PODCAST · news
Risky Bulletin
by Risky Business Media
Regular cybersecurity news updates from the Risky Business team...
-
100
Between Two Nerds: Exploits are not cyber power
In this edition of Between Two Nerds Tom Uren and The Grugq discuss just how important exploits are for cyber operations using data published in a new paper authored by two members of Ukraine’s cyber security agency. This episode is also available on YouTube. Show notes Exploits were never the point Rethinking Exploitation in Cyber War: Reassessing the Role of Software Exploits in Wartime Max Smeets' chapter 5 from "No Shortcuts": The Elements of an Offensive Cyber Capability
-
99
Risky Bulletin: NSA Tailored Access Operations is back
The NSA’s Tailored Access Operations team is back, India bans an app used to hack e-rickshaws, Accenture has another data breach, and a leak exposes a suspected Chinese cyber contractor. The Risky Bulletin newsletter and podcast will be on an editorial break until July 20. Show notes Risky Bulletin: India bans app used to hack e-rickshaws in viral videos
-
98
Sponsored: Why Sublime doesn’t toss AI at every email
In this Risky Business sponsored interview, Tom Uren chats with Sublime Security Product Manager AJ Williams about how the company targets its AI use. Rather than throwing its AI agents at everything, Sublime gives them the time-consuming email security tasks that humans don’t want to do. Its ASA (Autonomous Security Analyst) agent investigates suspicious and user-reported messages, while the ADÉ (Autonomous Detection Engineer) agent writes new detection coverage for attacks that slipped through. Show notes
-
97
Srsly Risky Biz: US Supreme Court undermines Section 702 intel
Tom Uren and James Wilson talk about a new US Supreme Court decision that puts the current EU-US data sharing agreement at risk. American intelligence collection efforts have been at the centre of legal challenges of these on-again off-again data transfer agreements, and if the current agreement were struck down it would cripple Section 702 collection from Europe. They also discuss Canada’s effort to be more transparent about its active cyber operations, those that degrade and disrupt foreign adversaries. This episode is also available on YouTube Show notes
-
96
Risky Bulletin: DHS IG investigates forced CISA reassignments
The DHS inspector general will investigate forced CISA reassignments, Canada hacked a ransomware gang, Taiwan charges two executives with helping Chinese hackers, and new vulnerabilities can disable Hoymiles solar panels. Show notes Risky Bulletin: All new cars to include a camera aimed at the driver's face
-
95
Between Two Nerds: Why AI has not meant more hacks. Yet.
In this edition of Between Two Nerds Tom Uren and The Grugq talk about why we haven’t seen an explosion of devastating hacks even though AI has been used to discover lots and lots of bugs. This episode is also available on YouTube. Show notes Jerry Gamblin | X Cyber: Ignore the Penetration Testers Phineas Fisher's hacking team write up Phineas Fisher
-
94
Risky Bulletin: EU official’s phone infected with Pegasus
A European MP’s phone was infected by Pegasus spyware, Android drops its PIN guessing limit from 1,800 attempts to 20, Alibaba bans employees from using Claude at work, and there’s a new vulnerability in the Linux kernel. Show notes Risky Bulletin: Android drops PIN guessing limit from 1,800 attempts to just 20
-
93
Risky Bulletin: FatFs bugs enable physical access attacks on a load of devices
FatFs bugs enable physical access attacks on industrial equipment, a clever password spraying attack bypasses M365 MFA, an AI agent is deploying ransomware in live attacks, and a webinar platform sues two security firms over bad IOCs. Show notes Risky Bulletin: FatFs bugs enable physical access attacks on a load of devices
-
92
Srsly Risky Biz: America won't beat the distillation ecosystem
Tom Uren and James Wilson talk about Chinese AI labs stealing the special sauce of American AI models in ‘distillation attacks’. These attacks are fed by a grey market in which Chinese consumers buy access to American models, where one of the byproducts is logs of user requests and responses. These make wonderful inputs into distillation attacks and the whole market might be subsidised by Chinese AI Labs paying for these logs. They also discuss the possibility that last year’s hack of Jaguar Land Rover was caused by a group of Russian hackers. Was it Russians? Was it state-directed or endorsed? Who knows, but even the possibility that it was has some benefits for the Russian state. This episode is also available on YouTube Show notes
-
91
Risky Bulletin: Researcher drops giant cache of zero-days
