Risky Business

In this week’s show, Patrick Gray and Adam Boileau discuss the week’s cybersecurity news, joined by a special guest. BBC World Cyber Correspondent Joe Tidy is a long time listener and he pops in for a ride-along in the news segment plus a chat about his new book.

This week news includes:

Did the US cyber Venezuela’s power grid, or do they just want us to think they coulda?

US govt might boycott the RSAC Conference ‘cause Jen Easterly being CEO makes them mad

MS Patch Tuesday fixes CVSS5.5 bug and … stops you shutting down

Wiz pulls off cloud stunt hack that ends with control of everyone’s AWS console

Millions of Bluetooth devices that use Google’s Fast Pairing will pair with anyone, any time

GNU inet-tools’ telnetd parties like it’s 2007, and brings -f root unauthed remote login back

Thinkst is this week’s sponsor, and long time friend of the show Haroon Meer joins. As always they’re polishing their Canary tokens - adding breadcrumbs to lead you to them - but they’re also a bunch of giant nerds who now run South Africa’s Computer Olympiad.

This episode is also available on Youtube.



Show notes



Cyberattack in Venezuela Demonstrated Precision of U.S. Capabilities - The New York Times


Why I’m withholding certainty that “precise” US cyber-op disrupted Venezuelan electricity - Ars Technica


Layered Ambiguity: US Cyber Capabilities in the Raid to Extract Maduro from Venezuela | Royal United Services Institute


Former CISA Director Jen Easterly Will Lead RSAC Conference | WIRED


Trump officials consider skipping premier cyber conference after Biden-era cyber leader named CEO - Nextgov/FCW


Federal agencies ordered to patch Microsoft Desktop Windows Manager bug | The Record from Recorded Future News


Windows 11 shutdown bug forces Microsoft into damage control • The Register


CodeBreach: Supply Chain Vuln & AWS CodeBuild Misconfig | Wiz Blog


Critical flaw in AWS Console risked compromise of build environment | Cybersecurity Dive


Never-before-seen Linux malware is “far more advanced than typical” - Ars Technica


VoidLink: Evidence That the Era of Advanced AI-Generated Malware Has Begun - Check Point Research


Hundreds of Millions of Audio Devices Need a Patch to Prevent Wireless Hacking and Tracking | WIRED


Critical flaw in Fortinet FortiSIEM targeted in exploitation threat | Cybersecurity Dive


CVE-2025-64155: 3 Years of Remotely Rooting the FortiSIEM


A single click mounted a covert, multistage attack against Copilot - Ars Technica


Police raid homes of alleged Black Basta hackers, hunt suspected Russian ringleader | The Record from Recorded Future News


Jordanian initial access broker pleads guilty to helping target 50 companies | The Record from Recorded Future News


Supreme Court hacker posted stolen government data on Instagram | TechCrunch


oss-sec: GNU InetUtils Security Advisory: remote authentication by-pass in telnetd


How crypto criminals stole $700 million from people - often using age-old tricks


Ctrl + Alt + Chaos: How Teenage Hackers Hijack the Internet

Risky Business returns for 2026! Patrick Gray and Adam Boileau talk through the week’s cybersecurity news, including:

Santa brings hackers MongoDB memory leaks for Christmas

Vercel pays out a million bucks to improve its React2Shell WAF defences

39C3 delivers; the pink Power Ranger deletes nazis, while a catgirl ruins GnuPG

Cambodian scam compound kingpin gets extradited to China, and we don’t think it’ll go well for him

Krebs picks apart the Kimwolf botnet and residential proxy networks

So many healthcare data leaks that we have a roundup section

This week’s episode is sponsored by Airlock Digital. The founders of the application allow-listing vendor, David Cottingham and Daniel Schell, discuss Microsoft’s ClickOnce .NET app packaging, and how attackers have been abusing it to load code. Airlock hates it when you load code!

This episode is also available on Youtube.



Show notes



US, Australia say ‘MongoBleed’ bug being exploited | The Record from Recorded Future News


Merry Christmas Day! Have a MongoDB security incident. | by Kevin Beaumont | Dec, 2025 | DoublePulsar


Inside Vercel’s sleep-deprived race to contain React2Shell | CyberScoop


gpg.fail


Hacktivist deletes white supremacist websites live onstage during hacker conference | TechCrunch


Chinese attackers exploiting zero-day to target Cisco email security products | The Record from Recorded Future News


Ni8mare  -  Unauthenticated Remote Code Execution in n8n (CVE-2026-21858) | Cyera Research Labs


ServiceNow patches critical AI platform flaw that could allow user impersonation | CyberScoop


Alleged cyber scam kingpin arrested, extradited to China | The Record from Recorded Future News


FCC IoT labeling program loses lead company after China probe | Cybersecurity Dive


Trump picks Lt. Gen. Joshua Rudd to lead NSA spy agency - The Washington Post


NSA cyber directorate gets new acting leadership | The Record from Recorded Future News


Dutch court sentences hacker who used port systems to smuggle cocaine to 7 years | The Record from Recorded Future News


ECLI:NL:GHAMS:2026:22, Amsterdam Court of Appeal, 23-003218-22


The Kimwolf Botnet is Stalking Your Local Network – Krebs on Security


Who Benefited from the Aisuru and Kimwolf Botnets? – Krebs on Security


Coupang recovers smashed laptop that alleged data leaker threw into river | The Record from Recorded Future News


Ransomware responders plead guilty to using ALPHV in attacks on US organizations | The Record from Recorded Future News


Nearly 480,000 impacted by Covenant Health data breach | The Record from Recorded Future News


Illinois health department exposed over 700,000 residents' personal data for years | TechCrunch


Tech provider for NHS England confirms data breach | TechCrunch


Hacker claiming to be behind ManageMyHealth breach: ‘I do it for the money and I’m in negotiations to get it’ - NZ Herald

In this special documentary episode, Patrick Gray and Amberleigh Jack take a historical dive into hacking in the 1980s. Through the words of those that were there, they discuss life on the ARPANET, the 414s hacking group, the Morris Worm, the vibe inside the NSA and a parallel hunt for German hackers happening at a similar time to Cliff Stoll’s famous Cuckoo’s Egg story.

