Risky Business

On this week’s show, Patrick Gray, Adam Boileau and James Wilson discuss the week’s cybersecurity news. They cover: This week’s episode is sponsored by mobile network operator, Cape. Ajit Gokhale talks with James about the ways to get being a telco right when you’re starting from scratch and solving the security problems of 2026. This episode is also available on Youtube. Show notes Lab SpaceThe “AI Vulnerability Storm”: Building a “Mythosready” Security ProgramPolymarket on X: "JUST IN: Goldman Sachs is reportedly ramping up its cyber defenses in preparation for Claude Mythos." Ananay on X: "Marcus Hutchins probably has the best take on Mythos doing vulnerability research"solst/ICE of Astarte on X: "Th vast majority of CISOs do not work at Google-sized companies, and will not have to worry about 0days"Charlie Miller on X: "we’ve gone through this before with early fuzzers, afl, etc"James Kettle on X: "'Can AI Do Novel Security Research? Meet the HTTP Terminator' will premiere at Blackhat"jeffrey lee funk on X: "We've been tricked, again. Many of the thousands of bugs and vulnerabilities Mythos found are in older software are impossible to exploit."Claude is getting worse, according to Claude • The RegisterYour Agent Is Mine: Measuring Malicious Intermediary Attacks on the LLM Supply ChainOpenAI's Mac apps need updates thanks to the Axios hack | CyberScoopHack at Anodot leaves over a dozen breached companies facing extortion | TechCrunchSnowflake customers hit in data theft attacks after SaaS integrator breachBooking.com confirms hackers accessed customers’ dataCPUID hijacked to serve malware as HWMonitor downloads • The RegisterKnown Exploited Vulnerabilities Catalog | CISAAdobe fixes PDF zero-day security bug that hackers have exploited for months | TechCrunchThe Sad Decline of Trenchant Exec Who Had Everything, Before Deciding to Steal and Sell Zero Days to Russian BuyerFBI Extracts Suspect’s Deleted Signal Messages Saved in iPhone Notification DatabaseUS operation evicts Russia from hacked SOHO routers used to breach critical infrastructure | Cybersecurity DiveTelegram Is Still Hosting a Sanctioned $21 Billion Crypto Scammer Black Market | WIREDThe Dumbest Hack of the Year Exposed a Very Real Problem | WIRED

In this edition of the Snake Oilers podcast three vendors stop by to pitch the audience on their products: Burp AI and DAST: The founder of PortSwigger and creator of legendary security software Burp Suite, Dafydd Stuttard, drops by to pitch listeners on Burp AI and Burp Suite DAST. Sondera: Josh Devon talks about Sondera, a technology designed to intervene when AI models start doing the wrong thing by statefully tracking their trajectories. This isn’t a permissions suite for AI agents, it’s a way to stick agents in a harness and make sure they adhere to hard policy boundaries. Truffle Security: Dylan Ayrey, the founder of Truffle Security, joins Risky Business again to talk through the latest bells and whistles in Trufflehog, a security tool that searches for exposed secrets and validates them. The Truffle team has done a lot of work on the remediation part of their product over the last few years, and Dylan tells us all about it! This episode is also available on YouTube Show notes

On this week’s show, Patrick Gray, Adam Boileau and James Wilson discuss the week’s cybersecurity news. They cover: This week’s episode is sponsored by identity verification firm, Persona. Tying digital actions to actual human identities isn’t just for banking know-your-customer any more. Persona’s Benjamin Crait says know-your-staff checks belong in high-value flows inside your organisation, too. This episode is also available on Youtube. Show notes Claude Mythos Preview \ red.anthropic.comAnthropic Claims Its New A.I. Model, Mythos, Is a Cybersecurity ‘Reckoning’ - The New York TimesAnthropic Teams Up With Its Rivals to Keep AI From Hacking Everything | WIREDFFmpeg on X: "Thank you to @AnthropicAI for sending FFmpeg patches" / XCritical flaw in F5 BIG-IP faces wide exploitation risk | Cybersecurity DiveReact2Shell vulnerability helps hackers steal credentials, AI platform keys and other sensitive data | Cybersecurity DiveCritical flaw in FortiClient EMS under exploitation | Cybersecurity DiveResearchers warn of critical flaws in Progress ShareFile | Cybersecurity DiveCISA gives agencies two weeks to patch video conferencing bug exploited by Chinese hackers | The Record from Recorded Future NewsNew Rowhammer attacks give complete control of machines running Nvidia GPUs - Ars TechnicaNorth Korea's hijack of one of the web's most used open source projects was likely weeks in the making | TechCrunchDrift crypto platform confirms $280 million stolen in hack as researchers point finger at North Korea | The Record from Recorded Future NewsDrift on X: "Drift Protocol — Incident Background Update " / XTrump’s FY2027 budget again targets CISA | Cybersecurity DiveCISA’s vulnerability scans, field support on chopping block in Trump budget | Cybersecurity DiveIranian hackers break into U.S. industrial systems, agencies warnFBI labels suspected China hack of law enforcement data 'a major cyber incident'Russia Hacked Routers to Steal Microsoft Office Tokens – Krebs on SecurityMassachusetts hospital turning ambulances away after cyberattack | The Record from Recorded Future NewsExclusive | 'Ghost Murmur,' a never-used secret tool, deployed to find lost airman in Iran in daring missionA Secure Chat App’s Encryption Is So Bad It Is ‘Meaningless’

