Modern Cyber with Jeremy Snyder
A lighter week on volume, which gives Jeremy room to go deeper on a set of stories that all reinforce trends we've been tracking for months. The through-line: prompts keep showing up in places nobody thinks to inspect, AI development tooling keeps proving to be a soft target, and the infrastructure around AI is becoming a first-class attack surface. Plus an update on the US government's limited release of Anthropic's Mythos model, and a fresh Five Eyes warning that the cyber risk timeline is measured in months, not years. Key Episode Highlights * GuardFall: research from Versa showing a prompt-injection technique that defeats 10 of the 11 most popular open source coding and computer-use agents (Cline, Goose, Aider, Roo Code, OpenHands, and others) using basic bash obfuscation. Roughly 548,000 combined GitHub stars across the affected tools. * Amazon Q auto-load flaw: Wiz found the tool auto-loads an amazonq/mcp.json file from cloned repos with no prompt, consent, or workspace-trust check, opening a path to arbitrary code execution. * Perplexity typosquat: Microsoft Defender uncovered a malicious "Search for Perplexity.ai [http://Perplexity.ai]" extension that captured every keystroke in the address bar and routed it to perplexity-ai.online [http://perplexity-ai.online]. AI chat-skimming extensions total roughly 900,000 installs across 20-plus enterprise networks. * Langflow RCE: a new critical CVE enabling remote code execution and arbitrary Python on exposed instances. Trend Micro documented a 19-day campaign deploying Monero crypto miners. * Mythos, unblocked (with limits): the US government has lifted its export-control block on Anthropic's Mythos 5 release, though the exact terms remain fuzzy. * Five Eyes warning: a joint NSA, GCHQ, and allied-agency statement that frontier AI will accelerate the speed, scale, and sophistication of cyber threats, with Bruce Schneier arguing in The Guardian that AI decouples skill from ability. Episode Links - * https://thehackernews.com/2026/06/guardfall-exposes-open-source-ai-coding.html [https://thehackernews.com/2026/06/guardfall-exposes-open-source-ai-coding.html] * https://thehackernews.com/2026/06/amazon-q-developer-flaw-could-let.html [https://thehackernews.com/2026/06/amazon-q-developer-flaw-could-let.html] * https://thehackernews.com/2026/06/malicious-perplexity-chrome-extension.html [https://thehackernews.com/2026/06/malicious-perplexity-chrome-extension.html] * https://www.theguardian.com/technology/2026/jun/22/anthropic-claude-fable-ai-model-artificial-intelligence-national-security [https://www.theguardian.com/technology/2026/jun/22/anthropic-claude-fable-ai-model-artificial-intelligence-national-security] * https://www.cnn.com/2026/06/26/tech/anthropic-mythos-release [https://www.cnn.com/2026/06/26/tech/anthropic-mythos-release] * https://thehackernews.com/2026/06/langflow-rce-exploited-to-deploy-monero.html [https://thehackernews.com/2026/06/langflow-rce-exploited-to-deploy-monero.html]
120 afleveringen
Reacties
0Wees de eerste die een reactie plaatst
Meld je nu aan en word lid van de Modern Cyber with Jeremy Snyder community!