Risky Business returns for 2026! Patrick Gray and Adam Boileau talk through the week’s cybersecurity news, including:

• Santa brings hackers MongoDB memory leaks for Christmas
• Vercel pays out a million bucks to improve its React2Shell WAF defences
• 39C3 delivers; the pink Power Ranger deletes nazis, while a catgirl ruins GnuPG
• Cambodian scam compound kingpin gets extradited to China, and we don’t think it’ll go well for him
• Krebs picks apart the Kimwolf botnet and residential proxy networks
• So many healthcare data leaks that we have a roundup section

This week’s episode is sponsored by Airlock Digital. The founders of the application allow-listing vendor, David Cottingham and Daniel Schell, discuss Microsoft’s ClickOnce .NET app packaging, and how attackers have been abusing it to load code. Airlock hates it when you load code!

Show Notes:

US, Australia say ‘MongoBleed’ bug being exploited | The Record from Recorded Future News https://therecord.media/us-australia-bug-exploitation

Merry Christmas Day! Have a MongoDB security incident. | by Kevin Beaumont | Dec, 2025 | DoublePulsar https://doublepulsar. com/merry-christmas-day-have-a-mongodb-security-incident-9537f54289eb

Inside Vercel’s sleep-deprived race to contain React2Shell | CyberScoop https://cyberscoop.com/vercel-cto-security-react2shell-vulnerability/

gpg.fail https://gpg.fail/

Hacktivist deletes white supremacist websites live onstage during hacker conference | TechCrunch https://techcrunch.com/2026/01/05/hacktivist-deletes-white-supremacist-websites-live-on-stage-during-hacker-conference/

Chinese attackers exploiting zero-day to target Cisco email security products | The Record from Recorded Future News https://therecord.media/chinese-attackers-zero-day

Ni8mare  -  Unauthenticated Remote Code Execution in n8n (CVE-2026-21858) | Cyera Research Labs https://www.cyera.com/research-labs/ni8mare-unauthenticated-remote-code-execution-in-n8n-cve-2026-21858

ServiceNow patches critical AI platform flaw that could allow user impersonation | CyberScoop https://cyberscoop.com/servicenow-fixes-critical-ai-vulnerability-cve-2025-12420/

Alleged cyber scam kingpin arrested, extradited to China | The Record from Recorded Future News https://therecord.media/alleged-cyber-scam-kingpin-cambodia-arrested-extradited

FCC IoT labeling program loses lead company after China probe | Cybersecurity Dive https://www.cybersecuritydive.com/news/fcc-cyber-trust-mark-iot-labeling-ul-withdraw/808732/

Trump picks Lt. Gen. Joshua Rudd to lead NSA spy agency - The Washington Post https://www.washingtonpost.com/national-security/2025/12/16/nsa-cybercom-joshua-rudd-china

NSA cyber directorate gets new acting leadership | The Record from Recorded Future News https://therecord.media/nsa-cyber-directorate-new-acting-leadership

Dutch court sentences hacker who used port systems to smuggle cocaine to 7 years | The Record from Recorded Future News https://therecord.media/dutch-court-sentences-hacker-who-smuggled-cocaine-ports

ECLI:NL:GHAMS:2026:22, Amsterdam Court of Appeal, 23-003218-22 https://uitspraken.rechtspraak.nl/details?id=ECLI:NL:GHAMS:2026:22

The Kimwolf Botnet is Stalking Your Local Network – Krebs on Security https://krebsonsecurity.com/2026/01/the-kimwolf-botnet-is-stalking-your-local-network/

Who Benefited from the Aisuru and Kimwolf Botnets? – Krebs on Security https://krebsonsecurity.com/2026/01/who-benefited-from-the-aisuru-and-kimwolf-botnets/

Coupang recovers smashed laptop that alleged data leaker threw into river | The Record from Recorded Future News https://therecord.media/coupang-recovers-smashed-laptop-data-breach

Ransomware responders plead guilty to using ALPHV in attacks on US organizations | The Record from Recorded Future News https://therecord.media/ransomware-responders-guilty-plea-using-alphv-blackcat-us-attacks

Nearly 480,000 impacted by Covenant Health data breach | The Record from Recorded Future News https://therecord.media/covenant-health-breach-qilin

Illinois health department exposed over 700,000 residents’ personal data for years | TechCrunch https://techcrunch.com/2026/01/08/illinois-health-department-exposed-over-700000-residents-personal-data-for-years/

Tech provider for NHS England confirms data breach | TechCrunch https://techcrunch.com/2025/12/18/tech-provider-for-nhs-england-confirms-data-breach/

Hacker claiming to be behind ManageMyHealth breach: ‘I do it for the money and I’m in negotiations to get it’ - NZ Herald https://www.nzherald.co.nz/nz/hacker-claiming-to-be-behind-managemyhealth-breach-i-do-it-for-the-money-and-im-in-negotiations-to-get-it/premium/FC2PYCTFXVEOXN4Q27ONTQIDKA/