Back

Explore every episode of the podcast Risky Bulletin

Dive into the complete episode list for Risky Bulletin. Each episode is cataloged with detailed descriptions, making it easy to find and explore specific topics. Keep track of all episodes from your favorite podcast and never miss a moment of insightful content.

Rows per page:

1–50 of 100

TitlePub. DateDuration
Risky Bulletin: EU has a problem attracting and retaining cyber talent12 Dec 202500:09:22

The EU has a problem attracting and retaining cyber talent, the CEO of Coupang resigns following the company’s security breach, Microsoft expands its bug bounty program to cover third party code, and Chrome and Gogs patch zero-days.

Show notes
Risky Bulletin: Linux adds PCIe encryption to help secure cloud servers10 Dec 202500:04:37

Linux adds PCIe encryption to help secure cloud servers, Europol cracks down on Violence-as-a-Service providers, the International Criminal Court prepares for cyber-enabled genocide, and Cambodia busts a warehouse full of SMS blasters.

Show notes
Risky Bulletin: Europol takes down Elysium, VenomRAT, and Rhadamanthys14 Nov 202500:07:48

Europol takes down servers behind three malware operations, the US sanctions another Burmese military group linked to scam compounds, Google backs down from mandatory Android developer registration, and Checkout-dot-com donates its ransom to cybercrime researchers instead of paying hackers.

Show notes
Srsly Risky Biz: Meta's fraud profit scandal13 Nov 202500:18:23

Tom Uren and Amberleigh Jack talk about a new Reuters’ report that reveals how Meta is knowingly raking in cash from scam advertisements. It’s around $16 billion worth, and in documents Meta calculates that it outweighs the costs of possible regulatory action.

They also discuss recent state-backed supply chain attacks that have, so far, remained targeted and responsible. Finally they look at the UK’s decision to stop sharing intelligence with the US about suspected drug boats in the Caribbean.

This episode is also available on Youtube.

Show notes
Risky Bulletin: Another Chinese security firm has its data leaked11 Nov 202500:05:34

Internal data leaks from another Chinese security firm, a US Congressional Budget Office breach has not been contained, the Cyber infosharing act likely to be extended until January, and we have a new OWASP Top 10.

Show notes
Between Two Nerds: Why AI in malware is lame10 Nov 202500:29:54

In this edition of Between Two Nerds Tom Uren and The Grugq discuss how cyber criminals and even state actors are being dumb about using AI.

This episode is also available on Youtube.

Show notes
Risky Bulletin: Myanmar scam compound goes boom!10 Nov 202500:07:54

Myanmar starts demolishing the KK Park scam compound, the US Congressional Budget Office gets hacked by a foreign APT, Chrome will remove risky X-S-L-T support, and scammers in Singapore will get the cane.

Show notes
Sponsored: Prowler uses AI how AI works best09 Nov 202500:19:17

In this sponsored interview Casey Ellis chats to Toni de la Fuente, founder and CEO of Prowler, an open source platform for cloud security. They chat about how and why Prowler selectively applies AI to ensure it adds value rather than just because they can.

Show notes
Risky Bulletin: Europol arrests massive credit card fraud ring07 Nov 202500:07:24

Payment service provider executives arrested over a credit card fraud ring, Meta makes a fortune showing scam ads, South Korean telco KT tried to hide a second breach and five more scammers are sentenced to death in China.

Show notes
Srsly Risky Biz: The cyber regime change pipe dream06 Nov 202500:22:04

Tom Uren and Amberleigh Jack talk about aggressive US cyber operations targeting the Venezuelan government in President Trump’s first term. These were narrowly successful in that they achieved their immediate operational goals, but they didn’t achieve Trump’s broader policy goal of ousting Venezuelan leader Nicolás Maduro.

They also talk about why the adtech ecosystem is a national security problem all round the world and how cybercriminals are collaborating with organised crime to steal cargo from logistics companies.

This episode is also available on Youtube.

Show notes
Risky Bulletin: US indicts two rogue cybersecurity employees for ransomware attacks05 Nov 202500:07:22

The US indicts two cybersecurity employees over ransomware attacks, hackers extort customers of South Korean massage parlors, another crypto firm gets hacked for $128 million dollars, and cargo thieves collab with hackers to target freight companies.

Show notes
Between Two Nerds: Lost in transmission03 Nov 202500:28:35

In this edition of Between Two Nerds Tom Uren and The Grugq discuss the futility of using aggressive cyber operations to send messages between states.

This episode is also available on Youtube.

