Cybersecurity Today: Credit Card Skimming, Valley Rat Malware, WhatsApp Exploit & AI Defenses

In this episode of Cybersecurity Today, hosted by Jim Love, we explore several critical cybersecurity threats and advancements. We cover a massive credit card skimming campaign active since early 2022, a severe bug in HPE OneView, the stealthy Valley Rat malware, and a potential zero-click exploit in WhatsApp. Additionally, we delve into AI-driven advancements in cybersecurity defense being developed at US National Laboratories. Stay informed and vigilant with the latest insights in cybersecurity.

00:00 Introduction and Sponsor Message
00:48 Credit Card Skimming Campaign Uncovered
02:49 Critical Vulnerability in HPE OneView
04:16 Valley Rat Malware Threat
06:22 Suspected Zero-Day Vulnerability in WhatsApp
08:29 AI-Powered Cyber Defenses in US National Labs
10:08 Conclusion and Sponsor Message

In this episode of Cybersecurity Today, host David Shipley covers the FBI's warning about North Korean state-sponsored QR code phishing campaigns targeting U.S. organizations. Additionally, he discusses Europol's arrest of 34 individuals in Spain tied to the infamous Black Acts crime syndicate and the uncertainty surrounding CISA's pre-ransomware notification initiative after the departure of its lead developer. Stay informed with the latest in cybersecurity news and learn how to protect yourself and your organization from emerging threats.

Cybersecurity Today would like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking stack, wired, wireless and cellular in one integrated solution that's built for performance and scale.

You can find them at Meter.com/cst

00:00 Introduction and Sponsor Message
00:20 FBI Warns of QR Code Phishing
04:44 Europol's Major Crackdown on Black Acts
07:11 Uncertainty Over Ransomware Alerts Program
09:41 US Withdraws from Cybersecurity Organizations
10:25 Conclusion and Final Thoughts

In this episode of Cybersecurity Today, brought to you by Meter, we review key events and stories from the past few weeks. Join host Jim along with experts Tammy Harper from Flair, Laura Payne from White Tuque, and David Shipley from Beauceron Security as they discuss major cybersecurity events that unfolded over the holidays, including the MongoDB vulnerability 'Mongo Bleed', the compromises at Rainbow Six Siege, and the ethical implications of hacktivism. The panel also explores the complexities of AI in cybersecurity, the vulnerability of critical infrastructure, and the dichotomy between ethical hacking and cybercrime in the industry. As always, we emphasize the intersection of cybersecurity with people, processes, and our daily lives.

Cybersecurity Today would like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking stack, wired, wireless and cellular in one integrated solution that's built for performance and scale.

You can find them at Meter.com/cst

00:00 Introduction and Sponsor Message
00:20 Panel Introduction and Holiday Recap
02:26 MongoDB Vulnerability: Mongo Bleed
05:15 AI and Responsible Disclosure
16:20 Gaming Security: Rainbow Six Siege Hack
20:13 Video Games and Malware Risks
24:54 Fake Video Propaganda and Infrastructure Attacks
25:48 The Dilemma of Cybersecurity Censorship
26:34 Deepfakes and Cognitive Warfare
27:37 Cyber Operations and Infrastructure Vulnerability
34:42 The Role of Private Companies in Cyber Conflicts
36:19 Internal Threats in Cybersecurity
43:20 Hacktivism: Ethics and Boundaries
49:03 Conclusion and Final Thoughts

Cybersecurity Today: Sideloaded App Issues, Fake Blue Screen Attacks, and Rising Ransomware Threats

In this episode of Cybersecurity Today, host Jim Love discusses HSBC blocking sideloaded apps with its banking app, new social engineering attacks using fake Windows blue screens to install malware, and the discovery of long-standing compromised Chrome extensions. Additionally, a new report reveals a significant rise in ransomware victims in 2025 despite major takedowns of ransomware groups. Special thanks to Meter for their support.

00:00 Introduction and Sponsor Message
00:21 HSBC Blocks Sideloaded Apps
02:44 Fake Blue Screen of Death Malware
04:49 Compromised Chrome Extensions
06:33 Ransomware Trends in 2025
08:33 Conclusion and Sponsor Message

In this episode of Cybersecurity Today, host Jim Love discusses the latest in cybersecurity threats including the rapidly growing Kim Wolf botnet affecting millions of devices, the rising threats to file-sharing environments, and the intersection of cybercrime with physical supply chains. He also covers an audacious hacktivist takedown of white supremacist websites. Tune in to learn about the evolving landscape of cybersecurity and practical measures you can take to protect your systems. Thank you to our sponsor Meter for supporting this podcast.

