Videos

On this week’s show Patrick Gray, Adam Boileau and James Wilson discuss the week’s cybersecurity news. They cover:

• Anthropic’s Fable 5 and Mythos 5 get nuked by the US government four days after launch “because security”
• Why “guardrails” won’t keep the world safe from your AI doomsday machine
• The FISA 702 statute expired, but the spying can (probably) continue!
• NPM v12 delivers some protection against supply chain attacks, but not enough.
• Microsoft has a series of bugs that prevent Windows Update from … updating
• Much, much more!

This episode is also available on YouTube

In this edition of Between Two Nerds Tom Uren and The Grugq talk about how NATO is set up to deter conventional conflict, and how that approach is fundamentally unsuited for ongoing, everyday cyber operations that tackle adversaries.

Tom Uren and James Wilson talk about the European Union’s digital sovereignty push. A divorce from US tech giants is on the cards, but building sovereign infrastructure and chip capacity will be hard. From an American perspective this is an entirely predicable own-goal. You can have internationally competitive tech giants or you can have an aggressive and coercive foreign policy. You can’t have both at the same time.

They also discuss the reanimated corpse of NSO Group. It’s in a hole, but it just keeps digging.

On this week’s show special guest co-host Chris Wade, the founder of Corellium turned Cellebrite CTO, joins Patrick Gray and James Wilson to discuss the week’s cybersecurity news.

They cover:

• Microsoft has repos owned, GitHub tokens popped, and a new 0day dropped on them
• Meanwhile, researchers are choosing full disclosure instead of engaging MSRC
• Meta’s AI support agent allowed a staggering 20,000 accounts to be stolen!
• Apple pulls Russia’s MAX messenger from the App Store and disables notifications
• Anthropic gives the public our first Mythos-class model but it won’t do cybersecurity work…

In this edition of Between Two Nerds Tom Uren and The Grugq speak at the NATO CyCon conference on Cyber Conflict in Tallinn, Estonia. The pair discuss how cyber operations complement conventional military operations and the past, present and future of cyber conflict.

In this sponsored Soap Box edition of the Risky Business podcast Patrick Gray chats with Edward Wu, founder of Dropzone, about what AI is doing to detection, response and the SOC more generally.

Dropzone makes AI agents that conduct alert investigations in your SOC, but will the SOC as we know it even exist in the future?

Ed has a deep expertise in SOC tech, having previously led AI/ML detection engineering at Extrahop. This interview is a fantastic look at what the future may bring for detection and response professionals.

Tom Uren and James Wilson talk about Tom’s trip to NATO’s Cyber Conflict conference. NATO countries want to bulk up their cyber efforts, and the pair discuss what that could look like.

They also look at the US military’s admission that commercial location data was used to target personnel involved in Epic Fury, the US war on Iran. This is not surprising at all, and is just the most visible manifestation of the national security risks of this kind of data sloshing around. If Iran is analysing this data in wartime, China is doing it in peacetime for intelligence and counter-espionage purposes.

On this week’s show special guest co-host Andy Boyd joins Patrick Gray and James Wilson to discuss the week’s cybersecurity news. Andy is the CEO of REDLattice, which makes the Paragon “intelligence collection and reconnaissance” solution.

They cover:

• Adversaries are tracking US troop locations with commercially available location data
• A new Signal phishing campaign is going after message backups
• 404 Media is suing ICE to get its spyware contract with REDLattice (lol)
• Microsoft’s tone-deaf response to ‘never justifiable’ zero-day disclosures
• Mini Shai-Hulud pops up again just as Glassworm gets shattered…

In this edition of Between Two Nerds Tom Uren and The Grugq talk about the ways in which intelligence agencies are like cults.

On this week’s show Patrick Gray, Adam Boileau and James Wilson discuss the week’s cybersecurity news. They cover:

• TeamPCP breached GitHub’s internal repos. Now what?
• Some absolute plonker glued Coruna to a hijacked npm package
• CISA is worried about about open source and wants third party submissions for KEV
• AI infrastructure is “systemically” insecure
• Much, much more

This week’s episode is sponsored by allowlisting vendor Airlock Digital. Airlock’s founders David Cottingham and Daniel Schell join Patrick Gray to talk about Microsoft briefly flagging DigitCert’s root certificate as malware. Fun! …