
Risky Bulletin
172 episodes — Page 2 of 4
Risky Bulletin: Ukrainians hacked Russian satellite comms platform
Between Two Nerds: Hackers from the future
Risky Bulletin: New fingerprinting technique can track Tor users
Sponsored: RunZero accidentally got good at OT
Risky Bulletin: Sean Plankey withdraws CISA nomination
Srsly Risky Biz: Musk snubs French authorities
Risky Bulletin: Former FBI official calls for terrorism designations for ransomware groups that target hospitals
Between Two Nerds: AI as the mythical 10x hacker
Risky Bulletin: ShinyHunters claim credit for Vercel hack
Sponsored: Nebulock on hunting shadow AI
Risky Bulletin: NIST gives up enriching most CVEs
Srsly Risky Biz: Time to ban sale of precise geolocation data
Risky Bulletin: Malicious LLM proxy routers found in the wild
Between Two Nerds: How AI will upset state cyber competition
Risky Bulletin: France takes first steps to ditch Windows for Linux
Sponsored: Corelight Agentic Triage helps defenders stay ahead
Risky Bulletin: FBI extracted Signal chats from iPhone notifications logs
Srsly Risky Biz: American diplomats to fight foreign propaganda... on X
Risky Bulletin: Cybercrime losses passed $20 billion last year
Between Two Nerds: Make cyber, not war
Risky Bulletin: New Cambodian law will put scam compound operators in prison for life
Sponsored: Application allowlisting, but not as you know it
Risky Bulletin: Russia will revoke licenses for unruly ISPs
Russia wants to revoke small ISP licenses, a cyberattack has disrupted access to US newspaper archives, Node.js pauses bug bounty program after its funding lapses and Apple backports patches for DarkSword. Show notes Risky Bulletin: Russia will revoke licenses for unruly ISPs
Srsly Risky Biz: America's next top (cyber) model
Tom Uren and Amberleigh Jack talk about how incredibly good AI models have gotten at finding and exploiting vulnerabilities. That will upend the cyber security industry and it has implications for state cyber organisations such as NSA and Cyber Command. They also discuss how broadband wireless communications links are critical in the war in Ukraine. After losing access to Starlink, Russian forces are doubling down on using equipment from American company Ubiquiti. This episode is also available on Youtube. Show notes
Risky Bulletin: Iranian password sprays came first, then came the missiles
Iranian password spraying targets Israel ahead of missile strikes, a major npm package gets hacked, Iran says it will bomb US tech firms in the Middle East, and Flint24 hackers are sentenced to prison in Russia. Show notes Risky Bulletin: Iranian password sprays came first, then came the missiles
Between Two Nerds: More secure but less safe
In this edition of Between Two Nerds Tom Uren and The Grugq talk about hacking and scams. While hacking is disappearing as a threat for most people, it is a new golden age for scammers. Even Tom has been scammed! This episode is also available on Youtube. Show notes We Are All Targets, How Renegade Hackers Invented Cyber War and Unleashed an Age of Global Chaos The $1.25 million scam
Risky Bulletin: Apple adds ClickFix warning to macOS terminal
Apple adds a ClickFix warning to macOS, Handala hacks Kash Patel’s personal email, Balancer crypto platform shuts down after last year’s hack, and the EU proposes a ban on AI nudify apps. Show notes Risky Bulletin: Apple adds ClickFix warning to macOS terminal
Sponsored: AI is making old school prevention cool again
In this Risky Business sponsored interview, James Wilson chats with Adam Pointon, CEO of Knocknoc, about how AI is making old school security controls and paradigms like deny-by-default cool again. Today, patches are being reversed by AI systems into exploits in a matter of hours. The days of being able to rely on timely patching as a primary control are over. James talks to Adam about this new reality and how Knocknoc can help. Show notes
Risky Bulletin: Russia to use custom crypto-algorithm for its 5G network
Russia will use a custom crypto-algorithm for its 5G network, the Hungarian opposition accuses the government of using spyware, Kaspersky says it tied Coruna to the “Operation Triangulation” attacks, and malware was deployed on thousands of Luxembourg government phones. Show notes Risky Bulletin: Russia to use custom crypto-algorithm for its 5G network
Srsly Risky Biz: Why get a warrant when you have Kash?
