DiscoverCybersecurity TodayCybersecurity Incidents: Eddie Steeler Malware, ConnectWise Breach, and Nova Scotia Power Data Theft
Cybersecurity Incidents: Eddie Steeler Malware, ConnectWise Breach, and Nova Scotia Power Data Theft

Cybersecurity Incidents: Eddie Steeler Malware, ConnectWise Breach, and Nova Scotia Power Data Theft

Update: 2025-06-02
Share

Digest

This podcast discusses several significant cybersecurity incidents. A new malware campaign distributes the "Eddie Steeler" info-stealer using the ClickFix social engineering tactic, targeting credentials, browser data, and cryptocurrency wallets. ConnectWise, an IT management software firm, suffered a suspected state-sponsored cyberattack affecting some ScreenConnect customers. Threat actors are exploiting Google Apps Script to create phishing pages, leveraging Google's reputation to bypass security measures. Finally, a breach at Nova Scotia Power potentially exposed up to 140,000 social insurance numbers, highlighting the risks of storing sensitive data. The podcast emphasizes the importance of security awareness training to combat these threats.

Outlines

00:00:00
Emerging Cyber Threats: Malware, State-Sponsored Attacks, and Data Breaches

This episode covers four major cybersecurity events: the emergence of the Eddie Steeler info-stealer using the ClickFix technique, a suspected state-sponsored attack on ConnectWise, the abuse of Google Apps Script for phishing, and a significant data breach at Nova Scotia Power exposing sensitive personal information. The discussion highlights the evolving tactics of cybercriminals and the importance of robust security measures and employee training.

00:02:32
ConnectWise Breach and Google Apps Script Abuse

A detailed look at the ConnectWise breach, suspected to be state-sponsored, and the concerning trend of threat actors abusing Google Apps Script to create convincing phishing attacks. The discussion emphasizes the sophistication of these attacks and the need for proactive security measures.

00:06:50
Nova Scotia Power Breach and Security Awareness

Analysis of the Nova Scotia Power data breach, which exposed a large number of social insurance numbers, and the crucial role of security awareness training in preventing future incidents. The discussion highlights the importance of data protection and employee education in mitigating cyber risks.

Keywords

Eddie Steeler


A new, Rust-based information stealer malware distributed via ClickFix, targeting credentials, browser data, and cryptocurrency wallets.

ClickFix


A social engineering tactic using fake CAPTCHA verification pages to trick victims into executing malicious code.

Google Apps Script


A cloud-based JavaScript platform abused for hosting phishing pages, leveraging Google's trust to bypass security measures.

Nation-State Actor


A state-sponsored group suspected in the ConnectWise breach, using sophisticated techniques to target specific organizations.

ConnectWise Breach


A suspected state-sponsored cyberattack impacting ScreenConnect customers.

Nova Scotia Power Breach


A data breach potentially exposing up to 140,000 social insurance numbers.

Phishing


Deceptive attempts to acquire sensitive information such as usernames, passwords, and credit card details.

Social Engineering


Manipulative techniques used to trick individuals into divulging confidential information or performing actions that compromise security.

Cybersecurity


The protection of computer systems and networks from theft or damage to hardware/software, data or disruption/misuse of service.

Data Breach


A security incident in which sensitive, protected or confidential data is copied, transmitted, viewed, stolen or used by an unauthorized individual, group, or system.

Q&A

  • What is Eddie Steeler malware?

    Eddie Steeler is a new info-stealer using ClickFix to bypass security, targeting sensitive data like credentials and cryptocurrency wallets.

  • How was Google Apps Script abused?

    Threat actors used Google Apps Script to host phishing pages, exploiting Google's trust to trick users.

  • What are the key takeaways from the Nova Scotia Power breach?

    The breach highlights the risks of storing sensitive data and the importance of robust security measures and data protection practices.

  • What is the significance of the ConnectWise breach?

    The ConnectWise breach is suspected to be a state-sponsored attack, highlighting the sophistication of these attacks.

  • Why is security awareness training important?

    Security awareness training is crucial to educate employees about phishing and social engineering tactics to prevent future incidents.

Show Notes

 

In this episode of Cybersecurity Today, host David Shipley discusses several key cyber incidents affecting organizations and individuals. A new rust-based information stealer, known as Eddie Steeler, is being distributed via deceptive CAPTCHA verification pages. ConnectWise, a management software firm, has been breached in an attack suspected to be linked to a nation-state actor, affecting a limited number of its ScreenConnect customers. Additionally, threat actors are now abusing Google App Script to bypass phishing defenses, exploiting the trusted Google brand to trick users. Lastly, a significant data breach at Nova Scotia Power has exposed the social insurance numbers of up to 140,000 customers, making it one of the largest utility data breaches in North America.

