Episodes

  • Risky Business #843 -- Fortibleed is kinda awesome, actually

    Risky Business #843 -- Fortibleed is kinda awesome, actually
    Jun 24 2026
    On this week’s show special guest co-host Rob Joyce joins Patrick Gray and James Wilson to discuss the week’s cybersecurity news. Rob served as an advisor to Donald Trump during his first term as president and also served at NSA for 34 years. While at the agency, Joyce led Tailored Access Operations (TAO), and later became NSA’s Director of Cybersecurity. They cover: The surprisingly well done Fortibleed campaignStolen Klue OAuth tokens lead to Salesforce data theftOpenAI wants to patch the planetrunZero gets acquired by Accenture, congrats HD Moore!Much, much more! This episode is also available on YouTube. Show notes FortiBleed campaign used custom FortiGate sniffer to steal credentials | BleepingComputerFortiBleed: Fortinet device credential compromise expands into broader credential-attack guidance | unit42.paloaltonetworks.comCybercriminals allegedly hacked tens of thousands of Fortinet firewalls used by major companies all over the world | TechCrunch SecurityKlue OAuth breach linked to 'Icarus' Salesforce data theft attacks | BleepingComputerPolymarket (@Polymarket) on X | X (formerly Twitter)The Korean telecom giant at the center of Anthropic’s Mythos controversy | wrd.cmBeyond Fable: Can a Local LLM Replace Cloud AI for Security Code Reviews - SRLabs Research | SRLabsOpenAI Launches Full-Scale Effort to Patch Open-Source Bugs as It Takes on Anthropic’s Mythos | wired.comSponsored: Trail of Bits and OpenAI patch the planet | Risky BulletinIntel agencies: Frontier AI models will reshape cybersecurity faster than expected | cyberscoop.comEmbedding Forbidden Text in Spyware to Discourage AI Analysis | Schneier on SecurityA new unpatchable flaw in Apple chips opens the door to an iPhone jailbreak | TechCrunch SecurityUSB worm spreads crypto-stealing malware via Windows shortcut files | BleepingComputerAndroid verification is coming: Google confirms timeline and supported app stores | Ars TechnicaCalifornia water utility probes breach claim by Iran-linked actor | Cybersecurity DiveSuspected cyberattack triggers false emergency alerts across parts of Brazil | The RecordTesco moving 40,000 server workloads off VMware amid Broadcom's "abusive conduct" | Ars TechnicaTrump directs federal agencies to protect US data from quantum threats | therecord.mediaAccenture shells out $4.18B on three companies in big industrial cybersecurity push | cyberscoop.com
    Show More Show Less
    1 hr and 4 mins
  • Risky Business #842 -- Anthropic needs an adult in the C suite

    Risky Business #842 -- Anthropic needs an adult in the C suite
    Jun 17 2026
    On this week’s show Patrick Gray, Adam Boileau and James Wilson discuss the week’s cybersecurity news. They cover: Anthropic’s Fable 5 and Mythos 5 get nuked by the US government four days after launch “because security”Why “guardrails” won’t keep the world safe from your AI doomsday machineThe FISA 702 statute expired, but the spying can (probably) continue!NPM v12 delivers some protection against supply chain attacks, but not enough.Microsoft has a series of bugs that prevent Windows Update from … updatingMuch, much more! This episode is also available on YouTube Show notes Anthropic suspends new AI models after government directive | NBC News TechAnthropic rankles users with safety-first Fable release | NBC News TechHow a 90-minute White House deadline sparked Silicon Valley’s biggest AI fight | washingtonpost.comPete Hegseth (@PeteHegseth) on X | X (formerly Twitter)David Sacks (@DavidSacks) on X | X (formerly Twitter)DoW CIO Kirsten Davies (@DoWCIODavies) on X | X (formerly Twitter)David Shulman (@DavidShulmanFL) on X | X (formerly Twitter)Controversial FISA spying law expires tonight. The spying will continue. | Ars TechnicaGitHub announces npm security changes to tackle supply-chain attacks | BleepingComputerWhy NPM v12 won’t stop supply chain attacks - Risky Business Media | Social SignalsOracle PeopleSoft servers hacked in ShinyHunters data theft attacks | BleepingComputerMicrosoft patches Exchange Server zero-day exploited in attacks | BleepingComputerMax severity Ivanti Sentry vulnerability now exploited in attacks | BleepingComputerCISA warns of another cPanel plugin flaw exploited in attacks | BleepingComputerCritical Fortinet FortiSandbox flaws now exploited in attacks | BleepingComputerCISA orders feds to patch actively exploited Ivanti flaw by Sunday | BleepingComputerCISA to require federal agencies to patch some cyber vulnerabilities within 3 days | therecord.mediaPath traversal flaw in AI dev platform Langflow exploited in attacks | BleepingComputerMicrosoft: Some Windows PCs fail to install latest monthly updates | BleepingComputerMicrosoft fixes BitLocker recovery bug on Windows Server 2025 | BleepingComputerMicrosoft fixes Windows update failures linked to WUSA installer | BleepingComputerNew attack turned Microsoft 365 Copilot into 1-click data theft tool | BleepingComputerOver 73,000 French govt employees affected in Tchap messenger breach | BleepingComputerSignal Alums Reveal ‘Encrypted Spaces,’ a System for Making Private Collaboration Apps | wired.comFBI disrupts massive AI-powered phishing service using a million URLs | BleepingComputerCyberattack shuts down major Australian sugar mills, disrupting harvest | The RecordDrug Sites Hijacked Spotify’s Search Ranking Through Fake Podcasts, Report Finds | wired.comIt Is Trivially Easy to Use Reddit to Manipulate AI Search, Research Suggests | 404.feed.pressWho Runs the Ransomware Group ‘The Gentlemen?’ | krebsonsecurity.com:brdKnife: (@cR0w@infosec.exchange) | Infosec Exchange
    Show More Show Less
    1 hr
  • Risky Business #841 -- Microsoft gets owned and 0day'd