In this special documentary episode, Patrick Gray and Amberleigh Jack take a look back at hacking throughout the 1990s, from the feel-good vibes of the early hacking communities to the antics of young hackers who wound up on the run from the FBI. Part one features recollections from: How the World Got Owned is produced in partnership with SentinelOne. Show notes Elias Levy (Aleph1), Former Principle Engineer, GoogleKevin Poulsen, JournalistJeff Moss, DefCon founderChris Wysopal, @Stake founder, L0pht memberHackers testifying at the United States Senate, May 19, 1998Hackers May ‘Net’ Good PR for StudioDefCon Archives | DefCon 1A Not So Terribly Brief History of the Electronic Frontier FoundationInnocent Hackers Want Their Computers BackBreakdowns in Computer SecurityUnsolved Mysteries, Season 3, Episode 4The Last Hacker: He Called Himself Dark Dante. His Compulsion Led Him to Secret Files and, Eventually, The Bar of JusticeJustia appeal summary, Kevin Poulsen, 1994Smashing the Stack for Fun and Profit, Phrack Magazine, November 1996From subversives to CEOs: How radical hackers built today’s cybersecurity industry

On this week’s show, Patrick Gray, Adam Boileau and James Wilson discuss the week’s cybersecurity news. They cover: This week’s episode is sponsored by Dropzone AI, who make automated AI SOC analysts. Head honcho Ed Wu explains how they’ve built pre-canned ‘hunt packs’ to lead the AI off into your environment to find weird, interesting and security relevant things. Show notes Google links axios supply chain attack to North Korean group | The Record from Recorded Future NewsCisco source code stolen in Trivy-linked dev environment breachchiefofautism on X: "someone at ANTHROPIC just showed CLAUDE finding ZERO DAY vulnerabilities in a live conference demo"h0mbre on X: "Claude is somehow better at kernel exploitation than creating meal plans."Vulnerability Research Is Cooked — QuarrelsomeMAD Bugs: vim vs emacs vs Claude - CalifMAD Bugs: Claude Wrote a Full FreeBSD Remote Kernel RCE with Root Shell (CVE-2026-4747)A Risky Biz Experiment: Hunting for iOS 0day with AI - Risky Business MediaSecurity leaders say the next two years are going to be 'insane' | CyberScoopCoruna framework: an exploit kit and ties to Operation Triangulation | SecurelistApple says no one using Lockdown Mode has been hacked with spyware | TechCrunchReverse engineering Apple’s silent security fixes - CalifJury finds Meta's platforms are harmful to children in 1st wave of social media addiction lawsuits | PBS NewsMeta and YouTube found liable in social media addiction trialIranian hackers publish emails allegedly stolen from Kash PatelIran Us War: 'Legitimate targets': Iran issues warning to US tech firms including Google, Amazon, Microsoft, Nvidia - The Times of IndiaDrop Site on X: "IRGC: From now on, for every assassination, an American company will be destroyed"OSINTtechnical on X: "Starlink shutdowns are forcing Russian troops even deeper into Ubiquiti’s ecosystem. "State Department reissues $10 million reward for info on Iranian hackers | The Record from Recorded Future NewsNational Cyber Authority: 50 Israeli companies 'digitally erased' | Israel National NewsStryker restores most manufacturing after cyberattack | Cybersecurity DiveCitrix NetScaler products confirmed to be under exploitation | Cybersecurity DiveCISA tells federal agencies to patch Citrix NetScaler bug by Thursday | The Record from Recorded Future NewsUsing a VPN May Subject You to NSA Spying | WIREDPost reporters called the White House. Their phones showed ‘Epstein Island.’ - The Washington Post

In this sponsored Soap Box edition of the show, Patrick Gray and James Wilson talk about red teaming AI systems with Russel Van Tuyl, Vice President of Services at elite penetration testing firm SpecterOps. SpecterOps is the company behind attack path enumeration tool Bloodhound and Bloodhound Enterprise, but they’re also a pentest and red teaming shop with world class expertise in popping shells on all sorts of interesting systems in all sorts of interesting places. This episode is also available on Youtube. Show notes

