Show notes

• Risky Bulletin: FBI extracted Signal chats from iPhone notifications logs

They also discuss how America’s lawful intercept systems are high value targets for Chinese hackers. It’s a big deal that part of the FBI’s lawful intercept system has been breached and it is high time that the security of these systems was reviewed.

This episode is also available on Youtube.

Show notes

Show notes

• Risky Bulletin: Cybercrime losses passed $20 billion last year

Show notes

• The Financial Times on the plan to kill Ali Khamenei
• Israel National News, 50 companies wiped

Show notes

• Risky Bulletin: New Cambodian law will put scam compound operators in prison for life

Show notes

Show notes

• Risky Bulletin: Russia will revoke licenses for unruly ISPs

They also discuss how broadband wireless communications links are critical in the war in Ukraine. After losing access to Starlink, Russian forces are doubling down on using equipment from American company Ubiquiti.

This episode is also available on Youtube.

Show notes

Show notes

• Risky Bulletin: Iranian password sprays came first, then came the missiles

This episode is also available on Youtube.

Show notes

• We Are All Targets, How Renegade Hackers Invented Cyber War and Unleashed an Age of Global Chaos
• The $1.25 million scam

Show notes

• Risky Bulletin: Apple adds ClickFix warning to macOS terminal

Today, patches are being reversed by AI systems into exploits in a matter of hours. The days of being able to rely on timely patching as a primary control are over. James talks to Adam about this new reality and how Knocknoc can help.

Show notes

Show notes

• Risky Bulletin: Russia to use custom crypto-algorithm for its 5G network

They also discuss the FCC’s surprising move to ban foreign-made consumer routers. It’s not about security, it is just about reshoring manufacturing.

And finally they discuss the Trump administration’s plan for unleashing the private sector.

This episode is also available on Youtube.

Show notes

Show notes

• Risky Bulletin: The Intellexa CEO is pissed!!!

This episode is also available on Youtube.

Show notes

• Google on Coruna
• Google on DarkSword
• iVerify on DarkSword
• Lookout on DarkSword
• Coruna deep dive

Show notes

• Risky Bulletin: GitHub is starting to have a real malware problem

Show notes

Show notes

• Risky Bulletin: AWS kills bucketsquatting

They also discuss Meta stepping back from end-to-end encryption on Instagram’s direct messages. There is a time and place for E2EE messages, so good riddance.

Finally, they discuss the one weird trick President Trump uses to make his smartphone conversations useless for foreign intelligence services.

This episode is also available on Youtube.

Show notes

Show notes

• Risky Bulletin: EU finally imposes more cyber sanctions

This episode is also available on Youtube.

Show notes

• Zetter Zero Day on the Stryker hack
• BTN on the evolution of Iranian hackers with Hamid Kashfi

Show notes

• Risky Bulletin: Meta disrupts Mexican cartels

Show notes

• Key findings from the 2026 Sublime Email Threat Research Report
• Scammers actively targeting real estate agents with remote access attacks
• Fake Google Meet invitation, fake Microsoft Store, real malware attack
• Alex Orleans on LinkedIn

Show notes

• Risky Bulletin: Another residential proxy provider falls as authorities continue crackdowns

They also discuss the Coruna exploit kit, which is now known to have leaked from a US defence contractor. Exploits are so valuable that it is unrealistic to expect they can be kept secret.

This episode is also available on Youtube.

Show notes

Show notes

• Risky Bulletin: Gen. Joshua Rudd confirmed as next CyberCom and NSA head

This episode is also available on Youtube.

Show notes

• Srsly Risky Biz: The Four Hour Cyber War on Iran
• The Thing listening device
• IBM Selectric bug
• CIA compromise in Iran

Show notes

• Risky Bulletin: New White House EO prioritizes fight against scams and cybercrime

The pair discuss the company’s investment in its Thinkst Labs, how it differs from other security research labs, and how it helps grow products and people.

Show notes

Show notes

• Risky Bulletin: Iranian hackers are scanning for security cameras to aid missile strikes

They also discuss how threat actors are using AI. It’s not game-changing so far, but it is very much altering the balance between attack and defence.

This episode is also available on Youtube.

Show notes

Show notes

• Risky Bulletin: Cyber Command conducted cyberattacks ahead of Iran strikes

This episode is also available on Youtube.

