On this week’s show, Patrick Gray, Adam Boileau and James Wilson discuss the week’s cybersecurity news. They cover:
- Anthropic’s new Mythos model hunts bugs and chains exploits together so well that… you cant have it…
- …Unless you’re one of their Project Glasswing partners
- The world isn’t short on bugs, though. F5, Fortinet, Progress ShareFile, and TrueConf are all getting rekt by humans
- GPU Rowhammering goes in the GPU, past the IOMMU and back into the host-side Nvidia driver
- North Korea is spending serious time and money on its crypto hacking
- Just when the US needs CISA most, they slash its budget some more!
This week’s episode is sponsored by identity verification firm, Persona. Tying digital actions to actual human identities isn’t just for banking know-your-customer any more. Persona’s Benjamin Crait says know-your-staff checks belong in high-value flows inside your organisation, too.
This episode is also available on Youtube.
Show notes
- Claude Mythos Preview red.anthropic.com
- Anthropic Claims Its New A.I. Model, Mythos, Is a Cybersecurity ‘Reckoning’ – The New York Times
- Anthropic Teams Up With Its Rivals to Keep AI From Hacking Everything | WIRED
- FFmpeg on X: “Thank you to @AnthropicAI for sending FFmpeg patches” / X
- Critical flaw in F5 BIG-IP faces wide exploitation risk | Cybersecurity Dive
- React2Shell vulnerability helps hackers steal credentials, AI platform keys and other sensitive data | Cybersecurity Dive
- Critical flaw in FortiClient EMS under exploitation | Cybersecurity Dive
- Researchers warn of critical flaws in Progress ShareFile | Cybersecurity Dive
- CISA gives agencies two weeks to patch video conferencing bug exploited by Chinese hackers | The Record from Recorded Future News
- New Rowhammer attacks give complete control of machines running Nvidia GPUs – Ars Technica
- North Korea’s hijack of one of the web’s most used open source projects was likely weeks in the making | TechCrunch
- Drift crypto platform confirms $280 million stolen in hack as researchers point finger at North Korea | The Record from Recorded Future News
- Drift on X: “Drift Protocol — Incident Background Update ” / X
- Trump’s FY2027 budget again targets CISA | Cybersecurity Dive
- CISA’s vulnerability scans, field support on chopping block in Trump budget | Cybersecurity Dive
- Iranian hackers break into U.S. industrial systems, agencies warn
- FBI labels suspected China hack of law enforcement data ‘a major cyber incident’
- Russia Hacked Routers to Steal Microsoft Office Tokens – Krebs on Security
- Massachusetts hospital turning ambulances away after cyberattack | The Record from Recorded Future News
- Exclusive | ‘Ghost Murmur,’ a never-used secret tool, deployed to find lost airman in Iran in daring mission
- A Secure Chat App’s Encryption Is So Bad It Is ‘Meaningless’