Tom Uren and Amberleigh Jack talk about FBI Director Kash Patel admitting to Congress that the Bureau is buying American’s location data and using it to generate valuable intelligence. That’s concerning, because commercially available information can be used in tremendously invasive ways and the FBI can buy it without needing a warrant. They also discuss the FCC’s surprising move to ban foreign-made consumer routers. It’s not about security, it is just about reshoring manufacturing. And finally they discuss the Trump administration’s plan for unleashing the private sector. This episode is also available on Youtube. Show notes
Risky Bulletin: The CEO of Intellexa is big mad at Greece
Intellexa’s CEO is angry with Greek authorities, the FTC bans new foreign-made routers, Google launches a threat disruption unit, and German police warned companies about software bugs… in the middle of the night. Show notes Risky Bulletin: The Intellexa CEO is pissed!!!
Between Two Nerds: Its raining iOS exploit kits!
In this edition of Between Two Nerds Tom Uren and The Grugq discuss how Google just keeps on finding iOS exploit kits. Is iPhone security busted? And why are Russian state hackers after crypto? This episode is also available on Youtube. Show notes Google on Coruna Google on DarkSword iVerify on DarkSword Lookout on DarkSword Coruna deep dive
Risky Bulletin: Russia's Signal phishing nets thousands of accounts
Russian intelligence services compromised thousands of Signal accounts, the Trivy vulnerability scanner is abused in a supply chain attack, Oracle issues an out-of-band patch for its Fusion Middleware, and the FBI takes down the Aisuru and Kimwolf botnets. Show notes Risky Bulletin: GitHub is starting to have a real malware problem
Sponsored: What is Extended Identity Access Management?
In this Risky Business sponsored interview, Casey Ellis chats to Fletcher Heisler, founder and CEO of open source identity provider, Authentik. They chat about Extended Identity Access Management (XIAM), the company’s new acronym that has been seven years in the making. Show notes
Risky Bulletin: Second iOS hacking framework found in the wild
A second iOS hacking framework has been found in the wild, Belgium launches its own government communications app, AWS kills S3 bucketsquatting and a cyberattack cripples car breathalyzers. Show notes Risky Bulletin: AWS kills bucketsquatting
Srsly Risky Biz: Successful war leaves Iran with one option, its cyber forces
Tom Uren and Amberleigh Jack talk about how successfully achieving America’s war goals could force Iran to double down on cyber power. It’s resilient to bombing and is the cheapest, quickest way for the regime to get some wins post-war. They also discuss Meta stepping back from end-to-end encryption on Instagram’s direct messages. There is a time and place for E2EE messages, so good riddance. Finally, they discuss the one weird trick President Trump uses to make his smartphone conversations useless for foreign intelligence services. This episode is also available on Youtube. Show notes
Risky Bulletin: EU finally imposes more cyber sanctions
The EU imposes cyber sanctions, an Iranian cyber chief was killed by US-Israeli strikes, the UK fixes a major bug in its company registry, and a US man phishes celebrity athletes while on home detention… for phishing. Show notes Risky Bulletin: EU finally imposes more cyber sanctions
Between Two Nerds: Unleashing Iran's hackers
In this edition of Between Two Nerds Tom Uren and The Grugq discuss how bombing Iran changes incentives for Iranian hacker groups. Destroying other ways that Iran might project power could force it to double down on cyber capabilities. This episode is also available on Youtube. Show notes Zetter Zero Day on the Stryker hack BTN on the evolution of Iranian hackers with Hamid Kashfi
Risky Bulletin: Meta disrupts Mexican cartels
Meta suspends Mexican cartel accounts, multiple vulnerabilities have been found in Linux AppArmour, Instagram will disable support for end-to-end encrypted messaging and a supply chain attack hits AppsFlyer. Show notes Risky Bulletin: Meta disrupts Mexican cartels
Sponsored: Sublime Security on Zoom attacks
