
Risky Bulletin
172 episodes — Page 3 of 4
Risky Bulletin: LLMs can deanonymize internet users based on their comments
LLMs can deanonymize internet users based on their comments, CISA gets a new acting director, hackers steal 15 million records from the French Ministry of Health, and Google takes down an ad fraud botnet. Show notes Risky Bulletin: LLMs can deanonymize internet users based on their past comments
Sponsored: AI Agents need distinct identities
In this sponsored interview Casey Ellis chats to Harish Peri, SVP and general manager for AI security at Okta, a cloud-based identity and access management company. The pair chat about the fact that AI is forcing enterprises to relearn the basics around identity security, and how Okta for AI Agents can help. Show notes
Risky Bulletin: Russian man extorts Conti ransomware group
A Russian man prosecuted for extorting the Conti ransomware group, Google takes down a Chinese cyber-espionage operation, Anthropic tells Department of War to pound sand over AI restrictions, and a Cisco zero-day was exploited in the wild for three years. Show notes Risky Bulletin: Russian man investigated for extorting Conti ransomware group
Srsly Risky Biz: Is Claude too woke for war?
Tom Uren and Amberleigh Jack talk about the argy-bargy between the Pentagon and AI company Anthropic. US Defense Secretary Pete Hegseth is demanding that all safeguards are lifted from Claude, while Anthropic CEO Dario Amodei is insisting on protections against mass surveillance of Americans and use in lethal autonomous weapons. They also discuss the return of Volt Typhoon, the Chinese hacker group prepositioning in critical infrastructure for sabotage in the event of a conflict over Taiwan. The group is still around, even though the US government declared victory against it last July. This episode is also available on Youtube. Show notes
Risky Bulletin: Russia starts criminal probe of Telegram founder Pavel Durov
Russia launches a criminal probe into Telegram’s founder, two teenagers arrested for a South Korean bike share hack, Anthropic accuses Chinese AI firms of distillation attacks, and the US Treasury sanctions a Russian exploit broker. Show notes Risky Bulletin: Russia starts criminal probe of Telegram founder Pavel Durov
Between Two Nerds: How NSA will use AI
In this edition of Between Two Nerds Tom Uren and The Grugq talk about how ‘professional’ Five Eyes cyber espionage agencies like NSA will use AI. These agencies place a premium on stealth and won’t yolo AI. This episode is available on Youtube. Show notes How AI-powered espionage will favour China Google's AI threat tracker, February 2026
Risky Bulletin: AI-driven hacking campaign breaches 600+ Fortinet devices
An AI-driven hacking campaign breached 600 Fortinet devices, Ivanti was hacked via its own product, Wikipedia bans Archive-dot-Today for DDoS attacks, and Chinese hackers breached Italy’s police force. Show notes Risky Bulletin: AI-driven hacking campaign breaches 600+ Fortinet devices
Sponsored: The smouldering trashfire of AI and open source
In this Risky Business sponsor interview, Casey Ellis and Feross Aboukhadijeh discuss how AI is affecting open source, chat about a few attacks the company has seen in the wild and introduce Socket’s answer to the smouldering trashfire: Socket Firewall. Show notes
Risky Bulletin: RPKI infrastructure sits on shaky ground
RPKI relies on vulnerable servers, the French Ministry of Economy discloses a data breach, the UK gives tech platforms 48 hours to remove revenge porn, and ClickFix-attacks are responsible for 50% of malware infections. Show notes Risky Bulletin: RPKI infrastructure sits on shaky ground
Srsly Risky Biz: Cyber bullets can't replace political will
Tom Uren and Amberleigh Jack talk about a groundswell of calls from European officials to build cyber capabilities to strike back against adversaries. There are good reasons that countries should have their own cyber capabilities, but if you don’t have the political will to strike back, having a magic cyber weapon doesn’t really make a difference. They also talk about ‘distillation attacks’. They are a way that AI developers can steal the secret sauce of advanced models just by asking questions. It looks like American companies need government assistance if the US wants to keep its AI lead. This episode is also available on Youtube. Show notes
Risky Bulletin: Supply chain attack plants backdoor on Android tablets
A supply chain attack plants backdoors on Android tablets, the EU blocks AI from lawmakers’ devices, Cellebrite was used against a Kenyan politician, and a Chinese APT is exploiting a Dell zero-day. Show notes Risky Bulletin: Supply chain attack plants backdoor on Android tablets
Between Two Nerds: Buying the magic weapon
In this edition of Between Two Nerds Tom Uren and The Grugq discuss whether middle powers should be investing in military cyber capabilities. This episode is also available on Youtube Show notes The Record on Iranian air defences Max Smeets No Shortcuts RunZero sponsor interview
Risky Bulletin: Cambodia promises to dismantle scam compounds by April
Cambodia promises to dismantle cyber scam compounds by April, CISA urges companies to adopt the OpenEoX standard, Linux gets post-quantum crypto support, and Palo Alto Networks avoids attributing an APT to China. Show notes Risky Bulletin: Cambodia promises to dismantle scam networks by April
Sponsored: Filtering the KEV was really hard … Until now!
