POPULARITY
In this edition of Between Two Nerds Tom Uren and The Grugq discuss the idea that the People's Republic of China has mobilised its influence operations against the construction of US data centres and its build out of AI capacity. This episode is also available on YouTube. Show notes Red Rap Two Sessions Get on the Beers
In this edition of Between Two Nerds Tom Uren and The Grugq talk about how NATO is set up to deter conventional conflict, and how that approach is fundamentally unsuited for ongoing, everyday cyber operations that are intended to confound adversaries. This episode is also available on YouTube. Show notes
In this edition of Between Two Nerds Tom Uren and The Grugq speak at the NATO CyCon conference on Cyber Conflict in Tallinn, Estonia. The pair discuss how cyber operations complement conventional military operations and the past, present and future of cyber conflict. This episode is also available on YouTube. Show notes Australia's Offensive Cyber Capability
In this edition of Between Two Nerds Tom Uren and The Grugq talk about the ways in which intelligence agencies are just like cults. This episode is also available on YouTube Show notes
In this edition of Between Two Nerds Tom Uren and The Grugq look at Department 4 of Bauman Moscow State Technical University where students learn how to hack for the state. Its curriculum is extremely explicit about how the hacking and propaganda operations are relevant to state operations. They discuss whether this is an advantage for Russia's cyber program and look at what Western intelligence agencies do instead. This episode is also available on YouTube. Show notes The GRU's Hogwarts Vlodymyr Styran's substack BTN92 with Alex Joske, how the MSS became a cyber juggernaut
In this edition of Between Two Nerds Tom Uren and The Grugq discuss why it makes even more sense for criminal organisations to adopt AI as compared to regular businesses. This episode is also available on YouTube. Show notes Microsoft's 2026 Work Trend Index Annual Report Cybersecurity Looks Like Proof of Work Now On the Hunt for FIN7
In this edition of Between Two Nerds Tom Uren and The Grugq discuss the breakdown of cyber norms. What would have been an unthinkable cyber operation just a few years ago is now a regular occurrence. This episode is also available on YouTube. Show notes Fast16 analysis by SentinelOne Fast16 malware Zero Day on the wiper targeting Venezuela's state oil company
In this edition of Between Two Nerds Tom Uren and The Grugq discuss what the North Korean hack of Drift can tell us about the future of hacking. This episode is also available on YouTube. Show notes Drift Protocol incident update on X Cointelegraph coverage CredShields incident post-morten
On this week's show, Patrick Gray and James Wilson are joined by special guest The Grugq. They discuss the week's cybersecurity news, including: Vercel got owned, and there's a few infostealer and compromised employee dots to connect Mozilla used Mythos to find 271 bugs, which feels like a sign of the bug-pocalypse Speaking of the bug-pocalypse, is that why NIST is noping out of enriching a bunch of bugs? The NSA is using Mythos even though the government did that whole Anthropic blacklisting thing And DDos attacks hit a couple of smaller-player socials This week's episode is sponsored by Permiso. Ian Ahl chats to Pat about the subtle signals Permiso uses to detect ShinyHunters-style activity in cloud and on-prem environments. This episode is also available on Youtube. Show notes Vercel April 2026 Security incident Vercel breach linked to infostealer infection at Context.ai Vercel confirms breach as hackers claim to be selling stolen data Matt Johansen: âThis is not a good lookâ | X NIST limits vulnerability analysis as CVE backlog swells | Cybersecurity Dive CISA Cyber on X Ransomware attack continues to disrupt healthcare in London nearly two years later | The Record from Recorded Future News Lawmakers ponder terrorism designations, homicide charges over hospital ransomware attacks | CyberScoop In defeat for Trump, House extends electronic spying program for just 10 days | The Record from Recorded Future News Crypto infrastructure company blames $290 million theft on North Korean hackers | The Record from Recorded Future News US-sanctioned currency exchange says $15 million heist done by "unfriendly states" - Ars Technica Hackers are abusing unpatched Windows security flaws to hack into organizations | TechCrunch Mozilla Used Anthropic's Mythos to Find and Fix 271 Bugs in Firefox | WIRED NSA using Anthropic's Mythos despite Defense Department blacklist Beyond the breach: inside a cargo theft actor's post-compromise playbook | Proofpoint US Beware scam messages offering ships safe transit through Hormuz Strait, says security firm | The Straits Times New Jersey men given lengthy sentences for running North Korean laptop farms | The Record from Recorded Future News Turns Out We're Not Alone - Volodymyr Styran US joins nearly two dozen other countries in striking back against DDoS-for-hire platforms | Cybersecurity Dive Bluesky blames app outage on âsophisticated' DDoS attack | The Record from Recorded Future News Mastodon says its flagship server was hit by a DDoS attack | TechCrunch An IT expert explained under what conditions using a VPN can cause a smartphone to explode
