Regular cybersecurity news updates from the Risky Business team...
A Cybercrime group abuses routers to send SMS spam, CISA announces a new collaboration model for state governments, South Korea raises its cyber threat level after a data center fire, and Tile tracking devices expose their location. Show notes Risky Bulletin: Router APIs abused to send SMS spam waves
In this edition of Between Two Nerds Tom Uren and The Grugq discuss the power of cyber. This episode is also available on Youtube. Show notes Narrow windows of opportunity: the limited utility of cyber operations in war RUSI's UK cyber effects network RUSI call for abstracts The fate of nations BTN discussion UK National Cyber Force's Responsible Cyber Power in Practice Sponsor interview on the importance of resilient IdPs
The UK will bail out Jaguar Land Rover following its cyberattack, hackers try to extort a ransom using childrens' photos, Dutch police arrest two teens over sniffing WiFi for Russian spies, and a recent GoAnywhere MFT bug is being exploited. Show notes Risky Bulletin: UK to bail out Jaguar Land Rover
In this sponsored interview, Authentik CEO Fletcher Heisler talks to Tom Uren about how identity providers (IdP) are fundamental to everything an organisation does. He explains how organisations are making themselves resilient by managing their redundancy and failover options. Show notes
European users will get free Windows 10 extended security updates, Cisco patches three zero-days, Microsoft drops an Israeli intel surveillance contract and a UK man is arrested for the EU airport disruptions. Show notes Risky Bulletin: EU users to get free Windows 10 extended security updates
Tom Uren and Amberleigh Jack talk about how the funnel that turns kids into cyber criminals has evolved over the last decade. Cybercrime's reach has broadened, it is more lucrative and more violent. They also talk about new thinking about deterring America's cyber adversaries. This episode is also available on YouTube Show notes CSIS's Playbook for Winning the Cyber War Bloomberg reporting on Scattered Spider
The US Secret Service raids a SIM farm in New York, EU airport disruptions were caused by ransomware, thieves steal gold nuggets from a French museum after a cyberattack and SonicWall releases a firmware update to remove SMA rootkits. Show notes Risky Bulletin: US raids SIM farm in New York
In this edition of Between Two Nerds Tom Uren and The Grugq look at a new Center for Strategic and International Studies report: A Playbook for Winning the Cyber War. This episode is also available on YouTube. Show notes CSIS Playbook
A cyberattack disrupts European airports, a Scattered Spider member turns himself in to US authorities, the Pentagon hires a new cyber policy leader and two Russian APTs work together for the first time. Show notes Risky Bulletin: Cyberattack disrupts airports across Europe
In this Risky Business News sponsor interview, Catalin Cimpanu talks with Jared Atkinson, CTO at SpecterOps. They discuss how SpecterOps is using classifying identities under two categories, identities at rest and identities in transit, what they are and how they should be treated differently. Show notes Shifting the Paradigm: Managing Identities at Rest vs. Identities in Transit BloodHound OpenGraph
America's Government Accountability Office says the Pentagon employs more than 70,000 cyber personnel, hackers steal SonicWall firewall configs, DeepSeek returns insecure code for groups China doesn't like, and two Scattered Spider members arrested in the UK. Show notes Risky Bulletin: Pentagon has +70K cyber staff, and a lot of overlap
Tom Uren and Amberleigh Jack talk about why it is good news that US investment in spyware vendors has skyrocketed. They also discuss the in-principle agreement for TikTok to remain in the US. It's a win-win: a win for China and a win for TikTok, but not so much a win for US national security. This episode is also available on YouTube. Show notes
Android will only issue monthly updates for high-risk vulnerabilities, a self-replicating attack hits the npm registry, BreachForums' admin resentenced on appeal, and hackers breach Gucci's parent company. Show notes Risky Bulletin: AI chatbot disinformation doubles in a year
In this edition of Between Two Nerds Tom Uren and The Grugq talk about the limits of a state's cyber power. This episode is also available on YouTube Show notes Dave Aitel's CyberSecPolitics post on cyber power metrics Lawfare Post BTN 117, The fate of nations BTN 120, Should US spies steal Chinese commercial secrets
The US sues a crypto ATM operator for profiting from scams, SMS blasters make their way into Switzerland, the US and Portugal tussle over the extradition of the RaidForums admin, and Samsung patches a zero-day in its phones. Show notes Risky Bulletin: US largest crypto ATM operator sued for profiting from scams
In this sponsored interview, Casey Ellis chats to David Cottingham and Daniel Schell from Airlock Digital. They discuss the challenge of browser extension management for enterprises, why it's a priority and how Airlock can help. Show notes
Apple notifies French users of spyware attacks, China will increase fines for data breaches Google pays $1.6mil for cloud bugs at a hackathon event, and no more hacked free laundry for Dutch students Show notes Risky Bulletin: Most UK school hacks are caused by their own students
Tom Uren and Amberleigh Jack talk about the Salesloft Drift incident. It is a great example of the sprawling impact that the breach of a single service provider can have. We expect these single-compromise-large-blast-radius attacks will become the new norm. They also talk about Apple's Memory Integrity Enforcement, which promises to be a big step forward for memory safety on Apple devices. This episode is also available on Youtube. Show notes
The White House will keep the CyberCom and NSA dual-hat leadership arrangement, the US charges a major ransomware figure, Apple ships a memory safety protection feature and yet another supply chain attack hits the npm world. Show notes Risky Bulletin: US charges major ransomware figure
In this edition of Between Two Nerds Tom Uren and The Grugq talk about the trend toward outrageously complicated exploits and what it means for hacking and cyber espionage. This episode is also available on YouTube Show notes
A new APT group turns out to be a phishing test, Qantas cuts executives' bonuses after a recent breach, Anthropic stops selling AI tools to Chinese firms, and Nepal blocks 26 social media sites. Show notes Risky Bulletin: APT report? No, just a phishing test!
