On this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news:

• White House’s off-brand Israeli Signal fork logs cleartext messages with hard coded creds while getting hacked (twice). Just … Wow.
• Ransomware attacks on UK retailers are linked, and Marks & Spencer has it extra bad
• After six years dormant, a Magento eCommerce platform backdoor comes to life
• The North Korean IT worker scam is truly webscale
• NSO group owes Meta $168m for hacking WhatsApp

This week’s episode is sponsored by vulnerability management wranglers, Nucleus Security. Aaron Unterberger joins to talk through the complexities of tracking vulnerabilities in cloud components - left to the source, right to the deployments, and …sideways into the sidecars?

This week’s show also features an excerpt from Pat’s interview with Senator Mark Warner - Scoot back one in your podcast feed to check out the full chat, or find it on Youtube here https://youtu.be/ZezjjoaYrQA.

Show Notes:

Mike Waltz Accidentally Reveals Obscure App the Government Is Using to Archive Signal Messages https://www.404media.co/mike-waltz-accidentally-reveals-obscure-app-the-government-is-using-to-archive-signal-messages/

Despite misleading marketing, Israeli company TeleMessage, used by Trump officials, can access plaintext chat logs https://micahflee.com/despite-misleading-marketing-israeli-company-telemessage-used-by-trump-officials-can-access-plaintext-chat-logs/

The Signal Clone the Trump Admin Uses Was Hacked https://www.404media.co/the-signal-clone-the-trump-admin-uses-was-hacked/

App used by Mike Waltz suspends services after hacking claims https://www.nbcnews.com/tech/security/telemessage-suspends-services-hackers-say-breached-app-rcna204925

Senator Demands Investigation into Trump Admin Signal Clone After 404 Media Investigation https://www.404media.co/senator-demands-investigation-into-trump-admin-signal-clone-after-404-media-investigation/

MG on X: “Looks like TeleMessage was probably procured and rolled out under Biden. There are public records for it. https://t.co/XCuZpi8PL3” / X https://x.com/MG/status/1918148557670105354

Harrods becomes latest retailer to announce attempted cyberattack | The Record from Recorded Future News https://therecord.media/harrods-cyberattack-uk-retailer

Co-op DragonForce cyber attack includes customer data, firm admits https://www.bbc.com/news/articles/crkx3vy54nzo

Co-op cyber attack: Staff told to keep cameras on in meetings https://www.bbc.com/news/articles/cg72k851dd8o

Hundreds of e-commerce sites hacked in supply-chain attack - Ars Technica https://arstechnica.com/security/2025/05/hundreds-of-e-commerce-sites-hacked-in-supply-chain-attack/

Microsoft’s new “passwordless by default” is great but comes at a cost - Ars Technica https://arstechnica.com/security/2025/05/microsoft-pushes-unphishable-logins-forward-with-new-sign-in-options/

Windows RDP lets you log in using revoked passwords. Microsoft is OK with that. - Ars Technica https://arstechnica.com/security/2025/04/windows-rdp-lets-you-log-in-using-revoked-passwords-microsoft-is-ok-with-that/

North Korean operatives have infiltrated hundreds of Fortune 500 companies | CyberScoop https://cyberscoop.com/north-korea-workers-infiltrate-fortune-500/

US wants to cut off key player in Southeast Asian cybercrime industry | The Record from Recorded Future News https://therecord.media/us-fincen-cut-off-huione-group-southeast-asia-cyber-scam

Myanmar militia leader sanctioned by US over cyber scam connections | The Record from Recorded Future News https://therecord.media/myanmar-militia-leader-us-sanctions-cyber-scam-industry

Trump proposes major cut to CISA’s budget, citing false ‘censorship’ claims | Cybersecurity Dive https://www.cybersecuritydive.com/news/trump-cisa-budget-cuts-disinformation/747047/

NSA to cut up to 2,000 civilian roles as part of intel community downsizing | The Record from Recorded Future News https://therecord.media/nsa-to-cut-up-to-2000-roles-downsizing

NSO Group owes $168M in damages to WhatsApp over spyware infections, jury says | CyberScoop https://cyberscoop.com/nso-group-owes-whatsapp-over-spyware-infections-jury/