Cybersecurity Today would like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking stack, wired, wireless and cellular in one integrated solution that's built for performance and scale.

You can find them at Meter.com/cst

00:00 Introduction and Sponsor Message
00:21 Kim Wolf Botnet: A Growing Threat
04:07 Mitigation Strategies for Kim Wolf
05:22 Corporate Data Breaches: Zestix and ShareFile
07:48 Cyber-Enabled Cargo Theft: The Lobster Heist
09:44 Hacktivism: Root Takes Down White Supremacist Sites
11:46 Conclusion and Contact Information

In this episode of 'Cybersecurity Today', host David Shipley discusses significant cyber events and their implications. The podcast explores hints by President Donald Trump regarding the use of cyber tactics in a U.S. operation that resulted in a power outage in Venezuela. The episode also delves into the April 2025 data breach at Nova Scotia Power, detailing the company's efforts to keep incident specifics confidential and the extensive recovery measures taken. Lastly, it updates listeners on the Trust Wallet compromise linked to the Sha-Hulud supply chain attack, elucidating how the breach occurred and its aftermath. The episode underscores the growing cyber threat landscape and the critical need for enhanced cybersecurity measures.

00:00 Introduction and Sponsor Message
00:46 US Cyber Operations in Venezuela
03:13 Implications for Cybersecurity Professionals
04:37 Nova Scotia Power Breach Details
08:52 Trust Wallet Hack Update
10:46 Conclusion and Final Thoughts

In this episode, host Jim Love discusses the importance of cybersecurity awareness and training, featuring insights from Michael Joyce of the Human-Centric Cybersecurity Partnership at the University of Montreal and David Shipley of Beauceron Security. They explore the impact of cybersecurity awareness programs, the decay of sustained vigilance post-training, and the nuances between phishing reporting and clicking behaviors. The conversation also critiques recent research claims that question the efficacy of phishing training, emphasizing the need for continuous, empirically supported approaches in cybersecurity education. The episode highlights the value of balanced, layered defenses involving both technical solutions and informed user behavior.

00:00 Introduction and Podcast Announcement
00:14 Sponsorship Acknowledgment
00:35 The Nature of Cybersecurity Awareness
01:09 Introduction to the Research Show
01:21 Guest Introductions
02:15 Human-Centric Cybersecurity Partnership
03:46 The Importance of Canadian Research
04:40 Cybersecurity and Culture
05:27 The Role of Research in Cybersecurity
07:12 David's Research and Collaboration with Michael
08:46 The Value of Independent Research
13:33 Cybersecurity Awareness Month Impact
17:23 Phishing Simulation and Reporting
23:49 Awareness Decay and Vigilance
30:55 The Importance of Reporting and Feedback Loops
40:00 Optimal Frequency for Cybersecurity Training
40:27 Critiques and Misconceptions in Phishing Training
42:00 Empirical Data and Training Effectiveness
43:19 Insights from Phishing Simulations
47:14 Understanding Why People Click
52:43 Challenges in Cybersecurity Research
01:04:06 The Importance of Layered Defenses
01:17:17 Concluding Thoughts on Cybersecurity Training

In this episode, the host shares a pre-recorded favorite interview with David Decary-Hetu, a criminologist at the University of Montreal. They discuss the dark web, its technology, and its role in cybercrime. Decary-Hetu explains how the dark web operates, its users, and the dynamics between researchers and law enforcement in tackling cyber threats. Key topics include the economics of illicit markets, the cat-and-mouse game between law enforcement and criminals, the role of cryptocurrencies, and the evolution of cyber threats. The episode offers insights into the social aspects of cybercrime and the measures being taken to combat it.

00:00 Introduction and Sponsor Message
00:52 Understanding the Dark Web
02:16 Interview with David Decary-Hetu
05:10 The Basics of the Dark Web
06:27 Technology Behind the Dark Web
14:49 Law Enforcement Challenges
21:50 Trust and Transactions on the Dark Web
23:45 Recruitment and Structure of Cybercriminals
26:42 Cultural Dynamics in Hacking Communities
27:32 Researching the Impact of Technology on Crime
29:01 Challenges in Policing the Dark Web
30:12 The Role of Social Engineering in Cybercrime
31:18 Law Enforcement Strategies and Conditional Deterrence
32:09 The Evolution of Cybercrime and Cryptocurrency
41:24 Legal and Ethical Considerations in Cybercrime
43:47 Advice for Policymakers and Corporations
48:44 Educational Resources and Conferences
50:57 Conclusion and Final Thoughts