On this week’s show, Patrick Gray, Adam Boileau and James WIlson discuss the week’s cybersecurity news. They talk through: This week’s episode is sponsored by enterprise browser maker, Island. Chief Customer Officer Bradon Rogers joins Pat to explain how its customers are using Island to control the use of personal AI services in regulated industries. This episode is also available on Youtube. Show notes ‘CanisterWorm’ Springs Wiper Attack Targeting IranTeamPCP deploys CanisterWorm on NPM following Trivy compromiseAndrej Karpathy on X: "Software horror: litellm PyPI supply chain" attackCheckmarx KICS GitHub Action Compromised: Malware Injected in All Git TagsFelix Rieseberg on X: "Today, we’re releasing a feature that allows Claude to control your computer"A Top Google Search Result for Claude Plugins Was Planted by HackersLockheed Martin targeted in alleged breach by pro-Iran hacktivistCISA urges companies to secure Microsoft Intune systems after hackers mass-wipe Stryker devicesFBI seems to seize website tied to Iranian cyberattack on StrykerStryker confirms cyberattack is contained and restoration underwayHundreds of Millions of iPhones Can Be Hacked With a New Tool Found in the WildSomeone has publicly leaked an exploit kit that can hack millions of iPhonesRussia-linked hackers use advanced iPhone exploit to target UkrainiansApple rolls out first 'background security' update for iPhones, iPads, and Macs to fix Safari bugPost by @wartranslated.bsky.social — BlueskySignal’s Creator Is Helping Encrypt Meta AIHacker says they compromised millions of confidential police tips held by US company Millions of 'anonymous' crime tips exposed in massive Crime Stoppers hackFeds Disrupt IoT Botnets Behind Huge DDoS Attacks FCC bans import of consumer-grade routers amid national security concernsWhite House pours cold water on cyber ‘letters of marque’ speculationGoogle launches threat disruption unit, stops short of calling it ‘offensive'Supermicro’s cofounder was just arrested for allegedly smuggling $2.5 billion in GPUs to ChinaCyberattack on vehicle breathalyzer company leaves drivers stranded across the USMan pleads guilty to $8 million AI-generated music schemeTwo Israelis AI generated "intelligence" and sold it to Iran

On this week’s show, Patrick Gray, Adam Boileau and James WIlson discuss the week’s cybersecurity news. They discuss: This week’s episode is sponsored by browser-based detection and response company, Push Security. Researcher Dan Green and Field CTO Mark Orlando join Pat to talk through the InstallFix variant of the *Fix attack technique. This episode is also available on Youtube. Show notes Iranian Hacktivists Strike Medical Device Maker Stryker in "Severe" Attack that Wiped SystemsStryker says it's restoring systems after pro-Iran hackers wiped thousands of employee devices | TechCrunchStryker attack raises concerns about role of device management tool | Cybersecurity DiveStryker tells SEC that timeline for recovery from cyberattack unknown | The Record from Recorded Future NewsHow ‘Handala’ Became the Face of Iran’s Hacker Counterattacks | WIREDU.S Strikes Killed Iranian Cyber Chiefs, But The Hacks ContinuedRisky Business Features: Being a Wartime CISOSupply-chain attack using invisible code hits GitHub and other repositories - Ars TechnicaChina's biggest cybersecurity company, Qihoo 360 just leaked their own wildcard SSL private keyEmergent Cyber Behavior: When AI Agents Become Offensive Threat Actors - IrregularRisky Business Features: MCP is DeadMeasuring AI Agents’ Progress on Multi-Step Cyber Attack ScenariosMeasuring AI Agents' Progress on Multi-Step Cyber Attack ScenariosWhat is end-to-end encryption on Instagram | Instagram Help CenterUS Lawmakers Move to Kill the FBI’s Warrantless Wiretap Access | WIREDWebsite "whitelists" launched in Moscow | Forbes.ruExclusive: Foreign hacker in 2023 compromised Epstein files held by FBI, source and documents show | ReutersFeds say another DigitalMint negotiator ran ransomware attacks and helped extort $75 million | CyberScoopResearchers disclose vulnerabilities in IP KVMs from four manufacturers - Ars TechnicaRE//verse 2026: Hacking the Xbox One by Markus 'doom' Gaasedelen - YouTubeCrackArmor: Multiple vulnerabilities in AppArmor

In this Soap Box edition of the Risky Business podcast Patrick Gray sits down with Airlock Digital co-founders Daniel Schell and David Cottingham to talk about the role AI models could play in managing enterprise allowlists. They also talk about the durability of allowlisting as a control. After 12 years in business, the Airlock product hasn’t really changed all that much. That’s a good thing! It also means the Airlock team have been able to spend some time doing deep engineering instead of chasing the latest attacker TTPs and writing detection rules for them. This episode is also available on Youtube. Show notes