In this sponsored interview Casey Ellis chats to Tod Beardsley, VP of Security at RunZero about Kevology, the company’s analysis of CISA’s KEV list. Kevology lets you easily identify and fix vulnerabilities from the list that are urgent and relevant to you. Show notes KEVology: An analysis of exploits, scores, & timelines on the CISA KEV
Risky Bulletin: IcedID malware developer fakes his own death to escape the FBI
A Malware developer faked his own death to evade the FBI, Apple patches a zero-day used in a targeted attack, the Tianfu Cup quietly returns, and researchers spot the first malicious Outlook add-in. Show notes Risky Bulletin: IcedID malware developer fakes his own death to escape the FBI
Srsly Risky Biz: Microsoft forgoes its secure future
Tom Uren and Amberleigh Jack talk about Microsoft CEO Satya Nadella’s messaging around personnel changes at the top of its security organisation. These signal a focus on selling security products rather than on making secure products. They also discuss Expedition Cloud, a Chinese cyber range that replicated the critical infrastructure of neighbouring countries, apparently to develop and fine-tune cyber disruption operations. Finally, they talk about what we’ve learnt about the role of cyber operations in the US bombing of Iranian nuclear facilities. It was far bigger than we previously thought. This episode is also available on Youtube. Show notes
Risky Bulletin: Chinese cyber-spies breached all of Singapore's telcos
China has breached all of Singapore’s major telcos, Microsoft announces two new security features, a hacktivist leaks data from a stalkerware provider, and researchers map out “GRU information warfare units” based on their insignia. Show notes Risky Bulletin: Chinese cyber-spies breached all of Singapore's telcos
Between Two Nerds: Why we are doomed to insecurity
In this edition of Between Two Nerds Tom Uren and The Grugq talk about why the world is destined to be perpetually insecure. This episode is also available on Youtube. Show notes Hunterbrook's Ubiquiti investigation Trail of Bits sponsor interview
Risky Bulletin: SmarterTools hacked via its own product
A software company gets hacked through vulnerabilities in its own product, European agencies are hacked via recent Ivanti zero-days, Senegal is being extorted by hackers, and a state actor is behind a Signal phishing campaign in Germany. Show notes Risky Bulletin: SmarterTools hacked via its own product
Sponsored: Trail of Bits going all-in on AI
In this Risky Business sponsored interview, Tom Uren talks to Trail of Bits CEO Dan Guido about how Trail of Bits is reworking its business processes to take advantage of AI. Dan talks about what it takes to make AI agents reliable and trustworthy and how that will give the company an edge by making its work both better and faster. Show notes Trail of Bits Skills Marketplace
Risky Bulletin: Denmark recruits hackers for offensive cyber operations
Denmark recruits hackers for offensive cyber operations, CISA tells agencies to remove old edge devices, Coinbase has another insider breach, and Microsoft appoints a new security chief. Show notes Risky Bulletin: Denmark recruits hackers for offensive cyber operations
Srsly Risky Biz: Google's cyber disruption unit kicks its first goal
Tom Uren and Amberleigh Jack talk about Google’s cyber disruption unit taking aim at the IPIDEA residential proxy network. The network was a cybercrime enabler that was used by hundreds of threat actors for crime and espionage. More of this kind of disruption please. They also discuss SpaceX’s rapid action to stop the Russian military using Starlink terminals to guide drones deep into Ukrainian territory. This episode is also available on Youtube. Show notes
Risky Bulletin: Plone CMS stops supply-chain attack
The Plone CMS stops a supply-chain attack, French cops raid the X Paris office; the number of malicious OpenClaw skills grows, and a Chinese APT hacked Notepad++ servers. Show notes Risky Bulletin: Plone CMS stops supply-chain attack
