In this sponsored Soap Box edition of the Risky Business podcast, host Patrick Gray chats with Mastercard’s Executive Vice President and Head of Security Solutions, Johan Gerber, about how the card brand thinks about cybersecurity and why it’s aggressively investing in the space.

After listening to this interview you’ll understand why the credit card company spent $2.65b on threat intelligence vendor Recorded Future!

This episode is also available on Youtube.

Show notes

💾

In this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news, including:

• FBI intervenes in Scattered Spider Salesforce leaksite
• Clop loots Oracle E-Biz deployments
• Plus so much more data extortion.. At least it’s not ransomware … we guess?
• The US still can’t decide who’s gonna be in charge of NSA & Cybercom
• Cambodian scam compounds get sanctioned and $15b in crypto is seized
• NSO gets sold for pocket-lint-grade money
• Bugs! Redis CVSS 10, Ivanti, Crowdstrike and… Internet Explorer?! zeroday?! In the wild?!!!?

This week’s episode is sponsored by Stairwell. Founder Mike Wiacek talks about how Stairwell brings VirusTotal-like visibility to private files, and about integrating the insights that brings into your SOC workflow.

This episode is also available on Youtube.

Show notes

• FBI takedown banner appears on BreachForums site as Scattered Spider promotes leak | The Record from Recorded Future News
• Dozens of Oracle customers impacted by Clop data theft for extortion campaign | CyberScoop
• Well, Well, Well. It’s Another Day. (Oracle E-Business Suite Pre-Auth RCE Chain - CVE-2025-61882)
• Clop is a Big Fish, But Not Worth Hunting - Risky Business Media
• ShinyHunters Wage Broad Corporate Extortion Spree – Krebs on Security
• The company Discord blamed for its recent breach says it wasn't hacked
• Qantas confirms cybercriminals released stolen customer data | The Record from Recorded Future News
• Red Hat confirms breach of GitLab instance, which stored company’s consulting data | CyberScoop
• Risky Bulletin: Microsoft revamps Edge's "IE Mode" after zero-day attacks - Risky Business Media
• Teenagers arrested in England over cyberattack on nursery chain Kido | The Record from Recorded Future News
• Acting US Cyber Command, NSA chief won’t be nominated for the job, sources say | The Record from Recorded Future News
• Layoffs, reassignments further deplete CISA | Cybersecurity Dive
• Trump’s scandalous directive to AG Pam Bondi reached the public by accident
• Feds sanction Cambodian conglomerate over cyber scams, seize $15 billion from chairman | The Record from Recorded Future News
• US Congress committee investigating Musk-owned Starlink over Myanmar scam centres | Myanmar | The Guardian
• Satellites Are Leaking the World’s Secrets: Calls, Texts, Military and Corporate Data | WIRED
• Netherlands invokes special powers against Chinese-owned semiconductor company Nexperia | The Record from Recorded Future News
• Spyware maker NSO Group confirms acquisition by US investors | TechCrunch
• Apple Announces $2 Million Bug Bounty Reward for the Most Dangerous Exploits | WIRED
• Wiz Finds Critical Redis RCE Vulnerability: CVE‑2025‑49844 | Wiz Blog
• SonicWall admits attacker accessed all customer firewall configurations stored on cloud portal | CyberScoop
• SonicWall SSLVPN devices compromised using valid credentials | Cybersecurity Dive
• Issues Affecting CrowdStrike Falcon Sensor for Windows
• ZDI Drops 13 Unpatched Ivanti Endpoint Manager Vulnerabilities - SecurityWeek
• Jaguar Land Rover launches phased restart at factories after cyber-attack | Jaguar Land Rover | The Guardian
• Windows 10 support ends today — here's who's affected and what you need to do

💾

In this edition of the Snake Oilers podcast, three vendors pop in to pitch you all on their wares:

• Realm Security: A security focussed, AI-first data pipeline platform
• Horizon3: AI hackers! Pentesting robots!! They’re coming fer yur jerbs!
• Persona: Verify customer and staff identities with live capture

This episode is also available on Youtube.

