BeyondTrust Zero-Day Exploited,

This episode covers multiple active threats and security changes. It warns of an actively exploited critical BeyondTrust remote access vulnerability (CVE-2026-1731, CVSS 9.9) enabling pre-authentication remote code execution in Remote Support and Privileged Remote Access, noting SaaS was patched while on-prem deployments require urgent manual updates and may already be compromised. Microsoft details an evolution of the ClickFix social engineering technique where victims are tricked into running NSLookup commands that use attacker-controlled DNS responses as a malware staging channel, leading to payload delivery (including a Python-based RAT) and persistence via startup shortcuts, alongside increased Lumma Stealer activity.

Cybersecurity Today would like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking stack, wired, wireless and cellular in one integrated solution that's built for performance and scale. You can find them at Meter.com/cst

Researchers also report Mac-focused campaigns abusing AI-generated content and malicious search ads to push copy-paste terminal commands that install an info stealer (MaxSync) targeting Keychain, browsers, and crypto wallets. T

The show describes fake recruiter campaigns targeting developers with coding tests containing malicious dependencies on repositories like NPM and PyPI, linked to the "Gala" operation and nearly 200 packages. Finally, it reviews NPM's authentication overhaul after a supply-chain worm incident—revoking classic long-lived tokens, moving to short-lived session credentials, encouraging MFA and OIDC trusted publishing—while noting remaining risks such as MFA phishing, non-mandatory MFA for unpublish, and the continued ability to create long-lived tokens.

00:00 Sponsor: Meter + Today's Cybersecurity Headlines
00:48 Urgent Patch: BeyondTrust Remote Access RCE (CVE-2026-1731) Actively Exploited
02:45 ClickFix Evolves: DNS Lookups (nslookup) Used as Malware Staging
04:34 Mac Malware via AI Search Results: Fake Terminal Commands Deliver Info-Stealer
06:08 Fake Recruiters, Real Malware: Coding Tests Poison Dev Environments
07:19 NPM Security Overhaul After Supply-Chain Worm—What's Better, What Still Risks
09:11 Wrap-Up, Thanks, and Sponsor Message