Risky Business News

Tom Uren and Amberleigh Jack talk about the argy-bargy between the Pentagon and AI company Anthropic. US Defense Secretary Pete Hegseth is demanding that all safeguards are lifted from Claude, while Anthropic CEO Dario Amodei is insisting on protections against mass surveillance of Americans and use in lethal autonomous weapons. They also discuss the return of Volt Typhoon, the Chinese hacker group prepositioning in critical infrastructure for sabotage in the event of a conflict over Taiwan. The group is still around, even though the US government declared victory against it last July. This episode is also available on Youtube. Show notes

Russia launches a criminal probe into Telegram's founder, two teenagers arrested for a South Korean bike share hack, Anthropic accuses Chinese AI firms of distillation attacks, and the US Treasury sanctions a Russian exploit broker. Show notes Risky Bulletin: Russia starts criminal probe of Telegram founder Pavel Durov

In this edition of Between Two Nerds Tom Uren and The Grugq talk about how ‘professional' Five Eyes cyber espionage agencies like NSA will use AI. These agencies place a premium on stealth and won't yolo AI. This episode is available on Youtube. Show notes How AI-powered espionage will favour China Google's AI threat tracker, February 2026

An AI-driven hacking campaign breached 600 Fortinet devices, Ivanti was hacked via its own product, Wikipedia bans Archive-dot-Today for DDoS attacks, and Chinese hackers breached Italy's police force. Show notes Risky Bulletin: AI-driven hacking campaign breaches 600+ Fortinet devices

In this Risky Business sponsor interview, Casey Ellis and Feross Aboukhadijeh discuss how AI is affecting open source, chat about a few attacks the company has seen in the wild and introduce Socket's answer to the smouldering trashfire: Socket Firewall. Show notes

RPKI relies on vulnerable servers, the French Ministry of Economy discloses a data breach, the UK gives tech platforms 48 hours to remove revenge porn, and ClickFix-attacks are responsible for 50% of malware infections. Show notes Risky Bulletin: RPKI infrastructure sits on shaky ground

Tom Uren and Amberleigh Jack talk about a groundswell of calls from European officials to build cyber capabilities to strike back against adversaries. There are good reasons that countries should have their own cyber capabilities, but if you don't have the political will to strike back, having a magic cyber weapon doesn't really make a difference. They also talk about ‘distillation attacks'. They are a way that AI developers can steal the secret sauce of advanced models just by asking questions. It looks like American companies need government assistance if the US wants to keep its AI lead. This episode is also available on Youtube. Show notes

A supply chain attack plants backdoors on Android tablets, the EU blocks AI from lawmakers' devices, Cellebrite was used against a Kenyan politician, and a Chinese APT is exploiting a Dell zero-day. Show notes Risky Bulletin: Supply chain attack plants backdoor on Android tablets

In this edition of Between Two Nerds Tom Uren and The Grugq discuss whether middle powers should be investing in military cyber capabilities. This episode is also available on Youtube Show notes The Record on Iranian air defences Max Smeets No Shortcuts RunZero sponsor interview

Cambodia promises to dismantle cyber scam compounds by April, CISA urges companies to adopt the OpenEoX standard, Linux gets post-quantum crypto support, and Palo Alto Networks avoids attributing an APT to China. Show notes Risky Bulletin: Cambodia promises to dismantle scam networks by April

In this sponsored interview Casey Ellis chats to Todd Beardsley, VP of Security at RunZero about Kevology, the company's analysis of CISA's KEV list. Kevology lets you easily identify and fix vulnerabilities from the list that are urgent and relevant to you. Show notes KEVology: An analysis of exploits, scores, & timelines on the CISA KEV

A Malware developer faked his own death to evade the FBI, Apple patches a zero-day used in a targeted attack, the Tianfu Cup quietly returns, and researchers spot the first malicious Outlook add-in. Show notes Risky Bulletin: IcedID malware developer fakes his own death to escape the FBI

Tom Uren and Amberleigh Jack talk about Microsoft CEO Satya Nadella's messaging around personnel changes at the top of its security organisation. These signal a focus on selling security products rather than on making secure products. They also discuss Expedition Cloud, a Chinese cyber range that replicated the critical infrastructure of neighbouring countries, apparently to develop and fine-tune cyber disruption operations. Finally, they talk about what we've learnt about the role of cyber operations in the US bombing of Iranian nuclear facilities. It was far bigger than we previously thought. This episode is also available on Youtube. Show notes