Show notes

💾

On this week’s show Patrick Gray is on holiday so Amberleigh Jack and Adam Boileau hijack the studio to discuss the week’s cybersecurity news, including:

• Hackers learn that trying to coerce a journalist just makes for … a great story?
• A man in his 40s gets arrested over the European airport chaos. Yep, we’re surprised, too.
• Adam fanboys over Watchtowr Labs while bemoaning Fortra.
• Academics pick apart Tile trackers and find them lacking
• CISA tells agencies to patch their damn Cisco gear

This episode is also available on YouTube.

Show notes

• 'You'll never need to work again': Criminals offer reporter money to hack BBC
• Government to guarantee £1.5bn Jaguar Land Rover loan after cyber shutdown
• Feds Tie ‘Scattered Spider’ Duo to $115M in Ransoms – Krebs on Security
• UK authorities arrest man in connection with cyberattack against aviation vendor | Cybersecurity Dive
• Chinese scammer pleads guilty after UK seizes nearly $7 billion in bitcoin
• Cyberattack on Japanese beer giant Asahi limits shipping, call center operations | The Record from Recorded Future News
• Afghanistan plunged into nationwide internet blackout, disrupting air travel, medical care | The Record from Recorded Future News
• Tile trackers are a stalker's dream, say Georgia Tech researchers
• Intel and AMD trusted enclaves, the backbone of network security, fall to physical attacks - Ars Technica
• Supermicro server motherboards can be infected with unremovable malware - Ars Technica
• China-linked hackers use ‘BRICKSTORM’ backdoor to steal IP | The Record from Recorded Future News
• Another BRICKSTORM: Stealthy Backdoor Enabling Espionage into Tech and Legal Sectors
• Federal agencies given one day to patch exploited Cisco firewall bugs | The Record from Recorded Future News
• Cisco IOS and IOS XE Software SNMP Denial of Service and Remote Code Execution Vulnerability
• Is This Bad? This Feels Bad. (Fortra GoAnywhere CVE-2025-10035)
• It Is Bad (Exploitation of Fortra GoAnywhere MFT CVE-2025-10035) - Part 2

💾

On this week’s show Patrick Gray and special guest Rob Joyce discuss the week’s cybersecurity news, including:

• Secret Service raids a SIM farm in New York
• MI6 launches a dark web portal
• Are the 2023 Scattered Spider kids finally getting their comeuppance?
• Production halt continues for Jaguar Land Rover
• GitHub tightens its security after Shai-Hulud worm

This week’s episode is sponsored by Sublime Security. In this week’s sponsor interview, Sublime founder and CEO Josh Kamdjou joins host Patrick Gray to chat about the pros and cons of using agentic AI in an email security platform.

This episode is also available on YouTube

Show notes

• U.S. Secret Service disrupts telecom network that threatened NYC during U.N. General Assembly
• MI6 launches darkweb portal to recruit foreign spies | The Record from Recorded Future News
• One Token to rule them all - obtaining Global Admin in every Entra ID tenant via Actor tokens | dirkjanm.io
• Github npm changes
• Flights across Europe delayed after cyberattack targets third-party vendor | Cybersecurity Dive
• Major European airports work to restore services after cyberattack on check-in systems | The Record from Recorded Future News
• When “Goodbye” isn’t the end: Scattered LAPSUS$ Hunters hack on | DataBreaches.Net
• UK arrests 2 more alleged Scattered Spider hackers over London transit system breach | Cybersecurity Dive
• Alleged Scattered Spider member turns self in to Las Vegas police | The Record from Recorded Future News
• Las Vegas police arrest minor accused of high-profile 2023 casino attacks | CyberScoop
• DOJ: Scattered Spider took $115 million in ransoms, breached a US court system | The Record from Recorded Future News
• vx-underground on X: "Scattered Spider ransoms company for 964BTC - wtf_thats_alot.jpeg - Document says "Cost of BTC at time was $36M" - $36M / 964BTC = $37.5K - BTC value was $37.5K in November, 2023 - Google "Ransomware, November, 2023" - omfg.exe https://t.co/uv2EzbL5HT" | X
• JLR ‘cyber shockwave ripping through UK industry’ as supplier share price plummets by 55% | The Record from Recorded Future News
• Jaguar Land Rover to extend production pause into October following cyberattack | Cybersecurity Dive
• New plan would give Congress another 18 months to revisit Section 702 surveillance powers | The Record from Recorded Future News
• AI-powered vulnerability detection will make things worse, not better, former US cyber official warns | Cybersecurity Dive

💾

On this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news, including:

• Shai-Hulud worm propagates via npm and steals credentials
• Jaguar Land Rover attack may put smaller suppliers out of business
• Leaked data emerges from the vendor behind the Great Firewall of China
• Vastaamo hacker walks free while appeal is underway
• Why is a senator so mad about Kerberos?

