Risky Business

On this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news, including:

Microsoft reshuffles security leadership. It doesn’t spark joy.

Russia is hacking the Winter Olympics. Again. But y tho?

China-linked groups are keeping busy, hacking telcos in Norway, Singapore and dozens of others

Campaigns underway targeting Ivanti, BeyondTrust and SolarWinds products

An unknown hero blocks 23/tcp on the US internet backbone

And James Wilson pops into talk about Claude’s go at a C compiler

This week’s episode is sponsored by Ent.AI, an AI startup that isn’t quite ready to tell us all what they’re doing. But nevertheless, founder Brandon Dixon joins to discuss AI’s role in security. Where does language-based understanding take us that previous methods couldn’t?

This episode is also available on Youtube.



Show notes



Updates in two of our core priorities - The Official Microsoft Blog


Strengthening Windows trust and security through User Transparency and Consent | Windows Experience Blog


Microsoft prepares to refresh Secure Boot’s digital certificate | Cybersecurity Dive


Microsoft Patch Tuesday matches last year’s zero-day high with six actively exploited vulnerabilities | CyberScoop


Microsoft releases urgent Office patch. Russian-state hackers pounce. - Ars Technica


Italy blames Russia-linked hackers for cyberattacks ahead of Winter Olympics | The Record from Recorded Future News


Researchers uncover vast cyberespionage operation targeting dozens of governments worldwide | The Record from Recorded Future News


Germany warns of state-linked phishing campaign targeting journalists, government officials | The Record from Recorded Future News


Norwegian intelligence discloses country hit by Salt Typhoon campaign | The Record from Recorded Future News


Singapore says China-linked hackers targeted telecom providers in major spying campaign | The Record from Recorded Future News


Largest Multi-Agency Cyber Operation Mounted to Counter Threat Posed by Advanced Persistent Threat (APT) Actor UNC3886 to Singapore’s Telecommunications Sector | Cyber Security Agency of Singapore


How Intel and Google Collaborate to Strengthen Intel® TDX


Strengthening the Foundation: A Joint Security Review of Intel TDX 1.5 - Google Bug Hunters


Active Exploitation of SolarWinds Web Help Desk (CVE-2025-26399) | Huntress


EU, Dutch government announce hacks following Ivanti zero-days | The Record from Recorded Future News


North Korean hackers targeted crypto exec with fake Zoom meeting, ClickFix scam | The Record from Recorded Future News


BeyondTrust warns of critical RCE flaw in remote support software


Rapid7 Analysis of CVE-2026-1731


Building a C compiler with a team of parallel Claudes \ Anthropic


(1) Post by @ryiron.bsky.social — Bluesky


What AI Security Research Looks Like When It Works | AISLE


South Korean crypto exchange races to recover $40bn of bitcoin sent to customers by mistake | South Korea | The Guardian


White House to meet with GOP lawmakers on FISA Section 702 renewal | The Record from Recorded Future News

Patrick Gray and Adam Boileau are joined by the newest guy on the Risky Business Media team, James WIlson. They discuss the week’s cybersecurity news, including:

Notepad++ update supply chain attack has been attributed to China

The AI agent future is even more stupid than expected; behold the OpenClaw/Clawdbot/Moltbook mess

The Epstein files claim he had a personal hacker?

Microsoft is finally getting ready to (think about starting to begin to) disable NTLM by default

The usual bugs in the usual things! Ivanti, Fortinet, and Solarwinds. Again.

Telco hides a free trip in its privacy policy, someone actually reads it and wins!

This weeks’s episode is sponsored by opensource IDP platform Authentik. CEO Fletcher Heisler talks to Pat about their new endpoint agent that can enforce device posture policies during login.

This episode is also available on Youtube.



Show notes



The Chrysalis Backdoor: A Deep Dive into Lotus Blossom’s toolkit


Notepad++ Hijacked by State-Sponsored Hackers | Notepad++


Notepad++ v8.8.3 - Self-signed Certificate: Certified by Code, Not Corporations | Notepad++


Hacking Moltbook: AI Social Network Reveals 1.5M API Keys | Wiz Blog


lcamtuf on X: "Moltbook debate in a nutshell" / X


Exposed Moltbook Database Let Anyone Take Control of Any AI Agent on the Site


AndrewMohawk on X: "How exactly did an attacker send a message to your bot since you need to approve all the channels and set keys etc" / X


Signal president warns AI agents are making encryption irrelevant


Massive AI Chat App Leaked Millions of Users Private Conversations


Runa Sandvik on X: New court record from the FBI details the state of the devices seized from Washington Post reporter Hannah Natanson