China has breached all of Singapore's major telcos, Microsoft announces two new security features, a hacktivist leaks data from a stalkerware provider, and researchers map out “GRU information warfare units” based on their insignia. Show notes Risky Bulletin: Chinese cyber-spies breached all of Singapore's telcos

In this edition of Between Two Nerds Tom Uren and The Grugq talk about why the world is destined to be perpetually insecure. This episode is also available on Youtube. Show notes Hunterbrook's Ubiquiti investigation Trail of Bits sponsor interview

A software company gets hacked through vulnerabilities in its own product, European agencies are hacked via recent Ivanti zero-days, Senegal is being extorted by hackers, and a state actor is behind a Signal phishing campaign in Germany. Show notes Risky Bulletin: SmarterTools hacked via its own product

In this Risky Business sponsored interview, Tom Uren talks to Trail of Bits CEO Dan Guido about how Trail of Bits is reworking its business processes to take advantage of AI. Dan talks about what it takes to make AI agents reliable and trustworthy and how that will give the company an edge by making its work both better and faster. Show notes Trail of Bits Skills Marketplace

Denmark recruits hackers for offensive cyber operations, CISA tells agencies to remove old edge devices, Coinbase has another insider breach, and Microsoft appoints a new security chief. Show notes Risky Bulletin: Denmark recruits hackers for offensive cyber operations

Tom Uren and Amberleigh Jack talk about Google's cyber disruption unit taking aim at the IPIDEA residential proxy network. The network was a cybercrime enabler that was used by hundreds of threat actors for crime and espionage. More of this kind of disruption please. They also discuss SpaceX's rapid action to stop the Russian military using Starlink terminals to guide drones deep into Ukrainian territory. This episode is also available on Youtube. Show notes

The Plone CMS stops a supply-chain attack, French cops raid the X Paris office; the number of malicious OpenClaw skills grows, and a Chinese APT hacked Notepad++ servers. Show notes Risky Bulletin: Plone CMS stops supply-chain attack

In this edition of Between Two Nerds Tom Uren and The Grugq discuss the recent Russian attack on Polish electricity infrastructure. This episode is also available on Youtube. Show notes ESET's first report ESET's update report CERT-PL report Dragos report The Insider 'Hidden Bear' investigation BTN 124, How Russia's sabotage team got into hacking BTN 145, Russia's cyber war on wheat

ICE tracking app blames a recent hack on a government agent, Microsoft will disable NTLM in the next release of Windows, Poland bans Chinese cars from military bases, and Ivanti patches two new zero-days. Show notes Risky Bulletin: StopICE blames hack on "a CBP agent here in SoCal"

In this sponsored interview, Casey Ellis chats to Edward Wu, founder of Dropzone AI about a recent Vanderbilt University report that reveals that foreign adversaries' resources are growing. Edward says AI capabilities are critical to the future of cyber defence, because the west can't hire itself out of the shortfall. Show notes Dominating the Digital Space: A Whole-of-Society Strategy for Securing the United States from Cyber Aggression

Hackers breach eScan antivirus and distribute a backdoor, Google takes down the IPIDEA proxy botnet, most GDPR fines remain uncollected, and the Poland wiper attack hit 30 locations. Show notes Risky Bulletin: eScan antivirus distributes backdoor in latest supply chain attack

Tom Uren and Amberleigh Jack talk about the Pall Mall Process, an international effort to reign in abusive spyware. Tom thinks the US has already stumbled into a viable carrots and sticks style strategy that will shape the industry more than coming up with standards will. The pair also discuss news that Chinese Salt Typhoon hackers compromised the calls of senior UK officials in Downing Street. The UK has extensive telecommunications security regulations and the incident makes us wonder what that legislation is actually good for. This episode is also available on Youtube. Show notes

A cyberattack has crippled cars in Russia, Microsoft patches an Office zero-day, WhatsApp rolls out an account lockdown feature, and a handful of Chrome extensions steal ChatGPT auth tokens. Show notes Risky Bulletin: Cyberattack cripples cars across Russia