Between Two Nerds: The internal logic of Russian power grid attacks
In this edition of Between Two Nerds Tom Uren and The Grugq discuss the recent Russian attack on Polish electricity infrastructure. This episode is also available on Youtube. Show notes ESET's first report ESET's update report CERT-PL report Dragos report The Insider 'Hidden Bear' investigation BTN 124, How Russia's sabotage team got into hacking BTN 145, Russia's cyber war on wheat
Risky Bulletin: StopICE blames hack on "a CBP agent here in SoCal"
ICE tracking app blames a recent hack on a government agent, Microsoft will disable NTLM in the next release of Windows, Poland bans Chinese cars from military bases, and Ivanti patches two new zero-days. Show notes Risky Bulletin: StopICE blames hack on "a CBP agent here in SoCal"
Sponsored: AI is critical to the future of cyber defence
In this sponsored interview, Casey Ellis chats to Edward Wu, founder of Dropzone AI about a recent Vanderbilt University report that reveals that foreign adversaries’ resources are growing. Edward says AI capabilities are critical to the future of cyber defence, because the west can’t hire itself out of the shortfall. Show notes Dominating the Digital Space: A Whole-of-Society Strategy for Securing the United States from Cyber Aggression
Risky Bulletin: eScan antivirus distributes backdoor in latest supply chain attack
Hackers breach eScan antivirus and distribute a backdoor, Google takes down the IPIDEA proxy botnet, most GDPR fines remain uncollected, and the Poland wiper attack hit 30 locations. Show notes Risky Bulletin: eScan antivirus distributes backdoor in latest supply chain attack
Srsly Risky Biz: Punish the wicked and reward the righteous
Tom Uren and Amberleigh Jack talk about the Pall Mall Process, an international effort to reign in abusive spyware. Tom thinks the US has already stumbled into a viable carrots and sticks style strategy that will shape the industry more than coming up with standards will. The pair also discuss news that Chinese Salt Typhoon hackers compromised the calls of senior UK officials in Downing Street. The UK has extensive telecommunications security regulations and the incident makes us wonder what that legislation is actually good for. This episode is also available on Youtube. Show notes
Risky Bulletin: Cyberattack cripples cars across Russia
A cyberattack has crippled cars in Russia, Microsoft patches an Office zero-day, WhatsApp rolls out an account lockdown feature, and a handful of Chrome extensions steal ChatGPT auth tokens. Show notes Risky Bulletin: Cyberattack cripples cars across Russia
Between Two Nerds: Getting pinged and the fog of war
In this edition of Between Two Nerds Tom Uren and The Grugq discuss how getting pinged hurts state hackers by introducing uncertainty. Publishing technical reports on the hack can actually improve the situation by removing uncertainty about how attackers were detected. This episode is also available on Youtube. Show notes BTN 36, The culture of the Snake
Sponsored: Push Security on ConsentFix attacks
In this Risky Business News sponsor interview, Catalin Cimpanu talks with Luke Jennings, VP of Research & Development at Push Security, about ConsentFix. It’s a new form of email-based social engineering attack used in the wild, an evolution of the ClickFix attack that goes after your identity. Show notes ConsentFix: Analysing a browser-native ClickFix-style attack that hijacks OAuth consent grants ConsentFix debrief: latest community insights, recommendations, and predictions Luke Jennings, ConsentFix LinkedIn post Year in Review: How Phishing Attacks Evolved in 2025
Risky Bulletin: Russia deployed wipers on Poland's energy grid
Russia deployed wipers against Poland’s energy grid, Microsoft shared BitLocker keys with the FBI, Romania dismantles a murder-for-hire portal, and the EU creates a new anti-spyware group. Show notes Risky Bulletin: EU readies new anti-spyware group, but with even less powers than PEGA
