Cybersecurity Today: The Month in Review – Key Stories and Insights

Podcast: Cybersecurity Today
Host: Jim Love
Guests: Tammy Harper (Flair), Laura Payne (White Toque), David Shipley (Beauceron Security)
Date: January 10, 2026

Episode Overview

This episode delivers a fast-paced “month in review” of major cybersecurity incidents and trends from the chaotic holiday period, focusing on data breaches, evolving disclosure practices, AI’s impact on vulnerability management, attacks in the gaming sector, the normalization of cyber offense by state actors, internal threats, and the ethical complexities of hacktivism. The panel provides analysis from both technical and ethical standpoints, punctuated with signature humor and candid professional insight.

Key Discussion Points & Insights

1. MongoDB “MongoBleed” Vulnerability and the Responsible Disclosure Dilemma

Timestamps: 02:40–16:18

Background:
- “MongoBleed” is a severe vulnerability (CVSS 8.7) affecting nearly a decade of MongoDB instances. (02:40)
- Disclosed Dec 15, but on Dec 25 a security researcher released Proof of Concept (POC) code, leading to rampant exploits at the worst time for IT and security teams.
- The exploit allows leakage of secrets, credentials, and API keys, with near-Remote Code Execution (RCE) potential.
Discussion:
- The disclosure timing reignited debate over responsible disclosure, especially as AI is accelerating both discovery and exploitation (03:30–05:15).
- David Shipley: “There were a lot of big feelings between IT teams and security researchers over this move... we have a growing fracture in the relationship between the people responsible for cleaning up things and the people responsible for finding things.” (03:52)
- Tammy Harper: “We have to really start thinking about how are we going to do guidelines for AI, especially once AI is able to be... doing its own thing. It’s going to be really interesting to see that.” (05:15)
- Laura Payne underscores that tools are not yet ready to fully automate human engagement: “Just because the tools find things faster doesn’t mean that we should disregard the ways we’ve tried to create human engagement... we need to allow people to work at people speed, even if we have AI tools running at AI speed.” (06:34)
- The panel raises the question: should there be an informal “truce” on releasing POCs during major holidays? (03:52–08:26)
- Shipley, playing devil’s advocate, questions whether the researcher acted out of necessity or insensitivity: “If the point is that... bad actors are already doing this... it just seemed like it was just like, ha, here’s my code. And that seemed irresponsible to me.” (09:02)
Practical Takeaways:
- Correct architecture buys precious time, so exposed databases represent a failure of basic defense in depth.
  - “If you let your MongoDB sit out there on the Internet exposed, I don’t have words. Like, don’t do that.” – Laura Payne (12:10)
- The pace between POC release and usable exploits is at “machine speed,” while enterprise patch practices still lag due to operational and testing complexities (11:19).

2. The Rainbow Six Siege Hack and the Vulnerabilities of Gaming Platforms

Timestamps: 16:18–24:52

Incident:
- Shortly after MongoBleed’s POC was released, Ubisoft’s Rainbow Six Siege experienced massive in-game currency fraud/hacks, possibly linked to MongoDB vulnerabilities.
- The attack crashed the game’s internal economy, resulting in upwards of $13.3 million in lost virtual currency value, mass account disruptions, repeated retake of infrastructure by attackers, and significant downtime.
- Ubisoft was targeted repeatedly: flood of in-game credits, player bans, and continued persistent intrusions reflected attacker control.
Deeper Risk:
- “If you’re gaming on the same machine you’re working on... I’m getting a little nervous... If anything sensitive [is] on a home PC where your kids are doing gaming on it, you gotta treat that computer like a community pool. It’s not hygienic.” – David Shipley (20:13)
Research Insight:
- Tammy Harper highlights research connecting infostealer infections to cracked games:
  - “A significant part of stealer or infostealer compromises came from cracked video games... people want to play games, so they’re going on BitTorrent or these... forums... even trying to get like cracks that will give them in-game currency.” (21:02)
  - Complexity of game code, modding, and piracy make video games an ideal vector for malware, with DRM-protected games being routinely cracked and distributed via private and then public channels (23:00–24:52).
  - The video game ecosystem has also become a potentially attractive place for laundering money (21:42).

