Regular cybersecurity news updates from the Risky Business team...

In this edition of Between Two Nerds Tom Uren and The Grugq dissect a recent Chinese CERT report that the NSA had hacked China's national time keeping service. This episode is also available on Youtube. Show notes MSS Weixin post CN-CERT technical analysis Global Times on X BTN110: The NSA's nine to five hacking campaign

A bug in Microsoft WSUS is under attack, Thailand revokes the citizenship of scam-linked businessman, the US charges high tech poker cheat, and Iran's top hacking school is breached. Show notes Risky Bulletin: Russian bill would require researchers to report bugs to the FSB

In this sponsored podcast Patrick Gray chats with Knocknoc CEO Adam Pointon about why true Zero Trust architectures never really got there. Spinning up ZTNA access to core applications and slapping SSO prompts on everything else is great, but if we're honest, it's not really Zero Trust. So, how and why did we get here? Show notes

A change in iOS is deleting-clues of old spyware infections, Starlink disables 2,500 terminals at scam compounds, a Caribbean hospital is still down 5 months after a ransomware attack, and officials are charged in Poland's Pegasus spyware scandal. Show notes Risky Bulletin: iOS 26 change deletes clues of old spyware infections

Tom Uren and Amberleigh Jack talk about how America can better use its private sector to scale up offensive cyber activities, including espionage and disruption operations. Involving it to tackle ransomware and cryptocurrency scammers makes a lot of sense. They also talk about how the ransomware ecosystem is splintering, and one operator's relatively quick journey from being an affiliate to a platform operator. This episode is also available on Youtube. Show notes From Chaos to Capability: Building the US Market for Offensive Cyber Devman's RaaS Launch

A worm hits VS Code users, F5 was breached via its own devices back in 2023, Korea Telecom's CEO says he'll resign following a recent security breach, and the Boy Scouts will award cybersecurity merit badges. Show notes Risky Bulletin: Clever worm hits the DevOps scene

In this edition of Between Two Nerds Tom Uren and The Grugq talk to Joe Devanny, senior lecturer from King's College London, all about India's missing cyber power. It has all the ingredients to become a cyber superpower, but so far, hasn't shown the motivation. This episode is also available on Youtube. Show notes Interpreting India's Cyber Statecraft by Joe Devanny and Arthur Laudrain Dr Joeseph Devanny Sponsor interview: How AI turbocharges SOC analysts h

A Romanian inmate hacks his prison's IT system, hackers leak the data of DHS and DOJ employees, classified material was stolen from John Bolton's AOL account and authorities seize a SIM farm in Latvia. Show notes Risky Bulletin: Prisoner hacks prison IT system, goes wild!

In this sponsor interview, Edward Wu, CEO and founder of Dropzone AI talks to Tom Uren about a study that measured how AI practically helps SOC analysts triage real-world problems. Analysts were faster, more accurate and got less tired with AI assistance. Edward thinks the technology won't replace human analysts, but will speed their skill development. Show notes The Cloud Security Alliance AI SOC study

An APT stole source code and vulnerability reports from F5, a European MP files a criminal hacking complaint against Hungary's Prime Minister, airport PA systems are hijacked in Canada and the US, and the PowerSchool hacker gets prison time. Show notes Risky Bulletin: F5 says an APT stole source code, vulnerability reports

Tom Uren and Amberleigh Jack talk about First Wap, a Jakarta-based company that is selling surveillance-as-a-service. The good news is that it appears that government and media attention has had an impact on high-profile spyware vendors like NSO Group. The bad news is that these smaller players are flying under the radar and aren't afraid of selling to sketchy customers. They also talk about how the Chinese government has harnessed the power of its exploit development community with hacking contests. This episode is also available on Youtube. Show notes

Windows 10 reaches End-of-Life, CISA cyber personnel avoided last week's layoffs, the US seizes $15 billion dollars from a cyber-scam-compound operator, and a Secure Boot bypass impacts 200,000 Framework computers. Show notes Risky Bulletin: Windows 10 reaches End-of-Life

In this edition of Between Two Nerds Tom Uren and The Grugq talk about how different cybercriminal groups are after insiders to provide network access. This episode is available on Youtube. Show notes Nebulock sponsor episode Scattered Spider insiders tweet BBC's Joe Tidy approached by ransomware gang

Microsoft revamps Edge-IE-Mode after zero-day attacks, the FBI seizes the extortion site targeting Salesforce, a new round of layoffs hits CISA, and Apple doubles its bug bounty rewards. Show notes Risky Bulletin: Microsoft revamps Edge's "IE Mode" after zero-day attacks

In this Risky Business sponsored interview, Tom Uren talks to Damien Lewke, CEO and founder of Nebulock about countering adversary use of AI… with AI. They talk about how threat actors are rapidly adopting AI and what defenders should be doing in response. Show notes Anthropic's August threat report

The EU scraps its upcoming vote on Chat Control, Ukraine establishes a Cyber Force, CISA workers are reassigned to immigration enforcement, and two teens are arrested over the UK nursery hacks. Show notes Risky Bulletin: EU scraps Chat Control vote