    Risky Business #841 -- Microsoft gets owned and 0day'd
    Jun 10 2026
    On this week’s show special guest co-host Chris Wade, the founder of Corellium turned Cellebrite CTO, joins Patrick Gray and James Wilson to discuss the week’s cybersecurity news. They cover: Microsoft has repos owned, GitHub tokens popped, and a new 0day dropped on themMeanwhile, researchers are choosing full disclosure instead of engaging MSRCMeta’s AI support agent allowed a staggering 20,000 accounts to be stolen!Apple pulls Russia’s MAX messenger from the App Store and disables notificationsAnthropic gives the public our first Mythos-class model but it won’t do cybersecurity workStripe and Google Tag Manager used in eCommerce website hack campaignAnd much, much more! This week’s show is brought to you by runZero. HD Moore, runZeros’ founder, drops by in this week’s sponsor interview to talk about the AI vibe shift. Everyone is very worried about getting owned all of a sudden, and it’s really changing the cybersecurity business. This episode is also available on YouTube. Show notes Microsoft Hacked to Deliver Malware to Claude and Gemini Users | 404.feed.pressResearcher publishes GitHub token-stealing exploit, blames Microsoft’s disclosure process | therecord.mediaMicrosoft Defender 'RoguePlanet' zero-day grants SYSTEM privileges | BleepingComputerMicrosoft breaks Patch Tuesday record with 206 vulnerabilities | CyberScoopchompie1337 | XWhatsApp says NSO targeted users with spearfishing attacks in violation of court order | therecord.mediaOver 20,000 Instagram accounts stolen in Meta AI support hack | BleepingComputerNew Apple feature automatically changes your compromised passwords | BleepingComputerApple removes Russia’s state-backed messaging app Max from its store | therecord.mediaExclusive: Anthropic's Mythos can exploit new flaws in hours | Anthropic’s new model is Mythos on a leash | CyberScoopAnthropic Offers Mythos Upgrade for Cyber Partners and a ‘Safe’ Version for the Rest of You | wired.comOpenClaw AI agent found falling for phishing attacks, spills user data | BleepingComputerOpenAI unveils Lockdown Mode to protect sensitive data from prompt injection attacks | TechCrunch SecurityHands on with Intelligent Terminal, an AI-powered Windows Terminal | BleepingComputerSeeking Counsel: Ongoing Targeted Campaign Against US Law Firms | MandiantCheck Point warns of zero-day flaw targeted by ransomware affiliate | Cybersecurity DiveServiceNow discloses security incident exposing customer data | BleepingComputerCredit card theft campaign abuses Stripe to host stolen payment info | BleepingComputerCrowdStrike, Palo Alto Networks defy estimates as AI fuels cyber demand | Cybersecurity DiveThe U.S. Military Quietly Turned GPS Into a Global ‘Numbers Station,’ Evidence Suggests | 404.feed.pressNew 'HTTP/2 Bomb' DoS attack crashes web servers in under a minute | BleepingComputerGoogle has quietly cut staff across its Cloud business | businessinsider.com
    Show More Show Less
    1 hr and 3 mins
  • Soap Box: Detection and response in the AI age

    Soap Box: Detection and response in the AI age
    Jun 5 2026

    In this sponsored Soap Box edition of the Risky Business podcast Patrick Gray chats with Edward Wu, founder of Dropzone, about what AI is doing to detection, response and the SOC more generally.

    Dropzone makes AI agents that conduct alert investigations in your SOC, but will the SOC as we know it even exist in the future?

    Ed has a deep expertise in SOC tech, having previously led AI/ML detection engineering at Extrahop. This interview is a fantastic look at what the future may bring for detection and response professionals.

