Risky Bulletin Podcast feed

America’s Government Accountability Office says the Pentagon employs more than 70,000 cyber personnel, hackers steal SonicWall firewall configs, DeepSeek returns insecure code for groups China doesn’t like, and two Scattered Spider members arrested in the UK.

Tom Uren and Amberleigh Jack talk about why it is good news that US investment in spyware vendors has skyrocketed.

They also discuss the in-principle agreement for TikTok to remain in the US. It’s a win-win: a win for China and a win for TikTok, but not so much a win for US national security.

This episode is also available on YouTube.

Android will only issue monthly updates for high-risk vulnerabilities A self-replicating attack hits the npm registry; BreachForums’ admin resentenced on appeal; …and hackers breach Gucci’s parent company.

In this edition of Between Two Nerds Tom Uren and The Grugq talk about the limits of a state’s cyber power.

This episode is also available on YouTube

The US sues a crypto ATM operator for profiting from scams, SMS blasters make their way into Switzerland, the US and Portugal tussle over the extradition of the RaidForums admin, and Samsung patches a zero-day in its phones.

In this sponsored interview, Casey Ellis chats to David Cottingham and Daniel Schell from Airlock Digital. They discuss the challenge of browser extension management for enterprises, why it’s a priority and how Airlock can help.

Apple notifies French users of spyware attacks, China will increase fines for data breaches Google pays $1.6mil for cloud bugs at a hackathon event, and no more hacked free laundry for Dutch students

Tom Uren and Amberleigh Jack talk about the Salesloft Drift incident. It is a great example of the sprawling impact that the breach of a single service provider can have. We expect these single-compromise-large-blast-radius attacks will become the new norm.

They also talk about Apple’s Memory Integrity Enforcement, which promises to be a big step forward for memory safety on Apple devices.

This episode is also available on Youtube.

The White House will keep the CyberCom and NSA dual-hat leadership arrangement, the US charges a major ransomware figure, Apple ships a memory safety protection feature and yet another supply chain attack hits the npm world.

In this edition of Between Two Nerds Tom Uren and The Grugq talk about the trend toward outrageously complicated exploits and what it means for hacking and cyber espionage.

This episode is also available on YouTube