Podcasts

Tom Uren and Amberleigh Jack talk about FBI Director Kash Patel admitting to Congress that the Bureau is buying American’s location data and using it to generate valuable intelligence. That’s concerning, because commercially available information can be used in tremendously invasive ways and the FBI can buy it without needing a warrant.

They also discuss the FCC’s surprising move to ban foreign-made consumer routers. It’s not about security, it is just about reshoring manufacturing.

And finally they discuss the Trump administration’s plan for unleashing the private sector.

This episode is also available on Youtube.

On this week’s show, Patrick Gray, Adam Boileau and James WIlson discuss the week’s cybersecurity news. They talk through:

• TeamPCP’s supply chain attack on Github, and they threw in an anti-Iran wiper, because why not?!
• Anthropic hooks up its models to just… use your whole computer
• After Stryker’s Very Bad Day, CISA says maybe add some more controls around your Intune?
• Another iOS exploit kit shows up in the cyber bargain-bin
• The FTC decides to ban… all new home routers?! U wot m8?!
• Supermicro founder was personally sanction-busting Nvidia GPUs into China?!

This week’s episode is sponsored by enterprise browser maker, Island. Chief Customer Officer Bradon Rogers joins Pat to explain how its customers are using Island to control the use of personal AI services in regulated industries.

This episode is also available on Youtube.

Intellexa’s CEO is angry with Greek authorities, the FTC bans new foreign-made routers, Google launches a threat disruption unit, and German police warned companies about software bugs… in the middle of the night.

In this edition of Between Two Nerds Tom Uren and The Grugq discuss how Google just keeps on finding iOS exploit kits. Is iPhone security busted? And why are Russian state hackers after crypto?

This episode is also available on Youtube.

Russian intelligence services compromised thousands of Signal accounts, the Trivy vulnerability scanner is abused in a supply chain attack, Oracle issues an out-of-band patch for its Fusion Middleware, and the FBI takes down the Aisuru and Kimwolf botnets.

In this episode of Risky Business Features, James Wilson and Brad Arkin discuss the attack that devastated medtech company Stryker. It turns out the attackers used Microsoft’s inTune to wipe the company’s devices, but what else could they have weaponised?

This podcast basically turned into an incident review of the Stryker incident. Enjoy!

In this Risky Business sponsored interview, Casey Ellis chats to Fletcher Heisler, founder and CEO of open source identity provider, Authentik. They chat about Extended Identity Access Management (XIAM), the company’s new acronym that has been seven years in the making.

A second iOS hacking framework has been found in the wild, Belgium launches its own government communications app, AWS kills S3 bucketsquatting and a cyberattack cripples car breathalyzers.

Tom Uren and Amberleigh Jack talk about how successfully achieving America’s war goals could force Iran to double down on cyber power. It’s resilient to bombing and is the cheapest, quickest way for the regime to get some wins post-war.

They also discuss Meta stepping back from end-to-end encryption on Instagram’s direct messages. There is a time and place for E2EE messages, so good riddance.

Finally, they discuss the one weird trick President Trump uses to make his smartphone conversations useless for foreign intelligence services.

This episode is also available on Youtube.

James Wilson delivers his take on the state of the Model Context Protocol (MCP) in this solo episode of Risky Business Features. Despite MCP being the technology that made Large Language Models useful and AI Agents possible, the models have shown us they want to use something else instead. They want to use the shell directly, and that is going to have serious cybersecurity consequences.