Cybersecurity Today

Coruna iOS Exploit Kit Goes Mass-Market, FBI Wiretap Platform Breach Probe, Windows Terminal ClickFix, and Iran-War Cyber Escalation
This episode covers several major cybersecurity developments: Google's Threat Intelligence Group details Coruna, a sophisticated iOS exploit kit with 23 exploits and multiple chains affecting iOS 13–17.2.1, shifting from targeted surveillance use to cryptocurrency-scam distribution and a PlasmaLoader payload aimed at stealing wallet data. The FBI is investigating suspicious activity involving its Digital Collection System Network used to support wiretaps and surveillance, with concerns about third-party vendor exposure and broader federal agency targeting. Microsoft reports a new ClickFix variation that abuses Windows Terminal to deploy the Luma Stealer via encoded commands, persistence, Defender exclusions, and browser injection. The show also reviews Iran-linked cyber activity by MuddyWater and others amid regional conflict, including new backdoors and cloud-based exfiltration, and reports that Iranian drone strikes hit AWS data centers in the UAE and Bahrain, causing outages and highlighting data centers as battlefield targets.
Cybersecurity Today  would like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking stack, wired, wireless and cellular in one integrated solution that's built for performance and scale.  You can find them at Meter.com/cst
00:00 Sponsor Message Meter
00:19 Headlines And Intro
00:50 Coruna iOS Exploit Kit
04:06 FBI Wiretap Platform Breach
06:52 ClickFix Hits Windows Terminal
10:00 Iran War Cyber Campaigns
14:59 Drones Hit AWS Data Centers
17:57 Wrap Up And Thanks
18:35 Sponsor Close Meter

Cybersecurity Today Month in Review: Iran Conflict Cyber Spillover, IoT Cameras, AI Hacking Tools, and Resilience Planning
In this weekend month-in-review episode, host Jim Love and panelists David Shipley, Laura Payne, Neil Bisson, and Chris "CJ" Johnson discuss cyber and infrastructure impacts tied to the US/Israel–Iran conflict, including reported compromise of traffic camera networks for targeting, Iran's defensive internet shutdown, propaganda via a hacked prayer app, and GPS/AIS spoofing that misdirected ships in the Strait of Hormuz, raising oil and helium supply-chain concerns. They warn of potential Iranian retaliation via DDoS, ransomware, and critical infrastructure attacks (especially water/OT), amplified by insecure IoT and camera vulnerabilities (e.g., Hikvision). The group critiques weakened government cyber capabilities (including CISA turmoil and CVE program risk), highlights AI-enabled attack automation (CyberStrike AI) shrinking time-to-exploit, and stresses practical resilience planning, including protecting AI API keys after an $82,000 billing incident and noting a law-enforcement takedown of LeakBase.
Cybersecurity Today  would like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking stack, wired, wireless and cellular in one integrated solution that's built for performance and scale.  You can find them at Meter.com/cst
00:00 Sponsor Message Meter
00:18 Meet the Panel
01:41 MSPs and Security Assumptions
03:36 War and Cyber Spillover
06:52 Iran Internet Shutdown Explained
08:27 GPS Spoofing in Strait
10:32 Retaliation Risks to West
17:02 IoT Cameras as Targets
18:56 What IT Providers Should Do
22:03 Who Should Worry Most
26:18 Regulation and IoT Standards
28:58 Supply Chain and State Actors
31:36 CISA and CVE Turmoil
35:53 Ring Backlash and Big Tech
37:43 OpenAI Alerts and Privacy
39:25 AI Cultural Blind Spots
40:05 Therapy Duty to Report
41:17 Licensing AI Advice
42:16 Data Centers Under Fire
43:59 Continuity Without Claude
45:05 Power Grid Reality Check
46:47 MSPs and AI Dependence
49:58 Hype Versus Security Markets
51:02 CyberStrike AI Tooling
56:37 Nation State Plausible Deniability
59:58 Exploit Speed and Software Debt
01:03:37 Practical Tips and Wrap Up

