Podcasts

Tom Uren and Amberleigh Jack talk about Microsoft CEO Satya Nadella’s messaging around personnel changes at the top of its security organisation. These signal a focus on selling security products rather than on making secure products.

They also discuss Expedition Cloud, a Chinese cyber range that replicated the critical infrastructure of neighbouring countries, apparently to develop and fine-tune cyber disruption operations.

Finally, they talk about what we’ve learnt about the role of cyber operations in the US bombing of Iranian nuclear facilities. It was far bigger than we previously thought.

This episode is also available on Youtube.

On this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news, including:

• Microsoft reshuffles security leadership. It doesn’t spark joy.
• Russia is hacking the Winter Olympics. Again. But y tho?
• China-linked groups are keeping busy, hacking telcos in Norway, Singapore and dozens of others
• Campaigns underway targeting Ivanti, BeyondTrust and SolarWinds products
• An unknown hero blocks 23/tcp on the US internet backbone
• And James Wilson pops into talk about Claude’s go at a C compiler

This week’s episode is sponsored by Ent.AI, an AI startup that isn’t quite ready to tell us all what they’re doing. But nevertheless, founder Brandon Dixon joins to discuss AI’s role in security. Where does language-based understanding take us that previous methods couldn’t?

This episode is also available on Youtube.

China has breached all of Singapore’s major telcos, Microsoft announces two new security features, a hacktivist leaks data from a stalkerware provider, and researchers map out “GRU information warfare units” based on their insignia.

In this edition of Between Two Nerds Tom Uren and The Grugq talk about why the world is destined to be perpetually insecure.

This episode is also available on Youtube.

A software company gets hacked through vulnerabilities in its own product, European agencies are hacked via recent Ivanti zero-days, Senegal is being extorted by hackers, and a state actor is behind a Signal phishing campaign in Germany.

In this Risky Business sponsored interview, Tom Uren talks to Trail of Bits CEO Dan Guido about how Trail of Bits is reworking its business processes to take advantage of AI. Dan talks about what it takes to make AI agents reliable and trustworthy and how that will give the company an edge by making its work both better and faster.

Denmark recruits hackers for offensive cyber operations, CISA tells agencies to remove old edge devices, Coinbase has another insider breach, and Microsoft appoints a new security chief.

Tom Uren and Amberleigh Jack talk about Google’s cyber disruption unit taking aim at the IPIDEA residential proxy network. The network was a cybercrime enabler that was used by hundreds of threat actors for crime and espionage. More of this kind of disruption please.

They also discuss SpaceX’s rapid action to stop the Russian military using Starlink terminals to guide drones deep into Ukrainian territory.

This episode is also available on Youtube.

Patrick Gray and Adam Boileau are joined by the newest guy on the Risky Business Media team, James WIlson. They discuss the week’s cybersecurity news, including:

• Notepad++ update supply chain attack has been attributed to China
• The AI agent future is even more stupid than expected; behold the OpenClaw/Clawdbot/Moltbook mess
• The Epstein files claim he had a personal hacker?
• Microsoft is finally getting ready to (think about starting to begin to) disable NTLM by default
• The usual bugs in the usual things! Ivanti, Fortinet, and Solarwinds. Again.
• Telco hides a free trip in its privacy policy, someone actually reads it and wins!

This weeks’s episode is sponsored by opensource IDP platform Authentik. CEO Fletcher Heisler talks to Pat about their new endpoint agent that can enforce device posture policies during login.

This episode is also available on Youtube.

The Plone CMS stops a supply-chain attack, French cops raid the X Paris office; the number of malicious OpenClaw skills grows, and a Chinese APT hacked Notepad++ servers.