In this sponsored interview Casey Ellis chats with Keith Hoodlet from Trail of Bits. Keith is Trail of Bits' director of engineering for AI, machine learning and application security and he joined Casey to talk about why prompt injection attack techniques that target AI are an unsolvable problem. Show notes
A cyberattack disrupts Bridgestone tyre factories in North America, a new infostealer takes your photo while you watch porn, bad certificates for Cloudflare infrastructure went undetected for more than a year, and Brazil deals with another payment system hack. Show notes Risky Bulletin: Chrome 140 comes with new hardened cookies
Tom Uren and Amberleigh Jack talk about Google starting a cyber disruption unit. It's a sign of the times but could also point the way forward for policymakers looking to involve the private sector in government-endorsed efforts to strike back in cyberspace. They also talk about cyber security authorities from 13 different countries pegging Salt Typhoon to three Chinese companies. That's a lot of countries, but Tom wonders whether attribution is just viewed as a cost of doing business for the Chinese government. And it turns out that Apple's dispute with the UK government about encrypted iCloud data has not yet been resolved, despite media reports to the contrary. This episode is also available on Youtube. Show notes
Two YouTube channels help dismantle a Chinese scam operation, Cloudflare, Zscaler, and Palo Alto disclose Salesloft-related breaches, a ransomware attack disrupts vehicle production at Jaguar Land Rover, and we have a new record DDoS attack. Show notes Risky Bulletin: YouTubers unmask and help dismantle giant Chinese scam ring
In this edition of Between Two Nerds Tom Uren and The Grugq talk about how cyber threat actors are using AI tools to fill in resource and skills gaps that they have. This episode is also available on Youtube. Show notes Anthropic's August 2025 Threat Report BTN episode 50
FEMA's IT staff fired over an alleged breach, WhatsApp patches a zero-day, the Salesloft breach impacted more than just Salesforce, and a scammer steals $1.5 million dollars from the city of Baltimore. Show notes Risky Bulletin: Noem fires FEMA IT team over alleged cybersecurity failures
In this sponsored interview Casey Ellis chats with Push Security co-founder Jacques Louw. Push's browser plugin gives a unique level of visibility into how users interact with the web and the attacks they face. Jacques talks through what they're seeing, and their recently published taxonomy of phishing attacks. It's on Github for everyone to contribute to! Show notes Introducing our guide to phishing detection evasion techniques
An npm supply chain attack uses AI to steal credentials and crypto-wallet keys, Google establishes a cyber disruption unit, a ransomware attack disrupts more than 200 Swedish municipalities, and Salt Typhoon hacks have now hit more than 80 countries. Show notes Risky Bulletin: npm attack uses AI prompts to steal creds, crypto-wallet keys
Tom Uren and Amberleigh Jack talk about proposed legislation that would allow the President to license private sector hackers to go after cybercrime groups. The bill won't pass, but letting hackers loose on industrial-scale scam farms actually makes sense. They also talk about Microsoft's blind spot regarding China. It has trusted China-based engineers with sensitive work, and is now only just realising that China's security interests are not compatible with Microsoft's. This episode is also available on Youtube. Show notes
The FCC removes 1,200 voice providers from the US phone network, a cyberattack shuts down Nevada's state government services; hackers breach Salesloft and pivot into Salesforce accounts, and Citrix patches yet another zero-day. Show notes Risky Bulletin: FCC removes 1,200 voice providers from US phone network
In this edition of Between Two Nerds, Tom Uren and The Grugq talk about how the teenage hacking groups Scattered Spider, Lapsus$ and Shiny Hunters are collaborating. They examine whether this is bad news and what will it take to slow these wrecking crews down. Plus, how teenage hackers are like goldfish. This episode is also available on Youtube. Show notes The Register, Three notorious cybercrime gangs appear to be collaborating Between Two Nerds episode 103 Sponsor interview with Brett Winterford from Okta
Hackers sabotage Iranian ships for a second time this year, mass cybercrime arrests across Africa, South Korea extradites a Chinese man behind celebrity hacks, and a French supermarket chain discloses a data breach. Show notes Risky Bulletin: Hackers sabotage Iranian ships at sea, again
In this Risky Business News sponsor interview Tom Uren talks to Brett Winterford, Okta's VP of Threat Intelligence about FastPass. Brett explains what it is, how Okta uses it and why threat actors avoid it. Show notes
Microsoft restricts Chinese firms' access to its MAPP program, Apple patches a zero-day used in the wild, a Scattered Spider member gets 10 years in prison, and a new exploit broker pops up in the UAE. Show notes Risky Bulletin: A decade later, Russian hackers are still using SYNful Knock, and it's still working
