Risky Business

Risky Business #801 -- AI models can hack well now and it's weirding us out

On this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news. Google security engineering VP Heather Adkins drops by to talk about their AI bug hunter, and Risky Business producer Amberleigh Jack makes her main show debut. This episode explores the rise of AI-powered bug hunting: Google’s Project Zero and Deepmind team up to find and report 20 bugs to open source projects The XBOW AI bug hunting platform sees success on HackerOne Is an AI James Kettle on the horizon? There’s also plenty of regular cybersecurity news to discuss: On-prem Sharepoint’s codebase is maintained out of China… awkward! China frets about the US backdooring its NVIDIA chips, how you like ‘dem apples, China? SonicWall advises customers to turn off their VPNs Hardware controlling Dell laptop fingerprint and card readers has nasty driver bugs Russia uses its ISPs to in-the-middle embassy computers and backdoor ‘em. The Russian government pushes VK’s Max messenger for everything This week’s show is sponsored by device management platform Devicie. Head of Solutions Sean Ollerton talks through the impending Windows 10 apocalypse, as Microsoft ends mainstream support. He says Windows 11 isn’t as scary as people make out, but if the update isn’t on your radar now, time is running out. This episode is also available on Youtube. Show notes Google says its AI-based bug hunter found 20 security vulnerabilities | TechCrunch Is XBOW’s success the beginning of the end of human-led bug hunting? Not yet. | CyberScoop James Kettle on X: "There I am being careful to balance hyping my talk without going too far and then this gets published 😂 maybe the countdown timer is just too ominous! Risky Bulletin: China with the accusations again - Risky Business Media 美情报机构频繁对我国防军工领域实施网络攻击窃密 SharePoint Exploit: Microsoft Used China-Based Engineers to Maintain the Software — ProPublica China fears Nvidia chips could track, trace and shut down its AIs - Asia Times SonicWall urges customers to take VPN devices offline after ransomware incidents | The Record from Recorded Future News Gen 7 SonicWall Firewalls – SSLVPN Recent Threat Activity ReVault! When your SoC turns against you… Nearly 100,000 ChatGPT Conversations Were Searchable on Google Microsoft catches Russian hackers targeting foreign embassies - Ars Technica The Kremlin’s Most Devious Hacking Group Is Using Russian ISPs to Plant Spyware | WIRED Frozen in transit: Secret Blizzard’s AiTM campaign against diplomats | Microsoft Security Blog Russia blocks popular US-made internet speed test tool over national security concerns | The Record from Recorded Future News

Soap Box: Why AI can't fix bad security products

In this Soap Box edition of the show Patrick Gray chats with the CEO of email security company Sublime Security, Josh Kamdjou. They talk about where AI is useful, where it isn’t, and why AI can’t save vendors from their bad product design choices. This episode is also available on Youtube. Show notes

Risky Business #800 — The SharePoint bug may have leaked from Microsoft MAPP

On this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news: Did the SharePoint bug leak out of the Microsoft MAPP program? Expel retracts its FIDO bypass writeup The mess surrounding the women-only dating-safety app Tea gets worse Broadcom customers struggle to get patches for VMWare hypervisor escapes Aeroflot gets hacked by the Cyber Partisans, disrupting flights This week’s episode is sponsored by Push Security. Satisfied Push customer Daniel Cuthbert from Santander Bank joins on their behalf. He explains how having telemetry about identity from inside the browser is a key pillar for investigating intrusions in the browser-centric future. This episode is also available on Youtube. Show notes Microsoft Probing Whether Cyber Alert Tipped Off Chinese Hackers Microsoft says Warlock ransomware deployed in SharePoint attacks as governments scramble | The Record from Recorded Future News What we know about the Microsoft SharePoint attacks | Cybersecurity Dive An important update (and apology) on our PoisonSeed blog Tea User Files Class Action After Women’s Safety App Exposes Data A Second Tea Breach Reveals Users’ DMs About Abortions and Cheating Top Lawyer for National Security Agency Is Fired From Help Desk to Hypervisor: Defending Your VMware vSphere Estate from UNC3944 VMware prevents some perpetual license holders from downloading patches Pro-Ukrainian hackers take credit for attack that snarls Russian flight travel - Ars Technica КИБЕРУДАР ПО АЭРОФЛОТУ РФ!v Treasury sanctions North Koreans involved in IT-worker schemes | Cybersecurity Dive Minnesota governor activates National Guard amid St. Paul cyberattack | StateScoop Outage was result of cyberattack, Post Luxembourg says Clorox files $380 million suit blaming Cognizant for 2023 cyberattack | Cybersecurity Dive Cisco network access security platform vulnerabilities under active exploitation | CyberScoop Arizona woman sentenced to 8.5 years for running North Korean laptop farm | The Record from Recorded Future News Cybercrime forum Leak Zone publicly exposed its users' IP addresses | TechCrunch