Show notes

• Russia using cyber espionage to direct grid missile strikes
• The Spectator article on US-UK relations
• BTN72 on the Taurus missile leak

Show notes

• Risky Bulletin: LLMs can deanonymize internet users based on their past comments

Show notes

Show notes

• Risky Bulletin: Russian man investigated for extorting Conti ransomware group

They also discuss the return of Volt Typhoon, the Chinese hacker group prepositioning in critical infrastructure for sabotage in the event of a conflict over Taiwan. The group is still around, even though the US government declared victory against it last July.

This episode is also available on Youtube.

Show notes

Show notes

• Risky Bulletin: Russia starts criminal probe of Telegram founder Pavel Durov

This episode is available on Youtube.

Show notes

• How AI-powered espionage will favour China
• Google's AI threat tracker, February 2026

Show notes

• Risky Bulletin: AI-driven hacking campaign breaches 600+ Fortinet devices

Show notes

Show notes

• Risky Bulletin: RPKI infrastructure sits on shaky ground

They also talk about ‘distillation attacks’. They are a way that AI developers can steal the secret sauce of advanced models just by asking questions. It looks like American companies need government assistance if the US wants to keep its AI lead.

This episode is also available on Youtube.

Show notes

Show notes

• Risky Bulletin: Supply chain attack plants backdoor on Android tablets

This episode is also available on Youtube

Show notes

• The Record on Iranian air defences
• Max Smeets No Shortcuts
• RunZero sponsor interview

Show notes

• Risky Bulletin: Cambodia promises to dismantle scam networks by April

Show notes

• KEVology: An analysis of exploits, scores, & timelines on the CISA KEV

Show notes

• Risky Bulletin: IcedID malware developer fakes his own death to escape the FBI

They also discuss Expedition Cloud, a Chinese cyber range that replicated the critical infrastructure of neighbouring countries, apparently to develop and fine-tune cyber disruption operations.

Finally, they talk about what we’ve learnt about the role of cyber operations in the US bombing of Iranian nuclear facilities. It was far bigger than we previously thought.

This episode is also available on Youtube.

Show notes

Show notes

• Risky Bulletin: Chinese cyber-spies breached all of Singapore's telcos

This episode is also available on Youtube.

Show notes

• Hunterbrook's Ubiquiti investigation
• Trail of Bits sponsor interview

Show notes

• Risky Bulletin: SmarterTools hacked via its own product

Show notes

• Trail of Bits Skills Marketplace

Show notes

• Risky Bulletin: Denmark recruits hackers for offensive cyber operations

They also discuss SpaceX’s rapid action to stop the Russian military using Starlink terminals to guide drones deep into Ukrainian territory.

This episode is also available on Youtube.

Show notes

Show notes

• Risky Bulletin: Plone CMS stops supply-chain attack

This episode is also available on Youtube.

Show notes

• ESET's first report
• ESET's update report
• CERT-PL report
• Dragos report
• The Insider 'Hidden Bear' investigation
• BTN 124, How Russia's sabotage team got into hacking
• BTN 145, Russia's cyber war on wheat

Show notes

• Risky Bulletin: StopICE blames hack on "a CBP agent here in SoCal"

Show notes

• Dominating the Digital Space: A Whole-of-Society Strategy for Securing the United States from Cyber Aggression

Show notes

• Risky Bulletin: eScan antivirus distributes backdoor in latest supply chain attack

The pair also discuss news that Chinese Salt Typhoon hackers compromised the calls of senior UK officials in Downing Street. The UK has extensive telecommunications security regulations and the incident makes us wonder what that legislation is actually good for.

This episode is also available on Youtube.

Show notes

Show notes

• Risky Bulletin: Cyberattack cripples cars across Russia

This episode is also available on Youtube.

Show notes

• BTN 36, The culture of the Snake

Show notes

• ConsentFix: Analysing a browser-native ClickFix-style attack that hijacks OAuth consent grants
• ConsentFix debrief: latest community insights, recommendations, and predictions
• Luke Jennings, ConsentFix LinkedIn post
• Year in Review: How Phishing Attacks Evolved in 2025

Show notes

• Risky Bulletin: EU readies new anti-spyware group, but with even less powers than PEGA

Show notes

• Risky Bulletin: Improperly patched bug exploited again in Fortinet firewalls

They also discuss the nomination of General Joshua Rudd as head of NSA and US Cyber Command.

This episode is also available on Youtube.

Show notes

Show notes

• Risky Bulletin: Domain resurrection attacks come to Canonical's Snap Store

This episode is also available on Youtube.