An anonymous researcher has dropped a giant cache of zero-day exploits, a sensitive DHS network got hacked, the US Supreme Court restricts geofence warrants, and security firm Huntress has denied accusations of a malicious insider. Show notes Risky Bulletin: Researcher drops giant cache of zero-days
-
90
Between Two Nerds: Set cyberspace ablaze
In this edition of Between Two Nerds, Tom Uren and The Grugq discuss whether cyber organisations should actually be separated from Signals Intelligence organisations. The Grugq argues that having cyber expertise subordinate to intelligence collection means that many opportunities are never explored. This episode is also available on YouTube. Show notes All the Shah's Men - Wikipedia
-
89
Risky Bulletin: White House asks OpenAI to restrict GPT 5.6
The White House asks OpenAI to keep a tight grip on ChatGPT 5.6, the US Secret Service made some appalling OpSec mistakes, AMD has reintroduced a CPU security feature after consumer backlash, and an Iranian APT operator has been arrested in Montenegro. Show notes Risky Bulletin: Microsoft disrupts StegoAd operation
-
88
Sponsored: Corelight’s blueprint for AI-era defence
In this sponsored interview James Wilson chats with Corelight’s VP of Product Vijit Nair about defence strategies for the AI era. When agents can find and exploit vulnerabilities at machine speed, you need to balance between proactive and reactive measures. On the proactive side, you need modelling of assets and threats. On the reactive side you’ll need telemetry so you can act quickly if a threat becomes a reality. Corelight makes NDR hardware that runs a heavily optimised version of the Zeek network monitoring tool. Combined with its Agentic Triage product, customers can detect threats in their networks, and monitor the effectiveness of their mitigation strategies. Show notes
-
87
Risky Bulletin: Operation Endgame dismantles Amadey and StealerC
Law enforcement dismantles two more malware operations, Japan’s army used infected USB drives, Anthropic accuses Alibaba of distillation attacks, and Australia finds “digital dynamite” on critical networks. Show notes Risky Bulletin: Law enforcement agencies and security firms take down Amadey and StealerC
-
86
Srsly Risky Biz: Open weight models make the Mythos debate moot
Tom Uren and James Wilson talk about the Five Eyes cyber security agencies warning about the arrival of AI-enabled cyber threats. The call-to-action is driven by the recognition that it is no longer possible to limit AI’s offensive cyber security capabilities to benign actors. The genie is out of the bottle, regardless of export controls on frontier models. They also discuss the progress of Operation Endgame, the multinational joint operation that has been disrupting the cybercriminal ecosystem. It’s been a great success, but criminal enterprises bounce back. Keeping a lid on cybercrime will require continuous disruption programs. This episode is also available on YouTube. Show notes
-
85
Risky Bulletin: FortiBleed hacks involved a lot of traffic sniffing
The FortiBleed hacks are worse than a credentials leak, a new White House executive order sets out a hard 2031 post quantum cryptography deadline, Meta leaks employee keystroke data, and a third of Samsung and LG TVs act as proxies. Show notes Risky Bulletin: The FortiBleed incident is so much worse than a simple credentials leak
-
84
Sponsored: Trail of Bits and OpenAI patch the planet
In this sponsored interview James Wilson chats with Trail of Bits founder and CEO Dan Guido about its newly announced partnership with OpenAI. Together, they’ve started a new initiative called “Patch the Planet” to support open source maintainers. Being an open source maintainer is more difficult than ever. Just using frontier models to keep up with all the bug reports isn’t enough. Trail of Bits wants to help maintainers by combining its deep cybersecurity expertise with OpenAI’s GPT 5.5 Cyber. As Dan points out in this interview, this isn’t just about helping maintainers find and fix bugs. They’re spending just as much time on SDLC improvements, architecture changes, and the foundations needed to make open source sustainable in the AI era. Show notes
-
83
Between Two Nerds: The PRC vs AI
In this edition of Between Two Nerds Tom Uren and The Grugq discuss the idea that the People’s Republic of China has mobilised its influence operations against the construction of US data centres and its build out of AI capacity. This episode is also available on YouTube. Show notes Red Rap Two Sessions Get on the Beers
-
82
Risky Bulletin: Klue breach impacts security firms
A data breach at business analytics platform Klue spreads to security firms, a hacker breaches Brazil’s national alert system, North Koreans are behind the Mastra supply chain attack, and a new, unfixable vulnerability has been found in Apple’s A12 and A13 chips. Show notes Risky Bulletin: Klue breach impacts security firms
