Neural Newscast

Welcome to Prime Cyber Insights. I am Aaron Cole, and today we are diving deep into a week of high-stakes identity theft and infrastructure alerts. And I'm Lauren Mitchell. We have a lot to cover today, from active exploits in networking gear to deceptive fishing tactics targeting the energy sector. Joining us today is Benjamin Roth, Technology Ethics and Philosophy Correspondent. Benjamin, you bring such a reflective cadence to these issues, exploring AI and long-term consequences with real intellectual rigor. Welcome to the show. Thank you, Lauren. It is a pleasure to be here. I find myself increasingly concerned with how we define trust in an era where our most essential productivity tools are becoming the primary conduits for deception. Um, that is exactly what we are seeing in Microsoft's latest warning, Lauren. Attackers are hitting energy firms using multi-stage adversary-in-the-middle attacks. Yes. They aren't just sending bad links. They are abusing SharePoint and OneDrive to host phishing payloads. They call it Living Off Trusted Sites or Lots. Yeah, it's a clever, if devious, strategy, Aaron. Because these emails originate from compromised accounts within trusted organizations, they bypass standard email filters. Once the attacker gets that session cookie, they set up automated inbox rules to delete all incoming mail. The victim has no idea their account is currently mass mailing 600 contacts to spread the infection further. It strikes me that we have built our digital architecture on the assumption of inherent platform goodness. When SharePoint is weaponized, it isn't just a technical failure. It is a betrayal of the digital environment. We are seeing the ubiquity of these services turned into a silencer for the victim's intuition. Benjamin, that systems-level view is critical because the technical remediation is getting harder. Microsoft notes that a simple password reset won't fix this. You have to revoke active session cookies and manually scrub those hidden inbox rules. If you don't, the attacker stays in the room even after you've changed the locks. Speaking of locks being broken, Aaron, we need to talk about a Cisco. They just issued an emergency patch for CVE-2026-2045. It's a critical-rated zero-day in their unified communications gear. We're talking full system takeover, and it's being exploited in the wild right now. This is Major. It hits the web management interfaces of unified CM and WebEx calling dedicated instances. An unauthenticated attacker can execute arbitrary code on the underlying OS. CISA has already put it on the known exploited vulnerabilities list, so federal agencies and really everyone need to patch immediately. And it doesn't stop with infrastructure. Okta is reporting on vishing kits that allow attackers to control a user's browser in real time. They synchronize the phishing page with a live phone call to bypass MFA. We're even seeing homoglyphicacs, where RN is used to replace the letter M in domains like RNMicrosoft.com. At a glance, the human eye just doesn't see the difference. These RN versus M tactics are fascinating from a philosophical standpoint. They exploit the limits of human perception and the rapid pace at which we consume information. We are being conditioned to scan rather than read, and the adversary is now coding for our cognitive shortcuts. A sobering reminder that the human element remains the most vulnerable interface. Benjamin, thank you for your insights today. It has been a pleasure having you. I am Aaron Cole. And I'm Lauren Mitchell. Thank you for listening to Prime Cyber Insights. We'll see you in the next episode. Neural Newscast is AI-assisted, human-reviewed. View our AI transparency policy at neuralnewscast.com.