Now Playing
Six Windows Zero-Days, Carnival's 6M Breach & Sandworm Hits NATO
Audio is available on Spreaker — see link below.
Six Windows zero-days — three actively exploited — expose a coordinated disclosure breakdown between Microsoft and researcher Nightmare-Eclipse, while Carnival Corporation confirms a six-million-record breach and Sandworm deploys Rust-based wipers against NATO-linked infrastructure. Today's briefing covers the stories every security professional needs to know.
Audio is available on Spreaker — see link below.
Three Windows zero-days are being actively exploited right now, and three more remain unpatched, all because Microsoft and a security researcher couldn't find a way to talk to each other. That's the situation this morning, and it's worth understanding how it got here.
The industry reaction has been pointed. Katie Moussouris, the bug bounty pioneer who helped build Microsoft's own program, called the handling a dumpster fire.
Carnival Corporation has formally confirmed a breach affecting just under six million customers. A single phishing email on April fourteenth compromised one employee account.
Russia's Sandworm group has deployed new destructive tooling in Ukraine, a Rust-written wiper called ZeroRays alongside NAUGHTYWIPE. The Rust choice matters.
China-aligned FamousSparrow ran an espionage operation against Venezuela's maritime authority in January, almost certainly aimed at monitoring oil shipments. North Korea compromised a widely used code library in a supply-chain attack documented in ESET's latest threat report covering October twenty twenty-five through March twenty twenty-six.
One regulatory development worth tracking: Michigan's House Bill six zero one one would require solar farm operators to implement NIST and CISA-aligned cybersecurity programs with incident response plans, backed by fines of twenty-five thousand dollars per day for violations. It's an early signal of where energy infrastructure regulation is heading as solar becomes a meaningful share of the grid.
Chapter summary auto-generated from the verified script. Listen to the full episode for the complete content.