiClient EMS SQL injection (CVE-2026-21643) and for critical Citrix NetScaler flaws (CVE-2026-3055, possibly alongside CVE-2026-4368). Anthropic accidentally exposed details of a new model, "Code Mythos," described as highly capable in reasoning, coding, and cybersecurity. Finally, TechCrunch reports escalating allegations that compliance startup Delve helped fabricate audit evidence and worked with weak auditors. The episode also marks show episode 1,500.
00:00 Headlines and Sponsor
00:54 Cisco Trivy Breach
02:28 Axios NPM Attack
04:12 Fortinet SQLi Exploited
06:24 Citrix Bleed Returns
08:05 Anthropic Model Leak
10:24 Fake Compliance Scandal
12:30 Episode 1500 Milestone
14:03 Sponsor Closing Message

Mac Malware 'Infinity Stealer,' DarkSword iOS Exploits, China Telecom Espionage & TeamTNT Supply Chain Hits
Cybersecurity Today would like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking stack, wired, wireless and cellular in one integrated solution that's built for performance and scale. You can find them at Meter.com/cst
David Shipley reports from Seoul on major threats: Malwarebytes details Infinity Stealer, a new macOS info-stealer delivered via "ClickFix" social engineering and built as a compiled Python payload (Nuitka) that steals browser credentials, Keychain data, crypto wallets, and developer secrets while notifying attackers via Telegram. Proofpoint links Russia-aligned TA446 (Cold River/Star Blizzard) to spear-phishing using the DarkSword iOS exploit kit to deliver GhostBlade, with DarkSword now leaked on GitHub and Apple pushing unusual on-device warnings for vulnerable iOS versions. Rapid7 describes China-linked "Red Menshen" using the kernel-level BPFdoor backdoor to persist in global telecom networks. TeamTNT compromises the Telnyx PyPI package with WAV-steganography payloads that steal secrets and target Kubernetes. Iran-linked activity includes a symbolic FBI director email breach and escalating, deliberate healthcare disruption via attacks on Stryker and a Pay2Key incident.
00:00 Show Intro and Sponsor
00:53 Mac ClickFix Stealer
03:25 Dark Sword iOS Exploits
06:30 China Telecom Backdoor
08:47 TeamTNT PyPI Supply Chain
12:20 Iran Cyber and Healthcare
17:41 Wrap Up and Thanks
18:43 Sponsor Message