Cybersecurity Today

Inside the Vercel Breach: Highlighting OAuth Token Risk 
In a special edition of Cybersecurity Today, host Jim Love and guest Jamie Blasco (CTO, Nudge Security) discuss Vercel, a major developer hosting platform, and a breach tied to OAuth grants and shadow AI. Reporting shared by Contrast Security's David Lindner describes how a Context AI employee downloaded Roblox AutoFarm scripts, got infected with an info stealer, and attackers harvested credentials, compromised Context AI, then used an over-permissioned OAuth token from a Vercel employee who had signed up to Context AI with an enterprise account and clicked "allow all," with Vercel working with Mandiant on a breach allegedly being sold for $2 million. The episode emphasizes that MFA may not mitigate OAuth abuse, urges admin-managed consent, continuous inventory and auditing of OAuth grants, and better visibility into risky third-party app access across Google Workspace and Microsoft 365.
Cybersecurity Today would like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking stack, wired, wireless and cellular in one integrated solution that's built for performance and scale.  You can find them at Meter.com/cst
00:00 Special Edition Intro
00:14 Sponsor Message Meter
00:33 Supply Chain Hack Setup
01:16 Breach Seen In Wild
02:36 Meet Jamie Blasko
02:56 Who Is Vercel
04:34 How The Breach Happened
05:58 Context AI And Shadow IT
07:58 OAuth Controls And Audits
09:11 Impact And Open Questions
11:24 Why MFA Falls Short
12:22 Where To Get Help
14:07 Host Takeaways OAuth Risk
14:53 What To Do Next
16:06 Wrap Up And Feedback
16:42 Sponsor Close Meter
17:24 Final Sign Off

Vercel Supply-Chain Breach via AI Tool, Meta Sued Over Scam Ads, and Ransomware Surges with "The Gentleman"
David Shipley covers new details on the Vercel breach, which began when an employee used the third-party AI tool Context AI; after Context AI was breached, attackers leveraged Google OAuth access to pivot into Vercel systems and enumerate unencrypted "non-sensitive" environment variables that contained usable secrets, with a hacker claiming Vercel data and source code and demanding $2M, while Vercel says Next.js and other open-source projects are safe and shares Google OAuth indicators of compromise. The episode also discusses a proposed class-action lawsuit alleging Meta misled users about scam ads and profited from them, noting Meta's claim it removed 159M scam ads and shut down nearly 11M criminal accounts. Finally, it cites ZeroFox data showing ransomware incidents holding steady at 2,059 in Q1 2026 and highlights Check Point research indicating "The Gentleman" has a much larger victim footprint and uses tactics like disabling Defender, re-enabling SMB1, abusing GPO, and targeting VMware environments.
Cybersecurity Today would like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking stack, wired, wireless and cellular in one integrated solution that's built for performance and scale.  You can find them at Meter.com/cst
00:00 Headlines and Sponsor
00:46 Vercel AI Supply Chain Breach
02:50 Meta Sued Over Scam Ads
04:55 Ransomware Numbers Q1 2026
06:46 Gentlemen Crew Exposed
08:56 Wrap Up and Thanks
09:42 Sponsor Message Meter

Microsoft Under Fire, NIST Scales Back NVD, FortiSandbox Critical Bugs, Vercel Breach Claims, Scattered Spider Member Pleads Guilty
Host David Shipley covers five major stories: researcher "Chaotic Eclipse" publicly released Windows exploits—first "Blue Hammer," then "Red Sun," a Microsoft Defender flaw enabling privilege escalation on fully patched Windows 10/11 and Server—amid claims Microsoft mistreated them, highlighting strain on responsible disclosure as vendors face mounting vulnerability volume and AI-driven bug discovery. NIST announced it can no longer fully enrich all CVEs in the National Vulnerability Database, prioritizing only exploited-in-the-wild issues, federal software, and critical software, leaving the rest backlogged. In "FortiWatch," two critical FortiSandbox flaws allow auth bypass and remote command execution; patches are available. Vercel confirmed attackers accessed internal systems and urges customers to review and rotate environment variables amid unverified ShinyHunters ransom claims. Finally, alleged Scattered Spider member Tyler Buchanan pled guilty to an $8M crypto theft case, with reporting describing the group's social engineering tactics and escalating real-world violence tied to cybercrime.
Cybersecurity Today  would like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking stack, wired, wireless and cellular in one integrated solution that's built for performance and scale.  You can find them at Meter.com/cst
00:00 Headlines And Sponsor
00:49 Microsoft Bug Drop
03:00 Disclosure System Strain
05:59 NVD Backlog Crisis
08:47 FortiWatch FortiSandbox
11:43 Vercel Breach Fallout
14:43 Scattered Spider Guilty Plea
18:54 Wrap Up And Thanks