This week’s episode is sponsored by Knocknoc. Chief exec Adam Pointon joins to talk through the surprising number of customers that are using Knocknoc’s identity-to-firewall glue to protect internal services and networks.

This week’s episode is also available on Youtube.

Show notes

• Self-Replicating Worm Hits 180+ Software Packages – Krebs on Security
• Jaguar Land Rover: Some suppliers 'face bankruptcy' due to hack crisis
• Jaguar Land Rover production shutdown could last until November
• U.S. Investors, Trump Close In on TikTok Deal With China - WSJ
• U.S. Investors, Trump Close In on TikTok Deal With China - WSJ
• How China’s Propaganda and Surveillance Systems Really Operate | WIRED
• Mythical Beasts: Diving into the depths of the global spyware market - Atlantic Council
• Hacker convicted of extorting 20,000 psychotherapy victims walks free during appeal | The Record from Recorded Future News
• US national charged in Finnish psychotherapy center extortion | The Record from Recorded Future News
• BreachForums administrator given three-year prison stint after resentencing | The Record from Recorded Future News
• Microsoft, Cloudflare disrupt RaccoonO365 credential stealing tool run by Nigerian national | The Record from Recorded Future News
• Senator blasts Microsoft for making default Windows vulnerable to “Kerberoasting” - Ars Technica
• Exclusive: US warns hidden radios may be embedded in solar-powered highway infrastructure | Reuters
• Israel announces seizure of $1.5M from crypto wallets tied to Iran | TechCrunch

💾

In this sponsored Soap Box edition of the Risky Business podcast, industry legend HD Moore joins the show to talk about runZero’s major push into vulnerability management.

With its new Nuclei integration, runZero is now able to get a very accurate picture of what’s vulnerable in your environment, without spraying highly privileged credentials at attackers on your network.

It can also integrate with your EDR platform, and other data sources, to give you powerful visibility into the true state of things on your network and in your cloud.

This episode is also available on Youtube.

Show notes

💾

On this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news, including:

• Apple ruins exploit developers’ week with fresh memory corruption mitigations
• Feross Aboukhadijeh drops by to talk about the big, dumb npm supply chain attack
• Salesloft says its GitHub was the initial entry point for its compromise
• Sitecore says people should “patch” its using-the-keymat-from-the-documentation “zero day”
• Rogue certs for 1.1.1.1 appear to be just (stupid) testing
• Jaguar Land Rover ransomware attackers are courting trouble

This week’s episode is sponsored by open source cloud security tool, Prowler. Founder Toni de la Fuente joins to discuss their new support for Microsoft 365. Time to point Prowler at your OneDrive and Sharepoint!

This episode is also available on Youtube.

Show notes

• Blog - Memory Integrity Enforcement: A complete vision for memory safety in Apple devices - Apple Security Research
• Venezuela's president thinks American spies can't hack Huawei phones | TechCrunch
• 18 Popular Code Packages Hacked, Rigged to Steal Crypto – Krebs on Security
• Software packages with more than 2 billion weekly downloads hit in supply-chain attack - Ars Technica
• Salesloft platform integration restored after probe reveals monthslong GitHub account compromise | Cybersecurity Dive
• CISA orders federal agencies to patch Sitecore zero-day following hacking reports | The Record from Recorded Future News
• SAP warns of high-severity vulnerabilities in multiple products - Ars Technica
• The number of mis-issued 1.1.1.1 certificates grows. Here’s the latest. - Ars Technica
• Cyberattack on Jaguar Land Rover threatens to hit British economic growth | The Record from Recorded Future News
• Cyberattack forces Jaguar Land Rover to tell staff to stay at home | The Record from Recorded Future News
• Bridgestone Americas continues probe as it looks to restore operations | Cybersecurity Dive
• Qantas penalizes executives for July cyberattack | The Record from Recorded Future News
• Cyber Command, NSA to remain under single leader as officials shelve plan to end 'dual hat' | The Record from Recorded Future News
• GOP Cries Censorship Over Spam Filters That Work – Krebs on Security
• Risky Bulletin: APT report? No, just a phishing test! - Risky Business Media
• Post by @patrick.risky.biz — Bluesky

