Risky Business Podcast

June 10, 2026

Risky Business #841 -- Microsoft gets owned and 0day'd

Presented by

James Wilson
James Wilson

Technology Editor

Patrick Gray
Patrick Gray

CEO and Publisher

On this week’s show special guest co-host Chris Wade, the founder of Corellium turned Cellebrite CTO, joins Patrick Gray and James Wilson to discuss the week’s cybersecurity news.

They cover:

  • Microsoft has repos owned, GitHub tokens popped, and a new 0day dropped on them
  • Meanwhile, researchers are choosing full disclosure instead of engaging MSRC
  • Meta’s AI support agent allowed a staggering 20,000 accounts to be stolen!
  • Apple pulls Russia’s MAX messenger from the App Store and disables notifications
  • Anthropic gives the public our first Mythos-class model but it won’t do cybersecurity work
  • Stripe and Google Tag Manager used in eCommerce website hack campaign
  • And much, much more!

This week’s show is brought to you by runZero. HD Moore, runZeros’ founder, drops by in this week’s sponsor interview to talk about the AI vibe shift. Everyone is very worried about getting owned all of a sudden, and it’s really changing the cybersecurity business.

This episode is also available on YouTube.

Risky Business #841 -- Microsoft gets owned and 0day'd
0:00 / 63:02

Show notes

Microsoft Hacked to Deliver Malware to Claude and Gemini Users | 404.feed.press

Researcher publishes GitHub token-stealing exploit, blames Microsoft’s disclosure process | therecord.media

Microsoft Defender 'RoguePlanet' zero-day grants SYSTEM privileges | BleepingComputer

Microsoft breaks Patch Tuesday record with 206 vulnerabilities | CyberScoop

chompie1337 | X

WhatsApp says NSO targeted users with spearfishing attacks in violation of court order | therecord.media

Over 20,000 Instagram accounts stolen in Meta AI support hack | BleepingComputer

New Apple feature automatically changes your compromised passwords | BleepingComputer

Apple removes Russia’s state-backed messaging app Max from its store | therecord.media

Exclusive: Anthropic's Mythos can exploit new flaws in hours |

Anthropic’s new model is Mythos on a leash | CyberScoop

Anthropic Offers Mythos Upgrade for Cyber Partners and a ‘Safe’ Version for the Rest of You | wired.com

OpenClaw AI agent found falling for phishing attacks, spills user data | BleepingComputer

OpenAI unveils Lockdown Mode to protect sensitive data from prompt injection attacks | TechCrunch Security

Hands on with Intelligent Terminal, an AI-powered Windows Terminal | BleepingComputer

Seeking Counsel: Ongoing Targeted Campaign Against US Law Firms | Mandiant

Check Point warns of zero-day flaw targeted by ransomware affiliate | Cybersecurity Dive

ServiceNow discloses security incident exposing customer data | BleepingComputer

Credit card theft campaign abuses Stripe to host stolen payment info | BleepingComputer

CrowdStrike, Palo Alto Networks defy estimates as AI fuels cyber demand | Cybersecurity Dive

The U.S. Military Quietly Turned GPS Into a Global ‘Numbers Station,’ Evidence Suggests | 404.feed.press

New 'HTTP/2 Bomb' DoS attack crashes web servers in under a minute | BleepingComputer

Google has quietly cut staff across its Cloud business | businessinsider.com