Risky Business

On this week’s show special guest co-host Rob Joyce joins Patrick Gray and James Wilson to discuss the week’s cybersecurity news. Rob served as an advisor to Donald Trump during his first term as president and also served at NSA for 34 years. While at the agency, Joyce led Tailored Access Operations (TAO), and later became NSA’s Director of Cybersecurity.

They cover:

The surprisingly well done Fortibleed campaign

Stolen Klue OAuth tokens lead to Salesforce data theft

OpenAI wants to patch the planet

runZero gets acquired by Accenture, congrats HD Moore!

Much, much more!

This episode is also available on YouTube.



Show notes



FortiBleed campaign used custom FortiGate sniffer to steal credentials | BleepingComputer


FortiBleed: Fortinet device credential compromise expands into broader credential-attack guidance | unit42.paloaltonetworks.com


Cybercriminals allegedly hacked tens of thousands of Fortinet firewalls used by major companies all over the world | TechCrunch Security


Klue OAuth breach linked to 'Icarus' Salesforce data theft attacks | BleepingComputer


Polymarket (@Polymarket) on X | X (formerly Twitter)


The Korean telecom giant at the center of Anthropic’s Mythos controversy | wrd.cm


Beyond Fable: Can a Local LLM Replace Cloud AI for Security Code Reviews - SRLabs Research | SRLabs


OpenAI Launches Full-Scale Effort to Patch Open-Source Bugs as It Takes on Anthropic’s Mythos | wired.com


Sponsored: Trail of Bits and OpenAI patch the planet | Risky Bulletin


Intel agencies: Frontier AI models will reshape cybersecurity faster than expected | cyberscoop.com


Embedding Forbidden Text in Spyware to Discourage AI Analysis | Schneier on Security


A new unpatchable flaw in Apple chips opens the door to an iPhone jailbreak | TechCrunch Security


USB worm spreads crypto-stealing malware via Windows shortcut files | BleepingComputer


Android verification is coming: Google confirms timeline and supported app stores | Ars Technica


California water utility probes breach claim by Iran-linked actor | Cybersecurity Dive


Suspected cyberattack triggers false emergency alerts across parts of Brazil | The Record


Tesco moving 40,000 server workloads off VMware amid Broadcom's "abusive conduct" | Ars Technica


Trump directs federal agencies to protect US data from quantum threats | therecord.media


Accenture shells out $4.18B on three companies in big industrial cybersecurity push | cyberscoop.com

On this week’s show Patrick Gray, Adam Boileau and James Wilson discuss the week’s cybersecurity news. They cover:

Anthropic’s Fable 5 and Mythos 5 get nuked by the US government four days after launch “because security”

Why “guardrails” won’t keep the world safe from your AI doomsday machine

The FISA 702 statute expired, but the spying can (probably) continue!

NPM v12 delivers some protection against supply chain attacks, but not enough.

Microsoft has a series of bugs that prevent Windows Update from … updating

Much, much more!

This episode is also available on YouTube



Show notes



Anthropic suspends new AI models after government directive | NBC News Tech


Anthropic rankles users with safety-first Fable release | NBC News Tech


How a 90-minute White House deadline sparked Silicon Valley’s biggest AI fight | washingtonpost.com


Pete Hegseth (@PeteHegseth) on X | X (formerly Twitter)


David Sacks (@DavidSacks) on X | X (formerly Twitter)


DoW CIO Kirsten Davies (@DoWCIODavies) on X | X (formerly Twitter)


David Shulman (@DavidShulmanFL) on X | X (formerly Twitter)


Controversial FISA spying law expires tonight. The spying will continue. | Ars Technica


GitHub announces npm security changes to tackle supply-chain attacks | BleepingComputer


Why NPM v12 won’t stop supply chain attacks - Risky Business Media | Social Signals


Oracle PeopleSoft servers hacked in ShinyHunters data theft attacks | BleepingComputer


Microsoft patches Exchange Server zero-day exploited in attacks | BleepingComputer


Max severity Ivanti Sentry vulnerability now exploited in attacks | BleepingComputer


