David Shipley David Shipley

Apple Security Updates, AI Search Engine Scams, Torrent Malware

Beauceron CEO David Shipley talks about Apple security updates to address two actively exploited WebKit vulnerabilities. Scammers manipulate AI-powered search tools to recommend fake support numbers, reflecting a growing security risk. Bitdefender uncovers malware hidden in torrent subtitles for the movie 'One Battle After Another.' Lastly, an AI named Artemis outperforms human penetration testers in a Stanford hacking experiment, highlighting the evolving role of AI in cybersecurity.

Read More
David Shipley David Shipley

Critical React flaw, AI coding tool issues and financial services supply chain hack

Beauceron CEO David Shipley discusses a new significant React vulnerability, React2Shell, that has caused widespread confusion and debate in the security community. This major flaw, affecting a widely used web framework, poses significant risks like remote code execution and malware deployment across numerous organizations. The episode also highlights flaws in AI coding tools discovered by researcher Ari Marzouk, which could compromise integrated development environments (IDEs) and software supply chains. Additionally, a ransomware breach at Marquis Software Solutions, impacting over 70 US banks and credit unions, is examined

Read More
David Shipley David Shipley

QR Code Parking Scams, Evil Twin WiFi Attacks & Microsoft Teams Flaw

Beauceron CEO David Shipley discusses the surge in QR code parking scams, with recent cases in Monaco, Ottawa, and across Europe; an Australian man sentenced for evil twin WiFi attacks targeting travelers; the shutdown of the Code Red emergency notification system due to ransomware; and critical vulnerabilities in Microsoft Teams' guest access feature. He also examines the newly launched hacklore.org website aiming to debunk cybersecurity myths, while critiquing its dismissal of real-world threats.

Read More
David Shipley David Shipley

Checkout.com Takes a Bold Stance, SolarWinds Case Dismissed, and FCC Reverses Mandate

Beauceron CEO David Shipley talks about how Checkout.com refused to pay a ransom to cyber extortion group Shiny Hunters and instead donated to cybersecurity research. The U.S. SEC ends its long-standing case against SolarWinds and their CISO Tim Brown, highlighting ongoing debates about cybersecurity accountability. Additionally, the FCC reverses cybersecurity mandates originally set after the Salt Typhoon hacks, drawing criticism and raising questions about national security preparedness.

Read More
David Shipley David Shipley

Fortinet Zero Day Vulnerability Exploited In The Wild

Beauceron CEO David Shipley talks about a massive Fortinet zero-day vulnerability actively exploited, leading to major security patches. North Korean IT workers have infiltrated 136 companies, massively impacting corporate security and funneling millions to the DPRK. Jaguar Land Rover's cyber attack results in a startling $220 million loss, affecting the UK's economy. Lastly, we delve into widespread copy-pasted flaws across leading AI platforms like Meta and Nvidia.

Read More
David Shipley David Shipley

New advanced phishing kit discovered, hospitality click fix campaign and more AI prompt injection headaches

Beauceron CEO David Shipley talks about the emergence of the quantum root redirect (QRR) phishing kit, a sophisticated automated phishing platform targeting Microsoft 365 credentials across 90 countries. The hospitality industry is also being hit with a new 'click fix' phishing campaign, compromising booking systems and targeting hotel guests. Researchers discover new vulnerabilities in ChatGPT, exposing private data via indirect prompt injection attacks. Additionally, the University of Pennsylvania confirms a massive data breach, highlighting the risks of not implementing comprehensive MFA protocols.

Read More
David Shipley David Shipley

Alarm bells at Ivy League school after hack

In this episode, David Shipley unpacks a high-stakes cyber incident at the University of Pennsylvania that’s as much about reputation as it is about security. He also covers new warnings from Western cyber agencies on securing Exchange and WSUS servers before attackers strike, and the resurgence of the “BadCandy” exploit hitting unpatched Cisco routers worldwide. It’s a sharp reminder that in cybersecurity, vigilance — not fear — is what keeps organizations safe.

Read More
David Shipley David Shipley

TikTok Malware & Europol's SIM Farm Takedown

Beauceron CEO David Shipley covers the latest developments in cyber threats and law enforcement victories. Topics include: cybercriminals using TikTok videos to disseminate malware through click-fix attacks, Europol shutting down a massive SIM farm powering 49 million fake online accounts, and Microsoft's emergency patch release for a critical ASP.NET Core vulnerability rated 9.9 out of 10 in severity.

Read More
David Shipley David Shipley

FBI Shuts Down BreachForums

Beauceron CEO David Shipley discusses several major events, including the FBI's takedown of the Breach Forums portal. This site was associated with a significant Salesforce data breach and extortion campaign led by groups like Shiny Hunters and ScatteredLapsus Hunters. Oracle users are also warned about a new critical vulnerability in the E-Business Suite, which could allow unauthorized data access without requiring login credentials. Additionally, the resurgence of the Asuru botnet, leveraging compromised IoT devices to execute large-scale DDoS attacks, raises concerns.

Read More
David Shipley David Shipley

AI Browser Allows Data Theft

Beauceron CEO David Shipley talks about how researchers at Layer X uncovered a flaw in the Perplexity Comet AI browser that allows malicious prompts to turn the browser into a data thief with just a single click. Additionally, Discord has disclosed a data breach affecting users' personal information due to a third-party customer service provider compromise. Cybersecurity researchers have also reported a massive surge in scans targeting Palo Alto Network's login portals, suggesting potential reconnaissance for future attacks. Finally, the US Department of Defense has opted to reduce its mandatory cybersecurity training to allow military personnel to focus on their core missions, a move that has raised concerns given the intertwined nature of cyber and kinetic warfare.

Read More