WebEx SSO Vulnerability, booking.com Reservation Hijacking Risks, Windows Recall Scrutiny, and AI Vishing-as-a-Service

Host Jim Love reports that Cisco disclosed a critical WebEx vulnerability (CVE-2026-2184) affecting SSO integration with Control Hub; although server-side fixes are applied and no exploitation is seen, SSO customers must update SAML certificate configuration to avoid disruption when the old certificate expires, amid recent Cisco firewall zero-day exploitation (CVE-2026-2131) tied to interlock ransomware. A booking.com breach exposed some customers' reservation data (names, contact and address details, reservation details, and messages) but not payment cards, increasing phishing "reservation hijacking" risk using real itinerary details. Researchers also highlight new concerns with Microsoft's Windows 11 Recall, where data may be intercepted after login via another process, though Microsoft says protections are intended. Finally, an underground $4,000 platform, ATHR, automates phishing/vishing with AI voice agents to steal verification codes and accounts across major services.

Cybersecurity Today would like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking stack, wired, wireless and cellular in one integrated solution that's built for performance and scale. You can find them at Meter.com/cst

00:00 Top Security Headlines 00:32 Sponsor Message 00:50 WebEx Critical Flaw 02:36 Booking.com Breach Scams 05:20 Windows Recall Weaknesses 08:36 AI Voice Phishing Service 11:24 Wrap Up and Thanks