In this edition of Between Two Nerds Tom Uren and The Grugq take a deep dive into how a single hacker used OpenAI and Anthropic's tools to help hack nine Mexican government organisations in quick time. This episode is also available on YouTube. Show notes Gambit security report
In this edition of Between Two Nerds Tom Uren and The Grugq discuss how the rise of AI, which is very good at vulnerability and exploit development, will change the cyber security industry and competition between states. This episode is also available on YouTube Show notes The Grugq on X: People are freaking out about an impending flood of 0days Patrick Gray with former NSA and CIA cyber leaders
In this edition of Between Two Nerds Tom Uren and The Grugq discuss how Iran's cyber forces have been used during the ongoing war so far. Show notes The Financial Times on the plan to kill Ali Khamenei Israel National News, 50 companies wiped
In this edition of Between Two Nerds Tom Uren and The Grugq talk about hacking and scams. While hacking is disappearing as a threat for most people, it is a new golden age for scammers. Even Tom has been scammed! This episode is also available on Youtube. Show notes We Are All Targets, How Renegade Hackers Invented Cyber War and Unleashed an Age of Global Chaos The $1.25 million scam
In this edition of Between Two Nerds Tom Uren and The Grugq discuss how Google just keeps on finding iOS exploit kits. Is iPhone security busted? And why are Russian state hackers after crypto? This episode is also available on Youtube. Show notes Google on Coruna Google on DarkSword iVerify on DarkSword Lookout on DarkSword Coruna deep dive
In this edition of Between Two Nerds Tom Uren and The Grugq discuss how bombing Iran changes incentives for Iranian hacker groups. Destroying other ways that Iran might project power could force it to double down on cyber capabilities. This episode is also available on Youtube. Show notes Zetter Zero Day on the Stryker hack BTN on the evolution of Iranian hackers with Hamid Kashfi
In this edition of Between Two Nerds Tom Uren and The Grugq talk about why an internet shutdown won't stop US cyber operations in Iran. This episode is also available on Youtube. Show notes Srsly Risky Biz: The Four Hour Cyber War on Iran The Thing listening device IBM Selectric bug CIA compromise in Iran
In this edition of Between Two Nerds Tom Uren and The Grugq how the use of cyber operations in the war in Ukraine has evolved over time. This episode is also available on Youtube. Show notes Russia using cyber espionage to direct grid missile strikes The Spectator article on US-UK relations BTN72 on the Taurus missile leak
In this edition of Between Two Nerds Tom Uren and The Grugq talk about how âprofessional' Five Eyes cyber espionage agencies like NSA will use AI. These agencies place a premium on stealth and won't yolo AI. This episode is available on Youtube. Show notes How AI-powered espionage will favour China Google's AI threat tracker, February 2026
In this edition of Between Two Nerds Tom Uren and The Grugq discuss whether middle powers should be investing in military cyber capabilities. This episode is also available on Youtube Show notes The Record on Iranian air defences Max Smeets No Shortcuts RunZero sponsor interview
In this edition of Between Two Nerds Tom Uren and The Grugq talk about why the world is destined to be perpetually insecure. This episode is also available on Youtube. Show notes Hunterbrook's Ubiquiti investigation Trail of Bits sponsor interview
In this edition of Between Two Nerds Tom Uren and The Grugq discuss the recent Russian attack on Polish electricity infrastructure. This episode is also available on Youtube. Show notes ESET's first report ESET's update report CERT-PL report Dragos report The Insider 'Hidden Bear' investigation BTN 124, How Russia's sabotage team got into hacking BTN 145, Russia's cyber war on wheat
In this edition of Between Two Nerds Tom Uren and The Grugq discuss how getting pinged hurts state hackers by introducing uncertainty. Publishing technical reports on the hack can actually improve the situation by removing uncertainty about how attackers were detected. This episode is also available on Youtube. Show notes BTN 36, The culture of the Snake
