Risky Business Cybersecurity

Risky Bulletin Regular cybersecurity news updates from the Risky Business team…

  • Srsly Risky Biz: Ransomware uses AI to amp up negotiations
    by Risky Business Media on July 16, 2026 at 7:26 am

    Tom Uren and James Wilson talk about different ways ransomware groups are taking advantage of AI. The relatively new FulcrumSec group uses simple techniques to breach companies and then uses AI to get more leverage over victims in its extortion negotiations. They also discuss the ever so many bugs being patched. This is good for organisations that patch, but it will leave a very long tail of unpatched vulnerabilities. This episode is also available on YouTube Show notes

  • Between Two Nerds: Exploits are not cyber power
    by Risky Business Media on July 13, 2026 at 9:44 pm

    In this edition of Between Two Nerds Tom Uren and The Grugq discuss just how important exploits are for cyber operations using data published in a new paper authored by two members of Ukraine’s cyber security agency. This episode is also available on YouTube. Show notes Exploits were never the point Rethinking Exploitation in Cyber War: Reassessing the Role of Software Exploits in Wartime Max Smeets’ chapter 5 from “No Shortcuts”: The Elements of an Offensive Cyber Capability

  • Risky Bulletin: NSA Tailored Access Operations is back
    by Risky Business Media on July 10, 2026 at 3:23 am

    The NSA’s Tailored Access Operations team is back, India bans an app used to hack e-rickshaws, Accenture has another data breach, and a leak exposes a suspected Chinese cyber contractor. The Risky Bulletin newsletter and podcast will be on an editorial break until July 20. Show notes Risky Bulletin: India bans app used to hack e-rickshaws in viral videos

  • Sponsored: Why Sublime doesn’t toss AI at every email
    by Risky Business Media on July 10, 2026 at 2:54 am

    In this Risky Business sponsored interview, Tom Uren chats with Sublime Security Product Manager AJ Williams about how the company targets its AI use. Rather than throwing its AI agents at everything, Sublime gives them the time-consuming email security tasks that humans don’t want to do. Its ASA (Autonomous Security Analyst) agent investigates suspicious and user-reported messages, while the ADÉ (Autonomous Detection Engineer) agent writes new detection coverage for attacks that slipped through. Show notes

  • Srsly Risky Biz: US Supreme Court undermines Section 702 intel
    by Risky Business Media on July 9, 2026 at 7:31 am

    Tom Uren and James Wilson talk about a new US Supreme Court decision that puts the current EU-US data sharing agreement at risk. American intelligence collection efforts have been at the centre of legal challenges of these on-again off-again data transfer agreements, and if the current agreement were struck down it would cripple Section 702 collection from Europe. They also discuss Canada’s effort to be more transparent about its active cyber operations, those that degrade and disrupt foreign adversaries. This episode is also available on YouTube Show notes

  • Risky Bulletin: DHS IG investigates forced CISA reassignments
    by Risky Business Media on July 8, 2026 at 5:27 am

    The DHS inspector general will investigate forced CISA reassignments, Canada hacked a ransomware gang, Taiwan charges two executives with helping Chinese hackers, and new vulnerabilities can disable Hoymiles solar panels. Show notes Risky Bulletin: All new cars to include a camera aimed at the driver’s face

  • Between Two Nerds: Why AI has not meant more hacks. Yet.
    by Risky Business Media on July 6, 2026 at 7:21 pm

    In this edition of Between Two Nerds Tom Uren and The Grugq talk about why we haven’t seen an explosion of devastating hacks even though AI has been used to discover lots and lots of bugs. This episode is also available on YouTube. Show notes Jerry Gamblin | X Cyber: Ignore the Penetration Testers Phineas Fisher’s hacking team write up Phineas Fisher

  • Risky Bulletin: EU official’s phone infected with Pegasus
    by Risky Business Media on July 6, 2026 at 4:21 am

    A European MP’s phone was infected by Pegasus spyware, Android drops its PIN guessing limit from 1,800 attempts to 20, Alibaba bans employees from using Claude at work, and there’s a new vulnerability in the Linux kernel. Show notes Risky Bulletin: Android drops PIN guessing limit from 1,800 attempts to just 20

  • Risky Bulletin: FatFs bugs enable physical access attacks on a load of devices
    by Risky Business Media on July 3, 2026 at 4:04 am

    FatFs bugs enable physical access attacks on industrial equipment, a clever password spraying attack bypasses M365 MFA, an AI agent is deploying ransomware in live attacks, and a webinar platform sues two security firms over bad IOCs. Show notes Risky Bulletin: FatFs bugs enable physical access attacks on a load of devices

  • Srsly Risky Biz: America won’t beat the distillation ecosystem
    by Risky Business Media on July 2, 2026 at 5:03 am

    Tom Uren and James Wilson talk about Chinese AI labs stealing the special sauce of American AI models in ‘distillation attacks’. These attacks are fed by a grey market in which Chinese consumers buy access to American models, where one of the byproducts is logs of user requests and responses. These make wonderful inputs into distillation attacks and the whole market might be subsidised by Chinese AI Labs paying for these logs. They also discuss the possibility that last year’s hack of Jaguar Land Rover was caused by a group of Russian hackers. Was it Russians? Was it state-directed or endorsed? Who knows, but even the possibility that it was has some benefits for the Russian state. This episode is also available on YouTube Show notes

