Mythos finds a curl vulnerability - 2026-05-18

This episode covers Mythos uncovering a vulnerability in cURL, a recent Google Threat Intelligence report on a zero-day exploit, and the growing impact of AI on capture-the-flag competitions and bug bounty programs. The hosts also discuss the economics of AI platforms like OpenAI, security research trends, and broader concerns around software vulnerabilities, automation, and defensive tooling. Join us LIVE on Mondays, 4:30pm EST. A weekly Podcast with BHIS and Friends. We discuss notable Infosec, and infosec-adjacent news stories gathered by our community news team. https://www.youtube.com/@BlackHillsInformationSecurity Chat with us on Discord! - https://discord.gg/bhis 🔴live-chat Chapters (00:00) - PreShow Banter™ — Token CTFs (03:18) - Story # 1: Mythos finds a curl vulnerability (06:36) - Story # 2: Hackers Used AI to Develop First Known Zero-Day 2FA Bypass for Mass Exploitation (14:47) - Story # 3: The down fall of bug bounties (15:34) - Story # 3: Linus Torvalds says AI-powered bug hunters have made Linux security mailing list ‘almost entirely unmanageable’ (40:52) - Story # 4: Germany to Flood Ukraine’s Front Lines With Hundreds of New GEREON Combat Robots (43:51) - Story # 4b: Wild Video Shows Delivery Robots Causing Havoc, Getting Obliterated (49:35) - Story # 5: Windows BitLocker zero-day gives access to protected drives, PoC released (56:09) - Story # 6: Deal reached with hackers to delete data stolen from the Canvas educational platform (58:07) - Story # 7: Celebrities’ and influencers’ private communications exposed in stalkerware data breach (58:54) - Story # 8: Exclusive: Hackers have breached tank readers at US gas stations; officials suspect Iran is responsible (01:00:29) - Threat Hunting Summit Talk: Threat Hunting in the Dark: A Practical Approach (01:04:47) - WEBCAST: Looking at A.I. Wrong with John Strand, BB King and Derek Banks Links Story # 1: Mythos finds a curl vulnerability Story # 2: Hackers Used AI to Develop First Known Zero-Day 2FA Bypass for Mass Exploitation Story # 3: The down fall of bug bounties Story # 3: Linus Torvalds says AI-powered bug hunters have made Linux security mailing list ‘almost entirely unmanageable’ Story # 4: Germany to Flood Ukraine’s Front Lines With Hundreds of New GEREON Combat Robots Story # 4b: Wild Video Shows Delivery Robots Causing Havoc, Getting Obliterated Story # 5: Windows BitLocker zero-day gives access to protected drives, PoC released Story # 6: Deal reached with hackers to delete data stolen from the Canvas educational platform Story # 7: Celebrities’ and influencers’ private communications exposed in stalkerware data breach Story # 8: Exclusive: Hackers have breached tank readers at US gas stations; officials suspect Iran is responsible Threat Hunting Summit Talk: Threat Hunting in the Dark: A Practical Approach WEBCAST: Looking at A.I. Wrong with John Strand, BB King and Derek BanksCreators & Guests John Strand - Host Corey Ham - Host Wade Wells - Host Bronwen Aker - Host Ralph May - Host Shane Hartman - Guest Meagan Bentley - Producer Hayden Covington - Host Click here to watch this episode on YouTube. Click here to view the episode transcript. 🔗 Register for FREE Infosec Webcasts, Anti-casts & Summits  https://poweredbybhis.com Brought to you by: Black Hills Information Security  https://www.blackhillsinfosec.com Antisyphon Training https://www.antisyphontraining.com/ Active Countermeasures https://www.activecountermeasures.com Wild West Hackin Fest https://wildwesthackinfest.com