PolySécure Podcast

Parce que… c’est l’épisode 0x2F0!

Préambule

Je suis dans une alcôve dans une chambre d’hôtel, d’où l’écho inhabituel… et première diffusion live sur Twitch.

Shameless plug

28 et 29 avril 2026 - Cybereco Cyberconférence 2026

9 au 17 mai 2026 - NorthSec 2026

3 au 5 juin 2026 - SSTIC 2026

19 septembre 2026 - Bsides Montréal

1 au 3 décembre 2026 - Forum INCYBER - Canada 2026

24 et 25 février 2027 - SéQCure 2027

Description

Collaborateurs

Nicolas-Loïc Fortin

Catherine Dupont-Gagnon

Samuel Harper

Crédits

Montage par Intrasecure inc

Locaux virtuels par Riverside.fm

Parce que… c’est l’épisode 0x2EF!

Shameless plug

28 et 29 avril 2026 - Cybereco Cyberconférence 2026

9 au 17 mai 2026 - NorthSec 2026

3 au 5 juin 2026 - SSTIC 2026

24 et 25 juin 2026 - Troopers

26 et 27 juin 2026 - leHACK

19 septembre 2026 - Bsides Montréal

1 au 3 décembre 2026 - Forum INCYBER - Canada 2026

24 et 25 février 2027 - SéQCure 2027

Notes

IA ou Ghost in the shell

Mythos

NSA Reportedly Using Anthropic’s Mythos Despite Pentagon Blacklist

US security agency is using Anthropic’s Mythos despite blacklist, Axios reports

Unauthorized Group Gains Access to Anthropic’s Exclusive Cyber Tool Mythos

Anthropic Mythos shaping up as nothingburger

The Boy That Cried Mythos: Verification is Collapsing Trust in Anthropic

The Guardian view on Anthropic’s Claude Mythos: when AI finds every flaw, who controls the internet?

Mozilla: Anthropic’s Mythos found 271 security vulnerabilities in Firefox 150

The AI era demands a different kind of CISO




Paradigme

AI-Powered Exploitation May Collapse the Patch Window for Defenders

AI Model Claude Opus turns bugs into exploits for just $2,283

Why the Axios attack proves AI is mandatory for supply chain security

Un agent IA chinois a trouvé près de 1 000 failles inédites, dont certaines dans Microsoft Office




MCP

MCP Servers Are the New APIs — And We’re Making the Same Security Mistakes

How Anthropic’s Model Context Protocol Allows For Easy Remote Execution




Prove You Are a Robot: CAPTCHAs for Agents

Anthropic secretly installs spyware when you install Claude Desktop

AI Agents Think. They Just Don’t Know They’re Being Watched.

Vuln in Google’s Antigravity AI agent manager could escape sandbox, give attackers remote code execution

Lovable denies data leak, cites ‘intentional behavior’

Kernel code removals driven by LLM-created security reports

Introducing OpenAI Privacy Filter




La guerre, la guerre, c’est pas une raison pour se faire mal!

Iran claims US used backdoors in networking equipment




Souveraineté ou vive le numérique libre!





[Matrix in Europe
Digital sovereignty](https://element.io/en/matrix-in-europe)





FCC adds mobile hotspots to router ban




Privacy ou cachez ces informations que je ne saurais voir

Une faille IndexedDB permettait de relier toutes vos identités Tor

Nullroom - Un chat P2P qui s’efface en 15 minutes

Proton CEO: Age checks turn internet into ID checkpoint

Apple stops weirdly storing data that let cops spy on Signal chats

Why you should refuse to let your doctor record you

Privacy Advocate Accuses US Government of Investing in AI-Powered Mass Surveillance




I am the law

Elon Musk fails to appear for questioning by French police over sexualized AI images on X

Loi séparatisme - Le blocage sans juge gagne du terrain

Most Australian teens admit the social media ban isn’t working as they try to sidestep age verification blocks with face masks and their parents’ IDs

Colorado Adds Open-Source Exemption to Age-Attestation Bill




Red ou tout ce qui est brisé

You Don’t Need to Hack the System. You Just Need to Make People Think You Did.

Apple Knows. Visa Knows. Nobody Has Fixed It. Here’s Why.

