Risky Business

On this week’s show special guest co-host Andy Boyd joins Patrick Gray and James Wilson to discuss the week’s cybersecurity news. Andy is the CEO of REDLattice, which makes the Paragon “intelligence collection and reconnaissance” solution.

They cover:

Adversaries are tracking US troop locations with commercially available location data

A new Signal phishing campaign is going after message backups

404 Media is suing ICE to get its spyware contract with REDLattice (lol)

Microsoft’s tone-deaf response to ‘never justifiable’ zero-day disclosures

Mini Shai-Hulud pops up again just as Glassworm gets shattered

Much, much more

This week’s episode is sponsored by Authentik, an open source identity platform that you can host yourself. In this week’s sponsor interview Authentik’s CEO Fletcher Heisler joins Patrick Gray to talk about how they’re keeping up with the bugpocalypse, and also the work they’re doing to support identities for AI agents.

This episode is also available on YouTube.



Show notes



The Pentagon Knew Enemies Could Track Troops’ Phones for Years. Now They Are | wired.com


U.S. says troops were targeted with location data, as senator warns ad industry is a ‘national security threat’ | TechCrunch Security


DOD location data attachment (Wyden) |


Risky Business #830 -- LiteLLM and security scanner supply chains compromised | Risky Business Media


US has seized nearly $1 billion in crypto from Iran, Bessent says |


Russia claims foreign spy agencies hacked officials' phones | therecord.media


Hackers are trying to steal Signal users’ backups in new wave of phishing attacks | TechCrunch Security


We Sued ICE to Get Its Spyware Contract. The Agency Is Redacting Essentially Everything | Social Signals


Microsoft calls zero-day releases ‘never justifiable’ as researcher threatens to drop more | therecord.media


A shared responsibility: Protecting customers through Coordinated Vulnerability Disclosure | Social Signals


Microsoft says it will not pursue security researchers after zero-day backlash | therecord.media


IBM’s new $5B initiative will help enterprises rapidly patch open-source vulnerabilities | Social Signals


Federal audit reveals NIST’s NVD is plagued by poor planning and duplication | cyberscoop.com


Hackers Used Meta’s AI Support Bot to Seize Instagram Accounts | krebsonsecurity.com


Critical Windows Netlogon RCE flaw now exploited in attacks | BleepingComputer


CISA adds exploited Palo Alto Networks GlobalProtect flaw to KEV | Cybersecurity Dive


Password manager Dashlane says hackers stole some customers’ password vaults | TechCrunch Security


CrowdStrike disrupts Glassworm botnet that preyed on open-source supply chain | cyberscoop.com


Botnet of more than 17 million devices dismantled | arstechnica.com


Chinese-speaking fraud gang could be stealing millions from 2026 World Cup fans | therecord.media


ACCC investigating Olympics ticket scam | ABC


Dozens of Red Hat packages backdoored through its offical NPM channel | arstechnica.com


Solo podcast: A deep dive on TeamPCP - Risky Business Media |


Trump administration releases scaled-back AI executive order | cyberscoop.com


Google security engineer accused of turning confidential search trends into $1.2M win on Polymarket | cyberscoop.com

On this week’s show Patrick Gray, Adam Boileau and James Wilson discuss the week’s cybersecurity news. They cover:

TeamPCP breached GitHub’s internal repos. Now what?

Some absolute plonker glued Coruna to a hijacked npm package

CISA is worried about about open source and wants third party submissions for KEV

AI infrastructure is “systemically” insecure

Much, much more

This week’s episode is sponsored by allowlisting vendor Airlock Digital. Airlock’s founders David Cottingham and Daniel Schell join Patrick Gray to talk about Microsoft briefly flagging DigitCert’s root certificate as malware. Fun!

This episode is also available on YouTube



Show notes



GitHub confirms being hacked by TeamPCP, says customer data unaffected | therecord.media


Grafana Labs links GitHub environment breach to TanStack npm supply chain attack | Cybersecurity Dive


Coruna Respawned: Compromised art-template npm Package Leads... | Socket


CISA chief frets about open-source vulnerabilities, delayed security improvements | cyberscoop.com


Anthropic: Mythos finds more than 10,000 software flaws in first month | cyberscoop.com


Pardon MIE? | ironPeak Blog


CISA asks cybersecurity community to alert it to vulnerability exploitation | Cybersecurity Dive


Lawmakers Demand Answers as CISA Tries to Contain Data Leak | krebsonsecurity.com


Google publishes exploit code threatening millions of Chromium users | arstechnica.com


Millions of AI agents imperiled by critical vulnerability in open source package | arstechnica.com


Discord migrates all users to end-to-end encryption by default | The Record


Texas AG sues Meta over claims that WhatsApp doesn't provide end-to-end encryption | arstechnica.com


Alleged Kimwolf Botmaster ‘Dort’ Arrested, Charged in U.S. and Canada | krebsonsecurity.com


Iran-linked hackers target key US, allied sectors with sophisticated spear-phishing messages | Cybersecurity Dive


FBI warns about fast-growing phishing kit targeting Microsoft 365 users | cyberscoop.com


Analyzing the rise in device code phishing attacks in 2026 | Push Security


Trump Mobile confirms it exposed customers’ personal data, including phone numbers and home addresses | TechCrunch Security


Kash Patel’s clothing brand website shut down after reports it was hacked | TechCrunch Security


Tulsi Gabbard resigns as US director of national intelligence | Social Signals


When Certificate Trust Fails: The DigiCert Code-Signing Incident and Microsoft Defender False Positive |

On this week’s show Patrick Gray, Adam Boileau and James Wilson discuss the week’s cybersecurity news.

