Risky Bulletin Podcast feed

Android will only issue monthly updates for high-risk vulnerabilities A self-replicating attack hits the npm registry; BreachForums’ admin resentenced on appeal; …and hackers breach Gucci’s parent company.

In this edition of Between Two Nerds Tom Uren and The Grugq talk about the limits of a state’s cyber power.

This episode is also available on YouTube

The US sues a crypto ATM operator for profiting from scams, SMS blasters make their way into Switzerland, the US and Portugal tussle over the extradition of the RaidForums admin, and Samsung patches a zero-day in its phones.

In this sponsored interview, Casey Ellis chats to David Cottingham and Daniel Schell from Airlock Digital. They discuss the challenge of browser extension management for enterprises, why it’s a priority and how Airlock can help.

Apple notifies French users of spyware attacks, China will increase fines for data breaches Google pays $1.6mil for cloud bugs at a hackathon event, and no more hacked free laundry for Dutch students

Tom Uren and Amberleigh Jack talk about the Salesloft Drift incident. It is a great example of the sprawling impact that the breach of a single service provider can have. We expect these single-compromise-large-blast-radius attacks will become the new norm.

They also talk about Apple’s Memory Integrity Enforcement, which promises to be a big step forward for memory safety on Apple devices.

This episode is also available on Youtube.

The White House will keep the CyberCom and NSA dual-hat leadership arrangement, the US charges a major ransomware figure, Apple ships a memory safety protection feature and yet another supply chain attack hits the npm world.

In this edition of Between Two Nerds Tom Uren and The Grugq talk about the trend toward outrageously complicated exploits and what it means for hacking and cyber espionage.

This episode is also available on YouTube

A new APT group turns out to be a phishing test, Qantas cuts executives’ bonuses after a recent breach, Anthropic stops selling AI tools to Chinese firms, and Nepal blocks 26 social media sites.

In this sponsored interview Casey Ellis chats with Keith Hoodlet from Trail of Bits. Keith is Trail of Bits’ director of engineering for AI, machine learning and application security and he joined Casey to talk about why prompt injection attack techniques that target AI are an unsolvable problem.