On this week’s show special guest co-host Chris Wade, the founder of Corellium turned Cellebrite CTO, joins Patrick Gray and James Wilson to discuss the week’s cybersecurity news.

They cover:

• Microsoft has repos owned, GitHub tokens popped, and a new 0day dropped on them
• Meanwhile, researchers are choosing full disclosure instead of engaging MSRC
• Meta’s AI support agent allowed a staggering 20,000 accounts to be stolen!
• Apple pulls Russia’s MAX messenger from the App Store and disables notifications
• Anthropic gives the public our first Mythos-class model but it won’t do cybersecurity work
• Stripe and Google Tag Manager used in eCommerce website hacking campaign
• And much, much more!

This week’s show is brought to you by runZero. HD Moore, runZeros’ founder, drops by in this week’s sponsor interview to talk about the AI vibe shift. Everyone is very worried about getting owned all of a sudden, and it’s really changing the cybersecurity business.

Show notes:

Microsoft Hacked to Deliver Malware to Claude and Gemini Users | 404.feed.press https://www.404media.co/microsoft-hacked-to-deliver-malware-to-claude-and-gemini-users

Researcher publishes GitHub token-stealing exploit, blames Microsoft’s disclosure process | therecord.media https://therecord.media/researcher-publishes-github-token-stealing-exploit-microsoft

Microsoft Defender ‘RoguePlanet’ zero-day grants SYSTEM privileges | BleepingComputer https://www.bleepingcomputer.com/news/microsoft/microsoft-defender-rogueplanet-zero-day-grants-system-privileges

Microsoft breaks Patch Tuesday record with 206 vulnerabilities | CyberScoop https://cyberscoop.com/microsoft-patch-tuesday-june-2026

WhatsApp says NSO targeted users with spearfishing attacks in violation of court order | therecord.media https://therecord.media/whatsapp-says-nso-targeted-users-with-attacks-against-court-order

Over 20,000 Instagram accounts stolen in Meta AI support hack | BleepingComputer https://www.bleepingcomputer.com/news/security/meta-ai-support-data-breach-affects-20-000-instagram-accounts

New Apple feature automatically changes your compromised passwords | BleepingComputer https://www.bleepingcomputer.com/news/apple/new-apple-feature-automatically-changes-your-compromised-passwords

Apple removes Russia’s state-backed messaging app Max from its store | therecord.media https://therecord.media/apple-removes-russian-app-max-from-app-store

Exclusive: Anthropic’s Mythos can exploit new flaws in hours | https://www.axios.com/2026/06/08/exclusive-anthropics-mythos-can-exploit-new-flaws-in-hours

Anthropic’s new model is Mythos on a leash | CyberScoop https://cyberscoop.com/anthropic-claude-fable-5-release-mythos-guardrails

OpenClaw AI agent found falling for phishing attacks, spills user data | BleepingComputer https://www.bleepingcomputer.com/news/security/openclaw-ai-agent-found-falling-for-phishing-attacks-spills-user-data

OpenAI unveils Lockdown Mode to protect sensitive data from prompt injection attacks | TechCrunch Security https://techcrunch.com/2026/06/06/openai-unveils-lockdown-mode-to-protect-sensitive-data-from-prompt-injection-attacks

Hands on with Intelligent Terminal, an AI-powered Windows Terminal | BleepingComputer https://www.bleepingcomputer.com/news/microsoft/hands-on-with-intelligent-terminal-an-ai-powered-windows-terminal

Seeking Counsel: Ongoing Targeted Campaign Against US Law Firms | Mandiant https://cloud.google.com/blog/topics/threat-intelligence/targeted-campaign-us-law-firms

Check Point warns of zero-day flaw targeted by ransomware affiliate | Cybersecurity Dive https://www.cybersecuritydive.com/news/check-point-zero-day-ransomware/822372

ServiceNow discloses security incident exposing customer data | BleepingComputer https://www.bleepingcomputer.com/news/security/servicenow-discloses-security-incident-exposing-customer-data

Credit card theft campaign abuses Stripe to host stolen payment info | BleepingComputer https://www.bleepingcomputer.com/news/security/credit-card-theft-campaign-abuses-stripe-to-host-stolen-payment-info

CrowdStrike, Palo Alto Networks defy estimates as AI fuels cyber demand | Cybersecurity Dive https://www.cybersecuritydive.com/news/crowdstrike-palo-alto-networks-ai-cyber-demand/821999

The U.S. Military Quietly Turned GPS Into a Global ‘Numbers Station,’ Evidence Suggests | 404.feed.press https://www.404media.co/the-u-s-military-quietly-turned-gps-into-a-global-numbers-station-evidence-suggests

New ‘HTTP/2 Bomb’ DoS attack crashes web servers in under a minute | BleepingComputer https://www.bleepingcomputer.com/news/security/new-http-2-bomb-dos-attack-crashes-web-servers-in-under-a-minute

Google has quietly cut staff across its Cloud business | businessinsider.com https://www.businessinsider.com/google-clouds-quiet-layoffs-hit-cybersecurity-teams-2026-6