POPULARITY
On this week's show Patrick Gray, Adam Boileau and James Wilson discuss the week's cybersecurity news. They cover: Anthropic's Fable 5 and Mythos 5 get nuked by the US government four days after launch “because security” Why “guardrails” won't keep the world safe from your AI doomsday machine The FISA 702 statute expired, but the spying can (probably) continue! NPM v12 delivers some protection against supply chain attacks, but not enough. Microsoft has a series of bugs that prevent Windows Update from … updating Much, much more! This episode is also available on YouTube Show notes Anthropic suspends new AI models after government directive | NBC News Tech Anthropic rankles users with safety-first Fable release | NBC News Tech How a 90-minute White House deadline sparked Silicon Valley's biggest AI fight | washingtonpost.com Pete Hegseth (@PeteHegseth) on X | X (formerly Twitter) David Sacks (@DavidSacks) on X | X (formerly Twitter) DoW CIO Kirsten Davies (@DoWCIODavies) on X | X (formerly Twitter) David Shulman (@DavidShulmanFL) on X | X (formerly Twitter) Controversial FISA spying law expires tonight. The spying will continue. | Ars Technica GitHub announces npm security changes to tackle supply-chain attacks | BleepingComputer Why NPM v12 won't stop supply chain attacks - Risky Business Media | Social Signals Oracle PeopleSoft servers hacked in ShinyHunters data theft attacks | BleepingComputer Microsoft patches Exchange Server zero-day exploited in attacks | BleepingComputer Max severity Ivanti Sentry vulnerability now exploited in attacks | BleepingComputer CISA warns of another cPanel plugin flaw exploited in attacks | BleepingComputer Critical Fortinet FortiSandbox flaws now exploited in attacks | BleepingComputer CISA orders feds to patch actively exploited Ivanti flaw by Sunday | BleepingComputer CISA to require federal agencies to patch some cyber vulnerabilities within 3 days | therecord.media Path traversal flaw in AI dev platform Langflow exploited in attacks | BleepingComputer Microsoft: Some Windows PCs fail to install latest monthly updates | BleepingComputer Microsoft fixes BitLocker recovery bug on Windows Server 2025 | BleepingComputer Microsoft fixes Windows update failures linked to WUSA installer | BleepingComputer New attack turned Microsoft 365 Copilot into 1-click data theft tool | BleepingComputer Over 73,000 French govt employees affected in Tchap messenger breach | BleepingComputer Signal Alums Reveal ‘Encrypted Spaces,' a System for Making Private Collaboration Apps | wired.com FBI disrupts massive AI-powered phishing service using a million URLs | BleepingComputer Cyberattack shuts down major Australian sugar mills, disrupting harvest | The Record Drug Sites Hijacked Spotify's Search Ranking Through Fake Podcasts, Report Finds | wired.com It Is Trivially Easy to Use Reddit to Manipulate AI Search, Research Suggests | 404.feed.press Who Runs the Ransomware Group ‘The Gentlemen?' | krebsonsecurity.com :brdKnife: (@cR0w@infosec.exchange) | Infosec Exchange
On this week's show Patrick Gray, Adam Boileau and James Wilson discuss the week's cybersecurity news. They cover: TeamPCP breached GitHub's internal repos. Now what? Some absolute plonker glued Coruna to a hijacked npm package CISA is worried about about open source and wants third party submissions for KEV AI infrastructure is “systemically” insecure Much, much more This week's episode is sponsored by allowlisting vendor Airlock Digital. Airlock's founders David Cottingham and Daniel Schell join Patrick Gray to talk about Microsoft briefly flagging DigitCert's root certificate as malware. Fun! This episode is also available on YouTube Show notes GitHub confirms being hacked by TeamPCP, says customer data unaffected | therecord.media Grafana Labs links GitHub environment breach to TanStack npm supply chain attack | Cybersecurity Dive Coruna Respawned: Compromised art-template npm Package Leads... | Socket CISA chief frets about open-source vulnerabilities, delayed security improvements | cyberscoop.com Anthropic: Mythos finds more than 10,000 software flaws in first month | cyberscoop.com Pardon MIE? | ironPeak Blog CISA asks cybersecurity community to alert it to vulnerability exploitation | Cybersecurity Dive Lawmakers Demand Answers as CISA Tries to Contain Data Leak | krebsonsecurity.com Google publishes exploit code threatening millions of Chromium users | arstechnica.com Millions of AI agents imperiled by critical vulnerability in open source package | arstechnica.com Discord migrates all users to end-to-end encryption by default | The Record Texas AG sues Meta over claims that WhatsApp doesn't provide end-to-end encryption | arstechnica.com Alleged Kimwolf Botmaster ‘Dort' Arrested, Charged in U.S. and Canada | krebsonsecurity.com Iran-linked hackers target key US, allied sectors with sophisticated spear-phishing messages | Cybersecurity Dive FBI warns about fast-growing phishing kit targeting Microsoft 365 users | cyberscoop.com Analyzing the rise in device code phishing attacks in 2026 | Push Security Trump Mobile confirms it exposed customers' personal data, including phone numbers and home addresses | TechCrunch Security Kash Patel's clothing brand website shut down after reports it was hacked | TechCrunch Security Tulsi Gabbard resigns as US director of national intelligence | Social Signals When Certificate Trust Fails: The DigiCert Code-Signing Incident and Microsoft Defender False Positive |
On this week's show Patrick Gray, Adam Boileau and James Wilson discuss the week's cybersecurity news. They cover: GitHub announced a possible breach CISA leaks important creds, keys in public repo Awful vulnerability in Bitlocker renders it useless without a PIN So. Many. Patches. Polish Government urges officials to ditch Signal for mSzyfr Much, much more This week's show is brought to you by Thinkst Canary. Thinkst's founder, Haroon Meer, is this week's sponsor guest. He joined James Wilson to talk about how doing “the basics” in security isn't trivially easy. This episode is also available on YouTube. Show notes GitHub on X: "We are investigating unauthorized access to GitHub's internal repositories. While we currently have no evidence of impact to customer information stored outside of GitHub's internal repositories (such as our customers' enterprises, organizations, and repositories), we are closely" / X CISA Admin Leaked AWS GovCloud Keys on Github – Krebs on Security Experts Confirm the Fast16 Malware Was Sabotaging Nuclear Weapons Tests, Likely in Iran Iran hackers: Hackers have breached tank readers at gas stations; officials suspect Iran is responsible | CNN Politics War and Data Centers Are Driving Up the Cost of Fiber-Optic Cable Microsoft on pace to break annual vulnerability record as AI-driven patch wave takes hold | The Record from Recorded Future News NCSC's Ollie Whitehouse on surviving the "bugpocalypse" - Risky Business Media Defense at AI speed: Microsoft's new multi-model agentic security system tops leading industry benchmark | Microsoft Security Blog Project Glasswing: what Mythos showed us Linus Torvalds says AI-powered bug hunters have made Linux security mailing list ‘almost entirely unmanageable' First public macOS kernel memory corruption exploit on Apple M5 OpenAI launches Daybreak to combat cyber threats | Cybersecurity Dive Zero-day exploit completely defeats default Windows 11 BitLocker protections - Ars Technica GitHub - Wack0/bitlocker-attacks: A list of public attacks on BitLocker · GitHub Catalin Cimpanu: "The Polish government has advi…" - Mastodon CISA orders all federal agencies to patch exploited bug in Cisco SD-WAN systems by Sunday | The Record from Recorded Future News CVE-2026-20182: Critical authentication bypass in Cisco Catalyst SD-WAN Controller (FIXED) Huawei zero-day attack behind last year's crash of Luxembourg's entire telecoms network | The Record from Recorded Future News Patch bypass allows hackers to exploit prior flaw in SonicWall SSL-VPN | Cybersecurity Dive Microsoft disrupts Fox Tempest malware-signing-as-a-service platform tied to ransomware gangs | The Record from Recorded Future News Streamer Realtime Deepfakes Himself into Mr. Beast, Says He Loves 'Touching Little Boys'
On this week's show Patrick Gray, Adam Boileau and James Wilson discuss the week's cybersecurity news. They cover: Mini Shai-Hulud and the TanStack compromise using Github Actions Instructure pays Canvas elearning platform data extortionists More Linux privilege escalation 0days! CISA helping critical infrastructure operators rearchitect their networks so they work offline This week's episode is sponsored by email security platform Sublime Security. Bobby Filar chats with Patrick about how agentic AI is being evaluated by buyers in a marketplace that's experiencing “AI fatigue”. This episode is also available on Youtube. Show notes ‘Mini Shai-Hulud' malware compromises hundreds of open-source packages in sprawling supply-chain attack | CyberScoop Hardening TanStack After the npm Compromise | TanStack Blog Canvas Breach Disrupts Schools & Colleges Nationwide – Krebs on Security Instructure pays ransom after Canvas incident as Congress announces investigation | The Record from Recorded Future News When DNSSEC goes wrong: how we responded to the .de TLD outage Adversaries Leverage AI for Vulnerability Exploitation, Augmented Operations, and Initial Access | Google Cloud Blog Mythos smythos! How to find 0day with lesser models - Risky Business Media GitHub - V4bel/dirtyfrag · GitHub retr0.zip NVD - CVE-2026-42511 Flaw in Claude's Chrome extension allowed ‘any' other plugin to hijack victims' AI | CyberScoop Ivanti customers confront yet another actively exploited zero-day | CyberScoop Palo Alto warns of critical software bug used in firewall attacks | The Record from Recorded Future News Where Have All the Complex Windows Malware and Their Analyses Gone? Meet Rassvet, Russia's Answer to Starlink | WIRED DOJ says ransomware gang tapped into Russian government databases | TechCrunch Iranian government hackers using Chaos ransomware as cover, researchers say | The Record from Recorded Future News Foxconn confirms cyberattack impacting North American factories | The Record from Recorded Future News New CISA initiative aims for critical infrastructure to operate offline during cyberattacks | The Record from Recorded Future News ‘HELLO BOSS': Inside the Chinese Realtime Deepfake Software Powering Scams Around the World How to Disable Google's Gemini in Chrome | WIRED FCC pushes ban on security updates for foreign-made routers, drones to 2029 | The Record from Recorded Future News
On this week's show, Patrick Gray, Adam Boileau and James Wilson discuss the week's cybersecurity news. They cover: Everyone has an opinion about Claude Mythos… even though almost nobody has used it yet CISA adds a 2009 Excel bug to the KEV list, u wot? Adobe also parties like it's the 2000s, and fixes an Acrobat Reader bug Disgraced former Trenchant exec Peter Williams' sob story fails to resonate with … anyone Remember those crosswalk buttons hacked to play audio mocking Trump and Zuck? They were “secured” by the password: 1234. This week's episode is sponsored by mobile network operator, Cape. Ajit Gokhale talks with James about the ways to get being a telco right when you're starting from scratch and solving the security problems of 2026. This episode is also available on Youtube. Show notes Lab Space The “AI Vulnerability Storm”: Building a “Mythosready” Security Program Polymarket on X: "JUST IN: Goldman Sachs is reportedly ramping up its cyber defenses in preparation for Claude Mythos." Ananay on X: "Marcus Hutchins probably has the best take on Mythos doing vulnerability research" solst/ICE of Astarte on X: "Th vast majority of CISOs do not work at Google-sized companies, and will not have to worry about 0days" Charlie Miller on X: "we've gone through this before with early fuzzers, afl, etc" James Kettle on X: "'Can AI Do Novel Security Research? Meet the HTTP Terminator' will premiere at Blackhat" jeffrey lee funk on X: "We've been tricked, again. Many of the thousands of bugs and vulnerabilities Mythos found are in older software are impossible to exploit." Claude is getting worse, according to Claude • The Register Your Agent Is Mine: Measuring Malicious Intermediary Attacks on the LLM Supply Chain OpenAI's Mac apps need updates thanks to the Axios hack | CyberScoop Hack at Anodot leaves over a dozen breached companies facing extortion | TechCrunch Snowflake customers hit in data theft attacks after SaaS integrator breach Booking.com confirms hackers accessed customers' data CPUID hijacked to serve malware as HWMonitor downloads • The Register Known Exploited Vulnerabilities Catalog | CISA Adobe fixes PDF zero-day security bug that hackers have exploited for months | TechCrunch The Sad Decline of Trenchant Exec Who Had Everything, Before Deciding to Steal and Sell Zero Days to Russian Buyer FBI Extracts Suspect's Deleted Signal Messages Saved in iPhone Notification Database US operation evicts Russia from hacked SOHO routers used to breach critical infrastructure | Cybersecurity Dive Telegram Is Still Hosting a Sanctioned $21 Billion Crypto Scammer Black Market | WIRED The Dumbest Hack of the Year Exposed a Very Real Problem | WIRED
On this week's show, Patrick Gray, Adam Boileau and James Wilson discuss the week's cybersecurity news. They cover: Anthropic's new Mythos model hunts bugs and chains exploits together so well that… you cant have it… …Unless you're one of their Project Glasswing partners The world isn't short on bugs, though. F5, Fortinet, Progress ShareFile, and TrueConf are all getting rekt by humans GPU Rowhammering goes in the GPU, past the IOMMU and back into the host-side Nvidia driver North Korea is spending serious time and money on its crypto hacking Just when the US needs CISA most, they slash its budget some more! This week's episode is sponsored by identity verification firm, Persona. Tying digital actions to actual human identities isn't just for banking know-your-customer any more. Persona's Benjamin Chait says know-your-staff checks belong in high-value flows inside your organisation, too. This episode is also available on Youtube. Show notes Claude Mythos Preview red.anthropic.com Anthropic Claims Its New A.I. Model, Mythos, Is a Cybersecurity ‘Reckoning' - The New York Times Anthropic Teams Up With Its Rivals to Keep AI From Hacking Everything | WIRED FFmpeg on X: "Thank you to @AnthropicAI for sending FFmpeg patches" / X Critical flaw in F5 BIG-IP faces wide exploitation risk | Cybersecurity Dive React2Shell vulnerability helps hackers steal credentials, AI platform keys and other sensitive data | Cybersecurity Dive Critical flaw in FortiClient EMS under exploitation | Cybersecurity Dive Researchers warn of critical flaws in Progress ShareFile | Cybersecurity Dive CISA gives agencies two weeks to patch video conferencing bug exploited by Chinese hackers | The Record from Recorded Future News New Rowhammer attacks give complete control of machines running Nvidia GPUs - Ars Technica North Korea's hijack of one of the web's most used open source projects was likely weeks in the making | TechCrunch Drift crypto platform confirms $280 million stolen in hack as researchers point finger at North Korea | The Record from Recorded Future News Drift on X: "Drift Protocol — Incident Background Update " / X Trump's FY2027 budget again targets CISA | Cybersecurity Dive CISA's vulnerability scans, field support on chopping block in Trump budget | Cybersecurity Dive Iranian hackers break into U.S. industrial systems, agencies warn FBI labels suspected China hack of law enforcement data 'a major cyber incident' Russia Hacked Routers to Steal Microsoft Office Tokens – Krebs on Security Massachusetts hospital turning ambulances away after cyberattack | The Record from Recorded Future News Exclusive | 'Ghost Murmur,' a never-used secret tool, deployed to find lost airman in Iran in daring mission A Secure Chat App's Encryption Is So Bad It Is ‘Meaningless'
