Podcasts

News, analysis and commentary

Risky Business #834 -- Vercel gets owned, Mozilla dumps hundreds of Mythos bugs

Presented by

James Wilson
James Wilson

Enterprise Technology Editor

Patrick Gray
Patrick Gray

CEO and Publisher

The Grugq
The Grugq

Independent Security Researcher

On this week’s show, Patrick Gray and James Wilson are joined by special guest The Grugq. They discuss the week’s cybersecurity news, including:

  • Vercel got owned, and there’s a few infostealer and compromised employee dots to connect
  • Mozilla used Mythos to find 271 bugs, which feels like a sign of the bug-pocalypse
  • Speaking of the bug-pocalypse, is that why NIST is noping out of enriching a bunch of bugs?
  • The NSA is using Mythos even though the government did that whole Anthropic blacklisting thing
  • And DDos attacks hit a couple of smaller-player socials

This week’s episode is sponsored by Permiso. Ian Ahl chats to Pat about the subtle signals Permiso uses to detect ShinyHunters-style activity in cloud and on-prem environments.

This episode is also available on Youtube.

Risky Business #834 -- Vercel gets owned, Mozilla dumps hundreds of Mythos bugs
0:00 / 60:33

Risky Bulletin: Former FBI official calls for terrorism designations for ransomware groups that target hospitals

Presented by

Catalin Cimpanu
Catalin Cimpanu

News Editor

Claire Aird
Claire Aird

Newsreader

A Former FBI official wants terrorism designations for some ransomware groups, China threatens the EU over new cybersecurity regulations, Europe commits to €180 million for a sovereign cloud and a novel data wiper was found in Venezuela during US military operations.

Risky Bulletin: Former FBI official calls for terrorism designations for ransomware groups that target hospitals
0:00 / 9:31

Between Two Nerds: AI as the mythical 10x hacker

Presented by

The Grugq
The Grugq

Independent Security Researcher

Tom Uren
Tom Uren

Policy & Intelligence

In this edition of Between Two Nerds Tom Uren and The Grugq take a deep dive into how a single hacker used OpenAI and Anthropic’s tools to help hack nine Mexican government organisations in quick time.

This episode is also available on YouTube.

Between Two Nerds: AI as the mythical 10x hacker
0:00 / 33:09

Risky Bulletin: ShinyHunters claim credit for Vercel hack

Presented by

Catalin Cimpanu
Catalin Cimpanu

News Editor

Claire Aird
Claire Aird

Newsreader

ShinyHunters claim credit for the Vercel hack, a malware strain attempted to sabotage Israel’s water system, the US government wants access to Mythos, and a Supreme Court hacker gets probation.

Risky Bulletin: ShinyHunters claim credit for Vercel hack
0:00 / 10:19

A builder's perspective on Mythos and frontier models

Presented by

James Wilson
James Wilson

Enterprise Technology Editor

In this episode, James Wilson is joined by entrepreneur and investor Yaniv Bernstein to discuss Anthropic’s Mythos through the lens of startups and growing businesses. Yaniv is Google’s former VP of Engineering, and is former VP Eng and COO at Airtasker. He’s now an investor and advisor to startups and he co-hosts The Startup Podcast.

A builder's perspective on Mythos and frontier models
0:00 / 32:39

Sponsored: Nebulock on hunting shadow AI

Presented by

Catalin Cimpanu
Catalin Cimpanu

News Editor

In this Risky Business sponsor interview, Catalin Cimpanu talks with Sydney Marrone, Head of Threat Hunting at Nebulock, about hunting shadow AI agents on corporate networks.

Sponsored: Nebulock on hunting shadow AI
0:00 / 9:45

Risky Bulletin: NIST gives up enriching most CVEs

Presented by

Catalin Cimpanu
Catalin Cimpanu

News Editor

Claire Aird
Claire Aird

Newsreader

NIST says it won’t be enriching most CVEs, Russian hackers tried to disrupt a Swedish power plant, the EU releases its age verification app, and OpenAI announces its own private cyber model.

Risky Bulletin: NIST gives up enriching most CVEs
0:00 / 9:55

Mythos and 0day: Fixing exploits is not safety

Presented by

James Wilson
James Wilson

Enterprise Technology Editor

In this episode, James Wilson is joined by Brad Arkin who provides a CISO’s perspective on Anthropic’s Mythos. As former CISO at Adobe, Cisco and Salesforce, Brad’s perspective challenges the notion that finding and fixing exploits makes us safer.

Mythos and 0day: Fixing exploits is not safety
0:00 / 21:12

Srsly Risky Biz: Time to ban sale of precise geolocation data

Presented by

Amberleigh Jack
Amberleigh Jack

Producer and Editor

Tom Uren
Tom Uren

Policy & Intelligence

Tom Uren and Amberleigh Jack talk about a new Citizen Lab report into Webloc, a tool to identify and track mobile devices. It demonstrates how the collection and sale of mobile phone geolocation data presents privacy and national security risks.

They also discuss a deep-dive into how a single hacker was able to breach nine Mexican government agencies in just weeks using AI assistants. They enabled the attacker to move much faster.

Srsly Risky Biz: Time to ban sale of precise geolocation data
0:00 / 20:48

Risky Bulletin: Malicious LLM proxy routers found in the wild

Presented by

Catalin Cimpanu
Catalin Cimpanu

News Editor

Claire Aird
Claire Aird

Newsreader

Researchers find malicious LLM proxy routers, a fake Ledger crypto-wallet on the Mac App Store stole $10 million dollars, a ransomware crew leaks data from 38 law firms, and Google cracks down on back button hijacking.

Risky Bulletin: Malicious LLM proxy routers found in the wild
0:00 / 7:42