Zero-Day Surges in Chrome and Apple Signal High-Stakes Risk [Prime Cyber Insights]

[00:00] Aaron Cole: Critical zero days, sophisticated fishing kits, and a direct hit on the semiconductor supply chain. [00:08] Aaron Cole: I'm Aaron Cole, and this is Prime Cyber Insights. [00:12] Aaron Cole: We are moving fast today because the threat landscape is not waiting for anyone to catch up. [00:17] Aaron Cole: From Google to Apple, the patches are non-negotiable right now. [00:22] Lauren Mitchell: I'm Lauren Mitchell. [00:23] Lauren Mitchell: We're looking at a week where the complexity of attacks has jumped significantly, targeting [00:30] Lauren Mitchell: everything from individual browsers to the industrial control systems powering our infrastructure. [00:37] Lauren Mitchell: Joining us today is Chad Thompson, a director-level AI and security leader with a systems-level [00:43] Lauren Mitchell: perspective on automation, enterprise risk, and operational resilience. [00:48] Lauren Mitchell: Chad, welcome. [00:49] Lauren Mitchell: Thanks, Lauren. [00:50] Lauren Mitchell: Good to be here. [00:53] Chad Thompson: We're seeing a really interesting intersection right now between classic vulnerabilities like use after free memory errors in Chrome and highly automated commercial grade tools like the StarKiller platform. [01:07] Chad Thompson: It's an environment where the basics of security are being tested by industrial scale automation. [01:14] Aaron Cole: Let's dive right into that urgency, Lauren. [01:17] Aaron Cole: Google just issued an emergency update for CVE 2026-2441. [01:23] Aaron Cole: It is the first Chrome Zero Day of 2026, and Google confirms it's already being exploited [01:29] Aaron Cole: in the wild. [01:30] Aaron Cole: This isn't just a bug. [01:32] Aaron Cole: Experts say the trigger surface is almost absolute. [01:36] Aaron Cole: If you visit a malicious page, you're at risk. [01:38] Lauren Mitchell: Right, and it's not just Chrome, Aaron. [01:41] Lauren Mitchell: Apple just fixed CVE 2026-220700, a flaw in the dynamic link editor that impacts everything from iPhones to MacBooks. [01:52] Lauren Mitchell: Google's threat analysis group linked this to an extremely sophisticated attack. [01:57] Lauren Mitchell: When you pair these exploits with the new Star Killer Fishing Kit, [02:00] Lauren Mitchell: which uses live proxying to bypass MFA in real time, [02:04] Lauren Mitchell: the perimeter looks more porous than ever. [02:07] Chad Thompson: The Star Killer development is what worries me from a risk perspective. [02:11] Chad Thompson: Because it proxies real login pages live, [02:14] Chad Thompson: there's no stable fingerprint for defenders to block. [02:18] Chad Thompson: It makes the victim experience indistinguishable from a real login. [02:21] Chad Thompson: For an enterprise, this means your MFA isn't a silver bullet anymore. [02:27] Chad Thompson: It's a hurdle that attackers have already figured out how to clear. [02:31] Aaron Cole: That evolution is showing up in the hardware sector too. [02:34] Aaron Cole: You know, Adventest, the Japanese giant that tests chips for Intel, Samsung, and TSMC, [02:41] Aaron Cole: was hit by ransomware on February 15th. [02:44] Aaron Cole: They've activated incident response, but we don't know the full extent of the data theft yet. [02:50] Aaron Cole: This follows a record year in 2025 where industrial control system advisories topped 500 for the first time. [02:59] Lauren Mitchell: Aaron, the FBI warning at CyberTalks really contextualizes this. [03:04] Lauren Mitchell: Michael Maktinger highlighted that Salt Typhoon, the Chinese group that hit U.S. telecoms in 2024, is still very much active. [03:13] Lauren Mitchell: They aren't always using fancy zero days for their entry. [03:17] Lauren Mitchell: They're exploiting basic configuration errors and known CBEs. [03:21] Lauren Mitchell: It's a reminder that sophisticated actors love simple mistakes. [03:25] Chad Thompson: Exactly, Lauren. [03:27] Chad Thompson: The systems level failure here is often a lack of hygiene. [03:33] Chad Thompson: Whether it's the Adventist intrusion or Salt Typhoon's persistence across 80 countries, [03:40] Chad Thompson: the vulnerability management life cycle is clearly struggling. [03:44] Chad Thompson: Only 22% of ICS vulnerabilities in 2025 had a CISA advisory, which means the visibility gap for OT security is actually widening while the threats increase. [03:58] Aaron Cole: And the data leaks are scaling up too. [04:00] Aaron Cole: We've seen over a billion records exposed through an AI-powered identity service and a separate leak from an Android AI art app. [04:09] Aaron Cole: Plus, the FinTech figure just confirmed a breach of nearly a million records after a social [04:14] Aaron Cole: engineering attack involving voice phishing and an Okta campaign. [04:18] Aaron Cole: It's a total bombardment of the identity layer. [04:21] Lauren Mitchell: It even extends to the tools we use to build. [04:24] Lauren Mitchell: A supply chain attack on the C-line AI coding tool used a prompt injection vulnerability [04:30] Lauren Mitchell: in their GitHub workflow to inject a persistent daemon called OpenClaw into four zero zero [04:37] Lauren Mitchell: zero systems. [04:38] Lauren Mitchell: It shows that even the AI automation meant to help us is becoming a vector for persistence. [04:44] Aaron Cole: The message today is clear. [04:46] Aaron Cole: Patch Chrome and Apple immediately and revisit those basic configurations the FBI is shouting about. [04:53] Aaron Cole: I'm Aaron Cole. [04:54] Aaron Cole: Thanks for listening to Prime Cyber Insights. [04:56] Lauren Mitchell: And I'm Lauren Mitchell. [04:58] Lauren Mitchell: Stay resilient, stay updated, and check out pci.neuralnewscast.com for more. [05:04] Lauren Mitchell: We'll see you next time. [05:06] Lauren Mitchell: Neural Newscast is AI-assisted, human-reviewed. [05:10] Lauren Mitchell: View our AI transparency policy at neuralnewscast.com.