This podcast features the memories of:

Jon Callas, former principal software engineer at Digital Equipment Corporation

Mark Rasch, Morris Worm prosecutor

Timothy Winslow, former 414 hacker

Greg Chartrand, author of Cracking the Cuckoos Egg and

Tony Sager, former NSA

How the World Got Owned is produced in partnership with SentinelOne.



Show notes



1988 Federal sentencing guidelines manual


Computer Intruder is put on probation and fined $10,000 | The New York Times


Computer Intruder is found guilty | The New York Times


United States of America, Appellee, v. Robert Tappan Morris, Defendant-appellant, 928 F.2d 504 (2d Cir. 1991)


The Cuckoo’s Egg: Tracking a Spy Through the Maze of Computer Espionage | Clifford Stoll


Cracking the Cuckoo’s Egg: The Untold Story of tracking and finding Karl Koch aka Hagbard of the Chaos Computer Club | Greg Chartrand


Computer Buffs Tapped NASA Files | The New York Times


Young Computer Bandits Byte off More than They Could Chew | The Washington Post


‘Hacker’ is used by Mainstream Media, September 5, 1983 | EDN


Neal Patrick to testify before congressional committee


Wargames official trailer, 1983


CBS News Segment on Robert Morris Computer Hacker


The Fall of the Berlin Wall | Sky News


I Hacked a Nuclear Facility in the 1980’s. You’re Welcome | CNN

In the final show of 2025, Patrick Gray and Adam Boileau discuss the week’s cybersecurity news, including:

React2Shell attacks continue, surprising no one

The unholy combination of OAuth consent phishing, social engineering and Azure CLI

Venezuela’s state oil firm gets ransomware’d, blames US… but what if it really is a US cyber op?!

Russian junk-hacktivist gets indicted for cybering critical… err… a car wash and a fountain

Microsoft finally turns RC4 off by default in Active Directory Kerberos

Traefik’s TLS verify=on … turns it off, whoopsie 🤡

This week’s episode is sponsored by Sublime Security, makers of an email filtering solution that’s up for dealing with modern problems. Founder and CEO Josh Kamdjou joins to talk about calendar invite phishing, and the extra steps they’ve had to take to reach into people’s calendars and fix the mess.

The Risky Business weekly show is taking holiday break, and will return on 14 January for its twentieth year! Good luck out there, internet friends.

This episode is also available on Youtube.



Show notes



React2Shell attacks expand widely across multiple sectors | Cybersecurity Dive


React issues new patches after security researchers flag additional flaws | Cybersecurity Dive


ConsentFix: Browser-native ClickFix hijacks OAuth grants


Hacking Endpoint to Identity (Microsoft 365): "ConsentFix" - YouTube


Announced pick for No. 2 at NSA won’t get the job as another candidate surfaces | The Record from Recorded Future News


Laura Loomer on X: "EXCLUSIVE: 🚨 White House Official Confirms Ongoing Search for NSA Deputy Director As Tim Kosiba's Deep State And Anti-Trump Ties Raise Red Flags 🚨"


Senior official at Indo-Pacific Command is set to be Trump’s pick to lead Cyber Command, NSA | The Record from Recorded Future News


Trump Administration Turning to Private Firms in Cyber Offensive - Bloomberg


PdV says cyber attacks contained | Latest Market News


Venezuela state oil company blames cyberattack on US after tanker seizure | The Record from Recorded Future News


Office of Public Affairs | Justice Department Announces Actions to Combat Two Russian State-Sponsored Cyber Criminal Hacking Groups | United States Department of Justice


DOJ, CISA warn of Russia-linked attacks targeting meat processing plants, nuclear regulatory entities and other critical infrastructure | The Record from Recorded Future News


vx-underground on X: "The United States government has indicted a state-sponsored Threat Actor named Victoria Eduardovna Dubranova"


vx-underground on X: "I'm actually laughing. One of the compromises is so dumb"


German parliament suffers suspected cyber attack during Zelenskyy’s visit


Während Selenskyj-Besuch: Große Internet-Störung im Bundestag! | Politik | BILD.de


Germany summons Russian ambassador over cyberattack, election disinformation | The Record from Recorded Future News


Russische hackgroep had toegang tot openbare waterfontein in Nederland | de Volkskrant


Most Parked Domains Now Serving Malicious Content – Krebs on Security


PornHub extorted after hackers steal Premium member activity data


Office of Public Affairs | Senior Manager for Government Contractor Charged in Cybersecurity Fraud Scheme | United States Department of Justice


Microsoft will finally kill obsolete cipher that has wreaked decades of havoc - Ars Technica


CVE-2025-66491: Traefik's "Verify=On" Turned TLS Off | AISLE


Dylan O'Donnell 🦋 on X: "This week I was rushed to hospital with a diagnosis of oesophageal cancer."

In this sponsored Soap Box edition of the Risky Business podcast, Patrick Gray chats with Jared Atkinson, CTO of SpecterOps, about BloodHound OpenGraph.

OpenGraph enumerates attack paths across platforms and services, not just your primary directories.

A compromised GitHub account to on-prem AD compromise attack path? It’s a thing, and OpenGraph will find it.

Cross-platform attack path enumeration! So good!

This episode is also available on Youtube.



Show notes