Risky Bulletin

A supply chain attack plants backdoors on Android tablets, the EU blocks AI from lawmakers’ devices, Cellebrite was used against a Kenyan politician, and a Chinese APT is exploiting a Dell zero-day.



Show notes



Risky Bulletin: Supply chain attack plants backdoor on Android tablets

In this edition of Between Two Nerds Tom Uren and The Grugq discuss whether middle powers should be investing in military cyber capabilities.

This episode is also available on Youtube



Show notes



The Record on Iranian air defences


Max Smeets No Shortcuts


RunZero sponsor interview

Cambodia promises to dismantle cyber scam compounds by April, CISA urges companies to adopt the OpenEoX standard, Linux gets post-quantum crypto support, and Palo Alto Networks avoids attributing an APT to China.



Show notes



Risky Bulletin: Cambodia promises to dismantle scam networks by April

In this sponsored interview Casey Ellis chats to Todd Beardsley, VP of Security at RunZero about Kevology, the company’s analysis of CISA’s KEV list. Kevology lets you easily identify and fix vulnerabilities from the list that are urgent and relevant to you.



Show notes



KEVology: An analysis of exploits, scores, & timelines on the CISA KEV

A Malware developer faked his own death to evade the FBI, Apple patches a zero-day used in a targeted attack, the Tianfu Cup quietly returns, and researchers spot the first malicious Outlook add-in.



Show notes



Risky Bulletin: IcedID malware developer fakes his own death to escape the FBI