On this week’s show, Patrick Gray, Adam Boileau and James Wilson discuss the week’s cybersecurity news. They cover:

• Everyone has an opinion about Claude Mythos… even though almost nobody has used it yet
• CISA adds a 2009 Excel bug to the KEV list, u wot?
• Adobe also parties like it’s the 2000s, and fixes an Acrobat Reader bug
• Disgraced former Trenchant exec Peter Williams’ sob story fails to resonate with … anyone
• Remember those crosswalk buttons hacked to play audio mocking Trump and Zuck? They were “secured” by the password: 1234.

This week’s episode is sponsored by mobile network operator, Cape. Ajit Gokhale talks with James about the ways to get being a telco right when you’re starting from scratch and solving the security problems of 2026.

Show Notes:

Lab Space https://labs.cloudsecurityalliance.org/mythos-ciso/

The “AI Vulnerability Storm”: Building a “Mythosready” Security Program https://labs.cloudsecurityalliance.org/wp-content/uploads/2026/04/mythosreadyv8.pdf

Polymarket on X: “JUST IN: Goldman Sachs is reportedly ramping up its cyber defenses in preparation for Claude Mythos.” https://x.com/polymarket/status/2043703997412901167

Ananay on X: “Marcus Hutchins probably has the best take on Mythos doing vulnerability research” https://x.com/ananayarora/status/2043381424594837789

solst/ICE of Astarte on X: “Th vast majority of CISOs do not work at Google-sized companies, and will not have to worry about 0days” https://x.com/icesolst/status/2043661954871394483

Charlie Miller on X: “we’ve gone through this before with early fuzzers, afl, etc” https://x.com/0xcharlie/status/2042953783118815295

James Kettle on X: “‘Can AI Do Novel Security Research? Meet the HTTP Terminator’ will premiere at Blackhat” https://x.com/albinowax/status/2043800249991389667

jeffrey lee funk on X: “We’ve been tricked, again. Many of the thousands of bugs and vulnerabilities Mythos found are in older software are impossible to exploit.” https://x.com/jeffreyleefunk/status/2042805247010349295

Claude is getting worse, according to Claude • The Register https://www.theregister.com/2026/04/13/claude_outage_quality_complaints/

Your Agent Is Mine: Measuring Malicious Intermediary Attacks on the LLM Supply Chain https://arxiv.org/abs/2604.08407

OpenAI’s Mac apps need updates thanks to the Axios hack | CyberScoop https://cyberscoop.com/openai-axios-supply-chain-attack/

Hack at Anodot leaves over a dozen breached companies facing extortion | TechCrunch https://techcrunch.com/2026/04/13/hack-at-anodot-leaves-over-a-dozen-breached-companies-facing-extortion/ Snowflake customers hit in data theft attacks after SaaS integrator breach https://www.bleepingcomputer.com/news/security/snowflake-customers-hit-in-data-theft-attacks-after-saas-integrator-breach/

Booking.com confirms hackers accessed customers’ data https://techcrunch.com/2026/04/13/booking-com-confirms-hackers-accessed-customers-data/

CPUID hijacked to serve malware as HWMonitor downloads • The Register https://www.theregister.com/2026/04/10/cpuid_site_hijacked/

Known Exploited Vulnerabilities Catalog | CISA https://www.cisa.gov/known-exploited-vulnerabilities-catalog

Adobe fixes PDF zero-day security bug that hackers have exploited for months | TechCrunch https://techcrunch.com/2026/04/14/adobe-fixes-pdf-zero-day-security-bug-that-hackers-have-exploited-for-months/

The Sad Decline of Trenchant Exec Who Had Everything, Before Deciding to Steal and Sell Zero Days to Russian Buyer https://www.zetter-zeroday.com/trenchant-exec-says-he-had-depression-money-troubles-when-he-decided-to-sell-zero-days-to-russian-buyer-also-new-info-reveals-nature-of-his-work-for-australian-intelligence-agency/

FBI Extracts Suspect’s Deleted Signal Messages Saved in iPhone Notification Database https://www.404media.co/fbi-extracts-suspects-deleted-signal-messages-saved-in-iphone-notification-database-2/

US operation evicts Russia from hacked SOHO routers used to breach critical infrastructure | Cybersecurity Dive https://www.cybersecuritydive.com/news/russia-routers-hacking-dns-fbi-disruption/816960/

Telegram Is Still Hosting a Sanctioned $21 Billion Crypto Scammer Black Market | WIRED https://www.wired.com/story/telegram-is-still-hosting-a-sanctioned-21-billion-crypto-scammer-black-market/

The Dumbest Hack of the Year Exposed a Very Real Problem | WIRED https://www.wired.com/story/crosswalk-city-hack-cybersecurity-lessons/