On this week’s show, Patrick Gray, Adam Boileau and James WIlson discuss the week’s cybersecurity news. They cover: This episode is sponsored by open source cloud security scanner Prowler. Creator and CEO Toni de la Fuente talks to Pat about some of the enterprise features Prowler is growing, while remaining true to its open source roots. This episode is also available on Youtube. Show notes Inside Coruna: Reverse Engineering a Nation-State iOS Exploit Kit From JavaScriptGitHub - matteyeux/coruna: deobfuscated JS and blobsUS military contractor likely built iPhone hacking tools used by Russian spies in UkraineAPT36: A Nightmare of VibewareState-linked actors targeted US networks in lead-up to Iran warIranian cyber warfare HQ allegedly hit by IsraelLast 2 names of 6 US soldiers who died in Kuwait attack identified by the PentagonSignal, WhatsApp users face Russian phishing push, Dutch warnSamuel Bendett on X: "Russian military told it couldn't use Telegram messaging app"FBI investigating ‘suspicious’ cyber activities on critical surveillance network Risky Bulletin: New White House EO prioritizes fight against scams and cybercrimePresident Trump’s CYBER STRATEGY for AmericaFact Sheet: President Donald J. Trump Combats Cybercrime, Fraud, and Predatory Schemes Against American CitizensUK plans to shift fraud fight onto telecoms, tech companiesTrump to hit Anthropic with executive order to remove "woke" AI ClaudeAnthropic launches code review tool to check flood of AI-generated codeCrowdStrike reports record quarter amid investor concerns about AI impactCritical defect in Java security engine poses serious downstream security risks Gen. Joshua Rudd confirmed as NSA, Cyber Command headPlankey’s nomination as CISA director now in jeopardyDOGE employee stole Social Security data and put it on a thumb drive, report saysTaming Agentic Browsers: Vulnerability in Chrome Allowed Extensions to Hijack New Gemini PanelCel mai mare exportator român de carne, deținătorul brandului Cocorico, a intrat în restructurări, alături de Casa de Insolvență Transilvania

On this week’s show, Patrick Gray, Adam Boileau and James WIlson discuss the week’s cybersecurity news. They cover: This week’s episode is sponsored by AI threat hunting platform Nebulock. Sydney Marrone joins to talk about how useful AI models are on the hunt, and her work building out an open source framework and maturity model. It’s methodology agnostic, so you can adapt it for your environment, and the github link is in the show notes! This episode is also available on Youtube. Show notes Inside the plan to kill Ali KhameneiHacked traffic cams and hijacked TVs: How cyber operations supported the war against Iran | TechCrunchMatthew Prince 🌥 on X: "Counter to what some cyber vendors are saying, there’s been a dramatic drop in Iranian cyber operations. Likely as the operators are sheltering. They may pick back up, but right now there’s a noticeable lull." / XCyber Command disrupted Iranian comms, sensors, top general says | The Record from Recorded Future NewsIranian Hackers Use Elon Musk’s Starlink To Stay OnlineExclusive | U.S. Smuggled Thousands of Starlink Terminals Into Iran After Protest Crackdown - WSJAttacks on GPS Spike Amid US and Israeli War on Iran | WIREDAmazon Data Centers on Fire After Iranian Missile Strikes on DubaiA Possible US Government iPhone-Hacking Toolkit Is Now in the Hands of Foreign Spies and Criminals | WIREDCanceled contracts, a failed polygraph and personal disputes: Inside the turbulent tenure of Noem’s former cyber czar - POLITICOCISA CIO Robert Costello exits agency | CyberScoopOpenAI alters deal with Pentagon as critics sound alarm over surveillanceInside Anthropic’s Killer-Robot Dispute With the Pentagon - The AtlanticRead the full transcript of our interview with Anthropic CEO Dario Amodei - CBS NewsCBP Tapped Into the Online Advertising Ecosystem To Track Peoples’ MovementsLarge-Scale Online Deanonymization with LLMsHackers Weaponize Claude Code in Mexican Government Cyberattack - SecurityWeekNew AirSnitch attack bypasses Wi-Fi encryption in homes, offices, and enterprises - Ars TechnicaCISA orders agencies to patch Cisco devices now under attack | Cybersecurity DiveCISCO SD-WAN THREAT HUNT GUIDEClawJacked attack let malicious websites hijack OpenClaw to steal dataArea Man Accidentally Hacks 6,700 Camera-Enabled Robot Vacuums | WIREDIntellexa founder, three others sentenced to 8 years in prison over Greek spyware scandal | The Record from Recorded Future NewsMoscow man accused of posing as FSB officer to extort Conti ransomware gang | The Record from Recorded Future NewsFarewell, Felix · The Recurity LablogAtmos Sphere 2026 | AtmosThe Agentic Threat Hunting Framework | Nebulock blogGitHub - Nebulock-Inc/agentic-threat-hunting-framework: ATHF is a framework for agentic threat hunting - building systems that can remember, learn, and act with increasing autonomy. · GitHub

