Risky Business News

Authorities take down a residential proxy service, Iranian hackers wipe the network of a US medical device maker, Apple patches unsupported iOS against Coruna, and CISA asks for Cisco SD-WAN device logs. Show notes Risky Bulletin: Another residential proxy provider falls as authorities continue crackdowns

Tom Uren and Amberleigh Jack talk about the newly released Trump Cyber Strategy for America. The ideas in it are fine and occasionally even game-changing, but many of its goals have been undercut by the administration's actions to date. They also discuss the Coruna exploit kit, which is now known to have leaked from a US defence contractor. Exploits are so valuable that it is unrealistic to expect they can be kept secret. This episode is also available on Youtube. Show notes

The Senate confirms a new CyberCom and NSA chief, the US will establish an inter-agency cyber unit, the UK's Online Crime Centre will launch in April, and the Coruna iOS hacking kit was the work of L3Harris. Show notes Risky Bulletin: Gen. Joshua Rudd confirmed as next CyberCom and NSA head

In this edition of Between Two Nerds Tom Uren and The Grugq talk about why an internet shutdown won't stop US cyber operations in Iran. This episode is also available on Youtube. Show notes Srsly Risky Biz: The Four Hour Cyber War on Iran The Thing listening device IBM Selectric bug CIA compromise in Iran

US federal agencies told to crack down on scams and cybercrime, the White House releases its new Cyber Strategy, suspected Chinese hackers breach the FBI's wiretap network, and Romania's largest meat exporter is insolvent after a ransomware attack. Show notes Risky Bulletin: New White House EO prioritizes fight against scams and cybercrime

In this Risky Business sponsor interview, Marco Slaviero, CTO of Thinkst, talks to Tom Uren about how the company ensures that it is a learning organisation. The pair discuss the company's investment in its Thinkst Labs, how it differs from other security research labs, and how it helps grow products and people. Show notes

Iran attempts to hack security cameras to support its missile strikes, Israel bombs Iran's cyber headquarters, authorities take down LeakBase and Tycoon 2FA, and TikTok says ‘no' to encrypted private messaging. Show notes Risky Bulletin: Iranian hackers are scanning for security cameras to aid missile strikes

Tom Uren and Amberleigh Jack talk about how cyber operations were used in the first hours of the US-Israeli attack on Iran. They were instrumental in the attack on Iranian Supreme Leader Ali Khamenei, but they didn't last long. The Iranian regime implemented an internet blackout within four hours of the first bombs. They also discuss how threat actors are using AI. It's not game-changing so far, but it is very much altering the balance between attack and defence. This episode is also available on Youtube. Show notes

The US conducted cyberattacks ahead of strikes on Iran, Russia aims for internet independence by 2028, Google finds a new iOS exploit kit in the wild, and Chrome moves to a two-week release cycle. Show notes Risky Bulletin: Cyber Command conducted cyberattacks ahead of Iran strikes

In this edition of Between Two Nerds Tom Uren and The Grugq how the use of cyber operations in the war in Ukraine has evolved over time. This episode is also available on Youtube. Show notes Russia using cyber espionage to direct grid missile strikes The Spectator article on US-UK relations BTN72 on the Taurus missile leak

LLMs can deanonymize internet users based on their comments, CISA gets a new acting director, hackers steal 15 million records from the French Ministry of Health, and Google takes down an ad fraud botnet. Show notes Risky Bulletin: LLMs can deanonymize internet users based on their past comments

In this sponsored interview Casey Ellis chats to Harish Peri, SVP and general manager for AI security at Okta, a cloud-based identity and access management company. The pair chat about the fact that AI is forcing enterprises to relearn the basics around identity security, and how Okta for AI Agents can help. Show notes

A Russian man prosecuted for extorting the Conti ransomware group, Google takes down a Chinese cyber-espionage operation, Anthropic tells Department of War to pound sand over AI restrictions, and a Cisco zero-day was exploited in the wild for three years. Show notes Risky Bulletin: Russian man investigated for extorting Conti ransomware group

