Cisco Breached: Source Code Stolen - Cybersecurity Today
Cybersecurity Today1 Huhti

Cisco Breached: Source Code Stolen - Cybersecurity Today

Cisco Source Code Stolen in Trivy Fallout, Axios Supply Chain Attack, and Active Exploitation of Fortinet and Citrix Flaws

David Shipley reports multiple major security incidents: attackers used credentials stolen in the Trivy supply-chain attack via a malicious GitHub action to breach Cisco's internal development environment, clone 300+ GitHub repos, steal source code (including AI products) and AWS keys, and impact customer-related code; Cisco contained the breach, re-imaged systems, and rotated credentials. A separate supply-chain attack hit the widely used JavaScript library Axios after its maintainer account was compromised, pushing poisoned NPM versions that installed a dropper/RAT via a fake dependency; users are told to downgrade affected versions, remove the dependency, rotate credentials, and review CI/CD logs. Active exploitation is confirmed for a Fortinet FortiClient EMS SQL injection (CVE-2026-21643) and for critical Citrix NetScaler flaws (CVE-2026-3055, possibly alongside CVE-2026-4368). Anthropic accidentally exposed details of a new model, "Code Mythos," described as highly capable in reasoning, coding, and cybersecurity. Finally, TechCrunch reports escalating allegations that compliance startup Delve helped fabricate audit evidence and worked with weak auditors. The episode also marks show episode 1,500.

00:00 Headlines and Sponsor
00:54 Cisco Trivy Breach
02:28 Axios NPM Attack
04:12 Fortinet SQLi Exploited
06:24 Citrix Bleed Returns
08:05 Anthropic Model Leak
10:24 Fake Compliance Scandal
12:30 Episode 1500 Milestone
14:03 Sponsor Closing Message

Tämä jakso on lisätty Podme-palveluun avoimen RSS-syötteen kautta eikä se ole Podmen omaa tuotantoa. Siksi jakso saattaa sisältää mainontaa.

Jaksot(100)

Cybersecurity & Arctic Sovereignty: Protecting Canada's Most Vulnerable Infrastructure Cheryl Biswas

Cybersecurity & Arctic Sovereignty: Protecting Canada's Most Vulnerable Infrastructure Cheryl Biswas

Host David Shipley speaks with cybersecurity professional Cheryl Biswas about her journey into the industry and why she believes Arctic sovereignty must be viewed as a cybersecurity challenge as much ...

29 Touko 29min

CISA Orders Emergency Drupal Patch | Microsoft Server Bug | Google Fights Canada Surveillance Bill

CISA Orders Emergency Drupal Patch | Microsoft Server Bug | Google Fights Canada Surveillance Bill

CISA has ordered U.S. federal civilian agencies to urgently patch an actively exploited critical Drupal SQL injection vulnerability (CVE-2026-9082) affecting PostgreSQL-backed Drupal deployments, afte...

27 Touko 10min

AI Vulnerability Explosion, Kim Wolf Botnet Arrest, Ghost CMS Hack, Iran Cyber Espionage

AI Vulnerability Explosion, Kim Wolf Botnet Arrest, Ghost CMS Hack, Iran Cyber Espionage

Is AI about to trigger a cybersecurity vulnerability explosion? In this episode of Cybersecurity Today, David Shipley examines what some researchers are calling the early signs of a "vulnerability apo...

25 Touko 13min

Researcher Finds Public GitHub Repo Exposing Sensitive CISA Credentials

Researcher Finds Public GitHub Repo Exposing Sensitive CISA Credentials

The episode recounts how GitGuardian security researcher Guillaume Valadon, while monitoring public GitHub for leaked secrets, discovered a publicly accessible repository labeled "CISA-Private" contai...

23 Touko 26min

GitHub Breach Exposes 3,800 Repos | Microsoft Kills SMS Authentication | Proton Fights Canada Bill

GitHub Breach Exposes 3,800 Repos | Microsoft Kills SMS Authentication | Proton Fights Canada Bill

GitHub confirms a major supply chain breach after a malicious Visual Studio Code extension reportedly gave attackers linked to TeamPCP access to roughly 3,800 internal repositories. The bigger issue: ...

22 Touko 9min

Windows 11 BitLocker Zero-Day, TeamPCP Malware Leak, Iran Gas Station Hacks | Cybersecurity Today

Windows 11 BitLocker Zero-Day, TeamPCP Malware Leak, Iran Gas Station Hacks | Cybersecurity Today

A serious new Windows 11 BitLocker vulnerability, open-sourced offensive malware tools, a suspected Iranian cyber campaign targeting U.S. fuel infrastructure, and malware that appears designed to inte...

20 Touko 13min

Exchange Zero-Day Under Attack, Ransomware Gets Smarter, Fortinet Critical Flaws

Exchange Zero-Day Under Attack, Ransomware Gets Smarter, Fortinet Critical Flaws

A dangerous new Microsoft Exchange zero-day is being actively exploited, ransomware gangs are adopting nation-state-style tactics, two fired contractors were caught deleting U.S. government databases ...

19 Touko 12min

Inside CIRA: How Canada's .ca Registry Became a Global DNS & Cybersecurity Force

Inside CIRA: How Canada's .ca Registry Became a Global DNS & Cybersecurity Force

David Shipley interviews Jon Ferguson, VP at CIRA, about how the Canadian Internet Registration Authority evolved from early paper-based .ca registrations at UBC into a 142-person, member-based not-fo...

16 Touko 53min

Suosittua kategoriassa Politiikka ja uutiset

uutiscast
aikalisa
politiikan-puskaradio
ootsa-kuullut-tasta-2
rss-ootsa-kuullut-tasta
rss-podme-livebox
tervo-halme
otetaan-yhdet
rss-vaalirankkurit-podcast
et-sa-noin-voi-sanoo-esittaa
viisupodi
rss-asiastudio
rss-kaikki-uusiksi
rss-hyvaa-huomenta-bryssel
rss-girls-finish-f1rst
rss-ulkopoditiikkaa
linda-maria
the-ulkopolitist
rss-sinivalkoinen-islam
rss-pinnalla