Risky Business cover art

Risky Business

Risky Business

By: Patrick Gray
Listen for free

About this listen

 Risky Business is a weekly information security podcast featuring news and in-depth interviews with industry luminaries. Launched in February 2007, Risky Business is a must-listen digest for information security pros. With a running time of approximately 50-60 minutes, Risky Business is pacy; a security podcast without the waffle.Copyright Risky Business Media 2007-2026 Politics & Government
Episodes
  • Risky Business #823 -- Humans impersonate clawdbots impersonating humans

    Risky Business #823 -- Humans impersonate clawdbots impersonating humans
    Feb 4 2026
    Patrick Gray and Adam Boileau are joined by the newest guy on the Risky Business Media team, James WIlson. They discuss the week’s cybersecurity news, including: Notepad++ update supply chain attack has been attributed to ChinaThe AI agent future is even more stupid than expected; behold the OpenClaw/Clawdbot/Moltbook messThe Epstein files claim he had a personal hacker?Microsoft is finally getting ready to (think about starting to begin to) disable NTLM by defaultThe usual bugs in the usual things! Ivanti, Fortinet, and Solarwinds. Again.Telco hides a free trip in its privacy policy, someone actually reads it and wins! This weeks’s episode is sponsored by opensource IDP platform Authentik. CEO Fletcher Heisler talks to Pat about their new endpoint agent that can enforce device posture policies during login. This episode is also available on Youtube. Show notes The Chrysalis Backdoor: A Deep Dive into Lotus Blossom’s toolkitNotepad++ Hijacked by State-Sponsored Hackers | Notepad++Notepad++ v8.8.3 - Self-signed Certificate: Certified by Code, Not Corporations | Notepad++Hacking Moltbook: AI Social Network Reveals 1.5M API Keys | Wiz Bloglcamtuf on X: "Moltbook debate in a nutshell" / XExposed Moltbook Database Let Anyone Take Control of Any AI Agent on the SiteAndrewMohawk on X: "How exactly did an attacker send a message to your bot since you need to approve all the channels and set keys etc" / XSignal president warns AI agents are making encryption irrelevantMassive AI Chat App Leaked Millions of Users Private ConversationsRuna Sandvik on X: New court record from the FBI details the state of the devices seized from Washington Post reporter Hannah NatansonEFTA01683874.pdfDisrupting the World's Largest Residential Proxy Network | Google Cloud BlogNobel Committee says Peace Prize winner likely revealed early by digital spying | ReutersCounty pays $600,000 to pentesters it arrested for assessing courthouse security - Ars TechnicaAdvancing Windows security: Disabling NTLM by default - Windows IT Pro BlogCritical flaws in Ivanti EPMM lead to fast-moving exploitation attempts | Cybersecurity DiveCISA orders federal agencies to patch exploited SolarWinds bug by Friday | The Record from Recorded Future NewsCISA, security researchers warn FortiCloud SSO flaw is under attack | Cybersecurity DiveFintech firm Marquis blames hack at firewall provider SonicWall for its data breach | TechCrunchWe Hid a Free Trip to Switzerland in Our Privacy Policy. Someone Found It in 2 Weeks. - CapeBetween Two Nerds: The internal logic of Russian power grid attacks - YouTube
    Show More Show Less
    56 mins
  • Risky Business #822 -- France will ditch American tech over security risks

    Risky Business #822 -- France will ditch American tech over security risks
    Jan 28 2026
    In this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news. They discuss: La France is tres sérieux about ditching US productivity softwareChina’s Salt Typhoon was snooping on Downing StreetTrump wields the mighty DISCOMBOBULATORESET says the Polish power grid wiper was Russia’s GRU Sandworm crewUS cyber institutions CISA and NIST are strugglingVoice phishing for MFA bypass is getting even more polished This episode is sponsored by Sublime Security. Brian Baskin is one of the team behind Sublime’s 2026 Email Threat Research report. He joins to talk through what they see of attackers’ use of AI, as well as the other trends of the year. Show notes France to ditch US platforms Microsoft Teams, Zoom for ‘sovereign platform’ amid security concerns | EuronewsSuite Numérique plan - Google SearchChina hacked Downing Street phones for yearsCyberattack Targeting Poland’s Energy Grid Used a WiperTrump says U.S. used secret 'discombobulator' on Venezuelan equipment during Maduro raid | PBS NewsRisky Bulletin: Cyberattack cripples cars across Russia - Risky Business MediaLawmakers probe CISA leader over staffing decisions | CyberScoopTrump’s acting cyber chief uploaded sensitive files into a public version of ChatGPT - POLITICOActing CISA director failed a polygraph. Career staff are now under investigation. - POLITICONIST is rethinking its role in analyzing software vulnerabilities | Cybersecurity DiveFederal agencies abruptly pull out of RSAC after organizer hires Easterly | Cybersecurity DiveReal-Time phishing kits target Okta, Microsoft, GooglePhishing kits adapt to the script of callersOn the Coming Industrialisation of Exploit Generation with LLMs – Sean Heelan's BlogGitHub - SeanHeelan/anamnesis-release: Automatic Exploit Generation with LLMsOverrun with AI slop, cURL scraps bug bounties to ensure "intact mental health" - Ars TechnicaBypassing Windows Administrator Protection - Project ZeroTask Failed Successfully - Microsoft’s “Immediate” Retirement of MDT - SpecterOpsKubernetes Remote Code Execution Via Nodes/Proxy GET PermissionWhatsApp's Latest Privacy Protection: Strict Account Settings - WhatsApp BlogMicrosoft gave FBI a set of BitLocker encryption keys to unlock suspects' laptops: Reports | TechCrunchHe Leaked the Secrets of a Southeast Asian Scam Compound. Then He Had to Get Out Alive | WIREDKey findings from the 2026 Sublime Email Threat Research Report
    Show More Show Less
    1 hr and 4 mins
  • Risky Business #821 -- Wiz researchers could have owned every AWS customer

