Instagram AI Support Hack Hits 20,225 Accounts; AI Worm 'Hades' Lies to Security Tools; Chrome Zero-Day Patch

Host David Shipley reports Meta says 20,225 Instagram accounts were hijacked after an AI support tool was tricked into sending reset links to attacker-controlled emails, with only MFA-protected accounts resisting. Step Security details a new Miasma-derived worm wave called Hades that targets config files for 14 AI coding tools, can inject instructions to hijack assistants, lies to AI security tools, and includes a "dead man switch" wipe if stolen GitHub tokens are revoked; Microsoft also removed some GitHub repos after 73 open-source projects were compromised to inject an info stealer. University of Toronto and Vector Institute researchers demonstrated an AI worm using a free local model that spread across a simulated network via known flaws and misconfigurations. Google issued an emergency Chrome patch for actively exploited CVE-2026-11645 in V8, and insurers are tightening claims scrutiny and increasingly excluding AI-related liabilities.

00:00 Instagram AI Hack Fallout
01:36 AI Worm Hades Evolves
02:55 Microsoft Repo Compromise
03:54 Lab Built AI Worm Demo
05:27 Emergency Chrome Zero Day
07:07 Cyber Insurance Tightens Up
08:02 AI Liability Coverage Shrinks
09:16 Wrap Up and Sign Off

TClaude Outage Data Leak Fears, Microsoft GitHub Worm, IBM Hack Allegations, Meta AI Instagram Takeovers, and Canada's Bill C-8

David Shipley reports that Anthropic's Claude suffered a roughly two-hour outage affecting models including Opus, during which a user alleged receiving another customer's conversation; Anthropic says it has no evidence of a data leak and is investigating. A Team PCP self-spreading worm, Miasma, infected 73 Microsoft GitHub repositories across four accounts and now triggers via AI coding assistants when developers open cloned projects. A former IBM threat-intel executive, William Barlow, alleges IBM was hacked three times by foreign governments (including APT10 from 2013–2016) and concealed it; IBM denies wrongdoing and the claims are unproven. TechCrunch reports attackers hijacked Instagram accounts by persuading Meta's support chatbot to relink accounts to attacker emails, with ongoing reports despite Meta saying it's fixed. Canada's Senate passed critical-infrastructure cybersecurity law Bill C-8, mandating rules and incident reporting for telecom, finance, energy, and transportation.

00:00 Top Headlines Rundown
00:37 Claude Outage Data Leak Fears
02:17 Miasma Worm Hits Microsoft
03:52 IBM Breach Cover Up Claims
05:25 Meta AI Hands Over Instagram
06:40 Why Chatbots Fail Social Engineering
07:44 Canada Passes C-8 Cyber Law
09:58 Wrap Up and Sign Off

Host Jim Love and panelists David Shipley, Laura Payne, and Jeff Williams discuss a researcher ("Chaotic/Nightmare Eclipse") publicly disclosing multiple Windows zero-days affecting components including Defender and BitLocker, frustration with Microsoft's vulnerability disclosure process, and backlash to Microsoft's initially threatening tone before it was partially walked back; the panel debates responsible disclosure, the need for researcher support/organization, transparency vs liability, and how vulnerability reporting is straining under volume. They then examine a White House AI executive order focused on voluntary measures and 30-day model access, criticizing the lack of basic safety and cybersecurity protections amid FOMO about losing to China and an AI investment bubble. The conversation covers AI-driven harms and studies on reduced brain activity and "cognitive surrender," while noting benefits when AI is used as a tutor. Shipley highlights Canada's Senate passing Bill C-8 on critical infrastructure cybersecurity, and the group urges outcome-focused security, architecture/risk prioritization, and critical thinking against AI-enabled social engineering.

Cybersecurity Today would like to thank Material Security for sponsoring this podcast. Material Security provides faster, more complete detection and response for email, identity, and data threats inside Google Workspace and Microsoft 365. You can contact them at material[dot]security.

00:00 Sponsor Message
00:24 Show Welcome Panel
01:17 Microsoft Zero Day Fallout
04:19 Researcher Backlash Drama
06:46 Unionizing Bug Hunters
13:10 Product Liability Debate
23:23 Regulation vs Transparency
26:00 AI Bubble Investor Risk
28:01 White House AI Order
32:24 Cybersecurity Gaps Telecom
33:19 Telecom Trust Breakdown
34:32 AI Harms and Exploitation
35:36 Studies on Cognitive Surrender
38:13 Markets Regulation and Politics
40:13 Canada Cyber Law Win
42:33 Adoption Hype and Subsidy Bubble
48:50 Patch Deluge and AppSec Strain
52:10 Defenses Beyond Patching
54:17 Outcomes Critical Thinking and CIA
01:01:49 Education Disruption and Closing
01:04:14 Sponsor Message Material Security

A newly disclosed attack called HTTP/2 Bomb can crash major web servers in seconds using a single computer and a modest internet connection. Researchers say the attack combines two known techniques into a powerful memory-exhaustion exploit affecting widely used platforms including Apache, NGINX, Microsoft IIS, and Envoy. The attack also highlights a growing trend in cybersecurity research: the use of artificial intelligence to uncover dangerous combinations of existing vulnerabilities.

