Daily cybersecurity briefing for CISOs and security leaders.

🎧 Listen to this episode

Today's episode covers 17 stories across 5 topic areas, including: Anthropic scales Claude Mythos to critical infrastructure in 15+ countries; NSA said to be readying Anthropic’s Mythos for use in cyber operations; Chinese APT deploys new malware to keep access to hacked networks.

TechCrunch Security · Jun 02 · Relevance: █████████░ 9/10

Why it matters to CISOs: Anthropic deploying its most capable and restricted AI model — Mythos — to power, water, healthcare, and communications operators across 15 countries marks a strategic inflection point where frontier AI becomes a critical infrastructure dependency, creating novel supply chain and model-integrity risks CISOs must now plan for.

📖 Read full article

TechCrunch Security · Jun 05 · Relevance: ████████░░ 8/10

Why it matters to CISOs: The NSA's reported preparation of Claude Mythos for offensive cyber operations — despite a federal ban on using the model maker — signals that AI-enabled offensive capabilities are now operational-level considerations for nation-states, raising the threat bar for any organization that is a potential nation-state target.

📖 Read full article

BleepingComputer · Jun 05 · Relevance: ████████░░ 8/10

Why it matters to CISOs: UNC5221's deployment of two previously undocumented malware families (Plenet and AgentPSD) alongside the Brickstorm backdoor in Microsoft 365 environments signals a Chinese espionage capability upgrade specifically targeting enterprise cloud tenants — M365 audit log review and conditional access policy hardening are now urgent.

📖 Read full article

Risky Business News · Jun 04 · Relevance: ███████░░░ 7/10

Why it matters to CISOs: The US military's confirmed use of commercial location data to target personnel in the Iran conflict (Operation Epic Fury) is a direct warning to enterprise CISOs: commercial data brokers are selling information that nation-states — including China — are analyzing in peacetime for intelligence and counter-espionage purposes against corporate targets.

📖 Read full article

Krebs on Security · Jun 01 · Relevance: █████████░ 9/10

Why it matters to CISOs: This is the week's defining AI security failure: a production AI agent designed to help users became the attack vector itself, requiring no malware, no credential theft, and no prompt injection — the agent simply did what it was built to do. CISOs must audit every AI-powered support and workflow agent for account-action authority before deployment.

📖 Read full article

The Hacker News · Jun 06 · Relevance: █████████░ 9/10

Why it matters to CISOs: A self-replicating supply chain worm compromising Microsoft's own Azure, Azure-Samples, Microsoft, and MicrosoftDocs GitHub organizations is an enterprise-level trust crisis — any code pulled from those repositories during the infection window must be treated as potentially tainted.

📖 Read full article

The Hacker News · Jun 05 · Relevance: ████████░░ 8/10

Why it matters to CISOs: Self-spreading worms in the npm ecosystem that hide behind eBPF kernel rootkits represent a severe threat to developer pipelines; security teams should treat any npm package touched in the last week with elevated scrutiny and validate SBOM integrity.

📖 Read full article

BankInfoSecurity · Jun 06 · Relevance: ████████░░ 8/10

Why it matters to CISOs: A False Claims Act lawsuit alleging IBM and AT&T concealed breaches and security control failures while holding major federal government contracts is a landmark accountability moment — CISOs at government contractors must audit their own breach disclosure practices against FCA exposure risk.

📖 Read full article

The Hacker News · Jun 04 · Relevance: ████████░░ 8/10

Why it matters to CISOs: A five-month undetected exfiltration of a senior financial executive's Outlook inbox — routed through Dropbox and OneDrive to blend with normal cloud traffic — is a blueprint for long-dwell espionage that most DLP and SIEM configurations will miss; CISOs in financial services must review cloud exfiltration detection coverage.

📖 Read full article

The Hacker News · Jun 02 · Relevance: ███████░░░ 7/10

Why it matters to CISOs: A successful brute-force bypass of Dashlane's 2FA protecting encrypted password vaults is a direct threat to enterprise credential hygiene — CISOs should assess whether enterprise Dashlane deployments use the affected personal subscription tier and verify that master password strength policies are enforced.

