[00:00] Aaron Cole: The cybersecurity landscape just hit a high-velocity shift this week, and we are seeing a dangerous
[00:07] Aaron Cole: convergence of unpatched zero days and legitimate tool abuse.
[00:11] Aaron Cole: I'm Aaron Cole.
[00:12] Aaron Cole: Joining us today is Chad Thompson, who brings a systems-level perspective on AI, automation,
[00:18] Aaron Cole: and security.
[00:19] Aaron Cole: blending technical depth, real-world experience, and creative insight drawn from engineering
[00:25] Aaron Cole: and music production.
[00:26] Aaron Cole: Chad, welcome.
[00:28] Lauren Mitchell: And I'm Lauren Mitchell.
[00:29] Lauren Mitchell: We're starting with a triple threat of zero days.
[00:33] Lauren Mitchell: Dell just patched a critical flaw in its recover point software that was exploited for nearly
[00:38] Lauren Mitchell: two years by the Chinese-linked group UNC6201.
[00:42] Lauren Mitchell: Meanwhile, Apple and Google have both issued emergency updates for actively exploited
[00:48] Lauren Mitchell: vulnerabilities.
[00:48] Lauren Mitchell: Erin, the persistence here is what's staggering.
[00:51] Chad Thompson: It really is, Lauren.
[00:54] Chad Thompson: With that DEL flaw, CVE-2269-769,
[01:00] Chad Thompson: attackers were using ghost Nix's to move laterally.
[01:04] Chad Thompson: They've been dwelling in networks for over 400 days.
[01:08] Chad Thompson: When you look at the Apple DELD flaw,
[01:11] Chad Thompson: CVE-2026-1700,
[01:16] Chad Thompson: Google's threat analysis group is calling it extremely sophisticated.
[01:21] Chad Thompson: These aren't just quick hits.
[01:23] Chad Thompson: They are architectural infiltrations.
[01:26] Aaron Cole: It's not just zero days, Chad.
[01:29] Aaron Cole: The Huntress 2026 Cyber Threat Report dropped, and the headline is a 277% explosion in the abuse of RMM tools like Screen Connect and AnyDesk.
[01:39] Aaron Cole: Attackers are ditching custom malware because why build a virus when you can just use the victim's own remote management tools to walk through the front door?
[01:47] Lauren Mitchell: Exactly, Aaron.
[01:48] Lauren Mitchell: We're seeing this play out in Operation Doppelbrand.
[01:52] Lauren Mitchell: The threat actor GS7 has been impersonating Fortune 500 giants like Wells Fargo and USAA using over 150 domains.
[02:03] Lauren Mitchell: They're leveraging those RMM tools for remote access and privilege escalation.
[02:09] Lauren Mitchell: Simultaneously, Drago's reported yesterday that 119 ransomware groups are now specifically targeting industrial control systems.
[02:20] Chad Thompson: From a system's perspective, the R-M-M shift is brilliant but devastating.
[02:26] Chad Thompson: These tools are ubiquitous and trusted.
[02:29] Chad Thompson: If you're an admin, you see screen connect traffic and think nothing of it.
[02:34] Chad Thompson: But for actors like Sylvanite or Azurite.
[02:38] Chad Thompson: Targeting our electric and water utilities, it's the perfect skeleton key.
[02:44] Chad Thompson: We are seeing a 42-day average dwell time in industrial environments before they even hit the encrypt button.
[02:51] Lauren Mitchell: While we fight the technical battles, the legal and financial fallout continues.
[02:56] Lauren Mitchell: A judge approved a $3.25 million settlement yesterday for 23andMe, now Chrome Holding
[03:03] Lauren Mitchell: Co., to resolve claims for Canadian customers.
[03:07] Lauren Mitchell: And URAIL is currently being extorted on Telegram after hackers accessed passport and
[03:13] Lauren Mitchell: travel data in mid-January.
[03:15] Lauren Mitchell: The extortion model is replacing simple encryption.
[03:18] Lauren Mitchell: It's a grim picture.
[03:20] Lauren Mitchell: Especially when you consider that the defense is being hampered by politics.
[03:26] Lauren Mitchell: Congress reauthorized the state and local cybersecurity grant program this month.
[03:31] Lauren Mitchell: But because of the DHS shutdown that started on February 7th, those funds are completely frozen.
[03:39] Lauren Mitchell: State governments are literally waiting for a budget deal to fund their defenses.
[03:44] Lauren Mitchell: The urgency couldn't be higher.
[03:47] Lauren Mitchell: Patch your Dell instances, update Chrome to version 144, and for the love of your network,
[03:53] Lauren Mitchell: audit your RMM access today.
[03:55] Lauren Mitchell: Chad, thanks for the insight.
[03:57] Lauren Mitchell: I'm Aaron Cole.
[03:59] Lauren Mitchell: Absolutely, Aaron.
[04:00] Lauren Mitchell: I'm Lauren Mitchell.
[04:02] Lauren Mitchell: For more in-depth reporting and show notes, check out pci.neuralnewscast.com.
[04:08] Lauren Mitchell: We'll see you next time on Prime Cyber Insights.
[04:13] Lauren Mitchell: Neural Newscast is AI-assisted, human-reviewed.
[04:17] Lauren Mitchell: View our AI transparency policy at neuralnewscast.com.