Risky Business Podcast

May 07, 2025

Risky Business #790 -- Bye bye Signal-gate, hello TeleMessage-gate

Presented by

Adam Boileau
Adam Boileau

Technology Editor

Patrick Gray
Patrick Gray

CEO and Publisher

On this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news:

  • White House’s off-brand Israeli Signal fork logs cleartext messages with hard coded creds while getting hacked (twice). Just … Wow.
  • Ransomware attacks on UK retailers are linked, and Marks & Spencer has it extra bad
  • After six years dormant, a Magento eCommerce platform backdoor comes to life
  • The North Korean IT worker scam is truly webscale
  • NSO group owes Meta $168m for hacking WhatsApp

This week’s episode is sponsored by vulnerability management wranglers, Nucleus Security. Aaron Unterberger joins to talk through the complexities of tracking vulnerabilities in cloud components - left to the source, right to the deployments, and …sideways into the sidecars?

This week’s show also features an excerpt from Pat’s interview with Senator Mark Warner - Scoot back one in your podcast feed to check out the full chat, or find it on Youtube.

This episode is available on Youtube too.

Risky Business #790 -- Bye bye Signal-gate, hello TeleMessage-gate
0:00 / 56:12

Show notes

Mike Waltz Accidentally Reveals Obscure App the Government Is Using to Archive Signal Messages

Despite misleading marketing, Israeli company TeleMessage, used by Trump officials, can access plaintext chat logs

The Signal Clone the Trump Admin Uses Was Hacked

App used by Mike Waltz suspends services after hacking claims

Senator Demands Investigation into Trump Admin Signal Clone After 404 Media Investigation

MG on X: "Looks like TeleMessage was probably procured and rolled out under Biden. There are public records for it. https://t.co/XCuZpi8PL3" / X

Harrods becomes latest retailer to announce attempted cyberattack | The Record from Recorded Future News

Co-op DragonForce cyber attack includes customer data, firm admits

Co-op cyber attack: Staff told to keep cameras on in meetings

Hundreds of e-commerce sites hacked in supply-chain attack - Ars Technica

Microsoft’s new “passwordless by default” is great but comes at a cost - Ars Technica

Windows RDP lets you log in using revoked passwords. Microsoft is OK with that. - Ars Technica

North Korean operatives have infiltrated hundreds of Fortune 500 companies | CyberScoop

US wants to cut off key player in Southeast Asian cybercrime industry | The Record from Recorded Future News

Myanmar militia leader sanctioned by US over cyber scam connections | The Record from Recorded Future News

Trump proposes major cut to CISA’s budget, citing false ‘censorship’ claims | Cybersecurity Dive

NSA to cut up to 2,000 civilian roles as part of intel community downsizing | The Record from Recorded Future News

NSO Group owes $168M in damages to WhatsApp over spyware infections, jury says | CyberScoop