Risky Business

On this week’s show, Patrick Gray, Adam Boileau and James WIlson discuss the week’s cybersecurity news. They cover:

The US-Israeli attack on Iran had a whole lot of cyber. It’s clearly in the playbook now!

The NSA Triangulation / L3 Harris Trenchant iOS exploit kit is on the loose, and being used by Chinese crypto scammers

So long Maddhu Gottumukkala, but CISA’s annus horribilis continues

Adam “humbug” Boileau complains about the Airsnitch wifi attack just being three ethernets in a trenchcoat

ASD’s Cisco SD-WAN threat hunting guide is clearly borne of … experience

This week’s episode is sponsored by AI threat hunting platform Nebulock. Sydney Marrone joins to talk about how useful AI models are on the hunt, and her work building out an open source framework and maturity model. It’s methodology agnostic, so you can adapt it for your environment, and the github link is in the show notes!

This episode is also available on Youtube.



Show notes



Inside the plan to kill Ali Khamenei


Hacked traffic cams and hijacked TVs: How cyber operations supported the war against Iran | TechCrunch


Matthew Prince 🌥 on X: "Counter to what some cyber vendors are saying, there’s been a dramatic drop in Iranian cyber operations. Likely as the operators are sheltering. They may pick back up, but right now there’s a noticeable lull." / X


Cyber Command disrupted Iranian comms, sensors, top general says | The Record from Recorded Future News


Iranian Hackers Use Elon Musk’s Starlink To Stay Online


Exclusive | U.S. Smuggled Thousands of Starlink Terminals Into Iran After Protest Crackdown - WSJ


Attacks on GPS Spike Amid US and Israeli War on Iran | WIRED


Amazon Data Centers on Fire After Iranian Missile Strikes on Dubai


A Possible US Government iPhone-Hacking Toolkit Is Now in the Hands of Foreign Spies and Criminals | WIRED


Canceled contracts, a failed polygraph and personal disputes: Inside the turbulent tenure of Noem’s former cyber czar - POLITICO


CISA CIO Robert Costello exits agency | CyberScoop


OpenAI alters deal with Pentagon as critics sound alarm over surveillance


Inside Anthropic’s Killer-Robot Dispute With the Pentagon - The Atlantic


Read the full transcript of our interview with Anthropic CEO Dario Amodei - CBS News


CBP Tapped Into the Online Advertising Ecosystem To Track Peoples’ Movements


Large-Scale Online Deanonymization with LLMs


Hackers Weaponize Claude Code in Mexican Government Cyberattack - SecurityWeek


New AirSnitch attack bypasses Wi-Fi encryption in homes, offices, and enterprises - Ars Technica


CISA orders agencies to patch Cisco devices now under attack | Cybersecurity Dive


CISCO SD-WAN THREAT HUNT GUIDE


ClawJacked attack let malicious websites hijack OpenClaw to steal data


Area Man Accidentally Hacks 6,700 Camera-Enabled Robot Vacuums | WIRED


Intellexa founder, three others sentenced to 8 years in prison over Greek spyware scandal | The Record from Recorded Future News


Moscow man accused of posing as FSB officer to extort Conti ransomware gang | The Record from Recorded Future News


Farewell, Felix · The Recurity Lablog


Atmos Sphere 2026 | Atmos


The Agentic Threat Hunting Framework | Nebulock blog


GitHub - Nebulock-Inc/agentic-threat-hunting-framework: ATHF is a framework for agentic threat hunting - building systems that can remember, learn, and act with increasing autonomy. · GitHub

On this week’s show, Patrick Gray, Adam Boileau and James WIlson discuss the week’s cybersecurity news. They cover:

Low skill actors compromise 600 Fortinets with AI-generated playbooks

Anthropic calls out Chinese AI firms over model distillation

Meta’s director of AI safety tells her ClawdBot not to delete her mail… so of course it does

Peter Williams cops 7 years in jail for selling L3 Harris Trenchant’s exploits to Russia

Ivanti got hacked in 2021 via… bugs in Ivanti

This episode is sponsored by line-rate network capture system Corelight. CEO Brian Dye joins to discuss what AI can do for defenders, and what it can’t.

