1
00:00:00,000 --> 00:00:01,109
Cybersecurity today.

2
00:00:01,109 --> 00:00:03,480
Would like to thank Meter for
their support in bringing you.

3
00:00:03,480 --> 00:00:08,909
This podcast Meter delivers a complete
networking stack, wired, wireless and

4
00:00:08,909 --> 00:00:14,369
cellular in one integrated solution
that's built for performance and scale.

5
00:00:14,790 --> 00:00:19,199
You can find them at meter.com/cst.

6
00:00:22,356 --> 00:00:23,246
Apple issues.

7
00:00:23,246 --> 00:00:25,706
Security updates after two zero days.

8
00:00:25,706 --> 00:00:28,736
Exploited in the wild scammers Trick.

9
00:00:28,736 --> 00:00:32,666
Popular AI search engines into
recommending fake support.

10
00:00:32,666 --> 00:00:33,326
Numbers.

11
00:00:34,146 --> 00:00:37,596
Torrent hides malware in subtitles and.

12
00:00:38,556 --> 00:00:43,896
AI outperforms nine out of 10 pen
testers in Stanford Hacking Experiment.

13
00:00:45,186 --> 00:00:49,116
This is Cybersecurity today, and
I'm your host, David Shipley.

14
00:00:49,116 --> 00:00:49,536
Let's get started.

15
00:00:52,071 --> 00:00:55,251
We start today with a broad
security update from Apple.

16
00:00:55,281 --> 00:00:59,301
After the company confirmed that two
web kit vulnerabilities were actively

17
00:00:59,301 --> 00:01:05,091
exploited in the wild on Friday,
apple released patches for iOS, iPad,

18
00:01:05,331 --> 00:01:11,601
os, Mac, ost, V Os, watch os, vision
os, and the Safari web browser.

19
00:01:12,561 --> 00:01:18,351
The updates address two flaws in WebKit
Apple's browser engine, both of which

20
00:01:18,351 --> 00:01:22,851
can be triggered when a device processes
maliciously crafted web content.

21
00:01:23,571 --> 00:01:31,401
The first vulnerability CVE 20 25 43
52 9 is a use after free flaw that

22
00:01:31,401 --> 00:01:34,191
could allow arbitrary code execution.

23
00:01:34,921 --> 00:01:43,621
The second CVE 20 25 14 1 7 4 is a memory
corruption issue with A-C-V-S-S score

24
00:01:43,621 --> 00:01:47,221
of 8.8 indicating a high severity risk.

25
00:01:48,091 --> 00:01:52,836
Apple says that it is aware that the
vulnerabilities may have been exploited

26
00:01:52,836 --> 00:01:57,756
in an extremely sophisticated attack
against specific targeted individuals

27
00:01:58,746 --> 00:02:02,316
running versions of iOS prior to iOS 26.

28
00:02:03,576 --> 00:02:10,326
One of these flaws, CVE 20 25 1 4
1 7 4 is the same vulnerability.

29
00:02:10,356 --> 00:02:14,886
Google patched earlier last
week in its chrome browser.

30
00:02:15,306 --> 00:02:19,536
Google described the issue as an
out of bounds memory access issue

31
00:02:19,566 --> 00:02:24,546
in the angle graphics library,
specifically within the metal renderer.

32
00:02:25,401 --> 00:02:28,791
Apple security engineering and
architecture team and Google's

33
00:02:28,791 --> 00:02:31,851
strut analysis group were
credited with discovering and

34
00:02:31,851 --> 00:02:33,231
reporting the vulnerabilities.

35
00:02:33,801 --> 00:02:36,741
Apple also credited Google's
strut analysis group with

36
00:02:36,741 --> 00:02:40,941
identifying CVE 20 25 43, 5 29.

37
00:02:41,911 --> 00:02:46,141
Because Web Cat is used not only
by Safari, but by all third party

38
00:02:46,141 --> 00:02:51,691
browsers on iOS and iPad os,
including Chrome Edge and Firefox.

39
00:02:52,021 --> 00:02:54,931
The impact of these
vulnerabilities extends across

40
00:02:54,991 --> 00:02:56,821
the mobile browsing ecosystem.

41
00:02:57,249 --> 00:03:00,849
Apple has released fixes across multiple
platforms and devices, including

42
00:03:00,879 --> 00:03:06,069
iPhones, iPads, Macs, apple Watch,
apple tv, vision Pro and Safari.