Wikipedia JavaScript Worm, ICE Contractor Data Leak Claim, and Leak Base Takedown
Wikipedia admins contained a self-propagating JavaScript worm that spread via infected user script files, executing in logged-in editors' browsers and using authenticated sessions to copy itself into other scripts, sometimes affecting global scripts; administrators restricted edits, reverted and suppressed changes, replaced compromised scripts, and continue investigating the originating account. 
A hacktivist group calling itself the Department of Peace claims it leaked records tied to DHS's Office of Industry Partnership involving 6,681 organizations that applied for ICE-related contracts, releasing the dataset via Distributed Denial of Secrets, while DHS has not confirmed the breach or data authenticity. 
Finally, the FBI, Europol, and partners dismantled the Leak Base cybercrime forum, seized its database, conducted arrests and searches, and warned suspects through the forum's channels.
Cybersecurity Today  would like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking stack, wired, wireless and cellular in one integrated solution that's built for performance and scale.  You can find them at Meter.com/cst
00:00 Sponsor Message
00:19 Headlines Intro
00:42 Wikipedia Worm Attack
01:19 How The Worm Spread
02:08 Containment And Lessons
02:53 Hacktivists Leak ICE Data
04:47 Leak Base Takedown
06:10 Database Seizure Fallout
07:12 Wrap Up And Weekend Preview
07:30 Sponsor Closing

AI-Driven Warfare, Open-Source Attack Tooling, CISA Shakeups, Healthcare Ransomware, and GPS Jamming Risks
Host David Shipley covers reports that hacked Tehran traffic cameras and an AI-powered targeting system helped a joint U.S.-Israeli operation ("Epic Fury") track and strike Iran's leadership, highlighting the growing role of compromised infrastructure and AI in modern conflict. Researchers also link the open-source toolkit Cyber Strike AI to automated attacks against Fortinet FortiGate devices, compromising over 600 systems across 55 countries and raising concerns about proliferating offensive AI tools. At CISA, CIO Robert Costello resigns amid leadership turmoil and staffing challenges. Healthcare ransomware disruptions include a University of Hawaii Cancer Center breach affecting nearly 1.2 million people and a major attack on the University of Mississippi Medical Center that shut clinics and disrupted Epic EMR access. Finally, GPS/AIS jamming and spoofing in the Middle East threatens shipping safety and global trade.
Cybersecurity Today  would like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking stack, wired, wireless and cellular in one integrated solution that's built for performance and scale.  You can find them at Meter.com/cst
00:00 Sponsor Message
00:17 Headlines Overview
00:48 Epic Fury AI Warfare
04:12 Cyber Strike AI Toolkit
07:06 CISA CIO Resignation
09:06 Hawaii Cancer Center Breach
11:27 UMMC Ransomware Shutdown
13:53 GPS Jamming Shipping Risk
16:33 Wrap Up And Sponsor

OpenClaw AI Agent Hijack, CISA Leadership Shakeup, Iran Cyber Campaign, Air-Gap Malware, and Robot Vacuum Flaw
Jim Love covers multiple cybersecurity stories: Oasis Security revealed "ClawJacked," a high-severity OpenClaw AI agent framework flaw caused by missing rate limiting on the local gateway, enabling malicious web pages to brute-force passwords via WebSockets, register a trusted device, and take over agents; OpenClaw patched it within 24 hours and users are urged to update to version 2020 6.2 0.25 and tighten governance for non-human identities. CISA sees a leadership change as acting director Madhu Gottumukkala steps down amid criticism and reports he uploaded sensitive contracting documents to public ChatGPT and canceled key security tool contracts; Nick Anderson becomes acting director. The episode also discusses a coordinated cyber campaign alongside US/Israeli operations against Iran and risks of Iranian retaliation against exposed US critical infrastructure, North Korea's Scarcruft using "Ruby Jumper" to bridge air-gapped networks via USB, and a DJI Romo robot vacuum MQTT flaw that exposed control and camera access across 7,000 devices before being patched.
00:00 Sponsor Message Meter
00:19 Headlines And Intro
00:46 Claw Jacked AI Agents
02:21 CISA Leadership Shakeup
06:02 Cyber Front In Iran War
08:48 North Korea Air Gap Breach
10:06 Robot Vacuum Takeover
13:04 Wrap Up And Thanks