Beauceron CEO David Shipley talks about Fake Claude Code Installs, Arpa Phishing, Zombie ZIP Malware Evasion, and Iran/Israel Cyber Retaliation.

Beauceron CEO David Shipley talks about Coruna iOS exploit kit going mass-market, FBI probes breach of wiretap system, New Windows Terminal ClickFix attack, and Iran War cyber escalation

Beauceron CEO David Shipley talks about AI-Driven Warfare, Open-Source Attack Tooling, CISA Leadership Shakeups, Healthcare Ransomware, and GPS Jamming Risks

Beauceron CEO David Shipley talks about a Russian-speaking hacker leveraging AI automation to breach over 600 Fortinet FortiGate firewalls in 55 countries, an Amazon Kiro AI coding tool incident that caused a 13-hour AWS service disruption, and the launch of Anthropic’s AI-powered Claude Code Security tool for identifying software vulnerabilities.

He also discusses the FBI’s warning about China’s Salt Typhoon threat, which has targeted unpatched systems in over 80 countries, as well as the growing concern over youth radicalization in Canada, including the role of Big Tech including social media and AI tools.

Beauceron CEO David Shipley covers an actively exploited BeyondTrust remote access vulnerability that enables pre-authentication remote code execution. David also dives into Microsoft’s warning about the evolution of the ClickFix social engineering technique and a new malware campaign targeting developers with fake coding tests designed to infect their systems.

Beauceron CEO David Shipley covers Google's disruption of the massive residential proxy network IP Idea, the hijacking vulnerability of AI agent platform OpenClaw, and attackers abusing single sign-on platforms. He also delves into the coordinated cyber attack on Poland's energy sector by Russian state-linked actors and the misuse of eScan antivirus updates to deliver malware.

Beauceron CEO David Shipley covers Google's disruption of the massive residential proxy network IP Idea, the hijacking vulnerability of AI agent platform OpenClaw, and attackers abusing single sign-on platforms. He also delves into the coordinated cyber attack on Poland's energy sector by Russian state-linked actors and the misuse of eScan antivirus updates to deliver malware.

Beauceron CEO David Shipley covers the continued exploitation of Fortinet flaws despite recent patches, Windows 11 systems failing to boot after January updates, a thwarted cyber attack on Poland's energy sector by the Sandworm group, a sophisticated phishing campaign targeting the energy sector, and a critical AWS vulnerability that posed a significant risk to cloud security globally.

Beauceron CEO David Shipley covers critical vulnerabilities in Cisco’s Async and Fortinet’s FortiSiem platforms, spear-phishing campaign uses US attack on Venezuela in lure and changes to an LLM to study bad code creation sends it off the rails in other, unexpected ways.

Beauceron CEO David Shipley covers the FBI's warning about North Korean state-sponsored QR code phishing campaigns targeting U.S. organizations. Additionally, he discusses Europol's arrest of 34 individuals in Spain tied to an infamous crime syndicate and the uncertainty surrounding CISA's pre-ransomware notification initiative after the departure of its lead staffer.

Beauceron CEO David Shipley covers hints by President Donald Trump regarding the use of cyber tactics in a U.S. operation that resulted in a power outage in Venezuela. The episode also delves into the April 2025 data breach at Nova Scotia Power. Lastly, it updates listeners on the Trust Wallet compromise linked to the SHA1-Hulud supply chain attack.

Beauceron CEO David Shipley covers the 'Mongo Bleed' vulnerability in MongoDB that was disclosed and then publicly exploited on Christmas Day, leading to potential data leaks. Ubisoft's Rainbow Six Siege faced a breach enabling attackers to manipulate in-game functions and distribute billions worth of in-game currency for free. Trust Wallet's browser extension was compromised, resulting in a loss of approximately $7 million in cryptocurrency. Finally, a phishing scam using a legitimate GrubHub subdomain to promise fake Bitcoin rewards was also discussed.

Beauceron CEO David Shipley talks about how Nigerian police arrested three suspects linked to a Microsoft 365 phishing platform known as Raccoon O365. U.S. prosecutors charged 54 individuals in an ATM malware scheme tied to a Venezuelan criminal organization. Two incident responders pleaded guilty to conducting ransomware attacks while employed to help victims of such attacks. Denmark officially blames Russia for a cyber attack on a water utility, exacerbating geopolitical tensions

Beauceron CEO David Shipley covers warning for Cisco customers about a zero-day flaw in the Async OS affecting email security infrastructure, attributed to an advanced persistent threat from China. Additionally, French authorities have arrested a Latvian national for attempting to install remote control malware on an Italian ferry, highlighting significant physical and geopolitical cyber risks. Lastly, the ClOP ransomware gang is actively targeting Gladinet Center Stack file servers in an ongoing data theft and extortion campaign.

Beauceron CEO David Shipley talks about Apple security updates to address two actively exploited WebKit vulnerabilities. Scammers manipulate AI-powered search tools to recommend fake support numbers, reflecting a growing security risk. Bitdefender uncovers malware hidden in torrent subtitles for the movie 'One Battle After Another.' Lastly, an AI named Artemis outperforms human penetration testers in a Stanford hacking experiment, highlighting the evolving role of AI in cybersecurity.

Beauceron CEO David Shipley discusses a new significant React vulnerability, React2Shell, that has caused widespread confusion and debate in the security community. This major flaw, affecting a widely used web framework, poses significant risks like remote code execution and malware deployment across numerous organizations. The episode also highlights flaws in AI coding tools discovered by researcher Ari Marzouk, which could compromise integrated development environments (IDEs) and software supply chains. Additionally, a ransomware breach at Marquis Software Solutions, impacting over 70 US banks and credit unions, is examined

Beauceron CEO David Shipley discusses the surge in QR code parking scams, with recent cases in Monaco, Ottawa, and across Europe; an Australian man sentenced for evil twin WiFi attacks targeting travelers; the shutdown of the Code Red emergency notification system due to ransomware; and critical vulnerabilities in Microsoft Teams' guest access feature. He also examines the newly launched hacklore.org website aiming to debunk cybersecurity myths, while critiquing its dismissal of real-world threats.

Beauceron CEO David Shipley talks about how Checkout.com refused to pay a ransom to cyber extortion group Shiny Hunters and instead donated to cybersecurity research. The U.S. SEC ends its long-standing case against SolarWinds and their CISO Tim Brown, highlighting ongoing debates about cybersecurity accountability. Additionally, the FCC reverses cybersecurity mandates originally set after the Salt Typhoon hacks, drawing criticism and raising questions about national security preparedness.

Beauceron CEO David Shipley talks about a massive Fortinet zero-day vulnerability actively exploited, leading to major security patches. North Korean IT workers have infiltrated 136 companies, massively impacting corporate security and funneling millions to the DPRK. Jaguar Land Rover's cyber attack results in a startling $220 million loss, affecting the UK's economy. Lastly, we delve into widespread copy-pasted flaws across leading AI platforms like Meta and Nvidia.

Beauceron CEO David Shipley talks about the emergence of the quantum root redirect (QRR) phishing kit, a sophisticated automated phishing platform targeting Microsoft 365 credentials across 90 countries. The hospitality industry is also being hit with a new 'click fix' phishing campaign, compromising booking systems and targeting hotel guests. Researchers discover new vulnerabilities in ChatGPT, exposing private data via indirect prompt injection attacks. Additionally, the University of Pennsylvania confirms a massive data breach, highlighting the risks of not implementing comprehensive MFA protocols.