💾

In this edition of the Snake Oilers podcasts, three vendors pop in to pitch you all on their wares:

• Automated, AI-powered threat hunting with Nebulock

Damien Lewke from Nebulock joins the show to talk about how its agentic AI platform can surface attacker activity out of all those “low” and “informational” findings your detection team doesn’t have time to look at.

• Runtime security for hypervisors from Vali Cyber

Austin Gadient from Vali Cyber stops by to talk about ZeroLock, its hypervisor security product. It’s marketed as a counter-ransomware control but is just a generally useful security platform for virtualised environments.

• A secure mobile telco: Cape

The only thing American cell providers love more than providing patchy coverage is getting their customers’ data owned. Cape is here to change that. It’s a security and anonymity-focussed virtual mobile network operator (MVNO) that’s been spun up by a highly competent team. If we lived in the USA we would be customers, and a bunch of CISOs listening to this might want to consider Cape subscriptions for their workforce.

This episode is also available on Youtube

Show notes

💾

On this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news, including:

• The Salesloft breach and why OAuth soup is a problem
• The Salt Typhoon telco hackers turn out to be Chinese private sector, but state-directed
• Google says it will stand up a “disruption unit”
• Microsoft writes up a ransomware gang that’s all-in on the cloud future
• Aussie firm hot-mics its work-from-home employees’ laptops
• Youtube scam baiters help the feds take down a fraud ring

This episode is sponsored by Dropzone.AI. Founder and CEO Edward Wu joins the show to talk about how AI driven SOC tools can help smaller organisations claw their way above the “security poverty line”. A dedicated monitoring team, threat hunting and alert triage, in a company that only has a couple of part time infosec people? Yes please!

This episode is also available on Youtube.

Show notes

• The Ongoing Fallout from a Breach at AI Chatbot Maker Salesloft – Krebs on Security
• Salesloft: The Leading AI Revenue Orchestration Platform
• Palo Alto Networks, Zscaler customers impacted by supply chain attacks | Cybersecurity Dive
• The impact of the Salesloft Drift breach on Cloudflare and our customers
• China used three private companies to hack global telecoms, U.S. says
• CSA_COUNTERING_CHINA_STATE_ACTORS_COMPROMISE_OF_NETWORKS.PDF
• Google previews cyber ‘disruption unit’ as U.S. government, industry weigh going heavier on offense | CyberScoop
• Ransomware gang takedowns causing explosion of new, smaller groups | The Record from Recorded Future News
• Hundreds of Swedish municipalities impacted by suspected ransomware attack on IT supplier | The Record from Recorded Future News
• Storm-0501’s evolving techniques lead to cloud-based ransomware | Microsoft Security Blog
• The Era of AI-Generated Ransomware Has Arrived | WIRED
• Between Two Nerds: How threat actors are using AI to run wild - YouTube
• Affiliates Flock to ‘Soulless’ Scam Gambling Machine – Krebs on Security
• UK sought broad access to Apple customers’ data, court filing suggests
• ICE reactivates contract with spyware maker Paragon | TechCrunch
• WhatsApp fixes 'zero-click' bug used to hack Apple users with spyware | TechCrunch
• Safetrac turned staff laptops into covert recording devices to monitor WFH
• Risky Bulletin: YouTubers unmask and help dismantle giant Chinese scam ring - Risky Business Media

💾

On this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news, including:

• Australia expels Iranian ambassador
• Hackers sabotage Iranian shipping satcoms
• APT hacker got doxxed in Phrack. Kind of. They’re probably Chinese, not DPRK?
• Trail of Bits uses image-downscaling to sneak prompts into Google Gemini
• The Com’s King Bob gets ten years in the slammer
• It’s a day that ends in -y, so of course there’s a new Citrix Netscaler RCE being used in the wild.