43
00:03:06,069 --> 00:03:11,289
On Mac Os, the company says users should
update to the latest available versions

44
00:03:11,409 --> 00:03:14,289
as soon as possible with these releases.

45
00:03:15,129 --> 00:03:16,389
Apple is now patched.

46
00:03:16,389 --> 00:03:21,045
Nine zero day vulnerabilities
exploited in the wild so far in 2025.

47
00:03:24,519 --> 00:03:27,849
Our next story comes from Wired
reporting on a new technique.

48
00:03:27,849 --> 00:03:31,839
Scammers are using to manipulate
AI powered search tools, and in

49
00:03:31,839 --> 00:03:35,919
some cases steer users directly
to fraudulent call centers.

50
00:03:37,299 --> 00:03:40,719
Scammers are poisoning the public
web sources that large language

51
00:03:40,719 --> 00:03:45,129
models rely on causing AI tools
to service fake customer support

52
00:03:45,129 --> 00:03:46,844
numbers as if they were legitimate.

53
00:03:47,844 --> 00:03:51,804
Researchers say the activity represents
a growing security risk tied to

54
00:03:51,804 --> 00:03:55,884
how AI search and summarization
systems gather information.

55
00:03:56,814 --> 00:04:00,354
The research was published on
December 8th by Aura Labs, part

56
00:04:00,354 --> 00:04:02,074
of cybersecurity firm Aurascape

57
00:04:02,904 --> 00:04:07,674
The team refers to the technique as large
language model phone number poisoning.

58
00:04:08,574 --> 00:04:12,024
Rather than attacking AI systems
directly, threat actors are

59
00:04:12,024 --> 00:04:13,614
manipulating the public content.

60
00:04:13,614 --> 00:04:18,684
Those systems scrape including websites,
reviews and comments so that fraudulent

61
00:04:18,684 --> 00:04:20,634
information becomes part of the data.

62
00:04:20,664 --> 00:04:26,634
AI tools treat as trustworthy in
campaigns tracked by Aurascape poison

63
00:04:26,634 --> 00:04:30,954
content was found influencing answers
from tools including Google's AI

64
00:04:30,954 --> 00:04:33,804
overview and Perplexity Comet browser.

65
00:04:34,344 --> 00:04:39,264
In those cases, the systems return scam,
airline, customer support, phone numbers,

66
00:04:39,504 --> 00:04:41,304
presenting them as official contacts.

67
00:04:42,854 --> 00:04:46,814
The researchers say attackers are
abusing both compromised high authority

68
00:04:46,814 --> 00:04:51,554
websites, including government and
university domains and public platforms

69
00:04:51,554 --> 00:04:56,474
that allow user generated content that
includes sites like YouTube and Yelp,

70
00:04:56,714 --> 00:05:01,844
where scammers can post optimized text,
fake reviews, or bot generated comments.

71
00:05:02,714 --> 00:05:05,804
Their goal is to ensure that
this content is structured in a

72
00:05:05,804 --> 00:05:10,119
way that it makes it easy for AI
systems to scrape, index and reuse.

73
00:05:11,564 --> 00:05:14,774
The approach builds on what industry
traditionally calls search engine

74
00:05:14,774 --> 00:05:19,484
optimization, but applies it to
generative and answer based AI systems.

75
00:05:19,994 --> 00:05:24,704
Researchers describe this as generative
engine optimization or answer engine

76
00:05:24,704 --> 00:05:29,594
optimization techniques now being
repurposed to promote phishing and fraud.

77
00:05:31,679 --> 00:05:35,669
Once the poison content is in place,
AI assistance merge information

78
00:05:35,669 --> 00:05:39,659
from multiple sources and present
it as a single authoritative answer,

79
00:05:39,869 --> 00:05:42,869
even when the underlying data
includes fraudulent phone numbers.

80
00:05:44,749 --> 00:05:48,029
Aurascape documented
multiple real world examples.

81
00:05:48,719 --> 00:05:53,099
In one case, when perplexity was asked
for the official Emiratis Airlines

82
00:05:53,099 --> 00:05:57,749
reservations number, it returned a fully
fabricated scam call center number.

83
00:05:58,259 --> 00:06:01,829
Similar results were observed when
querying for British Airways support.

