Risky Business

On this week’s show, Patrick Gray and James Wilson are joined by special guest co-host Brad Arkin. They discuss the week’s cybersecurity news, including: The US Government says we just have to patch faster, but… Bugs in cPanel, MoveIt and all Linux distributions this week show that patching alone isn’t enough James gets mad about lame AI Agent adoption advice from the US and Australian Governments James Kettle and Niels Provos both showed us that any model can find 0day like Mythos And the cyber-assisted theft of cargo results in an astonishing loss of $725 million dollars This week’s show is sponsored by SpecterOps. Their CTO, Jared Atkinson, chats to Pat about the big changes in the threat landscape, brought about by AI, that are causing a pivot away from detection and remediation, and toward prevention. This episode is also available on Youtube. Show notes Exclusive: US officials weigh cutting deadlines to fix digital flaws amid worries over AI-powered hacking, sources say | Reuters British cyber agency warns of looming ‘patch wave’ as AI speeds flaw discovery | The Record from Recorded Future News Federal agencies must patch cPanel bug by Sunday, CISA says | The Record from Recorded Future News cPanel zero-day exploited for months before patch release (CVE-2026-41940) - Help Net Security The most severe Linux threat to surface in years catches the world flat-footed - Ars Technica New MOVEit vulnerabilities prompt urgent patch warning | Cybersecurity Dive US and allies urge ‘careful adoption’ of AI agents | Cybersecurity Dive careful_adoption_of_agentic_ai_services.pdf User just tricked Grok and Bankrbot to send tokens with Morse code - Cryptopolitan Finding Zero-Days with Any Model (1872) Sponsored: James Kettle built an AI hacker - YouTube Feature Interview: Nicholas Carlini, Anthropic - Risky Business Media Trellix investigating breach of source code repository | Cybersecurity Dive Popular DAEMON Tools software compromised | Securelist Komari Red: The Monitoring Tool with a Built-in Reverse Shell | Huntress Hackers earning millions from hijacked cargo, FBI says | The Record from Recorded Future News Congress punts FISA renewal to June | The Record from Recorded Future News Cops Use Apple Data And Car Bluetooth To Identify Crypto Robbery Suspect Stewart Baker, outspoken voice on cybersecurity and national security law, dies at 78 | IAPP

In this edition of the Snake Oilers podcast three vendors stop by to pitch the audience on their products: Ent AI: Co-founder Brandon Dixon pitched Ent, an intent-aware, AI-powered endpoint security control. Spacewalk AI: Founders Chris Fuller and Tim Wenzlau pitch Spacewalk, an AI-powered incident response platform. Mondoo: Co-founder Dominik Richter pitches Mondoo, an AI-powered “service as software” in the vulnerability management space. This episode is also available on YouTube. Show notes

On this week’s show, Patrick Gray and James Wilson are joined by special guest-host Dmitri Alperovitch. They discuss the week’s cybersecurity news, including: The US government is mad as hell about Chinese firms stealing American AI technology Dmitri has an opinion or two about the US selling Nvidia chips to China Speaking of Chinese AI, Kimi’s new 2.6 is very interesting The US sanctions a Cambodian senator for earning mega bucks through scam compounds And a ransomware family is promoting itself as being … quantum-safe? This week’s show is sponsored by Trail of Bits. CEO and co-founder Dan Guido chats to Pat about how private inference works and Trail of Bits’ audit of WhatsApp’s private AI setup. This episode is also available on Youtube. Show notes Exclusive: US State Dept orders global warning about alleged AI thefts by DeepSeek, other Chinese firms | Reuters moonshotai/Kimi-K2.6 · Hugging Face Discord Sleuths Gained Unauthorized Access to Anthropic’s Mythos | WIRED Newly Deciphered Sabotage Malware May Have Targeted Iran’s Nuclear Program—and Predates Stuxnet | WIRED Hackers deployed wiper malware in destructive attacks on Venezuela’s energy sector | The Record from Recorded Future News Mystery Around Venezuelan Cyberattack Deepens, with New Discovery of "Highly Destructive" Wiper Risky Business #819 -- Venezuela (credibly?!) blames USA for wiper attack - Risky Business Media AI Tools Are Helping Mediocre North Korean Hackers Steal Millions | WIRED CISA: US agency breached through Cisco vulnerability, FIRESTARTER backdoor allowed access through March | The Record from Recorded Future News US, UK authorities warn that Firestarter backdoor malware survives patching | Cybersecurity Dive Surveillance campaigns use commercial surveillance tools to exploit long-known telecom vulnerabilities | CyberScoop UK regulator closes loophole that allowed rogue companies to track phone users' location | Reuters US sanctions Cambodian senator for millions earned through scam compounds | The Record from Recorded Future News Vercel says some of its customers' data was stolen prior to its recent hack | TechCrunch Supply Chain Security Incident Update Apple fixes bug that cops used to extract deleted chat messages from iPhones | TechCrunch Kyle Daigle on X: "Wanted to provide more clarity about this. Yesterday, we had a regression in merge queue behavior where, in some cases, squash or rebase commits were generated from the wrong base state, making earlier changes appear reverted in branch history. 2,804 pull requests out of over 4M" / X Securing the git push pipeline: Responding to a critical remote code execution vulnerability - The GitHub Blog One ransomware crew now drives half of all cyber claims: At-Bay | Insurance Business In a first, a ransomware family is confirmed to be quantum-safe - Ars Technica What we learned about TEE security from auditing WhatsApp's Private Inference