On this week’s show, Patrick Gray, Adam Boileau and James WIlson discuss the week’s cybersecurity news. They cover: This episode is sponsored by line-rate network capture system Corelight. CEO Brian Dye joins to discuss what AI can do for defenders, and what it can’t. This episode is also available on Youtube. Show notes AI-augmented threat actor accesses FortiGate devices at scale"this reads to me like: they ran existing tools.... but with a cool dashboard :D"Anthropic accuses Chinese labs of trying to illicitly take Claude’s capabilities | CyberScoopDetecting and preventing distillation attacksHegseth warns Anthropic to let the military use the company’s AI tech as it sees fit, AP sources sayAnthropic Rolls Out Embedded Security Scanning for ClaudeAWS's AI Coding Bot Kiro Caused a 13-Hour OutageRunning OpenClaw safely: identity, isolation, and runtime riskFormer Adobe, Cisco and Salesforce CISO talks AI pentestingHistory Repeats: Security in the AI Agent EraMeta Director of AI Safety Allows AI Agent to Accidentally Delete Her InboxMicrosoft says Office bug exposed customers' confidential emails to Copilot AI | TechCrunchThe (tangential) fix: Microsoft adds Copilot data controls to all storage locationsEx-L3Harris executive sentenced to 87 months in prison for selling zero-day exploits to Russian brokerTreasury Sanctions Exploit Broker Network for Theft and Sale of U.S. Government Cyber ToolsRisky Bulletin: Russia starts criminal probe of Telegram founder Pavel DurovUkraine pushes tighter Telegram regulation, citing Russian recruitment of localsThe watchers: how openai, the US government, and persona built an identity surveillance machine that files reports on you to the fedsPersona emails customers saying they don’t work with ICE or DHS amid ‘surveillance’ claimsInside the Fix: Analysis of In-the-Wild Exploit of CVE-2026-21513Ivanti hacked in 2021 via its own productFed agencies ordered to patch Dell bug by Saturday after exploitation warning | The Record from Recorded Future NewsFrom BRICKSTORM to GRIMBOLT: UNC6201 Exploiting a Dell RecoverPoint for Virtual Machines Zero-Day

There’s a lethal trifecta of AI risks: access to private data, exposure to untrusted content, and external communication. In this conversation, Risky Business host Patrick Gray chats with Josh Devon, the co-founder of Sondera, about how to best address these risks. There is no magic solution to this problem. AI models mix code and data, are non-deterministic, and are crawling around all over your enterprise data and APIs as you read this. But in this sponsored interview, Josh outlines how we can start to wrap our hands around the problem. This episode is also available on Youtube. Show notes

On this week’s show, Patrick Gray, Adam Boileau and James WIlson discuss the week’s cybersecurity news. They cover: This episode is sponsored by SSO-firewall integration vendor Knocknoc. Chief exec Adam Pointon joins to talk about the latest in defences… which is to say Knocknoc for Solaris/Sparc and HPUX on PA-RISC?! Okay also that other little known OS… Windows. This episode is also available on Youtube. Show notes Data-only extortion grows as ransomware gangs seek better profits | Cybersecurity DiveArctic Wolf Threat Report 2026Exclusive: Palo Alto chose not to tie China to hacking campaign for fear of retaliation from Beijing, sources sayRisky Bulletin: Cambodia promises to dismantle scam networks by April - Risky Business MediaAge of the ‘scam state’: how an illicit, multibillion-dollar industry has taken root in south-east Asia | Cybercrime | The GuardianCritical flaw in BeyondTrust Remote Support sees early signs of exploitation | Cybersecurity DiveCISA Navigates DHS Shutdown With Reduced Staff - SecurityWeekKimwolf Botnet Swamps Anonymity Network I2P – Krebs on SecurityBADIIS to the Bone: New Insights to a Global SEO Poisoning Campaign — Elastic Security LabsOver 500,000 VKontakte accounts hijacked through malicious Chrome extensions | The Record from Recorded Future NewsPassword managers' promise that they can't see your vaults isn't always true - Ars TechnicaZero Knowledge (About) Encryption: A Comparative Security Analysis of Three Cloud-based Password ManagersGoogle finds state-sponsored hackers use AI at 'all stages' of attack cycle | CyberScoopGoogle: Gemini hit with 100,000+ prompts in cloning attemptProofpoint acquires Acuvity to tackle the security risks of agentic AI | CyberScoopCisco Redefines Security for the Agentic Era with AI Defense Expansion and AI-Aware SASESophos Acquires Arco Cyber to Bring CISO-Level, Agentic AI-Powered Expertise to Every OrganizationDave Kennedy on X: "Regarding this, there was a couple questions on does the pacemaker continue to advertise - most BLE implantable devices go into a sleep type mode. In this case, we are lucky - it does not. We know based on law enforcement answers that she is using a more modern pacemaker with" / XClash Report on X: "BIG: Dutch Defence Minister Gijs Tuinman hints that software independence is possible for F-35 jets. He literally said you can “jailbreak” an F-35. When asked if Europe can modify it without US approval: “That’s not the point… we’ll see whether the Americans will show https://t.co/f11cGvtYsO" / XDutch police arrest man who refused to delete confidential files shared by mistake | The Record from Recorded Future News

