EV Charging Infrastructure Security: How Hackers Could Disrupt Chargers, Networks, and the Grid

Cybersecurity Today would like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking stack, wired, wireless and cellular in one integrated solution that's built for performance and scale. You can find them at Meter.com/cst

In this holiday weekend edition of Cybersecurity Today, Jim Love introduces David Shipley's interview with Steve Visconti, CEO of Xiid Corporation, about cybersecurity risks in electric vehicle (EV) charging infrastructure. Visconti explains Xiid's software-based security layer for IP networks, aimed at critical infrastructure across enterprise, public sector, and DOD environments, and its growing focus on OT/IoT such as EV charging systems. The discussion highlights how EV chargers connect vehicles, homes, back-office billing/control systems, cloud services, and potentially vehicle-to-grid power flows, creating large-scale attack surfaces that could enable disruption, DDoS activity, or broader grid instability. Visconti argues for "unreachability" architectures that close ports and remove static exposure while allowing only registered users and machine-to-machine access. The interview also touches on concerns about vulnerabilities leading to fires, supply-chain risks, and policy debates such as government-accessible vehicle kill switches.

00:00 Holiday Weekend Intro
01:46 Meet Steve Visconti
04:16 EV Charging Symposium
06:40 Vehicle to Grid Risks
09:16 Fires and Attack Vectors
12:14 Making Chargers Unreachable
14:37 Car as the Threat
19:05 Awareness and DDoS Reality
23:09 Government Kill Switch Debate
24:49 Wrap Up and Sponsor Thanks

Cisco Source Code Stolen in Trivy Fallout, Axios Supply Chain Attack, and Active Exploitation of Fortinet and Citrix Flaws

David Shipley reports multiple major security incidents: attackers used credentials stolen in the Trivy supply-chain attack via a malicious GitHub action to breach Cisco's internal development environment, clone 300+ GitHub repos, steal source code (including AI products) and AWS keys, and impact customer-related code; Cisco contained the breach, re-imaged systems, and rotated credentials. A separate supply-chain attack hit the widely used JavaScript library Axios after its maintainer account was compromised, pushing poisoned NPM versions that installed a dropper/RAT via a fake dependency; users are told to downgrade affected versions, remove the dependency, rotate credentials, and review CI/CD logs. Active exploitation is confirmed for a Fortinet FortiClient EMS SQL injection (CVE-2026-21643) and for critical Citrix NetScaler flaws (CVE-2026-3055, possibly alongside CVE-2026-4368). Anthropic accidentally exposed details of a new model, "Code Mythos," described as highly capable in reasoning, coding, and cybersecurity. Finally, TechCrunch reports escalating allegations that compliance startup Delve helped fabricate audit evidence and worked with weak auditors. The episode also marks show episode 1,500.

00:00 Headlines and Sponsor
00:54 Cisco Trivy Breach
02:28 Axios NPM Attack
04:12 Fortinet SQLi Exploited
06:24 Citrix Bleed Returns
08:05 Anthropic Model Leak
10:24 Fake Compliance Scandal
12:30 Episode 1500 Milestone
14:03 Sponsor Closing Message

Mac Malware 'Infinity Stealer,' DarkSword iOS Exploits, China Telecom Espionage & TeamTNT Supply Chain Hits

Cybersecurity Today would like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking stack, wired, wireless and cellular in one integrated solution that's built for performance and scale. You can find them at Meter.com/cst

David Shipley reports from Seoul on major threats: Malwarebytes details Infinity Stealer, a new macOS info-stealer delivered via "ClickFix" social engineering and built as a compiled Python payload (Nuitka) that steals browser credentials, Keychain data, crypto wallets, and developer secrets while notifying attackers via Telegram. Proofpoint links Russia-aligned TA446 (Cold River/Star Blizzard) to spear-phishing using the DarkSword iOS exploit kit to deliver GhostBlade, with DarkSword now leaked on GitHub and Apple pushing unusual on-device warnings for vulnerable iOS versions. Rapid7 describes China-linked "Red Menshen" using the kernel-level BPFdoor backdoor to persist in global telecom networks. TeamTNT compromises the Telnyx PyPI package with WAV-steganography payloads that steal secrets and target Kubernetes. Iran-linked activity includes a symbolic FBI director email breach and escalating, deliberate healthcare disruption via attacks on Stryker and a Pay2Key incident.