This week’s episode is brought to you by Corelight. Chief Strategy Officer Greg Bell talks through how they’ve been implementing AI for sifting through your network data. A model-context-protocol server that can rummage in all those packet logs for you while you keep investigating? Yes please.

This episode is also available on Youtube.

Show notes

• Embassy staff flee Canberra in dead of night | news.com.au — Australia’s leading news site for latest headlines
• Swedish security service says Iran uses criminal networks in Sweden | Reuters
• Risky Bulletin: Hackers sabotage Iranian ships at sea, again - Risky Business Media
• Microsoft scales back Chinese access to cyber early warning system | Reuters
• Microsoft Didn’t Disclose Key Details to U.S. Officials of China-Based Engineers, Record Shows — ProPublica
• .:: Phrack Magazine ::.
• Uncovering the Chinese Proxy Service Used in APT Campaigns
• Weaponizing image scaling against production AI systems -The Trail of Bits Blog
• FBI, Cisco warn of Russia-linked hackers targeting critical infrastructure organizations | Cybersecurity Dive
• CrowdStrike warns of uptick in Silk Typhoon attacks this summer | CyberScoop
• Kevin Beaumont: "There’s a bunch of new Netscal…" - Cyberplace
• US charges Oregon man in vast botnet-for-hire operation | Cybersecurity Dive
• South Korea arrests suspected Chinese hacker accused of targeting BTS singer and other celebrities | The Record from Recorded Future News
• SIM-Swapper, Scattered Spider Hacker Gets 10 Years – Krebs on Security
• Chinese national who sabotaged Ohio company’s systems handed four-year jail stint | The Record from Recorded Future News
• Nevada state offices close after wide-ranging 'network security incident' | Reuters
• DSLRoot, Proxies, and the Threat of ‘Legal Botnets’ – Krebs on Security
• Russia weighs Google Meet ban as part of foreign tech crackdown | The Record from Recorded Future News
• Kremlin-Mandated Messaging App Max Is Designed To Spy On Users
• Иеромонах РПЦ Макарий призвал помолиться за мессенджер MAX

💾

The Wide World of Cyber podcast is back! In this episode host Patrick Gray chats with Alex Stamos and Chris Krebs about Microsoft’s entanglement in China.

Redmond has been using Chinese engineers to do everything from remotely support US DoD private cloud systems to maintain the on premise version of the SharePoint code base. It’s all blown up in the press over the last month, but how did we get here? Did Microsoft make these decisions to save money? Or was it more about getting access to the Chinese market? And how can we all make the world’s most important software company stop doing things like this? Tune in to the Wide World of Cyber podcast to find out!

This episode is also available on Youtube.

Show notes

💾

On this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news, including:

• Oracle’s long term CSO departs, and we’re not that sad about it
• Canada’s House of Commons gets popped through a Microsoft bug
• Russia degrades voice calls via Whatsapp and Telegram to push people towards Max
• South-East Asian scam compounds are also behind child sextortion
• Reports that the UK has backed down on Apple crypto are… strange
• Oh and of course there’s a Fortinet bug! There’s always a Fortinet bug!

This week’s episode is sponsored by open source identity provider Authentik. CEO Fletcher Heisler joins the show this week, and explains the journey of implementing SSO backed login on Windows, Mac and Linux. You’ll never guess which one was a few lines of PAM config, and which was a multi-month engineering project!

This episode is also available on Youtube.