Tom Uren and Amberleigh Jack talk about the Clop ransomware gang. It is interesting because the group has arrived at a strategy that rinses a whole lot of enterprises at once and comes with a decent pay day, But it's actually the least damaging kind of ransomware. Tom wonders why can't more gangs be like Clop? They also discuss the US government having second thoughts about ignoring foreign influence operations. Its adversaries run them all the time, so perhaps just sticking its head in the sand isn't the best strategy. This episode is also available on Youtube. Show notes

Redis patches a remote code execution vulnerability, Oracle out-of-band-fixes a zero-day used in a recent extortion campaign, Medusa ransomware group was behind a recent Fortra zero-day, and India fixes a tax filing system flaw; Show notes Risky Bulletin: Redis vulnerability impacts all versions released in the last 13 years

In this edition of Between Two Nerds Tom Uren and The Grugq talk about the 0day mass exploitation of SharePoint and Exchange. This type of widespread hacking appears to be increasingly common… but is it? This episode is also available on YouTube. Show notes X post | Brian in Pittsburgh

Microsoft tells users to uninstall games affected by a Unity bug, Discord discloses a data breach, Google rolls out end-to-end encryption for Gmail, and Apple and Google block an ICE tracking app. Show notes Risky Bulletin: Microsoft tells users to uninstall games affected by major Unity bug

In this Risky Business News sponsor interview, Catalin Cimpanu talks with Ashish Malpani, Head of Product Marketing at Corelight. The discussion looks at how NDRs might evolve, such as expanding to protect inter-cloud networks and complementing EDRs. Show notes Corelight

China sentences 11 scam compound operators to death, the UK makes another request for Apple user data, an Iranian APT gets doxxed again, and Microsoft launches a Security Store. Show notes Risky Bulletin: Scam compound operators sentenced to death in China

Tom Uren and Amberleigh Jack talk about different ways foreign intelligence services are finding to recruit local proxies. These methods could be too risky for Western intelligence agencies, but for some state's services they just make sense. They also discuss a report into DOGE and how speed was prioritised over robust governance. This episode is also available on Youtube. Show notes

A Cybercrime group abuses routers to send SMS spam, CISA announces a new collaboration model for state governments, South Korea raises its cyber threat level after a data center fire, and Tile tracking devices expose their location. Show notes Risky Bulletin: Router APIs abused to send SMS spam waves

In this edition of Between Two Nerds Tom Uren and The Grugq discuss the power of cyber. This episode is also available on Youtube. Show notes Narrow windows of opportunity: the limited utility of cyber operations in war RUSI's UK cyber effects network RUSI call for abstracts The fate of nations BTN discussion UK National Cyber Force's Responsible Cyber Power in Practice Sponsor interview on the importance of resilient IdPs

The UK will bail out Jaguar Land Rover following its cyberattack, hackers try to extort a ransom using childrens' photos, Dutch police arrest two teens over sniffing WiFi for Russian spies, and a recent GoAnywhere MFT bug is being exploited. Show notes Risky Bulletin: UK to bail out Jaguar Land Rover

In this sponsored interview, Authentik CEO Fletcher Heisler talks to Tom Uren about how identity providers (IdP) are fundamental to everything an organisation does. He explains how organisations are making themselves resilient by managing their redundancy and failover options. Show notes

European users will get free Windows 10 extended security updates, Cisco patches three zero-days, Microsoft drops an Israeli intel surveillance contract and a UK man is arrested for the EU airport disruptions. Show notes Risky Bulletin: EU users to get free Windows 10 extended security updates

Tom Uren and Amberleigh Jack talk about how the funnel that turns kids into cyber criminals has evolved over the last decade. Cybercrime's reach has broadened, it is more lucrative and more violent. They also talk about new thinking about deterring America's cyber adversaries. This episode is also available on YouTube Show notes CSIS's Playbook for Winning the Cyber War Bloomberg reporting on Scattered Spider

The US Secret Service raids a SIM farm in New York, EU airport disruptions were caused by ransomware, thieves steal gold nuggets from a French museum after a cyberattack and SonicWall releases a firmware update to remove SMA rootkits. Show notes Risky Bulletin: US raids SIM farm in New York

In this edition of Between Two Nerds Tom Uren and The Grugq look at a new Center for Strategic and International Studies report: A Playbook for Winning the Cyber War. This episode is also available on YouTube. Show notes CSIS Playbook

A cyberattack disrupts European airports, a Scattered Spider member turns himself in to US authorities, the Pentagon hires a new cyber policy leader and two Russian APTs work together for the first time. Show notes Risky Bulletin: Cyberattack disrupts airports across Europe

In this Risky Business News sponsor interview, Catalin Cimpanu talks with Jared Atkinson, CTO at SpecterOps. They discuss how SpecterOps is using classifying identities under two categories, identities at rest and identities in transit, what they are and how they should be treated differently. Show notes Shifting the Paradigm: Managing Identities at Rest vs. Identities in Transit BloodHound OpenGraph

America's Government Accountability Office says the Pentagon employs more than 70,000 cyber personnel, hackers steal SonicWall firewall configs, DeepSeek returns insecure code for groups China doesn't like, and two Scattered Spider members arrested in the UK. Show notes Risky Bulletin: Pentagon has +70K cyber staff, and a lot of overlap