3. Cyber, Propaganda & Infrastructure: The Venezuela Incident

Timestamps: 24:52–34:34

Case Study:
- The US openly acknowledged using cyber operations as part of a real-world military/law enforcement operation in Venezuela to disrupt power in Caracas.
- This came alongside waves of disinformation and deepfakes (e.g., faked celebratory regime change videos) tied to the event’s coverage.
Panel Analysis:
- “Normalizing the use of cyber on targeting civilian critical infrastructure, and that's a signal...” – David Shipley (26:59)
- Laura Payne: “...cyber action used in a military context [is hard to separate] from the narrative that is created around the action... whether this is legal or not, whether it is for the greater good or not... what the actions actually were.” (32:05)
- The episode underscores the newer reality: cyberwarfare is an explicit, normalized part of statecraft, not just the shadowy domain of espionage and pre-war preparation (30:46–33:08).
Societal Risk:
- “Our infrastructure is exposed. The security on it is next to terrible... our infrastructure supports our health, it supports our society and we've sort of whistling in the wind...” – Jim Love (33:08)
- Discussion on the future role of private defense contractors and the risks of “cyber privateers” with advanced offensive tools entering the fray (34:34–36:11).

4. Internal Threats: When Defenders are the Attackers

Timestamps: 36:11–43:16

Incident:
- Two US-based cybersecurity professionals, both with legitimate industry credentials (one in incident response, one in ransomware negotiations), pled guilty for serving as insiders for the Alpha V/Black Cat ransomware group, stealing/extorting over $1.2 million in Bitcoin. (36:27)
- Neither the public nor even their employers understood that they were acting as threat actors, raising risks of “own incident response” being compromised.
Panel Reflection:
- “Corruption... can be tempting to say, hey, I know how to pull this off... What’s stopping me? It’s just ethics and morals stopping me from making bank.” – Tammy Harper (37:51)
- Laura Payne: “In this case... it was personal debt. If you can't see the bottom of the bucket... you get creative. And that’s really unfortunate.” (40:43)
- Laura’s warnings last year on how mass layoffs and unemployment could create insider risk are cited as prescient.
Security Lesson:
- Internal threats—including those arising from personal financial distress or external coercion—must be incorporated into any mature cybersecurity program, going beyond technical solutions to account for human and social factors (42:22).

5. Hacktivism and the Ethics of Digital Direct Action

Timestamps: 43:16–49:01

Incident:
- “Martha Root,” a hacktivist in a pink Power Ranger suit, wiped out three white supremacist websites live on stage during Chaos Communication Congress—then responsibly disclosed evidence to DDoSecrets (without doxing individuals).
Panel Deliberation:
- “Where do we draw the line?... if this is a white supremacist site, it’s offensive to me. But what if it’s kiddie porn? Where do you know is there a place for hacktivism? And that’s the question we’re gonna have to answer this year.” – Jim Love (44:47)
- Laura Payne: “It’s not so much a line as it’s a process of permission... just because we like the outcome, does that mean that’s okay?” (45:13)
- Tammy Harper: “There’s always these concepts of, like, how you do it is also just as important as why you do it.” (47:39)
Broader Takeaway:
- The episode encourages an ongoing dialogue about the place of vigilante justice, ethical hacking, and their relationship to legal structures and social values—especially as private and public motivations intertwine.

