Risky Bulletin

May 4, 202631m

In this edition of Between Two Nerds Tom Uren and The Grugq discuss the breakdown of cyber norms. What would have been an unthinkable cyber operation just a few years ago is now a regular occurrence. This episode is also

May 4, 20269m

DigiCert got hacked via a malicious screensaver file, two ransomware negotiators each get four years in prison, Trellix discloses a security breach, and another Russian hacker gets arrested while vacationing in the wrong

May 3, 202624m

In this sponsored interview, James Wilson talks with James Kettle and Daf Stuttard from PortSwigger about the incredible research James will unveil at Black Hat US this July, and how that research will be productised int

May 1, 202613m

The Copy Fail vulnerability impacts all Linux distros going back to 2017, hackers are exploiting a cPanel auth bypass, every Moldovan citizen has their data stolen, and some scam compounds got raided raided… in Dubai. Sh

Apr 30, 202618m

Tom Uren and Amberleigh Jack talk about the US government stepping in to fight ‘distillation attacks’ by Chinese AI labs. These are methods used to steal the special sauce of frontier AI models simply by asking questions

Apr 29, 20268m

Ukrainians hack Russian satellites, Vimeo is being extorted, Greece wants to ban anonymity on social media, and a Scattered Spider hacker was arrested in Finland. Show notes Risky Bulletin: UK NCSC blasts SOC metrics

Apr 27, 202632m

In this edition of Between Two Nerds Tom Uren and The Grugq discuss what the North Korean hack of Drift can tell us about the future of hacking. This episode is also available on YouTube . Show notes Drift Protocol incid

Apr 27, 20268m

A fingerprinting technique can track Tor users, Intellexa had an American exploit provider, the US accuses China of copying its AI, and the US router ban also covers WiFi hotspots. Show notes Risky Bulletin: New fingerpr

Apr 26, 202615m

In this Risky Business sponsored interview Casey Ellis chats to runZero’s founder and CEO HD Moore about runZero’s new release: 4.9. It drops this week and doubles down on OT scanning. Animated world and network maps add

Apr 24, 202611m

Sean Plankey withdraws his CISA Director nomination, Russians hacked the Bundestag President, Discord users gain unauthorised access to Anthropic’s Mythos, and the US sanctions a Cambodian senator for running cyber scam

Apr 23, 202622m

Tom Uren and James Wilson talk about the French criminal investigation into bias and illegal content on X. Elon Musk and former X CEO Linda Yaccarino didn’t appear for voluntary interviews scheduled this week, but refusi

Apr 22, 20269m

A Former FBI official wants terrorism designations for some ransomware groups, China threatens the EU over new cybersecurity regulations, Europe commits to €180 million for a sovereign cloud and a novel data wiper was fo

Apr 20, 202633m

In this edition of Between Two Nerds Tom Uren and The Grugq take a deep dive into how a single hacker used OpenAI and Anthropic’s tools to help hack nine Mexican government organisations in quick time. This episode is al

Apr 20, 202610m

ShinyHunters claim credit for the Vercel hack, a malware strain attempted to sabotage Israel’s water system, the US government wants access to Mythos, and a Supreme Court hacker gets probation. Show notes Risky Bulletin:

Apr 19, 20269m

In this Risky Business sponsor interview, Catalin Cimpanu talks with Sydney Marrone, Head of Threat Hunting at Nebulock, about hunting shadow AI agents on corporate networks. Show notes Sydney Marrone LinkedIn profile Hu

Apr 17, 20269m

NIST says it won’t be enriching most CVEs, Russian hackers tried to disrupt a Swedish power plant, the EU releases its age verification app, and OpenAI announces its own private cyber model. Show notes Risky Bulletin: NI

Apr 16, 202620m

Tom Uren and Amberleigh Jack talk about a new Citizen Lab report into Webloc, a tool to identify and track mobile devices. It demonstrates how the collection and sale of mobile phone geolocation data presents privacy and

Apr 15, 20267m

Researchers find malicious LLM proxy routers, a fake Ledger crypto-wallet on the Mac App Store stole $10 million dollars, a ransomware crew leaks data from 38 law firms, and Google cracks down on back button hijacking. S

Apr 13, 202629m

In this edition of Between Two Nerds Tom Uren and The Grugq discuss how the rise of AI, which is very good at vulnerability and exploit development, will change the cyber security industry and competition between states.

Apr 13, 20266m

France prepares to ditch Windows for Linux, OpenAI was impacted by the Axios supply chain attack, Rockstar Games gets hacked again, and Adobe patches a reader zero-day. Show notes Risky Bulletin: France takes first steps

Apr 12, 202616m

In this sponsored interview, Corelight’s Senior Director of Product Management, Dave Getman, tells James Wilson how Corelight Agentic Triage helps defenders stay ahead of AI-powered attacks. Corelight makes NDR hardware

Apr 10, 20266m

The FBI extracted Signal chats from iPhone notifications logs, Los Angeles police data was leaked online, a former Meta employee is under investigation for downloading private photos, and an Adobe Reader zero-day is bein

Apr 9, 202619m

Tom Uren and Amberleigh Jack talk about the State Department taking to X to counter foreign propaganda. US Secretary of State Marco Rubio dismantled the State Department’s counter-propaganda office when he took charge, b

Apr 8, 20268m

Cybercrime losses surpassed $20 billion last year, authorities disrupt a Russian router botnet that intercepted email logins, Iran hacks PLCs across the US, and exploitation hits ComfyUI and Flowise-AI-servers. Show note

Apr 6, 202626m

In this edition of Between Two Nerds Tom Uren and The Grugq discuss how Iran’s cyber forces have been used during the ongoing war so far. Show notes The Financial Times on the plan to kill Ali Khamenei Israel National Ne