Risky Bulletin Regular cybersecurity news updates from the Risky Business team... https://risky.biz/ Copyright Risky Business Media 2007-2026 en Tue, 10 Mar 2026 07:00:14 +1100 Tue, 10 Mar 2026 07:00:14 +1100 Risky Business Media Risky.biz editorial@risky.biz false Jekyll v4.2.2 Between Two Nerds: An internet blackout won't stop NSA in Iran Tue, 10 Mar 2026 06:36:38 +1100 https://risky.biz/BTN157/ https://risky.biz/BTN157/ false 1558 In this edition of Between Two Nerds Tom Uren and The Grugq talk about why an internet shutdown won’t stop US cyber operations in Iran.

This episode is also available on Youtube.

Show notes

]]> Risky Bulletin: New White House EO prioritizes fight against scams and cybercrime Mon, 09 Mar 2026 12:13:44 +1100 https://risky.biz/RBNEWS535/ https://risky.biz/RBNEWS535/ false 523 US federal agencies told to crack down on scams and cybercrime, the White House releases its new Cyber Strategy, suspected Chinese hackers breach the FBI’s wiretap network, and Romania’s largest meat exporter is insolvent after a ransomware attack.

Show notes

]]> Sponsored: What it means to be a learning organisation Mon, 09 Mar 2026 07:06:57 +1100 https://risky.biz/RBNEWSSI118/ https://risky.biz/RBNEWSSI118/ false 880 In this Risky Business sponsor interview, Marco Slaviero, CTO of Thinkst, talks to Tom Uren about how the company ensures that it is a learning organisation.

The pair discuss the company’s investment in its Thinkst Labs, how it differs from other security research labs, and how it helps grow products and people.

Show notes

]]> Risky Bulletin: Iranian hackers are scanning for security cameras to aid missile strikes Fri, 06 Mar 2026 13:32:10 +1100 https://risky.biz/RBNEWS534/ https://risky.biz/RBNEWS534/ false 407 Iran attempts to hack security cameras to support its missile strikes, Israel bombs Iran’s cyber headquarters, authorities take down LeakBase and Tycoon 2FA, and TikTok says ‘no’ to encrypted private messaging.

Show notes

]]> Srsly Risky Biz: The four hour cyber war on Iran Thu, 05 Mar 2026 13:58:16 +1100 https://risky.biz/SRB157/ https://risky.biz/SRB157/ false 1256 Tom Uren and Amberleigh Jack talk about how cyber operations were used in the first hours of the US-Israeli attack on Iran. They were instrumental in the attack on Iranian Supreme Leader Ali Khamenei, but they didn’t last long. The Iranian regime implemented an internet blackout within four hours of the first bombs.

They also discuss how threat actors are using AI. It’s not game-changing so far, but it is very much altering the balance between attack and defence.

This episode is also available on Youtube.

Show notes

]]> Risky Bulletin: Cyber Command conducted cyberattacks ahead of Iran strikes Wed, 04 Mar 2026 10:00:00 +1100 https://risky.biz/RBNEWS533/ https://risky.biz/RBNEWS533/ false 432 The US conducted cyberattacks ahead of strikes on Iran, Russia aims for internet independence by 2028, Google finds a new iOS exploit kit in the wild, and Chrome moves to a two-week release cycle.

Show notes

]]> Between Two Nerds: The evolution of cyber ops in Ukraine Tue, 03 Mar 2026 07:37:58 +1100 https://risky.biz/BTN156/ https://risky.biz/BTN156/ false 1668 In this edition of Between Two Nerds Tom Uren and The Grugq how the use of cyber operations in the war in Ukraine has evolved over time.

This episode is also available on Youtube.

Show notes

]]> Risky Bulletin: LLMs can deanonymize internet users based on their comments Mon, 02 Mar 2026 12:17:26 +1100 https://risky.biz/RBNEWS532/ https://risky.biz/RBNEWS532/ false 539 LLMs can deanonymize internet users based on their comments, CISA gets a new acting director, hackers steal 15 million records from the French Ministry of Health, and Google takes down an ad fraud botnet.

Show notes

]]> Sponsored: AI Agents need distinct identities Mon, 02 Mar 2026 06:47:24 +1100 https://risky.biz/RBNEWSSI117/ https://risky.biz/RBNEWSSI117/ false 914 In this sponsored interview Casey Ellis chats to Harish Peri, SVP and general manager for AI security at Okta, a cloud-based identity and access management company. The pair chat about the fact that AI is forcing enterprises to relearn the basics around identity security, and how Okta for AI Agents can help.

Show notes

]]> Risky Bulletin: Russian man extorts Conti ransomware group Fri, 27 Feb 2026 13:42:24 +1100 https://risky.biz/RBNEWS531/ https://risky.biz/RBNEWS531/ false 519 A Russian man prosecuted for extorting the Conti ransomware group, Google takes down a Chinese cyber-espionage operation, Anthropic tells Department of War to pound sand over AI restrictions, and a Cisco zero-day was exploited in the wild for three years.

Show notes

]]> Srsly Risky Biz: Is Claude too woke for war? Thu, 26 Feb 2026 11:59:10 +1100 https://risky.biz/SRB156/ https://risky.biz/SRB156/ false 985 Tom Uren and Amberleigh Jack talk about the argy-bargy between the Pentagon and AI company Anthropic. US Defense Secretary Pete Hegseth is demanding that all safeguards are lifted from Claude, while Anthropic CEO Dario Amodei is insisting on protections against mass surveillance of Americans and use in lethal autonomous weapons.

They also discuss the return of Volt Typhoon, the Chinese hacker group prepositioning in critical infrastructure for sabotage in the event of a conflict over Taiwan. The group is still around, even though the US government declared victory against it last July.

This episode is also available on Youtube.

Show notes

]]> Risky Bulletin: Russia starts criminal probe of Telegram founder Pavel Durov Wed, 25 Feb 2026 12:29:58 +1100 https://risky.biz/RBNEWS530/ https://risky.biz/RBNEWS530/ false 432 Russia launches a criminal probe into Telegram’s founder, two teenagers arrested for a South Korean bike share hack, Anthropic accuses Chinese AI firms of distillation attacks, and the US Treasury sanctions a Russian exploit broker.

