Risky Business Podcast

November 05, 2025

Risky Business #813 -- FFmpeg has a point

Presented by

Adam Boileau
Adam Boileau

Technology Editor

Patrick Gray
Patrick Gray

CEO and Publisher

In this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news, including:

  • We love some good vulnerability reporting drama, this time FFmpeg’s got beef with Google
  • OpenAI announces its Aardvark bug-gobbling system
  • Two US ransomware responders get arrested for… ransomware
  • Memento (nee HackingTeam) CEO says: Sì, those are totally our tools getting snapped in Russia
  • Hackers help freight theft gangs steal shipments to resell
  • A second Jabber Zeus mastermind gets his comeuppance 15 years on

This week’s episode is sponsored by Nucleus Security, who make a vulnerability information management system. Co-founder Scott Kuffer says that approaches for triaging vulnerabilities have started to fall apart, given there are just. So. Many. And they’re all important!

This episode is also available on Youtube.

Risky Business #813 -- FFmpeg has a point
0:00 / 65:08

Show notes

vx-underground on X: "Yeah, so pretty much this entire drama thing is FFmpeg are a bunch of nerds…"

FFmpeg on X: "@DavidEGrayson It's someone's hobby project of an obscure 1990s decoder…"

Halvar Flake on X: "Given the extremely big role ffmpeg has played historically..."

thaddeus e. grugq on X: "Current drama: Plucky security researcher Google takes on volunteer open source behemoth FFmpeg."

Robert Graham on X: "Current status: There's a conflict between Google…"

Introducing Aardvark: OpenAI’s agentic security researcher | OpenAI

Bugcrowd acquires Mayhem Security to advance AI-powered security testing | CyberScoop

Prosecutors allege incident response pros used ALPHV/BlackCat to commit string of ransomware attacks | CyberScoop

Former Trenchant Exec Sold Stolen Code to Russian Buyer Even After Learning that Other Code He Sold Was Being "Utilized" by Different Broker in South Korea

How an ex-L3Harris Trenchant boss stole and sold cyber exploits to Russia | TechCrunch

Operation Zero — A Zero-Day Vulnerability Platform

John Scott-Railton on X: "7/ There's a push to scale up America's offensive industry right now…"

CEO of spyware maker Memento Labs confirms one of its government customers was caught using its malware | TechCrunch

Exploiting Microsoft Teams: Impersonation and Spoofing Vulnerabilities Exposed Microsoft Teams Vulnerabilities Uncovered

Cargo theft gets a boost from hackers using remote monitoring tools | The Record from Recorded Future News

Remote access, real cargo: cybercriminals targeting trucking and logistics | Proofpoint US

Alleged Conti ransomware gang affiliate appears in Tennessee court after Ireland extradition | The Record from Recorded Future News

Three suspected developers of Meduza Stealer malware arrested in Russia | The Record from Recorded Future News

Alleged Jabber Zeus Coder ‘MrICQ’ in U.S. Custody – Krebs on Security

Windows Server Update Service exploitation ensnares at least 50 victims | Cybersecurity Dive

Post by @paulschnack.bsky.social — Bluesky