Risky Business News

Iranian password spraying targets Israel ahead of missile strikes, a major npm package gets hacked, Iran says it will bomb US tech firms in the Middle East, and Flint24 hackers are sentenced to prison in Russia. Show notes Risky Bulletin: Iranian password sprays came first, then came the missiles

In this edition of Between Two Nerds Tom Uren and The Grugq talk about hacking and scams. While hacking is disappearing as a threat for most people, it is a new golden age for scammers. Even Tom has been scammed! This episode is also available on Youtube. Show notes We Are All Targets, How Renegade Hackers Invented Cyber War and Unleashed an Age of Global Chaos The $1.25 million scam

Apple adds a ClickFix warning to macOS, Handala hacks Kash Patel's personal email, Balancer crypto platform shuts down after last year's hack, and the EU proposes a ban on AI nudify apps. Show notes Risky Bulletin: Apple adds ClickFix warning to macOS terminal

In this Risky Business sponsored interview, James Wilson chats with Adam Pointon, CEO of Knocknoc, about how AI is making old school security controls and paradigms like deny-by-default cool again. Today, patches are being reversed by AI systems into exploits in a matter of hours. The days of being able to rely on timely patching as a primary control are over. James talks to Adam about this new reality and how Knocknoc can help. Show notes

Russia will use a custom crypto-algorithm for its 5G network, the Hungarian opposition accuses the government of using spyware, Kaspersky says it tied Coruna to the “Operation Triangulation” attacks, and malware was deployed on thousands of Luxembourg government phones. Show notes Risky Bulletin: Russia to use custom crypto-algorithm for its 5G network

Tom Uren and Amberleigh Jack talk about FBI Director Kash Patel admitting to Congress that the Bureau is buying American's location data and using it to generate valuable intelligence. That's concerning, because commercially available information can be used in tremendously invasive ways and the FBI can buy it without needing a warrant. They also discuss the FCC's surprising move to ban foreign-made consumer routers. It's not about security, it is just about reshoring manufacturing. And finally they discuss the Trump administration's plan for unleashing the private sector. This episode is also available on Youtube. Show notes

Intellexa's CEO is angry with Greek authorities, the FTC bans new foreign-made routers, Google launches a threat disruption unit, and German police warned companies about software bugs… in the middle of the night. Show notes Risky Bulletin: The Intellexa CEO is pissed!!!

In this edition of Between Two Nerds Tom Uren and The Grugq discuss how Google just keeps on finding iOS exploit kits. Is iPhone security busted? And why are Russian state hackers after crypto? This episode is also available on Youtube. Show notes Google on Coruna Google on DarkSword iVerify on DarkSword Lookout on DarkSword Coruna deep dive

Russian intelligence services compromised thousands of Signal accounts, the Trivy vulnerability scanner is abused in a supply chain attack, Oracle issues an out-of-band patch for its Fusion Middleware, and the FBI takes down the Aisuru and Kimwolf botnets. Show notes Risky Bulletin: GitHub is starting to have a real malware problem

In this Risky Business sponsored interview, Casey Ellis chats to Fletcher Heisler, founder and CEO of open source identity provider, Authentik. They chat about Extended Identity Access Management (XIAM), the company's new acronym that has been seven years in the making. Show notes

A second iOS hacking framework has been found in the wild, Belgium launches its own government communications app, AWS kills S3 bucketsquatting and a cyberattack cripples car breathalyzers. Show notes Risky Bulletin: AWS kills bucketsquatting

Tom Uren and Amberleigh Jack talk about how successfully achieving America's war goals could force Iran to double down on cyber power. It's resilient to bombing and is the cheapest, quickest way for the regime to get some wins post-war. They also discuss Meta stepping back from end-to-end encryption on Instagram's direct messages. There is a time and place for E2EE messages, so good riddance. Finally, they discuss the one weird trick President Trump uses to make his smartphone conversations useless for foreign intelligence services. This episode is also available on Youtube. Show notes