  • Risky Bulletin: Researcher drops giant cache of zero-days
    by Risky Business Media on July 1, 2026 at 6:55 am

    An anonymous researcher has dropped a giant cache of zero-day exploits, a sensitive DHS network got hacked, the US Supreme Court restricts geofence warrants, and security firm Huntress has denied accusations of a malicious insider. Show notes Risky Bulletin: Researcher drops giant cache of zero-days

  • Between Two Nerds: Set cyberspace ablaze
    by Risky Business Media on June 29, 2026 at 8:18 pm

    In this edition of Between Two Nerds, Tom Uren and The Grugq discuss whether cyber organisations should actually be separated from Signals Intelligence organisations. The Grugq argues that having cyber expertise subordinate to intelligence collection means that many opportunities are never explored. This episode is also available on YouTube. Show notes All the Shah’s Men – Wikipedia

  • Risky Bulletin: White House asks OpenAI to restrict GPT 5.6
    by Risky Business Media on June 29, 2026 at 1:36 am

    The White House asks OpenAI to keep a tight grip on ChatGPT 5.6, the US Secret Service made some appalling OpSec mistakes, AMD has reintroduced a CPU security feature after consumer backlash, and an Iranian APT operator has been arrested in Montenegro. Show notes Risky Bulletin: Microsoft disrupts StegoAd operation

  • Sponsored: Corelight’s blueprint for AI-era defence
    by Risky Business Media on June 29, 2026 at 1:10 am

    In this sponsored interview James Wilson chats with Corelight’s VP of Product Vijit Nair about defence strategies for the AI era. When agents can find and exploit vulnerabilities at machine speed, you need to balance between proactive and reactive measures. On the proactive side, you need modelling of assets and threats. On the reactive side you’ll need telemetry so you can act quickly if a threat becomes a reality. Corelight makes NDR hardware that runs a heavily optimised version of the Zeek network monitoring tool. Combined with its Agentic Triage product, customers can detect threats in their networks, and monitor the effectiveness of their mitigation strategies. Show notes

  • Risky Bulletin: Operation Endgame dismantles Amadey and StealerC
    by Risky Business Media on June 26, 2026 at 4:38 am

    Law enforcement dismantles two more malware operations, Japan’s army used infected USB drives, Anthropic accuses Alibaba of distillation attacks, and Australia finds “digital dynamite” on critical networks. Show notes Risky Bulletin: Law enforcement agencies and security firms take down Amadey and StealerC

  • Srsly Risky Biz: Open weight models make the Mythos debate moot
    by Risky Business Media on June 25, 2026 at 8:38 am

    Tom Uren and James Wilson talk about the Five Eyes cyber security agencies warning about the arrival of AI-enabled cyber threats. The call-to-action is driven by the recognition that it is no longer possible to limit AI’s offensive cyber security capabilities to benign actors. The genie is out of the bottle, regardless of export controls on frontier models. They also discuss the progress of Operation Endgame, the multinational joint operation that has been disrupting the cybercriminal ecosystem. It’s been a great success, but criminal enterprises bounce back. Keeping a lid on cybercrime will require continuous disruption programs. This episode is also available on YouTube. Show notes

  • Risky Bulletin: FortiBleed hacks involved a lot of traffic sniffing
    by Risky Business Media on June 24, 2026 at 6:20 am

    The FortiBleed hacks are worse than a credentials leak, a new White House executive order sets out a hard 2031 post quantum cryptography deadline, Meta leaks employee keystroke data, and a third of Samsung and LG TVs act as proxies. Show notes Risky Bulletin: The FortiBleed incident is so much worse than a simple credentials leak

  • Sponsored: Trail of Bits and OpenAI patch the planet
    by Risky Business Media on June 23, 2026 at 4:17 am

    In this sponsored interview James Wilson chats with Trail of Bits founder and CEO Dan Guido about its newly announced partnership with OpenAI. Together, they’ve started a new initiative called “Patch the Planet” to support open source maintainers. Being an open source maintainer is more difficult than ever. Just using frontier models to keep up with all the bug reports isn’t enough. Trail of Bits wants to help maintainers by combining its deep cybersecurity expertise with OpenAI’s GPT 5.5 Cyber. As Dan points out in this interview, this isn’t just about helping maintainers find and fix bugs. They’re spending just as much time on SDLC improvements, architecture changes, and the foundations needed to make open source sustainable in the AI era. Show notes

  • Between Two Nerds: The PRC vs AI
    by Risky Business Media on June 22, 2026 at 8:00 pm

    In this edition of Between Two Nerds Tom Uren and The Grugq discuss the idea that the People’s Republic of China has mobilised its influence operations against the construction of US data centres and its build out of AI capacity. This episode is also available on YouTube. Show notes Red Rap Two Sessions Get on the Beers

  • Risky Bulletin: Klue breach impacts security firms
    by Risky Business Media on June 22, 2026 at 4:52 am

    A data breach at business analytics platform Klue spreads to security firms, a hacker breaches Brazil’s national alert system, North Koreans are behind the Mastra supply chain attack, and a new, unfixable vulnerability has been found in Apple’s A12 and A13 chips. Show notes Risky Bulletin: Klue breach impacts security firms

Share Websitecyber
We are an ethical website cyber security team and we perform security assessments to protect our clients.