Microsoft just dropped an emergency patch for an Office zero-day being exploited in the wild. A WordPress plugin has a CVSS 10.0 vulnerability — that's the golden goose of hacking. 900,000 Chrome users had their ChatGPT conversations stolen by malicious extensions with Google's Featured badge. And two cybersecurity professionals pleaded guilty to moonlighting as ransomware affiliates.

Welcome to 2026. It's gonna be a fun year.

In this episode:

• CVE-2026-21509: Microsoft Office zero-day (security feature bypass)
• CVE-2026-23550: WordPress Modular DS critical vulnerability
• Prompt Poaching: Chrome extensions stealing AI conversations
• Brightspeed breach: Crimson Collective claims 1M+ records
• Insider threat: Security pros turned BlackCat/ALPHV affiliates

Key takeaway: Update your stuff. A patch does you no good if it isn't installed.

Subscribe for weekly cybersecurity news, vulnerability breakdowns, and threat intelligence.

https://forgeboundresearch.com/podcasts/