This episode is also available on Youtube.



Show notes



AI-augmented threat actor accesses FortiGate devices at scale


"this reads to me like: they ran existing tools.... but with a cool dashboard :D"


Anthropic accuses Chinese labs of trying to illicitly take Claude’s capabilities | CyberScoop


Detecting and preventing distillation attacks


Hegseth warns Anthropic to let the military use the company’s AI tech as it sees fit, AP sources say


Anthropic Rolls Out Embedded Security Scanning for Claude


AWS's AI Coding Bot Kiro Caused a 13-Hour Outage


Running OpenClaw safely: identity, isolation, and runtime risk


Former Adobe, Cisco and Salesforce CISO talks AI pentesting


History Repeats: Security in the AI Agent Era


Meta Director of AI Safety Allows AI Agent to Accidentally Delete Her Inbox


Microsoft says Office bug exposed customers' confidential emails to Copilot AI | TechCrunch


The (tangential) fix: Microsoft adds Copilot data controls to all storage locations


Ex-L3Harris executive sentenced to 87 months in prison for selling zero-day exploits to Russian broker


Treasury Sanctions Exploit Broker Network for Theft and Sale of U.S. Government Cyber Tools


Risky Bulletin: Russia starts criminal probe of Telegram founder Pavel Durov


Ukraine pushes tighter Telegram regulation, citing Russian recruitment of locals


The watchers: how openai, the US government, and persona built an identity surveillance machine that files reports on you to the feds


Persona emails customers saying they don’t work with ICE or DHS amid ‘surveillance’ claims


Inside the Fix: Analysis of In-the-Wild Exploit of CVE-2026-21513


Ivanti hacked in 2021 via its own product


Fed agencies ordered to patch Dell bug by Saturday after exploitation warning | The Record from Recorded Future News


From BRICKSTORM to GRIMBOLT: UNC6201 Exploiting a Dell RecoverPoint for Virtual Machines Zero-Day

There’s a lethal trifecta of AI risks: access to private data, exposure to untrusted content, and external communication. In this conversation, Risky Business host Patrick Gray chats with Josh Devon, the co-founder of Sondera, about how to best address these risks.

There is no magic solution to this problem. AI models mix code and data, are non-deterministic, and are crawling around all over your enterprise data and APIs as you read this.

But in this sponsored interview, Josh outlines how we can start to wrap our hands around the problem.

This episode is also available on Youtube.



Show notes

On this week’s show, Patrick Gray, Adam Boileau and James WIlson discuss the week’s cybersecurity news. They cover:

Palo Alto threat researchers want to attribute to China, but management says shush

An increasing proportion of ransomware is data extortion. Is this good?

Cambodia says it’s going to dismantle scam compounds

CISA sufferers through yet another shutdown

Google Gemini’s training secrets are being systematically harvested to improve other LLMs

Academics assess SaaS password managers’ resilience against a malicious server

This episode is sponsored by SSO-firewall integration vendor Knocknoc. Chief exec Adam Pointon joins to talk about the latest in defences… which is to say Knocknoc for Solaris/Sparc and HPUX on PA-RISC?! Okay also that other little known OS… Windows.

This episode is also available on Youtube.



Show notes



Data-only extortion grows as ransomware gangs seek better profits | Cybersecurity Dive


Arctic Wolf Threat Report 2026


Exclusive: Palo Alto chose not to tie China to hacking campaign for fear of retaliation from Beijing, sources say


Risky Bulletin: Cambodia promises to dismantle scam networks by April - Risky Business Media


Age of the ‘scam state’: how an illicit, multibillion-dollar industry has taken root in south-east Asia | Cybercrime | The Guardian


Critical flaw in BeyondTrust Remote Support sees early signs of exploitation | Cybersecurity Dive


CISA Navigates DHS Shutdown With Reduced Staff - SecurityWeek


Kimwolf Botnet Swamps Anonymity Network I2P – Krebs on Security


BADIIS to the Bone: New Insights to a Global SEO Poisoning Campaign — Elastic Security Labs


Over 500,000 VKontakte accounts hijacked through malicious Chrome extensions | The Record from Recorded Future News


Password managers' promise that they can't see your vaults isn't always true - Ars Technica


