[00:00] Aaron Cole: Critical zero days, sophisticated fishing kits, and a direct hit on the semiconductor supply chain.
[00:08] Aaron Cole: I'm Aaron Cole, and this is Prime Cyber Insights.
[00:12] Aaron Cole: We are moving fast today because the threat landscape is not waiting for anyone to catch up.
[00:17] Aaron Cole: From Google to Apple, the patches are non-negotiable right now.
[00:22] Lauren Mitchell: I'm Lauren Mitchell.
[00:23] Lauren Mitchell: We're looking at a week where the complexity of attacks has jumped significantly, targeting
[00:30] Lauren Mitchell: everything from individual browsers to the industrial control systems powering our infrastructure.
[00:37] Lauren Mitchell: Joining us today is Chad Thompson, a director-level AI and security leader with a systems-level
[00:43] Lauren Mitchell: perspective on automation, enterprise risk, and operational resilience.
[00:48] Lauren Mitchell: Chad, welcome.
[00:49] Lauren Mitchell: Thanks, Lauren.
[00:50] Lauren Mitchell: Good to be here.
[00:53] Chad Thompson: We're seeing a really interesting intersection right now between classic vulnerabilities like use after free memory errors in Chrome and highly automated commercial grade tools like the StarKiller platform.
[01:07] Chad Thompson: It's an environment where the basics of security are being tested by industrial scale automation.
[01:14] Aaron Cole: Let's dive right into that urgency, Lauren.
[01:17] Aaron Cole: Google just issued an emergency update for CVE 2026-2441.
[01:23] Aaron Cole: It is the first Chrome Zero Day of 2026, and Google confirms it's already being exploited
[01:29] Aaron Cole: in the wild.
[01:30] Aaron Cole: This isn't just a bug.
[01:32] Aaron Cole: Experts say the trigger surface is almost absolute.
[01:36] Aaron Cole: If you visit a malicious page, you're at risk.
[01:38] Lauren Mitchell: Right, and it's not just Chrome, Aaron.
[01:41] Lauren Mitchell: Apple just fixed CVE 2026-220700, a flaw in the dynamic link editor that impacts everything from iPhones to MacBooks.
[01:52] Lauren Mitchell: Google's threat analysis group linked this to an extremely sophisticated attack.
[01:57] Lauren Mitchell: When you pair these exploits with the new Star Killer Fishing Kit,
[02:00] Lauren Mitchell: which uses live proxying to bypass MFA in real time,
[02:04] Lauren Mitchell: the perimeter looks more porous than ever.
[02:07] Chad Thompson: The Star Killer development is what worries me from a risk perspective.
[02:11] Chad Thompson: Because it proxies real login pages live,
[02:14] Chad Thompson: there's no stable fingerprint for defenders to block.
[02:18] Chad Thompson: It makes the victim experience indistinguishable from a real login.
[02:21] Chad Thompson: For an enterprise, this means your MFA isn't a silver bullet anymore.
[02:27] Chad Thompson: It's a hurdle that attackers have already figured out how to clear.
[02:31] Aaron Cole: That evolution is showing up in the hardware sector too.
[02:34] Aaron Cole: You know, Adventest, the Japanese giant that tests chips for Intel, Samsung, and TSMC,
[02:41] Aaron Cole: was hit by ransomware on February 15th.
[02:44] Aaron Cole: They've activated incident response, but we don't know the full extent of the data theft yet.
[02:50] Aaron Cole: This follows a record year in 2025 where industrial control system advisories topped 500 for the first time.
[02:59] Lauren Mitchell: Aaron, the FBI warning at CyberTalks really contextualizes this.
[03:04] Lauren Mitchell: Michael Maktinger highlighted that Salt Typhoon, the Chinese group that hit U.S. telecoms in 2024, is still very much active.
[03:13] Lauren Mitchell: They aren't always using fancy zero days for their entry.
[03:17] Lauren Mitchell: They're exploiting basic configuration errors and known CBEs.
[03:21] Lauren Mitchell: It's a reminder that sophisticated actors love simple mistakes.
[03:25] Chad Thompson: Exactly, Lauren.
[03:27] Chad Thompson: The systems level failure here is often a lack of hygiene.
[03:33] Chad Thompson: Whether it's the Adventist intrusion or Salt Typhoon's persistence across 80 countries,
[03:40] Chad Thompson: the vulnerability management life cycle is clearly struggling.
[03:44] Chad Thompson: Only 22% of ICS vulnerabilities in 2025 had a CISA advisory, which means the visibility gap for OT security is actually widening while the threats increase.
[03:58] Aaron Cole: And the data leaks are scaling up too.
[04:00] Aaron Cole: We've seen over a billion records exposed through an AI-powered identity service and a separate leak from an Android AI art app.
[04:09] Aaron Cole: Plus, the FinTech figure just confirmed a breach of nearly a million records after a social
[04:14] Aaron Cole: engineering attack involving voice phishing and an Okta campaign.
[04:18] Aaron Cole: It's a total bombardment of the identity layer.
[04:21] Lauren Mitchell: It even extends to the tools we use to build.
[04:24] Lauren Mitchell: A supply chain attack on the C-line AI coding tool used a prompt injection vulnerability
[04:30] Lauren Mitchell: in their GitHub workflow to inject a persistent daemon called OpenClaw into four zero zero
[04:37] Lauren Mitchell: zero systems.
[04:38] Lauren Mitchell: It shows that even the AI automation meant to help us is becoming a vector for persistence.
[04:44] Aaron Cole: The message today is clear.
[04:46] Aaron Cole: Patch Chrome and Apple immediately and revisit those basic configurations the FBI is shouting about.
[04:53] Aaron Cole: I'm Aaron Cole.
[04:54] Aaron Cole: Thanks for listening to Prime Cyber Insights.
[04:56] Lauren Mitchell: And I'm Lauren Mitchell.
[04:58] Lauren Mitchell: Stay resilient, stay updated, and check out pci.neuralnewscast.com for more.
[05:04] Lauren Mitchell: We'll see you next time.
[05:06] Lauren Mitchell: Neural Newscast is AI-assisted, human-reviewed.
[05:10] Lauren Mitchell: View our AI transparency policy at neuralnewscast.com.