Risky Business Podcast

July 23, 2025

Risky Business #799 -- Everyone's Sharepoint gets shelled

Presented by

Adam Boileau
Adam Boileau

Technology Editor

Patrick Gray
Patrick Gray

CEO and Publisher

Risky Biz returns after two weeks off, and there sure is cybersecurity news to catch up on. Patrick Gray and Adam Boileau discuss:

  • Microsoft tried to make outsourcing the Pentagon’s cloud maintenance to China okay (it was not)
  • She shells Sharepoint by the sea-shore (by ‘she’ we mean ‘China’)
  • Four (alleged) Scattered Spider members arrested (and bailed) in the UK
  • Hackers spend $2700 to buy creds for a Brazilian payment system, steal $100M
  • Fortinet has SQLI in the auth header, Citrix mem leak is weaponised, HP hardcodes creds and Sonicwalls get user-moderootkits. Just security vendor things!

This week’s episode is sponsored by Airlock Digital. CEO David Cottingham talks through what it takes to build a mature, resilient management platform for a security critical system.

This episode is also available on Youtube.

Risky Business #799 -- Everyone's Sharepoint gets shelled
0:00 / 73:55

Show notes

Update on DOD’s cloud services

Microsoft to stop using engineers in China for tech support of US military, Hegseth orders review

A Little-Known Microsoft Program Could Expose the Defense Department to Chinese Hackers

While DOD policy bans unauthorized apps like TikTok from being on employees phones over national security risks

Microsoft Fix Targets Attacks on SharePoint Zero-Day – Krebs on Security

National Guard was hacked by China's 'Salt Typhoon' group, DHS says

Suspected contractor for China’s Hafnium group arrested in in Italy | Cybersecurity Dive

Singapore accuses Chinese state-backed hackers of attacking critical infrastructure networks | The Record from Recorded Future News

UK Arrests Four in ‘Scattered Spider’ Ransom Group – Krebs on Security

Four people bailed after arrests over cyber attacks on M&S, Co-op and Harrods

Brazilian police arrest IT worker over $100 million cyber theft | The Record from Recorded Future News

At Least 750 US Hospitals Faced Disruptions During Last Year’s CrowdStrike Outage, Study Finds | WIRED

Hacker returns cryptocurrency stolen from GMX exchange after $5 million bounty payment | The Record

Indian crypto exchange CoinDCX says $44 million stolen from reserves | The Record

Chainalysis: $2.17 billion in crypto stolen in first half of 2025, driven by North Korean hacks | The Record

PoisonSeed bypassing FIDO keys to ‘fetch’ user accounts

Risky Bulletin: Browser extensions hijacked for web scraping botnet

A Startup is Selling Data Hacked from Peoples’ Computers to Debt Collectors

A surveillance vendor was caught exploiting a new SS7 attack to track people's phone locations | TechCrunch

Ukrainian hackers wipe databases at Russia's Gazprom in major cyberattack, intelligence source says

File transfer company CrushFTP warns of zero-day exploit seen in the wild | The Record

HPE warns of hardcoded passwords in Aruba access points

Pre-Auth SQL Injection to RCE - Fortinet FortiWeb Fabric Connector (CVE-2025-25257)

Researchers, CISA confirm active exploitation of critical Citrix Netscaler flaw | Cybersecurity Dive

Google finds custom backdoor being installed on SonicWall network devices - Ars Technica

Hackers Can Remotely Trigger the Brakes on American Trains and the Problem Has Been Ignored for Years