Risky Bulletin Podcast feed

Researchers find malicious LLM proxy routers, a fake Ledger crypto-wallet on the Mac App Store stole $10 million dollars, a ransomware crew leaks data from 38 law firms, and Google cracks down on back button hijacking.

In this edition of Between Two Nerds Tom Uren and The Grugq discuss how the rise of AI, which is very good at vulnerability and exploit development, will change the cyber security industry and competition between states.

This episode is also available on YouTube

France prepares to ditch Windows for Linux, OpenAI was impacted by the Axios supply chain attack, Rockstar Games gets hacked again, and Adobe patches a reader zero-day.

In this sponsored interview, Corelight’s Senior Director of Product Management, Dave Getman, tells James Wilson how Corelight Agentic Triage helps defenders stay ahead of AI-powered attacks.

Corelight makes NDR hardware that runs a heavily optimised version of the Zeek network monitoring tool. Corelight Agentic Triage integrates with EDR and other data sources, and helps defenders make sense of all the data that NDR can generate.

The FBI extracted Signal chats from iPhone notifications logs, Los Angeles police data was leaked online, a former Meta employee is under investigation for downloading private photos, and an Adobe Reader zero-day is being exploited in the wild.

Tom Uren and Amberleigh Jack talk about the State Department taking to X to counter foreign propaganda. US Secretary of State Marco Rubio dismantled the State Department’s counter-propaganda office when he took charge, but it turns out that giving adversary states free reign online is a bad idea.

They also discuss how America’s lawful intercept systems are high value targets for Chinese hackers. It’s a big deal that part of the FBI’s lawful intercept system has been breached and it is high time that the security of these systems was reviewed.

This episode is also available on Youtube.

Cybercrime losses surpassed $20 billion last year, authorities disrupt a Russian router botnet that intercepted email logins, Iran hacks PLCs across the US, and exploitation hits ComfyUI and Flowise-AI-servers.

In this edition of Between Two Nerds Tom Uren and The Grugq discuss how Iran’s cyber forces have been used during the ongoing war so far.

Cambodia prepares harsher prison terms for scam compound operators, an Italian museum moves valuables into a bank vault after a cyberattack, hackers exploit a bug in Vite-based apps and sites, and a supply chain attack hits an e-learning platform.

In this Risky Business sponsored interview, James Wilson chats with Airlock Digital co-founders, David Cottingham and Daniel Schell, about how they’re moving up the stack from file-based allowlisting to application-based allowlisting. David and Daniel explain how they’re making a seamless and quite logical move into application allowlisting, but with a new take on the technique.