CISA warns of another cPanel plugin flaw exploited in attacks | BleepingComputer


Critical Fortinet FortiSandbox flaws now exploited in attacks | BleepingComputer


CISA orders feds to patch actively exploited Ivanti flaw by Sunday | BleepingComputer


CISA to require federal agencies to patch some cyber vulnerabilities within 3 days | therecord.media


Path traversal flaw in AI dev platform Langflow exploited in attacks | BleepingComputer


Microsoft: Some Windows PCs fail to install latest monthly updates | BleepingComputer


Microsoft fixes BitLocker recovery bug on Windows Server 2025 | BleepingComputer


Microsoft fixes Windows update failures linked to WUSA installer | BleepingComputer


New attack turned Microsoft 365 Copilot into 1-click data theft tool | BleepingComputer


Over 73,000 French govt employees affected in Tchap messenger breach | BleepingComputer


Signal Alums Reveal ‘Encrypted Spaces,’ a System for Making Private Collaboration Apps | wired.com


FBI disrupts massive AI-powered phishing service using a million URLs | BleepingComputer


Cyberattack shuts down major Australian sugar mills, disrupting harvest | The Record


Drug Sites Hijacked Spotify’s Search Ranking Through Fake Podcasts, Report Finds | wired.com


It Is Trivially Easy to Use Reddit to Manipulate AI Search, Research Suggests | 404.feed.press


Who Runs the Ransomware Group ‘The Gentlemen?’ | krebsonsecurity.com


:brdKnife: (@cR0w@infosec.exchange) | Infosec Exchange

On this week’s show special guest co-host Chris Wade, the founder of Corellium turned Cellebrite CTO, joins Patrick Gray and James Wilson to discuss the week’s cybersecurity news.

They cover:

Microsoft has repos owned, GitHub tokens popped, and a new 0day dropped on them

Meanwhile, researchers are choosing full disclosure instead of engaging MSRC

Meta’s AI support agent allowed a staggering 20,000 accounts to be stolen!

Apple pulls Russia’s MAX messenger from the App Store and disables notifications

Anthropic gives the public our first Mythos-class model but it won’t do cybersecurity work

Stripe and Google Tag Manager used in eCommerce website hack campaign

And much, much more!

This week’s show is brought to you by runZero. HD Moore, runZeros’ founder, drops by in this week’s sponsor interview to talk about the AI vibe shift. Everyone is very worried about getting owned all of a sudden, and it’s really changing the cybersecurity business.

This episode is also available on YouTube.



Show notes



Microsoft Hacked to Deliver Malware to Claude and Gemini Users | 404.feed.press


Researcher publishes GitHub token-stealing exploit, blames Microsoft’s disclosure process | therecord.media


Microsoft Defender 'RoguePlanet' zero-day grants SYSTEM privileges | BleepingComputer


Microsoft breaks Patch Tuesday record with 206 vulnerabilities | CyberScoop


chompie1337 | X


WhatsApp says NSO targeted users with spearfishing attacks in violation of court order | therecord.media


Over 20,000 Instagram accounts stolen in Meta AI support hack | BleepingComputer


New Apple feature automatically changes your compromised passwords | BleepingComputer


Apple removes Russia’s state-backed messaging app Max from its store | therecord.media


Exclusive: Anthropic's Mythos can exploit new flaws in hours |


Anthropic’s new model is Mythos on a leash | CyberScoop


Anthropic Offers Mythos Upgrade for Cyber Partners and a ‘Safe’ Version for the Rest of You | wired.com


OpenClaw AI agent found falling for phishing attacks, spills user data | BleepingComputer


OpenAI unveils Lockdown Mode to protect sensitive data from prompt injection attacks | TechCrunch Security


Hands on with Intelligent Terminal, an AI-powered Windows Terminal | BleepingComputer


Seeking Counsel: Ongoing Targeted Campaign Against US Law Firms | Mandiant


Check Point warns of zero-day flaw targeted by ransomware affiliate | Cybersecurity Dive


ServiceNow discloses security incident exposing customer data | BleepingComputer


Credit card theft campaign abuses Stripe to host stolen payment info | BleepingComputer