00:00 Show Intro and Sponsor
00:53 Mac ClickFix Stealer
03:25 Dark Sword iOS Exploits
06:30 China Telecom Backdoor
08:47 TeamTNT PyPI Supply Chain
12:20 Iran Cyber and Healthcare
17:41 Wrap Up and Thanks
18:43 Sponsor Message

RSAC Recap: Agentic AI Takes Over, Security Funding Shifts, and Why CISOs Must Focus on Resilience

Cybersecurity Today would like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking stack, wired, wireless and cellular in one integrated solution that's built for performance and scale. You can find them at Meter.com/cst

Jim Love and co-host David Shipley recap the RSA Conference in San Francisco, noting that "zero trust" marketing has faded and "agentic AI" (especially "agentic SOC") dominated vendor messaging. David highlights a major market shift: AI is pressuring cybersecurity company valuations and could reduce funding, accelerate consolidation, and raise security costs due to heavy compute requirements, even as demand increases. They discuss how AI disproportionately benefits attackers, including new phishing-as-a-service capabilities, while organizations cut security hiring in anticipation of AI gains. David's standout booth, MindGuard, used a 1990s metaphor to argue AI security is as immature as cybersecurity was decades ago. He also interviews Commvault CSO Bill O'Connell on the evolving CISO role, communicating risk, the importance of recovery and "ResOps," and celebrating CISOs, including Time magazine's CISO of the year concept.

00:00 Weekend Show Kickoff
00:46 RSAC Recap Setup
01:06 Zero Trust Is Dead
01:48 Agentic SOC Everywhere
03:41 AI Shifts Security Valuations
06:55 Peak Security And Consolidation
07:55 Costs And Layoffs Warning
09:35 Attackers Gain The Edge
11:48 RSAC Booth Spectacle
13:39 MindGuard Nineties Metaphor
15:40 Commvault CISO Interview Begins
17:22 Backup To Cyber Resilience
18:04 Modern CISO Role Evolution
19:55 Translating Risk For Leaders
21:44 Risk Versus FUD
22:22 AI Hype And CISO Relevance
23:29 Defining AI And Controls
24:33 Agentic AI And Backups
25:49 Resilience Over Prevention
27:52 ResOps And Practicing Recovery
31:06 Advice For New CISOs
33:30 Celebrating The CISO Role
35:43 Is The Job Worth It
37:06 Host Wrap And Audience Feedback
39:18 Korea Trip And Show Signoff
40:13 Sponsor Message And Closing

Anonymous Tip System Breach Exposes Millions of Records, Google Warns Q-Day by 2029, and New AI Documentation Supply-Chain Risks

Cybersecurity Today would like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking stack, wired, wireless and cellular in one integrated solution that's built for performance and scale. You can find them at Meter.com/cst

Jim Love reports that a breach at P3 Global Intel, whose tip-submission systems are used by police, government agencies, and schools, allegedly exposed over 8 million submissions including highly sensitive personal data and raised concerns about anonymity due to features that could disclose tipster IP information; the company says it has not confirmed misuse. Google warns "Q Day," when quantum computers could break widely used public-key encryption, may arrive as early as 2029, intensifying urgency around "harvest now, decrypt later" and adoption of post-quantum cryptography standards. The episode also highlights AI-era supply-chain threats where community-generated documentation can be poisoned with indirect prompt injections that influence AI-generated code, and notes upcoming GitHub Copilot policy changes to use prompts and code context from certain users for training unless they opt out, making data governance critical.

00:00 Headlines And Sponsor
00:45 Anonymous Tip Line Breach
03:42 Quantum Q Day Timeline
06:10 Poisoned Documentation Attacks
08:57 Copilot Training Data Changes
10:27 Wrap Up And Meter Thanks

RSAC: Retiring "APT," FCC's US-Made Router Ban, Zoom Call Scraping, Iran-Targeting Wiper, and Cyber Terrorism Insurance

From RSAC 2026, host David Shipley highlights ESET researcher Robert Lipowsky's argument to retire the overused "advanced persistent threat" label and instead describe actors by motivation and activity, noting blurred lines between nation-state and criminal tooling. He also reports RSAC vendor trends (zero trust fading, "agentic AI" everywhere) and standout booth themes. In Washington, the FCC bans authorization of any new Wi‑Fi router models not made in the United States, citing supply-chain risk and attacks like Volt Flax and Salt Typhoon, impacting an industry largely manufacturing abroad unless exemptions are granted with plans to reshore. The episode details Webinar TV allegedly joining public Zoom links to record calls and publish AI-generated podcast recaps, and a Kubernetes-targeting campaign linked to the Trivy supply-chain attack that deploys an Iran-checking wiper. Finally, Treasury seeks comments on expanding the terrorism risk insurance backstop (TRIP) to cover cyber losses.

