Podcasts

Patrick Gray and Adam Boileau are joined by the newest guy on the Risky Business Media team, James WIlson. They discuss the week’s cybersecurity news, including:

• Notepad++ update supply chain attack has been attributed to China
• The AI agent future is even more stupid than expected; behold the OpenClaw/Clawdbot/Moltbook mess
• The Epstein files claim he had a personal hacker?
• Microsoft is finally getting ready to (think about starting to begin to) disable NTLM by default
• The usual bugs in the usual things! Ivanti, Fortinet, and Solarwinds. Again.
• Telco hides a free trip in its privacy policy, someone actually reads it and wins!

This weeks’s episode is sponsored by opensource IDP platform Authentik. CEO Fletcher Heisler talks to Pat about their new endpoint agent that can enforce device posture policies during login.

This episode is also available on Youtube.

The Plone CMS stops a supply-chain attack, French cops raid the X Paris office; the number of malicious OpenClaw skills grows, and a Chinese APT hacked Notepad++ servers.

In this edition of Between Two Nerds Tom Uren and The Grugq discuss the recent Russian attack on Polish electricity infrastructure.

This episode is also available on Youtube.

ICE tracking app blames a recent hack on a government agent, Microsoft will disable NTLM in the next release of Windows, Poland bans Chinese cars from military bases, and Ivanti patches two new zero-days.

In this sponsored interview, Casey Ellis chats to Edward Wu, founder of Dropzone AI about a recent Vanderbilt University report that reveals that foreign adversaries’ resources are growing. Edward says AI capabilities are critical to the future of cyber defence, because the west can’t hire itself out of the shortfall.

Hackers breach eScan antivirus and distribute a backdoor, Google takes down the IPIDEA proxy botnet, most GDPR fines remain uncollected, and the Poland wiper attack hit 30 locations.

Tom Uren and Amberleigh Jack talk about the Pall Mall Process, an international effort to reign in abusive spyware. Tom thinks the US has already stumbled into a viable carrots and sticks style strategy that will shape the industry more than coming up with standards will.

The pair also discuss news that Chinese Salt Typhoon hackers compromised the calls of senior UK officials in Downing Street. The UK has extensive telecommunications security regulations and the incident makes us wonder what that legislation is actually good for.

This episode is also available on Youtube.

In this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news. They discuss:

• La France is tres sérieux about ditching US productivity software
• China’s Salt Typhoon was snooping on Downing Street
• Trump wields the mighty DISCOMBOBULATOR
• ESET says the Polish power grid wiper was Russia’s GRU Sandworm crew
• US cyber institutions CISA and NIST are struggling
• Voice phishing for MFA bypass is getting even more polished

This episode is sponsored by Sublime Security. Brian Baskin is one of the team behind Sublime’s 2026 Email Threat Research report. He joins to talk through what they see of attackers’ use of AI, as well as the other trends of the year.

This episode is also available on Youtube.

A cyberattack has crippled cars in Russia, Microsoft patches an Office zero-day, WhatsApp rolls out an account lockdown feature, and a handful of Chrome extensions steal ChatGPT auth tokens.

In this edition of Between Two Nerds Tom Uren and The Grugq discuss how getting pinged hurts state hackers by introducing uncertainty. Publishing technical reports on the hack can actually improve the situation by removing uncertainty about how attackers were detected.

This episode is also available on Youtube.