CrowdStrike, Palo Alto Networks defy estimates as AI fuels cyber demand | Cybersecurity Dive


The U.S. Military Quietly Turned GPS Into a Global ‘Numbers Station,’ Evidence Suggests | 404.feed.press


New 'HTTP/2 Bomb' DoS attack crashes web servers in under a minute | BleepingComputer


Google has quietly cut staff across its Cloud business | businessinsider.com

In this sponsored Soap Box edition of the Risky Business podcast Patrick Gray chats with Edward Wu, founder of Dropzone, about what AI is doing to detection, response and the SOC more generally.

Dropzone makes AI agents that conduct alert investigations in your SOC, but will the SOC as we know it even exist in the future?

Ed has a deep expertise in SOC tech, having previously led AI/ML detection engineering at Extrahop. This interview is a fantastic look at what the future may bring for detection and response professionals.

This episode is also available on YouTube



Show notes

On this week’s show special guest co-host Andy Boyd joins Patrick Gray and James Wilson to discuss the week’s cybersecurity news. Andy is the CEO of REDLattice, which makes the Paragon “intelligence collection and reconnaissance” solution.

They cover:

Adversaries are tracking US troop locations with commercially available location data

A new Signal phishing campaign is going after message backups

404 Media is suing ICE to get its spyware contract with REDLattice (lol)

Microsoft’s tone-deaf response to ‘never justifiable’ zero-day disclosures

Mini Shai-Hulud pops up again just as Glassworm gets shattered

Much, much more

This week’s episode is sponsored by Authentik, an open source identity platform that you can host yourself. In this week’s sponsor interview Authentik’s CEO Fletcher Heisler joins Patrick Gray to talk about how they’re keeping up with the bugpocalypse, and also the work they’re doing to support identities for AI agents.

This episode is also available on YouTube.



Show notes



The Pentagon Knew Enemies Could Track Troops’ Phones for Years. Now They Are | wired.com


U.S. says troops were targeted with location data, as senator warns ad industry is a ‘national security threat’ | TechCrunch Security


DOD location data attachment (Wyden) |


Risky Business #830 -- LiteLLM and security scanner supply chains compromised | Risky Business Media


US has seized nearly $1 billion in crypto from Iran, Bessent says |


Russia claims foreign spy agencies hacked officials' phones | therecord.media


Hackers are trying to steal Signal users’ backups in new wave of phishing attacks | TechCrunch Security


We Sued ICE to Get Its Spyware Contract. The Agency Is Redacting Essentially Everything | Social Signals


Microsoft calls zero-day releases ‘never justifiable’ as researcher threatens to drop more | therecord.media


A shared responsibility: Protecting customers through Coordinated Vulnerability Disclosure | Social Signals


Microsoft says it will not pursue security researchers after zero-day backlash | therecord.media


IBM’s new $5B initiative will help enterprises rapidly patch open-source vulnerabilities | Social Signals


Federal audit reveals NIST’s NVD is plagued by poor planning and duplication | cyberscoop.com


Hackers Used Meta’s AI Support Bot to Seize Instagram Accounts | krebsonsecurity.com


Critical Windows Netlogon RCE flaw now exploited in attacks | BleepingComputer


CISA adds exploited Palo Alto Networks GlobalProtect flaw to KEV | Cybersecurity Dive


Password manager Dashlane says hackers stole some customers’ password vaults | TechCrunch Security


CrowdStrike disrupts Glassworm botnet that preyed on open-source supply chain | cyberscoop.com


Botnet of more than 17 million devices dismantled | arstechnica.com


Chinese-speaking fraud gang could be stealing millions from 2026 World Cup fans | therecord.media


ACCC investigating Olympics ticket scam | ABC


Dozens of Red Hat packages backdoored through its offical NPM channel | arstechnica.com


Solo podcast: A deep dive on TeamPCP - Risky Business Media |


Trump administration releases scaled-back AI executive order | cyberscoop.com


Google security engineer accused of turning confidential search trends into $1.2M win on Polymarket | cyberscoop.com