Show notes

]]> Between Two Nerds: How NSA will use AI Tue, 24 Feb 2026 08:13:02 +1100 https://risky.biz/BTN155/ https://risky.biz/BTN155/ false 1646 In this edition of Between Two Nerds Tom Uren and The Grugq talk about how ‘professional’ Five Eyes cyber espionage agencies like NSA will use AI. These agencies place a premium on stealth and won’t yolo AI.

This episode is available on Youtube.

Show notes

]]> Risky Bulletin: AI-driven hacking campaign breaches 600+ Fortinet devices Mon, 23 Feb 2026 11:48:53 +1100 https://risky.biz/RBNEWS529/ https://risky.biz/RBNEWS529/ false 385 An AI-driven hacking campaign breached 600 Fortinet devices, Ivanti was hacked via its own product, Wikipedia bans Archive-dot-Today for DDoS attacks, and Chinese hackers breached Italy’s police force.

Show notes

]]> Sponsored: The smouldering trashfire of AI and open source Mon, 23 Feb 2026 06:42:05 +1100 https://risky.biz/RBNEWSSI116/ https://risky.biz/RBNEWSSI116/ false 1499 In this Risky Business sponsor interview, Casey Ellis and Feross Aboukhadijeh discuss how AI is affecting open source, chat about a few attacks the company has seen in the wild and introduce Socket’s answer to the smouldering trashfire: Socket Firewall.

Show notes

]]> Risky Bulletin: RPKI infrastructure sits on shaky ground Fri, 20 Feb 2026 13:00:06 +1100 https://risky.biz/RBNEWS528/ https://risky.biz/RBNEWS528/ false 516 RPKI relies on vulnerable servers, the French Ministry of Economy discloses a data breach, the UK gives tech platforms 48 hours to remove revenge porn, and ClickFix-attacks are responsible for 50% of malware infections.

Show notes

]]> Srsly Risky Biz: Cyber bullets can't replace political will Thu, 19 Feb 2026 12:55:11 +1100 https://risky.biz/SRB155/ https://risky.biz/SRB155/ false 1174 Tom Uren and Amberleigh Jack talk about a groundswell of calls from European officials to build cyber capabilities to strike back against adversaries. There are good reasons that countries should have their own cyber capabilities, but if you don’t have the political will to strike back, having a magic cyber weapon doesn’t really make a difference.

They also talk about ‘distillation attacks’. They are a way that AI developers can steal the secret sauce of advanced models just by asking questions. It looks like American companies need government assistance if the US wants to keep its AI lead.

This episode is also available on Youtube.

Show notes

]]> Risky Bulletin: Supply chain attack plants backdoor on Android tablets Wed, 18 Feb 2026 14:24:51 +1100 https://risky.biz/RBNEWS527/ https://risky.biz/RBNEWS527/ false 498 A supply chain attack plants backdoors on Android tablets, the EU blocks AI from lawmakers’ devices, Cellebrite was used against a Kenyan politician, and a Chinese APT is exploiting a Dell zero-day.

Show notes

]]> Between Two Nerds: Buying the magic weapon Tue, 17 Feb 2026 07:24:23 +1100 https://risky.biz/BTN154/ https://risky.biz/BTN154/ false 1698 In this edition of Between Two Nerds Tom Uren and The Grugq discuss whether middle powers should be investing in military cyber capabilities.

This episode is also available on Youtube

Show notes

]]> Risky Bulletin: Cambodia promises to dismantle scam compounds by April Mon, 16 Feb 2026 14:14:00 +1100 https://risky.biz/RBNEWS526/ https://risky.biz/RBNEWS526/ false 532 Cambodia promises to dismantle cyber scam compounds by April, CISA urges companies to adopt the OpenEoX standard, Linux gets post-quantum crypto support, and Palo Alto Networks avoids attributing an APT to China.

Show notes

]]> Sponsored: Filtering the KEV was really hard … Until now! Mon, 16 Feb 2026 06:42:21 +1100 https://risky.biz/RBNEWSSI115/ https://risky.biz/RBNEWSSI115/ false 1438 In this sponsored interview Casey Ellis chats to Tod Beardsley, VP of Security at RunZero about Kevology, the company’s analysis of CISA’s KEV list. Kevology lets you easily identify and fix vulnerabilities from the list that are urgent and relevant to you.

Show notes

]]> Risky Bulletin: IcedID malware developer fakes his own death to escape the FBI Fri, 13 Feb 2026 13:07:45 +1100 https://risky.biz/RBNEWS525/ https://risky.biz/RBNEWS525/ false 431 A Malware developer faked his own death to evade the FBI, Apple patches a zero-day used in a targeted attack, the Tianfu Cup quietly returns, and researchers spot the first malicious Outlook add-in.

Show notes

]]> Srsly Risky Biz: Microsoft forgoes its secure future Thu, 12 Feb 2026 11:46:20 +1100 https://risky.biz/SRB154/ https://risky.biz/SRB154/ false 1190 Tom Uren and Amberleigh Jack talk about Microsoft CEO Satya Nadella’s messaging around personnel changes at the top of its security organisation. These signal a focus on selling security products rather than on making secure products.

They also discuss Expedition Cloud, a Chinese cyber range that replicated the critical infrastructure of neighbouring countries, apparently to develop and fine-tune cyber disruption operations.

Finally, they talk about what we’ve learnt about the role of cyber operations in the US bombing of Iranian nuclear facilities. It was far bigger than we previously thought.

This episode is also available on Youtube.

Show notes

]]> Risky Bulletin: Chinese cyber-spies breached all of Singapore's telcos Wed, 11 Feb 2026 14:02:28 +1100 https://risky.biz/RBNEWS524/ https://risky.biz/RBNEWS524/ false 408 China has breached all of Singapore’s major telcos, Microsoft announces two new security features, a hacktivist leaks data from a stalkerware provider, and researchers map out “GRU information warfare units” based on their insignia.