Risky Bulletin: Improperly patched bug exploited again in Fortinet firewalls
A poorly patched bug is being exploited in Fortinet firewalls, hackers go after security testing environments, Jordanian police used Cellebrite against activists, and new Cisco and SmarterMail zero-days. Show notes Risky Bulletin: Improperly patched bug exploited again in Fortinet firewalls
Srsly Risky Biz: You can't block space internet
Tom Uren and Amberleigh Jack talk about the rise of technologies that can undermine internet blackouts such as Starlink and its relatively new direct-to-cell service. Authoritarian internet shutdowns and disasters happen often enough that governments should think about how to take advantage of these new technologies rather than just reacting when crises arise. They also discuss the nomination of General Joshua Rudd as head of NSA and US Cyber Command. This episode is also available on Youtube. Show notes
Risky Bulletin: Domain resurrection attacks come to Canonical's Snap Store
Canonical’s Snap Store hit by domain resurrection attacks, Russia will use AI to detect VPN users, Iranian hackers switch to Starlink during internet outage, and Greece arrests SMS blasters… by dumb luck. Show notes Risky Bulletin: Domain resurrection attacks come to Canonical's Snap Store
Between Two Nerds: Why the West sucks at Information Warfare
In this edition of Between Two Nerds Tom Uren and The Grugq talk about what information warfare even is, revisit a 30-year-old paper and examine why Western governments struggle with the concept. This episode is also available on Youtube. Show notes What is Information Warfare by Martin Libicki Human Rights in China Leaked conversation on Youtube, in Mandarin Rebecca Black, Friday
Risky Bulletin: Germany seeks more hacking and surveillance powers for its intel service
Germany seeks more hacking and surveillance powers for its intelligence service, Finland intends to criminalize the spreading of false information, patriotic “French” social media goes quiet during Iran’s internet outage, and hackers are extorting GrubHub. Show notes Risky Bulletin: Germany seeks more hacking and surveillance powers for its intel service
Sponsored: Seeing into the seams
In this Risky Business sponsored interview, Tom Uren talks to Justin Kohler, Chief Product Officer at SpecterOps, about how attack paths exist in the seams between different identity or permissions management domains. In isolation, for example, both your Github and your AWS deployment could follow best practices. But bring them together and you’ve got problems. Bloodhound’s OpenGraph lets you find and fix these otherwise invisible attack paths. Show notes
Risky Bulletin: China bans Israeli and US cybersecurity products
China bans Israeli and US cybersecurity products, Sean Plankey is re-nominated for CISA Director, RAM price hikes are likely to impact the cost of firewalls, and Lumen sinkholes the Kimwolf DDoS botnet. Show notes Risky Bulletin: DRAM price hikes set to impact firewalls too
Srsly Risky Biz: China Fights Scam Compounds … For China
Tom Uren and Amberleigh Jack talk about the Chinese government’s reactive approach to tackling scam compounds. It’s driven by bad news on domestic media and therefore focusses on the compounds that are targeting Chinese citizens. Rather than eliminating the industry, that may instead be shaping the industry to focus on other countries and particularly Americans. They also discuss the role of disruptive cyber operations in the US’s raid to capture Venezuelan President Nicolás Maduro. This episode is also available on Youtube. Show notes
Risky Bulletin: Russia fines 33 telcos for surveillance non-compliance
Russia fines 33 telcos for surveillance non-compliance, AVCheck admin is arrested in Amsterdam, Poland repels an attack on its power grid, and voice cloning defenses can be bypassed. Show notes Risky Bulletin: Voice cloning defenses still weak, can be bypassed
Between Two Nerds: Lights out!
