Now Playing
AI-Generated Zero-Day Confirmed & Defender Exploited in the Wild
Audio is available on Spreaker — see link below.
The first confirmed AI-generated zero-day exploit hit 2FA infrastructure while three Microsoft Defender flaws moved from disclosure to active exploitation. Today's briefing covers nation-state Gemini abuse, a critical Starlette vulnerability, and breaches at 7-Eleven and Beacon Mutual.
Audio is available on Spreaker — see link below.
Three vulnerabilities in Microsoft Defender are being actively exploited right now, and the implication is sharper than a typical patch notice: the tool organizations rely on to detect threats has itself become the entry point. That's not an edge case.
That brings us to a conflict running beneath the surface of these disclosures. A researcher known as Nightmare-Eclipse claims Microsoft flagged and suspended their GitHub account after the zero-day publications.
Separately, Microsoft also patched SharePoint Server this cycle. CVE-2026-45659 is a high-severity remote code execution flaw affecting SharePoint twenty sixteen, twenty nineteen, and Subscription Edition.
The Starlette web framework, which sits underneath FastAPI, vLLM, and LiteLLM, carries a critical vulnerability tracked as CVE-2026-48710. The flaw, called BadHost, allows host header bypass.
Three nation-state groups, North Korea's UNC2970, Iran's APT42, and China's APT31, have been documented using the Google Gemini API for intelligence gathering, phishing refinement, and vulnerability research. More than one hundred thousand queries were logged in what's being described as distillation attacks.
Three more developments worth tracking. Seven-Eleven confirmed a breach affecting one hundred and eighty-five thousand people, primarily franchisee applicants.
The through-line across all of this is acceleration. AI infrastructure is now the primary attack surface, not a secondary one.
Chapter summary auto-generated from the verified script. Listen to the full episode for the complete content.