Tom Uren and Amberleigh Jack talk about why it is good news that US investment in spyware vendors has skyrocketed. They also discuss the in-principle agreement for TikTok to remain in the US. It's a win-win: a win for China and a win for TikTok, but not so much a win for US national security. This episode is also available on YouTube. Show notes

Android will only issue monthly updates for high-risk vulnerabilities, a self-replicating attack hits the npm registry, BreachForums' admin resentenced on appeal, and hackers breach Gucci's parent company. Show notes Risky Bulletin: AI chatbot disinformation doubles in a year

In this edition of Between Two Nerds Tom Uren and The Grugq talk about the limits of a state's cyber power. This episode is also available on YouTube Show notes Dave Aitel's CyberSecPolitics post on cyber power metrics Lawfare Post BTN 117, The fate of nations BTN 120, Should US spies steal Chinese commercial secrets

The US sues a crypto ATM operator for profiting from scams, SMS blasters make their way into Switzerland, the US and Portugal tussle over the extradition of the RaidForums admin, and Samsung patches a zero-day in its phones. Show notes Risky Bulletin: US largest crypto ATM operator sued for profiting from scams

In this sponsored interview, Casey Ellis chats to David Cottingham and Daniel Schell from Airlock Digital. They discuss the challenge of browser extension management for enterprises, why it's a priority and how Airlock can help. Show notes

Apple notifies French users of spyware attacks, China will increase fines for data breaches Google pays $1.6mil for cloud bugs at a hackathon event, and no more hacked free laundry for Dutch students Show notes Risky Bulletin: Most UK school hacks are caused by their own students

Tom Uren and Amberleigh Jack talk about the Salesloft Drift incident. It is a great example of the sprawling impact that the breach of a single service provider can have. We expect these single-compromise-large-blast-radius attacks will become the new norm. They also talk about Apple's Memory Integrity Enforcement, which promises to be a big step forward for memory safety on Apple devices. This episode is also available on Youtube. Show notes

The White House will keep the CyberCom and NSA dual-hat leadership arrangement, the US charges a major ransomware figure, Apple ships a memory safety protection feature and yet another supply chain attack hits the npm world. Show notes Risky Bulletin: US charges major ransomware figure

In this edition of Between Two Nerds Tom Uren and The Grugq talk about the trend toward outrageously complicated exploits and what it means for hacking and cyber espionage. This episode is also available on YouTube Show notes

A new APT group turns out to be a phishing test, Qantas cuts executives' bonuses after a recent breach, Anthropic stops selling AI tools to Chinese firms, and Nepal blocks 26 social media sites. Show notes Risky Bulletin: APT report? No, just a phishing test!

In this sponsored interview Casey Ellis chats with Keith Hoodlet from Trail of Bits. Keith is Trail of Bits' director of engineering for AI, machine learning and application security and he joined Casey to talk about why prompt injection attack techniques that target AI are an unsolvable problem. Show notes

A cyberattack disrupts Bridgestone tyre factories in North America, a new infostealer takes your photo while you watch porn, bad certificates for Cloudflare infrastructure went undetected for more than a year, and Brazil deals with another payment system hack. Show notes Risky Bulletin: Chrome 140 comes with new hardened cookies

Tom Uren and Amberleigh Jack talk about Google starting a cyber disruption unit. It's a sign of the times but could also point the way forward for policymakers looking to involve the private sector in government-endorsed efforts to strike back in cyberspace. They also talk about cyber security authorities from 13 different countries pegging Salt Typhoon to three Chinese companies. That's a lot of countries, but Tom wonders whether attribution is just viewed as a cost of doing business for the Chinese government. And it turns out that Apple's dispute with the UK government about encrypted iCloud data has not yet been resolved, despite media reports to the contrary. This episode is also available on Youtube. Show notes

Two YouTube channels help dismantle a Chinese scam operation, Cloudflare, Zscaler, and Palo Alto disclose Salesloft-related breaches, a ransomware attack disrupts vehicle production at Jaguar Land Rover, and we have a new record DDoS attack. Show notes Risky Bulletin: YouTubers unmask and help dismantle giant Chinese scam ring

In this edition of Between Two Nerds Tom Uren and The Grugq talk about how cyber threat actors are using AI tools to fill in resource and skills gaps that they have. This episode is also available on Youtube. Show notes Anthropic's August 2025 Threat Report BTN episode 50

FEMA's IT staff fired over an alleged breach, WhatsApp patches a zero-day, the Salesloft breach impacted more than just Salesforce, and a scammer steals $1.5 million dollars from the city of Baltimore. Show notes Risky Bulletin: Noem fires FEMA IT team over alleged cybersecurity failures

In this sponsored interview Casey Ellis chats with Push Security co-founder Jacques Louw. Push's browser plugin gives a unique level of visibility into how users interact with the web and the attacks they face. Jacques talks through what they're seeing, and their recently published taxonomy of phishing attacks. It's on Github for everyone to contribute to! Show notes Introducing our guide to phishing detection evasion techniques