⬇️ OPEN FOR LINKS TO ARTICLES TO LEARN MORE ⬇️


@endingwithali →
Twitch: https://twitch.tv/endingwithali
Twitter: https://twitter.com/endingwithali
YouTube: https://youtube.com/@endingwithali
Everywhere else: https://links.ali.dev

Want to work with Ali? hak5@endingwithali.com

[❗] Join the Patreon→ https://patreon.com/threatwire
0:00 0 - Intro
1 - Vercel Compromise (What is AI Context)
2 - Claude Mythos Evaluations
3 - NIST Gives Up On CVEs
4 - BSides News
5 - Outro

LINKS
🔗 Story 1: Vercel Compromise (What is AI Context)
https://x.com/mattjay/status/2046222804555608574
https://www.bleepingcomputer.com/news/security/vercel-confirms-breach-as-hackers-claim-to-be-selling-stolen-data/
https://vercel.com/kb/bulletin/vercel-april-2026-security-incident
https://context.ai/security-update
https://x.com/DiffeKey/status/2045813085408051670
https://thehackernews.com/2026/04/vercel-breach-tied-to-context-ai-hack.html
https://x.com/vxunderground/status/2045913185799037263
🔗 Story 2: Claude Mythos Evaluations
https://www.aisi.gov.uk/blog/our-evaluation-of-claude-mythos-previews-cyber-capabilities
https://openai.com/index/scaling-trusted-access-for-cyber-defe
🔗 Story 3: NIST Gives Up On CVEs
https://www.nist.gov/news-events/news/2026/04/nist-updates-nvd-operations-address-record-cve-growth
https://nvd.nist.gov/general/nvd-dashboard
https://www.nist.gov/itl/executive-order-14028-improving-nations-cybersecurity
https://cal.com/blog/cal-diy-open-source-to-closed-source
https://cal.com/blog/cal-com-goes-closed-source-why
🔗 Story 5: BSides News
https://blog.trailofbits.com/2026/04/17/we-beat-googles-zero-knowledge-proof-of-quantum-cryptanalysis/
https://cyberscoop.com/google-moves-post-quantum-encryption-timeline-to-2029/
https://www.digitaltrends.com/computing/zoom-will-now-check-if-you-are-a-human-or-an-ai-imposter-during-video-meetings/
https://bugbounty.meta.com/en-gb/blog/meta-bug-bounty-x-portswigger/
https://www.helpnetsecurity.com/2026/04/17/google-gemini-harmful-ads-blocking/
-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆
Our Site → https://www.hak5.org
Shop →  http://hakshop.myshopify.com/
Community → https://www.hak5.org/community
Subscribe → https://www.youtube.com/user/Hak5Darren?sub_confirmation=1
Support → https://www.patreon.com/threatwire
Contact Us → http://www.twitter.com/hak5
____________________________________________

Founded in 2005, Hak5's mission is to advance the InfoSec industry. We do this through our award winning educational podcasts, leading pentest gear, and inclusive community – where all hackers belong.

Hak5's resource offers insights, tutorials, and resources for hackers, cybersecurity enthusiasts, and technology hobbyists. Readers can learn about cybersecurity tools, penetration testing techniques, and privacy-enhancing technologies. With articles, videos, and community forums, Hak5 provides resources for learning and experimenting with cybersecurity.

Hak5

A weekly cybersecurity news roundup covering several major stories. The main story involves a Vercel data breach traced back to a compromised OAuth token from a Context.ai security incident, where an employee had granted excessive Google Workspace permissions to a third-party app. The host argues this was fundamentally an OAuth hygiene failure and shadow IT problem, not an AI-driven attack as Vercel's CEO framed it. Other stories include: Claude Opus (referred to as 'Mythos') achieving 73% success on expert-level CTF tasks and completing a 32-step corporate network attack simulation; NIST announcing it will deprioritize CVE enrichment in the NVD due to a 263% surge in submissions since 2020; Cal.com moving from open source to closed source citing AI security concerns; and brief mentions of Zoom's AI detection feature, Trail of Bits beating Google's ZK proof, and Meta partnering with PortSwigger for Burp Suite licenses.

Vercel Hacked: A Simple Failure of OAuth Hygiene | THREAT WIRE