Now Playing
Nightmare-Eclipse Escalates, DirtyDecrypt LPE & npm's 637-Package Breach
Audio is available on Spreaker — see link below.
Six Windows zero-days are now fuelling live ransomware campaigns as researcher Nightmare-Eclipse threatens RCE drops before June Patch Tuesday — and that's just the start. Today's briefing also covers the DirtyDecrypt Linux kernel exploit and a 22-minute npm supply chain attack that poisoned 637 packages including AntV.
Audio is available on Spreaker — see link below.
A solo researcher has released six Windows zero-days in coordinated succession, and at least some of them are already active in ransomware campaigns. That's the lead today, and it demands attention.
Shift to Linux, where a proof-of-concept has dropped for CVE-2026-31635, tracked as DirtyDecrypt. This is a local privilege escalation flaw in the Linux kernel, specifically in the rxgk_decrypt_skb function.
The third major story today is npm. An attacker compromised an atool maintainer account and, in twenty-two minutes, published malicious versions across six hundred and thirty-seven packages, including AntV, Alibaba's widely used data visualization library.
The important distinction with this incident is the attack vector. This wasn't GitHub Actions cache poisoning like the TanStack attack in April, which hit one hundred and sixty-nine packages.
Three things are worth watching from here. First, whether Nightmare-Eclipse follows through on RCE disclosures before June Patch Tuesday and what that means for the organizations currently running unpatched Windows endpoints.
Chapter summary auto-generated from the verified script. Listen to the full episode for the complete content.