In this Risky Business sponsor interview, Catalin Cimpanu talks with Alex Orleans, Head of Threat Intelligence at Sublime Security, about the increase in email attacks leveraging Zoom invites and other video conferencing tools. Show notes Key findings from the 2026 Sublime Email Threat Research Report Scammers actively targeting real estate agents with remote access attacks Fake Google Meet invitation, fake Microsoft Store, real malware attack Alex Orleans on LinkedIn
Risky Bulletin: Another residential proxy provider falls
Authorities take down a residential proxy service, Iranian hackers wipe the network of a US medical device maker, Apple patches unsupported iOS against Coruna, and CISA asks for Cisco SD-WAN device logs. Show notes Risky Bulletin: Another residential proxy provider falls as authorities continue crackdowns
Srsly Risky Biz: President Trump's best ever cyber strategy
Tom Uren and Amberleigh Jack talk about the newly released Trump Cyber Strategy for America. The ideas in it are fine and occasionally even game-changing, but many of its goals have been undercut by the administration’s actions to date. They also discuss the Coruna exploit kit, which is now known to have leaked from a US defence contractor. Exploits are so valuable that it is unrealistic to expect they can be kept secret. This episode is also available on Youtube. Show notes
Risky Bulletin: Gen. Joshua Rudd confirmed as next CyberCom and NSA head
The Senate confirms a new CyberCom and NSA chief, the US will establish an inter-agency cyber unit, the UK’s Online Crime Centre will launch in April, and the Coruna iOS hacking kit was the work of L3Harris. Show notes Risky Bulletin: Gen. Joshua Rudd confirmed as next CyberCom and NSA head
Between Two Nerds: An internet blackout won't stop NSA in Iran
In this edition of Between Two Nerds Tom Uren and The Grugq talk about why an internet shutdown won’t stop US cyber operations in Iran. This episode is also available on Youtube. Show notes Srsly Risky Biz: The Four Hour Cyber War on Iran The Thing listening device IBM Selectric bug CIA compromise in Iran
Risky Bulletin: New White House EO prioritizes fight against scams and cybercrime
US federal agencies told to crack down on scams and cybercrime, the White House releases its new Cyber Strategy, suspected Chinese hackers breach the FBI’s wiretap network, and Romania’s largest meat exporter is insolvent after a ransomware attack. Show notes Risky Bulletin: New White House EO prioritizes fight against scams and cybercrime
Sponsored: What it means to be a learning organisation
In this Risky Business sponsor interview, Marco Slaviero, CTO of Thinkst, talks to Tom Uren about how the company ensures that it is a learning organisation. The pair discuss the company’s investment in its Thinkst Labs, how it differs from other security research labs, and how it helps grow products and people. Show notes
Risky Bulletin: Iranian hackers are scanning for security cameras to aid missile strikes
Iran attempts to hack security cameras to support its missile strikes, Israel bombs Iran’s cyber headquarters, authorities take down LeakBase and Tycoon 2FA, and TikTok says ‘no’ to encrypted private messaging. Show notes Risky Bulletin: Iranian hackers are scanning for security cameras to aid missile strikes
Srsly Risky Biz: The four hour cyber war on Iran
Tom Uren and Amberleigh Jack talk about how cyber operations were used in the first hours of the US-Israeli attack on Iran. They were instrumental in the attack on Iranian Supreme Leader Ali Khamenei, but they didn’t last long. The Iranian regime implemented an internet blackout within four hours of the first bombs. They also discuss how threat actors are using AI. It’s not game-changing so far, but it is very much altering the balance between attack and defence. This episode is also available on Youtube. Show notes
Risky Bulletin: Cyber Command conducted cyberattacks ahead of Iran strikes
The US conducted cyberattacks ahead of strikes on Iran, Russia aims for internet independence by 2028, Google finds a new iOS exploit kit in the wild, and Chrome moves to a two-week release cycle. Show notes Risky Bulletin: Cyber Command conducted cyberattacks ahead of Iran strikes
Between Two Nerds: The evolution of cyber ops in Ukraine
In this edition of Between Two Nerds Tom Uren and The Grugq how the use of cyber operations in the war in Ukraine has evolved over time. This episode is also available on Youtube. Show notes Russia using cyber espionage to direct grid missile strikes The Spectator article on US-UK relations BTN72 on the Taurus missile leak