Show notes
Risky Bulletin: APTs go after the React2Shell vulnerability within hours07 Dec 202500:08:18

APTs go after the React2Shell vulnerability just hours after public disclosure. CISA remains without a director after the nomination stalls again, NSA is down 2,000 staff this year, and Intellexa is still active despite sanctions.

Show notes
Risky Bulletin: Norway skittish of its Chinese electric buses03 Nov 202500:06:37

Norway finds remote control features in its Chinese electric buses, the US CyberCorps program may saddle students with debt, Edge and Chrome get AI-based scareware blockers, and a Conti member has been extradited to the US.

Show notes
Sponsored: Sublime can save a s**t tonne of time02 Nov 202500:17:17

In this sponsored interview, Casey Ellis chats to Sublime Security CEO and founder, Josh Kamdjou about how Sublime is seeing a massive surge in ICS or calendar invite phishing and how the email security platform can help.

Show notes
Risky Bulletin: Russia arrests Meduza Stealer group30 Oct 202500:07:44

Russian police arrest the Meduza-Stealer trio, a Former L-3Harris manager pleads guilty to selling exploits to Russia, the US hacked Venezuela in 2020, and Windows 11 Administrator Protection goes live.

Show notes
Srsly Risky Biz: When cyber campaigns cross a line04 Dec 202500:16:18

Tom Uren and Patrick Gray discuss a new report proposing a framework for deciding when cyber operations raise red flags. It suggests seven red flags and could help clarify thinking about how to respond to different operations.

They also discuss Anthropic testifying to Congress and Iran using cyber intelligence to target missile strikes including by sharing it with Houthi rebels who fired at a specific ship.

And finally, we are not reassured by China’s white paper about being a good cyber citizen.

This episode is also available of Youtube.

Show notes
Between Two Nerds: Beating back state espionage01 Dec 202500:27:51

In this edition of Between Two Nerds Tom Uren and The Grugq wonder whether it is possible to deter states from cyber espionage with doxxing and other disruption measures.

This episode is also available on Youtube.

Show notes
Sponsored: Why Mastercard got into threat intel30 Nov 202500:14:05

In this Risky Business News sponsor interview, Mike Lashlee, CSO of Mastercard talks to Tom Uren about why the company got into threat intelligence.

Mike talks about bringing together payments insights with threat intel to get strong signals about fraud or crime, the benefits of international collaboration and when it makes sense for your CSO to also be the CISO.

Show notes
Srsly Risky Biz: DeepSeek and Musk's Grok both toe the party line27 Nov 202500:21:25

Tom Uren and Amberleigh Jack talk about new research that shows the Chinese-made DeepSeek-R1 AI model produces insecure code when prompts include topics that the Chinese Communist Party dislikes. It’s interesting research, but the CCP doesn’t have a monopoly on imposing AI bias.

They also discuss the complete doxxing of the Iranian cyber espionage group known as APT35 or Charming Kitten.

This episode is also available on Youtube.

Show notes
Between Two Nerds: Telcos bad, Cloud good.24 Nov 202500:35:26

In this edition of Between Two Nerds Tom Uren and The Grugq talk about the differences between telcos and cloud companies. Does the nature of the business force cloud companies to be better at security?

This episode is also available on Youtube.

Show notes
Srsly Risky Biz: AI-Powered espionage will favor China20 Nov 202500:21:28

Tom Uren and Amberleigh Jack talk about Anthropic’s discovery of an “AI-orchestrated” cyber espionage campaign. To Tom, it feels a research project, but it’s pretty clear it will be really useful for threat actors that aren’t focussed on specific high-priority targets. Think ransomware, Chinese intellectual property theft and North Korean hackers. But it won’t be so good for Western intelligence agencies.

They also discuss Google’s legal disruption of the China-based Lighthouse phishing as a service operation. Surprisingly, it seems to be working!

Finally, they talk about why the memory safe Rust language has been a triple win for Android.

This episode is also available on Youtube.

Show notes
Between Two Nerds: Russia's cyber war on wheat17 Nov 202500:30:52

In this edition of Between Two Nerds Tom Uren and The Grugq talk about the strategic “logic” of Russian wiper attacks on the Ukrainian grain sector.

This episode is also available on Youtube.

Show notes
Risky Bulletin: Meta disrupts Mexican cartels16 Mar 202600:06:12

Meta suspends Mexican cartel accounts, multiple vulnerabilities have been found in Linux AppArmour, Instagram will disable support for end-to-end encrypted messaging and a supply chain attack hits AppsFlyer.