Zero Knowledge (About) Encryption: A Comparative Security Analysis of Three Cloud-based Password Managers


Google finds state-sponsored hackers use AI at 'all stages' of attack cycle | CyberScoop


Google: Gemini hit with 100,000+ prompts in cloning attempt


Proofpoint acquires Acuvity to tackle the security risks of agentic AI | CyberScoop


Cisco Redefines Security for the Agentic Era with AI Defense Expansion and AI-Aware SASE


Sophos Acquires Arco Cyber to Bring CISO-Level, Agentic AI-Powered Expertise to Every Organization


Dave Kennedy on X: "Regarding this, there was a couple questions on does the pacemaker continue to advertise - most BLE implantable devices go into a sleep type mode. In this case, we are lucky - it does not. We know based on law enforcement answers that she is using a more modern pacemaker with" / X


Clash Report on X: "BIG: Dutch Defence Minister Gijs Tuinman hints that software independence is possible for F-35 jets. He literally said you can “jailbreak” an F-35. When asked if Europe can modify it without US approval: “That’s not the point… we’ll see whether the Americans will show https://t.co/f11cGvtYsO" / X


Dutch police arrest man who refused to delete confidential files shared by mistake | The Record from Recorded Future News

On this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news, including:

Microsoft reshuffles security leadership. It doesn’t spark joy.

Russia is hacking the Winter Olympics. Again. But y tho?

China-linked groups are keeping busy, hacking telcos in Norway, Singapore and dozens of others

Campaigns underway targeting Ivanti, BeyondTrust and SolarWinds products

An unknown hero blocks 23/tcp on the US internet backbone

And James Wilson pops into talk about Claude’s go at a C compiler

This week’s episode is sponsored by Ent.AI, an AI startup that isn’t quite ready to tell us all what they’re doing. But nevertheless, founder Brandon Dixon joins to discuss AI’s role in security. Where does language-based understanding take us that previous methods couldn’t?

This episode is also available on Youtube.



Show notes



Updates in two of our core priorities - The Official Microsoft Blog


Strengthening Windows trust and security through User Transparency and Consent | Windows Experience Blog


Microsoft prepares to refresh Secure Boot’s digital certificate | Cybersecurity Dive


Microsoft Patch Tuesday matches last year’s zero-day high with six actively exploited vulnerabilities | CyberScoop


Microsoft releases urgent Office patch. Russian-state hackers pounce. - Ars Technica


Italy blames Russia-linked hackers for cyberattacks ahead of Winter Olympics | The Record from Recorded Future News


Researchers uncover vast cyberespionage operation targeting dozens of governments worldwide | The Record from Recorded Future News


Germany warns of state-linked phishing campaign targeting journalists, government officials | The Record from Recorded Future News


Norwegian intelligence discloses country hit by Salt Typhoon campaign | The Record from Recorded Future News


Singapore says China-linked hackers targeted telecom providers in major spying campaign | The Record from Recorded Future News


Largest Multi-Agency Cyber Operation Mounted to Counter Threat Posed by Advanced Persistent Threat (APT) Actor UNC3886 to Singapore’s Telecommunications Sector | Cyber Security Agency of Singapore


How Intel and Google Collaborate to Strengthen Intel® TDX


Strengthening the Foundation: A Joint Security Review of Intel TDX 1.5 - Google Bug Hunters


Active Exploitation of SolarWinds Web Help Desk (CVE-2025-26399) | Huntress


EU, Dutch government announce hacks following Ivanti zero-days | The Record from Recorded Future News


North Korean hackers targeted crypto exec with fake Zoom meeting, ClickFix scam | The Record from Recorded Future News


BeyondTrust warns of critical RCE flaw in remote support software


Rapid7 Analysis of CVE-2026-1731


Building a C compiler with a team of parallel Claudes \ Anthropic


(1) Post by @ryiron.bsky.social — Bluesky


What AI Security Research Looks Like When It Works | AISLE


South Korean crypto exchange races to recover $40bn of bitcoin sent to customers by mistake | South Korea | The Guardian


White House to meet with GOP lawmakers on FISA Section 702 renewal | The Record from Recorded Future News