Risky Business

On this week’s show, Patrick Gray, Adam Boileau and James WIlson discuss the week’s cybersecurity news. They cover:

Palo Alto threat researchers want to attribute to China, but management says shush

An increasing proportion of ransomware is data extortion. Is this good?

Cambodia says it’s going to dismantle scam compounds

CISA sufferers through yet another shutdown

Google Gemini’s training secrets are being systematically harvested to improve other LLMs

Academics assess SaaS password managers’ resilience against a malicious server

This episode is sponsored by SSO-firewall integration vendor Knocknoc. Chief exec Adam Pointon joins to talk about the latest in defences… which is to say Knocknoc for Solaris/Sparc and HPUX on PA-RISC?! Okay also that other little known OS… Windows.

This episode is also available on Youtube.



Show notes



Data-only extortion grows as ransomware gangs seek better profits | Cybersecurity Dive


Arctic Wolf Threat Report 2026


Exclusive: Palo Alto chose not to tie China to hacking campaign for fear of retaliation from Beijing, sources say


Risky Bulletin: Cambodia promises to dismantle scam networks by April - Risky Business Media


Age of the ‘scam state’: how an illicit, multibillion-dollar industry has taken root in south-east Asia | Cybercrime | The Guardian


Critical flaw in BeyondTrust Remote Support sees early signs of exploitation | Cybersecurity Dive


CISA Navigates DHS Shutdown With Reduced Staff - SecurityWeek


Kimwolf Botnet Swamps Anonymity Network I2P – Krebs on Security


BADIIS to the Bone: New Insights to a Global SEO Poisoning Campaign — Elastic Security Labs


Over 500,000 VKontakte accounts hijacked through malicious Chrome extensions | The Record from Recorded Future News


Password managers' promise that they can't see your vaults isn't always true - Ars Technica


Zero Knowledge (About) Encryption: A Comparative Security Analysis of Three Cloud-based Password Managers


Google finds state-sponsored hackers use AI at 'all stages' of attack cycle | CyberScoop


Google: Gemini hit with 100,000+ prompts in cloning attempt


Proofpoint acquires Acuvity to tackle the security risks of agentic AI | CyberScoop


Cisco Redefines Security for the Agentic Era with AI Defense Expansion and AI-Aware SASE


Sophos Acquires Arco Cyber to Bring CISO-Level, Agentic AI-Powered Expertise to Every Organization


Dave Kennedy on X: "Regarding this, there was a couple questions on does the pacemaker continue to advertise - most BLE implantable devices go into a sleep type mode. In this case, we are lucky - it does not. We know based on law enforcement answers that she is using a more modern pacemaker with" / X


Clash Report on X: "BIG: Dutch Defence Minister Gijs Tuinman hints that software independence is possible for F-35 jets. He literally said you can “jailbreak” an F-35. When asked if Europe can modify it without US approval: “That’s not the point… we’ll see whether the Americans will show https://t.co/f11cGvtYsO" / X


Dutch police arrest man who refused to delete confidential files shared by mistake | The Record from Recorded Future News

On this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news, including:

Microsoft reshuffles security leadership. It doesn’t spark joy.

Russia is hacking the Winter Olympics. Again. But y tho?

China-linked groups are keeping busy, hacking telcos in Norway, Singapore and dozens of others

Campaigns underway targeting Ivanti, BeyondTrust and SolarWinds products

An unknown hero blocks 23/tcp on the US internet backbone

And James Wilson pops into talk about Claude’s go at a C compiler

This week’s episode is sponsored by Ent.AI, an AI startup that isn’t quite ready to tell us all what they’re doing. But nevertheless, founder Brandon Dixon joins to discuss AI’s role in security. Where does language-based understanding take us that previous methods couldn’t?

This episode is also available on Youtube.



Show notes



Updates in two of our core priorities - The Official Microsoft Blog


Strengthening Windows trust and security through User Transparency and Consent | Windows Experience Blog


Microsoft prepares to refresh Secure Boot’s digital certificate | Cybersecurity Dive


Microsoft Patch Tuesday matches last year’s zero-day high with six actively exploited vulnerabilities | CyberScoop


Microsoft releases urgent Office patch. Russian-state hackers pounce. - Ars Technica


Italy blames Russia-linked hackers for cyberattacks ahead of Winter Olympics | The Record from Recorded Future News


Researchers uncover vast cyberespionage operation targeting dozens of governments worldwide | The Record from Recorded Future News


Germany warns of state-linked phishing campaign targeting journalists, government officials | The Record from Recorded Future News


Norwegian intelligence discloses country hit by Salt Typhoon campaign | The Record from Recorded Future News


Singapore says China-linked hackers targeted telecom providers in major spying campaign | The Record from Recorded Future News