On this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news, including: This week’s episode is sponsored by Ent.AI, an AI startup that isn’t quite ready to tell us all what they’re doing. But nevertheless, founder Brandon Dixon joins to discuss AI’s role in security. Where does language-based understanding take us that previous methods couldn’t? This episode is also available on Youtube. Show notes Updates in two of our core priorities - The Official Microsoft BlogStrengthening Windows trust and security through User Transparency and Consent | Windows Experience BlogMicrosoft prepares to refresh Secure Boot’s digital certificate | Cybersecurity DiveMicrosoft Patch Tuesday matches last year’s zero-day high with six actively exploited vulnerabilities | CyberScoopMicrosoft releases urgent Office patch. Russian-state hackers pounce. - Ars TechnicaItaly blames Russia-linked hackers for cyberattacks ahead of Winter Olympics | The Record from Recorded Future NewsResearchers uncover vast cyberespionage operation targeting dozens of governments worldwide | The Record from Recorded Future NewsGermany warns of state-linked phishing campaign targeting journalists, government officials | The Record from Recorded Future NewsNorwegian intelligence discloses country hit by Salt Typhoon campaign | The Record from Recorded Future NewsSingapore says China-linked hackers targeted telecom providers in major spying campaign | The Record from Recorded Future NewsLargest Multi-Agency Cyber Operation Mounted to Counter Threat Posed by Advanced Persistent Threat (APT) Actor UNC3886 to Singapore’s Telecommunications Sector | Cyber Security Agency of SingaporeHow Intel and Google Collaborate to Strengthen Intel® TDXStrengthening the Foundation: A Joint Security Review of Intel TDX 1.5 - Google Bug HuntersActive Exploitation of SolarWinds Web Help Desk (CVE-2025-26399) | HuntressEU, Dutch government announce hacks following Ivanti zero-days | The Record from Recorded Future NewsNorth Korean hackers targeted crypto exec with fake Zoom meeting, ClickFix scam | The Record from Recorded Future NewsBeyondTrust warns of critical RCE flaw in remote support softwareRapid7 Analysis of CVE-2026-1731Building a C compiler with a team of parallel Claudes \ Anthropic(1) Post by @ryiron.bsky.social — BlueskyWhat AI Security Research Looks Like When It Works | AISLESouth Korean crypto exchange races to recover $40bn of bitcoin sent to customers by mistake | South Korea | The GuardianWhite House to meet with GOP lawmakers on FISA Section 702 renewal | The Record from Recorded Future News

Patrick Gray and Adam Boileau are joined by the newest guy on the Risky Business Media team, James WIlson. They discuss the week’s cybersecurity news, including: This weeks’s episode is sponsored by opensource IDP platform Authentik. CEO Fletcher Heisler talks to Pat about their new endpoint agent that can enforce device posture policies during login. This episode is also available on Youtube. Show notes The Chrysalis Backdoor: A Deep Dive into Lotus Blossom’s toolkitNotepad++ Hijacked by State-Sponsored Hackers | Notepad++Notepad++ v8.8.3 - Self-signed Certificate: Certified by Code, Not Corporations | Notepad++Hacking Moltbook: AI Social Network Reveals 1.5M API Keys | Wiz Bloglcamtuf on X: "Moltbook debate in a nutshell" / XExposed Moltbook Database Let Anyone Take Control of Any AI Agent on the SiteAndrewMohawk on X: "How exactly did an attacker send a message to your bot since you need to approve all the channels and set keys etc" / XSignal president warns AI agents are making encryption irrelevantMassive AI Chat App Leaked Millions of Users Private ConversationsRuna Sandvik on X: New court record from the FBI details the state of the devices seized from Washington Post reporter Hannah NatansonEFTA01683874.pdfDisrupting the World's Largest Residential Proxy Network | Google Cloud BlogNobel Committee says Peace Prize winner likely revealed early by digital spying | ReutersCounty pays $600,000 to pentesters it arrested for assessing courthouse security - Ars TechnicaAdvancing Windows security: Disabling NTLM by default - Windows IT Pro BlogCritical flaws in Ivanti EPMM lead to fast-moving exploitation attempts | Cybersecurity DiveCISA orders federal agencies to patch exploited SolarWinds bug by Friday | The Record from Recorded Future NewsCISA, security researchers warn FortiCloud SSO flaw is under attack | Cybersecurity DiveFintech firm Marquis blames hack at firewall provider SonicWall for its data breach | TechCrunchWe Hid a Free Trip to Switzerland in Our Privacy Policy. Someone Found It in 2 Weeks. - CapeBetween Two Nerds: The internal logic of Russian power grid attacks - YouTube

