Ransomware gangs are actively exploiting CVE-2026-33825 in Microsoft Defender as CISA confirms live attacks — plus Apple patches 30+ WebKit flaws found by AI, a fake Perplexity Chrome extension steals browsing data, and 7.5 million insurance records are exposed. Today's briefing covers five critical stories every security professional needs right now.
Audio is available on Spreaker — see link below.
Ransomware gangs are actively exploiting a Microsoft Defender privilege escalation flaw right now, and CISA's addition of CVE-2026-33825 to its Known Exploited Vulnerabilities catalog confirms this isn't a theoretical risk anymore. The patch has been available since April fourteenth.
Shifting to browser threats. Microsoft identified a malicious Chrome extension impersonating Perplexity AI that intercepted user search queries and address bar input, routing that data through an attacker-controlled server before passing the user through to normal results.
Apple released updates across iOS, macOS, and Safari addressing over thirty vulnerabilities. Four of the WebKit flaws, including CVE-2026-43707, were discovered using AI tools including Anthropic Claude and OpenAI Codex.
CISA issued its first critical advisory for the open-source FUXA SCADA and HMI platform, covering CVE-2026-13207, a CVSS eight-point-six authentication bypass that allows unauthenticated access to user accounts and role assignments. FUXA is widely deployed in small-to-medium manufacturing, energy, and water treatment environments, partly because it's lightweight and free.
Two major insurance-sector breaches surfaced within seventy-two hours. Aflac Life Insurance Japan disclosed that unauthorized access to its policyholder portal compromised four-point-three-eight million records, including names, dates of birth, phone numbers, and two hundred thirty thousand bank account numbers used for premium payments.
The thread connecting today's developments is timing. CVE-2026-33825 is actively exploited now.
Chapter summary auto-generated from the verified script. Listen to the full episode for the complete content.