-
81
Risky Bulletin: Creds for 74,000 Fortinet devices leaked
A LOT of Fortinet creds have leaked online, Canada’s spy agency allowed to remove a botnet from Canadian devices, a supply chain attack hits the Mastra AI framework, and Europol disrupts SocGolish. Show notes Risky Bulletin: Canada’s spy agency allowed to remove a botnet from Canadian devices
-
80
Srsly Risky Biz: Anthropic has artificial, but not emotional, intelligence
Tom Uren and James Wilson talk about Anthropic rolling out its latest models only to have them effectively banned by the US government within days. Although the administration’s process for assessing new models is, ahem, amorphous, Anthropic is doing itself no favours by dismissing its concerns. The company needs to show some emotional intelligence and learn how to manage upwards. They also discuss Section 702 Foreign Intelligence Surveillance Act collection. The law authorising it has lapsed amidst political shenanigans, but it looks like collection can continue until next year. Plenty of time for kicking of political footballs! This episode is also available on YouTube Show notes
-
79
Risky Bulletin: China arrests Silver Fox cybercrime group suspects
66 members of the Silver Fox cybercrime group arrested in China, the EU will help Ukraine in the event of a major cyberattack, MS-ISAC loses 70% of its members after a DHS funding cut, and S-BOMs are still not widely adopted. Show notes Risky Bulletin: China arrests Silver Fox cybercrime group suspects
-
78
Between Two Nerds: Why NATO and cyber don't mix
In this edition of Between Two Nerds Tom Uren and The Grugq talk about how NATO is set up to deter conventional conflict, and how that approach is fundamentally unsuited for ongoing, everyday cyber operations that are intended to confound adversaries. This episode is also available on YouTube. Show notes
-
77
Risky Bulletin: Arch Linux supply chain attack hits 1,900 packages
Almost 2,000 Arch Linux packages have been infected with malware in a supply chain attack, FISA surveillance powers expire for the first time since 2008, the FBI takes down a Chinese phishing service, and a major supply chain attack hits the WordPress ecosystem. Show notes Risky Bulletin: Arch Linux supply chain attack spreads to 1,900+ AUR packages
-
76
Sponsored: Ent on using AI to track human behavior on the endpoint
In this Risky Business sponsored interview, Catalin Cimpanu talks with Brandon Dixon, co-founder and CTO of Ent AI, about the company’s innovative use of local LLMs to track user behavior on the endpoint, and add context to suspicious events to detect or prevent malicious activity. Show notes Brandon Dixon on LinkedIn
-
75
Risky Bulletin: CISA tightens patching rules amid bug deluge
CISA changes federal patching rules due to AI, a House Republican was hacked by Russia, ShinyHunters go on an Oracle hacking spree, and npm will block auto-run install scripts by default. Show notes Risky Bulletin: In the age of AI, CISA changes federal patching rules
-
74
Sponsored: Understanding CI/CD attack paths
In this sponsored episode, James Wilson chats with SpecterOps CTO Jared Atkinson about the central role that GitHub has played in recent supply chain compromises. GitHub is where code gets built, tested, and shipped to devices, cloud, and on-prem environments. Understanding the paths an attacker can use to get into GitHub, and where they can pivot to from there, is essential to securing your GitHub repos and CI/CD pipelines. Show notes
-
73
Srsly Risky Biz: Europe wants to wean itself off US tech
Tom Uren and James Wilson talk about the European Union’s digital sovereignty push. A divorce from US tech giants is on the cards, but building sovereign infrastructure and chip capacity will be hard. From an American perspective this is an entirely predicable own-goal. You can have internationally competitive tech giants or you can have an aggressive and coercive foreign policy. You can’t have both at the same time. They also discuss the reanimated corpse of NSO Group. It’s in a hole, but it just keeps digging. This episode is also available on YouTube Show notes
-
72
Risky Bulletin: Nightmare Eclipse drops fresh 0day
Nightmare Eclipse drops a fresh zero day, Meta says NSO is targeting WhatsApp users again, hackers breach France’s Tchap secure messenger network, Putin disables some Kremlin security cameras, and Gmail be gone! Russia bans logins from foreign email addresses. Show notes Risky Bulletin: Meta says NSO violated court order with new campaign targeting WhatsApp
-
71
Between Two Nerds: Nerds at NATO
