Mostly Security: 436: Life Sized Cutout Jon gets stopped by a Coffee Cop and Eric prepares some cardboard for a wedding in a couple of weeks. The Fed worries about Mythos, spear phishing is getting real, RCE of an agent builder, and Google starts rolling out device bound sessions. For fun we have a Bee documentary (but not from Jon), a book that may or may not turn out great, and improved opportunities to (someday) deploy CRISPR. 0:00 - Intro 10:30 - 11:29 - 15:59 - 18:21 - 21:42 - 23:22 - 28:32 -

Episode 436: Life Sized Cutout

NIH-funded breakthrough shrinks CRISPR for precision delivery in the body Smaller gene-editing system could expand treatment options for cancer, ALS and other diseases.

Smaller and CRISPR

The Will of the Many - www.amazon.com/Will-Many-Hierarchy-Book...

Secrets of the bees: Revealing the sneaky genius of nature's brightest thinkers New science is showing that nature’s vital pollinators are smarter than we ever imagined. Here’s why that discovery should change what we think about one of the world’s most important animals.

Eric Fun

Protecting Cookies with Device Bound Session Credentials Posted by Ben Ackerman, Chrome team, Daniel Rubery, Chrome team and Guillaume Ehinger, Google Account Security team Following our April ...

Device Bound Sessions

Flowise AI Agent Builder Under Active CVSS 10.0 RCE Exploitation; 12,000+ Instances Exposed CVE-2025-59528 exploited in Flowise for over six months across 12,000+ exposed instances, enabling full system compromise.

Flowise RCE

Threat actor abuse of AI accelerates from tool to cyberattack surface | Microsoft Security Blog Generative AI is upgrading cyberattacks, from 450% higher phishing click‑through rates to industrialized MFA bypass. Learn more.

Efficiency Explosion

Mythos Preview + Banks

Mostly Security: 430: Weakest Airport Eric goes hiking and Jon gets his Eufy. AI assisted breaches faster than ever, and Anthropic struggles to expand server capacity. Fun playing with materials in a web Sandbox (sandvox?) and an image of 3I that took a while to download. 0:00 - Introduction 11:28 - 16:40 - 23:51 - 27:23 -

Episode 430: Weakest Airport

Interstellar comet 3I/ATLAS shines in new image | Space photo of the day for March 2, 2026 The JUICE spacecraft captured its first detailed glimpse of interstellar comet 3I/ATLAS, revealing a glowing coma and sweeping tail.

3I Image

Sandboxels - https://neal.fun/sandboxels/

Anthropic’s Claude goes down amid ‘unprecedented demand’

Claud's Week

Cybersecurity Trends | March, 2026 (STARTUP EDITION) Explore the top Cybersecurity Trends for March 2026! From AI-driven cyberattacks to dynamic identity security, discover actionable insights to safeguard your business.

27 Second Breach

Mostly Security: 428: Rate My Cone More AI coding, only Peter can go to [OpenAI], Human Rentals, Backup Persistence, and Really Old Vulnerabilities. Have fun on the Useless Web and why not release genetically engineered biophages? What could go wrong. 0:00 - Intro 12:19 - 12:52 - 16:22 - 19:20 - 21:37 - 24:40 - 26:48 -

Episode 428: Rate My Cone

Breakthrough CRISPR system could reverse antibiotic resistance crisis Antibiotic resistance is racing toward a global crisis, with “superbugs” projected to cause over 10 million deaths annually by 2050. Now, scientists at UC San Diego have unveiled a powerful new CRISPR-based tool that doesn’t just fight resistant bacteria—it can actively strip away their drug resistance. Inspired by gene drives used in insects, the technology spreads a genetic “fix” through bacterial populations, even inside stubborn biofilms that shield microbes from antibiotics.

CRISPR for Antibiotic Resistance

The Useless Web The Useless Web Button... just press it and find where it takes you. The perfect button for the bored, or those looking to find useless sites online!

The Useless Web

CISA Flags Four Security Flaws Under Active Exploitation in Latest KEV Update CISA adds four actively exploited vulnerabilities to its KEV catalog, including Chrome RCE, Zimbra SSRF, Windows ActiveX, and ThreatSonar flaws.

18 Year Old Vuln

China-linked hackers exploited Dell zero-day since 2024 (CVE-2026-22769) - Help Net Security A cyberespionage group has been covertly exploiting a zero-day flaw (CVE-2026-22769) in Dell’s RecoverPoint for Virtual Machines since 2024.

Backup Persistence

RentAHuman.ai - AI Agents Hire Humans for Physical Tasks The marketplace where AI agents rent humans. MCP integration, REST API, flexible payments. Book humans for real-world tasks your AI can't do.

Rent-a-Human

Infostealer Steals OpenClaw AI Agent Configuration Files and Gateway Tokens Infostealer malware stole OpenClaw AI agent files including tokens and keys, while exposed instances and malicious skills expand security risks.

Openclaw Infostealer

OpenClaw, OpenAI and the future | Peter Steinberger I'm joining OpenAI to work on bringing agents to everyone. OpenClaw will move to a foundation and stay open and independent.

Peter Goes To OpenAI

Mostly Security: 424: Cash Drawer Eric codes and Jon harvests cocoons on the three day weekend. Path traversal bugs in Anthropic's git MCP server, and why LLMs continue to fall for prompt injection attacks. Drive and listen to local radio in cities around the world, and does a disconnected brain hemisphere dream? 0:00 - Intro 7:17 - 10:14 - 19:04 - 21:14 -

Episode 424: Cash Drawer

Can a severed brain remain conscious? Consciousness researchers studying “islands of awareness” have found that disconnected brains likely sink into a strange form of deep sleep

Brain in a Vat

Drive & Listen Original Original website of Drive & Listen (previously driveandlisten.herokuapp.com) - Listen to local radio stations while driving through the cities around the world. Istanbul, Berlin, London, Paris, New York City and many more

Drive and Listen

Context and Judgement

Prompt Injection Bugs Found in Official Anthropic Git MCP Server Three vulnerabilities in Anthropic's Git server for the MCP can be exploited via prompt injection

Anthropic Git MCP

Mostly Security: 422: Wincing Already Eric makes an app, and Jon semi-celebrates the new year. For topics we have robocall registration penalties, reverse engineering a scooter's protocol, and the current saga of Mongo Bleed. And for fun we have a captcha game, training a doodle model, and a personal filament extruder. Happy New Year! 0:00 - Intro 10:52 - 17:06 - 22:17 - 29:13 - 31:23 - 33:17 -

Episode 422: Wincing Already

Filament Extruder - https://www.3dpany.com/

Quick, Draw! Can a neural network learn to recognize doodles? See how well it does with your drawings and help teach it, just by playing.

Quick Draw

Not a Robot - https://neal.fun/not-a-robot/