Risky Business Podcast
March 26, 2025
Risky Business #785 -- Signal-gate is actually as bad as it looks
Presented by

Technology Editor

CEO and Publisher
On this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news:
- Yes, the Trump admin really did just add a journo to their Yemen-attack-planning Signal group
- The Github actions hack is smaller than we thought, but was targeting crypto
- Remote code exec in Kubernetes, ouch
- Oracle denies its cloud got owned, but that sure does look like customer keymat
- Taiwanese hardware maker Clevo packs its private keys into bios update zip
- US Treasury un-sanctions Tornado Cash, party time in Pyongyang?
This week’s episode is sponsored by runZero. Long time hackerman HD Moore joins to talk about how network vulnerability scanning has atrophied, and what he’s doing to bring it back en vogue. Do you miss early 2000s Nessus? HD knows it, he’s got you fam.
This episode is also available on Youtube.

Brought to you by runZero
Total Attack Surface & Exposure Management
Show notes
The Trump Administration Accidentally Texted Me Its War Plans - The Atlantic
Using Starlink Wi-Fi in the White House Is a Slippery Slope for US Federal IT | WIRED
Critical vulnerabilities put Kubernetes environments in jeopardy | Cybersecurity Dive
Researchers back claim of Oracle Cloud breach despite company’s denials | Cybersecurity Dive
Capital One hacker Paige Thompson got too light a sentence, appeals court rules | CyberScoop
Tornado Cash Delisting | U.S. Department of the Treasury
Clevo Boot Guard Keys Leaked in Update Package
Six additional countries identified as suspected Paragon spyware customers | CyberScoop
Notre Dame uni students say outage creating enrolment, graduation, assignment mayhem - ABC News