logo
episode-header-image
Oct 24
8m 14s

Cybersecurity Today: New Threats from AI...

Jim Love
About this episode

In today's episode, host Jim Love discusses the discovery of the 'Glass Worm,' a self-spreading malware hidden in Visual Studio Code extensions downloaded over 35,000 times. The worm, hiding its malicious JavaScript in invisible unicode characters, steals developer credentials and drains crypto wallets. He also covers the security flaws in AI-powered IDEs like Cursor and Windsurf, leaving 1.8 million developers vulnerable. Lastly, a new survey from ISACA reveals that AI-driven attacks are now the top cybersecurity concern for 2026, overtaking ransomware and insider threats. Love advises how developers and security teams can mitigate these threats.

00:00 Introduction and Shoutout
01:10 Cybersecurity Headlines
01:46 Glass Worm Malware in Visual Studio Code
04:06 AI-Powered IDEs with Security Flaws
06:00 AI-Driven Cybersecurity Threats
07:50 Conclusion and Contact Information

Up next
Jun 2024
Cyber Security Today, June 14, 2024 - Employee downloaded file that led to hospital chain's ransomware attack
This episode reports on the latest ransomware news, another North Korean threat actor putting  malicious packages on the NPM registry, vulnerabilities in some open source AI apps, and more 
7m 52s
Jun 2024
Cyber Security Today, June 3, 2024 - Four cloud-related data breaches
This episode reports on confirmation of cyber attacks on Ticketmaster, Santander bank, a Canadian broadcaster, and more 
7m 37s
May 2024
Cyber Security Today, May 27, 2024 - Security controversy over a new Microsoft tool, a new open source threat intelligence service
This episode reports on fake antivirus web sites to stay away from, and more 
6m 14s
Recommended Episodes
Jul 2023
New phishing campaigns hit Microsoft 365 and Adobe users. Big Head ransomware. Multichain bridge compromised. CISA adds a KEV. Progress patches MOVEit. Telegram's role in Russia's war.
New phishing campaigns afflict users of Microsoft 365 and Adobe. An analysis of Big Head ransomware. Multichain reports a crypto heist with over $100 million stolen. CISA makes an addition to the Known Exploited Vulnerability Catalog. Progress Software issues additional MOVEit pa ... Show More
31m 15s
Aug 2024
Cyber revolt or just digital ruckus?
Hacktivists respond to the arrest of Telegram’s CEO in France. Stealthy Linux malware stayed undetected for two years. Versa Networks patches a zero-day vulnerability. Google has patched its tenth zero-day vulnerability of 2024. Researchers at Arkose labs document Greasy Opal. A ... Show More
25m 20s
Aug 18
Workday’s bad day.
HR software giant Workday discloses a data breach. Researchers uncover a zero-day in Elastic’s EDR software. Ghost-tapping is an emerging fraud technique where cybercriminals use NFC relay attacks to exploit stolen payment card data. Germany may be on a path to ban ad blockers. A ... Show More
26m 56s
Aug 15
Media server mayday.
Plex urges users to immediately update their Media Server due to an undisclosed security flaw. Cisco warns of a critical remote code execution flaw in their Secure Firewall Management Center software.Rockwell Automation discloses multiple critical and high-severity flaws. Hackers ... Show More
29m 33s
Dec 2024
When AI goes offline.
ChatGPT and Meta face widespread outages. Trump advisors explore splitting NSA and CyberCom leadership roles. A critical vulnerability in Apache Struts 2 has been disclosed. “AuthQuake” allowed attackers to bypass Microsoft MFA protections. Researchers identify Nova, a sophistica ... Show More
27m 10s
May 2019
Stone Panda update. A new strain of Mirai. Bogus cryptocurrency apps are trending in Google Play. Mr. Assange is charged under the Espionage Act. Info ops. Law firms as phishbait.
Stone Panda is distributing the Quasar RAT. A new strain of Mirai is out. Bitcoin prices are up, and so is the incidence of malicious cryptocurrency apps in Google Play. The US charges Wikileaks’ Julain Assagne with seventeen new counts under the Espionage Act. UK political parti ... Show More
27m 11s
Sep 2
Blizzard warning: Amazon freezes midnight hack.
Researchers disrupt a cyber campaign by Russia’s Midnight Blizzard. The Salesloft Drift breach continues to ripple outward. WhatsApp patches a critical flaw in its iOS and Mac apps. A fake PDF editing tool delivers the TamperChef infostealer. A hacker finds crash data Tesla claim ... Show More
32m 11s
Sep 2020
Ransomware versus shipping, hospitals, and schools. Cyberattacks’ growing sophistication. An interim rule enables implementation of the US Defense Department’s CMMC program.
Three (count ‘em) three big ransomware attacks are in progress. One of them has moved into its doxing phase. Microsoft resolves authentication problems that briefly disrupted services yesterday. Tracking trends in cyberattacks--the sophistication seems to lie in the execution. Th ... Show More
24m 33s
Mar 2024
Safeguarding American data from foreign hands.
The House Unanimously Passes a Bill to Halt Sale of American Data to Foreign Foes. The U.S. Sanctions Russian Individuals and Entities for a Global Disinformation Campaign. China warns of cyber threats from foreign hacking groups. A logistics firm isolates its Canadian division a ... Show More
36m 44s
Jul 2022
Espionage and cyberespionage. Albania's national IT networks work toward recovery. Malicious apps ejected from Google Play. White House summit addresses the cyber workforce. Notes on cybercrime.
A Cozy Bear sighting. Shaking up Ukraine's intelligence services. Albania's national IT networks continue to work toward recovery. US Justice Department seizes $500k from DPRK threat actors. The FBI warns of apps designed to defraud cryptocurrency speculators. A White House meeti ... Show More
29m 6s
Listen to millions of songs and podcasts on Anghami