Podcast
Risky Bulletin
Hosted by Risky Business Media · EN
Regular cybersecurity news updates from the Risky Business team...
394episodes
Episodes
Newest firstAll episodes
Risky Bulletin: Iran to reconnect to the Internet
2d ago00:06:14Summary readyIran will reconnect to the Internet, a new vulnerability lets attackers bypass authentication on AI infrastructure, hackers breach Lithuania’s state registry, security firms take down the Glassworm botnet, and CERT India releases strict patching advice. Show notes Risky Bulletin: BadHost vulnerability bypasses authentication on AI infrastructure
SummaryRisky Bulletin: Mythos has found thousands of critical bugs
4d ago00:08:15Summary readyAnthropic says Mythos has found thousands of critical bugs, hackers leak documents from a Russian disinfo group, GitHub rolls out new npm security features, and Dutch police raid two bulletproof hosting providers. Show notes Risky Bulletin: Mythos has found thousands of critical bugs
SummarySponsored: Teaching AI agents the rules of the road
4d ago00:26:54Summary readyIn this sponsored interview James Wilson chats with Sondera CEO Josh Devon about why guardrails and instruction files aren’t enough to keep AI agents from going haywire. EDR, DLP and other traditional controls can’t and won’t prevent agents from going rogue. Josh explains Sondera’s “principle of least autonomy” for agents: let them do useful work, but put them in a deterministic policy harness so they can’t leak secrets, abuse tools or wander off-task. Show notes
SummaryRisky Bulletin: Microsoft ends SMS MFA for personal accounts
1w ago00:09:00Summary readyMicrosoft ends support for SMS MFA on personal accounts, GitHub was hacked via a malicious VS Code extension, CISA will let researchers submit new KEV entries, and an SMS blaster was detained at Eurovision. Show notes Risky Bulletin: Microsoft ends SMS MFA for personal accounts
SummarySrsly Risky Biz: Politicians ditch Signal for homegrown apps
1w ago00:28:45Summary readyTom Uren and James Wilson talk about moves from several European governments to ditch Signal and set up their own encrypted messaging systems for internal government use. These efforts are motivated by concerns about phishing and sovereignty, but the solutions being adopted are imperfect and will come with their own set of problems. Signal fills a space that can’t be filled with sovereign capability. They also talk about Fast16 malware. We are only now learning about the second arm of a mid-2000s campaign to delay Iran’s nuclear weapons program that included the infamous Stuxnet worm. This episode is also available on YouTube Show notes
SummaryRisky Bulletin: Microsoft takes down crime SaaS used by ransomware gangs
1w ago00:08:50Summary readyMicrosoft disrupts a malware-signing service used by ransomware gangs, a CISA contractor leaks sensitive GovCloud keys, vulnerability exploitation is now the dominant network entry vector, and Drupal readies security updates for a “highly critical” vulnerability. Show notes Risky Bulletin: Microsoft takes down MSaaS used by ransomware gangs
SummaryBetween Two Nerds: Russia's hacker university
1w ago00:29:22Summary readyIn this edition of Between Two Nerds Tom Uren and The Grugq look at Department 4 of Bauman Moscow State Technical University where students learn how to hack for the state. Its curriculum is extremely explicit about how the hacking and propaganda operations are relevant to state operations. They discuss whether this is an advantage for Russia’s cyber program and look at what Western intelligence agencies do instead. This episode is also available on YouTube. Show notes The GRU's Hogwarts Vlodymyr Styran's substack BTN92 with Alex Joske, how the MSS became a cyber juggernaut
SummaryRisky Bulletin: Indonesia emerges as a new hub for cyber scams
2w ago00:10:10Summary readyIndonesia emerges as a new cyber scam hub, Grafana got hacked and held for ransom, the Fast16 malware subverted software used to simulate nuclear explosions, and a new Microsoft Exchange zero-day is under attack. Show notes Risky Bulletin: Indonesia emerges as a new hub for cyber scams
SummarySponsored: Push Security goes AI threat hunting in browser telemetry
2w ago00:14:01Summary readyIn this sponsored interview James Wilson chats with Push Security’s Chief Research Officer Jacques Louw about how the company has integrated an army of AI agents into its threat detection platform. Not only has agentic AI led to the discovery of Install Fix campaigns, but it will help simplify the platform for new customers. Show notes
SummaryRisky Bulletin: Shai-Hulud goes open-source
2w ago00:08:50Summary readyThe source code for the Shai-Hulud worm has been released online, a dark web market admin was charged after a major OPSEC failure, France investigates an Israeli disinfo firm, and ‘Composer’ rushes to fix a GitHub token leak. Show notes Risky Bulletin: Shai-Hulud goes open-source
Summary