Cybersecurity Today

Urgent meetings between banks and regulators after Anthropic's Mythos announcement trigger scrutiny of systemic risk. Reports show AI can create and validate exploits in minutes, collapsing traditional patch windows. A QR-based phishing service called Venom targets executives and bypasses MFA. A payroll-redirect campaign steals paychecks by hijacking session cookies. A major crypto-fraud takedown freezes millions and identifies thousands of victims.

Jeff Williams, co-founder and CTO of Contrast Security and former OWASP chair, shaped early AppSec tools like WebGoat and the OWASP Top 10. He discusses Anthropic’s Mythos model for finding zero-days, why common vulnerabilities persist, the economics and limits of AI vulnerability discovery, and building AI-powered software factories with feedback, monitoring, and assurance.

An actively exploited FortiClient EMS zero-day and emergency hotfixes make the headlines. A powerful AI model uncovers thousands of high-severity vulnerabilities and advanced exploit techniques. A crafty supply-chain campaign abused social engineering to push malicious packages across ecosystems. Iranian-linked actors are reportedly targeting industrial PLCs in the US.

They unpack a $285M crypto heist tied to North Korea and the elaborate fraud and social engineering behind it. They cover a recovered Iran-linked wiper attack that exploited admin tools and raised Intune security questions. They discuss a China-linked breach of a U.S. surveillance system being called a major incident. They examine allegations that a startup repackaged open-source software and the fallout with Y Combinator.

Steve Visconti, CEO of XSEED Corporation, a specialist in software-based cybersecurity for critical IP, OT, and EV charging systems. He discusses risks in EV charging networks, vehicle-to-grid disruption, charger vulnerabilities that could cause fires, supply-chain and router concerns, and a strategy of making chargers unreachable by closing ports and enforcing registered access.

Cisco Source Code Stolen in Trivy Fallout, Axios Supply Chain Attack, and Active Exploitation of Fortinet and Citrix Flaws David Shipley reports multiple major security incidents: attackers used credentials stolen in the Trivy supply-chain attack via a malicious GitHub action to breach Cisco's internal development environment, clone 300+ GitHub repos, steal source code (including AI products) and AWS keys, and impact customer-related code; Cisco contained the breach, re-imaged systems, and rotated credentials. A separate supply-chain attack hit the widely used JavaScript library Axios after its maintainer account was compromised, pushing poisoned NPM versions that installed a dropper/RAT via a fake dependency; users are told to downgrade affected versions, remove the dependency, rotate credentials, and review CI/CD logs. Active exploitation is confirmed for a Fortinet FortiClient EMS SQL injection (CVE-2026-21643) and for critical Citrix NetScaler flaws (CVE-2026-3055, possibly alongside CVE-2026-4368). Anthropic accidentally exposed details of a new model, "Code Mythos," described as highly capable in reasoning, coding, and cybersecurity. Finally, TechCrunch reports escalating allegations that compliance startup Delve helped fabricate audit evidence and worked with weak auditors. The episode also marks show episode 1,500. 00:00 Headlines and Sponsor 00:54 Cisco Trivy Breach 02:28 Axios NPM Attack 04:12 Fortinet SQLi Exploited 06:24 Citrix Bleed Returns 08:05 Anthropic Model Leak 10:24 Fake Compliance Scandal 12:30 Episode 1500 Milestone 14:03 Sponsor Closing Message

Mac malware called Infinity Stealer uses social‑engineering to harvest browser credentials, Keychain items, crypto wallets and developer secrets. A leaked iOS exploit kit named DarkSword is being used in targeted phishing to deliver mobile implants while Apple issues unusual on‑device warnings. A kernel BPFdoor persists inside global telecom infrastructure. A PyPI supply‑chain compromise uses WAV steganography to exfiltrate secrets and target Kubernetes.

Bill O'Connell, Commvault Chief Security Officer with decades in security, talks backup, resilience, and ResOps. He and the hosts discuss agentic AI takeover, AI-driven funding and hiring shifts, and how AI empowers attackers. They also cover translating risk for leaders and why recovery planning and practicing restores matter more than prevention alone.

A major tip-submission system reportedly exposed millions of sensitive records and features that could compromise promised anonymity. Google warns quantum computers might break current encryption by 2029, raising urgent risks of archived data being decrypted later. The show also explores AI supply-chain threats from poisoned documentation and upcoming Copilot training policy changes that affect data governance.

A debate over retiring the overused APT label in favor of describing actors by motivation and activity. Trade show trends from RSAC, including fading zero trust talk and a surge in agentic AI hype. The FCC's move to block new non-US-made Wi Fi routers and its supply chain rationale. Reports of public Zoom calls being scraped into AI‑generated podcasts. A Kubernetes supply chain campaign deploying an Iran‑targeting wiper. Treasury weighing cyber terrorism insurance changes.