Risky Bulletin Podcast feed

A cyberattack disrupts European airports, a Scattered Spider member turns himself in to US authorities, the Pentagon hires a new cyber policy leader and two Russian APTs work together for the first time.

In this Risky Business News sponsor interview, Catalin Cimpanu talks with Jared Atkinson, CTO at SpecterOps. They discuss how SpecterOps is using classifying identities under two categories, identities at rest and identities in transit, what they are and how they should be treated differently.

America’s Government Accountability Office says the Pentagon employs more than 70,000 cyber personnel, hackers steal SonicWall firewall configs, DeepSeek returns insecure code for groups China doesn’t like, and two Scattered Spider members arrested in the UK.

Tom Uren and Amberleigh Jack talk about why it is good news that US investment in spyware vendors has skyrocketed.

They also discuss the in-principle agreement for TikTok to remain in the US. It’s a win-win: a win for China and a win for TikTok, but not so much a win for US national security.

This episode is also available on YouTube.

Android will only issue monthly updates for high-risk vulnerabilities A self-replicating attack hits the npm registry; BreachForums’ admin resentenced on appeal; …and hackers breach Gucci’s parent company.

In this edition of Between Two Nerds Tom Uren and The Grugq talk about the limits of a state’s cyber power.

This episode is also available on YouTube

The US sues a crypto ATM operator for profiting from scams, SMS blasters make their way into Switzerland, the US and Portugal tussle over the extradition of the RaidForums admin, and Samsung patches a zero-day in its phones.

In this sponsored interview, Casey Ellis chats to David Cottingham and Daniel Schell from Airlock Digital. They discuss the challenge of browser extension management for enterprises, why it’s a priority and how Airlock can help.

Apple notifies French users of spyware attacks, China will increase fines for data breaches Google pays $1.6mil for cloud bugs at a hackathon event, and no more hacked free laundry for Dutch students

Tom Uren and Amberleigh Jack talk about the Salesloft Drift incident. It is a great example of the sprawling impact that the breach of a single service provider can have. We expect these single-compromise-large-blast-radius attacks will become the new norm.

They also talk about Apple’s Memory Integrity Enforcement, which promises to be a big step forward for memory safety on Apple devices.

This episode is also available on Youtube.