Show notes

• Is Oracle facing headwinds? After layoffs, its 4-decade veteran Chief Security Officer Mary Ann Davidson departs
• Oracle CSO blasted over anti-security research rant - iTnews
• New York lawsuit against Zelle creator alleges features allowed $1 billion in thefts | The Record from Recorded Future News
• Mobile Phishers Target Brokerage Accounts in ‘Ramp and Dump’ Cashout Scheme – Krebs on Security
• How we found TeaOnHer spilling users' driver's licenses in less than 10 minutes | TechCrunch
• UK has backed down on demand to access US Apple user data, spy chief says
• DNI Tulsi Gabbard on X: "As a result, the UK has agreed to drop its mandate for"
• Hackers target Workday in social engineering attack
• Russia curbs WhatsApp, Telegram calls to counter cybercrime | The Record from Recorded Future News
• Hackers reportedly compromise Canadian House of Commons through Microsoft vulnerability | The Record from Recorded Future News
• Norway police believe pro-Russian hackers were behind April dam sabotage | The Record from Recorded Future News
• US agencies, international allies issue guidance on OT asset inventorying | Cybersecurity Dive
• FortMajeure: Authentication Bypass in FortiWeb (CVE-2025-52970)
• U.S. State Dept - Near Eastern Affairs on X: "He did not claim diplomatic immunity and was released by a state judge"
• 493 Cases of Sextortion Against Children Linked to Notorious Scam Compounds | WIRED
• .:: Phrack Magazine ::.
• Accenture to buy Australian cyber security firm CyberCX - iTnews

💾

In this Soap Box edition of the Risky Business podcast Patrick Gray chats with Socket founder Feross Aboukhadijeh about how to measure the reachability of vulnerabilities in applications.

It’s great to know there’s a CVE in a library you’re using, but it’s even better if you can say whether or not that vulnerability actually impacts your application.

They also talk about how Socket started out as a way to discover malicious packages in software projects, but these days it’s playing the CVE game as well.

This episode is also available on Youtube.

Show notes

💾

On this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news, including:

• CISA warns about the path from on-prem Exchange to the cloud
• Microsoft awards a crisp zero dollar bill for a report about what a mess its internal Entra-authed apps are
• Everyone and their dog seems to have a shell in US Federal Court information systems
• Google pays $250k for a Chrome sandbox escape
• Attackers use javascript in adult SVG files to … farm facebook likes?!
• SonicWall says users aren’t getting hacked with an 0day… this time.

This week’s episode is sponsored by SpecterOps. Chief product officer Justin Kohler talks about how the flagship Bloodhound tool has evolved to map attack paths anywhere. Bring your own applications, directories and systems into the graph, and join the identity attacks together.

This episode is also available on Youtube.

Show notes

• CISA, Microsoft issue alerts on ‘high-severity’ Exchange vulnerability | The Record from Recorded Future News
• Advanced Active Directory to Entra ID lateral movement techniques
• Consent & Compromise: Abusing Entra OAuth for Fun and Access to Internal Microsoft Applications
• Cartels may be able to target witnesses after major court hack
• Federal judiciary tightens digital security as it deals with ‘escalated cyberattacks’ | The Record from Recorded Future News
• Citrix NetScaler flaws lead to critical infrastructure breaches | Cybersecurity Dive
• DARPA touts value of AI-powered vulnerability detection as it announces competition winners | Cybersecurity Dive
• Buttercup is now open-source!
• HTTP/1.1 must die: the desync endgame
• US confirms takedown of BlackSuit ransomware gang that racked up $370 million in ransoms | The Record from Recorded Future News
• North Korean cyber-espionage group ScarCruft adds ransomware in recent attack | The Record from Recorded Future News
• Adult sites are stashing exploit code inside racy .svg files - Ars Technica
• Google pays 250k for Chromium sandbox escape
• SonicWall says recent attack wave involved previously disclosed flaw, not zero-day | Cybersecurity Dive
• Two groups exploit WinRAR flaws in separate cyber-espionage campaigns | The Record from Recorded Future News
• Tornado Cash cofounder dodges money laundering conviction, found guilty of lesser charge | The Record from Recorded Future News
• Hackers Hijacked Google’s Gemini AI With a Poisoned Calendar Invite to Take Over a Smart Home | WIRED
• Malware in Open VSX: These Vibes Are Off
• How attackers are using Active Directory Federation Services to phish with legit office.com links
• Introducing our guide to phishing detection evasion techniques
• The State of Attack Path Management

💾

On this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news. Google security engineering VP Heather Adkins drops by to talk about their AI bug hunter, and Risky Business producer Amberleigh Jack makes her main show debut.

