
Loading summary
A
Cybersecurity Today is brought to you by nordlayer. Teams today work across multiple tools and devices, but security often remains fragmented, and this is exactly what Nord Layer can help you address. Nord Layer gives your company centralized control over access by individuals and teams and keeps connection secure from anywhere with no additional hardware required. Visit Nordlayer.com cybersecurity today and use the discount code NLSUMMER26 for a special discount on your purchase.
B
Two more scattered spider members are heading to prison Russia, likely behind the Jaguar Land Rover attack, an AI whose only job is to break other AIs, a new Mac info stealer kills your apps until you hand over your password, and Iran link groups are putting ChatGPT to work on malware and reconnaissance. This is Cybersecurity Today, and I'm your host David Shipley. Let's get started. Two of the leading figures in the Scattered Spider cybercrime group are headed to prison over the 2024 hack of Transport for London. Thaila Jubar, now 20, and Owen Flowers, 18, were each sentenced today to five years and six months. Both pled guilty last month under the UK's Computer Misuse Act. The cyber attack hit in August 2024 and disrupted an agency that moves more than 8.4 million people a day dial. A ride went down. So did concessionary travel cards, digital payments, refunds and the contactless ticketing rollout. In all, 148 systems were knocked offline, and every one of TfL's 27,000 employees had to reset their passwords in person. TFL put its direct losses and recovery costs at a staggering 29 million British pounds, but officials estimated the UK economy could have suffered billions in losses had the attackers managed to shut the network down entirely. Customer data was also stolen names, addresses and contact details. Flowers and Jubar were arrested at their homes in September 2024 by the city of London police and the National Crime Agency, or nca. Investigators say Flowers was also mid intrusion into two US Healthcare firms, Sutter Health and SSM Healthcare Corporation, when officers seized his devices, which also held evidence of the TFL break in the NCAA's Paul Foster called Scattered Spider the most significant cybercrime threat to the UK in recent years and credited TfL's early cooperation with law enforcement for making the convictions possible. There's still a US chapter open on this story. The US Department of Justice charged Dubar in September 2025 with conspiracy to commit computer fraud, money laundering and wire fraud tied to at least 120 network breaches between May 2022 and September 2025, U.S. prosecutors allege he and his accomplices extorted more than $115 million from victims worldwide. None of the U.S. allegations have been proven in court. We finally have a lead on who crippled Jaguar Land Rover in a massive cyberattack last year. According to the New York Times, citing people close to the investigation, the hackers behind the breach were Russian. What's still unclear is who they were working for. Were they a straight criminal crew, or were they acting on orders from Putin's government or something potentially in the murky middle criminals operating within the state's tacit approval? The scale here sets this attack apart. The attack halted production for months at one of the UK's biggest employers. The British government had to step in with a 1.5 billion pounds bailout, and estimates put the total damage to the UK economy at $2.5 billion. The Times reports Microsoft had been tracking the Russian group and tipped off JLR to the attackers identities. The FBI, Britain's NCA and the National Cybersecurity center in the uk, along with Google's Mandate Unit and Palo Alto Networks all work together on the investigation. OpenAI has built an AI whose entire job is to break other AIs. It's called GPT Red and it was unveiled this week as an automated red teamer and it's aimed at prompt injection vulnerabilities in agentix systems. Human red teamers are creative, but they're slow finding flaws one at a time. GPT Red is built to be relentless, brute forcing thousands of exploit variations in seconds. It's trained through self play and attacker model keeps trying to compromise a target while defenders learn to hold the line. OpenAI turned it loose on live systems, not just benchmarks. Against an AI powered vending machine from Andon Labs, GPT Red talked the agent into cutting the price of anything over $100 down to 50 cents, bought one at the discount and canceled another customer's order. The attack corpus went back into training GPT 5.6, which OpenAI says now fails six times less often on one of its hardest prompt injection benchmarks. But why build an endless attacker anyway? Because the math says they have to. In IEEE Security and Privacy, NIST senior scientist Apostle Vasilev published a proof that no finite set of AI guardrails can ever be universally robust against adversarial prompts. He builds it on work by Kurt Godel, a famous mathematician and whose 1931 incompleteness theorems showed you can make a complete, consistent system from a finite set of rules guardrails are exactly that kind of system, so there will always be some kind of prompt variation that can defeat them. It's just a matter of finding it. Vasilyv's answer is constant red teaming, continuous hardening and resilience for when something gets through. ChatGPT Red is aimed at helping this complex problem. There's a new macOS info stealer that has an answer for when a victim refuses to give up the goods. It's called Click Lock, and it's documented by Group ib. When you cancel its password prompt, it starts killing your apps on a loop until you cave. It arrives through Click Fix, the social engineering lure that tricks a victim into pasting a command into their own macOS terminal, usually behind a fake verification page or a broken browser warning. Click Lock's opener is a bogus cloudflare captcha. When the fake password dialog gets canceled, the script installs two launch agents and exits. Nothing seems wrong. Then at the next login finder, the Dock Spotlight terminal and your browsers start dying every 210 milliseconds and for up to 83 hours, leaving one password box on