EFTA01683874.pdf


Disrupting the World's Largest Residential Proxy Network | Google Cloud Blog


Nobel Committee says Peace Prize winner likely revealed early by digital spying | Reuters


County pays $600,000 to pentesters it arrested for assessing courthouse security - Ars Technica


Advancing Windows security: Disabling NTLM by default - Windows IT Pro Blog


Critical flaws in Ivanti EPMM lead to fast-moving exploitation attempts | Cybersecurity Dive


CISA orders federal agencies to patch exploited SolarWinds bug by Friday | The Record from Recorded Future News


CISA, security researchers warn FortiCloud SSO flaw is under attack | Cybersecurity Dive


Fintech firm Marquis blames hack at firewall provider SonicWall for its data breach | TechCrunch


We Hid a Free Trip to Switzerland in Our Privacy Policy. Someone Found It in 2 Weeks. - Cape


Between Two Nerds: The internal logic of Russian power grid attacks - YouTube

In this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news. They discuss:

La France is tres sérieux about ditching US productivity software

China’s Salt Typhoon was snooping on Downing Street

Trump wields the mighty DISCOMBOBULATOR

ESET says the Polish power grid wiper was Russia’s GRU Sandworm crew

US cyber institutions CISA and NIST are struggling

Voice phishing for MFA bypass is getting even more polished

This episode is sponsored by Sublime Security. Brian Baskin is one of the team behind Sublime’s 2026 Email Threat Research report. He joins to talk through what they see of attackers’ use of AI, as well as the other trends of the year.

This episode is also available on Youtube.



Show notes



France to ditch US platforms Microsoft Teams, Zoom for ‘sovereign platform’ amid security concerns | Euronews


Suite Numérique plan - Google Search


China hacked Downing Street phones for years


Cyberattack Targeting Poland’s Energy Grid Used a Wiper


Trump says U.S. used secret 'discombobulator' on Venezuelan equipment during Maduro raid | PBS News


Risky Bulletin: Cyberattack cripples cars across Russia - Risky Business Media


Lawmakers probe CISA leader over staffing decisions | CyberScoop


Trump’s acting cyber chief uploaded sensitive files into a public version of ChatGPT - POLITICO


Acting CISA director failed a polygraph. Career staff are now under investigation. - POLITICO


NIST is rethinking its role in analyzing software vulnerabilities | Cybersecurity Dive


Federal agencies abruptly pull out of RSAC after organizer hires Easterly | Cybersecurity Dive


Real-Time phishing kits target Okta, Microsoft, Google


Phishing kits adapt to the script of callers


On the Coming Industrialisation of Exploit Generation with LLMs – Sean Heelan's Blog


GitHub - SeanHeelan/anamnesis-release: Automatic Exploit Generation with LLMs


Overrun with AI slop, cURL scraps bug bounties to ensure "intact mental health" - Ars Technica


Bypassing Windows Administrator Protection - Project Zero


Task Failed Successfully - Microsoft’s “Immediate” Retirement of MDT - SpecterOps


Kubernetes Remote Code Execution Via Nodes/Proxy GET Permission


WhatsApp's Latest Privacy Protection: Strict Account Settings - WhatsApp Blog


Microsoft gave FBI a set of BitLocker encryption keys to unlock suspects' laptops: Reports | TechCrunch


He Leaked the Secrets of a Southeast Asian Scam Compound. Then He Had to Get Out Alive | WIRED


Key findings from the 2026 Sublime Email Threat Research Report

In this week’s show, Patrick Gray and Adam Boileau discuss the week’s cybersecurity news, joined by a special guest. BBC World Cyber Correspondent Joe Tidy is a long time listener and he pops in for a ride-along in the news segment plus a chat about his new book.

This week news includes:

Did the US cyber Venezuela’s power grid, or do they just want us to think they coulda?

US govt might boycott the RSAC Conference ‘cause Jen Easterly being CEO makes them mad

MS Patch Tuesday fixes CVSS5.5 bug and … stops you shutting down

Wiz pulls off cloud stunt hack that ends with control of everyone’s AWS console

Millions of Bluetooth devices that use Google’s Fast Pairing will pair with anyone, any time

GNU inet-tools’ telnetd parties like it’s 2007, and brings -f root unauthed remote login back

Thinkst is this week’s sponsor, and long time friend of the show Haroon Meer joins. As always they’re polishing their Canary tokens - adding breadcrumbs to lead you to them - but they’re also a bunch of giant nerds who now run South Africa’s Computer Olympiad.

This episode is also available on Youtube.



