Risky Biz returns after two weeks off, and there sure is cybersecurity news to catch up on. Patrick Gray and Adam Boileau discuss:

• Microsoft tried to make outsourcing the Pentagon’s cloud maintenance to China okay (it was not)
• She shells Sharepoint by the sea-shore (by ‘she’ we mean ‘China’)
• Four (alleged) Scattered Spider members arrested (and bailed) in the UK
• Hackers spend $2700 to buy creds for a Brazilian payment system, steal $100M
• Fortinet has SQLI in the auth header, Citrix mem leak is weaponised, HP hardcodes creds and Sonicwalls get user-moderootkits. Just security vendor things!

This week’s episode is sponsored by Airlock Digital. CEO David Cottingham talks through what it takes to build a mature, resilient management platform for a security critical system.

Show Notes:

Update on DOD’s cloud services https://x.com/secdef/status/1946324468898426899

Microsoft to stop using engineers in China for tech support of US military https://www.reuters.com/world/us/microsoft-stop-using-engineers-china-tech-support-us-military-hegseth-orders-2025-07-18/

A Little-Known Microsoft Program Could Expose the Defense Department to Chinese Hackers https://www.propublica.org/article/microsoft-digital-escorts-pentagon-defense-department-china-hackers

Laura Loomer on X https://x.com/LauraLoomer/status/1947310343425794189

Microsoft Fix Targets Attacks on SharePoint Zero-Day https://krebsonsecurity.com/2025/07/microsoft-fix-targets-attacks-on-sharepoint-zero-day/

National Guard was hacked by China’s ‘Salt Typhoon’ group https://www.nbcnews.com/tech/security/national-guard-was-hacked-chinas-salt-typhoon-group-dhs-says-rcna218648

Suspected contractor for China’s Hafnium group arrested in in Italy https://www.cybersecuritydive.com/news/suspected-contractor-for-chinas-hafnium-group-arrested-in-in-italy/752533/

Singapore accuses Chinese state-backed hackers of attacking critical infrastructure networks https://therecord.media/singapore-accuses-chinese-backed-hackers-critical-infrastructure-attacks

UK Arrests Four in ‘Scattered Spider’ Ransom Group https://krebsonsecurity.com/2025/07/uk-charges-four-in-scattered-spider-ransom-group/

Four people bailed after arrests over cyber attacks on M&S, Co-op and Harrods https://nation.cymru/news/four-people-bailed-after-arrests-over-cyber-attacks-on-ms-co-op-and-harrods/

Brazilian police arrest IT worker over $100 million cyber theft https://therecord.media/brazil-police-arrest-worker-theft

At Least 750 US Hospitals Faced Disruptions During Last Year’s CrowdStrike Outage, Study Finds https://www.wired.com/story/at-least-750-us-hospitals-faced-disruptions-during-last-years-crowdstrike-outage-study-finds/

Hacker returns cryptocurrency stolen from GMX exchange after $5 million bounty payment https://therecord.media/hacker-returns-stolen-gmx-bounty

Indian crypto exchange CoinDCX says $44 million stolen from reserves https://therecord.media/indian-crypto-dcx-millions-stolen

Chainalysis: $2.17 billion in crypto stolen in first half of 2025 https://therecord.media/chainalysis-crypto-stolen-billions

PoisonSeed bypassing FIDO keys to ‘fetch’ user accounts https://expel.com/blog/poisonseed-bypassing-fido-keys-to-fetch-user-accounts/

Risky Bulletin: Browser extensions hijacked for web scraping botnet https://risky.biz/risky-bulletin-browser-extensions-hijacked-for-web-scraping-botnet/

A Startup is Selling Data Hacked from Peoples’ Computers to Debt Collectors https://www.404media.co/a-startup-is-selling-data-hacked-from-peoples-computers-to-debt-collectors/

A surveillance vendor was caught exploiting a new SS7 attack https://techcrunch.com/2025/07/18/a-surveillance-vendor-was-caught-exploiting-a-new-ss7-attack-to-track-peoples-phone-locations/

Ukrainian hackers wipe databases at Russia’s Gazprom in major cyberattack, intelligence source says https://kyivindependent.com/ukrainian-intel-hackers-hit-gazproms-network-infrastructure-sources-say-07-2025/

File transfer company CrushFTP warns of zero-day exploit seen in the wild https://therecord.media/file-transfer-crushftp-zero-day

HPE warns of hardcoded passwords in Aruba access points https://www.bleepingcomputer.com/news/security/hpe-warns-of-hardcoded-passwords-in-aruba-access-points/

Pre-Auth SQL Injection to RCE - Fortinet FortiWeb Fabric Connector https://labs.watchtowr.com/pre-auth-sql-injection-to-rce-fortinet-fortiweb-fabric-connector-cve-2025-25257/

Researchers, CISA confirm active exploitation of critical Citrix Netscaler flaw https://www.cybersecuritydive.com/news/researchers-cisa-exploitation-citrix-netscaler/752819/

Google finds custom backdoor being installed on SonicWall network devices https://arstechnica.com/security/2025/07/google-finds-custom-backdoor-being-installed-on-sonicwall-network-devices/

Hackers Can Remotely Trigger the Brakes on American Trains https://www.404media.co/hackers-can-remotely-trigger-the-brakes-on-american-trains-and-the-problem-has-been-ignored-for-years/