Memorable Quotes

“[With the proof-of-concept code drop] it raised some really interesting questions in my mind about responsible disclosure... I got a much clearer sense for a growing fracture in the relationship between the people responsible for cleaning up things and the people responsible for finding things.” – David Shipley (04:15)
“We need to allow people to work at people speed, even if we have AI tools running at AI speed.” – Laura Payne (07:50)
“Correct architecture is always that these databases should be protected... let your MongoDB sit out there on the Internet exposed? I don’t have words. Like, don't do that.” – Laura Payne (12:10)
“It’s terrifying. I don't know. It's the thing that we don't want to admit in our industry because we interact so closely with individuals that are on the bad side. But corruption... can be tempting.” – Tammy Harper (37:51)
“If you’re gaming on the same machine you’re working on, I’m getting a little nervous... treat that computer like a community pool. It’s not hygienic.” – David Shipley (20:13)
“It’s not just what we do—it’s how we do it and how important that is.” – Jim Love (49:01)

Notable Segment Timestamps

MongoDB/MongoBleed Debate: 02:40–16:18
Rainbow Six Siege Hack & Gaming Risks: 16:18–24:52
Venezuela Cyberattack & State Actor Normalization: 24:52–34:34
Insider Threats: Defenders Gone Bad: 36:11–43:16
Hacktivism Ethics & Martha Root: 43:16–49:01

Final Reflections

This episode laid out a multilayered map of the current cybersecurity landscape: automation and AI are accelerating threat and defense timelines, the threat surface is expanding into hybrid entertainment and home environments, state-sanctioned cyber operations are moving into the open, and the human elements—both in terms of motivation and ethics—are increasingly critical in response strategies.

As Jim Love closes, “We’re not just in a technical world anymore. We’re actually having to deal with not what we do only, but how we do it and how important that is.”

Panelists:

Tammy Harper, Flair
Laura Payne, White Toque
David Shipley, Beauceron Security
Host: Jim Love

Contact info and further resources are shared at the episode's end.

Cybersecurity Today: The Month in Review – Key Stories and Insights

Podcast: Cybersecurity Today
Host: Jim Love
Guests: Tammy Harper (Flair), Laura Payne (White Toque), David Shipley (Beauceron Security)
Date: January 10, 2026

Episode Overview

Key Discussion Points & Insights

1. MongoDB “MongoBleed” Vulnerability and the Responsible Disclosure Dilemma

Timestamps: 02:40–16:18

Background:
- “MongoBleed” is a severe vulnerability (CVSS 8.7) affecting nearly a decade of MongoDB instances. (02:40)
- Disclosed Dec 15, but on Dec 25 a security researcher released Proof of Concept (POC) code, leading to rampant exploits at the worst time for IT and security teams.
- The exploit allows leakage of secrets, credentials, and API keys, with near-Remote Code Execution (RCE) potential.
Discussion:
- The disclosure timing reignited debate over responsible disclosure, especially as AI is accelerating both discovery and exploitation (03:30–05:15).
- David Shipley: “There were a lot of big feelings between IT teams and security researchers over this move... we have a growing fracture in the relationship between the people responsible for cleaning up things and the people responsible for finding things.” (03:52)
- Tammy Harper: “We have to really start thinking about how are we going to do guidelines for AI, especially once AI is able to be... doing its own thing. It’s going to be really interesting to see that.” (05:15)
- Laura Payne underscores that tools are not yet ready to fully automate human engagement: “Just because the tools find things faster doesn’t mean that we should disregard the ways we’ve tried to create human engagement... we need to allow people to work at people speed, even if we have AI tools running at AI speed.” (06:34)
- The panel raises the question: should there be an informal “truce” on releasing POCs during major holidays? (03:52–08:26)
- Shipley, playing devil’s advocate, questions whether the researcher acted out of necessity or insensitivity: “If the point is that... bad actors are already doing this... it just seemed like it was just like, ha, here’s my code. And that seemed irresponsible to me.” (09:02)
Practical Takeaways:
- Correct architecture buys precious time, so exposed databases represent a failure of basic defense in depth.
  - “If you let your MongoDB sit out there on the Internet exposed, I don’t have words. Like, don’t do that.” – Laura Payne (12:10)
- The pace between POC release and usable exploits is at “machine speed,” while enterprise patch practices still lag due to operational and testing complexities (11:19).

