<p>On this week’s show, Patrick Gray, Adam Boileau and James Wilson discuss the week’s cybersecurity news. They cover:</p> <ul> <li>Everyone has an opinion about Claude Mythos… even though almost nobody has used it yet</li> <li>CISA adds a 2009 Excel bug to the KEV list, u wot?</li> <li>Adobe also parties like it’s the 2000s, and fixes an Acrobat Reader bug</li> <li>Disgraced former Trenchant exec Peter Williams’ sob story fails to resonate with … anyone</li> <li>Remember those crosswalk buttons hacked to play audio mocking Trump and Zuck? They were “secured” by the password: 1234.</li> </ul> <p>This week’s episode is sponsored by mobile network operator, Cape. Ajit Gokhale talks with James about the ways to get being a telco right when you’re starting from scratch and solving the security problems of 2026.</p> <p>This episode is also available on <a href="https://youtu.be/TxYNYShs_aw">Youtube</a>.</p> <h3 class="panel-title">Show notes</h3> <ul> <li><a href="https://labs.cloudsecurityalliance.org/mythos-ciso/">Lab Space</a></li> <li><a href="https://labs.cloudsecurityalliance.org/wp-content/uploads/2026/04/mythosreadyv8.pdf">The “AI Vulnerability Storm”: Building a “Mythosready” Security Program</a></li> <li><a href="https://x.com/polymarket/status/2043703997412901167">Polymarket on X: &quot;JUST IN: Goldman Sachs is reportedly ramping up its cyber defenses in preparation for Claude Mythos.&quot; </a></li> <li><a href="https://x.com/ananayarora/status/2043381424594837789">Ananay on X: &quot;Marcus Hutchins probably has the best take on Mythos doing vulnerability research&quot;</a></li> <li><a href="https://x.com/icesolst/status/2043661954871394483">solst/ICE of Astarte on X: &quot;Th vast majority of CISOs do not work at Google-sized companies, and will not have to worry about 0days&quot;</a></li> <li><a href="https://x.com/0xcharlie/status/2042953783118815295">Charlie Miller on X: &quot;we’ve gone through this before with early fuzzers, afl, etc&quot;</a></li> <li><a href="https://x.com/albinowax/status/2043800249991389667">James Kettle on X: &quot;&#39;Can AI Do Novel Security Research? Meet the HTTP Terminator&#39; will premiere at Blackhat&quot;</a></li> <li><a href="https://x.com/jeffreyleefunk/status/2042805247010349295">jeffrey lee funk on X: &quot;We&#39;ve been tricked, again. Many of the thousands of bugs and vulnerabilities Mythos found are in older software are impossible to exploit.&quot;</a></li> <li><a href="https://www.theregister.com/2026/04/13/claude_outage_quality_complaints/">Claude is getting worse, according to Claude • The Register</a></li> <li><a href="https://arxiv.org/abs/2604.08407">Your Agent Is Mine: Measuring Malicious Intermediary Attacks on the LLM Supply Chain</a></li> <li><a href="https://cyberscoop.com/openai-axios-supply-chain-attack/">OpenAI&#39;s Mac apps need updates thanks to the Axios hack | CyberScoop</a></li> <li><a href="https://techcrunch.com/2026/04/13/hack-at-anodot-leaves-over-a-dozen-breached-companies-facing-extortion/">Hack at Anodot leaves over a dozen breached companies facing extortion | TechCrunch</a></li> <li><a href="https://www.bleepingcomputer.com/news/security/snowflake-customers-hit-in-data-theft-attacks-after-saas-integrator-breach/">Snowflake customers hit in data theft attacks after SaaS integrator breach</a></li> <li><a href="https://techcrunch.com/2026/04/13/booking-com-confirms-hackers-accessed-customers-data/">Booking.com confirms hackers accessed customers’ data</a></li> <li><a href="https://www.theregister.com/2026/04/10/cpuid_site_hijacked/">CPUID hijacked to serve malware as HWMonitor downloads • The Register</a></li> <li><a href="https://www.cisa.gov/known-exploited-vulnerabilities-catalog">Known Exploited Vulnerabilities Catalog | CISA</a></li> <li><a href="https://techcrunch.com/2026/04/14/adobe-fixes-pdf-zero-day-security-bug-that-hackers-have-exploited-for-months/">Adobe fixes PDF zero-day security bug that hackers have exploited for months | TechCrunch</a></li> <li><a href="https://www.zetter-zeroday.com/trenchant-exec-says-he-had-depression-money-troubles-when-he-decided-to-sell-zero-days-to-russian-buyer-also-new-info-reveals-nature-of-his-work-for-australian-intelligence-agency/">The Sad Decline of Trenchant Exec Who Had Everything, Before Deciding to Steal and Sell Zero Days to Russian Buyer</a></li> <li><a href="https://www.404media.co/fbi-extracts-suspects-deleted-signal-messages-saved-in-iphone-notification-database-2/">FBI Extracts Suspect’s Deleted Signal Messages Saved in iPhone Notification Database</a></li> <li><a href="https://www.cybersecuritydive.com/news/russia-routers-hacking-dns-fbi-disruption/816960/">US operation evicts Russia from hacked SOHO routers used to breach critical infrastructure | Cybersecurity Dive</a></li> <li><a href="https://www.wired.com/story/telegram-is-still-hosting-a-sanctioned-21-billion-crypto-scammer-black-market/">Telegram Is Still Hosting a Sanctioned $21 Billion Crypto Scammer Black Market | WIRED</a></li> <li><a href="https://www.wired.com/story/crosswalk-city-hack-cybersecurity-lessons/">The Dumbest Hack of the Year Exposed a Very Real Problem | WIRED</a></li> </ul>