Now Playing
Active Exploits, 25M Breach & Silent Azure Patch | Today's Threats
Audio is available on Spreaker — see link below.
Three critical exploits are being weaponized right now — NGINX, Exchange, and openDCIM — while a 25-million-record U.S. data breach and a silent Microsoft Azure patch round out today's most urgent cybersecurity stories. If you manage infrastructure or handle risk, this briefing covers everything that moved in the last 24 hours.
Audio is available on Spreaker — see link below.
A vulnerability introduced into NGINX's codebase in two thousand and eight is being actively weaponized in the wild right now. That's the clearest signal from the past twenty-four hours: the threat isn't always new code.
The second critical exploit active in the wild right now is CVE-2026-42897, a Microsoft Exchange zero-day. Unauthenticated remote code execution via a crafted email on on-premises Exchange servers.
The openDCIM story deserves its own attention. Three vulnerabilities, each rated nine point three, chained together for full remote code execution.
On the breach side, the Conduent data breach is the largest confirmed U.S. breach in recent history. Twenty-five million Americans affected across two states: fifteen million Texans and ten million Oregonians.
Iran-aligned threat actors are increasingly using ransomware not for financial return but as a coercive instrument against critical infrastructure. Water systems, energy facilities, manufacturing.
One final item that carries broader implications. A researcher identified a privilege escalation flaw in Azure Backup for AKS.
Chapter summary auto-generated from the verified script. Listen to the full episode for the complete content.