In this edition of Between Two Nerds Tom Uren and The Grugq about the role of cyber operations in the US capture of Venezuela’s president Nicolas Maduro. This episode is also available on Youtube. Show notes Maduro's fall puts US cyber power in the spotlight Trump suggests US used cyberattacks to turn off lights in Venezuela during strikes Venezuela strike marks a turning point for US cyber warfare Power outages, but not cyber (from Oleg Shakirov) NYTimes Inside 'Operation Absolute Resolve' Spec Ops by William McRaven
Risky Bulletin: Apex Legends streamers hacked again
The Apex Legends game is hacked again, data about 17 million Instagram users put up for sale, Indonesia blocks X over pornographic content, and a ransomware attack hits major Chilean energy provider Show notes Risky Bulletin: Apex Legends streamers hacked again
Sponsored: What AI workloads mean for Cloud security
In this Risky Business News sponsored interview the CEO and founder of Prowler, Toni de la Fuente, explains how implementing AI systems brings new security challenges that differ for traditional cloud workloads. Toni also talks about ‘attack paths’ in the context of cloud infrastructure and using them to minimise risk. Show notes
Risky Bulletin: Belarus deploys spyware on journalists' phones
Belarus deployed spyware on journalists’ phones, a man is arrested for installing malware on a ferry, France arrests the hacker behind an Interior Ministry email server breach, and new Cisco and SonicWall zero-days. Show notes Risky Bulletin: Belarus deploys spyware on journalists' phones
Srsly Risky Biz: Like Huawei, but for electricity
Tom Uren and Patrick Gray talk about America’s increasing dependence on Chinese manufacturers for electrical sector equipment. This doesn’t seem like a good idea when China is hacking electric utilities for sabotage and PLA researchers are dreaming up ways to attack the grid. They also discuss the possibility that the US was responsible for a cyber attack on Venezuela’s state oil company and how Russian state-backed hacktivism is so dumb. This episode is also available on Youtube. Show notes
Risky Bulletin: Most smart devices run outdated web browsers
Most smart devices run outdated web browsers, Ukrainian hacktivists breach a major Russian defense contractor, ransomware hits Venezuela’s state-owned oil company, and hackers are trying to extort PornHub with stolen user data. Show notes Risky Bulletin: Most smart devices run outdated web browsers
Between Three Nerds: The evolution of Iranian cyber espionage
In this edition of Between Two Nerds Tom Uren and The Grugq talk to Hamid Kashfi, CEO and founder of DarkCell, talk about the Iranian cyber espionage scene. Kashfi talks about how the regime once forced people to hack and crushed the domestic security research scene. He describes how and why the government has changed its approach and is now reaping the rewards of improved Iranian capabilities. This episode is available on Youtube. Show notes The "Mossad or not" threat model by James Mickens Shamoon wiper iLO rootkit
Risky Bulletin: African freelancers behind anti-US and anti-French disinfo campaigns
Russia is hiring African freelancers for disinformation campaigns, the US is preparing to let contractors run offensive cyber operations, Germany blames Russia for the hack of its air traffic control agency, and Apple patches two WebKit zero-days. Show notes Risky Bulletin: African freelancers behind anti-US and anti-French disinfo campaigns
Sponsored: ConsentFix and Push Security's browser attack taxonomy
In this sponsored interview Casey Ellis is joined by Push Security’s Field CTO, Mark Orlando. They chat about the ways that browser-based attacks are evolving and how Push Security is finding and cataloging them. Show notes ConsentFix: Analysing a browser-native ClickFix-style attack that hijacks OAuth consent grants Introducing our guide to phishing detection evasion techniques