Cybersecurity Daily: News & Threats
(00:00:00) 4 Zero-Days Live: Chrome V8, RoguePlanet, UniFi Root Chain & Splunk RCE (00:00:48) Microsoft Defender RoguePlanet Zero-Day (00:01:34) UniFi OS Three-CVE Root Access Chain (00:02:17) Splunk Enterprise Unauthenticated Code Execution (00:02:43) Arch Linux AUR Supply Chain Compromise (00:03:15) Breach Costs and AI Attack Adoption (00:04:05) Closing Watchpoints Four critical zero-days are being exploited in the wild at the same time — and today's briefing breaks down every one of them. Chrome's CVE-2026-11645 lives in the V8 JavaScript engine and enables code execution in the browser process. Active exploitation is confirmed. Microsoft's Defender carries a privilege-escalation zero-day dubbed RoguePlanet, granting SYSTEM-level access on fully patched Windows machines — a sobering failure of the last defensive layer. Three chained vulnerabilities in UniFi OS (CVE-2026-34908, 34909, 34910) deliver unauthenticated root access across enterprise networking hardware, with confirmed malware deployments already in the wild. And Splunk Enterprise, the backbone of many security operations centres, has an unauthenticated remote code execution flaw — CVE-2026-20253 — turning threat-detection infrastructure into an attack surface. Elsewhere, over 400 packages in the Arch Linux AUR were hijacked to push infostealer malware and an eBPF rootkit into developer environments, extending a supply-chain attack trend that has doubled year-over-year. The economic picture sharpens the urgency. US data breach costs have hit an all-time high of $10.22 million on average — more than double the global figure. AI-generated phishing is now involved in 37% of breaches. Organisations using AI for detection close the gap in 51 days versus the global average of 241, a difference worth $1.9 million per incident. Patching is not optional today. Prioritise Chrome, Defender, UniFi, and Splunk — in any order, as fast as your change windows allow. This episode includes AI-generated content.
68 episodes
Comments
0Be the first to comment
Sign up now and become a member of the Cybersecurity Daily: News & Threats community!