app_store_button

google_play_button

is Device Banner Block 894x1036

Stígðu inn í heim af óteljandi sögum

Hlustaðu og lestu

Patrick Gray

Risky Business is a weekly information security podcast featuring news and in-depth interviews with industry luminaries. Launched in February 2007, Risky Business is a must-listen digest for information security pros. With a running time of approximately 50-60 minutes, Risky Business is pacy; a security podcast without the waffle.

Risky Business

In this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news, including:

 • China has been rummaging in F5’s networks for a couple of years

 • Meanwhile China tries to deflect by accusing the NSA of hacking its national timing system

 • Salesforce hackers use their stolen data trove to dox NSA, ICE employees

 • Crypto stealing, proxy-deploying, blockchain-C2-ing VS Code worm charms us with its chutzpah

 • Adam gets humbled by new Linux-capabilities backdoor trick

 • Microsoft ignores its own guidance on avoiding BinaryFormatter, gets WSUS owned.

This episode is sponsored by Push Security. Co-founder and Chief Product Officer Jacques Louw joins to talk through how Push traced a LinkedIn phishing campaign targeting CEOs, and the new logging capabilities that proved critical to understanding it.

This episode is also available on Youtube.

 
 
 Show notes
 
 
 Why the F5 Hack Created an ‘Imminent Threat’ for Thousands of Networks | WIRED
 
 Breach at US-based cybersecurity provider F5 blamed on China, sources say | Reuters
 
 Network security devices endanger orgs with ’90s era flaws | CSO Online
 
 China claims it caught US attempting cyberattack on national time center | The Record from Recorded Future News
 
 Hackers Dox Hundreds of DHS, ICE, FBI, and DOJ Officials
 
 Hackers Say They Have Personal Data of Thousands of NSA and Other Government Officials
 
 ICE amps up its surveillance powers, targeting immigrants and antifa - The Washington Post
 
 John Bolton Indictment Provides Interesting Details About Hack of His AOL Account and Extortion Attempt
 
 US court orders spyware company NSO to stop targeting WhatsApp, reduces damages | Reuters
 
 Apple alerts exploit developer that his iPhone was targeted with government spyware | TechCrunch
 
 A New Attack Lets Hackers Steal 2-Factor Authentication Codes From Android Phones | WIRED
 
 GlassWorm: First Self-Propagating Worm Using Invisible Code Hits OpenVSX Marketplace | Koi Blog
 
 European police bust network selling thousands of phone numbers to scammers | The Record from Recorded Future News
 
 Stephan Berger on X: "We recently took over an APT investigation from another forensic company. While reviewing analysis reports from the other company, we discovered that the attackers had been active in the network for months and had deployed multiple backdoors. One way they could regain root" / X
 
 Linux Capabilities Revisited | dfir.ch
 
 CVE-2025-59287 WSUS Remote Code Execution | HawkTrace
 
 TARmageddon (CVE-2025-62518): RCE Vulnerability Highlights the Challenges of Open Source Abandonware | Edera Blog
 
 Browser threat detection & response | Push Security | Push Security
 
 How Push stopped a high risk LinkedIn spear-phishing attack

Risky Business #811 -- F5 is the tip of the crap software iceberg

In this edition of the Wide World of Cyber podcast Patrick Gray talks to Chris Krebs and Alex Stamos about the F5 incident. They talk about what happened, whether it’s a big deal, and why private equity ownership of mid-tier cybersecurity companies is often a red flag.

 
 
 Show notes

Wide World of Cyber: A deep dive on the F5 hack

In this sponsored Soap Box edition of the Risky Business podcast, host Patrick Gray chats with Mastercard’s Executive Vice President and Head of Security Solutions, Johan Gerber, about how the card brand thinks about cybersecurity and why it’s aggressively investing in the space.

After listening to this interview you’ll understand why the credit card company spent $2.65b on threat intelligence vendor Recorded Future!

This episode is also available on Youtube.

 
 
 Show notes

Risky Biz Soap Box: Why Mastercard is scaling its cybersecurity business

In this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news, including:

 • FBI intervenes in Scattered Spider Salesforce leaksite

 • Clop loots Oracle E-Biz deployments

 • Plus so much more data extortion.. At least it’s not ransomware … we guess?

 • The US still can’t decide who’s gonna be in charge of NSA & Cybercom

 • Cambodian scam compounds get sanctioned and $15b in crypto is seized

 • NSO gets sold for pocket-lint-grade money

 • Bugs! Redis CVSS 10, Ivanti, Crowdstrike and… Internet Explorer?! zeroday?! In the wild?!!!?

This week’s episode is sponsored by Stairwell. Founder Mike Wiacek talks about how Stairwell brings VirusTotal-like visibility to private files, and about integrating the insights that brings into your SOC workflow.