On this week's show, Patrick Gray, Adam Boileau and James Wilson discuss the week's cybersecurity news. They cover: Those pesky North Koreans shim a backdoor into a 100M-downloads-a-week npm package TeamPCP appear to have ransacked Cisco's source and cloud environments AI is getting legitimately good at being told to “just go find some 0day in this” Kaspersky says Coruna and Triangulation do share code lineage Iranian hackers dump Kash Patel's gmail spool Oh, and of course there's a Citrix Netscaler memory leak being exploited in the wild This week's episode is sponsored by Dropzone AI, who make automated AI SOC analysts. Head honcho Ed Wu explains how they've built pre-canned ‘hunt packs' to lead the AI off into your environment to find weird, interesting and security relevant things. This episode is also available on Youtube. Show notes Google links axios supply chain attack to North Korean group | The Record from Recorded Future News Cisco source code stolen in Trivy-linked dev environment breach chiefofautism on X: "someone at ANTHROPIC just showed CLAUDE finding ZERO DAY vulnerabilities in a live conference demo" h0mbre on X: "Claude is somehow better at kernel exploitation than creating meal plans." Vulnerability Research Is Cooked — Quarrelsome MAD Bugs: vim vs emacs vs Claude - Calif MAD Bugs: Claude Wrote a Full FreeBSD Remote Kernel RCE with Root Shell (CVE-2026-4747) A Risky Biz Experiment: Hunting for iOS 0day with AI - Risky Business Media Security leaders say the next two years are going to be 'insane' | CyberScoop Coruna framework: an exploit kit and ties to Operation Triangulation | Securelist Apple says no one using Lockdown Mode has been hacked with spyware | TechCrunch Reverse engineering Apple's silent security fixes - Calif Jury finds Meta's platforms are harmful to children in 1st wave of social media addiction lawsuits | PBS News Meta and YouTube found liable in social media addiction trial Iranian hackers publish emails allegedly stolen from Kash Patel Iran Us War: 'Legitimate targets': Iran issues warning to US tech firms including Google, Amazon, Microsoft, Nvidia - The Times of India Drop Site on X: "IRGC: From now on, for every assassination, an American company will be destroyed" OSINTtechnical on X: "Starlink shutdowns are forcing Russian troops even deeper into Ubiquiti's ecosystem. " Citrix NetScaler products confirmed to be under exploitation | Cybersecurity Dive CISA tells federal agencies to patch Citrix NetScaler bug by Thursday | The Record from Recorded Future News Using a VPN May Subject You to NSA Spying | WIRED Post reporters called the White House. Their phones showed ‘Epstein Island.' - The Washington Post
On this week's show, Patrick Gray, Adam Boileau and James WIlson discuss the week's cybersecurity news. They talk through: TeamPCP's supply chain attack on Github, and they threw in an anti-Iran wiper, because why not?! Anthropic hooks up its models to just… use your whole computer After Stryker's Very Bad Day, CISA says maybe add some more controls around your Intune? Another iOS exploit kit shows up in the cyber bargain-bin The FTC decides to ban… all new home routers?! U wot m8?! Supermicro founder was personally sanction-busting Nvidia GPUs into China?! This week's episode is sponsored by enterprise browser maker, Island. Chief Customer Officer Bradon Rogers joins Pat to explain how its customers are using Island to control the use of personal AI services in regulated industries. This episode is also available on Youtube. Show notes ‘CanisterWorm' Springs Wiper Attack Targeting Iran TeamPCP deploys CanisterWorm on NPM following Trivy compromise Andrej Karpathy on X: "Software horror: litellm PyPI supply chain" attack Checkmarx KICS GitHub Action Compromised: Malware Injected in All Git Tags Felix Rieseberg on X: "Today, we're releasing a feature that allows Claude to control your computer" A Top Google Search Result for Claude Plugins Was Planted by Hackers Lockheed Martin targeted in alleged breach by pro-Iran hacktivist CISA urges companies to secure Microsoft Intune systems after hackers mass-wipe Stryker devices FBI seems to seize website tied to Iranian cyberattack on Stryker Stryker confirms cyberattack is contained and restoration underway Hundreds of Millions of iPhones Can Be Hacked With a New Tool Found in the Wild Someone has publicly leaked an exploit kit that can hack millions of iPhones Russia-linked hackers use advanced iPhone exploit to target Ukrainians Apple rolls out first 'background security' update for iPhones, iPads, and Macs to fix Safari bug Post by @wartranslated.bsky.social — Bluesky Signal's Creator Is Helping Encrypt Meta AI Hacker says they compromised millions of confidential police tips held by US company Millions of 'anonymous' crime tips exposed in massive Crime Stoppers hack Feds Disrupt IoT Botnets Behind Huge DDoS Attacks FCC bans import of consumer-grade routers amid national security concerns White House pours cold water on cyber ‘letters of marque' speculation Google launches threat disruption unit, stops short of calling it ‘offensive' Supermicro's cofounder was just arrested for allegedly smuggling $2.5 billion in GPUs to China Cyberattack on vehicle breathalyzer company leaves drivers stranded across the US Man pleads guilty to $8 million AI-generated music scheme Two Israelis AI generated "intelligence" and sold it to Iran
On this week's show, Patrick Gray, Adam Boileau and James WIlson discuss the week's cybersecurity news. They discuss: Iran's Intune-based wiper attack on medical device maker Stryker Qihoo 360's AI publishes its own wildcard TLS cert private key Instagram is canning its end-to-end encrypted messaging What's going on with mobile internet access in Moscow? The Xbox One's bootloader gets voltage glitched into submission Oh Qualys! We love you! (At least, whoever is in the basement writing these beautiful .txt files…) This week's episode is sponsored by browser-based detection and response company, Push Security. Researcher Dan Green and Field CTO Mark Orlando join Pat to talk through the InstallFix variant of the *Fix attack technique. This episode is also available on Youtube. Show notes Iranian Hacktivists Strike Medical Device Maker Stryker in "Severe" Attack that Wiped Systems Stryker says it's restoring systems after pro-Iran hackers wiped thousands of employee devices | TechCrunch Stryker attack raises concerns about role of device management tool | Cybersecurity Dive Stryker tells SEC that timeline for recovery from cyberattack unknown | The Record from Recorded Future News How ‘Handala' Became the Face of Iran's Hacker Counterattacks | WIRED U.S Strikes Killed Iranian Cyber Chiefs, But The Hacks Continued Risky Business Features: Being a Wartime CISO Supply-chain attack using invisible code hits GitHub and other repositories - Ars Technica China's biggest cybersecurity company, Qihoo 360 just leaked their own wildcard SSL private key Emergent Cyber Behavior: When AI Agents Become Offensive Threat Actors - Irregular Risky Business Features: MCP is Dead Measuring AI Agents' Progress on Multi-Step Cyber Attack Scenarios Measuring AI Agents' Progress on Multi-Step Cyber Attack Scenarios What is end-to-end encryption on Instagram | Instagram Help Center US Lawmakers Move to Kill the FBI's Warrantless Wiretap Access | WIRED Website "whitelists" launched in Moscow | Forbes.ru Exclusive: Foreign hacker in 2023 compromised Epstein files held by FBI, source and documents show | Reuters Feds say another DigitalMint negotiator ran ransomware attacks and helped extort $75 million | CyberScoop Researchers disclose vulnerabilities in IP KVMs from four manufacturers - Ars Technica RE//verse 2026: Hacking the Xbox One by Markus 'doom' Gaasedelen - YouTube CrackArmor: Multiple vulnerabilities in AppArmor
On this week's show, Patrick Gray, Adam Boileau and James WIlson discuss the week's cybersecurity news. They cover: The Coruna exploits were L3 Harris, but it seems Triangulation… was not! Iran's cyber HQ hit by Israeli (kinetic) strikes Trump's cyber “strategy” is … well, all we've got is jokes cause there's no serious content NSA and CyberCom finally get a leader after Lt Gen Joshua Rudd gets Senate nod DOGE (remember them?!) employee walked a social security database out on a USB stick This episode is sponsored by open source cloud security scanner Prowler. Creator and CEO Toni de la Fuente talks to Pat about some of the enterprise features Prowler is growing, while remaining true to its open source roots. This episode is also available on Youtube. Show notes Inside Coruna: Reverse Engineering a Nation-State iOS Exploit Kit From JavaScript GitHub - matteyeux/coruna: deobfuscated JS and blobs US military contractor likely built iPhone hacking tools used by Russian spies in Ukraine APT36: A Nightmare of Vibeware State-linked actors targeted US networks in lead-up to Iran war Iranian cyber warfare HQ allegedly hit by Israel Last 2 names of 6 US soldiers who died in Kuwait attack identified by the Pentagon Signal, WhatsApp users face Russian phishing push, Dutch warn Samuel Bendett on X: "Russian military told it couldn't use Telegram messaging app" FBI investigating ‘suspicious' cyber activities on critical surveillance network Risky Bulletin: New White House EO prioritizes fight against scams and cybercrime President Trump's CYBER STRATEGY for America Fact Sheet: President Donald J. Trump Combats Cybercrime, Fraud, and Predatory Schemes Against American Citizens UK plans to shift fraud fight onto telecoms, tech companies Trump to hit Anthropic with executive order to remove "woke" AI Claude Anthropic launches code review tool to check flood of AI-generated code CrowdStrike reports record quarter amid investor concerns about AI impact Critical defect in Java security engine poses serious downstream security risks Gen. Joshua Rudd confirmed as NSA, Cyber Command head Plankey's nomination as CISA director now in jeopardy DOGE employee stole Social Security data and put it on a thumb drive, report says Taming Agentic Browsers: Vulnerability in Chrome Allowed Extensions to Hijack New Gemini Panel Cel mai mare exportator român de carne, deținătorul brandului Cocorico, a intrat în restructurări, alături de Casa de Insolvență Transilvania
On this week's show, Patrick Gray, Adam Boileau and James WIlson discuss the week's cybersecurity news. They cover: The US-Israeli attack on Iran had a whole lot of cyber. It's clearly in the playbook now! The NSA Triangulation / L3 Harris Trenchant iOS exploit kit is on the loose, and being used by Chinese crypto scammers So long Maddhu Gottumukkala, but CISA's annus horribilis continues Adam “humbug” Boileau complains about the Airsnitch wifi attack just being three ethernets in a trenchcoat ASD's Cisco SD-WAN threat hunting guide is clearly borne of … experience This week's episode is sponsored by AI threat hunting platform Nebulock. Sydney Marrone joins to talk about how useful AI models are on the hunt, and her work building out an open source framework and maturity model. It's methodology agnostic, so you can adapt it for your environment, and the github link is in the show notes! This episode is also available on Youtube. Show notes Inside the plan to kill Ali Khamenei Hacked traffic cams and hijacked TVs: How cyber operations supported the war against Iran | TechCrunch Matthew Prince
On this week's show, Patrick Gray, Adam Boileau and James WIlson discuss the week's cybersecurity news. They cover: Low skill actors compromise 600 Fortinets with AI-generated playbooks Anthropic calls out Chinese AI firms over model distillation Meta's director of AI safety tells her ClawdBot not to delete her mail… so of course it does Peter Williams cops 7 years in jail for selling L3 Harris Trenchant's exploits to Russia Ivanti got hacked in 2021 via… bugs in Ivanti This episode is sponsored by line-rate network capture system Corelight. CEO Brian Dye joins to discuss what AI can do for defenders, and what it can't. This episode is also available on Youtube. Show notes AI-augmented threat actor accesses FortiGate devices at scale "this reads to me like: they ran existing tools.... but with a cool dashboard :D" Anthropic accuses Chinese labs of trying to illicitly take Claude's capabilities | CyberScoop Detecting and preventing distillation attacks Hegseth warns Anthropic to let the military use the company's AI tech as it sees fit, AP sources say Anthropic Rolls Out Embedded Security Scanning for Claude AWS's AI Coding Bot Kiro Caused a 13-Hour Outage Running OpenClaw safely: identity, isolation, and runtime risk Former Adobe, Cisco and Salesforce CISO talks AI pentesting History Repeats: Security in the AI Agent Era Meta Director of AI Safety Allows AI Agent to Accidentally Delete Her Inbox Microsoft says Office bug exposed customers' confidential emails to Copilot AI | TechCrunch The (tangential) fix: Microsoft adds Copilot data controls to all storage locations Ex-L3Harris executive sentenced to 87 months in prison for selling zero-day exploits to Russian broker Treasury Sanctions Exploit Broker Network for Theft and Sale of U.S. Government Cyber Tools Risky Bulletin: Russia starts criminal probe of Telegram founder Pavel Durov Ukraine pushes tighter Telegram regulation, citing Russian recruitment of locals The watchers: how openai, the US government, and persona built an identity surveillance machine that files reports on you to the feds Persona emails customers saying they don't work with ICE or DHS amid ‘surveillance' claims Inside the Fix: Analysis of In-the-Wild Exploit of CVE-2026-21513 Ivanti hacked in 2021 via its own product Fed agencies ordered to patch Dell bug by Saturday after exploitation warning | The Record from Recorded Future News From BRICKSTORM to GRIMBOLT: UNC6201 Exploiting a Dell RecoverPoint for Virtual Machines Zero-Day
