[00:00] Aaron Cole: We're tracking a massive wave of security updates this week that has effectively redefined the
[00:06] Aaron Cole: 2026 threat landscape for IT teams.
[00:09] Aaron Cole: Lauren, the sheer volume of zero days hitting both Apple and Microsoft simultaneously is staggering.
[00:15] Lauren Mitchell: It really is, and the urgency is palpable.
[00:18] Lauren Mitchell: Joining us today is a guest who brings a systems-level perspective on AI, automation, and security,
[00:25] Lauren Mitchell: blending technical depth with creative insight from engineering and music production.
[00:30] Lauren Mitchell: It's great to have you.
[00:31] Lauren Mitchell: Thanks. It's a pleasure.
[00:34] Chad Thompson: We're seeing a fascinating, if terrifying, collision right now legacy code from decades ago
[00:40] Chad Thompson: meeting the high-speed automation of modern AI reconnaissance.
[00:44] Aaron Cole: It's a perfect storm for system administrators.
[00:47] Aaron Cole: Let's dive into that legacy issue, Lauren.
[00:49] Aaron Cole: Apple just released iOS 26.3 to patch CVE-2026-20700.
[00:56] Aaron Cole: This dialed dynamic linker flaw has apparently existed since iOS 1.0.
[01:01] Aaron Cole: Google's threat analysis group found it being used in sophisticated, targeted attacks that chain with WebKit flaws for total device control.
[01:09] Lauren Mitchell: And it isn't just Apple, Aaron.
[01:12] Lauren Mitchell: Microsoft's Patch Tuesday confirmed six zero days are under active attack.
[01:17] Lauren Mitchell: I mean, we're looking at elevation of privilege in the desktop window manager and remote desktop services.
[01:23] Lauren Mitchell: Experts are warning that these flaws are game over because they lead to full system compromise.
[01:31] Chad Thompson: From a systems perspective, what's interesting here is the reach.
[01:35] Chad Thompson: The DILD flaw in iOS and the Windows Desktop Manager vulnerabilities affect almost every active device.
[01:41] Chad Thompson: When you have six zero days at once, patching isn't just a best practice.
[01:46] Chad Thompson: It's a survival mechanism for the enterprise.
[01:49] Aaron Cole: That automation, you mentioned, is showing up in Google's new report.
[01:54] Aaron Cole: Nation state actors are now leveraging Gemini for reconnaissance and social engineering.
[01:59] Aaron Cole: They even found honest queue malware using the Gemini API to generate malicious code on the fly to evade detection.
[02:09] Lauren Mitchell: That's why the MPA is so aggressive right now regarding BiteDance's CDance 2.0.
[02:15] Lauren Mitchell: It's creating Hollywood-grade deepfakes by scraping copyrighted material.
[02:21] Lauren Mitchell: Aaron, between AI-powered reconnaissance and these high-fidelity deepfakes, the signal-to-noise
[02:28] Lauren Mitchell: ratio in security is getting incredibly thin.
[02:31] Chad Thompson: Exactly.
[02:33] Chad Thompson: And look at the 40,000 Exposed OpenClaw AI Instances Security Scorecard just found.
[02:38] Chad Thompson: Many are vulnerable to remote code execution.
[02:41] Chad Thompson: We're deploying these convenient AI tools faster than we can secure them, effectively creating
[02:47] Chad Thompson: a massive centralized concentration of risk.
[02:50] Aaron Cole: That risk is hitting home in the energy sector, too.
[02:54] Aaron Cole: CISA and the DOE just warned about a December attack in Poland that corrupted OT firmware.
[03:00] Aaron Cole: Combine that with the investigation into the breach of 4 million Texans' health data at Conduant, and the stakes for infrastructure have never been higher.
[03:09] Lauren Mitchell: It underscores why the CISA town halls for the CIRCA reporting rules are so critical this month.
[03:17] Lauren Mitchell: We need transparency to fight back.
[03:20] Aaron Cole: Update your systems immediately, whether it's iOS, Windows, or Chrome.
[03:25] Aaron Cole: For more details, visit pci.neuralnewscast.com.
[03:30] Aaron Cole: We'll see you next time on Prime Cyber Insights.
[03:33] Aaron Cole: Neural Newscast is AI-assisted human-reviewed.
[03:37] Aaron Cole: View our AI Transparency Policy at neuralnewscast.com.