Show notes

]]> Between Two Nerds: Why we are doomed to insecurity Tue, 10 Feb 2026 07:59:19 +1100 https://risky.biz/BTN153/ https://risky.biz/BTN153/ false 1635 In this edition of Between Two Nerds Tom Uren and The Grugq talk about why the world is destined to be perpetually insecure.

This episode is also available on Youtube.

Show notes

]]> Risky Bulletin: SmarterTools hacked via its own product Mon, 09 Feb 2026 13:45:08 +1100 https://risky.biz/RBNEWS523/ https://risky.biz/RBNEWS523/ false 368 A software company gets hacked through vulnerabilities in its own product, European agencies are hacked via recent Ivanti zero-days, Senegal is being extorted by hackers, and a state actor is behind a Signal phishing campaign in Germany.

Show notes

]]> Sponsored: Trail of Bits going all-in on AI Mon, 09 Feb 2026 05:59:39 +1100 https://risky.biz/RBNEWSSI114/ https://risky.biz/RBNEWSSI114/ false 1124 In this Risky Business sponsored interview, Tom Uren talks to Trail of Bits CEO Dan Guido about how Trail of Bits is reworking its business processes to take advantage of AI. Dan talks about what it takes to make AI agents reliable and trustworthy and how that will give the company an edge by making its work both better and faster.

Show notes

]]> Risky Bulletin: Denmark recruits hackers for offensive cyber operations Fri, 06 Feb 2026 11:13:49 +1100 https://risky.biz/RBNEWS522/ https://risky.biz/RBNEWS522/ false 379 Denmark recruits hackers for offensive cyber operations, CISA tells agencies to remove old edge devices, Coinbase has another insider breach, and Microsoft appoints a new security chief.

Show notes

]]> Srsly Risky Biz: Google's cyber disruption unit kicks its first goal Thu, 05 Feb 2026 13:41:10 +1100 https://risky.biz/SRB153/ https://risky.biz/SRB153/ false 1067 Tom Uren and Amberleigh Jack talk about Google’s cyber disruption unit taking aim at the IPIDEA residential proxy network. The network was a cybercrime enabler that was used by hundreds of threat actors for crime and espionage. More of this kind of disruption please.

They also discuss SpaceX’s rapid action to stop the Russian military using Starlink terminals to guide drones deep into Ukrainian territory.

This episode is also available on Youtube.

Show notes

]]> Risky Bulletin: Plone CMS stops supply-chain attack Wed, 04 Feb 2026 12:32:12 +1100 https://risky.biz/RBNEWS521/ https://risky.biz/RBNEWS521/ false 494 The Plone CMS stops a supply-chain attack, French cops raid the X Paris office; the number of malicious OpenClaw skills grows, and a Chinese APT hacked Notepad++ servers.

Show notes

]]> Between Two Nerds: The internal logic of Russian power grid attacks Tue, 03 Feb 2026 07:31:56 +1100 https://risky.biz/BTN152/ https://risky.biz/BTN152/ false 1962 In this edition of Between Two Nerds Tom Uren and The Grugq discuss the recent Russian attack on Polish electricity infrastructure.

This episode is also available on Youtube.

Show notes

]]> Risky Bulletin: StopICE blames hack on "a CBP agent here in SoCal" Mon, 02 Feb 2026 13:26:42 +1100 https://risky.biz/RBNEWS520/ https://risky.biz/RBNEWS520/ false 469 ICE tracking app blames a recent hack on a government agent, Microsoft will disable NTLM in the next release of Windows, Poland bans Chinese cars from military bases, and Ivanti patches two new zero-days.

Show notes

]]> Sponsored: AI is critical to the future of cyber defence Mon, 02 Feb 2026 07:03:08 +1100 https://risky.biz/RBNEWSSI113/ https://risky.biz/RBNEWSSI113/ false 1094 In this sponsored interview, Casey Ellis chats to Edward Wu, founder of Dropzone AI about a recent Vanderbilt University report that reveals that foreign adversaries’ resources are growing. Edward says AI capabilities are critical to the future of cyber defence, because the west can’t hire itself out of the shortfall.

Show notes

]]> Risky Bulletin: eScan antivirus distributes backdoor in latest supply chain attack Fri, 30 Jan 2026 09:58:47 +1100 https://risky.biz/RBNEWS519/ https://risky.biz/RBNEWS519/ false 421 Hackers breach eScan antivirus and distribute a backdoor, Google takes down the IPIDEA proxy botnet, most GDPR fines remain uncollected, and the Poland wiper attack hit 30 locations.

Show notes

]]> Srsly Risky Biz: Punish the wicked and reward the righteous Thu, 29 Jan 2026 12:53:57 +1100 https://risky.biz/SRB152/ https://risky.biz/SRB152/ false 1037 Tom Uren and Amberleigh Jack talk about the Pall Mall Process, an international effort to reign in abusive spyware. Tom thinks the US has already stumbled into a viable carrots and sticks style strategy that will shape the industry more than coming up with standards will.

The pair also discuss news that Chinese Salt Typhoon hackers compromised the calls of senior UK officials in Downing Street. The UK has extensive telecommunications security regulations and the incident makes us wonder what that legislation is actually good for.

This episode is also available on Youtube.

Show notes

]]> Risky Bulletin: Cyberattack cripples cars across Russia Wed, 28 Jan 2026 08:06:05 +1100 https://risky.biz/RBNEWS518/ https://risky.biz/RBNEWS518/ false 463 A cyberattack has crippled cars in Russia, Microsoft patches an Office zero-day, WhatsApp rolls out an account lockdown feature, and a handful of Chrome extensions steal ChatGPT auth tokens.

Show notes

]]> Between Two Nerds: Getting pinged and the fog of war Tue, 27 Jan 2026 07:26:51 +1100 https://risky.biz/BTN151/ https://risky.biz/BTN151/ false 1802 In this edition of Between Two Nerds Tom Uren and The Grugq discuss how getting pinged hurts state hackers by introducing uncertainty. Publishing technical reports on the hack can actually improve the situation by removing uncertainty about how attackers were detected.

This episode is also available on Youtube.