On this week's show, Patrick Gray, Adam Boileau and James WIlson discuss the week's cybersecurity news. They cover: Palo Alto threat researchers want to attribute to China, but management says shush An increasing proportion of ransomware is data extortion. Is this good? Cambodia says it's going to dismantle scam compounds CISA sufferers through yet another shutdown Google Gemini's training secrets are being systematically harvested to improve other LLMs Academics assess SaaS password managers' resilience against a malicious server This episode is sponsored by SSO-firewall integration vendor Knocknoc. Chief exec Adam Pointon joins to talk about the latest in defences… which is to say Knocknoc for Solaris/Sparc and HPUX on PA-RISC?! Okay also that other little known OS… Windows. This episode is also available on Youtube. Show notes Data-only extortion grows as ransomware gangs seek better profits | Cybersecurity Dive Arctic Wolf Threat Report 2026 Exclusive: Palo Alto chose not to tie China to hacking campaign for fear of retaliation from Beijing, sources say Risky Bulletin: Cambodia promises to dismantle scam networks by April - Risky Business Media Age of the ‘scam state': how an illicit, multibillion-dollar industry has taken root in south-east Asia | Cybercrime | The Guardian Critical flaw in BeyondTrust Remote Support sees early signs of exploitation | Cybersecurity Dive CISA Navigates DHS Shutdown With Reduced Staff - SecurityWeek Kimwolf Botnet Swamps Anonymity Network I2P – Krebs on Security BADIIS to the Bone: New Insights to a Global SEO Poisoning Campaign — Elastic Security Labs Over 500,000 VKontakte accounts hijacked through malicious Chrome extensions | The Record from Recorded Future News Password managers' promise that they can't see your vaults isn't always true - Ars Technica Zero Knowledge (About) Encryption: A Comparative Security Analysis of Three Cloud-based Password Managers Google finds state-sponsored hackers use AI at 'all stages' of attack cycle | CyberScoop Google: Gemini hit with 100,000+ prompts in cloning attempt Proofpoint acquires Acuvity to tackle the security risks of agentic AI | CyberScoop Cisco Redefines Security for the Agentic Era with AI Defense Expansion and AI-Aware SASE Sophos Acquires Arco Cyber to Bring CISO-Level, Agentic AI-Powered Expertise to Every Organization Dave Kennedy on X: "Regarding this, there was a couple questions on does the pacemaker continue to advertise - most BLE implantable devices go into a sleep type mode. In this case, we are lucky - it does not. We know based on law enforcement answers that she is using a more modern pacemaker with" / X Clash Report on X: "BIG: Dutch Defence Minister Gijs Tuinman hints that software independence is possible for F-35 jets. He literally said you can “jailbreak” an F-35. When asked if Europe can modify it without US approval: “That's not the point… we'll see whether the Americans will show https://t.co/f11cGvtYsO" / X Dutch police arrest man who refused to delete confidential files shared by mistake | The Record from Recorded Future News
On this week's show Patrick Gray and Adam Boileau discuss the week's cybersecurity news, including: Microsoft reshuffles security leadership. It doesn't spark joy. Russia is hacking the Winter Olympics. Again. But y tho? China-linked groups are keeping busy, hacking telcos in Norway, Singapore and dozens of others Campaigns underway targeting Ivanti, BeyondTrust and SolarWinds products An unknown hero blocks 23/tcp on the US internet backbone And James Wilson pops into talk about Claude's go at a C compiler This week's episode is sponsored by Ent.AI, an AI startup that isn't quite ready to tell us all what they're doing. But nevertheless, founder Brandon Dixon joins to discuss AI's role in security. Where does language-based understanding take us that previous methods couldn't? This episode is also available on Youtube. Show notes Updates in two of our core priorities - The Official Microsoft Blog Strengthening Windows trust and security through User Transparency and Consent | Windows Experience Blog Microsoft prepares to refresh Secure Boot's digital certificate | Cybersecurity Dive Microsoft Patch Tuesday matches last year's zero-day high with six actively exploited vulnerabilities | CyberScoop Microsoft releases urgent Office patch. Russian-state hackers pounce. - Ars Technica Italy blames Russia-linked hackers for cyberattacks ahead of Winter Olympics | The Record from Recorded Future News Researchers uncover vast cyberespionage operation targeting dozens of governments worldwide | The Record from Recorded Future News Germany warns of state-linked phishing campaign targeting journalists, government officials | The Record from Recorded Future News Norwegian intelligence discloses country hit by Salt Typhoon campaign | The Record from Recorded Future News Singapore says China-linked hackers targeted telecom providers in major spying campaign | The Record from Recorded Future News Largest Multi-Agency Cyber Operation Mounted to Counter Threat Posed by Advanced Persistent Threat (APT) Actor UNC3886 to Singapore's Telecommunications Sector | Cyber Security Agency of Singapore How Intel and Google Collaborate to Strengthen Intel® TDX Strengthening the Foundation: A Joint Security Review of Intel TDX 1.5 - Google Bug Hunters Active Exploitation of SolarWinds Web Help Desk (CVE-2025-26399) | Huntress EU, Dutch government announce hacks following Ivanti zero-days | The Record from Recorded Future News North Korean hackers targeted crypto exec with fake Zoom meeting, ClickFix scam | The Record from Recorded Future News BeyondTrust warns of critical RCE flaw in remote support software Rapid7 Analysis of CVE-2026-1731 Building a C compiler with a team of parallel Claudes Anthropic (1) Post by @ryiron.bsky.social — Bluesky What AI Security Research Looks Like When It Works | AISLE South Korean crypto exchange races to recover $40bn of bitcoin sent to customers by mistake | South Korea | The Guardian White House to meet with GOP lawmakers on FISA Section 702 renewal | The Record from Recorded Future News
Patrick Gray and Adam Boileau are joined by the newest guy on the Risky Business Media team, James WIlson. They discuss the week's cybersecurity news, including: Notepad++ update supply chain attack has been attributed to China The AI agent future is even more stupid than expected; behold the OpenClaw/Clawdbot/Moltbook mess The Epstein files claim he had a personal hacker? Microsoft is finally getting ready to (think about starting to begin to) disable NTLM by default The usual bugs in the usual things! Ivanti, Fortinet, and Solarwinds. Again. Telco hides a free trip in its privacy policy, someone actually reads it and wins! This weeks's episode is sponsored by opensource IDP platform Authentik. CEO Fletcher Heisler talks to Pat about their new endpoint agent that can enforce device posture policies during login. This episode is also available on Youtube. Show notes The Chrysalis Backdoor: A Deep Dive into Lotus Blossom's toolkit Notepad++ Hijacked by State-Sponsored Hackers | Notepad++ Notepad++ v8.8.3 - Self-signed Certificate: Certified by Code, Not Corporations | Notepad++ Hacking Moltbook: AI Social Network Reveals 1.5M API Keys | Wiz Blog lcamtuf on X: "Moltbook debate in a nutshell" / X Exposed Moltbook Database Let Anyone Take Control of Any AI Agent on the Site AndrewMohawk on X: "How exactly did an attacker send a message to your bot since you need to approve all the channels and set keys etc" / X Signal president warns AI agents are making encryption irrelevant Massive AI Chat App Leaked Millions of Users Private Conversations Runa Sandvik on X: New court record from the FBI details the state of the devices seized from Washington Post reporter Hannah Natanson EFTA01683874.pdf Disrupting the World's Largest Residential Proxy Network | Google Cloud Blog Nobel Committee says Peace Prize winner likely revealed early by digital spying | Reuters County pays $600,000 to pentesters it arrested for assessing courthouse security - Ars Technica Advancing Windows security: Disabling NTLM by default - Windows IT Pro Blog Critical flaws in Ivanti EPMM lead to fast-moving exploitation attempts | Cybersecurity Dive CISA orders federal agencies to patch exploited SolarWinds bug by Friday | The Record from Recorded Future News CISA, security researchers warn FortiCloud SSO flaw is under attack | Cybersecurity Dive Fintech firm Marquis blames hack at firewall provider SonicWall for its data breach | TechCrunch We Hid a Free Trip to Switzerland in Our Privacy Policy. Someone Found It in 2 Weeks. - Cape Between Two Nerds: The internal logic of Russian power grid attacks - YouTube
In this week's show Patrick Gray and Adam Boileau discuss the week's cybersecurity news. They discuss: La France is tres sérieux about ditching US productivity software China's Salt Typhoon was snooping on Downing Street Trump wields the mighty DISCOMBOBULATOR ESET says the Polish power grid wiper was Russia's GRU Sandworm crew US cyber institutions CISA and NIST are struggling Voice phishing for MFA bypass is getting even more polished This episode is sponsored by Sublime Security. Brian Baskin is one of the team behind Sublime's 2026 Email Threat Research report. He joins to talk through what they see of attackers' use of AI, as well as the other trends of the year. This episode is also available on Youtube. Show notes France to ditch US platforms Microsoft Teams, Zoom for ‘sovereign platform' amid security concerns | Euronews Suite Numérique plan - Google Search China hacked Downing Street phones for years Cyberattack Targeting Poland's Energy Grid Used a Wiper Trump says U.S. used secret 'discombobulator' on Venezuelan equipment during Maduro raid | PBS News Risky Bulletin: Cyberattack cripples cars across Russia - Risky Business Media Lawmakers probe CISA leader over staffing decisions | CyberScoop Trump's acting cyber chief uploaded sensitive files into a public version of ChatGPT - POLITICO Acting CISA director failed a polygraph. Career staff are now under investigation. - POLITICO NIST is rethinking its role in analyzing software vulnerabilities | Cybersecurity Dive Federal agencies abruptly pull out of RSAC after organizer hires Easterly | Cybersecurity Dive Real-Time phishing kits target Okta, Microsoft, Google Phishing kits adapt to the script of callers On the Coming Industrialisation of Exploit Generation with LLMs – Sean Heelan's Blog GitHub - SeanHeelan/anamnesis-release: Automatic Exploit Generation with LLMs Overrun with AI slop, cURL scraps bug bounties to ensure "intact mental health" - Ars Technica Bypassing Windows Administrator Protection - Project Zero Task Failed Successfully - Microsoft's “Immediate” Retirement of MDT - SpecterOps Kubernetes Remote Code Execution Via Nodes/Proxy GET Permission WhatsApp's Latest Privacy Protection: Strict Account Settings - WhatsApp Blog Microsoft gave FBI a set of BitLocker encryption keys to unlock suspects' laptops: Reports | TechCrunch He Leaked the Secrets of a Southeast Asian Scam Compound. Then He Had to Get Out Alive | WIRED Key findings from the 2026 Sublime Email Threat Research Report
In this week's show, Patrick Gray and Adam Boileau discuss the week's cybersecurity news, joined by a special guest. BBC World Cyber Correspondent Joe Tidy is a long time listener and he pops in for a ride-along in the news segment plus a chat about his new book. This week news includes: Did the US cyber Venezuela's power grid, or do they just want us to think they coulda? US govt might boycott the RSAC Conference ‘cause Jen Easterly being CEO makes them mad MS Patch Tuesday fixes CVSS5.5 bug and … stops you shutting down Wiz pulls off cloud stunt hack that ends with control of everyone's AWS console Millions of Bluetooth devices that use Google's Fast Pairing will pair with anyone, any time GNU inet-tools' telnetd parties like it's 2007, and brings -f root unauthed remote login back Thinkst is this week's sponsor, and long time friend of the show Haroon Meer joins. As always they're polishing their Canary tokens - adding breadcrumbs to lead you to them - but they're also a bunch of giant nerds who now run South Africa's Computer Olympiad. This episode is also available on Youtube. Show notes Cyberattack in Venezuela Demonstrated Precision of U.S. Capabilities - The New York Times Why I'm withholding certainty that “precise” US cyber-op disrupted Venezuelan electricity - Ars Technica Layered Ambiguity: US Cyber Capabilities in the Raid to Extract Maduro from Venezuela | Royal United Services Institute Former CISA Director Jen Easterly Will Lead RSAC Conference | WIRED Trump officials consider skipping premier cyber conference after Biden-era cyber leader named CEO - Nextgov/FCW Federal agencies ordered to patch Microsoft Desktop Windows Manager bug | The Record from Recorded Future News Windows 11 shutdown bug forces Microsoft into damage control • The Register CodeBreach: Supply Chain Vuln & AWS CodeBuild Misconfig | Wiz Blog Critical flaw in AWS Console risked compromise of build environment | Cybersecurity Dive Never-before-seen Linux malware is “far more advanced than typical” - Ars Technica VoidLink: Evidence That the Era of Advanced AI-Generated Malware Has Begun - Check Point Research Hundreds of Millions of Audio Devices Need a Patch to Prevent Wireless Hacking and Tracking | WIRED Critical flaw in Fortinet FortiSIEM targeted in exploitation threat | Cybersecurity Dive CVE-2025-64155: 3 Years of Remotely Rooting the FortiSIEM A single click mounted a covert, multistage attack against Copilot - Ars Technica Police raid homes of alleged Black Basta hackers, hunt suspected Russian ringleader | The Record from Recorded Future News Jordanian initial access broker pleads guilty to helping target 50 companies | The Record from Recorded Future News Supreme Court hacker posted stolen government data on Instagram | TechCrunch oss-sec: GNU InetUtils Security Advisory: remote authentication by-pass in telnetd How crypto criminals stole $700 million from people - often using age-old tricks Ctrl + Alt + Chaos: How Teenage Hackers Hijack the Internet
