Risky Business

In this sponsored Soap Box edition of the show, Patrick Gray and James Wilson talk about red teaming AI systems with Russel Van Tuyl, Vice President of Services at elite penetration testing firm SpecterOps.

SpecterOps is the company behind attack path enumeration tool Bloodhound and Bloodhound Enterprise, but they’re also a pentest and red teaming shop with world class expertise in popping shells on all sorts of interesting systems in all sorts of interesting places.

This episode is also available on Youtube.



Show notes

On this week’s show, Patrick Gray, Adam Boileau and James WIlson discuss the week’s cybersecurity news. They talk through:

TeamPCP’s supply chain attack on Github, and they threw in an anti-Iran wiper, because why not?!

Anthropic hooks up its models to just… use your whole computer

After Stryker’s Very Bad Day, CISA says maybe add some more controls around your Intune?

Another iOS exploit kit shows up in the cyber bargain-bin

The FTC decides to ban… all new home routers?! U wot m8?!

Supermicro founder was personally sanction-busting Nvidia GPUs into China?!

This week’s episode is sponsored by enterprise browser maker, Island. Chief Customer Officer Bradon Rogers joins Pat to explain how its customers are using Island to control the use of personal AI services in regulated industries.

This episode is also available on Youtube.



Show notes



‘CanisterWorm’ Springs Wiper Attack Targeting Iran


TeamPCP deploys CanisterWorm on NPM following Trivy compromise


Andrej Karpathy on X: "Software horror: litellm PyPI supply chain" attack


Checkmarx KICS GitHub Action Compromised: Malware Injected in All Git Tags


Felix Rieseberg on X: "Today, we’re releasing a feature that allows Claude to control your computer"


A Top Google Search Result for Claude Plugins Was Planted by Hackers


Lockheed Martin targeted in alleged breach by pro-Iran hacktivist


CISA urges companies to secure Microsoft Intune systems after hackers mass-wipe Stryker devices


FBI seems to seize website tied to Iranian cyberattack on Stryker


Stryker confirms cyberattack is contained and restoration underway


Hundreds of Millions of iPhones Can Be Hacked With a New Tool Found in the Wild


Someone has publicly leaked an exploit kit that can hack millions of iPhones


Russia-linked hackers use advanced iPhone exploit to target Ukrainians


Apple rolls out first 'background security' update for iPhones, iPads, and Macs to fix Safari bug


Post by @wartranslated.bsky.social — Bluesky


Signal’s Creator Is Helping Encrypt Meta AI


Hacker says they compromised millions of confidential police tips held by US company


Millions of 'anonymous' crime tips exposed in massive Crime Stoppers hack


Feds Disrupt IoT Botnets Behind Huge DDoS Attacks


FCC bans import of consumer-grade routers amid national security concerns


White House pours cold water on cyber ‘letters of marque’ speculation


Google launches threat disruption unit, stops short of calling it ‘offensive'


Supermicro’s cofounder was just arrested for allegedly smuggling $2.5 billion in GPUs to China


Cyberattack on vehicle breathalyzer company leaves drivers stranded across the US


Man pleads guilty to $8 million AI-generated music scheme


Two Israelis AI generated "intelligence" and sold it to Iran

On this week’s show, Patrick Gray, Adam Boileau and James WIlson discuss the week’s cybersecurity news. They discuss:

Iran’s Intune-based wiper attack on medical device maker Stryker

Qihoo 360’s AI publishes its own wildcard TLS cert private key

Instagram is canning its end-to-end encrypted messaging

What’s going on with mobile internet access in Moscow?

The Xbox One’s bootloader gets voltage glitched into submission

Oh Qualys! We love you! (At least, whoever is in the basement writing these beautiful .txt files…)

This week’s episode is sponsored by browser-based detection and response company, Push Security. Researcher Dan Green and Field CTO Mark Orlando join Pat to talk through the InstallFix variant of the *Fix attack technique.

This episode is also available on Youtube.