2. The Rainbow Six Siege Hack and the Vulnerabilities of Gaming Platforms

Timestamps: 16:18–24:52

Incident:
- Shortly after MongoBleed’s POC was released, Ubisoft’s Rainbow Six Siege experienced massive in-game currency fraud/hacks, possibly linked to MongoDB vulnerabilities.
- The attack crashed the game’s internal economy, resulting in upwards of $13.3 million in lost virtual currency value, mass account disruptions, repeated retake of infrastructure by attackers, and significant downtime.
- Ubisoft was targeted repeatedly: flood of in-game credits, player bans, and continued persistent intrusions reflected attacker control.
Deeper Risk:
- “If you’re gaming on the same machine you’re working on... I’m getting a little nervous... If anything sensitive [is] on a home PC where your kids are doing gaming on it, you gotta treat that computer like a community pool. It’s not hygienic.” – David Shipley (20:13)
Research Insight:
- Tammy Harper highlights research connecting infostealer infections to cracked games:
  - “A significant part of stealer or infostealer compromises came from cracked video games... people want to play games, so they’re going on BitTorrent or these... forums... even trying to get like cracks that will give them in-game currency.” (21:02)
  - Complexity of game code, modding, and piracy make video games an ideal vector for malware, with DRM-protected games being routinely cracked and distributed via private and then public channels (23:00–24:52).
  - The video game ecosystem has also become a potentially attractive place for laundering money (21:42).

3. Cyber, Propaganda & Infrastructure: The Venezuela Incident

Timestamps: 24:52–34:34

Case Study:
- The US openly acknowledged using cyber operations as part of a real-world military/law enforcement operation in Venezuela to disrupt power in Caracas.
- This came alongside waves of disinformation and deepfakes (e.g., faked celebratory regime change videos) tied to the event’s coverage.
Panel Analysis:
- “Normalizing the use of cyber on targeting civilian critical infrastructure, and that's a signal...” – David Shipley (26:59)
- Laura Payne: “...cyber action used in a military context [is hard to separate] from the narrative that is created around the action... whether this is legal or not, whether it is for the greater good or not... what the actions actually were.” (32:05)
- The episode underscores the newer reality: cyberwarfare is an explicit, normalized part of statecraft, not just the shadowy domain of espionage and pre-war preparation (30:46–33:08).
Societal Risk:
- “Our infrastructure is exposed. The security on it is next to terrible... our infrastructure supports our health, it supports our society and we've sort of whistling in the wind...” – Jim Love (33:08)
- Discussion on the future role of private defense contractors and the risks of “cyber privateers” with advanced offensive tools entering the fray (34:34–36:11).

4. Internal Threats: When Defenders are the Attackers

Timestamps: 36:11–43:16

Incident:
- Two US-based cybersecurity professionals, both with legitimate industry credentials (one in incident response, one in ransomware negotiations), pled guilty for serving as insiders for the Alpha V/Black Cat ransomware group, stealing/extorting over $1.2 million in Bitcoin. (36:27)
- Neither the public nor even their employers understood that they were acting as threat actors, raising risks of “own incident response” being compromised.
Panel Reflection:
- “Corruption... can be tempting to say, hey, I know how to pull this off... What’s stopping me? It’s just ethics and morals stopping me from making bank.” – Tammy Harper (37:51)
- Laura Payne: “In this case... it was personal debt. If you can't see the bottom of the bucket... you get creative. And that’s really unfortunate.” (40:43)
- Laura’s warnings last year on how mass layoffs and unemployment could create insider risk are cited as prescient.
Security Lesson:
- Internal threats—including those arising from personal financial distress or external coercion—must be incorporated into any mature cybersecurity program, going beyond technical solutions to account for human and social factors (42:22).