    This episode is also available on YouTube

    Show notes
      Show More Show Less
      37 mins
    • Risky Business #840 -- Microsoft walks back researcher threats

      Risky Business #840 -- Microsoft walks back researcher threats
      Jun 3 2026
      On this week’s show special guest co-host Andy Boyd joins Patrick Gray and James Wilson to discuss the week’s cybersecurity news. Andy is the CEO of REDLattice, which makes the Paragon “intelligence collection and reconnaissance” solution. They cover: Adversaries are tracking US troop locations with commercially available location dataA new Signal phishing campaign is going after message backups404 Media is suing ICE to get its spyware contract with REDLattice (lol)Microsoft’s tone-deaf response to ‘never justifiable’ zero-day disclosuresMini Shai-Hulud pops up again just as Glassworm gets shatteredMuch, much more This week’s episode is sponsored by Authentik, an open source identity platform that you can host yourself. In this week’s sponsor interview Authentik’s CEO Fletcher Heisler joins Patrick Gray to talk about how they’re keeping up with the bugpocalypse, and also the work they’re doing to support identities for AI agents. This episode is also available on YouTube. Show notes The Pentagon Knew Enemies Could Track Troops’ Phones for Years. Now They Are | wired.comU.S. says troops were targeted with location data, as senator warns ad industry is a ‘national security threat’ | TechCrunch SecurityDOD location data attachment (Wyden) | Risky Business #830 -- LiteLLM and security scanner supply chains compromised | Risky Business MediaUS has seized nearly $1 billion in crypto from Iran, Bessent says | Russia claims foreign spy agencies hacked officials' phones | therecord.mediaHackers are trying to steal Signal users’ backups in new wave of phishing attacks | TechCrunch SecurityWe Sued ICE to Get Its Spyware Contract. The Agency Is Redacting Essentially Everything | Social SignalsMicrosoft calls zero-day releases ‘never justifiable’ as researcher threatens to drop more | therecord.mediaA shared responsibility: Protecting customers through Coordinated Vulnerability Disclosure | Social SignalsMicrosoft says it will not pursue security researchers after zero-day backlash | therecord.mediaIBM’s new $5B initiative will help enterprises rapidly patch open-source vulnerabilities | Social SignalsFederal audit reveals NIST’s NVD is plagued by poor planning and duplication | cyberscoop.comHackers Used Meta’s AI Support Bot to Seize Instagram Accounts | krebsonsecurity.comCritical Windows Netlogon RCE flaw now exploited in attacks | BleepingComputerCISA adds exploited Palo Alto Networks GlobalProtect flaw to KEV | Cybersecurity DivePassword manager Dashlane says hackers stole some customers’ password vaults | TechCrunch SecurityCrowdStrike disrupts Glassworm botnet that preyed on open-source supply chain | cyberscoop.comBotnet of more than 17 million devices dismantled | arstechnica.comChinese-speaking fraud gang could be stealing millions from 2026 World Cup fans | therecord.mediaACCC investigating Olympics ticket scam | ABCDozens of Red Hat packages backdoored through its offical NPM channel | arstechnica.comSolo podcast: A deep dive on TeamPCP - Risky Business Media | Trump administration releases scaled-back AI executive order | cyberscoop.comGoogle security engineer accused of turning confidential search trends into $1.2M win on Polymarket | cyberscoop.com
      Show More Show Less
      1 hr and 6 mins
    • Risky Business #839 -- TeamPCP stole GitHub's internal repos

      Risky Business #839 -- TeamPCP stole GitHub's internal repos
      May 27 2026
      On this week’s show Patrick Gray, Adam Boileau and James Wilson discuss the week’s cybersecurity news. They cover: TeamPCP breached GitHub’s internal repos. Now what?Some absolute plonker glued Coruna to a hijacked npm packageCISA is worried about about open source and wants third party submissions for KEVAI infrastructure is “systemically” insecureMuch, much more This week’s episode is sponsored by allowlisting vendor Airlock Digital. Airlock’s founders David Cottingham and Daniel Schell join Patrick Gray to talk about Microsoft briefly flagging DigitCert’s root certificate as malware. Fun! This episode is also available on YouTube Show notes GitHub confirms being hacked by TeamPCP, says customer data unaffected | therecord.mediaGrafana Labs links GitHub environment breach to TanStack npm supply chain attack | Cybersecurity DiveCoruna Respawned: Compromised art-template npm Package Leads... | SocketCISA chief frets about open-source vulnerabilities, delayed security improvements | cyberscoop.comAnthropic: Mythos finds more than 10,000 software flaws in first month | cyberscoop.comPardon MIE? | ironPeak BlogCISA asks cybersecurity community to alert it to vulnerability exploitation | Cybersecurity DiveLawmakers Demand Answers as CISA Tries to Contain Data Leak | krebsonsecurity.comGoogle publishes exploit code threatening millions of Chromium users | arstechnica.comMillions of AI agents imperiled by critical vulnerability in open source package | arstechnica.comDiscord migrates all users to end-to-end encryption by default | The RecordTexas AG sues Meta over claims that WhatsApp doesn't provide end-to-end encryption | arstechnica.comAlleged Kimwolf Botmaster ‘Dort’ Arrested, Charged in U.S. and Canada | krebsonsecurity.comIran-linked hackers target key US, allied sectors with sophisticated spear-phishing messages | Cybersecurity DiveFBI warns about fast-growing phishing kit targeting Microsoft 365 users | cyberscoop.comAnalyzing the rise in device code phishing attacks in 2026 | Push SecurityTrump Mobile confirms it exposed customers’ personal data, including phone numbers and home addresses | TechCrunch SecurityKash Patel’s clothing brand website shut down after reports it was hacked | TechCrunch SecurityTulsi Gabbard resigns as US director of national intelligence | Social SignalsWhen Certificate Trust Fails: The DigiCert Code-Signing Incident and Microsoft Defender False Positive |
      Show More Show Less
      1 hr
    • Risky Business #838 -- GitHub investigates possible breach