This episode is also available on Youtube.

 
 
 Show notes
 
 
 FBI takedown banner appears on BreachForums site as Scattered Spider promotes leak | The Record from Recorded Future News
 
 Dozens of Oracle customers impacted by Clop data theft for extortion campaign | CyberScoop
 
 Well, Well, Well. It’s Another Day. (Oracle E-Business Suite Pre-Auth RCE Chain - CVE-2025-61882)
 
 Clop is a Big Fish, But Not Worth Hunting - Risky Business Media
 
 ShinyHunters Wage Broad Corporate Extortion Spree – Krebs on Security
 
 The company Discord blamed for its recent breach says it wasn't hacked
 
 Qantas confirms cybercriminals released stolen customer data | The Record from Recorded Future News
 
 Red Hat confirms breach of GitLab instance, which stored company’s consulting data | CyberScoop
 
 Risky Bulletin: Microsoft revamps Edge's "IE Mode" after zero-day attacks - Risky Business Media
 
 Teenagers arrested in England over cyberattack on nursery chain Kido | The Record from Recorded Future News
 
 Acting US Cyber Command, NSA chief won’t be nominated for the job, sources say | The Record from Recorded Future News
 
 Layoffs, reassignments further deplete CISA | Cybersecurity Dive
 
 Trump’s scandalous directive to AG Pam Bondi reached the public by accident
 
 Feds sanction Cambodian conglomerate over cyber scams, seize $15 billion from chairman | The Record from Recorded Future News
 
 US Congress committee investigating Musk-owned Starlink over Myanmar scam centres | Myanmar | The Guardian
 
 Satellites Are Leaking the World’s Secrets: Calls, Texts, Military and Corporate Data | WIRED
 
 Netherlands invokes special powers against Chinese-owned semiconductor company Nexperia | The Record from Recorded Future News
 
 Spyware maker NSO Group confirms acquisition by US investors | TechCrunch
 
 Apple Announces $2 Million Bug Bounty Reward for the Most Dangerous Exploits | WIRED
 
 Wiz Finds Critical Redis RCE Vulnerability: CVE‑2025‑49844 | Wiz Blog
 
 SonicWall admits attacker accessed all customer firewall configurations stored on cloud portal | CyberScoop
 
 SonicWall SSLVPN devices compromised using valid credentials | Cybersecurity Dive
 
 Issues Affecting CrowdStrike Falcon Sensor for Windows
 
 ZDI Drops 13 Unpatched Ivanti Endpoint Manager Vulnerabilities - SecurityWeek
 
 Jaguar Land Rover launches phased restart at factories after cyber-attack | Jaguar Land Rover | The Guardian
 
 Windows 10 support ends today — here's who's affected and what you need to do

Risky Business #810 -- Data extortion attacks have a silver lining

In this edition of the Snake Oilers podcast, three vendors pop in to pitch you all on their wares:

 Realm Security • : A security focussed, AI-first data pipeline platform

 Horizon3 • : AI hackers! Pentesting robots!! They’re coming fer yur jerbs!

 Persona • : Verify customer and staff identities with live capture

This episode is also available on Youtube.

 
 
 Show notes

Snake Oilers: Realm Security, Horizon3 and Persona

On this week’s show Patrick Gray is on holiday so Amberleigh Jack and Adam Boileau hijack the studio to discuss the week’s cybersecurity news, including:

 • Hackers learn that trying to coerce a journalist just makes for … a great story?

 • A man in his 40s gets arrested over the European airport chaos. Yep, we’re surprised, too.

 • Adam fanboys over Watchtowr Labs while bemoaning Fortra.

 • Academics pick apart Tile trackers and find them lacking

 • CISA tells agencies to patch their damn Cisco gear

This episode is also available on YouTube.

 
 
 Show notes
 
 
 'You'll never need to work again': Criminals offer reporter money to hack BBC
 
 Government to guarantee £1.5bn Jaguar Land Rover loan after cyber shutdown
 
 Feds Tie ‘Scattered Spider’ Duo to $115M in Ransoms – Krebs on Security
 
 UK authorities arrest man in connection with cyberattack against aviation vendor | Cybersecurity Dive
 
 Chinese scammer pleads guilty after UK seizes nearly $7 billion in bitcoin
 
 Cyberattack on Japanese beer giant Asahi limits shipping, call center operations | The Record from Recorded Future News
 
 Afghanistan plunged into nationwide internet blackout, disrupting air travel, medical care | The Record from Recorded Future News
 
 Tile trackers are a stalker's dream, say Georgia Tech researchers
 
 Intel and AMD trusted enclaves, the backbone of network security, fall to physical attacks - Ars Technica
 