📖 Read full article

CyberScoop · Jun 02 · Relevance: ████████░░ 8/10

Why it matters to CISOs: The White House's voluntary-framework AI EO, combined with a sprawling House AI bill proposing to preempt all state AI laws, sets the regulatory context CISOs must navigate when building AI governance programs — voluntary federal standards now appear to be the ceiling, not the floor, for the foreseeable future.

📖 Read full article

CyberScoop · Jun 04 · Relevance: ████████░░ 8/10

Why it matters to CISOs: A proposed $250M CISA budget cut in the FY2027 DHS appropriations bill, combined with the agency's concurrent assignment of new AI security responsibilities, creates a structural capability gap that enterprise CISOs relying on CISA advisories, KEV catalog updates, and threat sharing must now account for in their own programs.

📖 Read full article

Cybersecurity Dive · Jun 03 · Relevance: ███████░░░ 7/10

Why it matters to CISOs: CISA and FBI's joint advisory on attacks against internet-exposed automatic tank gauge systems — used across energy, agriculture, and transportation — is a direct call to action for CISOs with OT/ICS environments to audit internet-facing industrial monitoring devices for exposure and authentication controls.

📖 Read full article

VentureBeat Security · Jun 02 · Relevance: ████████░░ 8/10

Why it matters to CISOs: Microsoft Execution Containers (MXC) — a policy-driven, OS-level sandbox for AI agents built into Windows — gives enterprise security teams their first native, enforceable control plane for governing what autonomous agents can access, representing a critical architectural development CISOs should evaluate for inclusion in AI deployment standards.

📖 Read full article

TechCrunch Security · Jun 02 · Relevance: ██████░░░░ 6/10

Why it matters to CISOs: Cyera's $12B valuation at an 80x ARR multiple — despite operating losses — reflects investor conviction that data security posture management is a must-have category in the AI era, giving CISOs negotiating leverage to accelerate DSPM budget conversations with finance leadership.

📖 Read full article

The Hacker News · Jun 06 · Relevance: █████████░ 9/10

Why it matters to CISOs: An actively exploited zero-day with root privilege escalation in Cisco's SD-WAN platform — covering on-prem, cloud, and FedRAMP deployments — with no patch available demands immediate compensating controls; network segmentation and privileged access restrictions are the only mitigations today.

📖 Read full article

Dark Reading · Jun 01 · Relevance: ████████░░ 8/10

Why it matters to CISOs: A second active exploit wave against PAN-OS GlobalProtect VPN means organizations running Palo Alto perimeter security face a compounding risk this week; with two active exploitation waves already observed, patching must be treated as a P0 incident response action.

📖 Read full article

Jordan: The week AI stopped being a security tool and started being a security problem. A Meta support bot hijacked Instagram accounts for the Obama White House. A self-replicating worm tore through Microsoft's own GitHub repos. And the NSA is reportedly weaponizing the same frontier model that fifteen countries just deployed to protect their critical infrastructure. If you're a CISO still treating AI as somebody else's risk category, this was the week that ended.

Alex: Welcome to Cleartext, the Saturday Week in Review. I'm Alex Chen, alongside Jordan Reeves. If you couldn't keep up this week, here's what mattered and what it means. We've got four big themes to work through. First, the AI trust paradox — the same model being deployed to defend critical infrastructure is simultaneously being weaponized for offensive operations. Second, supply chain integrity took a body blow this week, and I don't just mean one incident. Third, the espionage landscape is evolving in ways that should concern every CISO with cloud tenants or executive mailboxes. And fourth, the governance picture shifted meaningfully — budget cuts, a new executive order, and a landmark legal case that could reshape contractor accountability. Let's get into it.

Jordan: So let's start with what I'm calling the Mythos problem, because it really encapsulates where we are with frontier AI. On Monday, Anthropic announced the expansion of Project Glasswing — Claude Mythos Preview going to a hundred and fifty organizations across fifteen countries for critical infrastructure defense. Power grids, water systems, healthcare, communications. We're talking about infrastructure that touches a hundred million people. ENISA is on board through an EC-Anthropic bilateral agreement. This is real.

Alex: And then Thursday, we learn the NSA is reportedly preparing that same model for offensive cyber operations, despite a federal prohibition on engaging Anthropic as a vendor. Let that sink in. The same model being handed to European critical infrastructure operators to find vulnerabilities is being evaluated by the U.S. signals intelligence community to exploit them. For CISOs, the immediate question is: what does your risk model look like when a frontier AI model is simultaneously your defensive tool and your adversary's offensive weapon?

