Modern Cyber with Jeremy Snyder
This week's episode is short but loaded. Jeremy walks through a run of stories where AI is reshaping both sides of the security fight at once. Models are now surfacing decades-old vulnerabilities that humans never caught, chaining old bugs into new high-impact attacks, and getting jailbroken within days of launch. On top of that: a fresh zero-click exfiltration chain in Microsoft 365 Copilot, a database that doubles as a covert attack channel, a major open source patching initiative from OpenAI and Trail of Bits, and a NIST proof that no fixed set of guardrails can hold forever. Key Episode Highlights * SquidBleed: a Squid proxy flaw sitting in the default config since a 1997 commit, surfaced almost instantly by Claude Mythos Preview under Project Glasswing. Roughly 30 years undetected by humans. * The HTTP/2 Bomb: a denial-of-service attack chaining an HPACK compression bomb with a Slowloris-style memory hold, built by an AI model that read the codebases and stitched together two old CVEs. * The Daybreak Initiative: OpenAI pairs GPT-5.5 Cyber with Trail of Bits to find and fix flaws across 30-plus critical open source projects. * Five Eyes alarm: NSA and CISA issue a rare joint statement warning that frontier AI will transform offense and defense, with a timeline measured in months, not years. * SearchLeak: Varonis discloses a zero-click Microsoft 365 Copilot Enterprise chain that pulls mail, calendar, and files from a single crafted link. Already patched server-side, no customer action needed. * "Oops, I weaponized the database": SpecterOps shows native AI features in Microsoft SQL Server 2025 doubling as a covert command and control and exfiltration channel. Microsoft says it's working as designed. * Meta hits pause: an internal program training AI on employee behavior is halted after sensitive data was exposed to the entire workforce. * Fable 5 jailbroken: Bruce Schneier reports Anthropic's new Mythos-class model bypassed within days, with its 120,000 character system prompt leaked to GitHub. * NIST proof: a peer-reviewed result showing no finite set of guardrails can be universally robust against an adaptive adversary. Episode Links * https://thehackernews.com/2026/06/29-year-old-squid-proxy-bug-squidbleed.html * https://www.theregister.com/security/2026/06/04/openais-codex-chains-decade-old-dos-techniques-into-http/2-bomb/5251377 * https://openai.com/index/patch-the-planet/ * https://www.bleepingcomputer.com/news/security/new-attack-turned-microsoft-365-copilot-into-1-click-data-theft-tool/ * https://specterops.io/blog/2026/06/10/oops-i-weaponized-the-database-abusing-ai-features-in-mssql-2025/ * https://www.wired.com/story/meta-accidentally-let-employees-access-each-others-keystroke-data/ * https://www.schneier.com/blog/archives/2026/06/anthropics-fable-5-model-jailbroken-within-days.html * https://www.nist.gov/news-events/news/2026/06/nist-mathematical-proof-supports-transition-continuous-monitor-and-update
120 episodios
Comentarios
0Sé la primera persona en comentar
¡Regístrate ahora y únete a la comunidad de Modern Cyber with Jeremy Snyder!