Risky Business Podcast

January 21, 2026

Risky Business #821 -- Wiz researchers could have owned every AWS customer

Presented by

Adam Boileau
Adam Boileau

Co-host at large

Patrick Gray
Patrick Gray

CEO and Publisher

In this week’s show, Patrick Gray and Adam Boileau discuss the week’s cybersecurity news, joined by a special guest. BBC World Cyber Correspondent Joe Tidy is a long time listener and he pops in for a ride-along in the news segment plus a chat about his new book.

This week news includes:

  • Did the US cyber Venezuela’s power grid, or do they just want us to think they coulda?
  • US govt might boycott the RSAC Conference ‘cause Jen Easterly being CEO makes them mad
  • MS Patch Tuesday fixes CVSS5.5 bug and … stops you shutting down
  • Wiz pulls off cloud stunt hack that ends with control of everyone’s AWS console
  • Millions of Bluetooth devices that use Google’s Fast Pairing will pair with anyone, any time
  • GNU inet-tools’ telnetd parties like it’s 2007, and brings -f root unauthed remote login back

Thinkst is this week’s sponsor, and long time friend of the show Haroon Meer joins. As always they’re polishing their Canary tokens - adding breadcrumbs to lead you to them - but they’re also a bunch of giant nerds who now run South Africa’s Computer Olympiad.

This episode is also available on Youtube.

Risky Business #821 -- Wiz researchers could have owned every AWS customer
0:00 / 64:46

Show notes

Cyberattack in Venezuela Demonstrated Precision of U.S. Capabilities - The New York Times

Why I’m withholding certainty that “precise” US cyber-op disrupted Venezuelan electricity - Ars Technica

Layered Ambiguity: US Cyber Capabilities in the Raid to Extract Maduro from Venezuela | Royal United Services Institute

Former CISA Director Jen Easterly Will Lead RSAC Conference | WIRED

Trump officials consider skipping premier cyber conference after Biden-era cyber leader named CEO - Nextgov/FCW

Federal agencies ordered to patch Microsoft Desktop Windows Manager bug | The Record from Recorded Future News

Windows 11 shutdown bug forces Microsoft into damage control • The Register

CodeBreach: Supply Chain Vuln & AWS CodeBuild Misconfig | Wiz Blog

Critical flaw in AWS Console risked compromise of build environment | Cybersecurity Dive

Never-before-seen Linux malware is “far more advanced than typical” - Ars Technica

VoidLink: Evidence That the Era of Advanced AI-Generated Malware Has Begun - Check Point Research

Hundreds of Millions of Audio Devices Need a Patch to Prevent Wireless Hacking and Tracking | WIRED

Critical flaw in Fortinet FortiSIEM targeted in exploitation threat | Cybersecurity Dive

CVE-2025-64155: 3 Years of Remotely Rooting the FortiSIEM

A single click mounted a covert, multistage attack against Copilot - Ars Technica

Police raid homes of alleged Black Basta hackers, hunt suspected Russian ringleader | The Record from Recorded Future News

Jordanian initial access broker pleads guilty to helping target 50 companies | The Record from Recorded Future News

Supreme Court hacker posted stolen government data on Instagram | TechCrunch

oss-sec: GNU InetUtils Security Advisory: remote authentication by-pass in telnetd

How crypto criminals stole $700 million from people - often using age-old tricks

Ctrl + Alt + Chaos: How Teenage Hackers Hijack the Internet