The EU imposes cyber sanctions, an Iranian cyber chief was killed by US-Israeli strikes, the UK fixes a major bug in its company registry, and a US man phishes celebrity athletes while on home detention… for phishing. Show notes Risky Bulletin: EU finally imposes more cyber sanctions

In this edition of Between Two Nerds Tom Uren and The Grugq discuss how bombing Iran changes incentives for Iranian hacker groups. Destroying other ways that Iran might project power could force it to double down on cyber capabilities. This episode is also available on Youtube. Show notes Zetter Zero Day on the Stryker hack BTN on the evolution of Iranian hackers with Hamid Kashfi

Meta suspends Mexican cartel accounts, multiple vulnerabilities have been found in Linux AppArmour, Instagram will disable support for end-to-end encrypted messaging and a supply chain attack hits AppsFlyer. Show notes Risky Bulletin: Meta disrupts Mexican cartels

In this Risky Business sponsor interview, Catalin Cimpanu talks with Alex Orleans, Head of Threat Intelligence at Sublime Security, about the increase in email attacks leveraging Zoom invites and other video conferencing tools. Show notes Key findings from the 2026 Sublime Email Threat Research Report Scammers actively targeting real estate agents with remote access attacks Fake Google Meet invitation, fake Microsoft Store, real malware attack Alex Orleans on LinkedIn

Authorities take down a residential proxy service, Iranian hackers wipe the network of a US medical device maker, Apple patches unsupported iOS against Coruna, and CISA asks for Cisco SD-WAN device logs. Show notes Risky Bulletin: Another residential proxy provider falls as authorities continue crackdowns

Tom Uren and Amberleigh Jack talk about the newly released Trump Cyber Strategy for America. The ideas in it are fine and occasionally even game-changing, but many of its goals have been undercut by the administration's actions to date. They also discuss the Coruna exploit kit, which is now known to have leaked from a US defence contractor. Exploits are so valuable that it is unrealistic to expect they can be kept secret. This episode is also available on Youtube. Show notes

The Senate confirms a new CyberCom and NSA chief, the US will establish an inter-agency cyber unit, the UK's Online Crime Centre will launch in April, and the Coruna iOS hacking kit was the work of L3Harris. Show notes Risky Bulletin: Gen. Joshua Rudd confirmed as next CyberCom and NSA head

In this edition of Between Two Nerds Tom Uren and The Grugq talk about why an internet shutdown won't stop US cyber operations in Iran. This episode is also available on Youtube. Show notes Srsly Risky Biz: The Four Hour Cyber War on Iran The Thing listening device IBM Selectric bug CIA compromise in Iran

US federal agencies told to crack down on scams and cybercrime, the White House releases its new Cyber Strategy, suspected Chinese hackers breach the FBI's wiretap network, and Romania's largest meat exporter is insolvent after a ransomware attack. Show notes Risky Bulletin: New White House EO prioritizes fight against scams and cybercrime

In this Risky Business sponsor interview, Marco Slaviero, CTO of Thinkst, talks to Tom Uren about how the company ensures that it is a learning organisation. The pair discuss the company's investment in its Thinkst Labs, how it differs from other security research labs, and how it helps grow products and people. Show notes

Iran attempts to hack security cameras to support its missile strikes, Israel bombs Iran's cyber headquarters, authorities take down LeakBase and Tycoon 2FA, and TikTok says ‘no' to encrypted private messaging. Show notes Risky Bulletin: Iranian hackers are scanning for security cameras to aid missile strikes

Tom Uren and Amberleigh Jack talk about how cyber operations were used in the first hours of the US-Israeli attack on Iran. They were instrumental in the attack on Iranian Supreme Leader Ali Khamenei, but they didn't last long. The Iranian regime implemented an internet blackout within four hours of the first bombs. They also discuss how threat actors are using AI. It's not game-changing so far, but it is very much altering the balance between attack and defence. This episode is also available on Youtube. Show notes

The US conducted cyberattacks ahead of strikes on Iran, Russia aims for internet independence by 2028, Google finds a new iOS exploit kit in the wild, and Chrome moves to a two-week release cycle. Show notes Risky Bulletin: Cyber Command conducted cyberattacks ahead of Iran strikes

