4 Zero-Days Live: Chrome V8, RoguePlanet, UniFi Root Chain & Splunk RCE

Chrome Zero-Day Under Active Attack

Google's Chrome browser has a critical zero-day being actively exploited right now, and if you haven't pushed an update across your organization today, that's the first thing to fix when this ends. The vulnerability is tracked as CVE-2026-11645.

Listen now →

Microsoft Defender RoguePlanet Zero-Day

That same pattern is showing up across multiple platforms simultaneously, and that's the broader signal worth tracking today. Microsoft's Defender has a zero-day being called RoguePlanet.

Listen now →

UniFi OS Three-CVE Root Access Chain

Network infrastructure is getting hit through a separate attack chain that's already producing confirmed malware deployments. Three linked vulnerabilities in UniFi OS, CVE-2026-34908, 34909, and 34910, are being chained together to achieve unauthenticated root code execution.

Listen now →

Splunk Enterprise Unauthenticated Code Execution

Splunk Enterprise carries a critical unauthenticated remote code execution flaw this cycle, tracked as CVE-2026-20253. Splunk is now a Cisco subsidiary, and it's core infrastructure for security operations centers doing threat detection and compliance monitoring.

Listen now →

Arch Linux AUR Supply Chain Compromise

The supply chain attack surface expanded in a different direction through the Arch Linux ecosystem. Over four hundred packages in the AUR, the Arch User Repository, were hijacked to deploy infostealer malware and an eBPF rootkit.

Listen now →

Breach Costs and AI Attack Adoption

The economic backdrop to all of this shifted again. US breach costs hit an all-time high of ten point two two million dollars on average, more than double the global average of four point four four million.

Listen now →

Closing Watchpoints

The through-line across today's briefing is acceleration. Four major zero-days exploited simultaneously.

Listen now →