Show notes



Cyberattack in Venezuela Demonstrated Precision of U.S. Capabilities - The New York Times


Why I’m withholding certainty that “precise” US cyber-op disrupted Venezuelan electricity - Ars Technica


Layered Ambiguity: US Cyber Capabilities in the Raid to Extract Maduro from Venezuela | Royal United Services Institute


Former CISA Director Jen Easterly Will Lead RSAC Conference | WIRED


Trump officials consider skipping premier cyber conference after Biden-era cyber leader named CEO - Nextgov/FCW


Federal agencies ordered to patch Microsoft Desktop Windows Manager bug | The Record from Recorded Future News


Windows 11 shutdown bug forces Microsoft into damage control • The Register


CodeBreach: Supply Chain Vuln & AWS CodeBuild Misconfig | Wiz Blog


Critical flaw in AWS Console risked compromise of build environment | Cybersecurity Dive


Never-before-seen Linux malware is “far more advanced than typical” - Ars Technica


VoidLink: Evidence That the Era of Advanced AI-Generated Malware Has Begun - Check Point Research


Hundreds of Millions of Audio Devices Need a Patch to Prevent Wireless Hacking and Tracking | WIRED


Critical flaw in Fortinet FortiSIEM targeted in exploitation threat | Cybersecurity Dive


CVE-2025-64155: 3 Years of Remotely Rooting the FortiSIEM


A single click mounted a covert, multistage attack against Copilot - Ars Technica


Police raid homes of alleged Black Basta hackers, hunt suspected Russian ringleader | The Record from Recorded Future News


Jordanian initial access broker pleads guilty to helping target 50 companies | The Record from Recorded Future News


Supreme Court hacker posted stolen government data on Instagram | TechCrunch


oss-sec: GNU InetUtils Security Advisory: remote authentication by-pass in telnetd


How crypto criminals stole $700 million from people - often using age-old tricks


Ctrl + Alt + Chaos: How Teenage Hackers Hijack the Internet

Risky Business returns for 2026! Patrick Gray and Adam Boileau talk through the week’s cybersecurity news, including:

Santa brings hackers MongoDB memory leaks for Christmas

Vercel pays out a million bucks to improve its React2Shell WAF defences

39C3 delivers; the pink Power Ranger deletes nazis, while a catgirl ruins GnuPG

Cambodian scam compound kingpin gets extradited to China, and we don’t think it’ll go well for him

Krebs picks apart the Kimwolf botnet and residential proxy networks

So many healthcare data leaks that we have a roundup section

This week’s episode is sponsored by Airlock Digital. The founders of the application allow-listing vendor, David Cottingham and Daniel Schell, discuss Microsoft’s ClickOnce .NET app packaging, and how attackers have been abusing it to load code. Airlock hates it when you load code!

This episode is also available on Youtube.



Show notes



US, Australia say ‘MongoBleed’ bug being exploited | The Record from Recorded Future News


Merry Christmas Day! Have a MongoDB security incident. | by Kevin Beaumont | Dec, 2025 | DoublePulsar


Inside Vercel’s sleep-deprived race to contain React2Shell | CyberScoop


gpg.fail


Hacktivist deletes white supremacist websites live onstage during hacker conference | TechCrunch


Chinese attackers exploiting zero-day to target Cisco email security products | The Record from Recorded Future News


Ni8mare  -  Unauthenticated Remote Code Execution in n8n (CVE-2026-21858) | Cyera Research Labs


ServiceNow patches critical AI platform flaw that could allow user impersonation | CyberScoop


Alleged cyber scam kingpin arrested, extradited to China | The Record from Recorded Future News


FCC IoT labeling program loses lead company after China probe | Cybersecurity Dive


Trump picks Lt. Gen. Joshua Rudd to lead NSA spy agency - The Washington Post


NSA cyber directorate gets new acting leadership | The Record from Recorded Future News


Dutch court sentences hacker who used port systems to smuggle cocaine to 7 years | The Record from Recorded Future News


ECLI:NL:GHAMS:2026:22, Amsterdam Court of Appeal, 23-003218-22


The Kimwolf Botnet is Stalking Your Local Network – Krebs on Security


Who Benefited from the Aisuru and Kimwolf Botnets? – Krebs on Security


Coupang recovers smashed laptop that alleged data leaker threw into river | The Record from Recorded Future News


Ransomware responders plead guilty to using ALPHV in attacks on US organizations | The Record from Recorded Future News


Nearly 480,000 impacted by Covenant Health data breach | The Record from Recorded Future News


Illinois health department exposed over 700,000 residents' personal data for years | TechCrunch


Tech provider for NHS England confirms data breach | TechCrunch


Hacker claiming to be behind ManageMyHealth breach: ‘I do it for the money and I’m in negotiations to get it’ - NZ Herald