On this week’s show, Patrick Gray, Adam Boileau and James Wilson discuss the week’s cybersecurity news. They cover:
- Everyone has an opinion about Claude Mythos… even though almost nobody has used it yet
- CISA adds a 2009 Excel bug to the KEV list, u wot?
- Adobe also parties like it’s the 2000s, and fixes an Acrobat Reader bug
- Disgraced former Trenchant exec Peter Williams’ sob story fails to resonate with … anyone
- Remember those crosswalk buttons hacked to play audio mocking Trump and Zuck? They were “secured” by the password: 1234.
This week’s episode is sponsored by mobile network operator, Cape. Ajit Gokhale talks with James about the ways to get being a telco right when you’re starting from scratch and solving the security problems of 2026.
This episode is also available on Youtube.
Show notes
- Lab Space
- The “AI Vulnerability Storm”: Building a “Mythosready” Security Program
- Polymarket on X: “JUST IN: Goldman Sachs is reportedly ramping up its cyber defenses in preparation for Claude Mythos.”
- Ananay on X: “Marcus Hutchins probably has the best take on Mythos doing vulnerability research”
- solst/ICE of Astarte on X: “Th vast majority of CISOs do not work at Google-sized companies, and will not have to worry about 0days”
- Charlie Miller on X: “we’ve gone through this before with early fuzzers, afl, etc”
- James Kettle on X: “‘Can AI Do Novel Security Research? Meet the HTTP Terminator’ will premiere at Blackhat”
- jeffrey lee funk on X: “We’ve been tricked, again. Many of the thousands of bugs and vulnerabilities Mythos found are in older software are impossible to exploit.”
- Claude is getting worse, according to Claude • The Register
- Your Agent Is Mine: Measuring Malicious Intermediary Attacks on the LLM Supply Chain
- OpenAI’s Mac apps need updates thanks to the Axios hack | CyberScoop
- Hack at Anodot leaves over a dozen breached companies facing extortion | TechCrunch
- Snowflake customers hit in data theft attacks after SaaS integrator breach
- Booking.com confirms hackers accessed customers’ data
- CPUID hijacked to serve malware as HWMonitor downloads • The Register
- Known Exploited Vulnerabilities Catalog | CISA
- Adobe fixes PDF zero-day security bug that hackers have exploited for months | TechCrunch
- The Sad Decline of Trenchant Exec Who Had Everything, Before Deciding to Steal and Sell Zero Days to Russian Buyer
- FBI Extracts Suspect’s Deleted Signal Messages Saved in iPhone Notification Database
- US operation evicts Russia from hacked SOHO routers used to breach critical infrastructure | Cybersecurity Dive
- Telegram Is Still Hosting a Sanctioned $21 Billion Crypto Scammer Black Market | WIRED
- The Dumbest Hack of the Year Exposed a Very Real Problem | WIRED