Cybersecurity Headlines Department of Know: Chrome zero-day, exploits, Copilot summarizes confidential emails, Identity abuse problems
20 snips
Feb 24, 2026 Peter Gregory, cybersecurity author and analyst, and Montez Fitzpatrick, CISO with operational security experience, unpack breaking vulnerabilities and AI governance. They cover a Chrome zero-day patch, a Copilot mishap that exposed summaries of confidential mail, hard-coded credential exploits, identity-driven initial access, and AI code-scanning’s impact on security.
AI Snips
Chapters
Transcript
Episode notes
Browsers Stay High Risk Due To Use After Free
- Chrome had a high-severity use-after-free zero day that was exploited in the wild before Google issued an emergency patch.
- Montez warned use-after-free bugs will persist due to language and compiler realities, so browsers remain high-risk attack surfaces.
AI Tools Need Clear Governance
- A Microsoft 365 Copilot bug summarized emails marked confidential because of an unspecified code error, and Microsoft rolled out a fix.
- Peter framed this as an AI governance problem, urging clearer expectations and controls around AI behavior.
Hard Coded Credentials Cause Devastating Access
- A critical hard-coded credential flaw in Dell RecoverPoint let unauthenticated attackers gain root access and persist since at least mid‑2024.
- Peter called hard-coded credentials an embarrassing, long-known anti-pattern first flagged by OWASP years ago.