This episode explores the rise of AI-powered bug hunting:

• Google’s Project Zero and Deepmind team up to find and report 20 bugs to open source projects
• The XBOW AI bug hunting platform sees success on HackerOne
• Is an AI James Kettle on the horizon?

There’s also plenty of regular cybersecurity news to discuss:

• On-prem Sharepoint’s codebase is maintained out of China… awkward!
• China frets about the US backdooring its NVIDIA chips, how you like ‘dem apples, China?
• SonicWall advises customers to turn off their VPNs
• Hardware controlling Dell laptop fingerprint and card readers has nasty driver bugs
• Russia uses its ISPs to in-the-middle embassy computers and backdoor ‘em.
• The Russian government pushes VK’s Max messenger for everything

This week’s show is sponsored by device management platform Devicie. Head of Solutions Sean Ollerton talks through the impending Windows 10 apocalypse, as Microsoft ends mainstream support. He says Windows 11 isn’t as scary as people make out, but if the update isn’t on your radar now, time is running out.

This episode is also available on Youtube.

Show notes

• Google says its AI-based bug hunter found 20 security vulnerabilities | TechCrunch
• Is XBOW’s success the beginning of the end of human-led bug hunting? Not yet. | CyberScoop
• James Kettle on X: "There I am being careful to balance hyping my talk without going too far and then this gets published 😂 maybe the countdown timer is just too ominous!
• Risky Bulletin: China with the accusations again - Risky Business Media
• 美情报机构频繁对我国防军工领域实施网络攻击窃密
• SharePoint Exploit: Microsoft Used China-Based Engineers to Maintain the Software — ProPublica
• China fears Nvidia chips could track, trace and shut down its AIs - Asia Times
• SonicWall urges customers to take VPN devices offline after ransomware incidents | The Record from Recorded Future News
• Gen 7 SonicWall Firewalls – SSLVPN Recent Threat Activity
• ReVault! When your SoC turns against you…
• Nearly 100,000 ChatGPT Conversations Were Searchable on Google
• Microsoft catches Russian hackers targeting foreign embassies - Ars Technica
• The Kremlin’s Most Devious Hacking Group Is Using Russian ISPs to Plant Spyware | WIRED
• Frozen in transit: Secret Blizzard’s AiTM campaign against diplomats | Microsoft Security Blog
• Russia blocks popular US-made internet speed test tool over national security concerns | The Record from Recorded Future News

💾

In this Soap Box edition of the show Patrick Gray chats with the CEO of email security company Sublime Security, Josh Kamdjou. They talk about where AI is useful, where it isn’t, and why AI can’t save vendors from their bad product design choices.

This episode is also available on Youtube.

Show notes

💾

On this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news:

• Did the SharePoint bug leak out of the Microsoft MAPP program?
• Expel retracts its FIDO bypass writeup
• The mess surrounding the women-only dating-safety app Tea gets worse
• Broadcom customers struggle to get patches for VMWare hypervisor escapes
• Aeroflot gets hacked by the Cyber Partisans, disrupting flights

This week’s episode is sponsored by Push Security. Daniel Cuthbert joins and explains how having telemetry about identity from inside the browser is a key pillar for investigating intrusions in the browser-centric future.

This episode is also available on Youtube.

Show notes

• Microsoft Probing Whether Cyber Alert Tipped Off Chinese Hackers
• Microsoft says Warlock ransomware deployed in SharePoint attacks as governments scramble | The Record from Recorded Future News
• What we know about the Microsoft SharePoint attacks | Cybersecurity Dive
• An important update (and apology) on our PoisonSeed blog
• Tea User Files Class Action After Women’s Safety App Exposes Data
• A Second Tea Breach Reveals Users’ DMs About Abortions and Cheating
• Top Lawyer for National Security Agency Is Fired
• From Help Desk to Hypervisor: Defending Your VMware vSphere Estate from UNC3944
• VMware prevents some perpetual license holders from downloading patches
• Pro-Ukrainian hackers take credit for attack that snarls Russian flight travel - Ars Technica
• КИБЕРУДАР ПО АЭРОФЛОТУ РФ!v
• Treasury sanctions North Koreans involved in IT-worker schemes | Cybersecurity Dive
• Minnesota governor activates National Guard amid St. Paul cyberattack | StateScoop
• Outage was result of cyberattack, Post Luxembourg says
• Clorox files $380 million suit blaming Cognizant for 2023 cyberattack | Cybersecurity Dive
• Cisco network access security platform vulnerabilities under active exploitation | CyberScoop
• Arizona woman sentenced to 8.5 years for running North Korean laptop farm | The Record from Recorded Future News
• Cybercrime forum Leak Zone publicly exposed its users' IP addresses | TechCrunch