In this edition of Between Two Nerds Tom Uren and The Grugq discuss how getting pinged hurts state hackers by introducing uncertainty. Publishing technical reports on the hack can actually improve the situation by removing uncertainty about how attackers were detected. This episode is also available on Youtube. Show notes BTN 36, The culture of the Snake

In this Risky Business News sponsor interview, Catalin Cimpanu talks with Luke Jennings, VP of Research & Development at Push Security, about ConsentFix. It's a new form of email-based social engineering attack used in the wild, an evolution of the ClickFix attack that goes after your identity. Show notes ConsentFix: Analysing a browser-native ClickFix-style attack that hijacks OAuth consent grants ConsentFix debrief: latest community insights, recommendations, and predictions Luke Jennings, ConsentFix LinkedIn post Year in Review: How Phishing Attacks Evolved in 2025

Russia deployed wipers against Poland's energy grid, Microsoft shared BitLocker keys with the FBI, Romania dismantles a murder-for-hire portal, and the EU creates a new anti-spyware group. Show notes Risky Bulletin: EU readies new anti-spyware group, but with even less powers than PEGA

A poorly patched bug is being exploited in Fortinet firewalls, hackers go after security testing environments, Jordanian police used Cellebrite against activists, and new Cisco and SmarterMail zero-days. Show notes Risky Bulletin: Improperly patched bug exploited again in Fortinet firewalls

Tom Uren and Amberleigh Jack talk about the rise of technologies that can undermine internet blackouts such as Starlink and its relatively new direct-to-cell service. Authoritarian internet shutdowns and disasters happen often enough that governments should think about how to take advantage of these new technologies rather than just reacting when crises arise. They also discuss the nomination of General Joshua Rudd as head of NSA and US Cyber Command. This episode is also available on Youtube. Show notes

Canonical's Snap Store hit by domain resurrection attacks, Russia will use AI to detect VPN users, Iranian hackers switch to Starlink during internet outage, and Greece arrests SMS blasters… by dumb luck. Show notes Risky Bulletin: Domain resurrection attacks come to Canonical's Snap Store

In this edition of Between Two Nerds Tom Uren and The Grugq talk about what information warfare even is, revisit a 30-year-old paper and examine why Western governments struggle with the concept. This episode is also available on Youtube. Show notes What is Information Warfare by Martin Libicki Human Rights in China Leaked conversation on Youtube, in Mandarin Rebecca Black, Friday

Germany seeks more hacking and surveillance powers for its intelligence service, Finland intends to criminalize the spreading of false information, patriotic “French” social media goes quiet during Iran's internet outage, and hackers are extorting GrubHub. Show notes Risky Bulletin: Germany seeks more hacking and surveillance powers for its intel service

In this Risky Business sponsored interview, Tom Uren talks to Justin Kohler, Chief Product Officer at SpecterOps, about how attack paths exist in the seams between different identity or permissions management domains. In isolation, for example, both your Github and your AWS deployment could follow best practices. But bring them together and you've got problems. Bloodhound's OpenGraph lets you find and fix these otherwise invisible attack paths. Show notes

China bans Israeli and US cybersecurity products, Sean Plankey is re-nominated for CISA Director, RAM price hikes are likely to impact the cost of firewalls, and Lumen sinkholes the Kimwolf DDoS botnet. Show notes Risky Bulletin: DRAM price hikes set to impact firewalls too

Tom Uren and Amberleigh Jack talk about the Chinese government's reactive approach to tackling scam compounds. It's driven by bad news on domestic media and therefore focusses on the compounds that are targeting Chinese citizens. Rather than eliminating the industry, that may instead be shaping the industry to focus on other countries and particularly Americans. They also discuss the role of disruptive cyber operations in the US's raid to capture Venezuelan President Nicolás Maduro. This episode is also available on Youtube. Show notes

Russia fines 33 telcos for surveillance non-compliance, AVCheck admin is arrested in Amsterdam, Poland repels an attack on its power grid, and voice cloning defenses can be bypassed. Show notes Risky Bulletin: Voice cloning defenses still weak, can be bypassed