Risky Business returns for 2026! Patrick Gray and Adam Boileau talk through the week's cybersecurity news, including: Santa brings hackers MongoDB memory leaks for Christmas Vercel pays out a million bucks to improve its React2Shell WAF defences 39C3 delivers; the pink Power Ranger deletes nazis, while a catgirl ruins GnuPG Cambodian scam compound kingpin gets extradited to China, and we don't think it'll go well for him Krebs picks apart the Kimwolf botnet and residential proxy networks So many healthcare data leaks that we have a roundup section This week's episode is sponsored by Airlock Digital. The founders of the application allow-listing vendor, David Cottingham and Daniel Schell, discuss Microsoft's ClickOnce .NET app packaging, and how attackers have been abusing it to load code. Airlock hates it when you load code! This episode is also available on Youtube. Show notes US, Australia say ‘MongoBleed' bug being exploited | The Record from Recorded Future News Merry Christmas Day! Have a MongoDB security incident. | by Kevin Beaumont | Dec, 2025 | DoublePulsar Inside Vercel's sleep-deprived race to contain React2Shell | CyberScoop gpg.fail Hacktivist deletes white supremacist websites live onstage during hacker conference | TechCrunch Chinese attackers exploiting zero-day to target Cisco email security products | The Record from Recorded Future News Ni8mare - Unauthenticated Remote Code Execution in n8n (CVE-2026-21858) | Cyera Research Labs ServiceNow patches critical AI platform flaw that could allow user impersonation | CyberScoop Alleged cyber scam kingpin arrested, extradited to China | The Record from Recorded Future News FCC IoT labeling program loses lead company after China probe | Cybersecurity Dive Trump picks Lt. Gen. Joshua Rudd to lead NSA spy agency - The Washington Post NSA cyber directorate gets new acting leadership | The Record from Recorded Future News Dutch court sentences hacker who used port systems to smuggle cocaine to 7 years | The Record from Recorded Future News ECLI:NL:GHAMS:2026:22, Amsterdam Court of Appeal, 23-003218-22 The Kimwolf Botnet is Stalking Your Local Network – Krebs on Security Who Benefited from the Aisuru and Kimwolf Botnets? – Krebs on Security Coupang recovers smashed laptop that alleged data leaker threw into river | The Record from Recorded Future News Ransomware responders plead guilty to using ALPHV in attacks on US organizations | The Record from Recorded Future News Nearly 480,000 impacted by Covenant Health data breach | The Record from Recorded Future News Illinois health department exposed over 700,000 residents' personal data for years | TechCrunch Tech provider for NHS England confirms data breach | TechCrunch Hacker claiming to be behind ManageMyHealth breach: ‘I do it for the money and I'm in negotiations to get it' - NZ Herald
In the final show of 2025, Patrick Gray and Adam Boileau discuss the week's cybersecurity news, including: React2Shell attacks continue, surprising no one The unholy combination of OAuth consent phishing, social engineering and Azure CLI Venezuela's state oil firm gets ransomware'd, blames US… but what if it really is a US cyber op?! Russian junk-hacktivist gets indicted for cybering critical… err… a car wash and a fountain Microsoft finally turns RC4 off by default in Active Directory Kerberos Traefik's TLS verify=on … turns it off, whoopsie
In this week's show Patrick Gray and Adam Boileau discuss the week's cybersecurity news, including: There's a CVSS 10/10 remote code exec in the React javascript server. JS server? U wot mate? China is out popping shells with it Linux adds support for PCIe bus encryption Amnesty International says Intellexa can just TeamViewer into its customers' surveillance systems …and a Belgian murder suspect complains that GrapheneOS's duress wipe feature failed him? This week's episode is sponsored by Kroll Cyber. Simon Onyons is Managing Director at Kroll's Cyber and Data Resilience arm, and he discusses a problem near to many of our hearts. Just how do you explain cyber risk to the board? This episode is also available on Youtube. Show notes Risky Bulletin: APTs go after the React2Shell vulnerability within hours - Risky Business Media Guillermo Rauch on X: "React2Shell" / X React2Shell-CVE-2025-55182-original-poc/README.md at main · lachlan2k/React2Shell-CVE-2025-55182-original-poc · GitHub Hydrogen: Shopify's headless commerce framework Researchers track dozens of organizations affected by React2Shell compromises tied to China's MSS | The Record from Recorded Future News Unveiling WARP PANDA: A New Sophisticated China-Nexus Adversary Three hacking groups, two vulnerabilities and all eyes on China | The Record from Recorded Future News Risky Bulletin: Linux adds PCIe encryption to help secure cloud servers Sean Plankey nomination to lead CISA appears to be over after Thursday vote | CyberScoop
In this week's show Patrick Gray and Adam Boileau discuss the week's cybersecurity news. It's a quiet week with Thanksgiving in the US, but there's always some cyber to talk about: Airbus rolls out software updates after a cosmic ray bitflips an A320 into a dive Krebs tracks down a Scattered Lapsus$ Hunters teen through the usual poor opsec… … as Wired publishes an opsec guide for teens. Microsoft decides its login portal is worth a Content Security Policy South Korean online retailer data breach covers 65% of the country This week's episode is sponsored by Nebulock. Founder and CEO Damien Lewke joins to talk through their work bringing more SIgma threat detection rules to MacOS. This episode is also available on Youtube. Show notes Airlines race to fix their Airbus planes after warning solar radiation could cause pilots to lose control | CNN Congress calls on Anthropic CEO to testify on Chinese Claude espionage campaign | CyberScoop Post-mortem of Shai-Hulud attack on November 24th, 2025 - PostHog Update: Shai-Hulud and the npm Ecosystem: Why CTEM Must Extend Beyond Your Walls | Armis Glassworm's resurgence | Secure Annex 4.3 Million Browsers Infected: Inside ShadyPanda's 7-Year Malware Campaign | Koi Blog Post by @spuxx.bsky.social — Bluesky Meet Rey, the Admin of ‘Scattered Lapsus$ Hunters' – Krebs on Security The WIRED Guide to Digital Opsec for Teens | WIRED Perth hacker Michael Clapsis jailed after setting up fake Qantas Wi-Fi, stealing sex videos - ABC News Ed Conway on X: "The person who first downloaded the OBR's document at 11:35 on Budget day (I'm guessing someone at Reuters, given they first reported it) had already guessed the web address and tried and failed to download it 32 times so far that day(!) https://t.co/6iLm2uEUj2" / X Reuters accused of hack attack | ZDNET The Destruction of a Notorious Myanmar Scam Compound Appears to Have Been ‘Performative' | WIRED Microsoft tightens cloud login process to prevent common attack | Cybersecurity Dive Fortinet FortiWeb flaws found in unsupported versions of web application firewall | Cybersecurity Dive Cryptomixer platform raided by European police; $29 million in bitcoin seized | The Record from Recorded Future News Officials accuse North Korea's Lazarus of $30 million theft from crypto exchange | The Record from Recorded Future News Data breach hits 'South Korea's Amazon,' potentially affecting 65% of country's population | The Record from Recorded Future News NSA Contractor Groomed Teenage Girls On Reddit, DOJ Alleges Nebulock developed coreSigma for MacOS coreSigma repo:
In this week's show Patrick Gray and Adam Boileau discuss the week's cybersecurity news, including: Salesforce partner Gainsight has customer data stolen Crowdstrike fires insider who gave hackers screenshots of internal systems Australian Parliament turns off wifi and bluetooth in fear of of visiting Chinese bigwigs Shai-Hulud npm/Github worm is back, and rm -rf'ier than ever SEC gives up on Solarwinds lawsuit Dog eats cryptographer's key material This week's episode is sponsored by runZero. HD Moore pops in to talk about how they're integrating runZero with Bloodhound-style graph databases. He also discusses uses for driving runZero's tools with an AI, plus the complexities of shipping AI when the company has a variety of deployment models. This episode is also available on Youtube. Show notes Google says hackers stole data from 200 companies following Gainsight breach Gainsight Status Trust Status CrowdStrike fires 'suspicious insider' who passed information to hackers Salesforce cuts off access to third-party app after discovering ‘unusual activity' Атаки разящей панды: APT31 сегодня Office of Public Affairs | Seven Hackers Associated with Chinese Government Charged with Computer Intrusions Australian federal MPs warned to turn off phones when Chinese delegation visits Parliament House Sha1-Hulud: The Second Coming of the NPM Worm is Digging For Secrets FCC eliminates cybersecurity requirements for telecom companies Trade Associations Cybersecurity Practices Ex Parte SEC voluntarily dismisses SolarWinds lawsuit Record-breaking DDoS attack against Microsoft Azure mitigated The Cloudflare Outage May Be a Security Roadmap – Krebs on Security Critics scoff after Microsoft warns AI feature can infect machines and pilfer data vx-underground on X: "I've had a surprising amount of people ask me about Copilot" Researchers warn command injection flaw in Fortinet FortiWeb is under exploitation Two suspected Scattered Spider hackers plead not guilty over Transport for London cyberattack Russia arrests young cybersecurity entrepreneur on treason charges This campaign aims to tackle persistent security myths in favor of better advice Oops. Cryptographers cancel election results after losing decryption key. Uncovering network attack paths with runZeroHound Model Context Protocol
In this week's show Patrick Gray and Adam Boileau discuss the week's cybersecurity news, including: Anthropic says a Chinese APT orchestrated attacks using its AI It's a day ending in -y, so of course there are shamefully bad Fortinet exploits in the wild Turns out slashing CISA was a bad idea, now it's time for a hiring spree Researchers brute force entire phone number space against Whatsapp contact discovery API DOJ figures out how to make SpaceX turn off scam compounds' Starlink service This week's episode is sponsored by Mastercard. Senior Vice President of Mastercard Cybersecurity Urooj Burney joins to talk about how the roles of fraud and cyber teams in the financial sector are starting to converge. Mastercard also recently acquired Recorded Future, and Urooj talks about how they aim to integrate cyber threat intelligence into the financial world. This episode is also available on Youtube. Show notes Full report: Disrupting the first reported AI-orchestrated cyber espionage campaign Researchers question Anthropic claim that AI-assisted attack was 90% autonomous - Ars Technica China's ‘autonomous' AI-powered hacking campaign still required a ton of human work | CyberScoop Amazon discovers APT exploiting Cisco and Citrix zero-days | AWS Security Blog CISA gives federal agencies one week to patch exploited Fortinet bug | The Record from Recorded Future News PSIRT | FortiGuard Labs CISA, eyeing China, plans hiring spree to rebuild its depleted ranks | Cybersecurity Dive This Is the Platform Google Claims Is Behind a 'Staggering' Scam Text Operation | WIRED A Simple WhatsApp Security Flaw Exposed 3.5 Billion Phone Numbers | WIRED DOJ Issued Seizure Warrant to Starlink Over Satellite Internet Systems Used at Scam Compound | WIRED Multiple US citizens plead guilty to helping North Korean IT workers earn $2 million | The Record from Recorded Future News Cyberattack leaves Jaguar Land Rover short of £680 million | The Record from Recorded Future News FBI: Akira gang has received nearly $250 million in ransoms | The Record from Recorded Future News Operation Endgame: Police reveal takedowns of three key cybercrime tools | The Record from Recorded Future News Inside a Wild Bitcoin Heist: Five-Star Hotels, Cash-Stuffed Envelopes, and Vanishing Funds | WIRED
In this week's show Patrick Gray and Adam Boileau discuss the week's cybersecurity news, including: The KK Park scam compound in Myanmar gets blasted with actual dynamite China sentences more scammers TO DEATH While Singapore is opting to lash them with the cane Chinese security firm KnownSec leaks a bunch of documents Necromancy continues on NSO Group, with a Trump associate in charge OWASP freshens up the Top 10, you won't believe what's number three! This week's episode is sponsored by Thinkst Canary. Big bird Haroon Meer joins and, as usual, makes a good point. If you're going to trust a vendor to do something risky like put a box on your network, they have an obligation to explain how they make that safe. Thinkst has a /security page that does exactly that. So why do we let Palo Alto and Fortinet get away with “trust me, bro”? This episode is also available on Youtube. Show notes Myanmar Junta Dynamites Scam Hub in PR Move as Global Pressure Grows China sentences 5 Myanmar scam kingpins to death | The Record from Recorded Future News Law passed for scammers, mules to be caned after victims in Singapore lose almost $4b since 2020 | The Straits Times KnownSec breach: What we know so far. - NetAskari Risky Bulletin: Another Chinese security firm has its data leaked Inside Congress Live The Government Shutdown Is a Ticking Cybersecurity Time Bomb | WIRED Former Trump official named NSO Group executive chairman | The Record from Recorded Future News Short-term renewal of cyber information sharing law appears in bill to end shutdown | The Record from Recorded Future News Jaguar Land Rover hack hurt the U.K.'s GDP, Bank of England says Monetary Policy Report - November 2025 | Bank of England SonicWall says state-linked actor behind attacks against cloud backup service | Cybersecurity Dive Japanese media giant Nikkei reports Slack breach exposing employee and partner records | The Record from Recorded Future News "Intel sues former employee for allegedly stealing confidential data" Post by @campuscodi.risky.biz — Bluesky Introduction - OWASP Top 10:2025 RC1