Cybersecurity Today Month-in-Review: RSAC AI Hype, Agentic Risks, Mythos Claims, and Real-World Resilience
Jim Love hosts a delayed March month-in-review with panelists David Shipley and Laura Payne, starting with RSAC takeaways: agentic AI everywhere, heightened marketing spectacle, and industry tension as AI becomes the new "cool kid." They discuss the surge of autonomous agents, including OpenClaw-style experimentation leading to stolen tokens and the ease of social-engineering LLMs, plus legal and brand risks of chatbots after the Air Canada precedent. The panel debates Anthropic's source-code leak and "Mythos" messaging, while acknowledging AI tools are finding real zero-days amid massive technical debt and rising exploit speed, raising questions about liability and EU accountability. They highlight a positive case: Stryker Medical's rapid recovery after 80,000 devices were wiped via Intune settings, and note additional incidents targeting healthcare, critical infrastructure PLCs, supply-chain attacks, and longer-term impacts from major source-code thefts.
Cybersecurity Today  would like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking stack, wired, wireless and cellular in one integrated solution that's built for performance and scale.  You can find them at Meter.com/cst
 
00:00 Show Intro Sponsor
00:22 Panel Welcome Setup
01:56 RSAC Vibes Agentic AI
03:19 Conference Hype Booths
06:32 AI Free Fridays Skills
08:12 Marketing Hype Filters
11:38 Agent Networks Gone Wild
16:00 Social Engineering LLMs
19:45 Chatbots Liability Law
23:13 Anthropic Leak Mythos
25:17 AI Code Quality Debate
29:28 Technical Debt Bug Mining
30:40 AI Hacking Era
32:09 Paying Down Tech Debt
32:54 Software Liability Shift
34:24 AI Pen Testing Scale
37:53 Token Costs and Proof
40:08 Canary Traps and Ethics
41:26 Blast Radius Resilience
44:17 Stryker Wipe Recovery
46:52 More Attacks Recap
50:07 Fast Cheap Code Debate
53:26 War Rules and Agents
56:32 Back to Basics Close
01:00:18 Final Thanks Sponsor

WebEx SSO Vulnerability, booking.com Reservation Hijacking Risks, Windows Recall Scrutiny, and AI Vishing-as-a-Service
Host Jim Love reports that Cisco disclosed a critical WebEx vulnerability (CVE-2026-2184) affecting SSO integration with Control Hub; although server-side fixes are applied and no exploitation is seen, SSO customers must update SAML certificate configuration to avoid disruption when the old certificate expires, amid recent Cisco firewall zero-day exploitation (CVE-2026-2131) tied to interlock ransomware. A booking.com breach exposed some customers' reservation data (names, contact and address details, reservation details, and messages) but not payment cards, increasing phishing "reservation hijacking" risk using real itinerary details. Researchers also highlight new concerns with Microsoft's Windows 11 Recall, where data may be intercepted after login via another process, though Microsoft says protections are intended. Finally, an underground $4,000 platform, ATHR, automates phishing/vishing with AI voice agents to steal verification codes and accounts across major services.
Cybersecurity Today would like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking stack, wired, wireless and cellular in one integrated solution that's built for performance and scale. You can find them at Meter.com/cst
00:00 Top Security Headlines
00:32 Sponsor Message
00:50 WebEx Critical Flaw
02:36 Booking.com Breach Scams
05:20 Windows Recall Weaknesses
08:36 AI Voice Phishing Service
11:24 Wrap Up and Thanks