Carnival Data Breach Exposes Millions as Microsoft Backs Down on Researcher Threats
6/3/202610 min
Cybersecurity Today for June 2, 2026.
Microsoft has backed away from its hard-line stance against vulnerability researchers after widespread criticism from the security community. The dispute began after independent researcher Nightmare Eclipse published proof-of-concept code for unpatched Microsoft vulnerabilities, triggering a public debate over responsible disclosure, zero-days, and researcher relations.
Cybersecurity Today would like to thank Material Security for sponsoring this podcast. Material Security provides faster, more complete detection and response for email, identity, and data threats inside Google Workspace and Microsoft 365. You can contact them at material[dot]security.
Carnival Corporation disclosed a social-engineering attack that led to the theft of sensitive personal information affecting nearly six million people. Exposed data includes names, contact information, dates of birth, and government identification details. The ShinyHunters cybercrime group has claimed responsibility and alleges the breach involved even more records.
Password manager provider Dashlane temporarily locked some customers out of their accounts after large-scale password-guessing attacks triggered automated security protections. Access was later restored, although some users reported lingering issues.
The episode also examines a software supply-chain attack uncovered by Wiz involving 32 Red Hat Cloud Services NPM packages. Attackers compromised a Red Hat employee's GitHub account and inserted Miasma malware designed to steal Google Cloud and Microsoft Azure credentials.
Timestamps:
00:00 Sponsor Message
00:28 Headlines And Intro
00:55 Microsoft Researcher Dispute
02:58 Carnival Cruise Data Breach
04:48 Dashlane Lockouts Explained
06:09 Miasma Malware Supply-Chain Attack
08:10 Wrap Up And Sign Off
08:31 Sponsor Deep Dive
#Cybersecurity #DataBreach #Carnival #Microsoft #Dashlane #RedHat #SupplyChainAttack #CyberSecurityToday
Transcript preview
First 90 secondsSpeaker 00:00
Cybersecurity Today would like to thank Material Security for sponsoring this podcast. Material Security provides faster, more complete detection and response for email, identity, and data threats inside Google Workspace and Microsoft 365. You can contact them at material.security.
David Shipley· Host0:23
Microsoft blinks in researcher showdown. Carnival cruise breach affects six million people. Dashlane brute force locks users out. And new Miasma worm makes the rounds thanks to TeamPCP source code. This is Cybersecurity Today, and I'm your host, David Shipley. Let's get started. Microsoft has walked back threats against security researchers days after dramatically escalating a fight in a blog post many felt was a step backward when it came to vulnerability disclosure. On Monday, the company said it has no plans to go after researchers who find software flaws and publish them. That's a sharp reversal. Days earlier, an official Microsoft blog post had called a recent run of Windows flaws that were released "never justifiable" and warned that its digital crimes unit would keep bringing cases against people who may be helping criminals.