Newsletters

Written content from the Risky Business Media team

Risky Bulletin: Dutch police take down giant botnet of 17 million devices

Presented by

Catalin Cimpanu
Catalin Cimpanu

News Editor

Dutch authorities have conducted one of the largest-ever malware disruptions and took down a botnet that infected more than 17 million devices across the world.

The botnet was made up of computers, tablets, and smartphones that had been used to send out spam emails, phishing lures, and carry out DDoS attacks.

Dutch Police and the country's national cybersecurity agency seized more than 200 servers at a local provider, servers that had been used to grow and control the botnet.

Risky Bulletin: BadHost vulnerability bypasses authentication on AI infrastructure

Presented by

Catalin Cimpanu
Catalin Cimpanu

News Editor

A major bug has been disclosed in a little known middleware component used in many AI server infrastructure products.

Codenamed BadHost (and tracked as CVE-2026-48710), the vulnerability impacts Starlette, a lightweight Python framework for building asynchronous web services.

In the simplest way to explain it, the bug can allow attackers to trick servers into thinking they want to access a public URL and there's no need to authenticate. In reality, the attackers get connected to private endpoints from where they can download or harvest sensitive data or tell the server to perform malicious actions.

Risky Bulletin: Mythos found thousands of critical bugs

Presented by

Catalin Cimpanu
Catalin Cimpanu

News Editor

Six weeks after it launched Project Glasswing and its Mythos cybersecurity model, Anthropic says researchers and partners have found more than 23,000 vulnerabilities across more than 1,000 open-source projects.

Analysis is still ongoing, but the company claims that more than a quarter (6,202) of the found bugs (23,019) received or are suspected of having a high or critical severity rating, confirming they are real issues and not just random vulnerability scanning chaff.

More than 1,500 of these critical bugs have been confirmed to be legitimate issues and almost 100 have already received patches. Anthropic expects the 1,500 confirmed figure to go as high as 3,900.

Risky Bulletin: Microsoft ends SMS MFA for personal accounts

Presented by

Catalin Cimpanu
Catalin Cimpanu

News Editor

Microsoft is phasing out SMS as a multi-factor authentication and account recovery option for personal Microsoft accounts.

All users will be prompted to add a passkey the next time they log into their accounts.

The company said SMS was a leading source of fraud and the most targeted vector for account takeover.

Srsly Risky Biz: Politicians to Ditch Signal for Homegrown Apps

Presented by

Tom Uren
Tom Uren

Policy & Intelligence

European governments are trying to move their politicians away from encrypted messaging apps like Signal and WhatsApp and towards sovereign encrypted messaging solutions. This won't be as safe and secure as they think it will, but at least they'll have sovereign control. 

Back in 2020, the European Commission (EC) told its staff that Signal had been "selected as the recommended application for public instant messaging". The idea at the time was it would be used for communications between staff and people outside the Commission. There were already encrypted ways to send sensitive information internally, like encrypted internal email, but they were relatively inconvenient and clunky.

Signal is easy, and adopting it for that relatively narrow use case was a good thing. From a security point of view it was a massive step up from alternatives such as SMS or email, which are more vulnerable to interception and keep plaintext copies lying around on servers. 

Risky Bulletin: Microsoft takes down MSaaS used by ransomware gangs

Presented by

Catalin Cimpanu
Catalin Cimpanu

News Editor

Microsoft has sued and seized domains and server infrastructure belonging to SignSpaceCloud (signspace[.]cloud), a Russian cybercrime service that sold code signing certificates to malware and ransomware gangs.

The service, which Microsoft is tracking as Fox Tempest, has been running since May of last year and is what cybersecurity experts call a malware-signing-as-a-service (MSaaS).

The group used hundreds of fake accounts on the Microsoft Artifact Signing service to obtain code signing certificates that it later resold on its website for thousands of US dollars.

Risky Bulletin: Indonesia emerges as a new hub for cyber scams

Presented by

Catalin Cimpanu
Catalin Cimpanu

News Editor

Indonesia is emerging as a new hub for cyber scam operations and illegal online gambling in Southeast Asia after massive crackdowns in neighboring countries have sent criminal groups fleeing across borders and seeking to relocate facilities.

Local authorities have detained more than 550 suspects following three raids this month alone.

More than 200 suspects were detained after a raid on an apartment complex in the city of Batam on May 6. Another 321 were arrested in a commercial building near Jakarta's Chinatown neighborhood on May 10. Another 30 were then detained at guest houses on the island of Bali a few days after.

Risky Bulletin: Shai-Hulud goes open-source

Presented by

Catalin Cimpanu
Catalin Cimpanu

News Editor

Individuals claiming to be associated with the TeamPCP hacking group have released the source code of the Shai-Hulud worm that has devastated open-source libraries across the npm and PyPI ecosystems.

The code was released this week on the Breached[.]st hacking forum.

It  was released two days after it was used in a supply chain attack that compromised the TanStack React framework and then spread to almost 400 packages, including libraries at AI company Mistral and business automation giant UiPath.

Srsly Risky Biz: The AI Regulation Knife Fight

Presented by

Tom Uren
Tom Uren

Policy & Intelligence

The Trump administration is grappling with whether to give US intelligence agencies a bigger role in the assessment of new AI models, according to The Washington Post.

Ideas about AI regulation within the administration appear to be in a state of flux. Politico reported on Tuesday last week the administration was considering a government vetting process before new models were released. By Thursday, the administration was distancing itself from tighter regulation, and by Friday a lobbyist told Politico that "there is no clarity" because "different factions within the White House have different views about what should happen". 

Amongst that chaos, the National Cyber Director pitched a center within the Office of the Director of National Intelligence for the evaluation of new AI models. The intelligence community has deep expertise in cyber security and AI and their associated national security risks and benefits, so that does make a lot of sense.

Risky Bulletin: RubyGems disables sign-ups after attack on staff

Presented by

Catalin Cimpanu
Catalin Cimpanu

News Editor

The RubyGems package repository has disabled new user sign-ups after a malicious attack on Monday targeted its engineers and staff.

Hundreds of malicious packages were published on Monday and then again on Tuesday.

The packages contained malicious code aimed at RubyGems developers. The code tried to execute cross-site scripting attacks and steal data from their systems.