They cover:

GitHub announced a possible breach

CISA leaks important creds, keys in public repo

Awful vulnerability in Bitlocker renders it useless without a PIN

So. Many. Patches.

Polish Government urges officials to ditch Signal for mSzyfr

Much, much more

This week’s show is brought to you by Thinkst Canary. Thinkst’s founder, Haroon Meer, is this week’s sponsor guest. He joined James Wilson to talk about how doing “the basics” in security isn’t trivially easy.

This episode is also available on YouTube.



Show notes



GitHub on X: "We are investigating unauthorized access to GitHub’s internal repositories. While we currently have no evidence of impact to customer information stored outside of GitHub’s internal repositories (such as our customers’ enterprises, organizations, and repositories), we are closely" / X


CISA Admin Leaked AWS GovCloud Keys on Github – Krebs on Security


Experts Confirm the Fast16 Malware Was Sabotaging Nuclear Weapons Tests, Likely in Iran


Iran hackers: Hackers have breached tank readers at gas stations; officials suspect Iran is responsible | CNN Politics


War and Data Centers Are Driving Up the Cost of Fiber-Optic Cable


Microsoft on pace to break annual vulnerability record as AI-driven patch wave takes hold | The Record from Recorded Future News


NCSC’s Ollie Whitehouse on surviving the "bugpocalypse" - Risky Business Media


Defense at AI speed: Microsoft’s new multi-model agentic security system tops leading industry benchmark | Microsoft Security Blog


Project Glasswing: what Mythos showed us


Linus Torvalds says AI-powered bug hunters have made Linux security mailing list ‘almost entirely unmanageable’


First public macOS kernel memory corruption exploit on Apple M5


OpenAI launches Daybreak to combat cyber threats | Cybersecurity Dive


Zero-day exploit completely defeats default Windows 11 BitLocker protections - Ars Technica


GitHub - Wack0/bitlocker-attacks: A list of public attacks on BitLocker · GitHub


Catalin Cimpanu: "The Polish government has advi…" - Mastodon


CISA orders all federal agencies to patch exploited bug in Cisco SD-WAN systems by Sunday | The Record from Recorded Future News


CVE-2026-20182: Critical authentication bypass in Cisco Catalyst SD-WAN Controller (FIXED)


Huawei zero-day attack behind last year’s crash of Luxembourg's entire telecoms network | The Record from Recorded Future News


Patch bypass allows hackers to exploit prior flaw in SonicWall SSL-VPN | Cybersecurity Dive


Microsoft disrupts Fox Tempest malware-signing-as-a-service platform tied to ransomware gangs | The Record from Recorded Future News


Streamer Realtime Deepfakes Himself into Mr. Beast, Says He Loves 'Touching Little Boys'

In this sponsored soap box edition of the Risky Business podcast Patrick Gray chats with Toni de la Fuente, the founder of Prowler.

Prowler started off as a bunch of scripts in a trenchcoat, then became an open source cloud security tool, and it’s now a venture-funded cloud security business. In this interview Toni talks us through how AI is changing the game for him as an open source project owner, and as a vendor. In short, reports of the death of IT and security tooling at the hands of frontier models have been greatly exaggerated.

This episode is also available on Youtube.



Show notes

On this week’s show Patrick Gray, Adam Boileau and James Wilson discuss the week’s cybersecurity news.

They cover:

Mini Shai-Hulud and the TanStack compromise using Github Actions

Instructure pays Canvas elearning platform data extortionists

More Linux privilege escalation 0days!

CISA helping critical infrastructure operators rearchitect their networks so they work offline

This week’s episode is sponsored by email security platform Sublime Security. Bobby Filar chats with Patrick about how agentic AI is being evaluated by buyers in a marketplace that’s experiencing “AI fatigue”.

This episode is also available on Youtube.



Show notes



‘Mini Shai-Hulud’ malware compromises hundreds of open-source packages in sprawling supply-chain attack | CyberScoop


Hardening TanStack After the npm Compromise | TanStack Blog


Canvas Breach Disrupts Schools & Colleges Nationwide – Krebs on Security


Instructure pays ransom after Canvas incident as Congress announces investigation | The Record from Recorded Future News


When DNSSEC goes wrong: how we responded to the .de TLD outage


Adversaries Leverage AI for Vulnerability Exploitation, Augmented Operations, and Initial Access | Google Cloud Blog


Mythos smythos! How to find 0day with lesser models - Risky Business Media


GitHub - V4bel/dirtyfrag · GitHub


retr0.zip


NVD - CVE-2026-42511


Flaw in Claude’s Chrome extension allowed ‘any’ other plugin to hijack victims’ AI | CyberScoop


Ivanti customers confront yet another actively exploited zero-day | CyberScoop


Palo Alto warns of critical software bug used in firewall attacks | The Record from Recorded Future News


Where Have All the Complex Windows Malware and Their Analyses Gone?


Meet Rassvet, Russia’s Answer to Starlink | WIRED


DOJ says ransomware gang tapped into Russian government databases | TechCrunch


Iranian government hackers using Chaos ransomware as cover, researchers say | The Record from Recorded Future News


Foxconn confirms cyberattack impacting North American factories | The Record from Recorded Future News


New CISA initiative aims for critical infrastructure to operate offline during cyberattacks | The Record from Recorded Future News


‘HELLO BOSS’: Inside the Chinese Realtime Deepfake Software Powering Scams Around the World


How to Disable Google's Gemini in Chrome | WIRED


FCC pushes ban on security updates for foreign-made routers, drones to 2029 | The Record from Recorded Future News