In this edition of Between Two Nerds Tom Uren and The Grugq talk about what information warfare even is, revisit a 30-year-old paper and examine why Western governments struggle with the concept. This episode is also available on Youtube. Show notes What is Information Warfare by Martin Libicki Human Rights in China Leaked conversation on Youtube, in Mandarin Rebecca Black, Friday
In this edition of Between Two Nerds Tom Uren and The Grugq about the role of cyber operations in the US capture of Venezuela's president Nicolas Maduro. This episode is also available on Youtube. Show notes Maduro's fall puts US cyber power in the spotlight Trump suggests US used cyberattacks to turn off lights in Venezuela during strikes Venezuela strike marks a turning point for US cyber warfare Power outages, but not cyber (from Oleg Shakirov) NYTimes Inside 'Operation Absolute Resolve' Spec Ops by William McRaven
In this edition of Between Two Nerds Tom Uren and The Grugq talk to Hamid Kashfi, CEO and founder of DarkCell, talk about the Iranian cyber espionage scene. Kashfi talks about how the regime once forced people to hack and crushed the domestic security research scene. He describes how and why the government has changed its approach and is now reaping the rewards of improved Iranian capabilities. This episode is available on Youtube. Show notes The "Mossad or not" threat model by James Mickens Shamoon wiper iLO rootkit
In this edition of Between Two Nerds Tom Uren and The Grugq wonder whether it is possible to deter states from cyber espionage with doxxing and other disruption measures. This episode is also available on Youtube. Show notes Department 40 exposed Charming Kitten exposed
In this edition of Between Two Nerds Tom Uren and The Grugq talk about the differences between telcos and cloud companies. Does the nature of the business force cloud companies to be better at security? This episode is also available on Youtube. Show notes FCC looks to torch Biden-era cyber rules sparked by Salt Typhoon mess Netflix's Chaos Monkey Brian in Pittsburgh BTN145 Ultra
In this edition of Between Two Nerds Tom Uren and The Grugq talk about the strategic âlogicâ of Russian wiper attacks on the Ukrainian grain sector. This episode is also available on Youtube. Show notes ESET report Soesanto and Gajos at Lawfare
In this edition of Between Two Nerds Tom Uren and The Grugq discuss how cyber criminals and even state actors are being dumb about using AI. This episode is also available on Youtube. Show notes Google's AI Threat Tracker Script framework
In this edition of Between Two Nerds Tom Uren and The Grugq discuss the futility of using aggressive cyber operations to send messages between states. This episode is also available on Youtube. Show notes The Record, Volt Typhoon was not successful Sand in the gears: Sabotage in world politics by Joshua Rovner, Rory Cormac and Lennart Maschmeyer
In this edition of Between Two Nerds Tom Uren and The Grugq dissect a recent Chinese CERT report that the NSA had hacked China's national time keeping service. This episode is also available on Youtube. Show notes MSS Weixin post CN-CERT technical analysis Global Times on X BTN110: The NSA's nine to five hacking campaign
In this edition of Between Two Nerds Tom Uren and The Grugq talk to Joe Devanny, senior lecturer from King's College London, all about India's missing cyber power. It has all the ingredients to become a cyber superpower, but so far, hasn't shown the motivation. This episode is also available on Youtube. Show notes Interpreting India's Cyber Statecraft by Joe Devanny and Arthur Laudrain Dr Joeseph Devanny Sponsor interview: How AI turbocharges SOC analysts h
In this edition of Between Two Nerds Tom Uren and The Grugq talk about how different cybercriminal groups are after insiders to provide network access. This episode is available on Youtube. Show notes Nebulock sponsor episode Scattered Spider insiders tweet BBC's Joe Tidy approached by ransomware gang
In this edition of Between Two Nerds Tom Uren and The Grugq talk about the 0day mass exploitation of SharePoint and Exchange. This type of widespread hacking appears to be increasingly common⊠but is it? This episode is also available on YouTube. Show notes X post | Brian in Pittsburgh
In this edition of Between Two Nerds Tom Uren and The Grugq discuss the power of cyber. This episode is also available on Youtube. Show notes Narrow windows of opportunity: the limited utility of cyber operations in war RUSI's UK cyber effects network RUSI call for abstracts The fate of nations BTN discussion UK National Cyber Force's Responsible Cyber Power in Practice Sponsor interview on the importance of resilient IdPs