Show notes

• What is Information Warfare by Martin Libicki
• Human Rights in China
• Leaked conversation on Youtube, in Mandarin
• Rebecca Black, Friday

Show notes

• Risky Bulletin: Germany seeks more hacking and surveillance powers for its intel service

In isolation, for example, both your Github and your AWS deployment could follow best practices. But bring them together and you’ve got problems. Bloodhound’s OpenGraph lets you find and fix these otherwise invisible attack paths.

Show notes

Show notes

• Risky Bulletin: DRAM price hikes set to impact firewalls too

They also discuss the role of disruptive cyber operations in the US’s raid to capture Venezuelan President Nicolás Maduro.

This episode is also available on Youtube.

Show notes

Show notes

• Risky Bulletin: Voice cloning defenses still weak, can be bypassed

This episode is also available on Youtube.

Show notes

• Maduro's fall puts US cyber power in the spotlight
• Trump suggests US used cyberattacks to turn off lights in Venezuela during strikes
• Venezuela strike marks a turning point for US cyber warfare
• Power outages, but not cyber (from Oleg Shakirov)
• NYTimes Inside 'Operation Absolute Resolve'
• Spec Ops by William McRaven

Show notes

• Risky Bulletin: Apex Legends streamers hacked again

Show notes

Show notes

• Risky Bulletin: Belarus deploys spyware on journalists' phones

They also discuss the possibility that the US was responsible for a cyber attack on Venezuela’s state oil company and how Russian state-backed hacktivism is so dumb.

This episode is also available on Youtube.

Show notes

Show notes

• Risky Bulletin: Most smart devices run outdated web browsers

Kashfi talks about how the regime once forced people to hack and crushed the domestic security research scene. He describes how and why the government has changed its approach and is now reaping the rewards of improved Iranian capabilities.

This episode is available on Youtube.

Show notes

• The "Mossad or not" threat model by James Mickens
• Shamoon wiper
• iLO rootkit

Show notes

• Risky Bulletin: African freelancers behind anti-US and anti-French disinfo campaigns

Show notes

• ConsentFix: Analysing a browser-native ClickFix-style attack that hijacks OAuth consent grants
• Introducing our guide to phishing detection evasion techniques

Show notes

• Risky Bulletin: EU has a problem attracting and retaining cyber talent

Show notes

• Risky Bulletin: Linux adds PCIe encryption to help secure cloud servers

Show notes

They also discuss Anthropic testifying to Congress and Iran using cyber intelligence to target missile strikes including by sharing it with Houthi rebels who fired at a specific ship.

And finally, we are not reassured by China’s white paper about being a good cyber citizen.

This episode is also available of Youtube.

Show notes

• Assessing Irresponsibility in Cyber Operations
• AWS on state actors bridging cyber and kinetic warfare

This episode is also available on Youtube.

Show notes

• Department 40 exposed
• Charming Kitten exposed

Mike talks about bringing together payments insights with threat intel to get strong signals about fraud or crime, the benefits of international collaboration and when it makes sense for your CSO to also be the CISO.

Show notes

They also discuss the complete doxxing of the Iranian cyber espionage group known as APT35 or Charming Kitten.

This episode is also available on Youtube.

Show notes

This episode is also available on Youtube.

Show notes

• FCC looks to torch Biden-era cyber rules sparked by Salt Typhoon mess
• Netflix's Chaos Monkey
• Brian in Pittsburgh
• BTN145
• Ultra

They also discuss Google’s legal disruption of the China-based Lighthouse phishing as a service operation. Surprisingly, it seems to be working!

Finally, they talk about why the memory safe Rust language has been a triple win for Android.

This episode is also available on Youtube.

Show notes

This episode is also available on Youtube.

Show notes

• ESET report
• Soesanto and Gajos at Lawfare

Show notes

• Risky Bulletin: Europol takes down Elysium, VenomRAT, and Rhadamanthys infrastructure

They also discuss recent state-backed supply chain attacks that have, so far, remained targeted and responsible. Finally they look at the UK’s decision to stop sharing intelligence with the US about suspected drug boats in the Caribbean.

This episode is also available on Youtube.

Show notes

Show notes

• Risky Bulletin: Another Chinese security firm has its data leaked

This episode is also available on Youtube.

Show notes

• Google's AI Threat Tracker
• Script framework

Show notes

Show notes