Show notes

]]> Sponsored: Push Security on ConsentFix attacks Tue, 27 Jan 2026 06:20:19 +1100 https://risky.biz/RBNEWSSI112/ https://risky.biz/RBNEWSSI112/ false 786 In this Risky Business News sponsor interview, Catalin Cimpanu talks with Luke Jennings, VP of Research & Development at Push Security, about ConsentFix. It’s a new form of email-based social engineering attack used in the wild, an evolution of the ClickFix attack that goes after your identity.

Show notes

]]> Risky Bulletin: Russia deployed wipers on Poland's energy grid Mon, 26 Jan 2026 10:04:28 +1100 https://risky.biz/RBNEWS517/ https://risky.biz/RBNEWS517/ false 394 Russia deployed wipers against Poland’s energy grid, Microsoft shared BitLocker keys with the FBI, Romania dismantles a murder-for-hire portal, and the EU creates a new anti-spyware group.

Show notes

]]> Risky Bulletin: Improperly patched bug exploited again in Fortinet firewalls Fri, 23 Jan 2026 09:26:03 +1100 https://risky.biz/RBNEWS516/ https://risky.biz/RBNEWS516/ false 399 A poorly patched bug is being exploited in Fortinet firewalls, hackers go after security testing environments, Jordanian police used Cellebrite against activists, and new Cisco and SmarterMail zero-days.

Show notes

]]> Srsly Risky Biz: You can't block space internet Thu, 22 Jan 2026 12:25:07 +1100 https://risky.biz/SRB151/ https://risky.biz/SRB151/ false 1187 Tom Uren and Amberleigh Jack talk about the rise of technologies that can undermine internet blackouts such as Starlink and its relatively new direct-to-cell service. Authoritarian internet shutdowns and disasters happen often enough that governments should think about how to take advantage of these new technologies rather than just reacting when crises arise.

They also discuss the nomination of General Joshua Rudd as head of NSA and US Cyber Command.

This episode is also available on Youtube.

Show notes

]]> Risky Bulletin: Domain resurrection attacks come to Canonical's Snap Store Wed, 21 Jan 2026 12:41:55 +1100 https://risky.biz/RBNEWS515/ https://risky.biz/RBNEWS515/ false 374 Canonical’s Snap Store hit by domain resurrection attacks, Russia will use AI to detect VPN users, Iranian hackers switch to Starlink during internet outage, and Greece arrests SMS blasters… by dumb luck.

Show notes

]]> Between Two Nerds: Why the West sucks at Information Warfare Tue, 20 Jan 2026 06:52:53 +1100 https://risky.biz/BTN150/ https://risky.biz/BTN150/ false 1956 In this edition of Between Two Nerds Tom Uren and The Grugq talk about what information warfare even is, revisit a 30-year-old paper and examine why Western governments struggle with the concept.

This episode is also available on Youtube.

Show notes

]]> Risky Bulletin: Germany seeks more hacking and surveillance powers for its intel service Mon, 19 Jan 2026 09:41:53 +1100 https://risky.biz/RBNEWS514/ https://risky.biz/RBNEWS514/ false 438 Germany seeks more hacking and surveillance powers for its intelligence service, Finland intends to criminalize the spreading of false information, patriotic “French” social media goes quiet during Iran’s internet outage, and hackers are extorting GrubHub.

Show notes

]]> Sponsored: Seeing into the seams Mon, 19 Jan 2026 06:10:26 +1100 https://risky.biz/RBNEWSSI111/ https://risky.biz/RBNEWSSI111/ false 865 In this Risky Business sponsored interview, Tom Uren talks to Justin Kohler, Chief Product Officer at SpecterOps, about how attack paths exist in the seams between different identity or permissions management domains.

In isolation, for example, both your Github and your AWS deployment could follow best practices. But bring them together and you’ve got problems. Bloodhound’s OpenGraph lets you find and fix these otherwise invisible attack paths.

Show notes

]]> Risky Bulletin: China bans Israeli and US cybersecurity products Fri, 16 Jan 2026 10:00:57 +1100 https://risky.biz/RBNEWS513/ https://risky.biz/RBNEWS513/ false 432 China bans Israeli and US cybersecurity products, Sean Plankey is re-nominated for CISA Director, RAM price hikes are likely to impact the cost of firewalls, and Lumen sinkholes the Kimwolf DDoS botnet.

Show notes

]]> Srsly Risky Biz: China Fights Scam Compounds … For China Thu, 15 Jan 2026 12:02:36 +1100 https://risky.biz/SRB150/ https://risky.biz/SRB150/ false 1159 Tom Uren and Amberleigh Jack talk about the Chinese government’s reactive approach to tackling scam compounds. It’s driven by bad news on domestic media and therefore focusses on the compounds that are targeting Chinese citizens. Rather than eliminating the industry, that may instead be shaping the industry to focus on other countries and particularly Americans.

They also discuss the role of disruptive cyber operations in the US’s raid to capture Venezuelan President Nicolás Maduro.

This episode is also available on Youtube.

Show notes

]]> Risky Bulletin: Russia fines 33 telcos for surveillance non-compliance Wed, 14 Jan 2026 14:22:51 +1100 https://risky.biz/RBNEWS512/ https://risky.biz/RBNEWS512/ false 377 Russia fines 33 telcos for surveillance non-compliance, AVCheck admin is arrested in Amsterdam, Poland repels an attack on its power grid, and voice cloning defenses can be bypassed.

Show notes

]]> Between Two Nerds: Lights out! Tue, 13 Jan 2026 07:32:35 +1100 https://risky.biz/BTN149/ https://risky.biz/BTN149/ false 1678 In this edition of Between Two Nerds Tom Uren and The Grugq about the role of cyber operations in the US capture of Venezuela’s president Nicolas Maduro.

This episode is also available on Youtube.

Show notes

]]> Risky Bulletin: Apex Legends streamers hacked again Mon, 12 Jan 2026 09:32:41 +1100 https://risky.biz/RBNEWS511/ https://risky.biz/RBNEWS511/ false 365 The Apex Legends game is hacked again, data about 17 million Instagram users put up for sale, Indonesia blocks X over pornographic content, and a ransomware attack hits major Chilean energy provider

Show notes

]]> Sponsored: What AI workloads mean for Cloud security Mon, 12 Jan 2026 06:13:21 +1100 https://risky.biz/RBNEWSSI110/ https://risky.biz/RBNEWSSI110/ false 917 In this Risky Business News sponsored interview the CEO and founder of Prowler, Toni de la Fuente, explains how implementing AI systems brings new security challenges that differ for traditional cloud workloads. Toni also talks about ‘attack paths’ in the context of cloud infrastructure and using them to minimise risk.

