On this week’s show, Patrick Gray, Adam Boileau and James Wilson discuss the week’s cybersecurity news. They cover: * Everyone has an opinion about Claude Mythos… even though almost nobody has used it yet * CISA adds a 2009 Excel bug to the KEV list, u wot? * Adobe also parties like it’s the 2000s, and fixes an Acrobat Reader bug * Disgraced former Trenchant exec Peter Williams’ sob story fails to resonate with … anyone * Remember those crosswalk buttons hacked to play audio mocking Trump and Zuck? They were "secured" by the password: 1234. This week's episode is sponsored by mobile network operator, Cape. Ajit Gokhale talks with James about the ways to get being a telco right when you're starting from scratch and solving the security problems of 2026. Show Notes: Lab Space https://labs.cloudsecurityalliance.org/mythos-ciso/ The “AI Vulnerability Storm”: Building a “Mythosready” Security Program https://labs.cloudsecurityalliance.org/wp-content/uploads/2026/04/mythosreadyv8.pdf Polymarket on X: "JUST IN: Goldman Sachs is reportedly ramping up its cyber defenses in preparation for Claude Mythos." https://x.com/polymarket/status/2043703997412901167 Ananay on X: "Marcus Hutchins probably has the best take on Mythos doing vulnerability research" https://x.com/ananayarora/status/2043381424594837789 solst/ICE of Astarte on X: "Th vast majority of CISOs do not work at Google-sized companies, and will not have to worry about 0days" https://x.com/icesolst/status/2043661954871394483 Charlie Miller on X: "we’ve gone through this before with early fuzzers, afl, etc" https://x.com/0xcharlie/status/2042953783118815295 James Kettle on X: "'Can AI Do Novel Security Research? Meet the HTTP Terminator' will premiere at Blackhat" https://x.com/albinowax/status/2043800249991389667 jeffrey lee funk on X: "We've been tricked, again. Many of the thousands of bugs and vulnerabilities Mythos found are in older software are impossible to exploit." https://x.com/jeffreyleefunk/status/2042805247010349295 Claude is getting worse, according to Claude • The Register https://www.theregister.com/2026/04/13/claude_outage_quality_complaints/ Your Agent Is Mine: Measuring Malicious Intermediary Attacks on the LLM Supply Chain https://arxiv.org/abs/2604.08407 OpenAI's Mac apps need updates thanks to the Axios hack | CyberScoop https://cyberscoop.com/openai-axios-supply-chain-attack/ Hack at Anodot leaves over a dozen breached companies facing extortion | TechCrunch https://techcrunch.com/2026/04/13/hack-at-anodot-leaves-over-a-dozen-breached-companies-facing-extortion/ Snowflake customers hit in data theft attacks after SaaS integrator breach https://www.bleepingcomputer.com/news/security/snowflake-customers-hit-in-data-theft-attacks-after-saas-integrator-breach/ Booking.com confirms hackers accessed customers’ data https://techcrunch.com/2026/04/13/booking-com-confirms-hackers-accessed-customers-data/ CPUID hijacked to serve malware as HWMonitor downloads • The Register https://www.theregister.com/2026/04/10/cpuid_site_hijacked/ Known Exploited Vulnerabilities Catalog | CISA https://www.cisa.gov/known-exploited-vulnerabilities-catalog Adobe fixes PDF zero-day security bug that hackers have exploited for months | TechCrunch https://techcrunch.com/2026/04/14/adobe-fixes-pdf-zero-day-security-bug-that-hackers-have-exploited-for-months/ The Sad Decline of Trenchant Exec Who Had Everything, Before Deciding to Steal and Sell Zero Days to Russian Buyer https://www.zetter-zeroday.com/trenchant-exec-says-he-had-depression-money-troubles-when-he-decided-to-sell-zero-days-to-russian-buyer-also-new-info-reveals-nature-of-his-work-for-australian-intelligence-agency/ FBI Extracts Suspect’s Deleted Signal Messages Saved in iPhone Notification Database https://www.404media.co/fbi-extracts-suspects-deleted-signal-messages-saved-in-iphone-notification-database-2/ US operation evicts Russia from hacked SOHO routers used to breach critical infrastructure | Cybersecurity Dive https://www.cybersecuritydive.com/news/russia-routers-hacking-dns-fbi-disruption/816960/ Telegram Is Still Hosting a Sanctioned $21 Billion Crypto Scammer Black Market | WIRED https://www.wired.com/story/telegram-is-still-hosting-a-sanctioned-21-billion-crypto-scammer-black-market/ The Dumbest Hack of the Year Exposed a Very Real Problem | WIRED https://www.wired.com/story/crosswalk-city-hack-cybersecurity-lessons/

Srsly Risky Biz: Open weight models make the Mythos debate moot
494 views

Risky Business (843): Fortibleed is kinda awesome, actually
751 views

Pitching security startups to VCs in the AI era
203 views

Between Two Nerds: The PRC vs AI
342 views

Srsly Risky Biz: Anthropic has artificial, but not emotional, intelligence
460 views

Risky Business Weekly (842): Anthropic needs an adult in the C suite
1.2K views