Jordan: And the benchmarks back this up. ExploitBench results published this week showed Mythos outperforming GPT-5.5 on Chrome vulnerability exploitation tasks. Anthropic's own internal analysis found eight hundred and thirty-two banned accounts misusing their systems over twelve months, with AI materially assisting low-skill attackers across multiple MITRE ATT&CK tactics. So we're not speculating about capability — it's measured.

Alex: Now tie this to the Meta story, because I think that's the connective tissue for the week. Krebs reported that Meta's AI support chatbot — a production agent, not a research prototype — was manipulated into resetting passwords and binding recovery emails to attacker-controlled addresses. The Obama White House Instagram, U.S. Space Force accounts, briefly defaced with pro-Iranian imagery. No malware. No credential theft. No prompt injection. The agent did exactly what it was designed to do. It just did it for the wrong people.

Jordan: Instructions circulated on Telegram before Meta patched. And here's the kicker — takeovers continued after an initial fix. This is the canonical example of what happens when you give an AI agent account-action authority without adversarial testing. Every CISO listening should be asking their teams on Monday: what AI-powered agents do we have in production, and what can they do to accounts, data, or access controls without a human in the loop?

Alex: Which brings us to Microsoft's MXC announcement at Build. Microsoft Execution Containers — an OS-level, policy-driven sandbox for AI agents, enforced at the kernel level. OpenAI and Nvidia are launch partners. This is the first real architectural answer to the agent authority problem. It's pre-deployment access scoping rather than reactive detection. I'd call it the most strategically important announcement of the week for enterprise security teams, even though it got less attention than the breaches.

Jordan: Agreed. It's the right design pattern. Whether the implementation holds up under adversarial pressure is another question, but at least someone is building the control plane. Now, let's talk supply chain, because this week was ugly.

Alex: The Miasma worm. Seventy-three Microsoft repositories compromised across four GitHub organizations — Azure, Azure-Samples, Microsoft, and MicrosoftDocs. GitHub had to disable access to the affected repos as containment. This is a self-replicating supply chain worm hitting Microsoft's own code repositories. Any code pulled from those repos during the infection window must be treated as potentially tainted. Full stop.

Jordan: And it wasn't isolated. A parallel campaign hit npm — IronWorm and a Miasma variant targeting over fifty legitimate packages. The payload is a Rust-based infostealer hiding behind an eBPF kernel rootkit. eBPF rootkits are particularly nasty because they operate at a level most endpoint detection tools aren't instrumented to catch. So you've got two major package ecosystems — GitHub and npm — simultaneously compromised with self-propagating malware. If your developers pulled anything from either ecosystem this week, your SBOM integrity is in question.

Alex: And the practical guidance here is uncomfortable. You need to validate your software bill of materials against the known compromised package lists. You need to check build pipeline logs for any pulls from affected Microsoft repos during the infection window. And frankly, if you don't have the tooling to do that quickly, this is the week that justifies the budget request.

Jordan: Let's pivot to espionage, because the Chinese activity this week deserves its own segment. UNC5221 — a Chinese espionage group — is now deploying two previously undocumented malware families, Plenet and AgentPSD, alongside the Brickstorm backdoor, specifically targeting Microsoft 365 environments. This is a capability upgrade designed for enterprise cloud tenants.

Alex: The shift to M365 targeting is significant because it means your primary defensive layer is identity security and conditional access policies, not network perimeter controls. If you're a CISO running M365, this week's action item is reviewing audit logs for anomalous OAuth consent grants, reviewing conditional access policies for gaps, and verifying that your identity provider configurations haven't been tampered with. Separately, TA4922 expanded phishing operations to the UK, Germany, Italy, and South Africa using ValleyRAT and Atlas RAT — so this isn't just one group. It's a coordinated broadening of Chinese targeting.

Jordan: And then there's the stock exchange espionage case. Unknown attackers — assessed as nation-state or state-sponsored — spent five months inside a senior stock exchange executive's Outlook mailbox. Five months. They copied the inbox in small batches, routed exfiltration through Dropbox and OneDrive so it blended with legitimate cloud traffic. Most DLP and SIEM configurations would miss this entirely. If you're in financial services, you need to ask whether your exfiltration detection can distinguish between a legitimate OneDrive sync and an attacker using OneDrive as a covert channel.