Tom Uren and Amberleigh Jack talk about the argy-bargy between the Pentagon and AI company Anthropic. US Defense Secretary Pete Hegseth is demanding that all safeguards are lifted from Claude, while Anthropic CEO Dario Amodei is insisting on protections against mass surveillance of Americans and use in lethal autonomous weapons. They also discuss the return of Volt Typhoon, the Chinese hacker group prepositioning in critical infrastructure for sabotage in the event of a conflict over Taiwan. The group is still around, even though the US government declared victory against it last July. This episode is also available on Youtube. Show notes

Russia launches a criminal probe into Telegram's founder, two teenagers arrested for a South Korean bike share hack, Anthropic accuses Chinese AI firms of distillation attacks, and the US Treasury sanctions a Russian exploit broker. Show notes Risky Bulletin: Russia starts criminal probe of Telegram founder Pavel Durov

In this edition of Between Two Nerds Tom Uren and The Grugq talk about how ‘professional' Five Eyes cyber espionage agencies like NSA will use AI. These agencies place a premium on stealth and won't yolo AI. This episode is available on Youtube. Show notes How AI-powered espionage will favour China Google's AI threat tracker, February 2026

An AI-driven hacking campaign breached 600 Fortinet devices, Ivanti was hacked via its own product, Wikipedia bans Archive-dot-Today for DDoS attacks, and Chinese hackers breached Italy's police force. Show notes Risky Bulletin: AI-driven hacking campaign breaches 600+ Fortinet devices

In this Risky Business sponsor interview, Casey Ellis and Feross Aboukhadijeh discuss how AI is affecting open source, chat about a few attacks the company has seen in the wild and introduce Socket's answer to the smouldering trashfire: Socket Firewall. Show notes

RPKI relies on vulnerable servers, the French Ministry of Economy discloses a data breach, the UK gives tech platforms 48 hours to remove revenge porn, and ClickFix-attacks are responsible for 50% of malware infections. Show notes Risky Bulletin: RPKI infrastructure sits on shaky ground

Tom Uren and Amberleigh Jack talk about a groundswell of calls from European officials to build cyber capabilities to strike back against adversaries. There are good reasons that countries should have their own cyber capabilities, but if you don't have the political will to strike back, having a magic cyber weapon doesn't really make a difference. They also talk about ‘distillation attacks'. They are a way that AI developers can steal the secret sauce of advanced models just by asking questions. It looks like American companies need government assistance if the US wants to keep its AI lead. This episode is also available on Youtube. Show notes

A supply chain attack plants backdoors on Android tablets, the EU blocks AI from lawmakers' devices, Cellebrite was used against a Kenyan politician, and a Chinese APT is exploiting a Dell zero-day. Show notes Risky Bulletin: Supply chain attack plants backdoor on Android tablets

In this edition of Between Two Nerds Tom Uren and The Grugq discuss whether middle powers should be investing in military cyber capabilities. This episode is also available on Youtube Show notes The Record on Iranian air defences Max Smeets No Shortcuts RunZero sponsor interview

Cambodia promises to dismantle cyber scam compounds by April, CISA urges companies to adopt the OpenEoX standard, Linux gets post-quantum crypto support, and Palo Alto Networks avoids attributing an APT to China. Show notes Risky Bulletin: Cambodia promises to dismantle scam networks by April

In this sponsored interview Casey Ellis chats to Todd Beardsley, VP of Security at RunZero about Kevology, the company's analysis of CISA's KEV list. Kevology lets you easily identify and fix vulnerabilities from the list that are urgent and relevant to you. Show notes KEVology: An analysis of exploits, scores, & timelines on the CISA KEV

A Malware developer faked his own death to evade the FBI, Apple patches a zero-day used in a targeted attack, the Tianfu Cup quietly returns, and researchers spot the first malicious Outlook add-in. Show notes Risky Bulletin: IcedID malware developer fakes his own death to escape the FBI

Tom Uren and Amberleigh Jack talk about Microsoft CEO Satya Nadella's messaging around personnel changes at the top of its security organisation. These signal a focus on selling security products rather than on making secure products. They also discuss Expedition Cloud, a Chinese cyber range that replicated the critical infrastructure of neighbouring countries, apparently to develop and fine-tune cyber disruption operations. Finally, they talk about what we've learnt about the role of cyber operations in the US bombing of Iranian nuclear facilities. It was far bigger than we previously thought. This episode is also available on Youtube. Show notes

