On this week’s show, Patrick Gray and James Wilson are joined by special guest The Grugq. They discuss the week’s cybersecurity news, including:
- Vercel got owned, and there’s a few infostealer and compromised employee dots to connect
- Mozilla used Mythos to find 271 bugs, which feels like a sign of the bug-pocalypse
- Speaking of the bug-pocalypse, is that why NIST is noping out of enriching a bunch of bugs?
- The NSA is using Mythos even though the government did that whole Anthropic blacklisting thing
- And DDos attacks hit a couple of smaller-player socials
This week’s episode is sponsored by Permiso. Ian Ahl chats to Pat about the subtle signals Permiso uses to detect ShinyHunters-style activity in cloud and on-prem environments.
This episode is also available on Youtube.
Show notes
- Vercel April 2026 Security incident
- Vercel breach linked to infostealer infection at Context.ai
- Vercel confirms breach as hackers claim to be selling stolen data
- Matt Johansen: “This is not a good look” | X
- NIST limits vulnerability analysis as CVE backlog swells | Cybersecurity Dive
- CISA Cyber on X
- Ransomware attack continues to disrupt healthcare in London nearly two years later | The Record from Recorded Future News
- Lawmakers ponder terrorism designations, homicide charges over hospital ransomware attacks | CyberScoop
- In defeat for Trump, House extends electronic spying program for just 10 days | The Record from Recorded Future News
- Crypto infrastructure company blames $290 million theft on North Korean hackers | The Record from Recorded Future News
- US-sanctioned currency exchange says $15 million heist done by “unfriendly states” – Ars Technica
- Hackers are abusing unpatched Windows security flaws to hack into organizations | TechCrunch
- Mozilla Used Anthropic’s Mythos to Find and Fix 271 Bugs in Firefox | WIRED
- NSA using Anthropic’s Mythos despite Defense Department blacklist
- Beyond the breach: inside a cargo theft actor’s post-compromise playbook | Proofpoint US
- Beware scam messages offering ships safe transit through Hormuz Strait, says security firm | The Straits Times
- New Jersey men given lengthy sentences for running North Korean laptop farms | The Record from Recorded Future News
- Turns Out We’re Not Alone – Volodymyr Styran
- US joins nearly two dozen other countries in striking back against DDoS-for-hire platforms | Cybersecurity Dive
- Bluesky blames app outage on ‘sophisticated’ DDoS attack | The Record from Recorded Future News
- Mastodon says its flagship server was hit by a DDoS attack | TechCrunch
- An IT expert explained under what conditions using a VPN can cause a smartphone to explode