In this edition of Between Two Nerds Tom Uren and The Grugq about the role of cyber operations in the US capture of Venezuela's president Nicolas Maduro. This episode is also available on Youtube. Show notes Maduro's fall puts US cyber power in the spotlight Trump suggests US used cyberattacks to turn off lights in Venezuela during strikes Venezuela strike marks a turning point for US cyber warfare Power outages, but not cyber (from Oleg Shakirov) NYTimes Inside 'Operation Absolute Resolve' Spec Ops by William McRaven

The Apex Legends game is hacked again, data about 17 million Instagram users put up for sale, Indonesia blocks X over pornographic content, and a ransomware attack hits major Chilean energy provider Show notes Risky Bulletin: Apex Legends streamers hacked again

In this Risky Business News sponsored interview the CEO and founder of Prowler, Toni de la Fuente, explains how implementing AI systems brings new security challenges that differ for traditional cloud workloads. Toni also talks about ‘attack paths' in the context of cloud infrastructure and using them to minimise risk. Show notes

Belarus deployed spyware on journalists' phones, a man is arrested for installing malware on a ferry, France arrests the hacker behind an Interior Ministry email server breach, and new Cisco and SonicWall zero-days. Show notes Risky Bulletin: Belarus deploys spyware on journalists' phones

Tom Uren and Patrick Gray talk about America's increasing dependence on Chinese manufacturers for electrical sector equipment. This doesn't seem like a good idea when China is hacking electric utilities for sabotage and PLA researchers are dreaming up ways to attack the grid. They also discuss the possibility that the US was responsible for a cyber attack on Venezuela's state oil company and how Russian state-backed hacktivism is so dumb. This episode is also available on Youtube. Show notes

Most smart devices run outdated web browsers, Ukrainian hacktivists breach a major Russian defense contractor, ransomware hits Venezuela's state-owned oil company, and hackers are trying to extort PornHub with stolen user data. Show notes Risky Bulletin: Most smart devices run outdated web browsers

In this edition of Between Two Nerds Tom Uren and The Grugq talk to Hamid Kashfi, CEO and founder of DarkCell, talk about the Iranian cyber espionage scene. Kashfi talks about how the regime once forced people to hack and crushed the domestic security research scene. He describes how and why the government has changed its approach and is now reaping the rewards of improved Iranian capabilities. This episode is available on Youtube. Show notes The "Mossad or not" threat model by James Mickens Shamoon wiper iLO rootkit

Russia is hiring African freelancers for disinformation campaigns, the US is preparing to let contractors run offensive cyber operations, Germany blames Russia for the hack of its air traffic control agency, and Apple patches two WebKit zero-days. Show notes Risky Bulletin: African freelancers behind anti-US and anti-French disinfo campaigns

In this sponsored interview Casey Ellis is joined by Push Security's Field CTO, Mark Orlando. They chat about the ways that browser-based attacks are evolving and how Push Security is finding and cataloging them. Show notes ConsentFix: Analysing a browser-native ClickFix-style attack that hijacks OAuth consent grants Introducing our guide to phishing detection evasion techniques

The EU has a problem attracting and retaining cyber talent, the CEO of Coupang resigns following the company's security breach, Microsoft expands its bug bounty program to cover third party code, and Chrome and Gogs patch zero-days. Show notes Risky Bulletin: EU has a problem attracting and retaining cyber talent

Linux adds PCIe encryption to help secure cloud servers, Europol cracks down on Violence-as-a-Service providers, the International Criminal Court prepares for cyber-enabled genocide, and Cambodia busts a warehouse full of SMS blasters. Show notes Risky Bulletin: Linux adds PCIe encryption to help secure cloud servers

APTs go after the React2Shell vulnerability just hours after public disclosure. CISA remains without a director after the nomination stalls again, NSA is down 2,000 staff this year, and Intellexa is still active despite sanctions. Show notes

Tom Uren and Patrick Gray discuss a new report proposing a framework for deciding when cyber operations raise red flags. It suggests seven red flags and could help clarify thinking about how to respond to different operations. They also discuss Anthropic testifying to Congress and Iran using cyber intelligence to target missile strikes including by sharing it with Houthi rebels who fired at a specific ship. And finally, we are not reassured by China's white paper about being a good cyber citizen. This episode is also available of Youtube. Show notes Assessing Irresponsibility in Cyber Operations AWS on state actors bridging cyber and kinetic warfare