    Risky Business #821 -- Wiz researchers could have owned every AWS customer
    Jan 21 2026
    In this week’s show, Patrick Gray and Adam Boileau discuss the week’s cybersecurity news, joined by a special guest. BBC World Cyber Correspondent Joe Tidy is a long time listener and he pops in for a ride-along in the news segment plus a chat about his new book. This week news includes: Did the US cyber Venezuela’s power grid, or do they just want us to think they coulda?US govt might boycott the RSAC Conference ‘cause Jen Easterly being CEO makes them madMS Patch Tuesday fixes CVSS5.5 bug and … stops you shutting downWiz pulls off cloud stunt hack that ends with control of everyone’s AWS consoleMillions of Bluetooth devices that use Google’s Fast Pairing will pair with anyone, any timeGNU inet-tools’ telnetd parties like it’s 2007, and brings -f root unauthed remote login back Thinkst is this week’s sponsor, and long time friend of the show Haroon Meer joins. As always they’re polishing their Canary tokens - adding breadcrumbs to lead you to them - but they’re also a bunch of giant nerds who now run South Africa’s Computer Olympiad. This episode is also available on Youtube. Show notes Cyberattack in Venezuela Demonstrated Precision of U.S. Capabilities - The New York TimesWhy I’m withholding certainty that “precise” US cyber-op disrupted Venezuelan electricity - Ars TechnicaLayered Ambiguity: US Cyber Capabilities in the Raid to Extract Maduro from Venezuela | Royal United Services InstituteFormer CISA Director Jen Easterly Will Lead RSAC Conference | WIREDTrump officials consider skipping premier cyber conference after Biden-era cyber leader named CEO - Nextgov/FCWFederal agencies ordered to patch Microsoft Desktop Windows Manager bug | The Record from Recorded Future NewsWindows 11 shutdown bug forces Microsoft into damage control • The RegisterCodeBreach: Supply Chain Vuln & AWS CodeBuild Misconfig | Wiz BlogCritical flaw in AWS Console risked compromise of build environment | Cybersecurity DiveNever-before-seen Linux malware is “far more advanced than typical” - Ars TechnicaVoidLink: Evidence That the Era of Advanced AI-Generated Malware Has Begun - Check Point ResearchHundreds of Millions of Audio Devices Need a Patch to Prevent Wireless Hacking and Tracking | WIREDCritical flaw in Fortinet FortiSIEM targeted in exploitation threat | Cybersecurity DiveCVE-2025-64155: 3 Years of Remotely Rooting the FortiSIEMA single click mounted a covert, multistage attack against Copilot - Ars TechnicaPolice raid homes of alleged Black Basta hackers, hunt suspected Russian ringleader | The Record from Recorded Future NewsJordanian initial access broker pleads guilty to helping target 50 companies | The Record from Recorded Future NewsSupreme Court hacker posted stolen government data on Instagram | TechCrunchoss-sec: GNU InetUtils Security Advisory: remote authentication by-pass in telnetdHow crypto criminals stole $700 million from people - often using age-old tricksCtrl + Alt + Chaos: How Teenage Hackers Hijack the Internet
    Show More Show Less
    1 hr and 5 mins
No reviews yet
In the spirit of reconciliation, Audible acknowledges the Traditional Custodians of country throughout Australia and their connections to land, sea and community. We pay our respect to their elders past and present and extend that respect to all Aboriginal and Torres Strait Islander peoples today.