China has breached all of Singapore's major telcos, Microsoft announces two new security features, a hacktivist leaks data from a stalkerware provider, and researchers map out “GRU information warfare units” based on their insignia. Show notes Risky Bulletin: Chinese cyber-spies breached all of Singapore's telcos

In this edition of Between Two Nerds Tom Uren and The Grugq talk about why the world is destined to be perpetually insecure. This episode is also available on Youtube. Show notes Hunterbrook's Ubiquiti investigation Trail of Bits sponsor interview

A software company gets hacked through vulnerabilities in its own product, European agencies are hacked via recent Ivanti zero-days, Senegal is being extorted by hackers, and a state actor is behind a Signal phishing campaign in Germany. Show notes Risky Bulletin: SmarterTools hacked via its own product

In this Risky Business sponsored interview, Tom Uren talks to Trail of Bits CEO Dan Guido about how Trail of Bits is reworking its business processes to take advantage of AI. Dan talks about what it takes to make AI agents reliable and trustworthy and how that will give the company an edge by making its work both better and faster. Show notes Trail of Bits Skills Marketplace

Denmark recruits hackers for offensive cyber operations, CISA tells agencies to remove old edge devices, Coinbase has another insider breach, and Microsoft appoints a new security chief. Show notes Risky Bulletin: Denmark recruits hackers for offensive cyber operations

Tom Uren and Amberleigh Jack talk about Google's cyber disruption unit taking aim at the IPIDEA residential proxy network. The network was a cybercrime enabler that was used by hundreds of threat actors for crime and espionage. More of this kind of disruption please. They also discuss SpaceX's rapid action to stop the Russian military using Starlink terminals to guide drones deep into Ukrainian territory. This episode is also available on Youtube. Show notes

The Plone CMS stops a supply-chain attack, French cops raid the X Paris office; the number of malicious OpenClaw skills grows, and a Chinese APT hacked Notepad++ servers. Show notes Risky Bulletin: Plone CMS stops supply-chain attack

In this edition of Between Two Nerds Tom Uren and The Grugq discuss the recent Russian attack on Polish electricity infrastructure. This episode is also available on Youtube. Show notes ESET's first report ESET's update report CERT-PL report Dragos report The Insider 'Hidden Bear' investigation BTN 124, How Russia's sabotage team got into hacking BTN 145, Russia's cyber war on wheat

ICE tracking app blames a recent hack on a government agent, Microsoft will disable NTLM in the next release of Windows, Poland bans Chinese cars from military bases, and Ivanti patches two new zero-days. Show notes Risky Bulletin: StopICE blames hack on "a CBP agent here in SoCal"

In this sponsored interview, Casey Ellis chats to Edward Wu, founder of Dropzone AI about a recent Vanderbilt University report that reveals that foreign adversaries' resources are growing. Edward says AI capabilities are critical to the future of cyber defence, because the west can't hire itself out of the shortfall. Show notes Dominating the Digital Space: A Whole-of-Society Strategy for Securing the United States from Cyber Aggression

Hackers breach eScan antivirus and distribute a backdoor, Google takes down the IPIDEA proxy botnet, most GDPR fines remain uncollected, and the Poland wiper attack hit 30 locations. Show notes Risky Bulletin: eScan antivirus distributes backdoor in latest supply chain attack

Tom Uren and Amberleigh Jack talk about the Pall Mall Process, an international effort to reign in abusive spyware. Tom thinks the US has already stumbled into a viable carrots and sticks style strategy that will shape the industry more than coming up with standards will. The pair also discuss news that Chinese Salt Typhoon hackers compromised the calls of senior UK officials in Downing Street. The UK has extensive telecommunications security regulations and the incident makes us wonder what that legislation is actually good for. This episode is also available on Youtube. Show notes

A cyberattack has crippled cars in Russia, Microsoft patches an Office zero-day, WhatsApp rolls out an account lockdown feature, and a handful of Chrome extensions steal ChatGPT auth tokens. Show notes Risky Bulletin: Cyberattack cripples cars across Russia

