Risky Business

On this week’s show, Patrick Gray, Adam Boileau and James WIlson discuss the week’s cybersecurity news. They cover:

The Coruna exploits were L3 Harris, but it seems Triangulation… was not!

Iran’s cyber HQ hit by Israeli (kinetic) strikes

Trump’s cyber “strategy” is … well, all we’ve got is jokes cause there’s no serious content

NSA and CyberCom finally get a leader after Lt Gen Joshua Rudd gets Senate nod

DOGE (remember them?!) employee walked a social security database out on a USB stick

This episode is sponsored by open source cloud security scanner Prowler. Creator and CEO Toni de la Fuente talks to Pat about some of the enterprise features Prowler is growing, while remaining true to its open source roots.

This episode is also available on Youtube.



Show notes



Inside Coruna: Reverse Engineering a Nation-State iOS Exploit Kit From JavaScript


GitHub - matteyeux/coruna: deobfuscated JS and blobs


US military contractor likely built iPhone hacking tools used by Russian spies in Ukraine


APT36: A Nightmare of Vibeware


State-linked actors targeted US networks in lead-up to Iran war


Iranian cyber warfare HQ allegedly hit by Israel


Last 2 names of 6 US soldiers who died in Kuwait attack identified by the Pentagon


Signal, WhatsApp users face Russian phishing push, Dutch warn


Samuel Bendett on X: "Russian military told it couldn't use Telegram messaging app"


FBI investigating ‘suspicious’ cyber activities on critical surveillance network


Risky Bulletin: New White House EO prioritizes fight against scams and cybercrime


President Trump’s CYBER STRATEGY for America


Fact Sheet: President Donald J. Trump Combats Cybercrime, Fraud, and Predatory Schemes Against American Citizens


UK plans to shift fraud fight onto telecoms, tech companies


Trump to hit Anthropic with executive order to remove "woke" AI Claude


Anthropic launches code review tool to check flood of AI-generated code


CrowdStrike reports record quarter amid investor concerns about AI impact


Critical defect in Java security engine poses serious downstream security risks


Gen. Joshua Rudd confirmed as NSA, Cyber Command head


Plankey’s nomination as CISA director now in jeopardy


DOGE employee stole Social Security data and put it on a thumb drive, report says


Taming Agentic Browsers: Vulnerability in Chrome Allowed Extensions to Hijack New Gemini Panel


Cel mai mare exportator român de carne, deținătorul brandului Cocorico, a intrat în restructurări, alături de Casa de Insolvență Transilvania

On this week’s show, Patrick Gray, Adam Boileau and James WIlson discuss the week’s cybersecurity news. They cover:

The US-Israeli attack on Iran had a whole lot of cyber. It’s clearly in the playbook now!

The NSA Triangulation / L3 Harris Trenchant iOS exploit kit is on the loose, and being used by Chinese crypto scammers

So long Maddhu Gottumukkala, but CISA’s annus horribilis continues

Adam “humbug” Boileau complains about the Airsnitch wifi attack just being three ethernets in a trenchcoat

ASD’s Cisco SD-WAN threat hunting guide is clearly borne of … experience

This week’s episode is sponsored by AI threat hunting platform Nebulock. Sydney Marrone joins to talk about how useful AI models are on the hunt, and her work building out an open source framework and maturity model. It’s methodology agnostic, so you can adapt it for your environment, and the github link is in the show notes!

This episode is also available on Youtube.



Show notes



Inside the plan to kill Ali Khamenei


Hacked traffic cams and hijacked TVs: How cyber operations supported the war against Iran | TechCrunch


Matthew Prince 🌥 on X: "Counter to what some cyber vendors are saying, there’s been a dramatic drop in Iranian cyber operations. Likely as the operators are sheltering. They may pick back up, but right now there’s a noticeable lull." / X


Cyber Command disrupted Iranian comms, sensors, top general says | The Record from Recorded Future News


Iranian Hackers Use Elon Musk’s Starlink To Stay Online


Exclusive | U.S. Smuggled Thousands of Starlink Terminals Into Iran After Protest Crackdown - WSJ


