Cybersecurity Today

Cybersecurity Today would like to than Material Security for their support of this podcast. 
On Cybersecurity Today on the Weekend, the host speaks with Jennifer Hutton, a cybersecurity leader in the car dealership sector, about how she entered cybersecurity through increasing cyber insurance requirements and why dealerships are prime targets because they hold bank-level sensitive data and run complex digital and IoT ecosystems. They discuss the rise of cyber-enabled fraud, including impersonation scams, smishing, and synthetic identity fraud, and the need to educate both employees and customers. Hutton describes gaps in industry resources, especially for smaller dealers, and contrasts regulatory pressures such as updated FTC safeguards rules in the U.S. She emphasizes servant leadership, empathy, and communicating risk in business terms, arguing that cyber risk is business risk. The conversation also covers supply chain disruption from the CDK ransomware incident and the importance of incident response, business continuity, and resiliency-focused planning.
00:00 Weekend Show Kickoff
01:14 Jennifer's Cyber Origin
02:53 Why Dealerships Are Targets
04:30 Scams And Synthetic IDs
08:32 Industry Gaps And Sharing
10:42 Regulation And Tech Shift
13:48 Leading With Business Risk
21:29 Servant Leadership And AI
25:21 Empathy In Tech Teams
28:16 CDK Ransomware Lessons
29:53 Resilience Over Prevention
32:08 Advice To Dealership Leaders
34:49 Closing Thanks

Mac Malware Gaslights AI, Major Info-Stealer Takedown, OpenAI's Patch the Planet, and FortiBleed Fallout
Mac malware called "Gaslight," attributed to North Korea-aligned actors, plants fake system messages designed to derail AI-based analysis while stealing data and exfiltrating it via a Telegram bot.
 
Microsoft and Europol disrupted the Amadey and SteelC info-stealer ecosystem by seizing/shuttering infrastructure after identifying 140,000 infections in early May and over 200 command-and-control domains and IPs, as part of Operation Endgame.
 
OpenAI announced "Patch the Planet," a joint effort with Trail of Bits and HackerOne to help open-source projects find and fix bugs amid AI-generated report flooding, alongside a new GPT 5.5 Cyber benchmark result. 
 
New FortiBleed reporting underscores that the campaign relies on credential reuse against exposed FortiGate devices and may require rotating far more than just firewall passwords.
 
00:00 Sponsor Message
00:25 Headlines Overview
00:55 Mac Malware Gaslight
02:00 Telegram C2 And Stealer
02:50 Info Stealer Takedown
04:08 Operation Endgame Impact
04:47 OpenAI Patch The Planet
06:16 AI Models And Export Rules
07:08 FortiBleed Recap
08:13 Inside The FortiGate
08:59 Rotate Credentials Now
09:26 Closing And Sign Off

Fortinet finally weighs in on FortiBleed - it's not a bug. Plus a healthcare AI firm loses 1.4 million people's data to a single phishing email, a trading bot built to prey on others gets played for $15 million, and LastPass lands back on a breach list it didn't cause.  

00:00 Headlines 00:28 Xsolis Phishing Fallout 01:47 Texas License Vendor Hack 02:59 MEV Bot Gets Robbed 05:26 FortiBleed Fortinet Response 06:42 LastPass Caught in Clue 08:40 Wrap Up and Sign Off

A breach at market intelligence platform Klue allowed attackers to steal OAuth tokens linking Clue to customers' Salesforce environments, enabling quiet API-driven data extraction from firms including Huntress, Recorded Future, Tanium, and Jamf; Clue revoked tokens, removed the legacy integration credential involved, and engaged CrowdStrike as Icarus threatens extortion, echoing earlier Salesforce token-theft campaigns affecting nearly 1,000 companies. 
Researchers also detail AriStinger, a new botnet infecting 4,000+ end-of-life D-Link routers to scan, proxy, tunnel, execute commands, and hijack DNS, with many infections in South Korea and China. The episode covers federal cyberstalking charges against Anthony Belford for allegedly using fake accounts and AI-generated nude images, and ESET's report that the "Gentleman" ransomware crew is developing modular EDR-killing tools to disable endpoint defenses.
00:00 Top Stories Teaser
00:29 Clue OAuth Token Breach
02:32 Salesforce Token Attack Trend
04:14 AryStinger Router Botnet
05:33 AI Deepfake Cyberstalking Case
07:50 Gentleman EDR Killer Arsenal
09:37 Wrap Up And Sign Off

In this special Cybersecurity Today weekend interview, host David Shipley speaks with Amy Yee about leadership, resilience, and the human side of cybersecurity.
Amy shares her remarkable journey from electrical engineering and venture capital to becoming the inaugural Chief Digital Officer at Accreditation Canada and Health Standards Organization, where she helped build the digital foundation used by hundreds of healthcare organizations across Canada.
The conversation takes a deeply personal turn as Amy recounts leading through a ransomware attack that struck her organization before tabletop exercises and incident-response planning had become routine. She describes the chaos of the first 48 hours, the emotional toll on staff, the difficult weeks that followed, and the lessons learned during a 60-day recovery effort.
Amy also discusses her popular conference talk inspired by Mitch Albom's The Five People You Meet in Heaven, reimagined for cybersecurity. She explores five people every cyber professional encounters during their career: the person they protected, the person who challenged them, the person who gave them a chance, the person they failed, and the person they inspired.
This is a conversation about cybersecurity, leadership, resilience, mentorship, and finding meaning in a profession that often works behind the scenes.
Topics covered:
Ransomware incident response
Cybersecurity leadership
Healthcare cybersecurity
Digital transformation
Executive crisis management
Building cyber resilience
Career growth in technology
Mentorship and leadership lessons
The human side of cybersecurity
Guest: Amy Yee
Host: David Shipley
Podcast: Cybersecurity Today
#Cybersecurity #Ransomware #Leadership #
Chapters
00:00 Weekend Show Intro
01:22 Amy's Career Origin
02:13 Becoming Chief Digital Officer
03:56 Ransomware Wake Up Call
06:46 Inside the First 48 Hours
08:26 The Low Point Weeks In
10:57 Finding a Path Forward
11:55 Leadership Lessons After Incidents
15:01 Five People in Cyber
17:16 Invisible Impact and Resilience
19:38 The Five Archetypes Explained
21:42 Stories From the Community
24:14 Wired for Change Podcast
27:30 Advice to Younger Amy
28:49 Closing and Off Mic Wrap