Show notes

]]> Risky Bulletin: Belarus deploys spyware on journalists' phones Fri, 19 Dec 2025 13:02:37 +1100 https://risky.biz/RBNEWS510/ https://risky.biz/RBNEWS510/ false 418 Belarus deployed spyware on journalists’ phones, a man is arrested for installing malware on a ferry, France arrests the hacker behind an Interior Ministry email server breach, and new Cisco and SonicWall zero-days.

Show notes

]]> Srsly Risky Biz: Like Huawei, but for electricity Thu, 18 Dec 2025 10:56:12 +1100 https://risky.biz/SRB149/ https://risky.biz/SRB149/ false 1157 Tom Uren and Patrick Gray talk about America’s increasing dependence on Chinese manufacturers for electrical sector equipment. This doesn’t seem like a good idea when China is hacking electric utilities for sabotage and PLA researchers are dreaming up ways to attack the grid.

They also discuss the possibility that the US was responsible for a cyber attack on Venezuela’s state oil company and how Russian state-backed hacktivism is so dumb.

This episode is also available on Youtube.

Show notes

]]> Risky Bulletin: Most smart devices run outdated web browsers Wed, 17 Dec 2025 11:39:05 +1100 https://risky.biz/RBNEWS509/ https://risky.biz/RBNEWS509/ false 459 Most smart devices run outdated web browsers, Ukrainian hacktivists breach a major Russian defense contractor, ransomware hits Venezuela’s state-owned oil company, and hackers are trying to extort PornHub with stolen user data.

Show notes

]]> Between Three Nerds: The evolution of Iranian cyber espionage Tue, 16 Dec 2025 07:37:39 +1100 https://risky.biz/BTN148/ https://risky.biz/BTN148/ false 2996 In this edition of Between Two Nerds Tom Uren and The Grugq talk to Hamid Kashfi, CEO and founder of DarkCell, talk about the Iranian cyber espionage scene.

Kashfi talks about how the regime once forced people to hack and crushed the domestic security research scene. He describes how and why the government has changed its approach and is now reaping the rewards of improved Iranian capabilities.

This episode is available on Youtube.

Show notes

]]> Risky Bulletin: African freelancers behind anti-US and anti-French disinfo campaigns Mon, 15 Dec 2025 12:56:14 +1100 https://risky.biz/RBNEWS508/ https://risky.biz/RBNEWS508/ false 471 Russia is hiring African freelancers for disinformation campaigns, the US is preparing to let contractors run offensive cyber operations, Germany blames Russia for the hack of its air traffic control agency, and Apple patches two WebKit zero-days.

Show notes

]]> Sponsored: ConsentFix and Push Security's browser attack taxonomy Mon, 15 Dec 2025 07:17:51 +1100 https://risky.biz/RBNEWSSI109/ https://risky.biz/RBNEWSSI109/ false 1176 In this sponsored interview Casey Ellis is joined by Push Security’s Field CTO, Mark Orlando. They chat about the ways that browser-based attacks are evolving and how Push Security is finding and cataloging them.

Show notes

]]> Risky Bulletin: EU has a problem attracting and retaining cyber talent Fri, 12 Dec 2025 13:59:37 +1100 https://risky.biz/RBNEWS507/ https://risky.biz/RBNEWS507/ false 562 The EU has a problem attracting and retaining cyber talent, the CEO of Coupang resigns following the company’s security breach, Microsoft expands its bug bounty program to cover third party code, and Chrome and Gogs patch zero-days.

Show notes

]]> Risky Bulletin: Linux adds PCIe encryption to help secure cloud servers Wed, 10 Dec 2025 11:12:01 +1100 https://risky.biz/RBNEWS506/ https://risky.biz/RBNEWS506/ false 277 Linux adds PCIe encryption to help secure cloud servers, Europol cracks down on Violence-as-a-Service providers, the International Criminal Court prepares for cyber-enabled genocide, and Cambodia busts a warehouse full of SMS blasters.

Show notes

]]> Risky Bulletin: APTs go after the React2Shell vulnerability within hours Mon, 08 Dec 2025 10:32:22 +1100 https://risky.biz/RBNEWS505/ https://risky.biz/RBNEWS505/ false 498 APTs go after the React2Shell vulnerability just hours after public disclosure. CISA remains without a director after the nomination stalls again, NSA is down 2,000 staff this year, and Intellexa is still active despite sanctions.

Show notes

]]> Srsly Risky Biz: When cyber campaigns cross a line Thu, 04 Dec 2025 11:02:51 +1100 https://risky.biz/SRB148/ https://risky.biz/SRB148/ false 978 Tom Uren and Patrick Gray discuss a new report proposing a framework for deciding when cyber operations raise red flags. It suggests seven red flags and could help clarify thinking about how to respond to different operations.

They also discuss Anthropic testifying to Congress and Iran using cyber intelligence to target missile strikes including by sharing it with Houthi rebels who fired at a specific ship.

And finally, we are not reassured by China’s white paper about being a good cyber citizen.

This episode is also available of Youtube.

Show notes

]]> Between Two Nerds: Beating back state espionage Tue, 02 Dec 2025 06:56:47 +1100 https://risky.biz/BTN147/ https://risky.biz/BTN147/ false 1671 In this edition of Between Two Nerds Tom Uren and The Grugq wonder whether it is possible to deter states from cyber espionage with doxxing and other disruption measures.

This episode is also available on Youtube.

Show notes

]]> Sponsored: Why Mastercard got into threat intel Mon, 01 Dec 2025 09:21:12 +1100 https://risky.biz/RBNEWSSI108/ https://risky.biz/RBNEWSSI108/ false 845 In this Risky Business News sponsor interview, Mike Lashlee, CSO of Mastercard talks to Tom Uren about why the company got into threat intelligence.