The episode also examines President Trump's new executive order creating a voluntary framework for reviewing advanced AI models before public release. The administration says the goal is to improve cybersecurity and national security visibility while avoiding mandatory regulation or licensing requirements.

Next, a new Cloud Security Alliance report warns that organizations are struggling to keep up with the growing volume of vulnerabilities. Security teams increasingly face difficult choices about which flaws to patch first as cloud environments, containers, APIs, and third-party software continue to expand the attack surface.

Finally, CISA warns that attackers are actively exploiting both a newly patched Android vulnerability and a years-old Linux flaw. The contrast highlights a simple reality: cybercriminals do not care whether a vulnerability is new or old. They care whether it remains exploitable.

Stories in this episode
HTTP/2 Bomb Can Crash Web Servers in Seconds
Researchers disclose a denial-of-service technique capable of exhausting server memory in under a minute, while OpenAI's Codex helps uncover a novel attack chain.
Trump Creates Voluntary AI Security Reviews as Government Seeks Visibility Into Frontier Models
A new executive order establishes voluntary reviews of advanced AI systems before public release, raising questions about visibility, oversight, and national security.
The Cybersecurity Industry's Patch-Everything Strategy May Be Breaking Down
A Cloud Security Alliance report suggests organizations are overwhelmed by vulnerability volume and increasingly forced to choose which risks to address.
CISA Warning Shows Attackers Don't Care Whether a Vulnerability Is New or Old
Active exploitation of both a newly patched Android flaw and an older Linux vulnerability demonstrates that attackers focus on opportunities, not disclosure dates.

Cybersecurity Today brings you the latest cybersecurity news, threat intelligence, breach reports, vulnerability disclosures, ransomware developments, cybercrime investigations, and security research affecting organizations around the world.

#Cybersecurity #CyberSecurityToday #InfoSec #CyberNews #Ransomware #ThreatIntelligence #VulnerabilityManagement #AndroidSecurity #LinuxSecurity #ArtificialIntelligence #HTTP2 #CISA #CloudSecurity #OpenAI #PatchManagement

Cybersecurity Today for June 2, 2026.

Microsoft has backed away from its hard-line stance against vulnerability researchers after widespread criticism from the security community. The dispute began after independent researcher Nightmare Eclipse published proof-of-concept code for unpatched Microsoft vulnerabilities, triggering a public debate over responsible disclosure, zero-days, and researcher relations.

Cybersecurity Today would like to thank Material Security for sponsoring this podcast. Material Security provides faster, more complete detection and response for email, identity, and data threats inside Google Workspace and Microsoft 365. You can contact them at material[dot]security.

Carnival Corporation disclosed a social-engineering attack that led to the theft of sensitive personal information affecting nearly six million people. Exposed data includes names, contact information, dates of birth, and government identification details. The ShinyHunters cybercrime group has claimed responsibility and alleges the breach involved even more records.

Password manager provider Dashlane temporarily locked some customers out of their accounts after large-scale password-guessing attacks triggered automated security protections. Access was later restored, although some users reported lingering issues.

The episode also examines a software supply-chain attack uncovered by Wiz involving 32 Red Hat Cloud Services NPM packages. Attackers compromised a Red Hat employee's GitHub account and inserted Miasma malware designed to steal Google Cloud and Microsoft Azure credentials.

Timestamps:

00:00 Sponsor Message
00:28 Headlines And Intro
00:55 Microsoft Researcher Dispute
02:58 Carnival Cruise Data Breach
04:48 Dashlane Lockouts Explained
06:09 Miasma Malware Supply-Chain Attack
08:10 Wrap Up And Sign Off
08:31 Sponsor Deep Dive

#Cybersecurity #DataBreach #Carnival #Microsoft #Dashlane #RedHat #SupplyChainAttack #CyberSecurityToday

Microsoft's dispute with a former security researcher takes a dramatic turn as the company raises the possibility of criminal action over the publication of proof-of-concept code for unpatched zero-day vulnerabilities. David Shipley examines the escalating conflict between Microsoft and "Nightmare Eclipse," the criticism from prominent security researchers including Kevin Beaumont and Katie Moussouris, and what the controversy could mean for the future of vulnerability disclosure.

Cybersecurity Today would like to thank Material Security for sponsoring this podcast. Material Security provides faster, more complete detection and response for email, identity, and data threats inside Google Workspace and Microsoft 365. You can contact them at material[dot]security.

The episode also explores a new category of insider risk after U.S. prosecutors charged Google security engineer Michael Spagnuolo with allegedly using confidential Google search trend data to earn more than $1.2 million on the prediction market Polymarket. The case highlights how prediction markets may create unexpected incentives around non-financial corporate information.