In this week's show Patrick Gray and Adam Boileau discuss the week's cybersecurity news, including: We love some good vulnerability reporting drama, this time FFmpeg's got beef with Google OpenAI announces its Aardvark bug-gobbling system Two US ransomware responders get arrested for… ransomware Memento (nee HackingTeam) CEO says: Sì, those are totally our tools getting snapped in Russia Hackers help freight theft gangs steal shipments to resell A second Jabber Zeus mastermind gets his comeuppance 15 years on This week's episode is sponsored by Nucleus Security, who make a vulnerability information management system. Co-founder Scott Kuffer says that approaches for triaging vulnerabilities have started to fall apart, given there are just. So. Many. And they're all important! This episode is also available on Youtube. Show notes vx-underground on X: "Yeah, so pretty much this entire drama thing is FFmpeg are a bunch of nerds…" FFmpeg on X: "@DavidEGrayson It's someone's hobby project of an obscure 1990s decoder…" Halvar Flake on X: "Given the extremely big role ffmpeg has played historically..." thaddeus e. grugq on X: "Current drama: Plucky security researcher Google takes on volunteer open source behemoth FFmpeg." Robert Graham on X: "Current status: There's a conflict between Google…" Introducing Aardvark: OpenAI's agentic security researcher | OpenAI Bugcrowd acquires Mayhem Security to advance AI-powered security testing | CyberScoop Prosecutors allege incident response pros used ALPHV/BlackCat to commit string of ransomware attacks | CyberScoop Former Trenchant Exec Sold Stolen Code to Russian Buyer Even After Learning that Other Code He Sold Was Being "Utilized" by Different Broker in South Korea How an ex-L3Harris Trenchant boss stole and sold cyber exploits to Russia | TechCrunch Operation Zero — A Zero-Day Vulnerability Platform John Scott-Railton on X: "7/ There's a push to scale up America's offensive industry right now…" CEO of spyware maker Memento Labs confirms one of its government customers was caught using its malware | TechCrunch Exploiting Microsoft Teams: Impersonation and Spoofing Vulnerabilities Exposed Microsoft Teams Vulnerabilities Uncovered Cargo theft gets a boost from hackers using remote monitoring tools | The Record from Recorded Future News Remote access, real cargo: cybercriminals targeting trucking and logistics | Proofpoint US Alleged Conti ransomware gang affiliate appears in Tennessee court after Ireland extradition | The Record from Recorded Future News Three suspected developers of Meduza Stealer malware arrested in Russia | The Record from Recorded Future News Alleged Jabber Zeus Coder ‘MrICQ' in U.S. Custody – Krebs on Security Windows Server Update Service exploitation ensnares at least 50 victims | Cybersecurity Dive Post by @paulschnack.bsky.social — Bluesky
In this week's show Patrick Gray and Adam Boileau discuss the week's cybersecurity news, including: L3Harris Trenchant boss accused of selling exploits to Russia once worked at the Australian Signals Directorate Microsoft WSUS bug being exploited in the wild Dan Kaminsky DNS cache poisoning comes back because of a bad PRNG SpaceX finally starts disabling Starlink terminals used by scammers Garbage HP update deletes certificates that authed Windows systems to Entra This week's episode is sponsored by automation company Tines. Field CISO Matt Muller joins to discuss how Tines has embraced LLMs and the agentic-AI future into their workflow automation. This episode is also available on Youtube. Show notes US accuses former L3Harris cyber boss of stealing and selling secrets to Russian buyer | TechCrunch Attackers bypass patch in deprecated Windows Server update tool | CyberScoop CVE-2025-59287 WSUS Unauthenticated RCE | HawkTrace CVE-2025-59287 WSUS Remote Code Execution | HawkTrace Catching Credential Guard Off Guard - SpecterOps Cache poisoning vulnerabilities found in 2 DNS resolving apps - Ars Technica Uncovering Qilin attack methods exposed through multiple cases Safety on X: "By November 10, we're asking all accounts that use a security key as their two factor authentication (2FA) method to re-enroll their key to continue accessing X. You can re-enroll your existing security key, or enroll a new one. A reminder: if you enroll a new security key, any" / X SpaceX disables more than 2,000 Starlink devices used in Myanmar scam compounds | The Record from Recorded Future News SpaceX: Update Your Inactive Starlink Dishes Now or They'll Be Bricked How we linked ForumTroll APT to Dante spyware by Memento Labs | Securelist Former Polish official indicted over spyware purchase | The Record from Recorded Future News HP OneAgent Update Broke Entra Trust on HP AI Devices Windows' Built-in OpenSSH for Offensive Security How Hacked Card Shufflers Allegedly Enabled a Mob-Fueled Poker Scam That Rocked the NBA | WIRED
In this week's show Patrick Gray and Adam Boileau discuss the week's cybersecurity news, including: China has been rummaging in F5's networks for a couple of years Meanwhile China tries to deflect by accusing the NSA of hacking its national timing system Salesforce hackers use their stolen data trove to dox NSA, ICE employees Crypto stealing, proxy-deploying, blockchain-C2-ing VS Code worm charms us with its chutzpah Adam gets humbled by new Linux-capabilities backdoor trick Microsoft ignores its own guidance on avoiding BinaryFormatter, gets WSUS owned. This episode is sponsored by Push Security. Co-founder and Chief Product Officer Jacques Louw joins to talk through how Push traced a LinkedIn phishing campaign targeting CEOs, and the new logging capabilities that proved critical to understanding it. This episode is also available on Youtube. Show notes Why the F5 Hack Created an ‘Imminent Threat' for Thousands of Networks | WIRED Breach at US-based cybersecurity provider F5 blamed on China, sources say | Reuters Network security devices endanger orgs with '90s era flaws | CSO Online China claims it caught US attempting cyberattack on national time center | The Record from Recorded Future News Hackers Dox Hundreds of DHS, ICE, FBI, and DOJ Officials Hackers Say They Have Personal Data of Thousands of NSA and Other Government Officials ICE amps up its surveillance powers, targeting immigrants and antifa - The Washington Post John Bolton Indictment Provides Interesting Details About Hack of His AOL Account and Extortion Attempt US court orders spyware company NSO to stop targeting WhatsApp, reduces damages | Reuters Apple alerts exploit developer that his iPhone was targeted with government spyware | TechCrunch A New Attack Lets Hackers Steal 2-Factor Authentication Codes From Android Phones | WIRED GlassWorm: First Self-Propagating Worm Using Invisible Code Hits OpenVSX Marketplace | Koi Blog European police bust network selling thousands of phone numbers to scammers | The Record from Recorded Future News Stephan Berger on X: "We recently took over an APT investigation from another forensic company. While reviewing analysis reports from the other company, we discovered that the attackers had been active in the network for months and had deployed multiple backdoors. One way they could regain root" / X Linux Capabilities Revisited | dfir.ch CVE-2025-59287 WSUS Remote Code Execution | HawkTrace TARmageddon (CVE-2025-62518): RCE Vulnerability Highlights the Challenges of Open Source Abandonware | Edera Blog Browser threat detection & response | Push Security | Push Security How Push stopped a high risk LinkedIn spear-phishing attack
In this week's show Patrick Gray and Adam Boileau discuss the week's cybersecurity news, including: FBI intervenes in Scattered Spider Salesforce leaksite Clop loots Oracle E-Biz deployments Plus so much more data extortion.. At least it's not ransomware … we guess? The US still can't decide who's gonna be in charge of NSA & Cybercom Cambodian scam compounds get sanctioned and $15b in crypto is seized NSO gets sold for pocket-lint-grade money Bugs! Redis CVSS 10, Ivanti, Crowdstrike and… Internet Explorer?! zeroday?! In the wild?!!!? This week's episode is sponsored by Stairwell. Founder Mike Wiacek talks about how Stairwell brings VirusTotal-like visibility to private files, and about integrating the insights that brings into your SOC workflow. This episode is also available on Youtube. Show notes FBI takedown banner appears on BreachForums site as Scattered Spider promotes leak | The Record from Recorded Future News Dozens of Oracle customers impacted by Clop data theft for extortion campaign | CyberScoop Well, Well, Well. It's Another Day. (Oracle E-Business Suite Pre-Auth RCE Chain - CVE-2025-61882) Clop is a Big Fish, But Not Worth Hunting - Risky Business Media ShinyHunters Wage Broad Corporate Extortion Spree – Krebs on Security The company Discord blamed for its recent breach says it wasn't hacked Qantas confirms cybercriminals released stolen customer data | The Record from Recorded Future News Red Hat confirms breach of GitLab instance, which stored company's consulting data | CyberScoop Risky Bulletin: Microsoft revamps Edge's "IE Mode" after zero-day attacks - Risky Business Media Teenagers arrested in England over cyberattack on nursery chain Kido | The Record from Recorded Future News Acting US Cyber Command, NSA chief won't be nominated for the job, sources say | The Record from Recorded Future News Layoffs, reassignments further deplete CISA | Cybersecurity Dive Trump's scandalous directive to AG Pam Bondi reached the public by accident Feds sanction Cambodian conglomerate over cyber scams, seize $15 billion from chairman | The Record from Recorded Future News US Congress committee investigating Musk-owned Starlink over Myanmar scam centres | Myanmar | The Guardian Satellites Are Leaking the World's Secrets: Calls, Texts, Military and Corporate Data | WIRED Netherlands invokes special powers against Chinese-owned semiconductor company Nexperia | The Record from Recorded Future News Spyware maker NSO Group confirms acquisition by US investors | TechCrunch Apple Announces $2 Million Bug Bounty Reward for the Most Dangerous Exploits | WIRED Wiz Finds Critical Redis RCE Vulnerability: CVE‑2025‑49844 | Wiz Blog SonicWall admits attacker accessed all customer firewall configurations stored on cloud portal | CyberScoop SonicWall SSLVPN devices compromised using valid credentials | Cybersecurity Dive Issues Affecting CrowdStrike Falcon Sensor for Windows ZDI Drops 13 Unpatched Ivanti Endpoint Manager Vulnerabilities - SecurityWeek Jaguar Land Rover launches phased restart at factories after cyber-attack | Jaguar Land Rover | The Guardian Windows 10 support ends today — here's who's affected and what you need to do
On this week's show Patrick Gray is on holiday so Amberleigh Jack and Adam Boileau hijack the studio to discuss the week's cybersecurity news, including: Hackers learn that trying to coerce a journalist just makes for … a great story? A man in his 40s gets arrested over the European airport chaos. Yep, we're surprised, too. Adam fanboys over Watchtowr Labs while bemoaning Fortra. Academics pick apart Tile trackers and find them lacking CISA tells agencies to patch their damn Cisco gear This episode is also available on YouTube. Show notes 'You'll never need to work again': Criminals offer reporter money to hack BBC Government to guarantee £1.5bn Jaguar Land Rover loan after cyber shutdown Feds Tie ‘Scattered Spider' Duo to $115M in Ransoms – Krebs on Security UK authorities arrest man in connection with cyberattack against aviation vendor | Cybersecurity Dive Chinese scammer pleads guilty after UK seizes nearly $7 billion in bitcoin Cyberattack on Japanese beer giant Asahi limits shipping, call center operations | The Record from Recorded Future News Afghanistan plunged into nationwide internet blackout, disrupting air travel, medical care | The Record from Recorded Future News Tile trackers are a stalker's dream, say Georgia Tech researchers Intel and AMD trusted enclaves, the backbone of network security, fall to physical attacks - Ars Technica Supermicro server motherboards can be infected with unremovable malware - Ars Technica China-linked hackers use ‘BRICKSTORM' backdoor to steal IP | The Record from Recorded Future News Another BRICKSTORM: Stealthy Backdoor Enabling Espionage into Tech and Legal Sectors Federal agencies given one day to patch exploited Cisco firewall bugs | The Record from Recorded Future News Cisco IOS and IOS XE Software SNMP Denial of Service and Remote Code Execution Vulnerability Is This Bad? This Feels Bad. (Fortra GoAnywhere CVE-2025-10035) It Is Bad (Exploitation of Fortra GoAnywhere MFT CVE-2025-10035) - Part 2
On this week's show Patrick Gray and Adam Boileau discuss the week's cybersecurity news, including: Shai-Hulud worm propagates via npm and steals credentials Jaguar Land Rover attack may put smaller suppliers out of business Leaked data emerges from the vendor behind the Great Firewall of China Vastaamo hacker walks free while appeal is underway Why is a senator so mad about Kerberos? This week's episode is sponsored by Knocknoc. Chief exec Adam Pointon joins to talk through the surprising number of customers that are using Knocknoc's identity-to-firewall glue to protect internal services and networks. This week's episode is also available on Youtube. Show notes Self-Replicating Worm Hits 180+ Software Packages – Krebs on Security Jaguar Land Rover: Some suppliers 'face bankruptcy' due to hack crisis Jaguar Land Rover production shutdown could last until November U.S. Investors, Trump Close In on TikTok Deal With China - WSJ U.S. Investors, Trump Close In on TikTok Deal With China - WSJ How China's Propaganda and Surveillance Systems Really Operate | WIRED Mythical Beasts: Diving into the depths of the global spyware market - Atlantic Council Hacker convicted of extorting 20,000 psychotherapy victims walks free during appeal | The Record from Recorded Future News US national charged in Finnish psychotherapy center extortion | The Record from Recorded Future News BreachForums administrator given three-year prison stint after resentencing | The Record from Recorded Future News Microsoft, Cloudflare disrupt RaccoonO365 credential stealing tool run by Nigerian national | The Record from Recorded Future News Senator blasts Microsoft for making default Windows vulnerable to “Kerberoasting” - Ars Technica Exclusive: US warns hidden radios may be embedded in solar-powered highway infrastructure | Reuters Israel announces seizure of $1.5M from crypto wallets tied to Iran | TechCrunch