In this edition of Between Two Nerds Tom Uren and The Grugq look at a new Center for Strategic and International Studies report: A Playbook for Winning the Cyber War. This episode is also available on YouTube. Show notes CSIS Playbook
In this edition of Between Two Nerds Tom Uren and The Grugq talk about the limits of a state's cyber power. This episode is also available on YouTube Show notes Dave Aitel's CyberSecPolitics post on cyber power metrics Lawfare Post BTN 117, The fate of nations BTN 120, Should US spies steal Chinese commercial secrets
In this edition of Between Two Nerds Tom Uren and The Grugq talk about the trend toward outrageously complicated exploits and what it means for hacking and cyber espionage. This episode is also available on YouTube Show notes
In this edition of Between Two Nerds Tom Uren and The Grugq talk about how cyber threat actors are using AI tools to fill in resource and skills gaps that they have. This episode is also available on Youtube. Show notes Anthropic's August 2025 Threat Report BTN episode 50
In this edition of Between Two Nerds, Tom Uren and The Grugq talk about how the teenage hacking groups Scattered Spider, Lapsus$ and Shiny Hunters are collaborating. They examine whether this is bad news and what will it take to slow these wrecking crews down. Plus, how teenage hackers are like goldfish. This episode is also available on Youtube. Show notes The Register, Three notorious cybercrime gangs appear to be collaborating Between Two Nerds episode 103 Sponsor interview with Brett Winterford from Okta
In this edition of Between Two Nerds Tom Uren and The Grugq talk about whether the cyber industry and intelligence agencies focus too much on technical details and ignore the bigger picture. This episode is also available on Youtube. Show notes Director-General ASIO speech on Counting the Cost of Espionage
In this edition of Between Two Nerds Tom Uren and The Grugq dissect the Belarusian Cyber Partisans hack of Russian airline Aeroflot. Despite the short-term impact, the airline will likely bounce back quite quickly. But it is still a big win for the Cyber Partisans. This episode is also available on Youtube. Show notes The Belarusian Cyber Partisans post on the hack Meduza's analysis of the hack's aftermath
In this edition of Between Two Nerds Tom Uren and The Grugq discuss whether China's âcyber militia' make sense and what they could be good for. This episode is also available on Youtube. Show notes Mobilizing Cyber Power: The Growing Role of Cyber Militias in China's Network Warfare Force Structure
In this edition of Between Two Nerds Tom Uren and The Grugq examine whether US cyber operations are too stealthy. Could they get more bang for the buck if they adopted a devil may care attitude to getting busted? This episode is also available on Youtube. Show notes Should US spies steal Chinese commercial secrets?
In this edition of Between Two Nerds Tom Uren and The Grugq talk about how there is an opportunity for the US to expand its 0day and talent acquisition pool to Asia. They revisit a paper comparing the Chinese and American 0day acquisition strategies and have some quibbles. This episode is also available on Youtube. Show notes Crash (exploit) and burn: Securing the offensive cyber supply chain to counter China in cyberspace
In this edition of Between Two Nerds Tom Uren and The Grugq talk about how Microsoft has embraced digital sovereignty and is bending over backwards to satisfy European tech supply chain concerns. This episode is also available on Youtube. Show notes The New York Times on the ICC Microsoft's 30 April Brad Smith post Microsoft's 4 June Brad Smith post
In this edition of Between Two Nerds Tom Uren and The Grugq dive into the motivations and actions of Predatory Sparrow, a purported hacktivist group that has been attacking Iran for the last five years and has leapt into the Iran-Israel war. This episode is also available on Youtube. Show notes
In this edition of Between Two Nerds Tom Uren and The Grugq take a look at a new AI-powered covert influence campaign and compare it to World War 2 efforts. This episode is also available on Youtube. Show notes
In this edition of Between Two Nerds Tom Uren and The Grugq take a look at the hackers of Unit 29155, Russian military intelligence's sabotage and assassination group. This episode is also available on Youtube. Show notes The Insider 'Hidden Bear' investigation Japanese Tokuryƫ Ukraine SSSCIP report H1 2023
In this edition of Between Two Nerds Tom Uren and The Grugq look at NSA's take on information warfare, all the way back from 1997. This episode is also available on Youtube. Show notes Cryptolog, The Journal of Technical Health, from NSA in 1997