Risky Business Podcast
May 13, 2026
Risky Business #837 -- GitHub Actions footgun claims TanStack
Presented by
Enterprise Technology Editor
Technology Editor
CEO and Publisher
On this week’s show Patrick Gray, Adam Boileau and James Wilson discuss the week’s cybersecurity news.
They cover:
- Mini Shai-Hulud and the TanStack compromise using Github Actions
- Instructure pays Canvas elearning platform data extortionists
- More Linux privilege escalation 0days!
- CISA helping critical infrastructure operators rearchitect their networks so they work offline
This week’s episode is sponsored by email security platform Sublime Security. Bobby Filar chats with Patrick about how agentic AI is being evaluated by buyers in a marketplace that’s experiencing “AI fatigue”.
This episode is also available on Youtube.
Brought to you by Sublime Security
Agentic AI that stops email attacks at adversary speed
Show notes
Hardening TanStack After the npm Compromise | TanStack Blog
Canvas Breach Disrupts Schools & Colleges Nationwide – Krebs on Security
When DNSSEC goes wrong: how we responded to the .de TLD outage
Mythos smythos! How to find 0day with lesser models - Risky Business Media
GitHub - V4bel/dirtyfrag · GitHub
Flaw in Claude’s Chrome extension allowed ‘any’ other plugin to hijack victims’ AI | CyberScoop
Ivanti customers confront yet another actively exploited zero-day | CyberScoop
Where Have All the Complex Windows Malware and Their Analyses Gone?
Meet Rassvet, Russia’s Answer to Starlink | WIRED
DOJ says ransomware gang tapped into Russian government databases | TechCrunch
‘HELLO BOSS’: Inside the Chinese Realtime Deepfake Software Powering Scams Around the World