On this week's show Patrick Gray and Adam Boileau discuss the week's cybersecurity news, including: Apple ruins exploit developers' week with fresh memory corruption mitigations Feross Aboukhadijeh drops by to talk about the big, dumb npm supply chain attack Salesloft says its GitHub was the initial entry point for its compromise Sitecore says people should “patch” its using-the-keymat-from-the-documentation “zero day” Rogue certs for 1.1.1.1 appear to be just (stupid) testing Jaguar Land Rover ransomware attackers are courting trouble This week's episode is sponsored by open source cloud security tool, Prowler. Founder Toni de la Fuente joins to discuss their new support for Microsoft 365. Time to point Prowler at your OneDrive and Sharepoint! This episode is also available on Youtube. Show notes Blog - Memory Integrity Enforcement: A complete vision for memory safety in Apple devices - Apple Security Research Venezuela's president thinks American spies can't hack Huawei phones | TechCrunch 18 Popular Code Packages Hacked, Rigged to Steal Crypto – Krebs on Security Software packages with more than 2 billion weekly downloads hit in supply-chain attack - Ars Technica Salesloft platform integration restored after probe reveals monthslong GitHub account compromise | Cybersecurity Dive CISA orders federal agencies to patch Sitecore zero-day following hacking reports | The Record from Recorded Future News SAP warns of high-severity vulnerabilities in multiple products - Ars Technica The number of mis-issued 1.1.1.1 certificates grows. Here's the latest. - Ars Technica Cyberattack on Jaguar Land Rover threatens to hit British economic growth | The Record from Recorded Future News Cyberattack forces Jaguar Land Rover to tell staff to stay at home | The Record from Recorded Future News Bridgestone Americas continues probe as it looks to restore operations | Cybersecurity Dive Qantas penalizes executives for July cyberattack | The Record from Recorded Future News Cyber Command, NSA to remain under single leader as officials shelve plan to end 'dual hat' | The Record from Recorded Future News GOP Cries Censorship Over Spam Filters That Work – Krebs on Security Risky Bulletin: APT report? No, just a phishing test! - Risky Business Media Post by @patrick.risky.biz — Bluesky
On this week's show Patrick Gray and Adam Boileau discuss the week's cybersecurity news, including: The Salesloft breach and why OAuth soup is a problem The Salt Typhoon telco hackers turn out to be Chinese private sector, but state-directed Google says it will stand up a “disruption unit” Microsoft writes up a ransomware gang that's all-in on the cloud future Aussie firm hot-mics its work-from-home employees' laptops Youtube scam baiters help the feds take down a fraud ring This episode is sponsored by Dropzone.AI. Founder and CEO Edward Wu joins the show to talk about how AI driven SOC tools can help smaller organisations claw their way above the “security poverty line”. A dedicated monitoring team, threat hunting and alert triage, in a company that only has a couple of part time infosec people? Yes please! This episode is also available on Youtube. Show notes The Ongoing Fallout from a Breach at AI Chatbot Maker Salesloft – Krebs on Security Salesloft: The Leading AI Revenue Orchestration Platform Palo Alto Networks, Zscaler customers impacted by supply chain attacks | Cybersecurity Dive The impact of the Salesloft Drift breach on Cloudflare and our customers China used three private companies to hack global telecoms, U.S. says CSA_COUNTERING_CHINA_STATE_ACTORS_COMPROMISE_OF_NETWORKS.PDF Google previews cyber ‘disruption unit' as U.S. government, industry weigh going heavier on offense | CyberScoop Ransomware gang takedowns causing explosion of new, smaller groups | The Record from Recorded Future News Hundreds of Swedish municipalities impacted by suspected ransomware attack on IT supplier | The Record from Recorded Future News Storm-0501's evolving techniques lead to cloud-based ransomware | Microsoft Security Blog The Era of AI-Generated Ransomware Has Arrived | WIRED Between Two Nerds: How threat actors are using AI to run wild - YouTube Affiliates Flock to ‘Soulless' Scam Gambling Machine – Krebs on Security UK sought broad access to Apple customers' data, court filing suggests ICE reactivates contract with spyware maker Paragon | TechCrunch WhatsApp fixes 'zero-click' bug used to hack Apple users with spyware | TechCrunch Safetrac turned staff laptops into covert recording devices to monitor WFH Risky Bulletin: YouTubers unmask and help dismantle giant Chinese scam ring - Risky Business Media
On this week's show Patrick Gray and Adam Boileau discuss the week's cybersecurity news, including: Australia expels Iranian ambassador Hackers sabotage Iranian shipping satcoms APT hacker got doxxed in Phrack. Kind of. They're probably Chinese, not DPRK? Trail of Bits uses image-downscaling to sneak prompts into Google Gemini The Com's King Bob gets ten years in the slammer It's a day that ends in -y, so of course there's a new Citrix Netscaler RCE being used in the wild. This week's episode is brought to you by Corelight. Chief Strategy Officer Greg Bell talks through how they've been implementing AI for sifting through your network data. A model-context-protocol server that can rummage in all those packet logs for you while you keep investigating? Yes please. This episode is also available on Youtube. Show notes Embassy staff flee Canberra in dead of night | news.com.au — Australia's leading news site for latest headlines Swedish security service says Iran uses criminal networks in Sweden | Reuters Risky Bulletin: Hackers sabotage Iranian ships at sea, again - Risky Business Media Microsoft scales back Chinese access to cyber early warning system | Reuters Microsoft Didn't Disclose Key Details to U.S. Officials of China-Based Engineers, Record Shows — ProPublica .:: Phrack Magazine ::. Uncovering the Chinese Proxy Service Used in APT Campaigns Weaponizing image scaling against production AI systems -The Trail of Bits Blog FBI, Cisco warn of Russia-linked hackers targeting critical infrastructure organizations | Cybersecurity Dive CrowdStrike warns of uptick in Silk Typhoon attacks this summer | CyberScoop Kevin Beaumont: "There's a bunch of new Netscal…" - Cyberplace US charges Oregon man in vast botnet-for-hire operation | Cybersecurity Dive South Korea arrests suspected Chinese hacker accused of targeting BTS singer and other celebrities | The Record from Recorded Future News SIM-Swapper, Scattered Spider Hacker Gets 10 Years – Krebs on Security Chinese national who sabotaged Ohio company's systems handed four-year jail stint | The Record from Recorded Future News Nevada state offices close after wide-ranging 'network security incident' | Reuters DSLRoot, Proxies, and the Threat of ‘Legal Botnets' – Krebs on Security Russia weighs Google Meet ban as part of foreign tech crackdown | The Record from Recorded Future News Kremlin-Mandated Messaging App Max Is Designed To Spy On Users Иеромонах РПЦ Макарий призвал помолиться за мессенджер MAX
On this week's show Patrick Gray and Adam Boileau discuss the week's cybersecurity news, including: Oracle's long term CSO departs, and we're not that sad about it Canada's House of Commons gets popped through a Microsoft bug Russia degrades voice calls via Whatsapp and Telegram to push people towards Max South-East Asian scam compounds are also behind child sextortion Reports that the UK has backed down on Apple crypto are… strange Oh and of course there's a Fortinet bug! There's always a Fortinet bug! This week's episode is sponsored by open source identity provider Authentik. CEO Fletcher Heisler joins the show this week, and explains the journey of implementing SSO backed login on Windows, Mac and Linux. You'll never guess which one was a few lines of PAM config, and which was a multi-month engineering project! This episode is also available on Youtube. Show notes Is Oracle facing headwinds? After layoffs, its 4-decade veteran Chief Security Officer Mary Ann Davidson departs Oracle CSO blasted over anti-security research rant - iTnews New York lawsuit against Zelle creator alleges features allowed $1 billion in thefts | The Record from Recorded Future News Mobile Phishers Target Brokerage Accounts in ‘Ramp and Dump' Cashout Scheme – Krebs on Security How we found TeaOnHer spilling users' driver's licenses in less than 10 minutes | TechCrunch UK has backed down on demand to access US Apple user data, spy chief says DNI Tulsi Gabbard on X: "As a result, the UK has agreed to drop its mandate for" Hackers target Workday in social engineering attack Russia curbs WhatsApp, Telegram calls to counter cybercrime | The Record from Recorded Future News Hackers reportedly compromise Canadian House of Commons through Microsoft vulnerability | The Record from Recorded Future News Norway police believe pro-Russian hackers were behind April dam sabotage | The Record from Recorded Future News US agencies, international allies issue guidance on OT asset inventorying | Cybersecurity Dive FortMajeure: Authentication Bypass in FortiWeb (CVE-2025-52970) U.S. State Dept - Near Eastern Affairs on X: "He did not claim diplomatic immunity and was released by a state judge" 493 Cases of Sextortion Against Children Linked to Notorious Scam Compounds | WIRED .:: Phrack Magazine ::. Accenture to buy Australian cyber security firm CyberCX - iTnews
On this week's show Patrick Gray and Adam Boileau discuss the week's cybersecurity news, including: CISA warns about the path from on-prem Exchange to the cloud Microsoft awards a crisp zero dollar bill for a report about what a mess its internal Entra-authed apps are Everyone and their dog seems to have a shell in US Federal Court information systems Google pays $250k for a Chrome sandbox escape Attackers use javascript in adult SVG files to … farm facebook likes?! SonicWall says users aren't getting hacked with an 0day… this time. This week's episode is sponsored by SpecterOps. Chief product officer Justin Kohler talks about how the flagship Bloodhound tool has evolved to map attack paths anywhere. Bring your own applications, directories and systems into the graph, and join the identity attacks together. This episode is also available on Youtube. Show notes CISA, Microsoft issue alerts on ‘high-severity' Exchange vulnerability | The Record from Recorded Future News Advanced Active Directory to Entra ID lateral movement techniques Consent & Compromise: Abusing Entra OAuth for Fun and Access to Internal Microsoft Applications Cartels may be able to target witnesses after major court hack Federal judiciary tightens digital security as it deals with ‘escalated cyberattacks' | The Record from Recorded Future News Citrix NetScaler flaws lead to critical infrastructure breaches | Cybersecurity Dive DARPA touts value of AI-powered vulnerability detection as it announces competition winners | Cybersecurity Dive Buttercup is now open-source! HTTP/1.1 must die: the desync endgame US confirms takedown of BlackSuit ransomware gang that racked up $370 million in ransoms | The Record from Recorded Future News North Korean cyber-espionage group ScarCruft adds ransomware in recent attack | The Record from Recorded Future News Adult sites are stashing exploit code inside racy .svg files - Ars Technica Google pays 250k for Chromium sandbox escape SonicWall says recent attack wave involved previously disclosed flaw, not zero-day | Cybersecurity Dive Two groups exploit WinRAR flaws in separate cyber-espionage campaigns | The Record from Recorded Future News Tornado Cash cofounder dodges money laundering conviction, found guilty of lesser charge | The Record from Recorded Future News Hackers Hijacked Google's Gemini AI With a Poisoned Calendar Invite to Take Over a Smart Home | WIRED Malware in Open VSX: These Vibes Are Off How attackers are using Active Directory Federation Services to phish with legit office.com links Introducing our guide to phishing detection evasion techniques The State of Attack Path Management
On this week's show Patrick Gray and Adam Boileau discuss the week's cybersecurity news. Google security engineering VP Heather Adkins drops by to talk about their AI bug hunter, and Risky Business producer Amberleigh Jack makes her main show debut. This episode explores the rise of AI-powered bug hunting: Google's Project Zero and Deepmind team up to find and report 20 bugs to open source projects The XBOW AI bug hunting platform sees success on HackerOne Is an AI James Kettle on the horizon? There's also plenty of regular cybersecurity news to discuss: On-prem Sharepoint's codebase is maintained out of China… awkward! China frets about the US backdooring its NVIDIA chips, how you like ‘dem apples, China? SonicWall advises customers to turn off their VPNs Hardware controlling Dell laptop fingerprint and card readers has nasty driver bugs Russia uses its ISPs to in-the-middle embassy computers and backdoor ‘em. The Russian government pushes VK's Max messenger for everything This week's show is sponsored by device management platform Devicie. Head of Solutions Sean Ollerton talks through the impending Windows 10 apocalypse, as Microsoft ends mainstream support. He says Windows 11 isn't as scary as people make out, but if the update isn't on your radar now, time is running out. This episode is also available on Youtube. Show notes Google says its AI-based bug hunter found 20 security vulnerabilities | TechCrunch Is XBOW's success the beginning of the end of human-led bug hunting? Not yet. | CyberScoop James Kettle on X: "There I am being careful to balance hyping my talk without going too far and then this gets published
On this week's show Patrick Gray and Adam Boileau discuss the week's cybersecurity news: Did the SharePoint bug leak out of the Microsoft MAPP program? Expel retracts its FIDO bypass writeup The mess surrounding the women-only dating-safety app Tea gets worse Broadcom customers struggle to get patches for VMWare hypervisor escapes Aeroflot gets hacked by the Cyber Partisans, disrupting flights This week's episode is sponsored by Push Security. Satisfied Push customer Daniel Cuthbert from Santander Bank joins on their behalf. He explains how having telemetry about identity from inside the browser is a key pillar for investigating intrusions in the browser-centric future. This episode is also available on Youtube. Show notes Microsoft Probing Whether Cyber Alert Tipped Off Chinese Hackers Microsoft says Warlock ransomware deployed in SharePoint attacks as governments scramble | The Record from Recorded Future News What we know about the Microsoft SharePoint attacks | Cybersecurity Dive An important update (and apology) on our PoisonSeed blog Tea User Files Class Action After Women's Safety App Exposes Data A Second Tea Breach Reveals Users' DMs About Abortions and Cheating Top Lawyer for National Security Agency Is Fired From Help Desk to Hypervisor: Defending Your VMware vSphere Estate from UNC3944 VMware prevents some perpetual license holders from downloading patches Pro-Ukrainian hackers take credit for attack that snarls Russian flight travel - Ars Technica КИБЕРУДАР ПО АЭРОФЛОТУ РФ!v Treasury sanctions North Koreans involved in IT-worker schemes | Cybersecurity Dive Minnesota governor activates National Guard amid St. Paul cyberattack | StateScoop Outage was result of cyberattack, Post Luxembourg says Clorox files $380 million suit blaming Cognizant for 2023 cyberattack | Cybersecurity Dive Cisco network access security platform vulnerabilities under active exploitation | CyberScoop Arizona woman sentenced to 8.5 years for running North Korean laptop farm | The Record from Recorded Future News Cybercrime forum Leak Zone publicly exposed its users' IP addresses | TechCrunch