In this edition of Between Two Nerds Tom Uren and The Grugq speak at the NATO CyCon conference on Cyber Conflict in Tallinn, Estonia. The pair discuss how cyber operations complement conventional military operations and the past, present and future of cyber conflict. This episode is also available on YouTube. Show notes Australia's Offensive Cyber Capability
-
70
Risky Bulletin: RubyGems adds dependency cooldowns to counter supply chain attacks
RubyGems adds dependency-cooldowns to counter supply chain attacks, AT&T and IBM are accused of hiding foreign hacks, Cisco warns of a new SD-WAN zero-day, and Google layoffs hit security teams. Show notes Risky Bulletin: RubyGems adds dependency cooldowns to counter supply chain attacks
-
69
Risky Bulletin: EU unveils digital sovereignty plan
The EU unveils its digital sovereignty plan, an American law firm pays a $20 million ransom, authorities take down millions of email and social media scam accounts, and a new DoS bug can crash servers within seconds. Show notes Risky Bulletin: The EU debuts digital sovereignty plan
-
68
Srsly Risky Biz: NATO's cyber approach needs to change
Tom Uren and James Wilson talk about Tom’s trip to NATO’s Cyber Conflict conference. NATO countries want to bulk up their cyber efforts, and the pair discuss what that could look like. They also look at the US military’s admission that commercial location data was used to target personnel involved in Epic Fury, the US war on Iran. This is not surprising at all, and is just the most visible manifestation of the national security risks of this kind of data sloshing around. If Iran is analysing this data in wartime, China is doing it in peacetime for intelligence and counter-espionage purposes. This episode is also available on YouTube Show notes
-
67
Risky Bulletin: FSB calls out Western spyware operation
Russia’s FSB calls out a Western spyware operation, high-profile Instagram accounts hijacked via Meta’s AI support agents, Red Hat npm packages were compromised in another supply chain attack, and ten percent of domains registered last year were malicious. Show notes Risky Bulletin: A tenth of all new domains last year were malicious
-
66
Between Two Nerds: The intelligence cult
In this edition of Between Two Nerds Tom Uren and The Grugq talk about the ways in which intelligence agencies are just like cults. This episode is also available on YouTube Show notes
-
65
Risky Bulletin: Recently patched PAN 0day exploited in the wild
A new Palo Alto Networks firewall bug is being exploited in the wild, Russia expands SORM surveillance, NIST is looking for new post quantum algorithms, and ENSOC launches in Europe. Show notes Risky Bulletin: Russia greatly expands SORM surveillance requirements
-
64
Sponsored: Inside CISA's disastrous secrets leak
In this sponsored interview Casey Ellis chats with Truffle Security’s founder and CEO Dylan Ayrey about the recent CISA secrets leak. Days after Brian Krebs ran the story, plenty of the exposed credentials were still live, including an admin-level GitHub app key with full rights over CISA’s org. Dylan walks through why deleting the repo doesn’t fix anything, why most cloud vendors won’t hard-revoke exposed keys (OpenAI and Slack will; AWS, Google and friends mostly won’t), why Hugging Face datasets now hold more secrets than GitHub itself, and what the next generation of multi-provider credential-harvesting supply chain worms is going to look like. Show notes
-
63
Risky Bulletin: Dutch police take down 17m device botnet
Dutch police take down a botnet of 17 million devices, US military staff have been tracked with ad-tech location data, a Google engineer is arrested for insider trading on Polymarket, and Gogs and the Casdoor IAM leave major bugs unpatched. Show notes Risky Bulletin: Dutch police take down giant botnet of 17 million devices
-
62
Risky Bulletin: Iran to reconnect to the Internet
Iran will reconnect to the Internet, a new vulnerability lets attackers bypass authentication on AI infrastructure, hackers breach Lithuania’s state registry, security firms take down the Glassworm botnet, and CERT India releases strict patching advice. Show notes Risky Bulletin: BadHost vulnerability bypasses authentication on AI infrastructure
-
61
Risky Bulletin: Mythos has found thousands of critical bugs
Anthropic says Mythos has found thousands of critical bugs, hackers leak documents from a Russian disinfo group, GitHub rolls out new npm security features, and Dutch police raid two bulletproof hosting providers. Show notes Risky Bulletin: Mythos has found thousands of critical bugs
-
60
Sponsored: Teaching AI agents the rules of the road