84
00:06:02,939 --> 00:06:07,049
Google's AI overview was also found
returning multiple fraudulent phone

85
00:06:07,049 --> 00:06:10,829
numbers when asked for airline contact
information, presenting them as

86
00:06:10,829 --> 00:06:12,779
legitimate customer service lines.

87
00:06:13,664 --> 00:06:17,564
Researchers warn this is not limited
to a single AI model or vendor.

88
00:06:17,924 --> 00:06:21,374
they describe what they call
a cross platform contamination

89
00:06:21,374 --> 00:06:25,814
effect, where polluted sources
spread across multiple AI systems.

90
00:06:26,924 --> 00:06:30,764
Because AI models blend legitimate
and fraudulent content, the resulting

91
00:06:30,764 --> 00:06:34,214
answers can appear credible,
making scams much harder to detect.

92
00:06:35,754 --> 00:06:40,619
Aurascape says users should treat AI
generated contact information with caution

93
00:06:40,679 --> 00:06:44,879
and independently verify phone numbers,
especially when dealing with customer

94
00:06:44,879 --> 00:06:47,549
service, travel, or financial requests.

95
00:06:48,329 --> 00:06:51,359
They also recommend avoiding the
sharing of sensitive information with

96
00:06:51,359 --> 00:06:55,469
AI assistance and being mindful that
these systems are still evolving and may

97
00:06:55,469 --> 00:06:58,169
surface unverified or manipulated data.

98
00:06:59,556 --> 00:07:02,826
Our next story comes from Bleeping
Computer, and it's a reminder that

99
00:07:02,826 --> 00:07:07,656
malware distribution through pirated
media is still very much alive, and in

100
00:07:07,656 --> 00:07:10,056
this case, increasingly sophisticated.

101
00:07:10,849 --> 00:07:15,379
Security researchers at Bitdefender have
uncovered a fake torrent for the movie,

102
00:07:15,589 --> 00:07:20,449
one battle after another that hides
malware inside what appear to be harmless.

103
00:07:20,479 --> 00:07:25,219
Subtitle files the Torrent claims
to contain one battle after another.

104
00:07:25,249 --> 00:07:30,029
A Paul Thomas Anderson film released
in late September starring Leonardo

105
00:07:30,079 --> 00:07:33,234
DiCaprio, Sean Penn and Benicio del Toro.

106
00:07:34,264 --> 00:07:38,344
According to Bitdefender, the Torrent
attracted thousands of Cs and Lees

107
00:07:39,094 --> 00:07:41,614
suggesting widespread distribution.

108
00:07:42,304 --> 00:07:45,904
What makes this case stand out,
researchers say, is the complexity

109
00:07:45,904 --> 00:07:47,854
and stealth of the infection chain.

110
00:07:48,454 --> 00:07:52,834
The torrent bundle includes a video
file, image files, a subtitle, files,

111
00:07:52,864 --> 00:07:55,864
and a windows shortcut designed
to look like a movie launcher.

112
00:07:56,404 --> 00:08:00,064
When that shortcut is executed,
it triggers a series of Windows

113
00:08:00,064 --> 00:08:04,294
commands that extract and run a
malicious PowerShell script hidden

114
00:08:04,354 --> 00:08:07,144
inside the subtitle file Bit.

115
00:08:07,144 --> 00:08:10,354
Defender says the script is
embedded between specific subtitle

116
00:08:10,354 --> 00:08:14,074
lines, making it unlikely to be
detected by casual inspection.

117
00:08:14,854 --> 00:08:19,384
Once executed, the PowerShell code
extracts multiple a ES encrypted

118
00:08:19,384 --> 00:08:24,484
payloads from the same subtitle, file
reconstructing additional scripts that

119
00:08:24,484 --> 00:08:28,504
are dropped into a directory disguised
as Microsoft's diagnostic data.

120
00:08:29,494 --> 00:08:33,994
Those scripts then act as a malware
dropper executing several stages.

121
00:08:34,939 --> 00:08:38,959
They create a hidden scheduled task
for persistence, extract additional

122
00:08:38,959 --> 00:08:43,249
payloads from image files bundled
within the torrent and rebuild further

123
00:08:43,249 --> 00:08:47,359
scripts in batch files in a Windows
Sound Diagnostics cash directory.