In this edition of Between Two Nerds Tom Uren and The Grugq how the use of cyber operations in the war in Ukraine has evolved over time. This episode is also available on Youtube. Show notes Russia using cyber espionage to direct grid missile strikes The Spectator article on US-UK relations BTN72 on the Taurus missile leak

LLMs can deanonymize internet users based on their comments, CISA gets a new acting director, hackers steal 15 million records from the French Ministry of Health, and Google takes down an ad fraud botnet. Show notes Risky Bulletin: LLMs can deanonymize internet users based on their past comments

In this sponsored interview Casey Ellis chats to Harish Peri, SVP and general manager for AI security at Okta, a cloud-based identity and access management company. The pair chat about the fact that AI is forcing enterprises to relearn the basics around identity security, and how Okta for AI Agents can help. Show notes

A Russian man prosecuted for extorting the Conti ransomware group, Google takes down a Chinese cyber-espionage operation, Anthropic tells Department of War to pound sand over AI restrictions, and a Cisco zero-day was exploited in the wild for three years. Show notes Risky Bulletin: Russian man investigated for extorting Conti ransomware group

Tom Uren and Amberleigh Jack talk about the argy-bargy between the Pentagon and AI company Anthropic. US Defense Secretary Pete Hegseth is demanding that all safeguards are lifted from Claude, while Anthropic CEO Dario Amodei is insisting on protections against mass surveillance of Americans and use in lethal autonomous weapons. They also discuss the return of Volt Typhoon, the Chinese hacker group prepositioning in critical infrastructure for sabotage in the event of a conflict over Taiwan. The group is still around, even though the US government declared victory against it last July. This episode is also available on Youtube. Show notes

Russia launches a criminal probe into Telegram's founder, two teenagers arrested for a South Korean bike share hack, Anthropic accuses Chinese AI firms of distillation attacks, and the US Treasury sanctions a Russian exploit broker. Show notes Risky Bulletin: Russia starts criminal probe of Telegram founder Pavel Durov

In this edition of Between Two Nerds Tom Uren and The Grugq talk about how ‘professional' Five Eyes cyber espionage agencies like NSA will use AI. These agencies place a premium on stealth and won't yolo AI. This episode is available on Youtube. Show notes How AI-powered espionage will favour China Google's AI threat tracker, February 2026

An AI-driven hacking campaign breached 600 Fortinet devices, Ivanti was hacked via its own product, Wikipedia bans Archive-dot-Today for DDoS attacks, and Chinese hackers breached Italy's police force. Show notes Risky Bulletin: AI-driven hacking campaign breaches 600+ Fortinet devices

In this Risky Business sponsor interview, Casey Ellis and Feross Aboukhadijeh discuss how AI is affecting open source, chat about a few attacks the company has seen in the wild and introduce Socket's answer to the smouldering trashfire: Socket Firewall. Show notes

RPKI relies on vulnerable servers, the French Ministry of Economy discloses a data breach, the UK gives tech platforms 48 hours to remove revenge porn, and ClickFix-attacks are responsible for 50% of malware infections. Show notes Risky Bulletin: RPKI infrastructure sits on shaky ground

Tom Uren and Amberleigh Jack talk about a groundswell of calls from European officials to build cyber capabilities to strike back against adversaries. There are good reasons that countries should have their own cyber capabilities, but if you don't have the political will to strike back, having a magic cyber weapon doesn't really make a difference. They also talk about ‘distillation attacks'. They are a way that AI developers can steal the secret sauce of advanced models just by asking questions. It looks like American companies need government assistance if the US wants to keep its AI lead. This episode is also available on Youtube. Show notes

A supply chain attack plants backdoors on Android tablets, the EU blocks AI from lawmakers' devices, Cellebrite was used against a Kenyan politician, and a Chinese APT is exploiting a Dell zero-day. Show notes Risky Bulletin: Supply chain attack plants backdoor on Android tablets

In this edition of Between Two Nerds Tom Uren and The Grugq discuss whether middle powers should be investing in military cyber capabilities. This episode is also available on Youtube Show notes The Record on Iranian air defences Max Smeets No Shortcuts RunZero sponsor interview

