Cybersecurity Daily: News & Threats
(00:00:00) Microsoft Defender Zero-Day Exploited, Apple AI Patches & Insurance Mega-Breaches (00:01:08) Malicious Perplexity Chrome Extension (00:01:55) Apple WebKit Patches and AI Bug Discovery (00:02:37) FUXA SCADA Authentication Bypass (00:03:18) Insurance Sector Breaches: NAIC and Aflac (00:04:07) Watchpoints for the Next Twenty-Four Hours Ransomware operators are actively exploiting CVE-2026-33825, a Microsoft Defender privilege escalation flaw that enables SYSTEM-level access on unpatched Windows endpoints. CISA has added it to the Known Exploited Vulnerabilities catalog, confirming real-world attacks are underway. If your organization hasn't applied the April 14th patch cycle, the risk window is open right now. Also in today's briefing: Apple pushed updates across iOS, macOS, and Safari addressing more than thirty vulnerabilities — four WebKit flaws, including CVE-2026-43707, were discovered using AI tools from Anthropic and OpenAI, signalling that AI-assisted vulnerability research is now a mainstream part of the patch cycle on both sides of the security divide. Microsoft identified a malicious Chrome extension impersonating Perplexity AI that silently routed search queries and browsing behavior to an attacker-controlled server. The Chrome Web Store missed it. The incident highlights a persistent and widening gap in browser extension vetting, especially for AI-branded tools. CISA issued its first critical advisory for the open-source FUXA SCADA and HMI platform, covering an authentication bypass flaw — CVE-2026-13207, CVSS 8.6 — affecting manufacturing, energy, and water treatment environments. Patch 1.3.2 is available. Finally, two insurance-sector breaches surfaced within 72 hours: Aflac Life Insurance Japan confirmed 4.38 million records compromised, including 230,000 bank account numbers, while ShinyHunters published 3.1 terabytes of data from the National Association of Insurance Commissioners via a PeopleSoft zero-day. The vendor patch timeline remains unresolved. This podcast was built using AI technology. A YesWee production. This episode includes AI-generated content.
57 Folgen
Kommentare
0Sei die erste Person, die kommentiert
Melde dich jetzt an und werde Teil der Cybersecurity Daily: News & Threats-Community!