Risky Business·Apr 22, 2026·1h 0m

Risky Business #834 -- Vercel gets owned, Mozilla dumps hundreds of Mythos bugs

Download audio Show notes Apple Podcasts

Show notes

On this week’s show, Patrick Gray and James Wilson are joined by special guest The Grugq. They discuss the week’s cybersecurity news, including:

Vercel got owned, and there’s a few infostealer and compromised employee dots to connect
Mozilla used Mythos to find 271 bugs, which feels like a sign of the bug-pocalypse
Speaking of the bug-pocalypse, is that why NIST is noping out of enriching a bunch of bugs?
The NSA is using Mythos even though the government did that whole Anthropic blacklisting thing
And DDos attacks hit a couple of smaller-player socials

This week’s episode is sponsored by Permiso. Ian Ahl chats to Pat about the subtle signals Permiso uses to detect ShinyHunters-style activity in cloud and on-prem environments.

This episode is also available on Youtube.

Show notes

← Previous

Risky Business #833 -- The Great Mythos Freakout of 2026

Risky Business #835 -- Why the Fast16 malware is badass

On this week’s show, Patrick Gray and James Wilson are joined by special guest The Grugq. They discuss the week’s cybersecurity news, including: Vercel got owned, and there’s a few infostealer and compromised employee dots to connect Mozilla used Mythos to find 271 bugs, which feels like a sign of the bug-pocalypse Speaking of the bug-pocalypse, is that why NIST is noping out of enriching a bunch of bugs? The NSA is using Mythos even though the government did that whole Anthropic blacklisting thing And DDos attacks hit a couple of smaller-player socials This week’s episode is sponsored by Permiso. Ian Ahl chats to Pat about the subtle signals Permiso uses to detect ShinyHunters-style activity in cloud and on-prem environments. This episode is also available on Youtube . Show notes Vercel April 2026 Security incident Vercel breach linked to infostealer infection at Context.ai Vercel confirms breach as hackers claim to be selling stolen data Matt Johansen: “This is not a good look” | X NIST limits vulnerability analysis as CVE backlog swells | Cybersecurity Dive CISA Cyber on X Ransomware attack continues to disrupt healthcare in London nearly two years later | The Record from Recorded Future News Lawmakers ponder terrorism designations, homicide charges over hospital ransomware attacks | CyberScoop In defeat for Trump, House extends electronic spying program for just 10 days | The Record from Recorded Future News Crypto infrastructure company blames $290 million theft on North Korean hackers | The Record from Recorded Future News US-sanctioned currency exchange says $15 million heist done by "unfriendly states" - Ars Technica Hackers are abusing unpatched Windows security flaws to hack into organizations | TechCrunch Mozilla Used Anthropic’s Mythos to Find and Fix 271 Bugs in Firefox | WIRED NSA using Anthropic's Mythos despite Defense Department blacklist Beyond the breach: inside a cargo theft actor’s post-compromise playbook | Proofpoint US Beware scam messages offering ships safe transit through Hormuz Strait, says security firm | The Straits Times New Jersey men given lengthy sentences for running North Korean laptop farms | The Record from Recorded Future News Turns Out We’re Not Alone - Volodymyr Styran US joins nearly two dozen other countries in striking back against DDoS-for-hire platforms | Cybersecurity Dive Bluesky blames app outage on ‘sophisticated’ DDoS attack | The Record from Recorded Future News Mastodon says its flagship server was hit by a DDoS attack | TechCrunch An IT expert explained under what conditions using a VPN can cause a smartphone to explode