 Supermicro server motherboards can be infected with unremovable malware - Ars Technica
 
 China-linked hackers use ‘BRICKSTORM’ backdoor to steal IP | The Record from Recorded Future News
 
 Another BRICKSTORM: Stealthy Backdoor Enabling Espionage into Tech and Legal Sectors
 
 Federal agencies given one day to patch exploited Cisco firewall bugs | The Record from Recorded Future News
 
 Cisco IOS and IOS XE Software SNMP Denial of Service and Remote Code Execution Vulnerability
 
 Is This Bad? This Feels Bad. (Fortra GoAnywhere CVE-2025-10035)
 
 It Is Bad (Exploitation of Fortra GoAnywhere MFT CVE-2025-10035) - Part 2

Risky Business #809 -- Hackers try to pay a journalist for access to the BBC

On this week’s show Patrick Gray and special guest Rob Joyce discuss the week’s cybersecurity news, including:

 • Secret Service raids a SIM farm in New York

 • MI6 launches a dark web portal

 • Are the 2023 Scattered Spider kids finally getting their comeuppance?

 • Production halt continues for Jaguar Land Rover

 • GitHub tightens its security after Shai-Hulud worm

This week’s episode is sponsored by Sublime Security. In this week’s sponsor interview, Sublime founder and CEO Josh Kamdjou joins host Patrick Gray to chat about the pros and cons of using agentic AI in an email security platform.

This episode is also available on YouTube

 
 
 Show notes
 
 
 U.S. Secret Service disrupts telecom network that threatened NYC during U.N. General Assembly
 
 MI6 launches darkweb portal to recruit foreign spies | The Record from Recorded Future News
 
 One Token to rule them all - obtaining Global Admin in every Entra ID tenant via Actor tokens | dirkjanm.io
 
 Github npm changes
 
 Flights across Europe delayed after cyberattack targets third-party vendor | Cybersecurity Dive
 
 Major European airports work to restore services after cyberattack on check-in systems | The Record from Recorded Future News
 
 When “Goodbye” isn’t the end: Scattered LAPSUS$ Hunters hack on | DataBreaches.Net
 
 UK arrests 2 more alleged Scattered Spider hackers over London transit system breach | Cybersecurity Dive
 
 Alleged Scattered Spider member turns self in to Las Vegas police | The Record from Recorded Future News
 
 Las Vegas police arrest minor accused of high-profile 2023 casino attacks | CyberScoop
 
 DOJ: Scattered Spider took $115 million in ransoms, breached a US court system | The Record from Recorded Future News
 
 vx-underground on X: "Scattered Spider ransoms company for 964BTC - wtf_thats_alot.jpeg - Document says "Cost of BTC at time was $36M" - $36M / 964BTC = $37.5K - BTC value was $37.5K in November, 2023 - Google "Ransomware, November, 2023" - omfg.exe https://t.co/uv2EzbL5HT" | X
 
 JLR ‘cyber shockwave ripping through UK industry’ as supplier share price plummets by 55% | The Record from Recorded Future News
 
 Jaguar Land Rover to extend production pause into October following cyberattack | Cybersecurity Dive
 
 New plan would give Congress another 18 months to revisit Section 702 surveillance powers | The Record from Recorded Future News
 
 AI-powered vulnerability detection will make things worse, not better, former US cyber official warns | Cybersecurity Dive

Risky Business #808 -- Insane megabug in Entra left all tenants exposed

On this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news, including:

 • Shai-Hulud worm propagates via npm and steals credentials

 • Jaguar Land Rover attack may put smaller suppliers out of business

 • Leaked data emerges from the vendor behind the Great Firewall of China

 • Vastaamo hacker walks free while appeal is underway

 • Why is a senator so mad about Kerberos?

This week’s episode is sponsored by Knocknoc. Chief exec Adam Pointon joins to talk through the surprising number of customers that are using Knocknoc’s identity-to-firewall glue to protect internal services and networks.

This week’s episode is also available on Youtube.

 
 
 Show notes
 
 
 Self-Replicating Worm Hits 180+ Software Packages – Krebs on Security
 
 Jaguar Land Rover: Some suppliers 'face bankruptcy' due to hack crisis
 
 Jaguar Land Rover production shutdown could last until November
 
 U.S. Investors, Trump Close In on TikTok Deal With China - WSJ
 
 U.S. Investors, Trump Close In on TikTok Deal With China - WSJ
 
 How China’s Propaganda and Surveillance Systems Really Operate | WIRED
 
 Mythical Beasts: Diving into the depths of the global spyware market - Atlantic Council
 
 Hacker convicted of extorting 20,000 psychotherapy victims walks free during appeal | The Record from Recorded Future News
 
