Now Playing
5 Zero-Days Live, Wormable RDP & AUR Supply-Chain Compromise
Audio is available on Spreaker — see link below.
Microsoft's record-breaking Patch Tuesday lands with five actively exploited zero-days — including a wormable RDP flaw and AI-feature kernel vulnerabilities — while a supply-chain attack compromises 400+ Arch Linux packages. Everything you need to act on, in under ten minutes.
Audio is available on Spreaker — see link below.
Microsoft just shipped the largest Patch Tuesday in its history. Around two hundred security fixes in a single release cycle, five of them already under active exploitation on the day they were disclosed.
Here's the detail most briefings are glossing over. Two of June's zero-days don't trace back to legacy code.
Two hundred fixes also creates a different kind of problem: regression risk. This batch has already produced documented side effects.
BitLocker is having a difficult week separately. CVE-2026-4402 is a confirmed physical-access vulnerability allowing key extraction via TPM.
Separately, a supply-chain attack the security firm Sonatype is calling Atomic Arch has compromised over four hundred Arch Linux AUR packages. The tactic was straightforward.
The thread connecting all of this is trust. Attackers targeting OS patch complexity, kernel interfaces, and package maintainer identities are all attacking the same thing: the foundational relationships that defenders rely on.
Chapter summary auto-generated from the verified script. Listen to the full episode for the complete content.