Cybersecurity Today would like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking stack, wired, wireless and cellular in one integrated solution that's built for performance and scale. You can find them at Meter.com/cst

00:00 Sponsor Meter Intro
00:18 Headlines Preview
00:58 Retiring The APT Label
02:51 RSAC Floor Trends
05:08 FCC Router Ban
06:43 Zoom Calls Turned Podcasts
09:29 Iran Targeting Wiper
10:57 Cyber Terrorism Insurance Debate
13:15 Wrap Up And Thanks
13:44 Sponsor Meter Outro

Compliance Startup Audit-Faking Claims, Trivy Supply-Chain Backdoor, Russia Targets Signal/WhatsApp, and Iran-Linked Stryker Disruption

Cybersecurity Today would like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking stack, wired, wireless and cellular in one integrated solution that's built for performance and scale. You can find them at Meter.com/cst

This episode covers allegations that Y Combinator-backed compliance startup Delve helped customers fake privacy and security audits by generating fabricated evidence that auditors then rubber-stamped, alongside Delve's denial and a report of sensitive Delve data being externally accessible. It also details a TeamTNT/Team PCP-style supply-chain compromise of Aqua Security's Trivy scanner via GitHub build and tag tampering, briefly distributing a backdoored release that stole cloud credentials, SSH keys, tokens, and more, with guidance to treat affected environments as fully compromised and rotate secrets. The FBI and CISA warn of Russian intelligence-linked phishing targeting Signal and WhatsApp accounts through social engineering and malicious QR codes. Finally, it describes the real-world impact of an Iran-linked Handala cyberattack on Stryker, disrupting custom implant logistics and delaying surgeries.

00:00 Sponsor Message Meter
00:18 Headlines Overview
00:48 Delve Audit Allegations
03:27 Trivy Scanner Backdoor
06:01 Russian Phishing Signals
08:54 Stryker Attack Fallout
11:30 Wrap Up And RSAC
11:48 Sponsor Message Meter

Cybersecurity Isn't Managing Risk—It's Managing Threats... And That's the Problem

Host David Shipley speaks with Jeff Gardiner, a former university CISO and now at Morgan Stanley, about Gardiner's doctoral research arguing that cybersecurity has structurally misclassified "risk management" as threat management.

Gardiner explains that real risk is an expected loss calculation (impact × likelihood), while many cybersecurity frameworks and training emphasize vulnerabilities, exploitability, and system configuration without likelihood or business impact. He describes examples where teams labeled unlikely issues as "extremely high risk," discusses interviews where leaders universally expect cybersecurity staff to be risk managers, and cites findings that only about 11% of cybersecurity professionals actually perform risk calculations. Gardiner outlines a practical approach using qualitative likelihood and impact scales, prioritization, and clearer business framing, and notes ongoing discussions with NIST to improve the NICE framework.

Cybersecurity Today would like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking stack, wired, wireless and cellular in one integrated solution that's built for performance and scale. You can find them at Meter.com/cst

00:00 Sponsor Message
00:19 Meet Jeff Gardiner
01:51 Career Journey Origins
03:23 TLS Risk Epiphany
05:06 What Is Compute Canada
06:38 Risk Versus Threat
08:35 Why Labels Matter
11:13 Likelihood And Impact
12:26 Teaching Risk Qualitatively
15:29 Why Prioritize Risk
20:36 Training Frameworks Flaw
25:13 Research Frustrations
25:51 Risk Management Wins
26:44 Why CISOs Burn Out
27:43 Speaking Executive Risk
29:22 Teach Risk Broadly
31:36 Biases and Better Judgments
35:17 Sexy Scary vs Real Risk
36:12 Convincing the Room
39:15 Start Simple Frameworks
41:36 Risk Quadrants and Delegation
45:30 Mentorship and NIST V3
47:57 Wrap Up and Sponsor