 US national charged in Finnish psychotherapy center extortion | The Record from Recorded Future News
 
 BreachForums administrator given three-year prison stint after resentencing | The Record from Recorded Future News
 
 Microsoft, Cloudflare disrupt RaccoonO365 credential stealing tool run by Nigerian national | The Record from Recorded Future News
 
 Senator blasts Microsoft for making default Windows vulnerable to “Kerberoasting” - Ars Technica
 
 Exclusive: US warns hidden radios may be embedded in solar-powered highway infrastructure | Reuters
 
 Israel announces seizure of $1.5M from crypto wallets tied to Iran | TechCrunch

Risky Business #807 -- Shai-Hulud npm worm wreaks old-school havoc

In this sponsored Soap Box edition of the Risky Business podcast, industry legend HD Moore joins the show to talk about runZero’s major push into vulnerability management.

With its new Nuclei integration, runZero is now able to get a very accurate picture of what’s vulnerable in your environment, without spraying highly privileged credentials at attackers on your network.

It can also integrate with your EDR platform, and other data sources, to give you powerful visibility into the true state of things on your network and in your cloud.

This episode is also available on Youtube.

 
 
 Show notes

Risky Biz Soap Box: runZero shakes up vulnerability management

On this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news, including:

 • Apple ruins exploit developers’ week with fresh memory corruption mitigations

 • Feross Aboukhadijeh drops by to talk about the big, dumb npm supply chain attack

 • Salesloft says its GitHub was the initial entry point for its compromise

 • Sitecore says people should “patch” its using-the-keymat-from-the-documentation “zero day”

 • Rogue certs for 1.1.1.1 appear to be just (stupid) testing

 • Jaguar Land Rover ransomware attackers are courting trouble

This week’s episode is sponsored by open source cloud security tool, Prowler. Founder Toni de la Fuente joins to discuss their new support for Microsoft 365. Time to point Prowler at your OneDrive and Sharepoint!

This episode is also available on Youtube.

 
 
 Show notes
 
 
 Blog - Memory Integrity Enforcement: A complete vision for memory safety in Apple devices - Apple Security Research
 
 Venezuela's president thinks American spies can't hack Huawei phones | TechCrunch
 
 18 Popular Code Packages Hacked, Rigged to Steal Crypto – Krebs on Security
 
 Software packages with more than 2 billion weekly downloads hit in supply-chain attack - Ars Technica
 
 Salesloft platform integration restored after probe reveals monthslong GitHub account compromise | Cybersecurity Dive
 
 CISA orders federal agencies to patch Sitecore zero-day following hacking reports | The Record from Recorded Future News
 
 SAP warns of high-severity vulnerabilities in multiple products - Ars Technica
 
 The number of mis-issued 1.1.1.1 certificates grows. Here’s the latest. - Ars Technica
 
 Cyberattack on Jaguar Land Rover threatens to hit British economic growth | The Record from Recorded Future News
 
 Cyberattack forces Jaguar Land Rover to tell staff to stay at home | The Record from Recorded Future News
 
 Bridgestone Americas continues probe as it looks to restore operations | Cybersecurity Dive
 
 Qantas penalizes executives for July cyberattack | The Record from Recorded Future News
 
 Cyber Command, NSA to remain under single leader as officials shelve plan to end 'dual hat' | The Record from Recorded Future News
 
 GOP Cries Censorship Over Spam Filters That Work – Krebs on Security
 
 Risky Bulletin: APT report? No, just a phishing test! - Risky Business Media
 
 Post by @patrick.risky.biz — Bluesky

Risky Business #806 -- Apple's Memory Integrity Enforcement is a big deal

In this wholly sponsored Soap Box edition of the show, Patrick Gray chats with Adam Bateman and Luke Jennings from Push Security.

Push has built an identity security platform that collects identity information and events from your users’ browsers. It can detect phish kits and shut down phishing attempts, protect SSO credentials, and find shadow/personal account that a user has spun up.

It’s extremely difficult to bypass. That’s because when you’re in the browser it doesn’t matter how a phishing link arrives, or how a threat actor has concealed it from your detection stack – if the user sees it, Push sees it.

There are solutions for protecting your users SSO credentials, like passkeys. But what about all the SaaS in your environment? Even if it’s enrolled into your SSO, are you sure that’s how your users are authenticating to it? What about the automation platforms your developers and admins use? What about data platforms like Snowflake? Are your using setting up passkeys for those accounts? How would you know, and what problems can it cause if those accounts are vulnerable?

This is a fun one!

This episode is also available on Youtube.

 
 
 Show notes

Risky Biz Soap Box: Push Security's browser-first twist on identity security

Hlustaðu og lestu

Other podcasts you might like ...