124
00:08:47,989 --> 00:08:52,129
The final stage checks for the presence
of Windows Defender installs the Go

125
00:08:52,129 --> 00:08:56,869
Promi programming language if needed,
and loads the agent Tesla remote

126
00:08:56,869 --> 00:08:58,999
access Trojan directly into memory.

127
00:09:00,289 --> 00:09:03,829
Agent Tesla is a well-known Windows
malware family that has been

128
00:09:03,829 --> 00:09:05,389
active for more than a decade.

129
00:09:05,749 --> 00:09:08,989
It's commonly used to steal
browser credentials, email and

130
00:09:08,989 --> 00:09:13,759
FTP logins, VPN, details and
screenshots from infected systems.

131
00:09:14,419 --> 00:09:18,793
While the malware itself is not new
Bitdefender notes, it remains popular due

132
00:09:18,793 --> 00:09:21,350
to its reliability and ease of deployment.

133
00:09:22,640 --> 00:09:26,540
Researchers also say they've observed
similar campaigns tied to other movie

134
00:09:26,540 --> 00:09:30,560
titles, sometimes using different
malware families, including credential

135
00:09:30,560 --> 00:09:35,360
Steelers like Luma Bit defender's
recommendation is straightforward.

136
00:09:35,840 --> 00:09:41,030
Torrent files from anonymous publishers
frequently contain malware and pirating.

137
00:09:41,030 --> 00:09:44,480
Newly released movies carries
a high risk of compromise.

138
00:09:44,930 --> 00:09:50,720
It's also just a reminder illegal with
streaming services, costs continuing

139
00:09:50,720 --> 00:09:55,520
to rise while overall quality continues
to decline across many platforms.

140
00:09:56,120 --> 00:10:00,500
The stage unfortunately, is set
for piracy to return and party

141
00:10:00,530 --> 00:10:02,330
like it's the early two thousands.

142
00:10:03,685 --> 00:10:07,225
According to a new study published
this week by researchers at Stanford

143
00:10:07,225 --> 00:10:12,265
University, an AI agent named Artemis
was able to hack Stanford's network

144
00:10:12,265 --> 00:10:17,605
over a 16 hour test period and
outperformed nearly all human penetration

145
00:10:17,605 --> 00:10:19,615
testers involved in the experiment.

146
00:10:20,405 --> 00:10:23,915
According to reporting from Business
Insider, Artemis was given access

147
00:10:23,915 --> 00:10:27,275
to Stanford's computer science
network, which includes roughly

148
00:10:27,305 --> 00:10:31,445
8,000 devices ranging from servers
and desktops to smart devices.

149
00:10:31,985 --> 00:10:36,605
The AI was allowed to operate for 16
hours over two work days, while 10

150
00:10:36,605 --> 00:10:40,745
professional human testers were asked
to contribute at least 10 hours of work.

151
00:10:41,510 --> 00:10:45,080
When researchers compared the results
from the first 10 hours, Artemis

152
00:10:45,080 --> 00:10:50,090
placed second overall outperforming
nine out of the 10 human participants.

153
00:10:51,140 --> 00:10:55,190
Within that time window, the AI
identified nine valid vulnerabilities

154
00:10:55,190 --> 00:10:59,060
with an 82% valid submission
rate according to the study.

155
00:11:00,160 --> 00:11:03,670
Some of the flaws had been
missed entirely by human testers.

156
00:11:04,270 --> 00:11:09,130
In one interesting case, Artemis uncovered
a vulnerability on an older server that

157
00:11:09,130 --> 00:11:13,510
human testers couldn't access because
their browsers refused to load it.

158
00:11:13,930 --> 00:11:18,610
The AI bypassed this issue by loading
a command line request instead.

159
00:11:19,765 --> 00:11:22,645
The researchers say Artemis
works differently than humans.

160
00:11:22,795 --> 00:11:26,275
When it detects something potentially
interesting, it automatically spins up

161
00:11:26,275 --> 00:11:28,405
additional sub-agents to investigate.

162
00:11:28,405 --> 00:11:34,495
In parallel, human testers by contrast,
must examine targets one at a time.

163
00:11:35,485 --> 00:11:38,035
Cost was another major
factor in the study.

