
Security Researcher Goes To War Against Microsoft
From Cybersecurity Today by Jim Love
April 20, 2026 · 21 min
About this episode
The episode covers major cybersecurity stories including Microsoft vulnerabilities, NIST's database changes, and a guilty plea in a crypto theft case.
Microsoft Under Fire, NIST Scales Back NVD, FortiSandbox Critical Bugs, Vercel Breach Claims, Scattered Spider Member Pleads Guilty Host David Shipley covers five major stories: researcher "Chaotic Eclipse" publicly released Windows exploits—first "Blue Hammer," then "Red Sun," a Microsoft Defender flaw enabling privilege escalation on fully patched Windows 10/11 and Server—amid claims Microsoft mistreated them, highlighting strain on responsible disclosure as vendors face mounting vulnerability volume and AI-driven bug discovery. NIST announced it can no longer fully enrich all CVEs in the National Vulnerability Database, prioritizing only exploited-in-the-wild issues, federal software, and critical software, leaving the rest backlogged. In "FortiWatch," two critical FortiSandbox flaws allow auth bypass and remote command execution; patches are available. Vercel confirmed attackers accessed internal systems and urges customers to review and rotate environment variables amid unverified ShinyHunters ransom claims. Finally, alleged Scattered Spider member Tyler Buchanan pled guilty to an $8M crypto theft case, with reporting describing the group's social engineering tactics and…
People in this episode
Host: David Shipley
Topics covered
- Microsoft vulnerabilities
- NIST National Vulnerability Database
- FortiSandbox flaws
- Vercel breach
- Scattered Spider cybercrime
Keywords
- Windows exploits
- privilege escalation
- critical software
- auth bypass
- remote command execution
- social engineering
Sponsors
Meter
Mentioned in this episode
Products: FortiSandbox, Windows, Windows 10/11, Server, FortiWatch, ShinyHunters, Microsoft Defender, Vercel
More episodes of Cybersecurity Today
- Vercel Breach Started With AI Tool · April 22, 2026 · 11 min
- Cybersecurity Today Month in Review of March/April 2026 · April 18, 2026 · 1h 2m
- Cisco Warns Webex Customers Of Critical SSO Problem · April 17, 2026 · 13 min
- North Korean Spies DM You On Facebook · April 15, 2026 · 20 min
- Banks Panic As Anthropic Mythos Exposes Software Vulnerabilties · April 13, 2026 · 19 min
- Jeff Williams CTO Cofounder of Contrast Security and OWASP co-founder on Mythos and AI Security · April 11, 2026 · 36 min
Explore listener stats, chart rankings, contacts and more on the Cybersecurity Today podcast page.