Largest Multi-Agency Cyber Operation Mounted to Counter Threat Posed by Advanced Persistent Threat (APT) Actor UNC3886 to Singapore’s Telecommunications Sector | Cyber Security Agency of Singapore


How Intel and Google Collaborate to Strengthen Intel® TDX


Strengthening the Foundation: A Joint Security Review of Intel TDX 1.5 - Google Bug Hunters


Active Exploitation of SolarWinds Web Help Desk (CVE-2025-26399) | Huntress


EU, Dutch government announce hacks following Ivanti zero-days | The Record from Recorded Future News


North Korean hackers targeted crypto exec with fake Zoom meeting, ClickFix scam | The Record from Recorded Future News


BeyondTrust warns of critical RCE flaw in remote support software


Rapid7 Analysis of CVE-2026-1731


Building a C compiler with a team of parallel Claudes \ Anthropic


(1) Post by @ryiron.bsky.social — Bluesky


What AI Security Research Looks Like When It Works | AISLE


South Korean crypto exchange races to recover $40bn of bitcoin sent to customers by mistake | South Korea | The Guardian


White House to meet with GOP lawmakers on FISA Section 702 renewal | The Record from Recorded Future News

Patrick Gray and Adam Boileau are joined by the newest guy on the Risky Business Media team, James WIlson. They discuss the week’s cybersecurity news, including:

Notepad++ update supply chain attack has been attributed to China

The AI agent future is even more stupid than expected; behold the OpenClaw/Clawdbot/Moltbook mess

The Epstein files claim he had a personal hacker?

Microsoft is finally getting ready to (think about starting to begin to) disable NTLM by default

The usual bugs in the usual things! Ivanti, Fortinet, and Solarwinds. Again.

Telco hides a free trip in its privacy policy, someone actually reads it and wins!

This weeks’s episode is sponsored by opensource IDP platform Authentik. CEO Fletcher Heisler talks to Pat about their new endpoint agent that can enforce device posture policies during login.

This episode is also available on Youtube.



Show notes



The Chrysalis Backdoor: A Deep Dive into Lotus Blossom’s toolkit


Notepad++ Hijacked by State-Sponsored Hackers | Notepad++


Notepad++ v8.8.3 - Self-signed Certificate: Certified by Code, Not Corporations | Notepad++


Hacking Moltbook: AI Social Network Reveals 1.5M API Keys | Wiz Blog


lcamtuf on X: "Moltbook debate in a nutshell" / X


Exposed Moltbook Database Let Anyone Take Control of Any AI Agent on the Site


AndrewMohawk on X: "How exactly did an attacker send a message to your bot since you need to approve all the channels and set keys etc" / X


Signal president warns AI agents are making encryption irrelevant


Massive AI Chat App Leaked Millions of Users Private Conversations


Runa Sandvik on X: New court record from the FBI details the state of the devices seized from Washington Post reporter Hannah Natanson


EFTA01683874.pdf


Disrupting the World's Largest Residential Proxy Network | Google Cloud Blog


Nobel Committee says Peace Prize winner likely revealed early by digital spying | Reuters


County pays $600,000 to pentesters it arrested for assessing courthouse security - Ars Technica


Advancing Windows security: Disabling NTLM by default - Windows IT Pro Blog


Critical flaws in Ivanti EPMM lead to fast-moving exploitation attempts | Cybersecurity Dive


CISA orders federal agencies to patch exploited SolarWinds bug by Friday | The Record from Recorded Future News


CISA, security researchers warn FortiCloud SSO flaw is under attack | Cybersecurity Dive


Fintech firm Marquis blames hack at firewall provider SonicWall for its data breach | TechCrunch


We Hid a Free Trip to Switzerland in Our Privacy Policy. Someone Found It in 2 Weeks. - Cape


Between Two Nerds: The internal logic of Russian power grid attacks - YouTube

In this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news. They discuss:

La France is tres sérieux about ditching US productivity software

China’s Salt Typhoon was snooping on Downing Street

Trump wields the mighty DISCOMBOBULATOR

ESET says the Polish power grid wiper was Russia’s GRU Sandworm crew

US cyber institutions CISA and NIST are struggling

Voice phishing for MFA bypass is getting even more polished

This episode is sponsored by Sublime Security. Brian Baskin is one of the team behind Sublime’s 2026 Email Threat Research report. He joins to talk through what they see of attackers’ use of AI, as well as the other trends of the year.

This episode is also available on Youtube.