Cyberattack at French identity document agency may have exposed personal data

France’s ‘Secure’ ID agency probes claimed 19M record breach

Another npm supply chain worm hits dev environments

Bitwarden CLI Compromised in Ongoing Checkmarx Supply Chain …

Why Phishing Still Works (Even If You Know About It)




Blue ou tout ce qui améliore notre posture

DDoS

Kevin Beaumont: “If anybody is wondering, masto…” - Cyberplace

DDoS wave continues as Mastodon hit after Bluesky incident




Network ‘background noise’ may predict the next big edge-device vulnerability

NCSC: Passkeys now good enough to be the default standard

Kevin Beaumont: “I just want to give the analysts at Dragos credit here for how they framed this - it’s really responsible.” - Cyberplace

You don’t want long-lived keys




Divers ou parce que j’ai aucune idée où les placer

Quadratic

Contrary to popular superstition, AES 128 is just fine in a post-quantum world

In a first, a ransomware family is confirmed to be quantum-safe




Original GrapheneOS responses to WIRED fact checker

Palantir Employees Are Starting to Wonder if They’re the Bad Guys

Les cartes bancaires biométriques sont-elles une vraie avancée ou du bullshit marketing ?

Histoire

Un malware qui pourrait être la toute première cyberarme de l’histoire

Discret 11, the French TV encryption of the 80’s







Collaborateurs

Nicolas-Loïc Fortin

Crédits

Montage par Intrasecure inc

Locaux réels par Moxy Montreal Downtown

Parce que… c’est l’épisode 0x2EE!

Shameless plug

28 et 29 avril 2026 - Cybereco Cyberconférence 2026

9 au 17 mai 2026 - NorthSec 2026

3 au 5 juin 2026 - SSTIC 2026

19 septembre 2026 - Bsides Montréal

1 au 3 décembre 2026 - Forum INCYBER - Canada 2026

24 et 25 février 2027 - SéQCure 2027

Description

Collaborateurs

Nicolas-Loïc Fortin

David Bizeul

Crédits

Montage par Intrasecure inc

Locaux virtuels par Riverside.fm

Parce que… c’est l’épisode 0x2ED!

Préambule

Nous avons rencontré un petit défi d’enregistrement vers la 12e minute.

Shameless plug

28 et 29 avril 2026 - Cybereco Cyberconférence 2026

9 au 17 mai 2026 - NorthSec 2026

3 au 5 juin 2026 - SSTIC 2026

24 et 25 juin 2026 - Troopers

26 et 27 juin 2026 - leHACK

19 septembre 2026 - Bsides Montréal

1 au 3 décembre 2026 - Forum INCYBER - Canada 2026

24 et 25 février 2027 - SéQCure 2027

Description

Collaborateurs

Nicolas-Loïc Fortin

Cédrick Bruyère

Crédits

Montage par Intrasecure inc

Locaux virtuels par Riverside.fm

Parce que… c’est l’épisode 0x2EC!

Shameless plug

20 au 22 avril 2026 - ITSec

Code rabais de 15%: Seqcure15




28 et 29 avril 2026 - Cybereco Cyberconférence 2026

9 au 17 mai 2026 - NorthSec 2026

3 au 5 juin 2026 - SSTIC 2026

24 et 25 juin 2026 - Troopers

26 et 27 juin 2026 - leHACK

19 septembre 2026 - Bsides Montréal

1 au 3 décembre 2026 - Forum INCYBER - Canada 2026

24 et 25 février 2027 - SéQCure 2027

Notes

RETEX Botconf

IA ou Ghost in the shell

Mythos qui ne veut pas mourir





[AI Cybersecurity After Mythos: The Jagged Frontier
AISLE](https://aisle.com/blog/ai-cybersecurity-after-mythos-the-jagged-frontier)





On Anthropic’s Mythos Preview and Project Glasswing - Schneier on Security

UK gov’s Mythos AI tests help separate cybersecurity threat from hype - Ars Technica





[In the Wake of Anthropic’s Mythos, OpenAI Has a New Cybersecurity Model—and Strategy
WIRED](https://www.wired.com/story/in-the-wake-of-anthropics-mythos-openai-has-a-new-cybersecurity-model-and-strategy/)





Anthropic releases Claude Opus 4.7, a less risky model than Mythos

[AI cybersecurity is not proof of work - ](https://antirez.com/news/163)





[White House to give US agencies Anthropic Mythos access, Bloomberg News reports
Reuters](https://www.reuters.com/technology/white-house-give-us-agencies-anthropic-mythos-access-bloomberg-news-reports-2026-04-16/)





Frontier AI Reinforces the Future of Modern Cyber Defense

We Reproduced Anthropic’s Mythos Findings With Public Models - Vidoc Security Lab