In this edition of Between Two Nerds Tom Uren and The Grugq discuss how getting pinged hurts state hackers by introducing uncertainty. Publishing technical reports on the hack can actually improve the situation by removing uncertainty about how attackers were detected. This episode is also available on Youtube. Show notes BTN 36, The culture of the Snake

In this Risky Business News sponsor interview, Catalin Cimpanu talks with Luke Jennings, VP of Research & Development at Push Security, about ConsentFix. It's a new form of email-based social engineering attack used in the wild, an evolution of the ClickFix attack that goes after your identity. Show notes ConsentFix: Analysing a browser-native ClickFix-style attack that hijacks OAuth consent grants ConsentFix debrief: latest community insights, recommendations, and predictions Luke Jennings, ConsentFix LinkedIn post Year in Review: How Phishing Attacks Evolved in 2025

Russia deployed wipers against Poland's energy grid, Microsoft shared BitLocker keys with the FBI, Romania dismantles a murder-for-hire portal, and the EU creates a new anti-spyware group. Show notes Risky Bulletin: EU readies new anti-spyware group, but with even less powers than PEGA

A poorly patched bug is being exploited in Fortinet firewalls, hackers go after security testing environments, Jordanian police used Cellebrite against activists, and new Cisco and SmarterMail zero-days. Show notes Risky Bulletin: Improperly patched bug exploited again in Fortinet firewalls

Tom Uren and Amberleigh Jack talk about the rise of technologies that can undermine internet blackouts such as Starlink and its relatively new direct-to-cell service. Authoritarian internet shutdowns and disasters happen often enough that governments should think about how to take advantage of these new technologies rather than just reacting when crises arise. They also discuss the nomination of General Joshua Rudd as head of NSA and US Cyber Command. This episode is also available on Youtube. Show notes

Canonical's Snap Store hit by domain resurrection attacks, Russia will use AI to detect VPN users, Iranian hackers switch to Starlink during internet outage, and Greece arrests SMS blasters… by dumb luck. Show notes Risky Bulletin: Domain resurrection attacks come to Canonical's Snap Store

In this edition of Between Two Nerds Tom Uren and The Grugq talk about what information warfare even is, revisit a 30-year-old paper and examine why Western governments struggle with the concept. This episode is also available on Youtube. Show notes What is Information Warfare by Martin Libicki Human Rights in China Leaked conversation on Youtube, in Mandarin Rebecca Black, Friday

Germany seeks more hacking and surveillance powers for its intelligence service, Finland intends to criminalize the spreading of false information, patriotic “French” social media goes quiet during Iran's internet outage, and hackers are extorting GrubHub. Show notes Risky Bulletin: Germany seeks more hacking and surveillance powers for its intel service

In this Risky Business sponsored interview, Tom Uren talks to Justin Kohler, Chief Product Officer at SpecterOps, about how attack paths exist in the seams between different identity or permissions management domains. In isolation, for example, both your Github and your AWS deployment could follow best practices. But bring them together and you've got problems. Bloodhound's OpenGraph lets you find and fix these otherwise invisible attack paths. Show notes

China bans Israeli and US cybersecurity products, Sean Plankey is re-nominated for CISA Director, RAM price hikes are likely to impact the cost of firewalls, and Lumen sinkholes the Kimwolf DDoS botnet. Show notes Risky Bulletin: DRAM price hikes set to impact firewalls too

Tom Uren and Amberleigh Jack talk about the Chinese government's reactive approach to tackling scam compounds. It's driven by bad news on domestic media and therefore focusses on the compounds that are targeting Chinese citizens. Rather than eliminating the industry, that may instead be shaping the industry to focus on other countries and particularly Americans. They also discuss the role of disruptive cyber operations in the US's raid to capture Venezuelan President Nicolás Maduro. This episode is also available on Youtube. Show notes

Russia fines 33 telcos for surveillance non-compliance, AVCheck admin is arrested in Amsterdam, Poland repels an attack on its power grid, and voice cloning defenses can be bypassed. Show notes Risky Bulletin: Voice cloning defenses still weak, can be bypassed