Show notes



France to ditch US platforms Microsoft Teams, Zoom for ‘sovereign platform’ amid security concerns | Euronews


Suite Numérique plan - Google Search


China hacked Downing Street phones for years


Cyberattack Targeting Poland’s Energy Grid Used a Wiper


Trump says U.S. used secret 'discombobulator' on Venezuelan equipment during Maduro raid | PBS News


Risky Bulletin: Cyberattack cripples cars across Russia - Risky Business Media


Lawmakers probe CISA leader over staffing decisions | CyberScoop


Trump’s acting cyber chief uploaded sensitive files into a public version of ChatGPT - POLITICO


Acting CISA director failed a polygraph. Career staff are now under investigation. - POLITICO


NIST is rethinking its role in analyzing software vulnerabilities | Cybersecurity Dive


Federal agencies abruptly pull out of RSAC after organizer hires Easterly | Cybersecurity Dive


Real-Time phishing kits target Okta, Microsoft, Google


Phishing kits adapt to the script of callers


On the Coming Industrialisation of Exploit Generation with LLMs – Sean Heelan's Blog


GitHub - SeanHeelan/anamnesis-release: Automatic Exploit Generation with LLMs


Overrun with AI slop, cURL scraps bug bounties to ensure "intact mental health" - Ars Technica


Bypassing Windows Administrator Protection - Project Zero


Task Failed Successfully - Microsoft’s “Immediate” Retirement of MDT - SpecterOps


Kubernetes Remote Code Execution Via Nodes/Proxy GET Permission


WhatsApp's Latest Privacy Protection: Strict Account Settings - WhatsApp Blog


Microsoft gave FBI a set of BitLocker encryption keys to unlock suspects' laptops: Reports | TechCrunch


He Leaked the Secrets of a Southeast Asian Scam Compound. Then He Had to Get Out Alive | WIRED


Key findings from the 2026 Sublime Email Threat Research Report

In this week’s show, Patrick Gray and Adam Boileau discuss the week’s cybersecurity news, joined by a special guest. BBC World Cyber Correspondent Joe Tidy is a long time listener and he pops in for a ride-along in the news segment plus a chat about his new book.

This week news includes:

Did the US cyber Venezuela’s power grid, or do they just want us to think they coulda?

US govt might boycott the RSAC Conference ‘cause Jen Easterly being CEO makes them mad

MS Patch Tuesday fixes CVSS5.5 bug and … stops you shutting down

Wiz pulls off cloud stunt hack that ends with control of everyone’s AWS console

Millions of Bluetooth devices that use Google’s Fast Pairing will pair with anyone, any time

GNU inet-tools’ telnetd parties like it’s 2007, and brings -f root unauthed remote login back

Thinkst is this week’s sponsor, and long time friend of the show Haroon Meer joins. As always they’re polishing their Canary tokens - adding breadcrumbs to lead you to them - but they’re also a bunch of giant nerds who now run South Africa’s Computer Olympiad.

This episode is also available on Youtube.



Show notes



Cyberattack in Venezuela Demonstrated Precision of U.S. Capabilities - The New York Times


Why I’m withholding certainty that “precise” US cyber-op disrupted Venezuelan electricity - Ars Technica


Layered Ambiguity: US Cyber Capabilities in the Raid to Extract Maduro from Venezuela | Royal United Services Institute


Former CISA Director Jen Easterly Will Lead RSAC Conference | WIRED


Trump officials consider skipping premier cyber conference after Biden-era cyber leader named CEO - Nextgov/FCW


Federal agencies ordered to patch Microsoft Desktop Windows Manager bug | The Record from Recorded Future News


Windows 11 shutdown bug forces Microsoft into damage control • The Register


CodeBreach: Supply Chain Vuln & AWS CodeBuild Misconfig | Wiz Blog


Critical flaw in AWS Console risked compromise of build environment | Cybersecurity Dive


Never-before-seen Linux malware is “far more advanced than typical” - Ars Technica


VoidLink: Evidence That the Era of Advanced AI-Generated Malware Has Begun - Check Point Research


Hundreds of Millions of Audio Devices Need a Patch to Prevent Wireless Hacking and Tracking | WIRED


Critical flaw in Fortinet FortiSIEM targeted in exploitation threat | Cybersecurity Dive


CVE-2025-64155: 3 Years of Remotely Rooting the FortiSIEM


A single click mounted a covert, multistage attack against Copilot - Ars Technica


Police raid homes of alleged Black Basta hackers, hunt suspected Russian ringleader | The Record from Recorded Future News


Jordanian initial access broker pleads guilty to helping target 50 companies | The Record from Recorded Future News


Supreme Court hacker posted stolen government data on Instagram | TechCrunch


oss-sec: GNU InetUtils Security Advisory: remote authentication by-pass in telnetd


How crypto criminals stole $700 million from people - often using age-old tricks


Ctrl + Alt + Chaos: How Teenage Hackers Hijack the Internet