Security Researcher Goes To War Against Microsoft

Security Researcher Goes To War Against Microsoft

From Cybersecurity Today by Jim Love

April 20, 2026 · 21 min

About this episode

The episode covers major cybersecurity stories including Microsoft vulnerabilities, NIST's database changes, and a guilty plea in a crypto theft case.

Microsoft Under Fire, NIST Scales Back NVD, FortiSandbox Critical Bugs, Vercel Breach Claims, Scattered Spider Member Pleads Guilty Host David Shipley covers five major stories: researcher "Chaotic Eclipse" publicly released Windows exploits—first "Blue Hammer," then "Red Sun," a Microsoft Defender flaw enabling privilege escalation on fully patched Windows 10/11 and Server—amid claims Microsoft mistreated them, highlighting strain on responsible disclosure as vendors face mounting vulnerability volume and AI-driven bug discovery. NIST announced it can no longer fully enrich all CVEs in the National Vulnerability Database, prioritizing only exploited-in-the-wild issues, federal software, and critical software, leaving the rest backlogged. In "FortiWatch," two critical FortiSandbox flaws allow auth bypass and remote command execution; patches are available. Vercel confirmed attackers accessed internal systems and urges customers to review and rotate environment variables amid unverified ShinyHunters ransom claims. Finally, alleged Scattered Spider member Tyler Buchanan pled guilty to an $8M crypto theft case, with reporting describing the group's social engineering tactics and…

People in this episode

Host: David Shipley

Topics covered

  • Microsoft vulnerabilities
  • NIST National Vulnerability Database
  • FortiSandbox flaws
  • Vercel breach
  • Scattered Spider cybercrime

Keywords

  • Windows exploits
  • privilege escalation
  • critical software
  • auth bypass
  • remote command execution
  • social engineering

Sponsors

Meter

Mentioned in this episode

Products: FortiSandbox, Windows, Windows 10/11, Server, FortiWatch, ShinyHunters, Microsoft Defender, Vercel

More episodes of Cybersecurity Today

Explore listener stats, chart rankings, contacts and more on the Cybersecurity Today podcast page.