In this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news. They discuss: This episode is sponsored by Sublime Security. Brian Baskin is one of the team behind Sublime’s 2026 Email Threat Research report. He joins to talk through what they see of attackers’ use of AI, as well as the other trends of the year. Show notes France to ditch US platforms Microsoft Teams, Zoom for ‘sovereign platform’ amid security concerns | EuronewsSuite Numérique plan - Google SearchChina hacked Downing Street phones for yearsCyberattack Targeting Poland’s Energy Grid Used a WiperTrump says U.S. used secret 'discombobulator' on Venezuelan equipment during Maduro raid | PBS NewsRisky Bulletin: Cyberattack cripples cars across Russia - Risky Business MediaLawmakers probe CISA leader over staffing decisions | CyberScoopTrump’s acting cyber chief uploaded sensitive files into a public version of ChatGPT - POLITICOActing CISA director failed a polygraph. Career staff are now under investigation. - POLITICONIST is rethinking its role in analyzing software vulnerabilities | Cybersecurity DiveFederal agencies abruptly pull out of RSAC after organizer hires Easterly | Cybersecurity DiveReal-Time phishing kits target Okta, Microsoft, GooglePhishing kits adapt to the script of callersOn the Coming Industrialisation of Exploit Generation with LLMs – Sean Heelan's BlogGitHub - SeanHeelan/anamnesis-release: Automatic Exploit Generation with LLMsOverrun with AI slop, cURL scraps bug bounties to ensure "intact mental health" - Ars TechnicaBypassing Windows Administrator Protection - Project ZeroTask Failed Successfully - Microsoft’s “Immediate” Retirement of MDT - SpecterOpsKubernetes Remote Code Execution Via Nodes/Proxy GET PermissionWhatsApp's Latest Privacy Protection: Strict Account Settings - WhatsApp BlogMicrosoft gave FBI a set of BitLocker encryption keys to unlock suspects' laptops: Reports | TechCrunchHe Leaked the Secrets of a Southeast Asian Scam Compound. Then He Had to Get Out Alive | WIREDKey findings from the 2026 Sublime Email Threat Research Report

In this week’s show, Patrick Gray and Adam Boileau discuss the week’s cybersecurity news, joined by a special guest. BBC World Cyber Correspondent Joe Tidy is a long time listener and he pops in for a ride-along in the news segment plus a chat about his new book. This week news includes: Thinkst is this week’s sponsor, and long time friend of the show Haroon Meer joins. As always they’re polishing their Canary tokens - adding breadcrumbs to lead you to them - but they’re also a bunch of giant nerds who now run South Africa’s Computer Olympiad. This episode is also available on Youtube. Show notes Cyberattack in Venezuela Demonstrated Precision of U.S. Capabilities - The New York TimesWhy I’m withholding certainty that “precise” US cyber-op disrupted Venezuelan electricity - Ars TechnicaLayered Ambiguity: US Cyber Capabilities in the Raid to Extract Maduro from Venezuela | Royal United Services InstituteFormer CISA Director Jen Easterly Will Lead RSAC Conference | WIREDTrump officials consider skipping premier cyber conference after Biden-era cyber leader named CEO - Nextgov/FCWFederal agencies ordered to patch Microsoft Desktop Windows Manager bug | The Record from Recorded Future NewsWindows 11 shutdown bug forces Microsoft into damage control • The RegisterCodeBreach: Supply Chain Vuln & AWS CodeBuild Misconfig | Wiz BlogCritical flaw in AWS Console risked compromise of build environment | Cybersecurity DiveNever-before-seen Linux malware is “far more advanced than typical” - Ars TechnicaVoidLink: Evidence That the Era of Advanced AI-Generated Malware Has Begun - Check Point ResearchHundreds of Millions of Audio Devices Need a Patch to Prevent Wireless Hacking and Tracking | WIREDCritical flaw in Fortinet FortiSIEM targeted in exploitation threat | Cybersecurity DiveCVE-2025-64155: 3 Years of Remotely Rooting the FortiSIEMA single click mounted a covert, multistage attack against Copilot - Ars TechnicaPolice raid homes of alleged Black Basta hackers, hunt suspected Russian ringleader | The Record from Recorded Future NewsJordanian initial access broker pleads guilty to helping target 50 companies | The Record from Recorded Future NewsSupreme Court hacker posted stolen government data on Instagram | TechCrunchoss-sec: GNU InetUtils Security Advisory: remote authentication by-pass in telnetdHow crypto criminals stole $700 million from people - often using age-old tricksCtrl + Alt + Chaos: How Teenage Hackers Hijack the Internet

