On this week’s show special guest co-host Chris Wade, the founder of Corellium turned Cellebrite CTO, joins Patrick Gray and James Wilson to discuss the week’s cybersecurity news.
They cover:
- Microsoft has repos owned, GitHub tokens popped, and a new 0day dropped on them
- Meanwhile, researchers are choosing full disclosure instead of engaging MSRC
- Meta’s AI support agent allowed a staggering 20,000 accounts to be stolen!
- Apple pulls Russia’s MAX messenger from the App Store and disables notifications
- Anthropic gives the public our first Mythos-class model but it won’t do cybersecurity work
- Stripe and Google Tag Manager used in eCommerce website hack campaign
- And much, much more!
This week’s show is brought to you by runZero. HD Moore, runZeros’ founder, drops by in this week’s sponsor interview to talk about the AI vibe shift. Everyone is very worried about getting owned all of a sudden, and it’s really changing the cybersecurity business.
This episode is also available on YouTube.
Show notes
- Microsoft Hacked to Deliver Malware to Claude and Gemini Users | 404.feed.press
- Researcher publishes GitHub token-stealing exploit, blames Microsoft’s disclosure process | therecord.media
- Microsoft Defender ‘RoguePlanet’ zero-day grants SYSTEM privileges | BleepingComputer
- Microsoft breaks Patch Tuesday record with 206 vulnerabilities | CyberScoop
- chompie1337 | X
- WhatsApp says NSO targeted users with spearfishing attacks in violation of court order | therecord.media
- Over 20,000 Instagram accounts stolen in Meta AI support hack | BleepingComputer
- New Apple feature automatically changes your compromised passwords | BleepingComputer
- Apple removes Russia’s state-backed messaging app Max from its store | therecord.media
- Exclusive: Anthropic’s Mythos can exploit new flaws in hours |
- Anthropic’s new model is Mythos on a leash | CyberScoop
- Anthropic Offers Mythos Upgrade for Cyber Partners and a ‘Safe’ Version for the Rest of You | wired.com
- OpenClaw AI agent found falling for phishing attacks, spills user data | BleepingComputer
- OpenAI unveils Lockdown Mode to protect sensitive data from prompt injection attacks | TechCrunch Security
- Hands on with Intelligent Terminal, an AI-powered Windows Terminal | BleepingComputer
- Seeking Counsel: Ongoing Targeted Campaign Against US Law Firms | Mandiant
- Check Point warns of zero-day flaw targeted by ransomware affiliate | Cybersecurity Dive
- ServiceNow discloses security incident exposing customer data | BleepingComputer
- Credit card theft campaign abuses Stripe to host stolen payment info | BleepingComputer
- CrowdStrike, Palo Alto Networks defy estimates as AI fuels cyber demand | Cybersecurity Dive
- The U.S. Military Quietly Turned GPS Into a Global ‘Numbers Station,’ Evidence Suggests | 404.feed.press
- New ‘HTTP/2 Bomb’ DoS attack crashes web servers in under a minute | BleepingComputer
- Google has quietly cut staff across its Cloud business | businessinsider.com