[00:00] Aaron Cole: Welcome to Prime Cyber Insights.
[00:02] Aaron Cole: I'm Aaron Cole.
[00:04] Aaron Cole: We're tracking a surge in critical infrastructure threats
[00:07] Aaron Cole: and massive data compromises that are redefining the risk landscape for 2026.
[00:13] Lauren Mitchell: And I'm Lauren Mitchell.
[00:15] Lauren Mitchell: Joining us today is Chad Thompson,
[00:17] Lauren Mitchell: who brings a systems-level perspective on AI, automation, and security,
[00:23] Lauren Mitchell: blending technical depth with real-world engineering experience.
[00:27] Lauren Mitchell: Chad, great to have you.
[00:29] Lauren Mitchell: We need to start with the Beyond Trust patch.
[00:32] Lauren Mitchell: A CVSS score of 9.9 is as urgent as it gets.
[00:36] Chad Thompson: It really is, Lauren.
[00:38] Chad Thompson: CVE-2026-1731 allows unauthenticated RCE through crafted HTTP requests.
[00:47] Chad Thompson: It targets 8,500 internet-facing deployments, but the real architectural headache right now is Anthropic's Claude desktop extensions.
[00:56] Chad Thompson: Layer X is reporting a zero-click RCE where Claude can autonomously chain tools like Google Calendar to local executors without a confirmation gate.
[01:07] Chad Thompson: Anthropic says it's a configuration issue, but when you're running unsandboxed with full system privileges, that's a massive trust boundary violation.
[01:15] Aaron Cole: Right. It seems like the fail-fast mentality is hitting a wall with these agentic AI designs.
[01:23] Aaron Cole: Meanwhile, the scale of data exposure is hitting new peaks.
[01:27] Aaron Cole: Conduant has confirmed a breach affecting 25 million people, including half of Texas.
[01:35] Aaron Cole: The Safe Pay Group siphoned 8.5 terabytes of data, including social security numbers and Medicaid
[01:42] Aaron Cole: claims. It went undetected for months, which is becoming a recurring theme.
[01:47] Lauren Mitchell: And it's not just the giants, Aaron.
[01:49] Lauren Mitchell: Beacon Mutual, the largest workers' comp insurer in Rhode Island, is reeling from an ink ransom attack.
[01:55] Lauren Mitchell: They've lost 275 gigabytes of internal files, including PII and medical records.
[02:03] Lauren Mitchell: This leads directly into the UK NCSC's urgent warning.
[02:08] Lauren Mitchell: They're telling critical infrastructure operators that severe threats are no longer far-fetched,
[02:13] Lauren Mitchell: citing the malware attacks on Poland's energy grid as the blueprint for what's coming to the UK.
[02:19] Chad Thompson: That regional tension is spilling over into the maritime sector too.
[02:24] Chad Thompson: Norway's PST is flagging Russian cyber espionage targeting coastal and subsea infrastructure.
[02:31] Chad Thompson: They're seeing civilian vessels being used for reconnaissance.
[02:34] Chad Thompson: At the same time, we're seeing APT28 or Fancy Bear exploiting vulnerabilities in Microsoft
[02:42] Chad Thompson: Office to target logistics bodies across Eastern Europe and the U-AE.
[02:47] Chad Thompson: It's a coordinated effort to map out and potentially disrupt essential supply chains.
[02:52] Aaron Cole: It's a multi-front war.
[02:54] Aaron Cole: On the extortion side, Coveware is noting a fascinating shift.
[02:58] Aaron Cole: Ransomware groups are actually pivoting back to traditional encryption.
[03:02] Aaron Cole: It turns out that pure data exfiltration, what CL0P pioneered, is losing its leverage
[03:08] Aaron Cole: because organizations are getting better at incident response.
[03:12] Aaron Cole: Attackers are finding that locking systems is still the most effective way to force a payment.
[03:18] Lauren Mitchell: That's notable. That resilience is being tested on mobile, too.
[03:22] Lauren Mitchell: We've got Zero Day Rat appearing on Telegram, offering nation-state level compromise for Android and iOS.
[03:29] Lauren Mitchell: It's a commercial toolkit for live camera access and credential theft.
[03:33] Lauren Mitchell: Combine that with the ongoing exploitation of Ivanti EPMM0 days, which have already hit the European Commission and Dutch authorities,
[03:42] Lauren Mitchell: and it's clear the perimeter is practically non-existent.
[03:46] Chad Thompson: Exactly, Lauren.
[03:48] Chad Thompson: Whether it's wicked scraping 500,000 stockerware records or state actors hitting Ivanti,
[03:55] Chad Thompson: the common thread is that trivial vulnerabilities are having catastrophic downstream effects.
[04:01] Chad Thompson: We're moving from a period of simple data theft to a period where the integrity of the system itself,
[04:08] Chad Thompson: whether it's an AI agent or a power grid, is the primary target.
[04:13] Aaron Cole: A sobering reality as we look at the rest of February.
[04:17] Aaron Cole: Chad, thanks for joining us to break down these systemic risks.
[04:21] Aaron Cole: Lauren, we'll be keeping a close eye on the conduit litigation and those beyond trust patches.
[04:27] Lauren Mitchell: For Prime Cybersecurity,