Hacktics & Telemetry, E9: Mythos Mania, Thinking Red, and Acting Blue (ft. Ismael Valenzuela)
Welcome to episode 9 of Hacktics and Telemetry, a Rapid7-produced podcast! Hosted by Douglas McKee and Jonah Burgess (@_CryptoCat) – although this week, replaced by Jacob Steadman – this show brings you the latest in cybersecurity news, vulnerability research, and actionable defensive strategies. ⏱️ Episode Chapters 00:00 – Welcome and Introduction to Hacktics & Telemetry 03:43 – The Situation Room: FortiBleed, AutoJack, and Splunk all make the news 25:11 – The War Room: "Think Red, Act Blue" with Ismael Valenzuela 57:08 – The Mitigation Minute: Lock down your AI agents and isolate the blast radius with sandboxing 🔍 Episode Highlights The Situation Report We discuss Anthropic's restricted release of the Mythos AI model and what it signals about growing government involvement in controlling access to increasingly capable AI systems. We examine Fortinet's investigation into reported FortiGate credential compromises, highlighting how legacy credentials and password reuse can remain exploitable even after systems are patched. We explore several emerging attacks targeting AI coding assistants and autonomous agents, including AgentJacking, Context7 prompt injection attacks, and Microsoft's research into host-level remote code execution risks created by web-enabled AI agents. We cover CISA's warning regarding active exploitation of a critical Splunk Enterprise vulnerability and the importance of rapid patching. The War Room (Guest Segment) Ismael Valenzuela (SANS Senior Instructor, VP of Threat Research & Intelligence at Arctic Wolf) joins the show to discuss his career in cybersecurity and the evolution of modern threat intelligence. Ismael explains the "Think Red, Act Blue" philosophy and how offensive thinking can strengthen defensive security programs. We discuss the recent AI-focused updates to the SANS SEC530 course and how AI is changing both attacker methodologies and defender workflows. We dive into Arctic Wolf's analysis of the recent FortiGate credential exposure and discuss practical lessons organizations should take away. We close with a discussion of the China-linked UNC6508 espionage campaign and broader trends in long-term nation-state operations against research organizations. The Mitigation Minute (Sponsored by Rapid7) Doug and Jacob explain why patching alone is not sufficient after infrastructure vulnerabilities. Organizations should rotate administrative credentials following upgrades, eliminate legacy password hashes where possible, and enforce phishing-resistant MFA across management interfaces. They also discuss why localhost services should no longer be considered inherently trustworthy in environments using autonomous AI agents. Defenders should inventory locally exposed services, require authentication on all local APIs, operate AI agents with least privilege, and isolate execution environments to reduce host-level compromise risks. 🔗 Resources & Links Episode Stories & Research Anthropic Mythos Access Announcement: https://r-7.co/44aGRlt Fortinet Analysis of FortiGate Credential Compromise: https://r-7.co/4eULvsR AgentJacking Attack Against AI Coding Agents: https://r-7.co/3QX2bb3 Context7 Prompt Injection Research: https://r-7.co/4456Smi Microsoft's AutoJack Research: https://r-7.co/3QXl0Lp Microsoft AI Agent Host-Level RCE Coverage: https://r-7.co/3SFSvlT CISA Warning on Splunk Enterprise Vulnerability: https://r-7.co/4vLmrMb Guest Resources SANS SEC530 Course: https://r-7.co/4wsU3OV The Monday Brief: https://r-7.co/4wohsRq CyberScoop Coverage of UNC6508: https://r-7.co/4gTajUB

Claude is your insider threat now - Dan Tentler - Security Fest 2026

Peak Microslop

Entitled 'Tough Guy' vs Funniest Arkansas Trooper Ever

This was Spying on me all Along? A Chinese DJI Drone Almost got me Arrested

Zig 2026: No-AI Policy, $670K Foundation, Left GitHub & Why Zig Isn’t 1.0 - Andrew Kelley Explains

Hacktics and Telemetry, E6: Cisco SD-WAN Zero-Days, Mythos AI, and Pwn2Own Drama (ft. Stephen Fewer)

Chinese AI vs. Anthropic Mythos | BHIS In Focus

IPv6 Is Watching You: The Hidden Privacy Nightmare (Good News and the Bad News)

Android 17 sucks. So I put Linux on a phone.

Keynote: After the AI Hype – What’s Real, and What’s Next - Richard Campbell - 2026

The Big Short (2015): The Jenga Scene – Explaining the Financial Collapse

Turing Award Winner: Disagreeing with Google, Postgres, Future Problems | Mike Stonebraker

Attacking AI - Jason Haddix - NDC Security 2026

Grant Sanderson (3Blue1Brown) – AI and the future of math

Hacktics and Telemetry, E4: Bug Bounties, AI Superpowers, and Breach Impersonations (ft. rs0n)

S13 E17: Trump’s Reflecting Pool, Redistricting & Soaps: 6/28/26: Last Week Tonight with John Oliver

Judge Can’t Stop Laughing At Sovereign Citizen’s Courtroom Meltdown!!!

Creator of C++: Bell Labs, Negative Overhead Abstraction, Mistakes | Bjarne Stroustrup

Something is jamming GPS over Europe. Here's what we found

