On this week’s show, Patrick Gray, Adam Boileau and James Wilson discuss the week’s cybersecurity news. They cover:

• Anthropic’s new Mythos model hunts bugs and chains exploits together so well that… you cant have it…
• …Unless you’re one of their Project Glasswing partners
• The world isn’t short on bugs, though. F5, Fortinet, Progress ShareFile, and TrueConf are all getting rekt by humans
• GPU Rowhammering goes in the GPU, past the IOMMU and back into the host-side Nvidia driver
• North Korea is spending serious time and money on its crypto hacking
• Just when the US needs CISA most, they slash its budget some more!

This week’s episode is sponsored by identity verification firm, Persona. Tying digital actions to actual human identities isn’t just for banking know-your-customer any more. Persona’s Benjamin Crait says know-your-staff checks belong in high-value flows inside your organisation, too.

Show Notes:

Claude Mythos Preview \ red.anthropic.com https://red.anthropic.com/2026/mythos-preview/

Anthropic Claims Its New A.I. Model, Mythos, Is a Cybersecurity ‘Reckoning’ - The New York Times https://www.nytimes.com/2026/04/07/technology/anthropic-claims-its-new-ai-model-mythos-is-a-cybersecurity-reckoning.html

Anthropic Teams Up With Its Rivals to Keep AI From Hacking Everything | WIRED https://www.wired.com/story/anthropic-mythos-preview-project-glasswing/

FFmpeg on X: “Thank you to @AnthropicAI for sending FFmpeg patches” / X https://x.com/ffmpeg /status/2041595801483264002

Critical flaw in F5 BIG-IP faces wide exploitation risk | Cybersecurity Dive https://www.cybersecuritydive.com/news/critical-flaw-in-f5-big-ip-faces-wide-exploitation-risk/816475/

React2Shell vulnerability helps hackers steal credentials, AI platform keys and other sensitive data | Cybersecurity Dive https://www.cybersecuritydive.com/news/credential-harvesting-campaign-react2shell-cisco/816726/

Critical flaw in FortiClient EMS under exploitation | Cybersecurity Dive https://www.cybersecuritydive.com/news/critical-flaw-forticlient-ems-exploitation/816699/

Researchers warn of critical flaws in Progress ShareFile | Cybersecurity Dive https://www.cybersecuritydive.com/news/researchers-critical-flaws-progress-sharefile/816599/

CISA gives agencies two weeks to patch video conferencing bug exploited by Chinese hackers | The Record from Recorded Future News https://therecord.media/trueconf-cyberattack-cisa-hackers

New Rowhammer attacks give complete control of machines running Nvidia GPUs - Ars Technica https://arstechnica.com/security/2026/04/new-rowhammer-attacks-give-complete-control-of-machines-running-nvidia-gpus/

North Korea’s hijack of one of the web’s most used open source projects was likely weeks in the making | TechCrunch https://techcrunch.com/2026/04/06/north-koreas-hijack-of-one-of-the-webs-most-used-open-source-projects-was-likely-weeks-in-the-making/

Drift crypto platform confirms $280 million stolen in hack as researchers point finger at North Korea | The Record from Recorded Future News https://therecord.media/drift-crypto-confirms-280-million-stolen-north-korea

Drift on X: “Drift Protocol — Incident Background Update “ / X https://x.com/DriftProtocol/status/2040611161121370409

Trump’s FY2027 budget again targets CISA | Cybersecurity Dive https://www.cybersecuritydive.com/news/cisa-white-house-budget-fy27/816615/

CISA’s vulnerability scans, field support on chopping block in Trump budget | Cybersecurity Dive https://www.cybersecuritydive.com/news/cisa-trump-budget-fy2027-details/816855/

Iranian hackers break into U.S. industrial systems, agencies warn https://www.nbcnews.com/tech/security/iran-hack-break-us-industrial-systems-agencies-trump-target-rcna267162

FBI labels suspected China hack of law enforcement data ‘a major cyber incident’ https://www.nbcnews.com/news/us-news/fbi-labels-suspected-china-hack-law-enforcement-data-major-cyber-incid-rcna266495

Russia Hacked Routers to Steal Microsoft Office Tokens – Krebs on Security https://krebsonsecurity.com/2026/04/russia-hacked-routers-to-steal-microsoft-office-tokens/

Massachusetts hospital turning ambulances away after cyberattack | The Record from Recorded Future News https://therecord.media/massachusetts-hospital-turning-ambulances-away-cyberattack

Exclusive | ‘Ghost Murmur,’ a never-used secret tool, deployed to find lost airman in Iran in daring mission https://nypost.com/2026/04/07/us-news/ghost-murmur-a-never-used-secret-tool-deployed-to-find-lost-airman-in-iran-in-daring-mission/

A Secure Chat App’s Encryption Is So Bad It Is ‘Meaningless’ https://www.404media.co/a-secure-chat-apps-encryption-is-so-bad-it-is-meaningless/