Risky Business Podcast
November 26, 2025
Risky Business #816 -- Copilot Actions for Windows is extremely dicey
Presented by
Technology Editor
CEO and Publisher
In this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news, including:
- Salesforce partner Gainsight has customer data stolen
- Crowdstrike fires insider who gave hackers screenshots of internal systems
- Australian Parliament turns off wifi and bluetooth in fear of of visiting Chinese bigwigs
- Shai-Hulud npm/Github worm is back, and rm -rf’ier than ever
- SEC gives up on Solarwinds lawsuit
- Dog eats cryptographer’s key material
This week’s episode is sponsored by runZero. HD Moore pops in to talk about how they’re integrating runZero with Bloodhound-style graph databases. He also discusses uses for driving runZero’s tools with an AI, plus the complexities of shipping AI when the company has a variety of deployment models.
This episode is also available on Youtube.
Brought to you by runZero
Total Attack Surface & Exposure Management
Show notes
Google says hackers stole data from 200 companies following Gainsight breach
CrowdStrike fires 'suspicious insider' who passed information to hackers
Salesforce cuts off access to third-party app after discovering ‘unusual activity’
Атаки разящей панды: APT31 сегодня
Australian federal MPs warned to turn off phones when Chinese delegation visits Parliament House
Sha1-Hulud: The Second Coming of the NPM Worm is Digging For Secrets
FCC eliminates cybersecurity requirements for telecom companies
Trade Associations Cybersecurity Practices Ex Parte
SEC voluntarily dismisses SolarWinds lawsuit
Record-breaking DDoS attack against Microsoft Azure mitigated
The Cloudflare Outage May Be a Security Roadmap – Krebs on Security
Critics scoff after Microsoft warns AI feature can infect machines and pilfer data
vx-underground on X: "I've had a surprising amount of people ask me about Copilot"
Researchers warn command injection flaw in Fortinet FortiWeb is under exploitation
Two suspected Scattered Spider hackers plead not guilty over Transport for London cyberattack
Russia arrests young cybersecurity entrepreneur on treason charges
This campaign aims to tackle persistent security myths in favor of better advice
Oops. Cryptographers cancel election results after losing decryption key.