Episode 62: Top 10 security threats in April 2026
SHOW NOTES
In our latest episode of SecOps Weekly, Red Canary’s Keith McCammon and Stef Rand discuss the latest Intelligence Insights, focusing on two major trends: AI-powered threats and sophisticated phishing campaigns.
The hosts kick off the conversation by analyzing the impact of Claude Mythos, Anthropic’s new AI model, and its implications for vulnerability research and exploitation speed.
Keith and Stef then review the top ten threats from the previous month, highlighting major supply chain compromises including the axios NPM breach and Team PCP’s activities. The discussion then shifts to a resurgence in email bombing followed by Teams phishing attacks, where adversaries flood victim inboxes with spam emails and then pose as IT support to install remote monitoring and management (RMM) tools like Microsoft Quick Assist.
The discussion concludes with practical mitigation strategies including baselining, user education, and EDR deployment to counter these evolving threats.
TIMESTAMPS
- 00:00 – Intro
- 00:42 – Welcome to SecOps Weekly
- 01:29 – In the news: Anthropic Mythos
- 06:55 – April Intelligence Insights
- 09:39 – MacSync overtakes Atomic Stealer
- 10:26 – Package compromises dominated in March 2026
- 16:14 – The surge in email bombing and Teams phishing
- 19:16 – Other things we’ve observed recently
- 23:28 – How to mitigate recent activity