Risky Business returns for 2026! Patrick Gray and Adam Boileau talk through the week’s cybersecurity news, including: This week’s episode is sponsored by Airlock Digital. The founders of the application allow-listing vendor, David Cottingham and Daniel Schell, discuss Microsoft’s ClickOnce .NET app packaging, and how attackers have been abusing it to load code. Airlock hates it when you load code! This episode is also available on Youtube. Show notes US, Australia say ‘MongoBleed’ bug being exploited | The Record from Recorded Future NewsMerry Christmas Day! Have a MongoDB security incident. | by Kevin Beaumont | Dec, 2025 | DoublePulsarInside Vercel’s sleep-deprived race to contain React2Shell | CyberScoopgpg.failHacktivist deletes white supremacist websites live onstage during hacker conference | TechCrunchChinese attackers exploiting zero-day to target Cisco email security products | The Record from Recorded Future NewsNi8mare - Unauthenticated Remote Code Execution in n8n (CVE-2026-21858) | Cyera Research LabsServiceNow patches critical AI platform flaw that could allow user impersonation | CyberScoopAlleged cyber scam kingpin arrested, extradited to China | The Record from Recorded Future NewsFCC IoT labeling program loses lead company after China probe | Cybersecurity DiveTrump picks Lt. Gen. Joshua Rudd to lead NSA spy agency - The Washington PostNSA cyber directorate gets new acting leadership | The Record from Recorded Future NewsDutch court sentences hacker who used port systems to smuggle cocaine to 7 years | The Record from Recorded Future NewsECLI:NL:GHAMS:2026:22, Amsterdam Court of Appeal, 23-003218-22The Kimwolf Botnet is Stalking Your Local Network – Krebs on SecurityWho Benefited from the Aisuru and Kimwolf Botnets? – Krebs on SecurityCoupang recovers smashed laptop that alleged data leaker threw into river | The Record from Recorded Future NewsRansomware responders plead guilty to using ALPHV in attacks on US organizations | The Record from Recorded Future NewsNearly 480,000 impacted by Covenant Health data breach | The Record from Recorded Future NewsIllinois health department exposed over 700,000 residents' personal data for years | TechCrunchTech provider for NHS England confirms data breach | TechCrunchHacker claiming to be behind ManageMyHealth breach: ‘I do it for the money and I’m in negotiations to get it’ - NZ Herald

In this special documentary episode, Patrick Gray and Amberleigh Jack take a historical dive into hacking in the 1980s. Through the words of those that were there, they discuss life on the ARPANET, the 414s hacking group, the Morris Worm, the vibe inside the NSA and a parallel hunt for German hackers happening at a similar time to Cliff Stoll’s famous Cuckoo’s Egg story. This podcast features the memories of: How the World Got Owned is produced in partnership with SentinelOne. Show notes 1988 Federal sentencing guidelines manualComputer Intruder is put on probation and fined $10,000 | The New York TimesComputer Intruder is found guilty | The New York TimesUnited States of America, Appellee, v. Robert Tappan Morris, Defendant-appellant, 928 F.2d 504 (2d Cir. 1991)The Cuckoo’s Egg: Tracking a Spy Through the Maze of Computer Espionage | Clifford StollCracking the Cuckoo’s Egg: The Untold Story of tracking and finding Karl Koch aka Hagbard of the Chaos Computer Club | Greg ChartrandComputer Buffs Tapped NASA Files | The New York TimesYoung Computer Bandits Byte off More than They Could Chew | The Washington Post‘Hacker’ is used by Mainstream Media, September 5, 1983 | EDNNeal Patrick to testify before congressional committeeWargames official trailer, 1983CBS News Segment on Robert Morris Computer HackerThe Fall of the Berlin Wall | Sky NewsI Hacked a Nuclear Facility in the 1980’s. You’re Welcome | CNN