a dead desktop. Type it and the machine hands over the keychain, browser credentials and crypto wallets. This is forced interaction malware built to try and compel the person who says no. And there's a bit of a sting when you try and clean up. Sit through the loop, type the password, watch the desktop return, and you're left with a machine that looks fine but also has a reverse shell on it. Apple tried to shut the door for this vulnerability. Mac OS 26.4 shipped with a terminal paste warning in late March to deal with Click Fix, but that only fires for people who rarely use Terminal, and it ships with a paste anyway. Button Click Lock launched in May, and it was built for the paste. GroupIB's advice? If a Mac starts killing its own apps, don't type the password. No website based verification process needs you to do something in your terminal. Hold your power button on your Mac down until it shuts down, then boot it into safe mode. Iran Linked threat groups are using AI to sharpen their cyber and information warfare, and a report out this week from Recorded Future lays out exactly how the tools in play are the ones everyone uses. ChatGPT and other large language models put to work on malware development, phishing and reconnaissance against industrial targets. AI hasn't turned Iran into a different kind of cyberpower, senior advisor Alexander Leslie said, but it has compressed the distance between intent and action. Iran link groups have used LLMs to map out industrial control systems, research exploitation techniques and sustain phishing conversations in languages the human operators don't speak fluently. The group tracked as muddy water, used AI in a January campaign to build four malware variants and delivered through malicious office documents aimed at targets across the Middle east and North Africa. A group called Abibel of Minab used ChatGPT in an April attack on Vinx, a US firm that provides GPS tracking, refining the script used to enumerate and drop databases. The same group has claimed credit for an attack on the Los Angeles transit system. And back in 2024, OpenAI disclosed Cyber Avengers using ChatGPT for reconnaissance on on PLC controllers, then shut down a bunch of state sponsored accounts. With the shooting war between the United States and Iran heating up as the ceasefire deal falls apart, we'll have to see what comes next on the cyber front. So far, Iran's attacks haven't had a catastrophic impact on a massive number of people. The hit on medical device maker Stryker did cause significant delays for surgeries and and had severe impacts for individuals, but didn't cause mass harm. And that's Cybersecurity today for Friday, July 17th. Thanks for listening. I'll be back on Saturday with a feature interview with Lionel Liddy, CISO at Menlo Security, and we'll be talking about AI, cybersecurity and the evolving role of the web browser. Feel free to drop us a line by visiting technewsday.com or or CA and you can leave a comment under the YouTube video. I'll be back on the news desk on Monday with the latest headlines. Have a great and safe weekend.
A
Once again, we'd like to thank NORD Layer for their support in sponsoring this show. Teams today work across multiple tools and devices, but security often remains fragmented. This is exactly what Nord Layer can help you address. It provides a network security platform with easy to manage network access, monitoring and control, and without additional hardware or complex infrastructure. Nordlayer helps businesses of all sizes manage and secure access to company resources going beyond what traditional VPNs can offer. And it provides encrypted connectivity with visibility across your entire network environment. And did we mention no new hardware required? Visit nordlayer.com cybersecurity today and use the code NL Summer 26 for a special discount during their summer sale.
Episode Title: Scattered Spiders sentenced, OpenAI builds an AI that breaks AIs, and Iran leans on ChatGPT
Host: David Shipley
Date: July 17, 2026
Theme: Latest cybersecurity threats to businesses, high-profile breaches, how AI is shaping security threats and defenses, and practical advice for protecting organizations.
In this episode, host David Shipley delivers critical updates on major cybercrime stories: the sentencing of two “Scattered Spider” group members, attribution of the Jaguar Land Rover attack to Russian actors, OpenAI’s unveiling of a relentless “AI red teamer” GPT Red, a new forced-interaction Mac info-stealer, and revelations about Iranian threat actors leveraging large language models like ChatGPT. The episode analyzes sophisticated adversary techniques, the evolving intersection of AI/ML and hacking, and provides actionable security advice for enterprises and users.
[00:37 – 03:38]
“TfL’s early cooperation with law enforcement made the convictions possible.”
— David Shipley ([03:28])
"Flowers was also mid intrusion into two US Healthcare firms when officers seized his devices..."
— David Shipley ([02:52])
[03:39 – 04:57]
“Were they a straight criminal crew, or were they acting on orders from Putin’s government, or something potentially in the murky middle?”
— David Shipley ([04:32])
[04:58 – 07:01]
“There will always be some kind of prompt variation that can defeat them. It’s just a matter of finding it.”
— David Shipley ([06:38])
“GPT Red talked the agent into cutting the price of anything over $100 down to 50 cents, bought one at the discount, and canceled another customer’s order.”
— David Shipley ([05:44])
[07:02 – 08:43]
“If a Mac starts killing its own apps, don’t type the password... Hold your power button down until it shuts down, then boot it into safe mode.” ([08:32])
“This is forced interaction malware built to try and compel the person who says no.”
— David Shipley ([08:13])
[08:44 – 10:29]
“AI hasn’t turned Iran into a different kind of cyberpower... but it has compressed the distance between intent and action.”
— Alexander Leslie, Recorded Future ([09:23])
For more details or to comment on the episode, listeners are directed to technewsday.com. Next episode: Interview with Lionel Liddy, CISO at Menlo Security, will discuss AI, cybersecurity, and the evolving role of the web browser.