Cambodia promises to dismantle cyber scam compounds by April, CISA urges companies to adopt the OpenEoX standard, Linux gets post-quantum crypto support, and Palo Alto Networks avoids attributing an APT to China. Show notes Risky Bulletin: Cambodia promises to dismantle scam networks by April

In this sponsored interview Casey Ellis chats to Todd Beardsley, VP of Security at RunZero about Kevology, the company's analysis of CISA's KEV list. Kevology lets you easily identify and fix vulnerabilities from the list that are urgent and relevant to you. Show notes KEVology: An analysis of exploits, scores, & timelines on the CISA KEV

A Malware developer faked his own death to evade the FBI, Apple patches a zero-day used in a targeted attack, the Tianfu Cup quietly returns, and researchers spot the first malicious Outlook add-in. Show notes Risky Bulletin: IcedID malware developer fakes his own death to escape the FBI

Tom Uren and Amberleigh Jack talk about Microsoft CEO Satya Nadella's messaging around personnel changes at the top of its security organisation. These signal a focus on selling security products rather than on making secure products. They also discuss Expedition Cloud, a Chinese cyber range that replicated the critical infrastructure of neighbouring countries, apparently to develop and fine-tune cyber disruption operations. Finally, they talk about what we've learnt about the role of cyber operations in the US bombing of Iranian nuclear facilities. It was far bigger than we previously thought. This episode is also available on Youtube. Show notes

China has breached all of Singapore's major telcos, Microsoft announces two new security features, a hacktivist leaks data from a stalkerware provider, and researchers map out “GRU information warfare units” based on their insignia. Show notes Risky Bulletin: Chinese cyber-spies breached all of Singapore's telcos

In this edition of Between Two Nerds Tom Uren and The Grugq talk about why the world is destined to be perpetually insecure. This episode is also available on Youtube. Show notes Hunterbrook's Ubiquiti investigation Trail of Bits sponsor interview

A software company gets hacked through vulnerabilities in its own product, European agencies are hacked via recent Ivanti zero-days, Senegal is being extorted by hackers, and a state actor is behind a Signal phishing campaign in Germany. Show notes Risky Bulletin: SmarterTools hacked via its own product

In this Risky Business sponsored interview, Tom Uren talks to Trail of Bits CEO Dan Guido about how Trail of Bits is reworking its business processes to take advantage of AI. Dan talks about what it takes to make AI agents reliable and trustworthy and how that will give the company an edge by making its work both better and faster. Show notes Trail of Bits Skills Marketplace

Denmark recruits hackers for offensive cyber operations, CISA tells agencies to remove old edge devices, Coinbase has another insider breach, and Microsoft appoints a new security chief. Show notes Risky Bulletin: Denmark recruits hackers for offensive cyber operations

Tom Uren and Amberleigh Jack talk about Google's cyber disruption unit taking aim at the IPIDEA residential proxy network. The network was a cybercrime enabler that was used by hundreds of threat actors for crime and espionage. More of this kind of disruption please. They also discuss SpaceX's rapid action to stop the Russian military using Starlink terminals to guide drones deep into Ukrainian territory. This episode is also available on Youtube. Show notes

The Plone CMS stops a supply-chain attack, French cops raid the X Paris office; the number of malicious OpenClaw skills grows, and a Chinese APT hacked Notepad++ servers. Show notes Risky Bulletin: Plone CMS stops supply-chain attack

In this edition of Between Two Nerds Tom Uren and The Grugq discuss the recent Russian attack on Polish electricity infrastructure. This episode is also available on Youtube. Show notes ESET's first report ESET's update report CERT-PL report Dragos report The Insider 'Hidden Bear' investigation BTN 124, How Russia's sabotage team got into hacking BTN 145, Russia's cyber war on wheat

ICE tracking app blames a recent hack on a government agent, Microsoft will disable NTLM in the next release of Windows, Poland bans Chinese cars from military bases, and Ivanti patches two new zero-days. Show notes Risky Bulletin: StopICE blames hack on "a CBP agent here in SoCal"