Risky Biz returns after two weeks off, and there sure is cybersecurity news to catch up on. Patrick Gray and Adam Boileau discuss: Microsoft tried to make outsourcing the Pentagon's cloud maintenance to China okay (it was not) She shells Sharepoint by the sea-shore (by ‘she' we mean ‘China') Four (alleged) Scattered Spider members arrested (and bailed) in the UK Hackers spend $2700 to buy creds for a Brazilian payment system, steal $100M Fortinet has SQLI in the auth header, Citrix mem leak is weaponised, HP hardcodes creds and Sonicwalls get user-moderootkits. Just security vendor things! This week's episode is sponsored by Airlock Digital. CEO David Cottingham talks through what it takes to build a mature, resilient management platform for a security critical system. This episode is also available on Youtube. Show notes Update on DOD's cloud services Microsoft to stop using engineers in China for tech support of US military, Hegseth orders review A Little-Known Microsoft Program Could Expose the Defense Department to Chinese Hackers While DOD policy bans unauthorized apps like TikTok from being on employees phones over national security risks Microsoft Fix Targets Attacks on SharePoint Zero-Day – Krebs on Security National Guard was hacked by China's 'Salt Typhoon' group, DHS says Suspected contractor for China's Hafnium group arrested in in Italy | Cybersecurity Dive Singapore accuses Chinese state-backed hackers of attacking critical infrastructure networks | The Record from Recorded Future News UK Arrests Four in ‘Scattered Spider' Ransom Group – Krebs on Security Four people bailed after arrests over cyber attacks on M&S, Co-op and Harrods Brazilian police arrest IT worker over $100 million cyber theft | The Record from Recorded Future News At Least 750 US Hospitals Faced Disruptions During Last Year's CrowdStrike Outage, Study Finds | WIRED Hacker returns cryptocurrency stolen from GMX exchange after $5 million bounty payment | The Record Indian crypto exchange CoinDCX says $44 million stolen from reserves | The Record Chainalysis: $2.17 billion in crypto stolen in first half of 2025, driven by North Korean hacks | The Record PoisonSeed bypassing FIDO keys to ‘fetch' user accounts Risky Bulletin: Browser extensions hijacked for web scraping botnet A Startup is Selling Data Hacked from Peoples' Computers to Debt Collectors A surveillance vendor was caught exploiting a new SS7 attack to track people's phone locations | TechCrunch Ukrainian hackers wipe databases at Russia's Gazprom in major cyberattack, intelligence source says File transfer company CrushFTP warns of zero-day exploit seen in the wild | The Record HPE warns of hardcoded passwords in Aruba access points Pre-Auth SQL Injection to RCE - Fortinet FortiWeb Fabric Connector (CVE-2025-25257) Researchers, CISA confirm active exploitation of critical Citrix Netscaler flaw | Cybersecurity Dive Google finds custom backdoor being installed on SonicWall network devices - Ars Technica Hackers Can Remotely Trigger the Brakes on American Trains and the Problem Has Been Ignored for Years
On this week's show Patrick Gray and Adam Boileau discuss the week's cybersecurity news: Australian airline Qantas looks like it got a Scattered Spider-ing Microsoft works towards blunting the next CrowdStrike disaster Changes are coming for Microsoft's default enterprise app consenting setup Synology downplays hardcoded passwords for its M365 cloud backup agent The next Citrix Netscaler memory disclosure looks nasty Drug cartels used technical surveillance to find, fix and finish FBI informants and witnesses This week's episode is sponsored by RAD Security. Co-founder Jimmy Mesta joins to talk through how they use AI automation to assess the security posture of sprawling cloud environments. This episode is also available on Youtube. Show notes Qantas hit by cyber attack, leaving 6 million customer records at risk of data breach Scattered Spider appears to pivot toward aviation sector | Cybersecurity Dive Microsoft to make Windows more resilient following 2024 IT outage | Cybersecurity Dive (384) The Ultimate Guide to App Consent in Microsoft Entra - YouTube When Backups Open Backdoors: Accessing Sensitive Cloud Data via "Synology Active Backup for Microsoft 365" / modzero AT&T deploys new account lock feature to counter SIM swapping | CyberScoop Iran-linked hackers threaten to release Trump aides' emails | Reuters US government warns of new Iran-linked cyber threats on critical infrastructure | Cybersecurity Dive Actively exploited vulnerability gives extraordinary control over server fleets - Ars Technica Critical vulnerability in Citrix Netscaler raises specter of exploitation wave | Cybersecurity Dive Identities of More Than 80 Americans Stolen for North Korean IT Worker Scams | WIRED Cloudflare confirms Russia restricting access to services amid free internet crackdown | The Record from Recorded Future News Mexican drug cartel used hacker to track FBI official, then killed potential FBI informants, government audit says | CNN Politics Audit of the FBI's Efforts to Mitigate the Effects of Ubiquitous Technical Surveillance - Redacted Report NATO members aim for spending 5% of GDP on defense, with 1.5% eligible for cyber | The Record from Recorded Future News US sanctions bulletproof hosting provider for supporting ransomware, infostealer operations | CyberScoop US, French authorities confirm arrest of BreachForums hackers | TechCrunch Spanish police arrest five over $542 million crypto investment scheme | The Record from Recorded Future News Scam compounds labeled a 'living nightmare' as Cambodian government accused of turning a blind eye | The Record from Recorded Future News
On this week's show Patrick Gray and Adam Boileau discuss the week's cybersecurity news: We roll our eyes over the “16 billion credentials” leak hitting mainstream news Some interesting cyber angles emerge from the conflict in Iran Opensource maintainer of libxml2 is fed up with this hacker crap Shockingly, there are yet more ways to trick people into pasting commands into Windows Veeam “patches” its backup software RCE like it's 2002 … by breaking the public PoC This week's episode is sponsored by Internet-wide honeypot reconnaissance platform, Greynoise. Founder Andrew Morris joins to talk about their journey spotting Chinese ORB-builders hacking thousands of ASUS routers, and why they're destined for the woodchipper. This episode is also available on Youtube. Show notes No, the 16 billion credentials leak is not a new data breach Canadian telecom hacked by suspected China state group - Ars Technica Telecom giant Viasat breached by China's Salt Typhoon hackers WarTranslated on X: "Iran's jamming GPS in the Strait of Hormuz, messing with ~970 ships, per Windward. UKMTO confirms the interference. Faulty AIS coordinates are screwing up navigation in the Persian Gulf. The IRGC threatens to shut the strait down in hours. https://t.co/kdMJvshOGC" / X Dmitri Alperovitch on X: "Chairman of the Joint Chiefs Gen. Dan Caine says @US_CYBERCOM supported this strike mission" / X Top Pentagon spy pick rejected by White House - POLITICO DHS warns of heightened cyber threat as US enters Iran conflict | Cybersecurity Dive Exclusive: Early US intel assessment suggests strikes on Iran did not destroy nuclear sites, sources say U.S. braces for Iran's response after overnight strikes on nuclear sites Assessing the Damage to Iran's Nuclear Program Iran Hacks Tirana Municipality in Retaliation Over MEK - Tirana Times Iran's government says it shut down internet to protect against cyberattacks | TechCrunch Aflac discloses cyber intrusion linked to wider crime spree targeting insurance industry | Cybersecurity Dive Tonga Ministry of Health hit with cyberattack affecting website, IT systems | The Record from Recorded Future News Alleged Ryuk ransomware gang member arrested in Ukraine and extradited to US | The Record from Recorded Future News Russia releases REvil members after convictions for payment card fraud | The Record from Recorded Future News OneLogin, Many Issues: How I Pivoted from a Trial Tenant to Compromising Customer Signing Keys - SpecterOps Triaging security issues reported by third parties (#913) · Issue · GNOME/libxml2 README: Set expectations straight (35d04a08) · Commits · GNOME / libxml2 · GitLab What's in an ASP? Creative Phishing Attack on Prominent Academics and Critics of Russia | Google Cloud Blog FileFix - A ClickFix Alternative | mr.d0x Address bar shows hp.com. Browser displays scammers' malicious text anyway. - Ars Technica Researchers urge vigilance as Veeam releases patch to address critical flaw | Cybersecurity Dive ASUSpicious Flaw - Millions of Users' Information Exposed Since 2022 | MrBruh's Epic Blog Perth dad who created ‘evil twin' Wi-Fi did so to access pictures of women GreyNoise Discovers Stealthy Backdoor Campaign Affecting Thousands of ASUS Routers
On this week's show Patrick Gray and Adam Boileau are joined by special guest Chris Krebs to discuss the week's cybersecurity news. They talk through: Israeli “hacktivists” take out an Iranian state-owned bank Scattered-spider and friends pivot into attacking insurers Securing identities in a cloud-first world keeps us awake at night Microsoft takes the “aas” out of SaaS for Europe, leaving us with just software! An AI prompt injection into M365 exfils corporate data This week's episode is sponsored by Kroll's Cyber practice. Kroll Cyber Associate Managing Director George Glass is based in London and talks through his experiences helping organisations in the UK deal with the Scattered Spider attacks. This episode is also available on Youtube. Show notes Iran's Bank Sepah disrupted by cyberattack claimed by pro-Israel hacktivist group | CyberScoop Iran orders officials to ditch connected devices Heightened Cyberthreat Amidst Israel-Iran Conflict Threat group linked to UK, US retail attacks now targeting insurance industry | Cybersecurity Dive Coming to Apple OSes: A seamless, secure way to import and export passkeys - Ars Technica Cyberattack on Washington Post Compromises Email Accounts of Journalists Hackers impersonating US government compromise email account of prominent Russia researcher | The Record from Recorded Future News A good one to talk to Chris about: Breaking down ‘EchoLeak', the First Zero-Click AI Vulnerability Enabling Data Exfiltration from Microsoft 365 Copilot CISA warns of supply chain risks as ransomware attacks exploit SimpleHelp flaws | Cybersecurity Dive Whole Foods supplier making progress on restoration after cyberattack left shelves empty | The Record from Recorded Future News Ransomware attack on ticketing platform upends South Korean entertainment industry | The Record from Recorded Future News Advisory: Cybersecurity incident
On this week's show Patrick Gray and Adam Boileau discuss the week's cybersecurity news: New York Times gets a little stolen Russian FSB data as a treat iVerify spots possible evidence of iOS exploitation against the Harris-Walz campaign Researcher figures out a trick to get Google account holders' full names and phone numbers Major US food distributor gets ransomwared The Com's social engineering of Salesforce app authorisations is a harbinger of our future problems Australian Navy forgets New Zealand has computers, zaps Kiwis with their giant radar. This week's episode is sponsored by identity provider Okta. Long-time friend of the show Alex Tilley is Okta's Global Threat Research Coordinator, and he joins to discuss how organisations can use both human and technical signals to spot North Koreans in their midst. This episode is also available on Youtube. Show notes How The Times Obtained Secret Russian Intelligence Documents - The New York Times Ukraine's military intelligence claims cyberattack on Russian strategic bomber maker | The Record from Recorded Future News Harris-Walz campaign may have been targeted by iPhone hackers, cybersecurity firm says iVerify Uncovers Evidence of Zero-Click Mobile Exploitation in the U.S. Spyware maker cuts ties with Italy after government refused audit into hack of journalist's phone | The Record from Recorded Future News Italian lawmakers say Italy used spyware to target phones of immigration activists, but not against journalist | TechCrunch Android chipmaker Qualcomm fixes three zero-days exploited by hackers | TechCrunch Cellebrite to acquire mobile testing firm Corellium in $200 million deal | CyberScoop Apple Gave Governments Data on Thousands of Push Notifications A Researcher Figured Out How to Reveal Any Phone Number Linked to a Google Account Bruteforcing the phone number of any Google user Acreed infostealer poised to replace Lumma after global crackdown | The Record from Recorded Future News BidenCash darknet forum taken down by US, Dutch law enforcement | The Record from Recorded Future News NHS calls for 1 million blood donors as UK stocks remain low following cyberattack | The Record from Recorded Future News Major food wholesaler says cyberattack impacting distribution systems | The Record from Recorded Future News Kettering Health confirms attack by Interlock ransomware group as health record system is restored | The Record from Recorded Future News Hackers abuse malicious version of Salesforce tool for data theft, extortion | Cybersecurity Dive shubs on X: "IP whitelisting is fundamentally broken. At @assetnote, we've successfully bypassed network controls by routing traffic through a specific location (cloud provider, geo-location). Today, we're releasing Newtowner, to help test for this issue: https://t.co/X3dkMz9gwK" / X Ross Ulbricht Got a $31 Million Donation From a Dark Web Dealer, Crypto Tracers Suspect | WIRED Australian navy ship causes radio and internet outages to parts of New Zealand