Tom Uren and Amberleigh Jack talk about a new report that looks at how Russian cyber security firms have adapted since the country's invasion of Ukraine. These firms are doing surprisingly well financially. It turns out that in an era of great power competition, picking sides is not just necessary, it is also a winning strategy. They also discuss Russia effectively killing foreign messenger services to promote its own WeChat-like service and claims that the UK has backed down on its Apple encryption order. This episode is also available on Youtube. Show notes
Almost 500 child sextortion cases have been linked to scam compounds, Oracle's CSO departs after 37 years, Europol offers a reward for the Qilin ransomware group, and the UK drops its demand for an Apple backdoor. Show notes Risky Bulletin: NIST releases face-morphing detection guideline
In this edition of Between Two Nerds Tom Uren and The Grugq talk about whether the cyber industry and intelligence agencies focus too much on technical details and ignore the bigger picture. This episode is also available on Youtube. Show notes Director-General ASIO speech on Counting the Cost of Espionage
Academics develop a 5G downgrade attack, ransomware hits car salvage yards across North America, multiple VPN apps share the same hardcoded password, and Bangladesh spent $190 million on hacking and surveillance tools. Show notes Risky Bulletin: Academics pull off novel 5G attack
An HTTP-2 vulnerability enables DDoS attacks, Russia blocks Telegram and WhatsApp voice calls, attackers abuse a zero-day in N-able servers, and the US government is adding trackers to chip shipments. Show notes Risky Bulletin: MadeYouReset vulnerability enables unlimited HTTP/2 DDoS attacks
Tom Uren and Amberleigh Jack talk about a recent hack of the US courts document management system. It's about as bad as can be, with multiple threat actors including states and possibly even drug cartels rummaging around in there, possibly for years. They also discuss Microsoft's involvement in an Israeli surveillance system and the head of Australia's security organisation's blunt warning about espionage. This episode is also available on Youtube. Show notes
Russia suspected of hacking a US Court system, researchers break the DarkBit ransomware's encryption, a new attack can leak sensitive data from AMD processors, and a brute-force campaign targets Fortinet devices. Show notes Risky Bulletin: Crypto-thieves turn their sights to Open VSX
A security researcher scores $250,000 for a Chrome bug, WinRAR patches another zero-day, new vulnerabilities found in the Tetra communications protocol, and a researcher gains access to Microsoft's internal network for fun… and no profit. Show notes Risky Bulletin: Researcher scores $250,000 for Chrome bug
In this Risky Business News sponsor interview Tom Uren talks to Derek Hanson, Yubico's Field CTO about making account recovery and onboarding for employees phishing-resistant. They also discuss the problems and opportunities of syncable passkeys. Show notes
Federal agencies told to patch a new Exchange flaw, millions of sites are vulnerable to HTTP desync attacks, Trend Micro patches a zero-day, and the Salesforce data breaches continue. Show notes Risky Bulletin: CISA tells federal agencies to mitigate on-prem-to-cloud Exchange attack
Russian companies must migrate to domestic ERP systems, Ohio's public sector will have to approve ransom payments in public, Chanel and Cisco disclose data breaches, and a Thai hospital gets fined over the the dumbest data breach ever. Show notes Risky Bulletin: Russia to designate ERPs as "critical information infrastructure"
In this edition of Between Two Nerds Tom Uren and The Grugq dissect the Belarusian Cyber Partisans hack of Russian airline Aeroflot. Despite the short-term impact, the airline will likely bounce back quite quickly. But it is still a big win for the Cyber Partisans. This episode is also available on Youtube. Show notes The Belarusian Cyber Partisans post on the hack Meduza's analysis of the hack's aftermath
China accuses the US of new cyberattacks, a $14.5b crypto hack discovered five years later, the US National Cyber Director is named, and Lovense considers legal action over a security flaw disclosure. Show notes Risky Bulletin: China with the accusations again
In this week's sponsor interview, Tines' Field CISO, Matt Muller, chats to Casey Ellis about the interesting and out-of-the-box ways they've seen people using the platform. Tines is a platform designed to automate repetitive tasks for IT and security teams. And, as it turns out, it can be used to … gamify shift handover? Show notes
Russia spies on local embassies via ISPs, a Canadian man jailed for stealing Internet Apes, Signal threatens to leave Australia, and Russian pharmacies go down after a cyberattack. Show notes Risky Bulletin: Russia spies on foreign embassies using local ISPs
Tom Uren and Amberleigh Jack talk about how recent SharePoint exploitation is a blow-by-blow repeat of the 2021 Microsoft Exchange mass compromise event. The international response to that clearly didn't deter Chinese hackers, so it is time to try something different. They also talk about recent cases where outsourcing IT services has come with increased risk. Convenient, cheap, secure, pick any two. This episode is also available on Youtube. Show notes