Alex: And connect that to the NATO Cyber Conflict conference reporting. The U.S. military admitted commercial location data was used to identify and target personnel during Operation Epic Fury. The implication the analysts drew — and I think it's correct — is that if nation-states are using commercial data broker information in wartime, China is almost certainly doing so in peacetime for corporate espionage targeting. CISOs need to understand that commercial data about their executives and key personnel is an intelligence commodity. It's being bought and analyzed.

Jordan: Now let's hit vulnerabilities quickly because there are two that demand action. CVE-2026-20245 — Cisco Catalyst SD-WAN Manager. CVSS 7.8, root privilege escalation, actively exploited, no patch available. Covers on-prem, cloud, and FedRAMP deployments. It can be chained with two other Cisco CVEs. Your only options right now are compensating controls — network segmentation and privileged access restrictions. There is no fix to apply.

Alex: And Palo Alto. CVE-2026-0257, PAN-OS GlobalProtect authentication bypass. Two distinct exploitation waves since mid-May, attack surface broadening. If you run Palo Alto at the perimeter, patching is a P-zero incident response action, not a scheduled maintenance task.

Jordan: Governance segment. Let's be efficient. The Trump administration released a scaled-back AI executive order — voluntary framework, significant industry concessions. A House AI bill proposes frontier model oversight but would preempt all state-level AI regulation. The practical read for CISOs: voluntary federal standards appear to be the ceiling for the foreseeable future. Build your AI governance program accordingly, but don't assume states won't push back on preemption.

Alex: CISA is facing a proposed two-hundred-fifty-million-dollar budget cut in FY2027 while simultaneously being assigned new AI security responsibilities. DHS Secretary Mullin says he wants six hundred more staff than CISA currently has. And Trump is reportedly considering Palantir's CTO to lead the agency. If you rely on CISA advisories, KEV catalog updates, or threat sharing, factor in reduced federal capability when planning your own detection and intelligence programs.

Jordan: And the IBM-AT&T False Claims Act lawsuit. A former IBM VP of threat intelligence alleging both companies concealed breaches and security control failures while holding major federal contracts. If this case gains traction, it establishes a new accountability framework under federal procurement law. Every CISO at a government contractor should be auditing their breach disclosure practices against FCA exposure right now.

Alex: Last item — Dashlane disclosed a brute-force attack that bypassed 2FA and resulted in encrypted vault downloads for fewer than twenty personal-plan users. The disclosure was criticized for opacity. If you have enterprise Dashlane deployments, verify whether any users are on personal subscription tiers and check master password strength policies.

Jordan: And Cyera's twelve-billion-dollar valuation at eighty times ARR — despite operating losses — tells you where investor money thinks the next critical category is. Data security posture management. Use that signal in your next budget conversation if you need DSPM tooling.

Alex: So stepping back — what defined this week? I'd say it was the week the AI agent attack surface became undeniable. We saw a production AI agent become the attack vector at Meta. We saw frontier models simultaneously deployed for defense and offense. We saw Microsoft propose the first real architectural answer with MXC. And we saw supply chain integrity shattered across two major ecosystems. The through-line is that AI is no longer adjacent to security — it is security. Every risk model, every control framework, every board presentation needs to reflect that.

Jordan: I'll add one thing. The convergence of nation-state espionage upgrading to cloud-native tooling, supply chain attacks becoming self-propagating, and AI agents operating with unchecked authority — these aren't three separate problems. They're three expressions of the same problem: we're deploying powerful autonomous systems faster than we're building the controls to govern them. That's the strategic conversation CISOs need to be having with their boards next week.

Alex: Well said. That's your week in review. The daily show returns Monday. Show notes and links to every story we covered are at cleartext.fm. Have a good weekend, everyone. Stay sharp.

Jordan: See you Monday.

Cleartext is an automated daily podcast for CISOs and security leaders. Generated 2026-06-06.

Sources are pulled from: CyberScoop, The Record, SecurityWeek, Krebs on Security, Dark Reading, Cybersecurity Dive, BleepingComputer, Wired, Ars Technica, TechCrunch, Help Net Security, VentureBeat, Risky Business News, The Hacker News, CISA, and BankInfoSecurity.