Mike talks about bringing together payments insights with threat intel to get strong signals about fraud or crime, the benefits of international collaboration and when it makes sense for your CSO to also be the CISO.

Show notes

]]> Srsly Risky Biz: DeepSeek and Musk's Grok both toe the party line Thu, 27 Nov 2025 13:07:43 +1100 https://risky.biz/SRB147/ https://risky.biz/SRB147/ false 1285 Tom Uren and Amberleigh Jack talk about new research that shows the Chinese-made DeepSeek-R1 AI model produces insecure code when prompts include topics that the Chinese Communist Party dislikes. It’s interesting research, but the CCP doesn’t have a monopoly on imposing AI bias.

They also discuss the complete doxxing of the Iranian cyber espionage group known as APT35 or Charming Kitten.

This episode is also available on Youtube.

Show notes

]]> Between Two Nerds: Telcos bad, Cloud good. Tue, 25 Nov 2025 07:36:52 +1100 https://risky.biz/BTN146/ https://risky.biz/BTN146/ false 2126 In this edition of Between Two Nerds Tom Uren and The Grugq talk about the differences between telcos and cloud companies. Does the nature of the business force cloud companies to be better at security?

This episode is also available on Youtube.

Show notes

]]> Srsly Risky Biz: AI-Powered espionage will favor China Thu, 20 Nov 2025 12:46:35 +1100 https://risky.biz/SRB146/ https://risky.biz/SRB146/ false 1288 Tom Uren and Amberleigh Jack talk about Anthropic’s discovery of an “AI-orchestrated” cyber espionage campaign. To Tom, it feels a research project, but it’s pretty clear it will be really useful for threat actors that aren’t focussed on specific high-priority targets. Think ransomware, Chinese intellectual property theft and North Korean hackers. But it won’t be so good for Western intelligence agencies.

They also discuss Google’s legal disruption of the China-based Lighthouse phishing as a service operation. Surprisingly, it seems to be working!

Finally, they talk about why the memory safe Rust language has been a triple win for Android.

This episode is also available on Youtube.

Show notes

]]> Between Two Nerds: Russia's cyber war on wheat Tue, 18 Nov 2025 07:18:45 +1100 https://risky.biz/BTN145/ https://risky.biz/BTN145/ false 1852 In this edition of Between Two Nerds Tom Uren and The Grugq talk about the strategic “logic” of Russian wiper attacks on the Ukrainian grain sector.

This episode is also available on Youtube.

Show notes

]]> Risky Bulletin: Europol takes down Elysium, VenomRAT, and Rhadamanthys Fri, 14 Nov 2025 13:45:06 +1100 https://risky.biz/RBNEWS504/ https://risky.biz/RBNEWS504/ false 468 Europol takes down servers behind three malware operations, the US sanctions another Burmese military group linked to scam compounds, Google backs down from mandatory Android developer registration, and Checkout-dot-com donates its ransom to cybercrime researchers instead of paying hackers.

Show notes

]]> Srsly Risky Biz: Meta's fraud profit scandal Thu, 13 Nov 2025 12:35:03 +1100 https://risky.biz/SRB145/ https://risky.biz/SRB145/ false 1103 Tom Uren and Amberleigh Jack talk about a new Reuters’ report that reveals how Meta is knowingly raking in cash from scam advertisements. It’s around $16 billion worth, and in documents Meta calculates that it outweighs the costs of possible regulatory action.

They also discuss recent state-backed supply chain attacks that have, so far, remained targeted and responsible. Finally they look at the UK’s decision to stop sharing intelligence with the US about suspected drug boats in the Caribbean.

This episode is also available on Youtube.

Show notes

]]> Risky Bulletin: Another Chinese security firm has its data leaked Wed, 12 Nov 2025 10:13:15 +1100 https://risky.biz/RBNEWS503/ https://risky.biz/RBNEWS503/ false 334 Internal data leaks from another Chinese security firm, a US Congressional Budget Office breach has not been contained, the Cyber infosharing act likely to be extended until January, and we have a new OWASP Top 10.

Show notes

]]> Between Two Nerds: Why AI in malware is lame Tue, 11 Nov 2025 07:44:05 +1100 https://risky.biz/BTN144/ https://risky.biz/BTN144/ false 1794 In this edition of Between Two Nerds Tom Uren and The Grugq discuss how cyber criminals and even state actors are being dumb about using AI.

This episode is also available on Youtube.

Show notes

]]> Risky Bulletin: Myanmar scam compound goes boom! Mon, 10 Nov 2025 13:43:05 +1100 https://risky.biz/RBNEWS502/ https://risky.biz/RBNEWS502/ false 474 Myanmar starts demolishing the KK Park scam compound, the US Congressional Budget Office gets hacked by a foreign APT, Chrome will remove risky X-S-L-T support, and scammers in Singapore will get the cane.

Show notes

]]> Sponsored: Prowler uses AI how AI works best Mon, 10 Nov 2025 07:12:00 +1100 https://risky.biz/RBNEWSSI107/ https://risky.biz/RBNEWSSI107/ false 1157 In this sponsored interview Casey Ellis chats to Toni de la Fuente, founder and CEO of Prowler, an open source platform for cloud security. They chat about how and why Prowler selectively applies AI to ensure it adds value rather than just because they can.

Show notes

]]> Risky Bulletin: Europol arrests massive credit card fraud ring Fri, 07 Nov 2025 12:39:29 +1100 https://risky.biz/RBNEWS501/ https://risky.biz/RBNEWS501/ false 444 Payment service provider executives arrested over a credit card fraud ring, Meta makes a fortune showing scam ads, South Korean telco KT tried to hide a second breach and five more scammers are sentenced to death in China.

Show notes

]]> Srsly Risky Biz: The cyber regime change pipe dream Thu, 06 Nov 2025 12:46:13 +1100 https://risky.biz/SRB144/ https://risky.biz/SRB144/ false 1324 Tom Uren and Amberleigh Jack talk about aggressive US cyber operations targeting the Venezuelan government in President Trump’s first term. These were narrowly successful in that they achieved their immediate operational goals, but they didn’t achieve Trump’s broader policy goal of ousting Venezuelan leader Nicolás Maduro.

