Risky Business Podcast

May 20, 2026

Risky Business #838 -- GitHub investigates possible breach

Presented by

James Wilson
James Wilson

Technology Editor

Adam Boileau
Adam Boileau

Co-host at large

Patrick Gray
Patrick Gray

CEO and Publisher

On this week’s show Patrick Gray, Adam Boileau and James Wilson discuss the week’s cybersecurity news.

They cover:

  • GitHub announced a possible breach
  • CISA leaks important creds, keys in public repo
  • Awful vulnerability in Bitlocker renders it useless without a PIN
  • So. Many. Patches.
  • Polish Government urges officials to ditch Signal for mSzyfr
  • Much, much more

This week’s show is brought to you by Thinkst Canary. Thinkst’s founder, Haroon Meer, is this week’s sponsor guest. He joined James Wilson to talk about how doing “the basics” in security isn’t trivially easy.

This episode is also available on YouTube.

Risky Business #838 -- GitHub investigates possible breach
0:00 / 62:49

Show notes

GitHub on X: "We are investigating unauthorized access to GitHub’s internal repositories. While we currently have no evidence of impact to customer information stored outside of GitHub’s internal repositories (such as our customers’ enterprises, organizations, and repositories), we are closely" / X

CISA Admin Leaked AWS GovCloud Keys on Github – Krebs on Security

Experts Confirm the Fast16 Malware Was Sabotaging Nuclear Weapons Tests, Likely in Iran

Iran hackers: Hackers have breached tank readers at gas stations; officials suspect Iran is responsible | CNN Politics

War and Data Centers Are Driving Up the Cost of Fiber-Optic Cable

Microsoft on pace to break annual vulnerability record as AI-driven patch wave takes hold | The Record from Recorded Future News

NCSC’s Ollie Whitehouse on surviving the "bugpocalypse" - Risky Business Media

Defense at AI speed: Microsoft’s new multi-model agentic security system tops leading industry benchmark | Microsoft Security Blog

Project Glasswing: what Mythos showed us

Linus Torvalds says AI-powered bug hunters have made Linux security mailing list ‘almost entirely unmanageable’

First public macOS kernel memory corruption exploit on Apple M5

OpenAI launches Daybreak to combat cyber threats | Cybersecurity Dive

Zero-day exploit completely defeats default Windows 11 BitLocker protections - Ars Technica

GitHub - Wack0/bitlocker-attacks: A list of public attacks on BitLocker · GitHub

Catalin Cimpanu: "The Polish government has advi…" - Mastodon

CISA orders all federal agencies to patch exploited bug in Cisco SD-WAN systems by Sunday | The Record from Recorded Future News

CVE-2026-20182: Critical authentication bypass in Cisco Catalyst SD-WAN Controller (FIXED)

Huawei zero-day attack behind last year’s crash of Luxembourg's entire telecoms network | The Record from Recorded Future News

Patch bypass allows hackers to exploit prior flaw in SonicWall SSL-VPN | Cybersecurity Dive

Microsoft disrupts Fox Tempest malware-signing-as-a-service platform tied to ransomware gangs | The Record from Recorded Future News

Streamer Realtime Deepfakes Himself into Mr. Beast, Says He Loves 'Touching Little Boys'