💾

Risky Biz returns after two weeks off, and there sure is cybersecurity news to catch up on. Patrick Gray and Adam Boileau discuss:

• Microsoft tried to make outsourcing the Pentagon’s cloud maintenance to China okay (it was not)
• She shells Sharepoint by the sea-shore (by ‘she’ we mean ‘China’)
• Four (alleged) Scattered Spider members arrested (and bailed) in the UK
• Hackers spend $2700 to buy creds for a Brazilian payment system, steal $100M
• Fortinet has SQLI in the auth header, Citrix mem leak is weaponised, HP hardcodes creds and Sonicwalls get user-moderootkits. Just security vendor things!

This week’s episode is sponsored by Airlock Digital. CEO David Cottingham talks through what it takes to build a mature, resilient management platform for a security critical system.

This episode is also available on Youtube.

Show notes

• Update on DOD’s cloud services
• Microsoft to stop using engineers in China for tech support of US military, Hegseth orders review
• A Little-Known Microsoft Program Could Expose the Defense Department to Chinese Hackers
• While DOD policy bans unauthorized apps like TikTok from being on employees phones over national security risks
• Microsoft Fix Targets Attacks on SharePoint Zero-Day – Krebs on Security
• National Guard was hacked by China's 'Salt Typhoon' group, DHS says
• Suspected contractor for China’s Hafnium group arrested in in Italy | Cybersecurity Dive
• Singapore accuses Chinese state-backed hackers of attacking critical infrastructure networks | The Record from Recorded Future News
• UK Arrests Four in ‘Scattered Spider’ Ransom Group – Krebs on Security
• Four people bailed after arrests over cyber attacks on M&S, Co-op and Harrods
• Brazilian police arrest IT worker over $100 million cyber theft | The Record from Recorded Future News
• At Least 750 US Hospitals Faced Disruptions During Last Year’s CrowdStrike Outage, Study Finds | WIRED
• Hacker returns cryptocurrency stolen from GMX exchange after $5 million bounty payment | The Record
• Indian crypto exchange CoinDCX says $44 million stolen from reserves | The Record
• Chainalysis: $2.17 billion in crypto stolen in first half of 2025, driven by North Korean hacks | The Record
• PoisonSeed bypassing FIDO keys to ‘fetch’ user accounts
• Risky Bulletin: Browser extensions hijacked for web scraping botnet
• A Startup is Selling Data Hacked from Peoples’ Computers to Debt Collectors
• A surveillance vendor was caught exploiting a new SS7 attack to track people's phone locations | TechCrunch
• Ukrainian hackers wipe databases at Russia's Gazprom in major cyberattack, intelligence source says
• File transfer company CrushFTP warns of zero-day exploit seen in the wild | The Record
• HPE warns of hardcoded passwords in Aruba access points
• Pre-Auth SQL Injection to RCE - Fortinet FortiWeb Fabric Connector (CVE-2025-25257)
• Researchers, CISA confirm active exploitation of critical Citrix Netscaler flaw | Cybersecurity Dive
• Google finds custom backdoor being installed on SonicWall network devices - Ars Technica
• Hackers Can Remotely Trigger the Brakes on American Trains and the Problem Has Been Ignored for Years

💾

In this sponsored Soap Box edition of the Risky Business podcast Patrick Gray chats with Toni de la Fuente, founder of open source multi-cloud security product Prowler.

Toni explains how Prowler came to be, and how its journey followed his own learning about the cloud. The pair also discuss Prowler’s successful transition from an open-source project into a community, and now a growing business with an as-a-service platform.

This episode is also available on Youtube.

Show notes

💾