They also talk about why the adtech ecosystem is a national security problem all round the world and how cybercriminals are collaborating with organised crime to steal cargo from logistics companies.

This episode is also available on Youtube.

Show notes

]]> Risky Bulletin: US indicts two rogue cybersecurity employees for ransomware attacks Wed, 05 Nov 2025 13:51:58 +1100 https://risky.biz/RBNEWS500/ https://risky.biz/RBNEWS500/ false 442 The US indicts two cybersecurity employees over ransomware attacks, hackers extort customers of South Korean massage parlors, another crypto firm gets hacked for $128 million dollars, and cargo thieves collab with hackers to target freight companies.

Show notes

]]> Between Two Nerds: Lost in transmission Tue, 04 Nov 2025 07:06:37 +1100 https://risky.biz/BTN143/ https://risky.biz/BTN143/ false 1715 In this edition of Between Two Nerds Tom Uren and The Grugq discuss the futility of using aggressive cyber operations to send messages between states.

This episode is also available on Youtube.

Show notes

]]> Risky Bulletin: Norway skittish of its Chinese electric buses Mon, 03 Nov 2025 12:24:10 +1100 https://risky.biz/RBNEWS499/ https://risky.biz/RBNEWS499/ false 397 Norway finds remote control features in its Chinese electric buses, the US CyberCorps program may saddle students with debt, Edge and Chrome get AI-based scareware blockers, and a Conti member has been extradited to the US.

Show notes

]]> Sponsored: Sublime can save a s**t tonne of time Mon, 03 Nov 2025 06:46:47 +1100 https://risky.biz/RBNEWSSI106/ https://risky.biz/RBNEWSSI106/ false 1037 In this sponsored interview, Casey Ellis chats to Sublime Security CEO and founder, Josh Kamdjou about how Sublime is seeing a massive surge in ICS or calendar invite phishing and how the email security platform can help.

Show notes

]]> Risky Bulletin: Russia arrests Meduza Stealer group Fri, 31 Oct 2025 10:22:34 +1100 https://risky.biz/RBNEWS498/ https://risky.biz/RBNEWS498/ false 464 Russian police arrest the Meduza-Stealer trio, a Former L-3Harris manager pleads guilty to selling exploits to Russia, the US hacked Venezuela in 2020, and Windows 11 Administrator Protection goes live.

Show notes

]]> Srsly Risky Biz: Peter Williams, Ex-ASD, Pleads Guilty to Selling Eight Exploits to Russia Thu, 30 Oct 2025 13:26:51 +1100 https://risky.biz/SRB143/ https://risky.biz/SRB143/ false 1143 Tom Uren and Amberleigh Jack talk about Peter Williams, the general manager of vulnerability research firm Trenchant, who has pleaded guilty to selling exploits to the Russian 0day broker Operation Zero. It’s a terrible look, but it doesn’t mean the private sector can’t be trusted to develop exploits.

They also discuss a new report’s recommendations to empower the Office of the National Cyber Director. It’s a good idea, but it won’t make up for the cuts in funding and personnel across the Trump administration’s cyber portfolio.

This episode is also available on Youtube.

Show notes

]]> Risky Bulletin: HackingTeam is back! Wed, 29 Oct 2025 10:01:52 +1100 https://risky.biz/RBNEWS497/ https://risky.biz/RBNEWS497/ false 404 HackingTeam’s successor is targeting Russia and Belarus, X users must re-enroll their security keys, Chrome will put HTTP behind a warning dialogue, and 15 people are expected to plead guilty in an Italian hacking scandal.

Show notes

]]> Between Two Nerds: NSA gets its mojo back! Tue, 28 Oct 2025 05:57:46 +1100 https://risky.biz/BTN142/ https://risky.biz/BTN142/ false 1624 In this edition of Between Two Nerds Tom Uren and The Grugq dissect a recent Chinese CERT report that the NSA had hacked China’s national time keeping service.

This episode is also available on Youtube.

Show notes

]]> Risky Bulletin: WSUS bug under attack Mon, 27 Oct 2025 12:24:36 +1100 https://risky.biz/RBNEWS496/ https://risky.biz/RBNEWS496/ false 450 A bug in Microsoft WSUS is under attack, Thailand revokes the citizenship of scam-linked businessman, the US charges high tech poker cheat, and Iran’s top hacking school is breached.

Show notes

]]> Sponsored: Why you're probably doing Zero Trust wrong Mon, 27 Oct 2025 06:29:07 +1100 https://risky.biz/RBNEWSSI105/ https://risky.biz/RBNEWSSI105/ false 694 In this sponsored podcast Patrick Gray chats with Knocknoc CEO Adam Pointon about why true Zero Trust architectures never really got there. Spinning up ZTNA access to core applications and slapping SSO prompts on everything else is great, but if we’re honest, it’s not really Zero Trust. So, how and why did we get here?

Show notes

]]> Risky Bulletin: iOS 26 change deletes clues of old spyware infections Fri, 24 Oct 2025 11:45:55 +1100 https://risky.biz/RBNEWS495/ https://risky.biz/RBNEWS495/ false 500 A change in iOS is deleting-clues of old spyware infections, Starlink disables 2,500 terminals at scam compounds, a Caribbean hospital is still down 5 months after a ransomware attack, and officials are charged in Poland’s Pegasus spyware scandal.

Show notes

]]> Srsly Risky Biz: Hacking for Godot Thu, 23 Oct 2025 13:09:55 +1100 https://risky.biz/SRB142/ https://risky.biz/SRB142/ false 1055 Tom Uren and Amberleigh Jack talk about how America can better use its private sector to scale up offensive cyber activities, including espionage and disruption operations. Involving it to tackle ransomware and cryptocurrency scammers makes a lot of sense.

They also talk about how the ransomware ecosystem is splintering, and one operator’s relatively quick journey from being an affiliate to a platform operator.

This episode is also available on Youtube.

Show notes

]]> Risky Bulletin: Clever worm hits the VS Code scene Wed, 22 Oct 2025 09:35:15 +1100 https://risky.biz/RBNEWS494/ https://risky.biz/RBNEWS494/ false 452 A worm hits VS Code users, F5 was breached via its own devices back in 2023, Korea Telecom’s CEO says he’ll resign following a recent security breach, and the Boy Scouts will award cybersecurity merit badges.

