In this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news, including:

• Salesforce partner Gainsight has customer data stolen
• Crowdstrike fires insider who gave hackers screenshots of internal systems
• Australian Parliament turns off wifi and bluetooth in fear of of visiting Chinese bigwigs
• Shai-Hulud npm/Github worm is back, and rm -rf’ier than ever
• SEC gives up on Solarwinds lawsuit
• Dog eats cryptographer’s key material

This week’s episode is sponsored by runZero. HD Moore pops in to talk about how they’re integrating runZero with Bloodhound-style graph databases. He also discusses uses for driving runZero’s tools with an AI, plus the complexities of shipping AI when the company has a variety of deployment models.

Show notes:

Google says hackers stole data from 200 companies following Gainsight breach https://techcrunch.com/2025/11/21/google-says-hackers-stole-data-from-200-companies-following-gainsight-breach/

Gainsight Status https://status.gainsight.com/

Trust Status https://status.salesforce.com/generalmessages/20000233

CrowdStrike fires ‘suspicious insider’ who passed information to hackers https://techcrunch.com/2025/11/21/crowdstrike-fires-suspicious-insider-who-passed-information-to-hackers/

Salesforce cuts off access to third-party app after discovering ‘unusual activity’ https://therecord.media/salesforce-cuts-off-access-to-third-party-unusual-activity

Атаки разящей панды: APT31 сегодня https://ptsecurity.com/research/pt-esc-threat-intelligence/striking-panda-attacks-apt31-today/

Office of Public Affairs | Seven Hackers Associated with Chinese Government Charged with Computer Intrusions https://www.justice.gov/archives/opa/pr/seven-hackers-associated-chinese-government-charged-computer-intrusions-targeting-perceived

Australian federal MPs warned to turn off phones when Chinese delegation visits Parliament House https://www.theguardian.com/australia-news/2025/nov/24/australian-parliament-warned-turn-off-phones-china-visit-security

Sha1-Hulud: The Second Coming of the NPM Worm is Digging For Secrets https://semgrep.dev/blog/2025/digging-for-secrets-sha1-hulud-the-second-coming-of-the-npm-worm/#3.-persistence-via-github-actions-runner

FCC eliminates cybersecurity requirements for telecom companies https://www.cybersecuritydive.com/news/fcc-eliminates-telecom-cybersecurity-requirements/806052/

Trade Associations Cybersecurity Practices Ex Parte https://www.fcc.gov/ecfs/document/101663436912/1

SEC voluntarily dismisses SolarWinds lawsuit https://therecord.media/solawards-lawsuit-dismissed-sec

Record-breaking DDoS attack against Microsoft Azure mitigatedhttps://www.cybersecuritydive.com/news/record-ddos-attack-microsoft-azure/805886/

The Cloudflare Outage May Be a Security Roadmap – Krebs on Security https://krebsonsecurity.com/2025/11/the-cloudflare-outage-may-be-a-security-roadmap/

Critics scoff after Microsoft warns AI feature can infect machines and pilfer data https://arstechnica.com/security/2025/11/critics-scoff-after-microsoft-warns-ai-feature-can-infect-machines-and-pilfer-data/

vx-underground on X: “I’ve had a surprising amount of people ask me about Copilot” https://x.com/vxunderground/status/1992320900444643336

Researchers warn command injection flaw in Fortinet FortiWeb is under exploitation https://www.cybersecuritydive.com/news/command-injection-flaw-fortinet-fortiweb-exploitation/806027/

Two suspected Scattered Spider hackers plead not guilty over Transport for London cyberattack https://therecord.media/transport-for-london-hack-scattered-spider-suspects-plead-not-guilty

Russia arrests young cybersecurity entrepreneur on treason charges https://therecord.media/russia-arrests-tech-entrepreneur-treason

This campaign aims to tackle persistent security myths in favor of better advice https://cyberscoop.com/hacklore-org-cybersecurity-advice-bob-lord-security-myths/

Oops. Cryptographers cancel election results after losing decryption key. https://arstechnica.com/security/2025/11/cryptography-group-cancels-election-results-after-official-loses-secret-key/

Uncovering network attack paths with runZeroHound https://www.runzero.com/blog/introducing-runzerohound/

Model Context Protocol https://help.runzero.com/docs/mcp/