Every Old Vulnerability Is Now an AI Vulnerability

US Government Now Wants Anthropic’s ‘Mythos’, Preparing for AI Cybersecurity Threats - Slashdot




Nude

Apple a menacé de virer Grok de l’App Store à cause des deepfakes publiés sur X - Korben





[The Deepfake Nudes Crisis in Schools Is Much Worse Than You Thought
WIRED](https://www.wired.com/story/deepfake-nudify-schools-global-crisis/)








AI Chatbots and Trust - Schneier on Security

OpenAI rotates macOS certs after Axios attack hit code-signing workflow

How Hackers Are Thinking About AI - Schneier on Security

Agentic LLM Browsers Expose New Attack Surface for Prompt Injection and Data Theft

AI platform n8n abused for stealthy phishing and malware delivery

Google, Pentagon Discuss Classified AI Deal - Slashdot

MCP ‘design flaw’ puts 200k servers at risk: Researcher • The Register

In the AI propaganda war, Iran is winning




La guerre, la guerre, c’est pas une raison pour se faire mal!

Hackers Target Israeli Desalination Plants With ZionSiphon Sabotage Malware




Souveraineté ou vive le numérique libre!

Linux commence à retirer le support des processeurs russes Baikal - Korben

Baumgartner Introduces Bipartisan Bill to Tighten Controls on Sensitive Chipmaking Equipment - Michael Baumgartner




Privacy ou cachez ces informations que je ne saurais voir

Contrôlons nos enfants

EU Age Verification Blueprint — the dedicated technical portal

EU age verification app announced to protect children online

EU’s New Age Verification App Can Be Hacked Within 2 Minutes, Researchers Claim




702 is the code





[In defeat for Trump, House extends electronic spying program for just 10 days
The Record from Recorded Future News](https://therecord.media/fisa–trump-congress-extension-surveillance)









[Keep Pushing: We Get 10 More Days to Reform Section 702
Electronic Frontier Foundation](https://www.eff.org/deeplinks/2026/04/keep-pushing-we-get-10-more-days-reform-section-702)








Meta Is Warned That Facial Recognition Glasses Will Arm Sexual Predators - Slashdot

Audit Finds Google, Microsoft, and Meta Still Tracking Users After Opt-Out - Slashdot





[It Is Time to Ban the Sale of Precise Geolocation
Lawfare](https://www.lawfaremedia.org/article/it-is-time-to-ban-the-sale-of-precise-geolocation)





Old Cars ‘Tell Tales’ by Storing Data That’s Never Wiped - Slashdot




I am the law





[Majority of Australian youth still use social media despite ban, researchers find
The Record from Recorded Future News](https://therecord.media/social-media-ban-australia-research)





FCC exempts Netgear from ban on foreign routers, doesn’t explain why - Ars Technica




Red ou tout ce qui peut tourner mal





[No one owes you supply-chain security
purplesyringa’s blog](https://purplesyringa.moe/blog/no-one-owes-you-supply-chain-security/)









[The Dumbest Hack of the Year Exposed a Very Real Problem
WIRED](https://www.wired.com/story/crosswalk-city-hack-cybersecurity-lessons/)









[Mailbox rules in O365—a post-exploitation tactic in cloud ATO
Proofpoint US](https://www.proofpoint.com/us/blog/threat-insight/mailbox-rules-o365-post-exploitation-tactic-cloud-ato?utm_source=twitter&utm_medium=social_organic)





Quatre bugs Microsoft ressortent du placard, dont un de 14 ans - Korben





[NIST narrows scope of CVE analysis to keep up with rising tide of vulnerabilities
CyberScoop](https://cyberscoop.com/nist-narrows-cve-analysis-nvd/)





Dutch navy frigate tracked by mailing it a Bluetooth tracker • The Register

MAD Bugs: Even “cat readme.txt” is not safe - Calif

Tycoon 2FA Phishers Scatter, Adopt Device Code Phishing

Microsoft defender under attack as three zero-days, two of them still unpatched, enable elevated access




Blue ou bleu est la nuit

Defense in Depth, Medieval Style - Schneier on Security

[ANNOUNCE] WireGuard for Windows and WireGuardNT, Version 1.0 - Jason A. Donenfeld




Divers ou la crise identitaire

Rien hahahahahaha!




Collaborateurs

Nicolas-Loïc Fortin

Crédits

Montage par Intrasecure inc

Locaux réels par Sheraton Saint-Hyacinthe Hotel