PRIME MEMBER EXCLUSIVE | 3 Months Free Trial

Auto-renews at INR 199/mo after 3 months. Cancel anytime. Offer ends 15 July, 2026.
Mozilla Meets Mythos #1864 cover art

Mozilla Meets Mythos #1864

Mozilla Meets Mythos #1864

Listen for free

View show details
  In this episode, Ray Cochrane leads with Mozilla shipping Firefox 150 with 271 patched bugs found by Anthropic’s Mythos system, the first major real-world deployment of the AlphaGo-Moment cybersecurity tooling. He also covers a 9-year dormant Linux kernel root, a college student stopping Taiwan’s high-speed rail with a software-defined radio, GitHub MCP secret scanning going GA, the NVIDIA NeMo lawsuit surviving its motion to dismiss, the Hugging Face Reachy Mini app store, Anthropic’s Auto Mode for Claude Code, and the 4-gigabyte AI model Chrome silently installed on your computer. – Want to start a podcast? Its easy to get started! Sign-up at Blubrry – Thinking of buying a Starlink? Use my link to support the show. Subscribe to the Newsletter. Email Ray if you want to get in touch! Like and Follow Geek News Central’s Facebook Page. Support my Show Sponsor: Best Godaddy Promo Codes Get 1Password Full Summary Cochrane opens the show with the AlphaGo Moment moving from theory into production. Mozilla shipped Firefox 150 this week with 271 patched bugs that Anthropic’s Mythos system found. Furthermore, the broader episode threads a clear pattern: AI tooling is reshaping security, developer workflows, and consumer software faster than the surrounding ecosystem can absorb it. The show closes on the four-gigabyte AI model Chrome installed on a billion machines without explicit consent. Mozilla Ships 271 Mythos Bugs in Firefox 150 Mozilla ran Anthropic’s restricted Mythos system against the Firefox 150 codebase before shipping. The result: 271 found bugs (180 high severity, 80 moderate, 11 low) baked into the release. However, the bigger number is the year-over-year jump. April 2026 shipped 423 total Firefox security fixes versus 31 a year prior. The breakdown for April: 271 from Mythos, 41 from external researchers, and 111 from other internal sources. Cochrane is sticking to his guns on calling this the AlphaGo Moment for cybersecurity. Skeptics argue Mythos is industrial-scale fuzzing because most found bugs sit in memory-safety territory. However, his counter is the velocity itself. Furthermore, he frames the resistance as carriage-versus-cars: humans-first research still grounds the tool, but throughput is the win. The Firefox CTO put it directly: defenders finally have a chance to win, decisively. For developers asking whether Mythos changes anything if they already run fuzzers, Cochrane’s answer is yes, and not even close. Additionally, he notes Mythos is restricted-access. The broadly available tier is Claude Opus 4.7, which Mozilla used since February before getting onto the restricted program for the Firefox 150 cycle. Run Opus 4.7 first. Sponsor: GoDaddy GoDaddy has been sponsoring this show for over twenty years. Economy hosting starts at $6.99/month, WordPress hosting at $12.99/month, and domains at $11.99. Use codes at geeknewscentral.com/godaddy for exclusive deals and to directly support the show. Copy Fail: 9-Year Linux Kernel Bug, 732 Bytes to Root A 9-year-old dormant Linux kernel bug got disclosed April 29 as CVE-2026-31431. Researchers published a 732-byte Python script that roots every major Linux distribution shipped since 2017. Additionally, CISA added the CVE to its Known Exploited Vulnerabilities catalog on May 1 with a May 15 federal deadline. The bug lives in the kernel’s crypto socket layer through the AF_ALG AEAD interface, originating in a 2017 in-place crypto optimization that lacked bounds checking. Cloudflare published their post-mortem this week. Their first instinct was to remove the kernel module entirely. However, service dependencies forced a workaround instead. Cloudflare resumed normal patched-kernel reboot automation across their 330-city fleet on May 4, with manual reboots and rollouts continuing after. Taiwan Rail Stopped by a 23-Year-Old With a Software-Defined Radio A 23-year-old Taiwanese university student with the surname Lin spoofed a TETRA general alarm signal on April 5, stopping trains on Taiwan’s high-speed rail. The accomplice supplied the radio parameters. Both were arrested by month-end. Lin posted NT$100,000 bail; the accomplice posted NT$80,000. The incident hit at 11:23 PM during the Qingming holiday weekend, stopping three revenue passenger trains plus one deadhead. Furthermore, the system has been in service for 19 years without rotating its cryptographic parameters once. Cochrane notes this is exactly the type of long-dormant infrastructure flaw that Mythos-class tooling catches, if anyone bothers to point it at the wires we already have. GitHub MCP Secret Scanning Goes GA GitHub’s secret scanning in the MCP server hit GA on May 5, with dependency scanning entering public preview the same day. Both released after a seven-week public preview run starting March 17. Additionally, the feature lets MCP-compatible coding agents (Copilot CLI, VS Code, JetBrains, Claude Code, Cursor, Windsurf) detect exposed secrets ...
adbl_web_anon_alc_button_suppression_t1
No reviews yet