164
00:11:38,515 --> 00:11:43,765
Running Artemis was estimated to cost
about $18 an hour while a more advanced

165
00:11:43,765 --> 00:11:46,705
reversion ran at about $59 an hour.

166
00:11:46,825 --> 00:11:52,195
Far less than the annual salary
of wa, about $125,000 for a

167
00:11:52,195 --> 00:11:53,995
professional penetration tester.

168
00:11:55,705 --> 00:11:58,135
The researchers do note limitations.

169
00:11:58,315 --> 00:12:02,755
Artemis struggled with tasks that required
navigating graphical interfaces and was

170
00:12:02,755 --> 00:12:07,645
more prone to false positives, sometimes
mistaking routine network activity.

171
00:12:07,675 --> 00:12:12,925
For successful intrusions, the findings
arrive am in broader concerns about AI

172
00:12:12,925 --> 00:12:14,725
lowering the barrier to cyber crime.

173
00:12:15,235 --> 00:12:19,375
Recent reports have linked AI tools to
phishing campaigns, fake identities,

174
00:12:19,435 --> 00:12:21,535
and state linked hacking activity.

175
00:12:22,305 --> 00:12:25,455
Stanford researchers say their
work highlights both the defensive

176
00:12:25,455 --> 00:12:29,775
potential and the growing risks
of AI-driven cyber capabilities.

177
00:12:31,125 --> 00:12:34,545
From my perspective, it's interesting
to see this happen in a university

178
00:12:34,545 --> 00:12:39,555
network, which frankly is going to have
a lot of issues to find and exploit.

179
00:12:40,095 --> 00:12:43,605
I'd love to see a repeat of this
experiment in a well defended

180
00:12:43,605 --> 00:12:45,285
environment such as a bank.

181
00:12:46,255 --> 00:12:50,395
. The real danger here isn't about AI
operating autonomously on its own.

182
00:12:51,115 --> 00:12:54,565
It's as we've seen from recent
successful nations state attacks.

183
00:12:54,805 --> 00:13:00,025
It's how humans and AI can
scale together to achieve more.

184
00:13:00,925 --> 00:13:05,515
As all of these stories show the attack
surface, it's not shrinking anytime soon.

185
00:13:05,830 --> 00:13:10,840
It's evolving, growing fast, and
it comes just as IT and security

186
00:13:10,840 --> 00:13:15,520
teams face shrinking budgets,
layoffs, and rising expectations.

187
00:13:16,540 --> 00:13:21,310
All of this points to a challenging
2026 ahead for defenders and likely

188
00:13:21,370 --> 00:13:23,770
another good year for attackers.

189
00:13:25,030 --> 00:13:26,710
We're always interested in your feedback.

190
00:13:26,860 --> 00:13:31,810
You can contact us@technewsday.com or
leave a comment under the YouTube video.

191
00:13:32,440 --> 00:13:33,615
Please help us spread the word.

192
00:13:34,270 --> 00:13:39,610
Like subscribe, leave a review and if
you enjoy the show, please tell others.

193
00:13:40,120 --> 00:13:42,850
We'd love to grow our audience
and we need your help.

194
00:13:43,510 --> 00:13:45,520
I've been your host, David Shipley.

195
00:13:45,790 --> 00:13:47,890
Jim Love will be back on Wednesday.

196
00:13:47,890 --> 00:13:47,950
Hi.

197
00:13:49,787 --> 00:13:53,057
We'd like to thank Meter for their
support in bringing you this podcast

198
00:13:53,327 --> 00:13:58,277
Meter delivers full stack networking
infrastructure, wired, wireless, and

199
00:13:58,277 --> 00:14:03,737
cellular to leading enterprises working
with their partners Meter designs.

200
00:14:03,977 --> 00:14:08,507
Deploys and manages everything
required to get performant,

201
00:14:08,717 --> 00:14:11,387
reliable, and secure connectivity.

202
00:14:11,897 --> 00:14:15,467
They design the hardware, the
firmware, build the software,

203
00:14:15,617 --> 00:14:18,137
manage deployments, and run support.

204
00:14:18,467 --> 00:14:22,667
It's a single integrated solution
that scales from branch offices.

205
00:14:22,962 --> 00:14:31,272
To warehouses and large campuses to
data centers, book a demo at me.com/cst.

206
00:14:31,602 --> 00:14:35,922
That's METE r.com/cst.