Attacks on GPS Spike Amid US and Israeli War on Iran | WIRED


Amazon Data Centers on Fire After Iranian Missile Strikes on Dubai


A Possible US Government iPhone-Hacking Toolkit Is Now in the Hands of Foreign Spies and Criminals | WIRED


Canceled contracts, a failed polygraph and personal disputes: Inside the turbulent tenure of Noem’s former cyber czar - POLITICO


CISA CIO Robert Costello exits agency | CyberScoop


OpenAI alters deal with Pentagon as critics sound alarm over surveillance


Inside Anthropic’s Killer-Robot Dispute With the Pentagon - The Atlantic


Read the full transcript of our interview with Anthropic CEO Dario Amodei - CBS News


CBP Tapped Into the Online Advertising Ecosystem To Track Peoples’ Movements


Large-Scale Online Deanonymization with LLMs


Hackers Weaponize Claude Code in Mexican Government Cyberattack - SecurityWeek


New AirSnitch attack bypasses Wi-Fi encryption in homes, offices, and enterprises - Ars Technica


CISA orders agencies to patch Cisco devices now under attack | Cybersecurity Dive


CISCO SD-WAN THREAT HUNT GUIDE


ClawJacked attack let malicious websites hijack OpenClaw to steal data


Area Man Accidentally Hacks 6,700 Camera-Enabled Robot Vacuums | WIRED


Intellexa founder, three others sentenced to 8 years in prison over Greek spyware scandal | The Record from Recorded Future News


Moscow man accused of posing as FSB officer to extort Conti ransomware gang | The Record from Recorded Future News


Farewell, Felix · The Recurity Lablog


Atmos Sphere 2026 | Atmos


The Agentic Threat Hunting Framework | Nebulock blog


GitHub - Nebulock-Inc/agentic-threat-hunting-framework: ATHF is a framework for agentic threat hunting - building systems that can remember, learn, and act with increasing autonomy. · GitHub

On this week’s show, Patrick Gray, Adam Boileau and James WIlson discuss the week’s cybersecurity news. They cover:

Low skill actors compromise 600 Fortinets with AI-generated playbooks

Anthropic calls out Chinese AI firms over model distillation

Meta’s director of AI safety tells her ClawdBot not to delete her mail… so of course it does

Peter Williams cops 7 years in jail for selling L3 Harris Trenchant’s exploits to Russia

Ivanti got hacked in 2021 via… bugs in Ivanti

This episode is sponsored by line-rate network capture system Corelight. CEO Brian Dye joins to discuss what AI can do for defenders, and what it can’t.

This episode is also available on Youtube.



Show notes



AI-augmented threat actor accesses FortiGate devices at scale


"this reads to me like: they ran existing tools.... but with a cool dashboard :D"


Anthropic accuses Chinese labs of trying to illicitly take Claude’s capabilities | CyberScoop


Detecting and preventing distillation attacks


Hegseth warns Anthropic to let the military use the company’s AI tech as it sees fit, AP sources say


Anthropic Rolls Out Embedded Security Scanning for Claude


AWS's AI Coding Bot Kiro Caused a 13-Hour Outage


Running OpenClaw safely: identity, isolation, and runtime risk


Former Adobe, Cisco and Salesforce CISO talks AI pentesting


History Repeats: Security in the AI Agent Era


Meta Director of AI Safety Allows AI Agent to Accidentally Delete Her Inbox


Microsoft says Office bug exposed customers' confidential emails to Copilot AI | TechCrunch


The (tangential) fix: Microsoft adds Copilot data controls to all storage locations


Ex-L3Harris executive sentenced to 87 months in prison for selling zero-day exploits to Russian broker


Treasury Sanctions Exploit Broker Network for Theft and Sale of U.S. Government Cyber Tools


Risky Bulletin: Russia starts criminal probe of Telegram founder Pavel Durov


Ukraine pushes tighter Telegram regulation, citing Russian recruitment of locals


The watchers: how openai, the US government, and persona built an identity surveillance machine that files reports on you to the feds


