Cyber Bites

* Anthropic Expands Claude Mythos Preview Access to Australian Organisations Through Project Glasswing
* Cybercriminals Exploit ChatGPT Share Links to Distribute Malware Via Fake Outage Pages
* Google Chrome Bolsters Security With Session Cookie Theft Protection for All Users
* Hackers Exploit Meta’s AI Support Bot to Hijack High-Profile Instagram Accounts
* Critical HTTP/2 Bomb Vulnerability Exposes Major Web Servers to Remote Denial-of-Service Attacks



This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit edwinkwan.substack.com

* npm Introduces Human Approval Gates to Counter Software Supply Chain Attacks
* Anthropic’s AI Model Finds Over Ten Thousand Critical Vulnerabilities in Global Software Infrastructure
* Anthropic’s Restricted Claude Mythos Model Moves Closer to Public Release
* AI Emerges as a Game-Changer in Cyber Defence, Australian Signals Directorate Reports



This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit edwinkwan.substack.com

* Grafana Labs Confirms Ransomware Extortion Following TanStack Supply Chain Breach
* GitHub Confirms Internal Repository Breach After Employee Device Compromise
* Google Accidentally Exposes Details of Unpatched Chromium Vulnerability
* CISA Credentials Exposed in Public GitHub Repository for Six Months Before Takedown
* HackerOne Slashes Bug Bounty Payouts as AI Floods Open-Source Security Programs



This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit edwinkwan.substack.com

* Signal Adds In-App Security Warnings to Combat Social Engineering Attacks
* Eighteen-Year-Old Vulnerability Discovered in Nginx Puts Millions of Web Servers at Risk
* OpenAI Confirms Security Breach Following Sophisticated Supply Chain Attack
* New Zero-Day Exploit Allows USB Stick to Bypass Windows BitLocker Encryption
* Agentic AI Is the Security Blind Spot Organisations Can No Longer Afford to Ignore



This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit edwinkwan.substack.com

* Cybercriminals Abuse Amazon SES to Launch Undetected Phishing Campaigns
* ACSC Issues Warning Over ClickFix Attacks Deploying Vidar Stealer Malware
* Malicious OpenClaw Skill Weaponizes AI Agent Framework to Distribute Malware
* Survey Finds 1 in 8 Employees Consider Selling Company Login Credentials Justifiable
* 60% of MD5 Password Hashes Now Crackable in Under an Hour With a Single GPU



This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit edwinkwan.substack.com