Videos

In this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news, including:

• The KK Park scam compound in Myanmar gets blasted with actual dynamite
• China sentences more scammers TO DEATH
• While Singapore is opting to lash them with the cane
• Chinese security firm KnownSec leaks a bunch of documents
• Necromancy continues on NSO Group, with a Trump associate in charge
• OWASP freshens up the Top 10, you won’t believe what’s number three!

This week’s episode is sponsored by Thinkst Canary. Big bird Haroon Meer joins and, as usual, makes a good point. If you’re going to trust a vendor to do something risky like put a box on your network, they have an obligation to explain how they make that safe. Thinkst has a /security page that does exactly that. So why do we let Palo Alto and Fortinet get away with “trust me, bro”?…

In this edition of Between Two Nerds Tom Uren and The Grugq discuss how cyber criminals and even state actors are being dumb about using AI.

Tom Uren and Amberleigh Jack talk about aggressive US cyber operations targeting the Venezuelan government in President Trump’s first term. These were narrowly successful in that they achieved their immediate operational goals, but they didn’t achieve Trump’s broader policy goal of ousting Venezuelan leader Nicolás Maduro.

They also talk about why the adtech ecosystem is a national security problem all round the world and how cybercriminals are collaborating with organised crime to steal cargo from logistics companies.

In this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news, including:

• We love some good vulnerability reporting drama, this time FFmpeg’s got beef with Google
• OpenAI announces its Aardvark bug-gobbling system
• Two US ransomware responders get arrested for… ransomware
• Memento (nee HackingTeam) CEO says: Sì, those are totally our tools getting snapped in Russia
• Hackers help freight theft gangs steal shipments to resell
• A second Jabber Zeus mastermind gets his comeuppance 15 years on

This week’s episode is sponsored by Nucleus Security, who make a vulnerability information management system. Co-founder Scott Kuffer says that approaches for triaging vulnerabilities have started to fall apart, given there are just. So. Many. And they’re all important!…

In this edition of Between Two Nerds Tom Uren and The Grugq discuss the futility of using aggressive cyber operations to send messages between states.

Tom Uren and Amberleigh Jack talk about Peter Williams, the general manager of vulnerability research firm Trenchant, who has pleaded guilty to selling exploits to the Russian 0day broker Operation Zero. It’s a terrible look, but it doesn’t mean the private sector can’t be trusted to develop exploits.

They also discuss a new report’s recommendations to empower the Office of the National Cyber Director. It’s a good idea, but it won’t make up for the cuts in funding and personnel across the Trump administration’s cyber portfolio.

In this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news, including:

• L3Harris Trenchant boss accused of selling exploits to Russia once worked at the Australian Signals Directorate
• Microsoft WSUS bug being exploited in the wild
• Dan Kaminsky DNS cache poisoning comes back because of a bad PRNG
• SpaceX finally starts disabling Starlink terminals used by scammers
• Garbage HP update deletes certificates that authed Windows systems to Entra

This week’s episode is sponsored by automation company Tines. Field CISO Matt Muller joins to discuss how Tines has embraced LLMs and the agentic-AI future into their workflow automation. …

In this edition of Between Two Nerds Tom Uren and The Grugq dissect a recent Chinese CERT report that the NSA had hacked China’s national time keeping service.

Tom Uren and Amberleigh Jack talk about how America can better use its private sector to scale up offensive cyber activities, including espionage and disruption operations. Involving it to tackle ransomware and cryptocurrency scammers makes a lot of sense.

They also talk about how the ransomware ecosystem is splintering, and one operator’s relatively quick journey from being an affiliate to a platform operator.

Show Notes:

From Chaos to Capability: Building the US Market for Offensive Cyber https://sergeybratus.gitlab.io/papers/DartmouthCyberRoundtable2025.pdf…

In this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news, including:

• China has been rummaging in F5’s networks for a couple of years
• Meanwhile China tries to deflect by accusing the NSA of hacking its national timing system
• Salesforce hackers use their stolen data trove to dox NSA, ICE employees
• Crypto stealing, proxy-deploying, blockchain-C2-ing VS Code worm charms us with its chutzpah
• Adam gets humbled by new Linux-capabilities backdoor trick
• Microsoft ignores its own guidance on avoiding BinaryFormatter, gets WSUS owned.

This episode is sponsored by Push Security. Co-founder and Chief Product Officer Jacques Louw joins to talk through how Push traced a LinkedIn phishing campaign targeting CEOs, and the new logging capabilities that proved critical to understanding it….