Phoenix Cast

In this episode of Phoenix Cast, John and Rich sit down with Keith Mularski and Damon Mathews from Qintel. Keith is the former FBI agent who went undercover in DarkMarket as "Master Splyntr," eventually becoming a top-five spammer in the world and a "made man" in the cybercriminal underground before the operation culminated in 80+ arrests. Damon is a retired Marine CI/HUMINT officer now running national security operations at Qintel, and he walks through the years of policy fights and lawyer wrangling that came with pulling human collection into cyberspace. The conversation gets into attribution, what counts as intelligence versus evidence, and when "name and shame" is the right move. Worth a listen if you've ever wondered how 20 years of global collection becomes an 80% solution at the operational level, or why your Uber Eats password might be the thing that outs your tradecraft.
We'd love to hear your thoughts! Tweet us @ThePhoenixCast, and don't forget to join our LinkedIn Group to connect with fellow Phoenix Casters. If you enjoyed the episode, help us out by leaving one of those coveted 5-star reviews on Apple Podcasts. Thanks for listening!
Links:
Qintel - Platform Blue: https://www.qintel.com/platformblue
https://www.pghtech.org/news-and-publications/Qintel
Mathews - https://cipress.podbean.com/e/marine-ci-secrets-damon-matthews-on-multi-use-human-networks-high-stakes-ops/
Mularski - Pitt Cyber bio: https://www.cyber.pitt.edu/people/keith-mularski
Police1 - Witness to History (DarkMarket / Master Splyntr): https://www.police1.com/fbi/articles/witness-to-history-darkmarket-the-fbi-agent-who-became-master-splyntr-UuhOCI9r3Qfyo1du/

In this episode of Phoenix Cast, hosts John and Kyle break down a packed week in cyber: the Canvas ed-tech breach by Shiny Hunters that hit 9,000 schools and 275 million records right at testing season (both of their kids' schools are scrambling to go non-digital), Firefox's eye-opening collaboration with Anthropic's Mythos model that surfaced 271 vulnerabilities in a single release for a fraction of the cost of a traditional bug bounty, and the Dirty Frag Linux kernel zero-day that escalates to root in seconds — but whose fix breaks IPsec VPNs and file sharing. They also dig into the new MAR ADMIN making AI training mandatory for every Marine, and John collects on Kyle's gaslighting from two episodes ago about model quality degradation (Anthropic basically said "whoops"). Stick around for John's hot take that ASIs — Authorized Service Interruptions — are officially dead in a world where chained vulnerabilities and 271 patches can drop in a single release.
We’d love to hear your thoughts! Tweet us @ThePhoenixCast, and don't forget to join our LinkedIn Group to connect with fellow Phoenix Casters. If you enjoyed the episode, help us out by leaving one of those coveted 5-star reviews on Apple Podcasts. Thanks for listening!
Links - Canvas Hack:
Canvas Login Portals Hacked - ShinyHunters Extortion Campaign (BleepingComputer)
https://www.bleepingcomputer.com/news/security/canvas-login-portals-hacked-in-mass-shinyhunters-extortion-campaign/
Hackers Deface School Login Pages After Claiming Another Instructure Hack (TechCrunch)
https://techcrunch.com/2026/05/07/hackers-deface-school-login-pages-after-claiming-another-instructure-hack/
2026 Canvas Security Incident (Wikipedia)
https://en.wikipedia.org/wiki/2026_Canvas_security_incident
Links - Firefox Using Mythos:
Claude Mythos Has Found 271 Zero-Days in Firefox (Schneier on Security)
https://www.schneier.com/blog/archives/2026/04/claude-mythos-has-found-271-zero-days-in-firefox.html
The Zero-Days Are Numbered (Mozilla Blog)
https://blog.mozilla.org/en/privacy-security/ai-security-zero-day-vulnerabilities/
Behind the Scenes Hardening Firefox with Claude Mythos Preview (Mozilla Hacks)
https://hacks.mozilla.org/2026/05/behind-the-scenes-hardening-firefox/
Claude Mythos Finds 271 Firefox Flaws, Mozilla Believes It Shifts Security Toward Defenders (Help Net Security)
https://www.helpnetsecurity.com/2026/04/22/claude-mythos-mozilla-vulnerabilities-scanning/
Claude Mythos Finds 271 Firefox Vulnerabilities (SecurityWeek)
https://www.securityweek.com/claude-mythos-finds-271-firefox-vulnerabilities/
Mythos and Cybersecurity (Schneier on Security)
https://www.schneier.com/blog/archives/2026/04/mythos-and-cybersecurity.html
Links - Dirty Frag:
New Linux ‘Dirty Frag’ Zero-Day With PoC Exploit Gives Root Privileges (BleepingComputer)
https://www.bleepingcomputer.com/news/security/new-linux-dirty-frag-zero-day-with-poc-exploit-gives-root-privileges/
Linux Kernel Dirty Frag LPE Exploit Enables Root Access Across Major Distributions (The Hacker News)
https://thehackernews.com/2026/05/linux-kernel-dirty-frag-lpe-exploit.html
Active Attack: Dirty Frag Linux Vulnerability Expands Post-Compromise Risk (Microsoft Security Blog)
https://www.microsoft.com/en-us/security/blog/2026/05/08/active-attack-dirty-frag-linux-vulnerability-expands-post-compromise-risk/
RHSB-2026-003 Networking Subsystem Privilege Escalation - Linux Kernel (Red Hat)
https://access.redhat.com/security/vulnerabilities/RHSB-2026-003
Dirty Frag PoC Exploit (V4bel/dirtyfrag GitHub)
https://github.com/V4bel/dirtyfrag