      Risky Business #838 -- GitHub investigates possible breach
      May 20 2026
      On this week’s show Patrick Gray, Adam Boileau and James Wilson discuss the week’s cybersecurity news. They cover: GitHub announced a possible breachCISA leaks important creds, keys in public repoAwful vulnerability in Bitlocker renders it useless without a PINSo. Many. Patches.Polish Government urges officials to ditch Signal for mSzyfrMuch, much more This week’s show is brought to you by Thinkst Canary. Thinkst’s founder, Haroon Meer, is this week’s sponsor guest. He joined James Wilson to talk about how doing “the basics” in security isn’t trivially easy. This episode is also available on YouTube. Show notes GitHub on X: "We are investigating unauthorized access to GitHub’s internal repositories. While we currently have no evidence of impact to customer information stored outside of GitHub’s internal repositories (such as our customers’ enterprises, organizations, and repositories), we are closely" / XCISA Admin Leaked AWS GovCloud Keys on Github – Krebs on SecurityExperts Confirm the Fast16 Malware Was Sabotaging Nuclear Weapons Tests, Likely in IranIran hackers: Hackers have breached tank readers at gas stations; officials suspect Iran is responsible | CNN PoliticsWar and Data Centers Are Driving Up the Cost of Fiber-Optic CableMicrosoft on pace to break annual vulnerability record as AI-driven patch wave takes hold | The Record from Recorded Future NewsNCSC’s Ollie Whitehouse on surviving the "bugpocalypse" - Risky Business MediaDefense at AI speed: Microsoft’s new multi-model agentic security system tops leading industry benchmark | Microsoft Security BlogProject Glasswing: what Mythos showed usLinus Torvalds says AI-powered bug hunters have made Linux security mailing list ‘almost entirely unmanageable’First public macOS kernel memory corruption exploit on Apple M5OpenAI launches Daybreak to combat cyber threats | Cybersecurity DiveZero-day exploit completely defeats default Windows 11 BitLocker protections - Ars TechnicaGitHub - Wack0/bitlocker-attacks: A list of public attacks on BitLocker · GitHubCatalin Cimpanu: "The Polish government has advi…" - MastodonCISA orders all federal agencies to patch exploited bug in Cisco SD-WAN systems by Sunday | The Record from Recorded Future NewsCVE-2026-20182: Critical authentication bypass in Cisco Catalyst SD-WAN Controller (FIXED)Huawei zero-day attack behind last year’s crash of Luxembourg's entire telecoms network | The Record from Recorded Future NewsPatch bypass allows hackers to exploit prior flaw in SonicWall SSL-VPN | Cybersecurity DiveMicrosoft disrupts Fox Tempest malware-signing-as-a-service platform tied to ransomware gangs | The Record from Recorded Future NewsStreamer Realtime Deepfakes Himself into Mr. Beast, Says He Loves 'Touching Little Boys'
      Show More Show Less
      1 hr and 3 mins
    • Soap Box: Where does AI fit into cloud security?

      Soap Box: Where does AI fit into cloud security?
      May 15 2026

      In this sponsored soap box edition of the Risky Business podcast Patrick Gray chats with Toni de la Fuente, the founder of Prowler.

      Prowler started off as a bunch of scripts in a trenchcoat, then became an open source cloud security tool, and it’s now a venture-funded cloud security business. In this interview Toni talks us through how AI is changing the game for him as an open source project owner, and as a vendor. In short, reports of the death of IT and security tooling at the hands of frontier models have been greatly exaggerated.

      This episode is also available on Youtube.

      Show notes
        Show More Show Less
        34 mins