Risky Bulletin Podcast feed

In this edition of Between Two Nerds Tom Uren and The Grugq discuss how Google just keeps on finding iOS exploit kits. Is iPhone security busted? And why are Russian state hackers after crypto?

This episode is also available on Youtube.

Russian intelligence services compromised thousands of Signal accounts, the Trivy vulnerability scanner is abused in a supply chain attack, Oracle issues an out-of-band patch for its Fusion Middleware, and the FBI takes down the Aisuru and Kimwolf botnets.

In this Risky Business sponsored interview, Casey Ellis chats to Fletcher Heisler, founder and CEO of open source identity provider, Authentik. They chat about Extended Identity Access Management (XIAM), the company’s new acronym that has been seven years in the making.

A second iOS hacking framework has been found in the wild, Belgium launches its own government communications app, AWS kills S3 bucketsquatting and a cyberattack cripples car breathalyzers.

Tom Uren and Amberleigh Jack talk about how successfully achieving America’s war goals could force Iran to double down on cyber power. It’s resilient to bombing and is the cheapest, quickest way for the regime to get some wins post-war.

They also discuss Meta stepping back from end-to-end encryption on Instagram’s direct messages. There is a time and place for E2EE messages, so good riddance.

Finally, they discuss the one weird trick President Trump uses to make his smartphone conversations useless for foreign intelligence services.

This episode is also available on Youtube.

The EU imposes cyber sanctions, an Iranian cyber chief was killed by US-Israeli strikes, the UK fixes a major bug in its company registry, and a US man phishes celebrity athletes while on home detention… for phishing.

In this edition of Between Two Nerds Tom Uren and The Grugq discuss how bombing Iran changes incentives for Iranian hacker groups. Destroying other ways that Iran might project power could force it to double down on cyber capabilities.

This episode is also available on Youtube.

Meta suspends Mexican cartel accounts, multiple vulnerabilities have been found in Linux AppArmour, Instagram will disable support for end-to-end encrypted messaging and a supply chain attack hits AppsFlyer.

In this Risky Business sponsor interview, Catalin Cimpanu talks with Alex Orleans, Head of Threat Intelligence at Sublime Security, about the increase in email attacks leveraging Zoom invites and other video conferencing tools.

Authorities take down a residential proxy service, Iranian hackers wipe the network of a US medical device maker, Apple patches unsupported iOS against Coruna, and CISA asks for Cisco SD-WAN device logs.