Persona emails customers saying they don’t work with ICE or DHS amid ‘surveillance’ claims


Inside the Fix: Analysis of In-the-Wild Exploit of CVE-2026-21513


Ivanti hacked in 2021 via its own product


Fed agencies ordered to patch Dell bug by Saturday after exploitation warning | The Record from Recorded Future News


From BRICKSTORM to GRIMBOLT: UNC6201 Exploiting a Dell RecoverPoint for Virtual Machines Zero-Day

There’s a lethal trifecta of AI risks: access to private data, exposure to untrusted content, and external communication. In this conversation, Risky Business host Patrick Gray chats with Josh Devon, the co-founder of Sondera, about how to best address these risks.

There is no magic solution to this problem. AI models mix code and data, are non-deterministic, and are crawling around all over your enterprise data and APIs as you read this.

But in this sponsored interview, Josh outlines how we can start to wrap our hands around the problem.

This episode is also available on Youtube.



Show notes

On this week’s show, Patrick Gray, Adam Boileau and James WIlson discuss the week’s cybersecurity news. They cover:

Palo Alto threat researchers want to attribute to China, but management says shush

An increasing proportion of ransomware is data extortion. Is this good?

Cambodia says it’s going to dismantle scam compounds

CISA sufferers through yet another shutdown

Google Gemini’s training secrets are being systematically harvested to improve other LLMs

Academics assess SaaS password managers’ resilience against a malicious server

This episode is sponsored by SSO-firewall integration vendor Knocknoc. Chief exec Adam Pointon joins to talk about the latest in defences… which is to say Knocknoc for Solaris/Sparc and HPUX on PA-RISC?! Okay also that other little known OS… Windows.

This episode is also available on Youtube.



Show notes



Data-only extortion grows as ransomware gangs seek better profits | Cybersecurity Dive


Arctic Wolf Threat Report 2026


Exclusive: Palo Alto chose not to tie China to hacking campaign for fear of retaliation from Beijing, sources say


Risky Bulletin: Cambodia promises to dismantle scam networks by April - Risky Business Media


Age of the ‘scam state’: how an illicit, multibillion-dollar industry has taken root in south-east Asia | Cybercrime | The Guardian


Critical flaw in BeyondTrust Remote Support sees early signs of exploitation | Cybersecurity Dive


CISA Navigates DHS Shutdown With Reduced Staff - SecurityWeek


Kimwolf Botnet Swamps Anonymity Network I2P – Krebs on Security


BADIIS to the Bone: New Insights to a Global SEO Poisoning Campaign — Elastic Security Labs


Over 500,000 VKontakte accounts hijacked through malicious Chrome extensions | The Record from Recorded Future News


Password managers' promise that they can't see your vaults isn't always true - Ars Technica


Zero Knowledge (About) Encryption: A Comparative Security Analysis of Three Cloud-based Password Managers


Google finds state-sponsored hackers use AI at 'all stages' of attack cycle | CyberScoop


Google: Gemini hit with 100,000+ prompts in cloning attempt


Proofpoint acquires Acuvity to tackle the security risks of agentic AI | CyberScoop


Cisco Redefines Security for the Agentic Era with AI Defense Expansion and AI-Aware SASE


Sophos Acquires Arco Cyber to Bring CISO-Level, Agentic AI-Powered Expertise to Every Organization


Dave Kennedy on X: "Regarding this, there was a couple questions on does the pacemaker continue to advertise - most BLE implantable devices go into a sleep type mode. In this case, we are lucky - it does not. We know based on law enforcement answers that she is using a more modern pacemaker with" / X


Clash Report on X: "BIG: Dutch Defence Minister Gijs Tuinman hints that software independence is possible for F-35 jets. He literally said you can “jailbreak” an F-35. When asked if Europe can modify it without US approval: “That’s not the point… we’ll see whether the Americans will show https://t.co/f11cGvtYsO" / X


Dutch police arrest man who refused to delete confidential files shared by mistake | The Record from Recorded Future News