5. Hacktivism and the Ethics of Digital Direct Action

Timestamps: 43:16–49:01

Incident:
- “Martha Root,” a hacktivist in a pink Power Ranger suit, wiped out three white supremacist websites live on stage during Chaos Communication Congress—then responsibly disclosed evidence to DDoSecrets (without doxing individuals).
Panel Deliberation:
- “Where do we draw the line?... if this is a white supremacist site, it’s offensive to me. But what if it’s kiddie porn? Where do you know is there a place for hacktivism? And that’s the question we’re gonna have to answer this year.” – Jim Love (44:47)
- Laura Payne: “It’s not so much a line as it’s a process of permission... just because we like the outcome, does that mean that’s okay?” (45:13)
- Tammy Harper: “There’s always these concepts of, like, how you do it is also just as important as why you do it.” (47:39)
Broader Takeaway:
- The episode encourages an ongoing dialogue about the place of vigilante justice, ethical hacking, and their relationship to legal structures and social values—especially as private and public motivations intertwine.

Memorable Quotes

“[With the proof-of-concept code drop] it raised some really interesting questions in my mind about responsible disclosure... I got a much clearer sense for a growing fracture in the relationship between the people responsible for cleaning up things and the people responsible for finding things.” – David Shipley (04:15)
“We need to allow people to work at people speed, even if we have AI tools running at AI speed.” – Laura Payne (07:50)
“Correct architecture is always that these databases should be protected... let your MongoDB sit out there on the Internet exposed? I don’t have words. Like, don't do that.” – Laura Payne (12:10)
“It’s terrifying. I don't know. It's the thing that we don't want to admit in our industry because we interact so closely with individuals that are on the bad side. But corruption... can be tempting.” – Tammy Harper (37:51)
“If you’re gaming on the same machine you’re working on, I’m getting a little nervous... treat that computer like a community pool. It’s not hygienic.” – David Shipley (20:13)
“It’s not just what we do—it’s how we do it and how important that is.” – Jim Love (49:01)

Notable Segment Timestamps

MongoDB/MongoBleed Debate: 02:40–16:18
Rainbow Six Siege Hack & Gaming Risks: 16:18–24:52
Venezuela Cyberattack & State Actor Normalization: 24:52–34:34
Insider Threats: Defenders Gone Bad: 36:11–43:16
Hacktivism Ethics & Martha Root: 43:16–49:01

Final Reflections

As Jim Love closes, “We’re not just in a technical world anymore. We’re actually having to deal with not what we do only, but how we do it and how important that is.”

Panelists:

Tammy Harper, Flair
Laura Payne, White Toque
David Shipley, Beauceron Security
Host: Jim Love

Contact info and further resources are shared at the episode's end.

wavePod

Cybersecurity Today: The Month in Review - Key Stories and Insights

Powered by Wave AI

Summary

Cybersecurity Today: The Month in Review – Key Stories and Insights

Episode Overview

Key Discussion Points & Insights

1. MongoDB “MongoBleed” Vulnerability and the Responsible Disclosure Dilemma

2. The Rainbow Six Siege Hack and the Vulnerabilities of Gaming Platforms

3. Cyber, Propaganda & Infrastructure: The Venezuela Incident

4. Internal Threats: When Defenders are the Attackers

5. Hacktivism and the Ethics of Digital Direct Action

Memorable Quotes

Notable Segment Timestamps

Final Reflections

Summary

Cybersecurity Today: The Month in Review – Key Stories and Insights

Episode Overview

Key Discussion Points & Insights

1. MongoDB “MongoBleed” Vulnerability and the Responsible Disclosure Dilemma

2. The Rainbow Six Siege Hack and the Vulnerabilities of Gaming Platforms

3. Cyber, Propaganda & Infrastructure: The Venezuela Incident

4. Internal Threats: When Defenders are the Attackers

5. Hacktivism and the Ethics of Digital Direct Action

Memorable Quotes

Notable Segment Timestamps

Final Reflections