Carnival Data Breach Exposes Millions as Microsoft Backs Down on Researcher Threats

Cybersecurity Today for June 2, 2026.

Microsoft has backed away from its hard-line stance against vulnerability researchers after widespread criticism from the security community. The dispute began after independent researcher Nightmare Eclipse published proof-of-concept code for unpatched Microsoft vulnerabilities, triggering a public debate over responsible disclosure, zero-days, and researcher relations.

Cybersecurity Today would like to thank Material Security for sponsoring this podcast. Material Security provides faster, more complete detection and response for email, identity, and data threats inside Google Workspace and Microsoft 365. You can contact them at material[dot]security.

Carnival Corporation disclosed a social-engineering attack that led to the theft of sensitive personal information affecting nearly six million people. Exposed data includes names, contact information, dates of birth, and government identification details. The ShinyHunters cybercrime group has claimed responsibility and alleges the breach involved even more records.

Password manager provider Dashlane temporarily locked some customers out of their accounts after large-scale password-guessing attacks triggered automated security protections. Access was later restored, although some users reported lingering issues.

The episode also examines a software supply-chain attack uncovered by Wiz involving 32 Red Hat Cloud Services NPM packages. Attackers compromised a Red Hat employee's GitHub account and inserted Miasma malware designed to steal Google Cloud and Microsoft Azure credentials.

Timestamps:

00:00 Sponsor Message
00:28 Headlines And Intro
00:55 Microsoft Researcher Dispute
02:58 Carnival Cruise Data Breach
04:48 Dashlane Lockouts Explained
06:09 Miasma Malware Supply-Chain Attack
08:10 Wrap Up And Sign Off
08:31 Sponsor Deep Dive

#Cybersecurity #DataBreach #Carnival #Microsoft #Dashlane #RedHat #SupplyChainAttack #CyberSecurityToday