Show notes

]]> Between Three Nerds: India, the sleeping cyber superpower Tue, 21 Oct 2025 08:33:01 +1100 https://risky.biz/BTN141/ https://risky.biz/BTN141/ false 2129 In this edition of Between Two Nerds Tom Uren and The Grugq talk to Joe Devanny, senior lecturer from King’s College London, all about India’s missing cyber power. It has all the ingredients to become a cyber superpower, but so far, hasn’t shown the motivation.

This episode is also available on Youtube.

Show notes

]]> Risky Bulletin: Prisoner hacks his prison IT system, goes wild! Mon, 20 Oct 2025 13:33:44 +1100 https://risky.biz/RBNEWS493/ https://risky.biz/RBNEWS493/ false 387 A Romanian inmate hacks his prison’s IT system, hackers leak the data of DHS and DOJ employees, classified material was stolen from John Bolton’s AOL account and authorities seize a SIM farm in Latvia.

Show notes

]]> Sponsored: How AI turbocharges SOC analysts Mon, 20 Oct 2025 06:30:51 +1100 https://risky.biz/RBNEWSSI104/ https://risky.biz/RBNEWSSI104/ false 675 In this sponsor interview, Edward Wu, CEO and founder of Dropzone AI talks to Tom Uren about a study that measured how AI practically helps SOC analysts triage real-world problems. Analysts were faster, more accurate and got less tired with AI assistance. Edward thinks the technology won’t replace human analysts, but will speed their skill development.

Show notes

]]> Risky Bulletin: F5 says an APT stole source code, vulnerability reports Fri, 17 Oct 2025 10:23:43 +1100 https://risky.biz/RBNEWS492/ https://risky.biz/RBNEWS492/ false 447 An APT stole source code and vulnerability reports from F5, a European MP files a criminal hacking complaint against Hungary’s Prime Minister, airport PA systems are hijacked in Canada and the US, and the PowerSchool hacker gets prison time.

Show notes

]]> Srsly Risky Biz: Small beer surveillance firms escape crackdown, for now Thu, 16 Oct 2025 13:31:40 +1100 https://risky.biz/SRB141/ https://risky.biz/SRB141/ false 1235 Tom Uren and Amberleigh Jack talk about First Wap, a Jakarta-based company that is selling surveillance-as-a-service. The good news is that it appears that government and media attention has had an impact on high-profile spyware vendors like NSO Group. The bad news is that these smaller players are flying under the radar and aren’t afraid of selling to sketchy customers.

They also talk about how the Chinese government has harnessed the power of its exploit development community with hacking contests.

This episode is also available on Youtube.

Show notes

]]> Risky Bulletin: Windows 10 reaches End-of-Life Wed, 15 Oct 2025 14:45:35 +1100 https://risky.biz/RBNEWS491/ https://risky.biz/RBNEWS491/ false 519 Windows 10 reaches End-of-Life, CISA cyber personnel avoided last week’s layoffs, the US seizes $15 billion dollars from a cyber-scam-compound operator, and a Secure Boot bypass impacts 200,000 Framework computers.

Show notes

]]> Between Two Nerds: The Keyser Soze of Scattered Spider Tue, 14 Oct 2025 07:45:44 +1100 https://risky.biz/BTN140/ https://risky.biz/BTN140/ false 1354 In this edition of Between Two Nerds Tom Uren and The Grugq talk about how different cybercriminal groups are after insiders to provide network access.

This episode is available on Youtube.

Show notes

]]> Risky Bulletin: Microsoft revamps Edge's "IE Mode" after zero-day attacks Mon, 13 Oct 2025 13:18:07 +1100 https://risky.biz/RBNEWS490/ https://risky.biz/RBNEWS490/ false 444 Microsoft revamps Edge-IE-Mode after zero-day attacks, the FBI seizes the extortion site targeting Salesforce, a new round of layoffs hits CISA, and Apple doubles its bug bounty rewards.

Show notes

]]> Sponsored: Fighting fire with fire Mon, 13 Oct 2025 06:50:58 +1100 https://risky.biz/RBNEWSSI103/ https://risky.biz/RBNEWSSI103/ false 877 In this Risky Business sponsored interview, Tom Uren talks to Damien Lewke, CEO and founder of Nebulock about countering adversary use of AI… with AI. They talk about how threat actors are rapidly adopting AI and what defenders should be doing in response.

Show notes

]]> Risky Bulletin: EU scraps Chat Control vote Fri, 10 Oct 2025 13:56:31 +1100 https://risky.biz/RBNEWS489/ https://risky.biz/RBNEWS489/ false 396 The EU scraps its upcoming vote on Chat Control, Ukraine establishes a Cyber Force, CISA workers are reassigned to immigration enforcement, and two teens are arrested over the UK nursery hacks.

Show notes

]]> Srsly Risky Biz: Clop is a big fish, but not worth hunting Thu, 09 Oct 2025 12:27:04 +1100 https://risky.biz/SRB140/ https://risky.biz/SRB140/ false 1007 Tom Uren and Amberleigh Jack talk about the Clop ransomware gang. It is interesting because the group has arrived at a strategy that rinses a whole lot of enterprises at once and comes with a decent pay day, But it’s actually the least damaging kind of ransomware. Tom wonders why can’t more gangs be like Clop?

They also discuss the US government having second thoughts about ignoring foreign influence operations. Its adversaries run them all the time, so perhaps just sticking its head in the sand isn’t the best strategy.

This episode is also available on Youtube.

Show notes

]]> Risky Bulletin: Redis vulnerability impacts all versions released in the last 13 years Wed, 08 Oct 2025 10:42:55 +1100 https://risky.biz/RBNEWS488/ https://risky.biz/RBNEWS488/ false 376 Redis patches a remote code execution vulnerability, Oracle out-of-band-fixes a zero-day used in a recent extortion campaign, Medusa ransomware group was behind a recent Fortra zero-day, and India fixes a tax filing system flaw;

Show notes

]]>