Risky Business #799 -- Everyone's Sharepoint gets shelled

Risky Biz returns after two weeks off, and there sure is cybersecurity news to catch up on. Patrick Gray and Adam Boileau discuss: Microsoft tried to make outsourcing the Pentagon’s cloud maintenance to China okay (it was not) She shells Sharepoint by the sea-shore (by ‘she’ we mean ‘China’) Four (alleged) Scattered Spider members arrested (and bailed) in the UK Hackers spend $2700 to buy creds for a Brazilian payment system, steal $100M Fortinet has SQLI in the auth header, Citrix mem leak is weaponised, HP hardcodes creds and Sonicwalls get user-moderootkits. Just security vendor things! This week’s episode is sponsored by Airlock Digital. CEO David Cottingham talks through what it takes to build a mature, resilient management platform for a security critical system. This episode is also available on Youtube. Show notes Update on DOD’s cloud services Microsoft to stop using engineers in China for tech support of US military, Hegseth orders review A Little-Known Microsoft Program Could Expose the Defense Department to Chinese Hackers While DOD policy bans unauthorized apps like TikTok from being on employees phones over national security risks Microsoft Fix Targets Attacks on SharePoint Zero-Day – Krebs on Security National Guard was hacked by China's 'Salt Typhoon' group, DHS says Suspected contractor for China’s Hafnium group arrested in in Italy | Cybersecurity Dive Singapore accuses Chinese state-backed hackers of attacking critical infrastructure networks | The Record from Recorded Future News UK Arrests Four in ‘Scattered Spider’ Ransom Group – Krebs on Security Four people bailed after arrests over cyber attacks on M&S, Co-op and Harrods Brazilian police arrest IT worker over $100 million cyber theft | The Record from Recorded Future News At Least 750 US Hospitals Faced Disruptions During Last Year’s CrowdStrike Outage, Study Finds | WIRED Hacker returns cryptocurrency stolen from GMX exchange after $5 million bounty payment | The Record Indian crypto exchange CoinDCX says $44 million stolen from reserves | The Record Chainalysis: $2.17 billion in crypto stolen in first half of 2025, driven by North Korean hacks | The Record PoisonSeed bypassing FIDO keys to ‘fetch’ user accounts Risky Bulletin: Browser extensions hijacked for web scraping botnet A Startup is Selling Data Hacked from Peoples’ Computers to Debt Collectors A surveillance vendor was caught exploiting a new SS7 attack to track people's phone locations | TechCrunch Ukrainian hackers wipe databases at Russia's Gazprom in major cyberattack, intelligence source says File transfer company CrushFTP warns of zero-day exploit seen in the wild | The Record HPE warns of hardcoded passwords in Aruba access points Pre-Auth SQL Injection to RCE - Fortinet FortiWeb Fabric Connector (CVE-2025-25257) Researchers, CISA confirm active exploitation of critical Citrix Netscaler flaw | Cybersecurity Dive Google finds custom backdoor being installed on SonicWall network devices - Ars Technica Hackers Can Remotely Trigger the Brakes on American Trains and the Problem Has Been Ignored for Years

Risky Biz Soap Box: Prowler, the open cloud security platform

In this sponsored Soap Box edition of the Risky Business podcast Patrick Gray chats with Toni de la Fuente, founder of open source multi-cloud security product Prowler. Toni explains how Prowler came to be, and how its journey followed his own learning about the cloud. The pair also discuss Prowler’s successful transition from an open-source project into a community, and now a growing business with an as-a-service platform. This episode is also available on Youtube. Show notes