Risky Business Podcast

January 21, 2026

Risky Business #821 -- Wiz researchers could have owned every AWS customer

Presented by

Adam Boileau
Adam Boileau

Technology Editor

Patrick Gray
Patrick Gray

CEO and Publisher

In this week’s show, Patrick Gray and Adam Boileau discuss the week’s cybersecurity news, joined by a special guest. BBC World Cyber Correspondent Joe Tidy is a long time listener and he pops in for a ride-along in the news segment plus a chat about his new book.

This week news includes:

  • Did the US cyber Venezuela’s power grid, or do they just want us to think they coulda?
  • US govt might boycott the RSAC Conference ‘cause Jen Easterly being CEO makes them mad
  • MS Patch Tuesday fixes CVSS5.5 bug and … stops you shutting down
  • Wiz pulls off cloud stunt hack that ends with control of everyone’s AWS console
  • Millions of Bluetooth devices that use Google’s Fast Pairing will pair with anyone, any time
  • GNU inet-tools’ telnetd parties like it’s 2007, and brings -f root unauthed remote login back

Thinkst is this week’s sponsor, and long time friend of the show Haroon Meer joins. As always they’re polishing their Canary tokens - adding breadcrumbs to lead you to them - but they’re also a bunch of giant nerds who now run South Africa’s Computer Olympiad.

This episode is also available on Youtube.

Risky Business #821 -- Wiz researchers could have owned every AWS customer
0:00 / 64:46

Show notes

Cyberattack in Venezuela Demonstrated Precision of U.S. Capabilities - The New York Times

Why I’m withholding certainty that “precise” US cyber-op disrupted Venezuelan electricity - Ars Technica

Layered Ambiguity: US Cyber Capabilities in the Raid to Extract Maduro from Venezuela | Royal United Services Institute

Former CISA Director Jen Easterly Will Lead RSAC Conference | WIRED

Trump officials consider skipping premier cyber conference after Biden-era cyber leader named CEO - Nextgov/FCW

Federal agencies ordered to patch Microsoft Desktop Windows Manager bug | The Record from Recorded Future News

Windows 11 shutdown bug forces Microsoft into damage control • The Register

CodeBreach: Supply Chain Vuln & AWS CodeBuild Misconfig | Wiz Blog

Critical flaw in AWS Console risked compromise of build environment | Cybersecurity Dive

Never-before-seen Linux malware is “far more advanced than typical” - Ars Technica

VoidLink: Evidence That the Era of Advanced AI-Generated Malware Has Begun - Check Point Research

Hundreds of Millions of Audio Devices Need a Patch to Prevent Wireless Hacking and Tracking | WIRED

Critical flaw in Fortinet FortiSIEM targeted in exploitation threat | Cybersecurity Dive

CVE-2025-64155: 3 Years of Remotely Rooting the FortiSIEM

A single click mounted a covert, multistage attack against Copilot - Ars Technica

Police raid homes of alleged Black Basta hackers, hunt suspected Russian ringleader | The Record from Recorded Future News

Jordanian initial access broker pleads guilty to helping target 50 companies | The Record from Recorded Future News

Supreme Court hacker posted stolen government data on Instagram | TechCrunch

oss-sec: GNU InetUtils Security Advisory: remote authentication by-pass in telnetd

How crypto criminals stole $700 million from people - often using age-old tricks

Ctrl + Alt + Chaos: How Teenage Hackers Hijack the Internet