On this week's show Patrick Gray and Adam Boileau discuss the week's cybersecurity news: Cyber firms agree to deconflict and cross-reference hacker group names Russian nuclear facility blueprints gathered from public procurement websites Someone audio deepfaked the White House Chief of Staff, but for the dumbest reasons Germany identifies the Trickbot kingpin Google spots China's MSS using Calendar events for malware C2 Meta apps abuse localhost listeners to track web sessions. This week's episode is sponsored by automation vendor Tines. Its Field CISO, Matt Muller, joins the show to discuss an open letter penned by JP Morgan Chase's CISO that pleads with Software as a Service suppliers to try to suck less at security. This episode is also available on Youtube. Show notes 'Forest Blizzard' vs 'Fancy Bear' - cyber companies hope to untangle weird hacker nicknames | Reuters Ukraine's Massive Drone Attack Was Powered by Open Source Software Massive security breach: Russian nuclear facilities exposed online How a Spyware App Compromised Assad's Army - New Lines Magazine Exclusive | Federal Authorities Probe Effort to Impersonate White House Chief of Staff Susie Wiles - WSJ Malaysian home minister's WhatsApp hacked, used to scam contacts | The Record from Recorded Future News U.S. Sanctions Cloud Provider ‘Funnull' as Top Source of ‘Pig Butchering' Scams – Krebs on Security Top counter antivirus service disrupted in global takedown | CyberScoop Cops in Germany Claim They've ID'd the Mysterious Trickbot Ransomware Kingpin | WIRED Australian ransomware victims now must tell the government if they pay up | The Record from Recorded Future News Google: China-backed hackers hiding malware in calendar events | Cybersecurity Dive Coinbase breach linked to customer data leak in India, sources say | Reuters US military IT specialist arrested for allegedly trying to leak secrets to foreign government | The Record from Recorded Future News NSO appeals WhatsApp decision, says it can't pay $168 million in ‘unlawful' damages | The Record from Recorded Future News ConnectWise says nation-state attack targeted multiple ScreenConnect customers | The Record from Recorded Future News Google Online Security Blog: Sustaining Digital Certificate Security - Upcoming Changes to the Chrome Root Store Meta and Yandex are de-anonymizing Android users' web browsing identifiers - Ars Technica An Open Letter to Third-Party Suppliers
In this week's edition of Risky Business Dmitri Alperovitch and Adam Boileau join Patrick Gray to talk through the week's news, including: EXCLUSIVE: A Scattered Spider-style crew is hijacking DNS MX entries and compromising enterprises within minutes The SVG format brings the all horrors of HTML+JS to image files, and attackers have noticed Brian Krebs eats a 6.3Tbps DDoS … ‘cause that's how you demo your packet cannon Law enforcement takes out Lumma Stealer, Qakbot, Danabot and some dark web drug traffickers Iranian behind 2019 Baltimore ransomware mysteriously appears in North Carolina and pleads guilty CISA's leadership is fleeing in droves, even though the US needs them more than ever. This week's episode is sponsored by Thinkst Canary. Long time friend of the show Haroon Meer joins and talks through where he feels the industry is at, having just returned home from the AI-fueled hype at this year's RSA conference. This episode is also available on Youtube. Show notes China-linked ‘Silk Typhoon' hackers accessed Commvault cloud environments, person familiar says - Nextgov/FCW Risky Bulletin: SVG use for phishing explodes in 2025 - Risky Business Media KrebsOnSecurity Hit With Near-Record 6.3 Tbps DDoS – Krebs on Security Midwestern telco Cellcom confirms cyber incident after days of service outages | The Record from Recorded Future News Microsoft leads international takedown of Lumma Stealer | Cybersecurity Dive Who said what? on X: "Message from the administrator of Lumma Stealer on the forums about the recent events
On this week's show Patrick Gray and Adam Boileau discuss the week's cybersecurity news: TeleMessage memory dumps show up on DDoSecrets Coinbase contractor bribed to hand over user data Telegram does seem to be actually cooperating with law enforcement Britain's legal aid service gets 15 years worth of applicant data stolen Shocking no one, Ivanti were weaseling when they blamed latest bugs on a third party library This week's episode is sponsored by Prowler, who make an open source cloud security tool. Founder and original project developer Toni de la Fuente joins to talk through the flexibility that open tooling brings. Prowler is also adding support for SaaS platforms like M365, and of course, an AI assistant to help you write checks! This episode is also available on Youtube. Show notes TeleMessage - Distributed Denial of Secrets How the Signal Knockoff App TeleMessage Got Hacked in 20 Minutes | WIRED Coinbase says thieves stole user data and tried to extort $20M Hack could cost Coinbase up to $400M: filing | Cybersecurity Dive Severed Fingers and ‘Wrench Attacks' Rattle the Crypto Elite Money Stuff: US Debt Rates Itself | NewsletterHunt 2 massive black market services blocked by Telegram, messaging app says | Reuters Telegram Gave Authorities Data on More than 20,000 Users GovDelivery, an email alert system used by governments, abused to send scam messages | TechCrunch ATO warning as hackers steal $14,000 in tax returns: ‘Be wary' Hack of SEC social media account earns 14-month prison sentence for Alabama man | The Record from Recorded Future News 19-year-old accused of largest child data breach in U.S. agrees to plead guilty Beach mansion, Benz and Bitcoin worth $4.5m seized from League of Legends hacker Shane Stephen Duffy | 7NEWS Pegasus spyware maker rebuffed in efforts to get off trade blacklist - The Washington Post Ransomware attack hits supplier of refrigerated groceries to British supermarkets | The Record from Recorded Future News UK government confirms massive data breach following hack of Legal Aid Agency | The Record from Recorded Future News Ivanti Endpoint Mobile Manager customers exploited via chained vulnerabilities | Cybersecurity Dive Expression Payloads Meet Mayhem - Ivanti EPMM Unauth RCE Chain (CVE-2025-4427 and CVE-2025-4428)
On this week's show Patrick Gray and Adam Boileau discuss the week's cybersecurity news: Struggling to find that pesky passwords.xlsx in Sharepoint? Copilot has your back! The ransomware ecosystem is finding life a bit tough lately SAP Netweaver bug being used by Chinese APT crew Academics keep just keep finding CPU side-channel attacks And of course… bugs! Asus, Ivanti, Fortinet… and a Nissan LEAF? This week's episode is sponsored by Resourcely, who will soothe your Terraform pains. Founder and CEO Tracis McPeak joins to talk about how to get from a very red dashboard full of cloud problems to a workable future. This episode is also available on Youtube. Show notes Exploiting Copilot AI for SharePoint | Pen Test Partners MrBruh's Epic Blog Ransomware group Lockbit appears to have been hacked, analysts say | Reuters "CONTI LEAK: Video they tried to bury! 6+ Conti members on a private jet. TARGET's birthday — $10M bounty on his head. Filmed by TARGET himself. Original erased — we kept a copy." Mysterious hackers who targeted Marks and Spencer's computer systems hint at political allegiance as they warn other tech criminals not to attack former Soviet states The organizational structure of ransomware groups is evolving rapidly. SAP NetWeaver exploitation enters second wave of threat activity China-Nexus Nation State Actors Exploit SAP NetWeaver (CVE-2025-31324) to Target Critical Infrastructures DOGE software engineer's computer infected by info-stealing malware Hackers hijack Japanese financial accounts to conduct nearly $2 billion in trades FBI and Dutch police seize and shut down botnet of hacked routers Poland arrests four in global DDoS-for-hire takedown School districts hit with extortion attempts after PowerSchool breach EU launches vulnerability database to tackle cybersecurity threats Training Solo - vusec Branch Privilege Injection: Exploiting Branch Predictor Race Conditions – Computer Security Group Remote Exploitation of Nissan Leaf: Controlling Critical Body Elements from the Internet PSIRT | FortiGuard Labs EPMM Security Update | Ivanti
On this week's show Patrick Gray and Adam Boileau discuss the week's cybersecurity news: White House's off-brand Israeli Signal fork logs cleartext messages with hard coded creds while getting hacked (twice). Just … Wow. Ransomware attacks on UK retailers are linked, and Marks & Spencer has it extra bad After six years dormant, a Magento eCommerce platform backdoor comes to life The North Korean IT worker scam is truly webscale NSO group owes Meta $168m for hacking WhatsApp This week's episode is sponsored by vulnerability management wranglers, Nucleus Security. Aaron Unterberger joins to talk through the complexities of tracking vulnerabilities in cloud components - left to the source, right to the deployments, and …sideways into the sidecars? This week's show also features an excerpt from Pat's interview with Senator Mark Warner - Scoot back one in your podcast feed to check out the full chat, or find it on Youtube. This episode is available on Youtube too. Show notes Mike Waltz Accidentally Reveals Obscure App the Government Is Using to Archive Signal Messages Despite misleading marketing, Israeli company TeleMessage, used by Trump officials, can access plaintext chat logs The Signal Clone the Trump Admin Uses Was Hacked App used by Mike Waltz suspends services after hacking claims Senator Demands Investigation into Trump Admin Signal Clone After 404 Media Investigation MG on X: "Looks like TeleMessage was probably procured and rolled out under Biden. There are public records for it. https://t.co/XCuZpi8PL3" / X Harrods becomes latest retailer to announce attempted cyberattack | The Record from Recorded Future News Co-op DragonForce cyber attack includes customer data, firm admits Co-op cyber attack: Staff told to keep cameras on in meetings Hundreds of e-commerce sites hacked in supply-chain attack - Ars Technica Microsoft's new “passwordless by default” is great but comes at a cost - Ars Technica Windows RDP lets you log in using revoked passwords. Microsoft is OK with that. - Ars Technica North Korean operatives have infiltrated hundreds of Fortune 500 companies | CyberScoop US wants to cut off key player in Southeast Asian cybercrime industry | The Record from Recorded Future News Myanmar militia leader sanctioned by US over cyber scam connections | The Record from Recorded Future News Trump proposes major cut to CISA's budget, citing false ‘censorship' claims | Cybersecurity Dive NSA to cut up to 2,000 civilian roles as part of intel community downsizing | The Record from Recorded Future News NSO Group owes $168M in damages to WhatsApp over spyware infections, jury says | CyberScoop
On this week's show Patrick Gray and Adam Boileau discuss the week's cybersecurity news: British retail stalwart Marks & Spencer gets cybered South Korean telco sets out to replace all its subscriber SIMs after (we assume) it lost the keymat It's a good exploit week! Bugs in Apple Airplay, SAP webservers, Erlang SSH and CommVault backups Juice jacking! No, really! Some researchers actually did it (so still not in the wild, then) Anti-DOGE whistleblower sure sounds like he has a point This week's episode is sponsored by Knocknoc, who let you glue your firewalls to your single sign on. Knocknoc's CEO Adam Pointon talks about the joy that having end-to-end IPv6 would bring for zero-trust access control. He also touches on people using Knocknoc inside their network to isolate critical systems. Editors Note : Pat also gives Adam (Boileau) stick in the sponsor interview about the Risky Biz webserver not having IPv6 enabled, which fact-checking during the edit says is FAKE NEWS. Just uh, don't look at how fresh that AAAA record in the DNS is, friends
On this week's show Patrick Gray and Adam Boileau discuss the week's cybersecurity news: Oracle quietly cops to being hacked, but immediately pivots into pretending it didn't matter NSA and CyberCom leaders fired for not being MAGA enough US Treasury had some dusty corners it hadn't found China in yet, looked, found China in them …which is a great time to discuss slashing CISA's staffing Ransomware crews and bullet proof hosting providers are getting rekt, and we love it And Microsoft patches yet another logging 0-day being used in the wild. This episode is sponsored by Yubico, makers of Yubikey hardware authentication tokens. Yubico's Vice President of Solutions Architecture and Alliances Derek Hanson joins to discuss how the consumer-centric passkey ecosystem has become a real challenge for enterprises. One that Yubico is actually ideally positioned to solve. This episode is also available on Youtube. Show notes Oracle privately confirms Cloud breach to customers Oracle have finally issued a written notification to customers about their cybersecurity incident. Head of NSA and US Cyber Command reportedly fired | Cybersecurity Dive Trump fires numerous National Security Council staff - The Washington Post Trump administration under scrutiny as it puts major round of CISA cuts on the table | Cybersecurity Dive Hackers Spied on US Bank Regulators' Emails for Over a Year - Bloomberg This is how Jeffrey Goldberg got added to the Signal chat Cybercriminals are trying to loot Australian pension accounts in new campaign | The Record from Recorded Future News $500,000 stolen in Australian super fund data breach | Superannuation | The Guardian Australian regulator pulls licenses of 95 companies in effort to crack down on investment scams | The Record from Recorded Future News Everest ransomware group's darknet site offline following defacement | The Record from Recorded Future News On March 28, 2025, a threat actor leaked internal data from Medialand, a major bulletproof hosting (BPH) provider long linked to Yalishanda (LARVA-34). There's a ransomware group named DragonForce going around hacking its rivals. After Mamona and BlackLock, the group has now hacked RansomHub The DragonForce ransomware group hacked two rivals this month CISA, experts warn of Crush file transfer attacks as ransomware gang makes threats | The Record from Recorded Future News Kill Security Campaign Targets CrushFTP Servers National Vulnerability Database | NIST Microsoft patches zero-day actively exploited in string of ransomware attacks | CyberScoop Exploitation of CLFS zero-day leads to ransomware activity | Microsoft Security Blog Is The Sofistication In The Room With Us? - X-Forwarded-For and Ivanti Connect Secure (CVE-2025-22457)
On this week's show Patrick Gray and Adam Boileau discuss the week's cybersecurity news: Yes, Oracle Health and Oracle Cloud did get hacked The fallout from Signalgate continues North Korean IT workers pivot to Europe Honeypot data suggests a storm is brewing for Palo Alto VPNs Canadian Anon gets arrested for hacking Texas GOP This week's episode is sponsored by Trail of Bits. Tjaden Hess, a Principal Security Engineer at Trail of Bits who specialises in cryptography, joins the show this week to talk about what a responsible crypto-currency exchange cold wallet setup looks like, and … contrasts that with Bybit. This episode is also available on Youtube. Show notes Oracle Health breach compromises patient data at US hospitals FBI probes Oracle hack tied to healthcare extortion: Report - Becker's Hospital Review | Healthcare News & Analysis Oracle Still Denies Breach as Researchers Persist Hacker linked to Oracle Cloud intrusion threatens to sell stolen data | Cybersecurity Dive Publius on X: "