Videos

In this edition of Between Two Nerds Tom Uren and The Grugq discuss the futility of using aggressive cyber operations to send messages between states.

Tom Uren and Amberleigh Jack talk about Peter Williams, the general manager of vulnerability research firm Trenchant, who has pleaded guilty to selling exploits to the Russian 0day broker Operation Zero. It’s a terrible look, but it doesn’t mean the private sector can’t be trusted to develop exploits.

They also discuss a new report’s recommendations to empower the Office of the National Cyber Director. It’s a good idea, but it won’t make up for the cuts in funding and personnel across the Trump administration’s cyber portfolio.

In this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news, including:

• L3Harris Trenchant boss accused of selling exploits to Russia once worked at the Australian Signals Directorate
• Microsoft WSUS bug being exploited in the wild
• Dan Kaminsky DNS cache poisoning comes back because of a bad PRNG
• SpaceX finally starts disabling Starlink terminals used by scammers
• Garbage HP update deletes certificates that authed Windows systems to Entra

This week’s episode is sponsored by automation company Tines. Field CISO Matt Muller joins to discuss how Tines has embraced LLMs and the agentic-AI future into their workflow automation. …

In this edition of Between Two Nerds Tom Uren and The Grugq dissect a recent Chinese CERT report that the NSA had hacked China’s national time keeping service.

Tom Uren and Amberleigh Jack talk about how America can better use its private sector to scale up offensive cyber activities, including espionage and disruption operations. Involving it to tackle ransomware and cryptocurrency scammers makes a lot of sense.

They also talk about how the ransomware ecosystem is splintering, and one operator’s relatively quick journey from being an affiliate to a platform operator.

Show Notes:

From Chaos to Capability: Building the US Market for Offensive Cyber https://sergeybratus.gitlab.io/papers/DartmouthCyberRoundtable2025.pdf…

In this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news, including:

• China has been rummaging in F5’s networks for a couple of years
• Meanwhile China tries to deflect by accusing the NSA of hacking its national timing system
• Salesforce hackers use their stolen data trove to dox NSA, ICE employees
• Crypto stealing, proxy-deploying, blockchain-C2-ing VS Code worm charms us with its chutzpah
• Adam gets humbled by new Linux-capabilities backdoor trick
• Microsoft ignores its own guidance on avoiding BinaryFormatter, gets WSUS owned.

This episode is sponsored by Push Security. Co-founder and Chief Product Officer Jacques Louw joins to talk through how Push traced a LinkedIn phishing campaign targeting CEOs, and the new logging capabilities that proved critical to understanding it….

In this edition of Between Two Nerds Tom Uren and The Grugq talk to Joe Devanny, senior lecturer from King’s College London, all about India’s missing cyber power. It has the ingredients to become a cyber superpower, but so far, hasn’t shown the motivation.

Tom Uren and Amberleigh Jack talk about First Wap, a Jakarta-based company that is selling surveillance-as-a-service. The good news is that it appears that government and media attention has had an impact on high-profile spyware vendors like NSO Group. The bad news is that these smaller players are flying under the radar and aren’t afraid of selling to sketchy customers.

They also talk about how the Chinese government has harnessed the power of its exploit development community with hacking contests.

In this sponsored Soap Box edition of the Risky Business podcast, host Patrick Gray chats with Mastercard’s Executive Vice President and Head of Security Solutions, Johan Gerber, about how the card brand thinks about cybersecurity and why it’s aggressively investing in the space.

After listening to this interview you’ll understand why the credit card company spent $2.65b on threat intelligence vendor Recorded Future!

In this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news, including:

• FBI intervenes in Scattered Spider Salesforce leaksite
• Clop loots Oracle E-Biz deployments
• Plus so much more data extortion.. At least it’s not ransomware … we guess?
• The US still can’t decide who’s gonna be in charge of NSA & Cybercom
• Cambodian scam compounds get sanctioned and $15b in crypto is seized
• NSO gets sold for pocket-lint-grade money
• Bugs! Redis CVSS 10, Ivanti, Crowdstrike and… Internet Explorer?! zeroday?! In the wild?!!!?

This week’s episode is sponsored by Stairwell. Founder Mike Wiacek talks about how Stairwell brings VirusTotal-like visibility to private files, and about integrating the insights that brings into your SOC workflow. …