Cybersecurity Daily: News & Threats · 1 Jul 2026 · 5 min

Microsoft Defender Zero-Day Exploited, Apple AI Patches & Insurance Mega-Breaches

Ransomware gangs are actively exploiting CVE-2026-33825 in Microsoft Defender as CISA confirms live attacks — plus Apple patches 30+ WebKit flaws found by AI, a fake Perplexity Chrome extension steals browsing data, and 7.5 million insurance records are exposed. Today's briefing covers five critical stories every security professional needs right now.

Cybersecurity Daily: News & Threats
Now Playing
Microsoft Defender Zero-Day Exploited, Apple AI Patches & Insurance Mega-Breaches

Audio is available on Spreaker — see link below.

What's covered

CVE-2026-33825 Active Ransomware Exploitation

Ransomware gangs are actively exploiting a Microsoft Defender privilege escalation flaw right now, and CISA's addition of CVE-2026-33825 to its Known Exploited Vulnerabilities catalog confirms this isn't a theoretical risk anymore. The patch has been available since April fourteenth.

Listen now →

Malicious Perplexity Chrome Extension

Shifting to browser threats. Microsoft identified a malicious Chrome extension impersonating Perplexity AI that intercepted user search queries and address bar input, routing that data through an attacker-controlled server before passing the user through to normal results.

Listen now →

Apple WebKit Patches and AI Bug Discovery

Apple released updates across iOS, macOS, and Safari addressing over thirty vulnerabilities. Four of the WebKit flaws, including CVE-2026-43707, were discovered using AI tools including Anthropic Claude and OpenAI Codex.

Listen now →

FUXA SCADA Authentication Bypass

CISA issued its first critical advisory for the open-source FUXA SCADA and HMI platform, covering CVE-2026-13207, a CVSS eight-point-six authentication bypass that allows unauthenticated access to user accounts and role assignments. FUXA is widely deployed in small-to-medium manufacturing, energy, and water treatment environments, partly because it's lightweight and free.

Listen now →

Insurance Sector Breaches: NAIC and Aflac

Two major insurance-sector breaches surfaced within seventy-two hours. Aflac Life Insurance Japan disclosed that unauthorized access to its policyholder portal compromised four-point-three-eight million records, including names, dates of birth, phone numbers, and two hundred thirty thousand bank account numbers used for premium payments.

Listen now →

Watchpoints for the Next Twenty-Four Hours

The thread connecting today's developments is timing. CVE-2026-33825 is actively exploited now.

Listen now →

Chapter summary auto-generated from the verified script. Listen to the full episode for the complete content.

More episodes

From Cybersecurity Daily: News & Threats