Risky Business Podcast

June 03, 2026

Risky Business #840 -- Microsoft walks back researcher threats

Presented by

James Wilson
James Wilson

Technology Editor

Patrick Gray
Patrick Gray

CEO and Publisher

On this week’s show special guest co-host Andy Boyd joins Patrick Gray and James Wilson to discuss the week’s cybersecurity news. Andy is the CEO of REDLattice, which makes the Paragon “intelligence collection and reconnaissance” solution.

They cover:

  • Adversaries are tracking US troop locations with commercially available location data
  • A new Signal phishing campaign is going after message backups
  • 404 Media is suing ICE to get its spyware contract with REDLattice (lol)
  • Microsoft’s tone-deaf response to ‘never justifiable’ zero-day disclosures
  • Mini Shai-Hulud pops up again just as Glassworm gets shattered
  • Much, much more

This week’s episode is sponsored by Authentik, an open source identity platform that you can host yourself. In this week’s sponsor interview Authentik’s CEO Fletcher Heisler joins Patrick Gray to talk about how they’re keeping up with the bugpocalypse, and also the work they’re doing to support identities for AI agents.

This episode is also available on YouTube.

Risky Business #840 -- Microsoft walks back researcher threats
0:00 / 66:03

Show notes

The Pentagon Knew Enemies Could Track Troops’ Phones for Years. Now They Are | wired.com

U.S. says troops were targeted with location data, as senator warns ad industry is a ‘national security threat’ | TechCrunch Security

DOD location data attachment (Wyden) |

Risky Business #830 -- LiteLLM and security scanner supply chains compromised | Risky Business Media

US has seized nearly $1 billion in crypto from Iran, Bessent says |

Russia claims foreign spy agencies hacked officials' phones | therecord.media

Hackers are trying to steal Signal users’ backups in new wave of phishing attacks | TechCrunch Security

We Sued ICE to Get Its Spyware Contract. The Agency Is Redacting Essentially Everything | Social Signals

Microsoft calls zero-day releases ‘never justifiable’ as researcher threatens to drop more | therecord.media

A shared responsibility: Protecting customers through Coordinated Vulnerability Disclosure | Social Signals

Microsoft says it will not pursue security researchers after zero-day backlash | therecord.media

IBM’s new $5B initiative will help enterprises rapidly patch open-source vulnerabilities | Social Signals

Federal audit reveals NIST’s NVD is plagued by poor planning and duplication | cyberscoop.com

Hackers Used Meta’s AI Support Bot to Seize Instagram Accounts | krebsonsecurity.com

Critical Windows Netlogon RCE flaw now exploited in attacks | BleepingComputer

CISA adds exploited Palo Alto Networks GlobalProtect flaw to KEV | Cybersecurity Dive

Password manager Dashlane says hackers stole some customers’ password vaults | TechCrunch Security

CrowdStrike disrupts Glassworm botnet that preyed on open-source supply chain | cyberscoop.com

Botnet of more than 17 million devices dismantled | arstechnica.com

Chinese-speaking fraud gang could be stealing millions from 2026 World Cup fans | therecord.media

ACCC investigating Olympics ticket scam | ABC

Dozens of Red Hat packages backdoored through its offical NPM channel | arstechnica.com

Solo podcast: A deep dive on TeamPCP - Risky Business Media |

Trump administration releases scaled-back AI executive order | cyberscoop.com

Google security engineer accused of turning confidential search trends into $1.2M win on Polymarket | cyberscoop.com