In this sponsored interview James Wilson chats with Sondera CEO Josh Devon about why guardrails and instruction files aren’t enough to keep AI agents from going haywire. EDR, DLP and other traditional controls can’t and won’t prevent agents from going rogue. Josh explains Sondera’s “principle of least autonomy” for agents: let them do useful work, but put them in a deterministic policy harness so they can’t leak secrets, abuse tools or wander off-task. Show notes
-
59
Risky Bulletin: Microsoft ends SMS MFA for personal accounts
Microsoft ends support for SMS MFA on personal accounts, GitHub was hacked via a malicious VS Code extension, CISA will let researchers submit new KEV entries, and an SMS blaster was detained at Eurovision. Show notes Risky Bulletin: Microsoft ends SMS MFA for personal accounts
-
58
Srsly Risky Biz: Politicians ditch Signal for homegrown apps
Tom Uren and James Wilson talk about moves from several European governments to ditch Signal and set up their own encrypted messaging systems for internal government use. These efforts are motivated by concerns about phishing and sovereignty, but the solutions being adopted are imperfect and will come with their own set of problems. Signal fills a space that can’t be filled with sovereign capability. They also talk about Fast16 malware. We are only now learning about the second arm of a mid-2000s campaign to delay Iran’s nuclear weapons program that included the infamous Stuxnet worm. This episode is also available on YouTube Show notes
-
57
Risky Bulletin: Microsoft takes down crime SaaS used by ransomware gangs
Microsoft disrupts a malware-signing service used by ransomware gangs, a CISA contractor leaks sensitive GovCloud keys, vulnerability exploitation is now the dominant network entry vector, and Drupal readies security updates for a “highly critical” vulnerability. Show notes Risky Bulletin: Microsoft takes down MSaaS used by ransomware gangs
-
56
Between Two Nerds: Russia's hacker university
In this edition of Between Two Nerds Tom Uren and The Grugq look at Department 4 of Bauman Moscow State Technical University where students learn how to hack for the state. Its curriculum is extremely explicit about how the hacking and propaganda operations are relevant to state operations. They discuss whether this is an advantage for Russia’s cyber program and look at what Western intelligence agencies do instead. This episode is also available on YouTube. Show notes The GRU's Hogwarts Vlodymyr Styran's substack BTN92 with Alex Joske, how the MSS became a cyber juggernaut
-
55
Risky Bulletin: Indonesia emerges as a new hub for cyber scams
Indonesia emerges as a new cyber scam hub, Grafana got hacked and held for ransom, the Fast16 malware subverted software used to simulate nuclear explosions, and a new Microsoft Exchange zero-day is under attack. Show notes Risky Bulletin: Indonesia emerges as a new hub for cyber scams
-
54
Sponsored: Push Security goes AI threat hunting in browser telemetry
In this sponsored interview James Wilson chats with Push Security’s Chief Research Officer Jacques Louw about how the company has integrated an army of AI agents into its threat detection platform. Not only has agentic AI led to the discovery of Install Fix campaigns, but it will help simplify the platform for new customers. Show notes
-
53
Risky Bulletin: Shai-Hulud goes open-source
The source code for the Shai-Hulud worm has been released online, a dark web market admin was charged after a major OPSEC failure, France investigates an Israeli disinfo firm, and ‘Composer’ rushes to fix a GitHub token leak. Show notes Risky Bulletin: Shai-Hulud goes open-source
-
52
Srsly Risky Biz: The AI Regulation Knife Fight
Tom Uren and James Wilson talk about the argy bargy within the Trump administration about AI regulation. They cover who is fighting, what is at stake and what the real areas of concern are. They also cover low earth orbit satellite constellations. Russia’s building one, the EU has plans and China is building two. They are the new must-have accessory for any country with global ambitions. This episode is also available on YouTube Show notes
-
51
Risky Bulletin: Damaging worm rips through npm ecosystem
RubyGems disables sign-ups after an attack on staff, Instructure paid the ransom, the Gentlemen ransomware operation gets hacked, and another major supply chain attack on npm (yawn). Show notes Risky Bulletin: RubyGems disables sign-ups after attack on staff
We're indexing this podcast's transcripts for the first time — this can take a minute or two. We'll show results as soon as they're ready.
No matches for "" in this podcast's transcripts.
No topics indexed yet for this podcast.
Loading reviews...
ABOUT THIS SHOW
Regular cybersecurity news updates from the Risky Business team...
HOSTED BY
Risky Business Media
CATEGORIES
Loading similar podcasts...