00:00 Introduction to Today's Cybersecurity News
00:31 Eddie Steeler Malware Campaign
02:32 ConnectWise Cyber Attack
04:49 Google App Script Phishing Attacks
06:50 Nova Scotia Power Data Breach
08:02 Conclusion and Listener Engagement

Comments 
In Channel
Cybersecurity Today Month in Review of March/April 2026

Cybersecurity Today Month in Review of March/April 2026

2026-04-1801:02:21

Cisco Warns Webex Customers Of Critical SSO Problem

Cisco Warns Webex Customers Of Critical SSO Problem

2026-04-1712:41

North Korean Spies DM You On Facebook

North Korean Spies DM You On Facebook

2026-04-1519:55

Banks Panic As Anthropic Mythos Exposes Software Vulnerabilties

Banks Panic As Anthropic Mythos Exposes Software Vulnerabilties

2026-04-1319:13

Jeff Williams CTO Cofounder of Contrast Security and OWASP co-founder on Mythos and AI Security

Jeff Williams CTO Cofounder of Contrast Security and OWASP co-founder on Mythos and AI Security

2026-04-1135:43

Fortinet EMS Zero-Day, Anthropic's AI Finds Thousands of Bugs, Iranian Hackers Target US ICS

Fortinet EMS Zero-Day, Anthropic's AI Finds Thousands of Bugs, Iranian Hackers Target US ICS

2026-04-0915:59

North Korea's $285M Crypto Heist, China Breaches FBI System, Delve Faces New Allegations

North Korea's $285M Crypto Heist, China Breaches FBI System, Delve Faces New Allegations

2026-04-0716:12

Electric Vehicles and EV Security - Steve Visconti CEO of Xiid Corporation with David Shipley

Electric Vehicles and EV Security - Steve Visconti CEO of Xiid Corporation with David Shipley

2026-04-0326:38

Cisco Breached: Source Code Stolen - Cybersecurity Today

Cisco Breached: Source Code Stolen - Cybersecurity Today

2026-04-0115:03

Russian State Hackers Go After IoS Devices

Russian State Hackers Go After IoS Devices

2026-03-3019:42

RSAC Recap: Agentic AI and Interview With Commvault CISO Bill O'Connell

RSAC Recap: Agentic AI and Interview With Commvault CISO Bill O'Connell

2026-03-2841:18

Anonymous Tip System Breach May Expose Tipsters

Anonymous Tip System Breach May Expose Tipsters

2026-03-2711:28

RSAC Presenter Says "Time to Kill One of Cybersecurity's Most Overworked Terms"

RSAC Presenter Says "Time to Kill One of Cybersecurity's Most Overworked Terms"

2026-03-2514:36

Startup Accused Of Helping Fake Privacy and Security Audits

Startup Accused Of Helping Fake Privacy and Security Audits

2026-03-2312:41

The Fundamental Mistake in Cybersecurity Risk Management

The Fundamental Mistake in Cybersecurity Risk Management

2026-03-2149:39

FBI Seizes Iran-Linked Handala Leak Site After Stryker Intune Wipe Attack: Cybersecurity Today

FBI Seizes Iran-Linked Handala Leak Site After Stryker Intune Wipe Attack: Cybersecurity Today

2026-03-2009:26

Another Medical Device Firm Hit

Another Medical Device Firm Hit

2026-03-1814:24

Notorious Hacker Group "The Comm," Operation Synergia Takedown, Stryker Cyberattack Update & More

Notorious Hacker Group "The Comm," Operation Synergia Takedown, Stryker Cyberattack Update & More

2026-03-1617:44

AI Anxiety: Cybersecurity Today with Special Guest Krish Banerjee, Managing Director (Partner) & Canada Lead - Data & AI - Accenture

AI Anxiety: Cybersecurity Today with Special Guest Krish Banerjee, Managing Director (Partner) & Canada Lead - Data & AI - Accenture

2026-03-1458:17

AI Agent Hacks McKinsey Chatbot in 2 Hours

AI Agent Hacks McKinsey Chatbot in 2 Hours

2026-03-1313:24

loading

Table of contents

Google Play
Download from Google Play
Castbox
Download from App Store
usUnited States
00:00
00:00
x

0.5x

0.8x

1.0x

1.25x

1.5x

2.0x

3.0x

Sleep Timer

Off

End of Episode

5 Minutes

10 Minutes

15 Minutes

30 Minutes

45 Minutes

60 Minutes

120 Minutes

Cybersecurity Incidents: Eddie Steeler Malware, ConnectWise Breach, and Nova Scotia Power Data Theft

Cybersecurity Incidents: Eddie Steeler Malware, ConnectWise Breach, and Nova Scotia Power Data Theft

David Shipley