Videos

News, analysis and product demos

Risky Business (832): Anthropic unveils magical 0day computer God

Presented by

Patrick Gray
Patrick Gray

CEO and Publisher

Adam Boileau
Adam Boileau

Co-host at large

On this week’s show, Patrick Gray, Adam Boileau and James Wilson discuss the week’s cybersecurity news. They cover:

  • Anthropic’s new Mythos model hunts bugs and chains exploits together so well that… you cant have it…
  • …Unless you’re one of their Project Glasswing partners
  • The world isn’t short on bugs, though. F5, Fortinet, Progress ShareFile, and TrueConf are all getting rekt by humans
  • GPU Rowhammering goes in the GPU, past the IOMMU and back into the host-side Nvidia driver
  • North Korea is spending serious time and money on its crypto hacking
  • Just when the US needs CISA most, they slash its budget some more!…

Between Two Nerds: Make cyber, not war

Presented by

Tom Uren
Tom Uren

Policy & Intelligence

The Grugq
The Grugq

Independent Security Researcher

In this edition of Between Two Nerds Tom Uren and The Grugq discuss how Iran’s cyber forces have been used during the ongoing war so far.

Srsly Risky Biz: America's next top (cyber) model

Presented by

Tom Uren
Tom Uren

Policy & Intelligence

Amberleigh Jack
Amberleigh Jack

Producer and Editor

Tom Uren and Amberleigh Jack talk about how incredibly good AI models have gotten at finding and exploiting vulnerabilities. That will upend the cyber security industry and it has implications for state cyber organisations such as NSA and Cyber Command.

They also discuss how broadband wireless communications links are critical in the war in Ukraine. After losing access to Starlink, Russian forces are doubling down on using equipment from American company Ubiquiti.

Risky Business (831): The AI bugpocalypse begins

Presented by

Patrick Gray
Patrick Gray

CEO and Publisher

Adam Boileau
Adam Boileau

Co-host at large

On this week’s show, Patrick Gray, Adam Boileau and James Wilson discuss the week’s cybersecurity news. They cover:

  • Those pesky North Koreans shim a backdoor into a 100M-downloads-a-week npm package
  • TeamPCP appear to have ransacked Cisco’s source and cloud environments
  • AI is getting legitimately good at being told to “just go find some 0day in this”
  • Kaspersky says Coruna and Triangulation do share code lineage
  • Iranian hackers dump Kash Patel’s gmail spool
  • Oh, and of course there’s a Citrix Netscaler memory leak being exploited in the wild

This week’s episode is sponsored by Dropzone AI, who make automated AI SOC analysts. Head honcho Ed Wu explains how they’ve built pre-canned ‘hunt packs’ to lead the AI off into your environment to find weird, interesting and security relevant things. …

Between Two Nerds: More secure but less safe

Presented by

Tom Uren
Tom Uren

Policy & Intelligence

The Grugq
The Grugq

Independent Security Researcher

In this edition of Between Two Nerds Tom Uren and The Grugq talk about hacking and scams. While hacking is disappearing as a threat for most people, it is a new golden age for scammers. Even Tom has been scammed!

Soap Box: Red teaming AI systems with SpecterOps

Presented by

Patrick Gray
Patrick Gray

CEO and Publisher

In this sponsored Soap Box edition of the show, Patrick Gray and James Wilson talk about red teaming AI systems with Russel Van Tuyl, Vice President of Services at elite penetration testing firm SpecterOps.

SpecterOps is the company behind attack path enumeration tool Bloodhound and Bloodhound Enterprise, but they’re also a pentest and red teaming shop with world class expertise in popping shells on all sorts of interesting systems in all sorts of interesting places.

Srsly Risky Biz: Why get a warrant when you have Kash?

Presented by

Tom Uren
Tom Uren

Policy & Intelligence

Amberleigh Jack
Amberleigh Jack

Producer and Editor

Tom Uren and Amberleigh Jack talk about FBI Director Kash Patel admitting to Congress that the Bureau is buying American’s location data and using it to generate valuable intelligence. That’s concerning, because commercially available information can be used in tremendously invasive ways and the FBI can buy it without needing a warrant.

They also discuss the FCC’s surprising move to ban foreign-made consumer routers. It’s not about security, it is just about reshoring manufacturing.

And finally they discuss the Trump administration’s plan for unleashing the private sector.

Risky Business (830): LiteLLM and security scanner supply chains compromised

Presented by

Patrick Gray
Patrick Gray

CEO and Publisher

Adam Boileau
Adam Boileau

Co-host at large

On this week’s show, Patrick Gray, Adam Boileau and James WIlson discuss the week’s cybersecurity news. They talk through:

  • TeamPCP’s supply chain attack on Github, and they threw in an anti-Iran wiper, because why not?!
  • Anthropic hooks up its models to just… use your whole computer
  • After Stryker’s Very Bad Day, CISA says maybe add some more controls around your Intune?
  • Another iOS exploit kit shows up in the cyber bargain-bin
  • The FTC decides to ban… all new home routers?! U wot m8?!
  • Supermicro founder was personally sanction-busting Nvidia GPUs into China?!

This week’s episode is sponsored by enterprise browser maker, Island. Chief Customer Officer Bradon Rogers joins Pat to explain how its customers are using Island to control the use of personal AI services in regulated industries. …

Between Two Nerds: Its raining iOS exploit kits!

Presented by

Tom Uren
Tom Uren

Policy & Intelligence

The Grugq
The Grugq

Independent Security Researcher

In this edition of Between Two Nerds Tom Uren and The Grugq discuss how Google just keeps on finding iOS exploit kits. Is iPhone security busted? And why are Russian state hackers after crypto?

Srsly Risky Biz: Successful war leaves Iran with one option, its cyber forces

Presented by

Tom Uren
Tom Uren

Policy & Intelligence

Amberleigh Jack
Amberleigh Jack

Producer and Editor

Tom Uren and Amberleigh Jack talk about how successfully achieving America’s war goals could force Iran to double down on cyber power. It’s resilient to bombing and is the cheapest, quickest way for the regime to get some wins post-war.

They also discuss Meta stepping back from end-to-end encryption on Instagram’s direct messages. There is a time and place for E2EE messages, so good riddance.

Finally, they discuss the one weird trick President Trump uses to make his smartphone conversations useless for foreign intelligence services.