Cybersecurity Today Month in Review: Microsoft Zero-Days, AI Deregulation
6/6/20261 hr 5 min
Host Jim Love and panelists David Shipley, Laura Payne, and Jeff Williams discuss a researcher ("Chaotic/Nightmare Eclipse") publicly disclosing multiple Windows zero-days affecting components including Defender and BitLocker, frustration with Microsoft's vulnerability disclosure process, and backlash to Microsoft's initially threatening tone before it was partially walked back; the panel debates responsible disclosure, the need for researcher support/organization, transparency vs liability, and how vulnerability reporting is straining under volume. They then examine a White House AI executive order focused on voluntary measures and 30-day model access, criticizing the lack of basic safety and cybersecurity protections amid FOMO about losing to China and an AI investment bubble. The conversation covers AI-driven harms and studies on reduced brain activity and "cognitive surrender," while noting benefits when AI is used as a tutor. Shipley highlights Canada's Senate passing Bill C-8 on critical infrastructure cybersecurity, and the group urges outcome-focused security, architecture/risk prioritization, and critical thinking against AI-enabled social engineering.
Cybersecurity Today would like to thank Material Security for sponsoring this podcast. Material Security provides faster, more complete detection and response for email, identity, and data threats inside Google Workspace and Microsoft 365. You can contact them at material[dot]security.
00:00 Sponsor Message
00:24 Show Welcome Panel
01:17 Microsoft Zero Day Fallout
04:19 Researcher Backlash Drama
06:46 Unionizing Bug Hunters
13:10 Product Liability Debate
23:23 Regulation vs Transparency
26:00 AI Bubble Investor Risk
28:01 White House AI Order
32:24 Cybersecurity Gaps Telecom
33:19 Telecom Trust Breakdown
34:32 AI Harms and Exploitation
35:36 Studies on Cognitive Surrender
38:13 Markets Regulation and Politics
40:13 Canada Cyber Law Win
42:33 Adoption Hype and Subsidy Bubble
48:50 Patch Deluge and AppSec Strain
52:10 Defenses Beyond Patching
54:17 Outcomes Critical Thinking and CIA
01:01:49 Education Disruption and Closing
01:04:14 Sponsor Message Material Security
Clips
Transcript preview
First 90 secondsJim Love· Host0:00
Cybersecurity Today would like to thank Material Security for sponsoring this podcast. Material Security provides faster, more complete detection and response for email, identity, and data threats inside Google Workspace and Microsoft 365. You can contact them at material.security. Welcome to Cybersecurity Today's Month in Review. I'm your host, Jim Love. We have our regular panel, David Shipley, CEO of Bocera Security and co-host of Cybersecurity Today. Hello, David.
David Shipley· Host0:36
Hello, Jim.
Jim Love· Host0:37
Laura Payne. Laura, Laura Payne from WhiteTuke, welcome.
Laura Payne· Panelist0:41
Thanks, Jim. Always great to be here.
Jim Love· Host0:43
And Jeff Williams, who some of you will know if you watched last month. He's one of the co-founders of OWASP and founder and CTO of Contrast Security. Welcome, Jeff.
Jeff Williams· Guest0:51
Thanks, Jim.
Jim Love· Host0:52
Okay, panel, y-you-- everybody here is experienced. You know the drill, and just for the audience out there, anybody's free to bring in a story. You outline it, give us a little bit of a foundation so that the audience understands the story itself, remembering they may not have seen the same news you did, and then we go into discussion, and that's... It's really the essence of the show, and it's piles of fun. So there you go. I wanna start out with one. I'm gonna bring one out here, and that was the story that we covered, and it was interesting, and it was from Microsoft, and I called it Microsoft Puts the Hammer Down on Revelations of Vulnerabilities, and