Risky Business Podcast
June 04, 2025
Risky Business #794 -- Psychic Panda outgunned by Fluffy Lizard and UNC56728242
Presented by

Technology Editor

CEO and Publisher
On this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news:
- Cyber firms agree to deconflict and cross-reference hacker group names
- Russian nuclear facility blueprints gathered from public procurement websites
- Someone audio deepfaked the White House Chief of Staff, but for the dumbest reasons
- Germany identifies the Trickbot kingpin
- Google spots China’s MSS using Calendar events for malware C2
- Meta apps abuse localhost listeners to track web sessions.
This week’s episode is sponsored by automation vendor Tines. Its Field CISO, Matt Muller, joins the show to discuss an open letter penned by JP Morgan Chase’s CISO that pleads with Software as a Service suppliers to try to suck less at security.
This episode is also available on Youtube.

Brought to you by tines
The smart, secure workflow builder
Show notes
Ukraine's Massive Drone Attack Was Powered by Open Source Software
Massive security breach: Russian nuclear facilities exposed online
How a Spyware App Compromised Assad’s Army - New Lines Magazine
U.S. Sanctions Cloud Provider ‘Funnull’ as Top Source of ‘Pig Butchering’ Scams – Krebs on Security
Top counter antivirus service disrupted in global takedown | CyberScoop
Cops in Germany Claim They’ve ID’d the Mysterious Trickbot Ransomware Kingpin | WIRED
Google: China-backed hackers hiding malware in calendar events | Cybersecurity Dive
Coinbase breach linked to customer data leak in India, sources say | Reuters
Meta and Yandex are de-anonymizing Android users’ web browsing identifiers - Ars Technica