In this episode of Phoenix Cast, hosts John and Rich — with Kyle sidelined by what Rich suspects was an AI-orchestrated exploit — welcome CW4 Justin Helphenstine, a U.S. Army cyber warrant officer with 22+ years of service and deep offensive cyber operations experience. The conversation digs into what Army cyber warrant officers actually do versus their Marine Corps counterparts, how the talent pipeline has matured from the early days when there wasn’t even a cyber MOS, and the real tension between retaining senior technical talent and losing them to the private sector. Justin makes the case that as cyber tools become commodified on both offense and defense, the warrant officer’s true value proposition shifts from technical wizardry to creating shared understanding — and he surprises John by arguing that warrant officers should learn to speak the language of joint warfighting functions and doctrine, not just binary. The episode builds to a spirited exchange on the cyber force debate, force generation versus force employment, and whether agentic AI will fundamentally change what it means to be a cyber professional — with Justin warning that outsourcing communication skills to AI is “skipping leg day” for military professionals.
We’d love to hear your thoughts! Tweet us @ThePhoenixCast, and don’t forget to join our LinkedIn Group to connect with fellow Phoenix Casters. If you enjoyed the episode, help us out by leaving one of those coveted 5-star reviews on Apple Podcasts. 
Thanks for listening!
Links:
The death of expertise: https://www.amazon.com/Death-Expertise-Campaign-Established-Knowledge/dp/0190469412

In this episode of Phoenix Cast, hosts John, Rich, and Kyle welcome Katie Moussouris — founder and CEO of Luta Security, creator of Microsoft’s first bug bounty program, and architect of Hack the Pentagon — to break down Anthropic’s Project Glasswing and what it means when an AI model can find hundreds of real-world vulnerabilities at scale. Katie walks through the staggering complexity of coordinating multi-party vulnerability disclosure across 40 organizations, drawing on her own experience running similar efforts at Microsoft, and doesn’t shy away from the hard questions about whether the cybersecurity workforce is cooked or about to boom. The conversation heats up as the crew debates how much of Glasswing is marketing versus genuine emergency, whether offensive and defensive AI use can coexist responsibly, and what all of this means for critical infrastructure, supply chains, and the warfighter. Katie closes with a bold call for universal basic income funded by AI productivity — and if that doesn’t make you hit play, nothing will.
We'd love to hear your thoughts! Tweet us @ThePhoenixCast, and don't forget to join our LinkedIn Group to connect with fellow Phoenix Casters. If you enjoyed the episode, help us out by leaving one of those coveted 5-star reviews on Apple Podcasts. Thanks for listening!
Links:
Project Glasswing (Anthropic):
https://www.anthropic.com/glasswing 
Luta Security:
https://www.lutasecurity.com 
Hack the Pentagon (USDS):
https://www.usds.gov/projects/hack-the-pentagon 
Katie Moussouris - "Fixing a Hole: The Labor Market for Bugs" (MIT Press):
https://direct.mit.edu/books/edited-volume/3582/chapter-abstract/120140/
Obligatory XKCD
https://xkcd.com/2347/

In this episode of Phoenix Cast, hosts John and Kyle dive into two cautionary tales from Kyle’s AI-powered workflow — one where he spent $70 proving that AI detection tools are fundamentally broken, and another where he nearly lost his entire CRM database to a vibe-coded update gone wrong. Kyle walks through his process of writing a Marine Corps Gazette article using AI as a drafting assistant, only to have two leading detection tools flag it as “100% AI” three times in a row — sparking a broader debate about whether “did AI write this?” is even the right question to ask. Then things get real when Kyle discovers his customer database has been wiped by a bad code push, blindly trusts AI’s hallucinated diagnosis, and burns three and a half hours chasing ghosts before realizing the data was there all along. It’s a masterclass in why human-in-the-loop verification matters, why the basics like backups still apply in the age of vibe coding, and why tokens are cheap but trust is expensive.
Links:
AI Snake Oil: What Artificial Intelligence Can Do, What It Can’t, and How to Tell the Difference
https://a.co/d/09aSZxzu 
Vibe Coding: Building Production-Grade Software with GenAI, Chat, Agents, and Beyond
https://a.co/d/0j6Uj0K5