Also covered: active exploitation of Palo Alto Networks' GlobalProtect VPN authentication bypass vulnerability CVE-2026-0257, now added to CISA's Known Exploited Vulnerabilities (KEV) catalogue, and a malware campaign that abuses legitimate ChatGPT sharing pages and Google Ads to trick users into downloading malicious software. Researchers also report similar abuse of Anthropic's Claude Artifacts feature.

Chapters

00:00 Top Headlines Rundown
00:26 Microsoft vs Zero-Day Researcher
01:28 Responsible Disclosure Fallout
03:32 Why This Dispute Matters
04:32 Polymarket Insider Trading Case
06:07 Prediction Markets Create New Insider Risks
06:55 Palo Alto VPN Authentication Bypass
08:25 ChatGPT Pages Used to Deliver Malware
09:51 Wrap Up and Sign Off

Cybersecurity Today is Canada's leading daily cybersecurity news podcast, covering ransomware, vulnerabilities, nation-state threats, cybercrime, security research, privacy, and critical infrastructure security.

#Cybersecurity #Microsoft #PaloAltoNetworks #ChatGPT #OpenAI #Google #Polymarket #ThreatIntelligence #InfoSec #CyberSecurityToday

Host David Shipley speaks with cybersecurity professional Cheryl Biswas about her journey into the industry and why she believes Arctic sovereignty must be viewed as a cybersecurity challenge as much as a geopolitical one.

Biswas traces her path from political science and a help desk role at CP Rail to cybersecurity, inspired by the discovery of the Stuxnet malware and the global security community that formed around it. She discusses her experiences speaking at BSides Las Vegas, attending DEF CON, helping build a major Canadian bank's threat intelligence program, and recently earning her Certified Information Systems Security Professional (CISSP) designation.

The conversation then shifts north. As Canada invests billions in Arctic defence, communications, transportation, and critical infrastructure, Biswas explains how every new connected system can create new cyber risks. The discussion covers threats to satellites, navigation systems used by ships and aircraft, undersea communications cables, government services, healthcare, energy systems, and the fragile supply chains that support northern communities.

They also explore why collaboration with northern and Indigenous communities is essential, the importance of improving connectivity across the Arctic, and how Canada can work more closely with international partners to strengthen resilience in one of the world's most strategically important regions.

Cheryl also shares advice for newcomers to cybersecurity and discusses the kind of strategic threat intelligence and research work she hopes to pursue in the future.

Chapters

00:00 Weekend Show Kickoff
00:46 Cheryl's Cyber Origin Story
02:30 Stuxnet and Hacker Community
04:06 From BSides to DEF CON
05:10 Threat Intelligence Career Today
05:50 Arctic Sovereignty Meets Cyber
07:41 Canada's Arctic Reality Check
10:14 Why Cyber Matters Up North
12:07 Maritime and Navigation Risks
15:50 Undersea Cables and Fragile Supply
19:55 Solutions, Collaboration and Technology
24:22 Talk Feedback and How to Connect
25:42 Dream Role and Advice to Newcomers
29:16 Closing Reflections and Sendoff

#Cybersecurity #ArcticSovereignty #Canada #CriticalInfrastructure #ThreatIntelligence #CISSP #CyberSecurityToday #DavidShipley #DEFCON #BSides #ArcticSecurity #NationalSecurity #CriticalInfrastructureProtection #ThreatIntel #CyberRisk

CISA has ordered U.S. federal civilian agencies to urgently patch an actively exploited critical Drupal SQL injection vulnerability (CVE-2026-9082) affecting PostgreSQL-backed Drupal deployments, after Imperva reported more than 15,000 attack attempts across 65 countries. Microsoft has confirmed a strange Windows Server 2016 update issue where KB5087537 can break domain controller discovery when server hostnames are exactly 15 characters long, raising more questions about patch reliability as update complexity grows.

Google has joined a coalition opposing Canada's proposed lawful access legislation, Bill C-22, warning that secret ministerial orders, possible encryption risks, and mandatory metadata retention could weaken security rather than improve it. Critics point to the Salt Typhoon telecom espionage campaign as evidence that lawful intercept systems themselves can become prime targets.

Also in this episode: Check Point says Iran-linked threat group Nimbus Manticore has deployed new malware tools including MiniFast and MiniJunk V2, with researchers noting signs that MiniFast may have been developed with AI-assisted coding techniques. The campaign used SEO poisoning and fake Oracle SQL Developer downloads to lure victims.

Timestamps:
00:00 Top Headlines Rundown
00:27 Emergency Drupal Patch Order
02:22 Microsoft Server Update Bug
04:02 Canada Lawful Access Battle
05:18 Google's Security Concerns
06:25 Salt Typhoon Lessons
07:35 Iran-Linked AI Malware
09:26 SEO Poisoning Attack
10:09 Wrap Up and Sign Off