On this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news:

• TeleMessage memory dumps show up on DDoSecrets
• Coinbase contractor bribed to hand over user data
• Telegram does seem to be actually cooperating with law enforcement
• Britain’s legal aid service gets 15 years worth of applicant data stolen
• Shocking no one, Ivanti were weaseling when they blamed latest bugs on a third party library

This week’s episode is sponsored by Prowler, who make an open source cloud security tool. Founder and original project developer Toni de la Fuente joins to talk through the flexibility that open tooling brings. Prowler is also adding support for SaaS platforms like M365, and of course, an AI assistant to help you write checks!

Show Notes:

TeleMessage - Distributed Denial of Secrets https://ddosecrets.com/article/telemessage

How the Signal Knockoff App TeleMessage Got Hacked in 20 Minutes | WIRED https://www.wired.com/story/how-the-signal-knock-off-app-telemessage-got-hacked-in-20-minutes/

Coinbase says thieves stole user data and tried to extort $20M https://www.nbcnews.com/tech/security/coinbase-says-thieves-stole-user-data-tried-extort-20m-rcna207017

Hack could cost Coinbase up to $400M: filing | Cybersecurity Dive https://www.cybersecuritydive.com/news/hack-coinbase-400m/748382/

Severed Fingers and ‘Wrench Attacks’ Rattle the Crypto Elite https://www.wsj.com/finance/currencies/crypto-industry-robberies-attacks-32c2867a

Money Stuff: US Debt Rates Itself | NewsletterHunt https://newsletterhunt.com/emails/188645

2 massive black market services blocked by Telegram, messaging app says | Reuters https://www.reuters.com/world/china/2-massive-black-market-services-blocked-by-telegram-messaging-app-says-2025-05-15/

Telegram Gave Authorities Data on More than 20,000 Users https://www.404media.co/telegram-gave-authorities-data-on-more-than-20-000-users/

GovDelivery, an email alert system used by governments, abused to send scam messages | TechCrunch https://techcrunch.com/2025/05/13/government-email-alert-system-govdelivery-used-to-send-scam-messages/

ATO warning as hackers steal $14,000 in tax returns: ‘Be wary’ https://au.finance.yahoo.com/news/ato-warning-as-hackers-steal-14000-in-tax-returns-be-wary-235742016.html

Hack of SEC social media account earns 14-month prison sentence for Alabama man | The Record from Recorded Future News https://therecord.media/sec-social-media-hack-sentencing

19-year-old accused of largest child data breach in U.S. agrees to plead guilty https://www.nbcnews.com/tech/security/alleged-hacker-largest-breach-us-childrens-data-agrees-plead-guilty-rcna207963

Beach mansion, Benz and Bitcoin worth $4.5m seized from League of Legends hacker Shane Stephen Duffy | 7NEWS https://7news.com.au/news/beach-mansion-benz-and-bitcoin-worth-45m-seized-from-league-of-legends-hacker-shane-stephen-duffy-c-18731943

Pegasus spyware maker rebuffed in efforts to get off trade blacklist - The Washington Post https://www.washingtonpost.com/national-security/2025/05/20/nso-group-pegasus-trump-eo/

Ransomware attack hits supplier of refrigerated groceries to British supermarkets | The Record from Recorded Future News https://therecord.media/peter-green-chilled-ransomware-uk-logistics-company

UK government confirms massive data breach following hack of Legal Aid Agency | The Record from Recorded Future News https://therecord.media/uk-legal-aid-agency-data-breach

Ivanti Endpoint Mobile Manager customers exploited via chained vulnerabilities | Cybersecurity Dive https://www.cybersecuritydive.com/news/ivanti-endpoint-mobile-manager-exploited-vulnerabilities/748464/

Expression Payloads Meet Mayhem - Ivanti EPMM Unauth RCE Chain (CVE-2025-4427 and CVE-2025-4428) https://labs.watchtowr.com/expression-payloads-meet-mayhem-cve-2025-4427-and-cve-2025-4428/