Show notes
Sponsored: Sublime Security on Zoom attacks15 Mar 202600:14:17

In this Risky Business sponsor interview, Catalin Cimpanu talks with Alex Orleans, Head of Threat Intelligence at Sublime Security, about the increase in email attacks leveraging Zoom invites and other video conferencing tools.

Show notes
Risky Bulletin: Cyber Command conducted cyberattacks ahead of Iran strikes03 Mar 202600:07:12

The US conducted cyberattacks ahead of strikes on Iran, Russia aims for internet independence by 2028, Google finds a new iOS exploit kit in the wild, and Chrome moves to a two-week release cycle.

Show notes
Between Two Nerds: The evolution of cyber ops in Ukraine02 Mar 202600:27:48

In this edition of Between Two Nerds Tom Uren and The Grugq how the use of cyber operations in the war in Ukraine has evolved over time.

This episode is also available on Youtube.

Show notes
Risky Bulletin: LLMs can deanonymize internet users based on their comments02 Mar 202600:08:59

LLMs can deanonymize internet users based on their comments, CISA gets a new acting director, hackers steal 15 million records from the French Ministry of Health, and Google takes down an ad fraud botnet.

Show notes
Sponsored: AI Agents need distinct identities01 Mar 202600:15:14

In this sponsored interview Casey Ellis chats to Harish Peri, SVP and general manager for AI security at Okta, a cloud-based identity and access management company. The pair chat about the fact that AI is forcing enterprises to relearn the basics around identity security, and how Okta for AI Agents can help.

Show notes
Risky Bulletin: Russian man extorts Conti ransomware group27 Feb 202600:08:39

A Russian man prosecuted for extorting the Conti ransomware group, Google takes down a Chinese cyber-espionage operation, Anthropic tells Department of War to pound sand over AI restrictions, and a Cisco zero-day was exploited in the wild for three years.

Show notes
Srsly Risky Biz: Is Claude too woke for war?26 Feb 202600:16:25

Tom Uren and Amberleigh Jack talk about the argy-bargy between the Pentagon and AI company Anthropic. US Defense Secretary Pete Hegseth is demanding that all safeguards are lifted from Claude, while Anthropic CEO Dario Amodei is insisting on protections against mass surveillance of Americans and use in lethal autonomous weapons.

They also discuss the return of Volt Typhoon, the Chinese hacker group prepositioning in critical infrastructure for sabotage in the event of a conflict over Taiwan. The group is still around, even though the US government declared victory against it last July.

This episode is also available on Youtube.

Show notes
Risky Bulletin: Russia starts criminal probe of Telegram founder Pavel Durov25 Feb 202600:07:12

Russia launches a criminal probe into Telegram’s founder, two teenagers arrested for a South Korean bike share hack, Anthropic accuses Chinese AI firms of distillation attacks, and the US Treasury sanctions a Russian exploit broker.

Show notes
Between Two Nerds: How NSA will use AI23 Feb 202600:27:26

In this edition of Between Two Nerds Tom Uren and The Grugq talk about how ‘professional’ Five Eyes cyber espionage agencies like NSA will use AI. These agencies place a premium on stealth and won’t yolo AI.

This episode is available on Youtube.

Show notes
Risky Bulletin: AI-driven hacking campaign breaches 600+ Fortinet devices23 Feb 202600:06:25

An AI-driven hacking campaign breached 600 Fortinet devices, Ivanti was hacked via its own product, Wikipedia bans Archive-dot-Today for DDoS attacks, and Chinese hackers breached Italy’s police force.

Show notes
Sponsored: The smouldering trashfire of AI and open source22 Feb 202600:24:59

In this Risky Business sponsor interview, Casey Ellis and Feross Aboukhadijeh discuss how AI is affecting open source, chat about a few attacks the company has seen in the wild and introduce Socket’s answer to the smouldering trashfire: Socket Firewall.

Show notes
Risky Bulletin: Another residential proxy provider falls13 Mar 202600:07:40

Authorities take down a residential proxy service, Iranian hackers wipe the network of a US medical device maker, Apple patches unsupported iOS against Coruna, and CISA asks for Cisco SD-WAN device logs.

Show notes
Risky Bulletin: RPKI infrastructure sits on shaky ground20 Feb 202600:08:36

RPKI relies on vulnerable servers, the French Ministry of Economy discloses a data breach, the UK gives tech platforms 48 hours to remove revenge porn, and ClickFix-attacks are responsible for 50% of malware infections.

Show notes
Srsly Risky Biz: Cyber bullets can't replace political will19 Feb 202600:19:34

Tom Uren and Amberleigh Jack talk about a groundswell of calls from European officials to build cyber capabilities to strike back against adversaries. There are good reasons that countries should have their own cyber capabilities, but if you don’t have the political will to strike back, having a magic cyber weapon doesn’t really make a difference.

