Risky Business Podcast
March 19, 2025
Risky Business #784 -- GitHub supply chain attack steals secrets from 23k projects
Presented by
Technology Editor
CEO and Publisher
On this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news:
- Github Actions supply chain attack loots keys and secrets from 23k projects
- Why a VC fund now owns a minority stake in Risky Business Media (!?!?)
- China doxes Taiwanese military hackers
- Microsoft thinks .lnk file whitespace trick isn’t worth patching but APTs sure love it
- CISA delivers government efficiency by re-hiring fired staff… to put them on paid leave
- …and Google acquires Wiz for $32bn
This week’s show is sponsored by Zero Networks, and they have sent along a happy customer to talk about their experience. Aaron Steinke is Head of Infrastructure at La Trobe Financial, an asset management firm in Australia. Aaron talks through bringing modern zero-trust goodness to the reality of a technology environment that’s been around 40 years.
This episode is also available on Youtube.
Brought to you by Zero Networks
Finally, microsegmentation that just works
Show notes
China says Taiwan's military is behind PoisonIvy APT
Lazarus Group deceives developers with 6 new malicious npm packages | CyberScoop
Black Basta uses brute-forcing tool to attack edge devices | Cybersecurity Dive
CISA works to contact probationary employees for reinstatement after court order - Nextgov/FCW
‘People Are Scared’: Inside CISA as It Reels From Trump’s Purge | WIRED
The Wiretap: CISA Staff Are Cautiously Optimistic About Trump’s Pick For Director
White House instructs agencies to avoid firing cybersecurity staff, email says | Reuters
Telegram CEO Pavel Durov allowed to leave France amid investigation
Google buys cloud security provider Wiz for $32 billion | The Record from Recorded Future News
Pat Gray, Founder of Risky Business, Joins Decibel as Founder Advisor - Decibel