Show notes



Iranian Hacktivists Strike Medical Device Maker Stryker in "Severe" Attack that Wiped Systems


Stryker says it's restoring systems after pro-Iran hackers wiped thousands of employee devices | TechCrunch


Stryker attack raises concerns about role of device management tool | Cybersecurity Dive


Stryker tells SEC that timeline for recovery from cyberattack unknown | The Record from Recorded Future News


How ‘Handala’ Became the Face of Iran’s Hacker Counterattacks | WIRED


U.S Strikes Killed Iranian Cyber Chiefs, But The Hacks Continued


Risky Business Features: Being a Wartime CISO


Supply-chain attack using invisible code hits GitHub and other repositories - Ars Technica


China's biggest cybersecurity company, Qihoo 360 just leaked their own wildcard SSL private key


Emergent Cyber Behavior: When AI Agents Become Offensive Threat Actors - Irregular


Risky Business Features: MCP is Dead


Measuring AI Agents’ Progress on Multi-Step Cyber Attack Scenarios


Measuring AI Agents' Progress on Multi-Step Cyber Attack Scenarios


What is end-to-end encryption on Instagram | Instagram Help Center


US Lawmakers Move to Kill the FBI’s Warrantless Wiretap Access | WIRED


Website "whitelists" launched in Moscow | Forbes.ru


Exclusive: Foreign hacker in 2023 compromised Epstein files held by FBI, source and documents show | Reuters


Feds say another DigitalMint negotiator ran ransomware attacks and helped extort $75 million | CyberScoop


Researchers disclose vulnerabilities in IP KVMs from four manufacturers - Ars Technica


RE//verse 2026: Hacking the Xbox One by Markus 'doom' Gaasedelen - YouTube


CrackArmor: Multiple vulnerabilities in AppArmor

In this Soap Box edition of the Risky Business podcast Patrick Gray sits down with Airlock Digital co-founders Daniel Schell and David Cottingham to talk about the role AI models could play in managing enterprise allowlists.

They also talk about the durability of allowlisting as a control. After 12 years in business, the Airlock product hasn’t really changed all that much. That’s a good thing! It also means the Airlock team have been able to spend some time doing deep engineering instead of chasing the latest attacker TTPs and writing detection rules for them.

This episode is also available on Youtube.



Show notes

On this week’s show, Patrick Gray, Adam Boileau and James WIlson discuss the week’s cybersecurity news. They cover:

The Coruna exploits were L3 Harris, but it seems Triangulation… was not!

Iran’s cyber HQ hit by Israeli (kinetic) strikes

Trump’s cyber “strategy” is … well, all we’ve got is jokes cause there’s no serious content

NSA and CyberCom finally get a leader after Lt Gen Joshua Rudd gets Senate nod

DOGE (remember them?!) employee walked a social security database out on a USB stick

This episode is sponsored by open source cloud security scanner Prowler. Creator and CEO Toni de la Fuente talks to Pat about some of the enterprise features Prowler is growing, while remaining true to its open source roots.

This episode is also available on Youtube.



Show notes



Inside Coruna: Reverse Engineering a Nation-State iOS Exploit Kit From JavaScript


GitHub - matteyeux/coruna: deobfuscated JS and blobs


US military contractor likely built iPhone hacking tools used by Russian spies in Ukraine


APT36: A Nightmare of Vibeware


State-linked actors targeted US networks in lead-up to Iran war


Iranian cyber warfare HQ allegedly hit by Israel


Last 2 names of 6 US soldiers who died in Kuwait attack identified by the Pentagon


Signal, WhatsApp users face Russian phishing push, Dutch warn


Samuel Bendett on X: "Russian military told it couldn't use Telegram messaging app"


FBI investigating ‘suspicious’ cyber activities on critical surveillance network


Risky Bulletin: New White House EO prioritizes fight against scams and cybercrime


President Trump’s CYBER STRATEGY for America


Fact Sheet: President Donald J. Trump Combats Cybercrime, Fraud, and Predatory Schemes Against American Citizens


UK plans to shift fraud fight onto telecoms, tech companies


Trump to hit Anthropic with executive order to remove "woke" AI Claude


Anthropic launches code review tool to check flood of AI-generated code


CrowdStrike reports record quarter amid investor concerns about AI impact


Critical defect in Java security engine poses serious downstream security risks


Gen. Joshua Rudd confirmed as NSA, Cyber Command head


Plankey’s nomination as CISA director now in jeopardy


DOGE employee stole Social Security data and put it on a thumb drive, report says


Taming Agentic Browsers: Vulnerability in Chrome Allowed Extensions to Hijack New Gemini Panel


Cel mai mare exportator român de carne, deținătorul brandului Cocorico, a intrat în restructurări, alături de Casa de Insolvență Transilvania