They also talk about ‘distillation attacks’. They are a way that AI developers can steal the secret sauce of advanced models just by asking questions. It looks like American companies need government assistance if the US wants to keep its AI lead.

This episode is also available on Youtube.

Show notes
Risky Bulletin: Supply chain attack plants backdoor on Android tablets18 Feb 202600:08:18

A supply chain attack plants backdoors on Android tablets, the EU blocks AI from lawmakers’ devices, Cellebrite was used against a Kenyan politician, and a Chinese APT is exploiting a Dell zero-day.

Show notes
Between Two Nerds: Buying the magic weapon16 Feb 202600:28:18

In this edition of Between Two Nerds Tom Uren and The Grugq discuss whether middle powers should be investing in military cyber capabilities.

This episode is also available on Youtube

Show notes
Risky Bulletin: Cambodia promises to dismantle scam compounds by April16 Feb 202600:08:52

Cambodia promises to dismantle cyber scam compounds by April, CISA urges companies to adopt the OpenEoX standard, Linux gets post-quantum crypto support, and Palo Alto Networks avoids attributing an APT to China.

Show notes
Sponsored: Filtering the KEV was really hard … Until now!15 Feb 202600:23:58

In this sponsored interview Casey Ellis chats to Tod Beardsley, VP of Security at RunZero about Kevology, the company’s analysis of CISA’s KEV list. Kevology lets you easily identify and fix vulnerabilities from the list that are urgent and relevant to you.

Show notes
Risky Bulletin: IcedID malware developer fakes his own death to escape the FBI13 Feb 202600:07:11

A Malware developer faked his own death to evade the FBI, Apple patches a zero-day used in a targeted attack, the Tianfu Cup quietly returns, and researchers spot the first malicious Outlook add-in.

Show notes
Srsly Risky Biz: Microsoft forgoes its secure future12 Feb 202600:19:50

Tom Uren and Amberleigh Jack talk about Microsoft CEO Satya Nadella’s messaging around personnel changes at the top of its security organisation. These signal a focus on selling security products rather than on making secure products.

They also discuss Expedition Cloud, a Chinese cyber range that replicated the critical infrastructure of neighbouring countries, apparently to develop and fine-tune cyber disruption operations.

Finally, they talk about what we’ve learnt about the role of cyber operations in the US bombing of Iranian nuclear facilities. It was far bigger than we previously thought.

This episode is also available on Youtube.

Show notes
Risky Bulletin: Chinese cyber-spies breached all of Singapore's telcos11 Feb 202600:06:48

China has breached all of Singapore’s major telcos, Microsoft announces two new security features, a hacktivist leaks data from a stalkerware provider, and researchers map out “GRU information warfare units” based on their insignia.

Show notes
Between Two Nerds: Why we are doomed to insecurity09 Feb 202600:27:15

In this edition of Between Two Nerds Tom Uren and The Grugq talk about why the world is destined to be perpetually insecure.

This episode is also available on Youtube.

Show notes
Srsly Risky Biz: President Trump's best ever cyber strategy12 Mar 202600:18:48

Tom Uren and Amberleigh Jack talk about the newly released Trump Cyber Strategy for America. The ideas in it are fine and occasionally even game-changing, but many of its goals have been undercut by the administration’s actions to date.

They also discuss the Coruna exploit kit, which is now known to have leaked from a US defence contractor. Exploits are so valuable that it is unrealistic to expect they can be kept secret.

This episode is also available on Youtube.

Show notes
Risky Bulletin: SmarterTools hacked via its own product09 Feb 202600:06:08

A software company gets hacked through vulnerabilities in its own product, European agencies are hacked via recent Ivanti zero-days, Senegal is being extorted by hackers, and a state actor is behind a Signal phishing campaign in Germany.

Show notes
Sponsored: Trail of Bits going all-in on AI08 Feb 202600:18:44

In this Risky Business sponsored interview, Tom Uren talks to Trail of Bits CEO Dan Guido about how Trail of Bits is reworking its business processes to take advantage of AI. Dan talks about what it takes to make AI agents reliable and trustworthy and how that will give the company an edge by making its work both better and faster.

Show notes
Risky Bulletin: Denmark recruits hackers for offensive cyber operations06 Feb 202600:06:19

Denmark recruits hackers for offensive cyber operations, CISA tells agencies to remove old edge devices, Coinbase has another insider breach, and Microsoft appoints a new security chief.

Show notes
© My Podcast Data