[00:00] Announcer: From Neural Newscast, this is Prime Cyber Insights, Intelligence for Defenders, Leaders, and Decision Makers.
[00:06] Announcer: In the briefing room from March 3rd, 2026, I'm Aaron Cole with Prime Cyber Insights.
[00:12] Announcer: We are moving fast today.
[00:14] Announcer: Join us today as Chad Thompson, a director-level AI and security leader with a systems-level perspective on automation, enterprise risk, and operational resilience.
[00:25] Announcer: Chad, it's great to have you.
[00:28] Aaron Cole: Glad to be here, Lauren.
[00:30] Aaron Cole: We're seeing a fundamental shift in the browser attack surface as we move toward agentic models.
[00:36] Aaron Cole: And the news this morning really highlights that risk.
[00:40] Lauren Mitchell: Exactly. Mauerbytes reported on a high-severity flaw, CVE 2020-60628, in the Chrome Gemini side panel.
[00:51] Lauren Mitchell: It essentially allowed a low-privilege extension to inherit the AI's powerful permissions,
[00:57] Lauren Mitchell: camera, microphone, and even local file access.
[01:01] Lauren Mitchell: Chad, how does this change the way we evaluate extension security?
[01:07] Aaron Cole: It breaks the traditional sandbox model, Lauren.
[01:10] Aaron Cole: Usually, extensions are isolated, but because the Gemini panel is a trusted, high-privileged
[01:16] Aaron Cole: component, a simple extension could tamper with its traffic and drive the AI autonomously.
[01:24] Aaron Cole: It turns the AI into a command broker for the attacker.
[01:28] Aaron Cole: Bypassing user consent prompts entirely.
[01:32] Lauren Mitchell: Switching to mobile, Google has confirmed that a Qualcomm Graphics Component Zero Day
[01:37] Lauren Mitchell: CVE 2026-21-385 is under targeted exploitation.
[01:44] Lauren Mitchell: Chad, this is a buffer overread impacting the kernel level.
[01:49] Lauren Mitchell: What is the practitioner's takeaway here?
[01:51] Aaron Cole: The urgency is the takeaway, Aaron.
[01:55] Aaron Cole: When Google flags targeted exploitation in their monthly bulletin, it means the threat is no longer theoretical.
[02:03] Aaron Cole: This flaw allows for memory corruption by adding user-supplied data without checking buffer space.
[02:12] Aaron Cole: For enterprise fleets, this isn't just a software bug.
[02:15] Aaron Cole: It's a hardware-adjacent vulnerability that requires immediate patch orchestration.
[02:22] Lauren Mitchell: It is a massive patch cycle, too. 129 vulnerabilities in the March update alone.
[02:30] Lauren Mitchell: But while we're tracking zero days, we are also seeing a significant escalation in regional campaigns.
[02:36] Announcer: That brings us to sloppy lemming.
[02:39] Announcer: Arctic Wolf reports this group has dramatically expanded its infrastructure,
[02:44] Announcer: targeting government and energy sectors in Pakistan and Bangladesh,
[02:49] Announcer: They have scaled from 13 Cloudflare workers to 112 in just a year, using a custom backdoor called Burroughshel.
[02:59] Lauren Mitchell: And they have transitioned to Rust for their keyloggers, which makes detection much harder.
[03:06] Lauren Mitchell: Meanwhile, in Europe, we are seeing the fallout of a major supply chain hit.
[03:12] Lauren Mitchell: 15.8 million medical records were stolen from the French Health Ministry via a breach at the software supplier Sejidim Sante.
[03:21] Announcer: The register reports that about 165,000 of those files contained actual notes penned by doctors, including sensitive details like HIV status,
[03:33] Announcer: Chad, looking at C.J. Deem-Sante and the Chrome flaw together, what is the common thread for risk leaders?
[03:41] Aaron Cole: The common thread is the failure of third-party boundaries, Aaron.
[03:45] Aaron Cole: Whether it's a trusted browser extension or a government-mandated medical software provider.
[03:51] Aaron Cole: The system-level risk is that we are delegating high-value data access to entities that aren't being audited at the level their permissions require.
[04:04] Aaron Cole: We have to move from trusting the platform to verifying the path of the data.
[04:09] Chad Thompson: A clear reminder that resilience isn't just about internal controls, but managing the entire
[04:15] Chad Thompson: ecosystem.
[04:17] Chad Thompson: Chad, thank you for the analysis today.
[04:19] Announcer: That is the briefing for today.
[04:21] Announcer: For technical details on the CVEs and campaigns mentioned, visit pci.neuralnewscast.com.
[04:29] Announcer: I'm Erin Cole.
[04:31] Lauren Mitchell: And I'm Lauren Mitchell.
[04:32] Lauren Mitchell: This has been Prime Cyber Insights.
[04:35] Lauren Mitchell: Note that our coverage is for informational purposes.
[04:38] Lauren Mitchell: Always verify security steps with your internal engineering teams.
[04:42] Lauren Mitchell: We'll see you tomorrow.
[04:44] Lauren Mitchell: Neural Newscast is AI-assisted, human-reviewed.
[04:48] Lauren Mitchell: View our AI transparency policy at neuralnewscast.com.
[04:52] Announcer: This has been Prime Cyber Insights on Neural Newscast,
[04:56] Announcer: Intelligence for Defenders, Leaders, and Decision Makers.
[04:59] Announcer: Neural Newscast uses artificial intelligence in content creation
[05:03] Announcer: with human editorial review prior to publication.
[05:06] Announcer: While we strive for factual, unbiased reporting, AI-assisted content may occasionally contain
[05:12] Announcer: errors. Verify critical information with trusted sources. Learn more at neuralnewscast.com.