
Risky Bulletin
Regular cybersecurity news updates from the Risky Business team.
Episodes
Risky Bulletin: FatFs bugs enable physical access attacks on a load of devices
FatFs bugs enable physical access attacks on industrial equipment, a clever password spraying attack bypasses M365 MFA, an AI agent is deploying ransomware in live attacks, and a webinar platform sues two security firms over bad IOCs.
Show notes
Risky Bulleti
Srsly Risky Biz: America won't beat the distillation ecosystem
Tom Uren and James Wilson talk about Chinese AI labs stealing the special sauce of American AI models in ‘distillation attacks’. These attacks are fed by a grey market in which Chinese consumers buy access to American models, where one of the byproducts is logs of user requests and responses. These make wonderful inputs into distillation attacks and the whole market
Risky Bulletin: Researcher drops giant cache of zero-days
An anonymous researcher has dropped a giant cache of zero-day exploits, a sensitive DHS network got hacked, the US Supreme Court restricts geofence warrants, and security firm Huntress has denied accusations of a malicious insider.
Show notes
Risky Bulletin:
Between Two Nerds: Set cyberspace ablaze
In this edition of Between Two Nerds, Tom Uren and The Grugq discuss whether cyber organisations should actually be separated from Signals Intelligence organisations. The Grugq argues that having cyber expertise subordinate to intelligence collection means that many opportunities are never explored.
This episode is also available on YouTube.
Risky Bulletin: White House asks OpenAI to restrict GPT 5.6
The White House asks OpenAI to keep a tight grip on ChatGPT 5.6, the US Secret Service made some appalling OpSec mistakes, AMD has reintroduced a CPU security feature after consumer backlash, and an Iranian APT operator has been arrested in Montenegro.
Show notes
Sponsored: Corelight’s blueprint for AI-era defence
In this sponsored interview James Wilson chats with Corelight’s VP of Product Vijit Nair about defence strategies for the AI era. When agents can find and exploit vulnerabilities at machine speed, you need to balance between proactive and reactive measures.
On the proactive side, you need modelling of assets and threats. On the reactive side you’ll need telemetry so
Risky Bulletin: Operation Endgame dismantles Amadey and StealerC
Law enforcement dismantles two more malware operations, Japan’s army used infected USB drives, Anthropic accuses Alibaba of distillation attacks, and Australia finds “digital dynamite” on critical networks.
Show notes
Risky Bulletin: Law enforcement agencies
Srsly Risky Biz: Open weight models make the Mythos debate moot
Tom Uren and James Wilson talk about the Five Eyes cyber security agencies warning about the arrival of AI-enabled cyber threats. The call-to-action is driven by the recognition that it is no longer possible to limit AI’s offensive cyber security capabilities to benign actors. The genie is out of the bottle, regardless of export controls on frontier models.
They als
Risky Bulletin: FortiBleed hacks involved a lot of traffic sniffing
The FortiBleed hacks are worse than a credentials leak, a new White House executive order sets out a hard 2031 post quantum cryptography deadline, Meta leaks employee keystroke data, and a third of Samsung and LG TVs act as proxies.
Show notes
Risky Bulletin:
Sponsored: Trail of Bits and OpenAI patch the planet
In this sponsored interview James Wilson chats with Trail of Bits founder and CEO Dan Guido about its newly announced partnership with OpenAI. Together, they’ve started a new initiative called “Patch the Planet” to support open source maintainers.
Being an open source maintainer is more difficult than ever. Just using frontier models to keep up with all the bug repo
Between Two Nerds: The PRC vs AI
In this edition of Between Two Nerds Tom Uren and The Grugq discuss the idea that the People’s Republic of China has mobilised its influence operations against the construction of US data centres and its build out of AI capacity.
This episode is also available on YouTube.
Show notes
Risky Bulletin: Klue breach impacts security firms
A data breach at business analytics platform Klue spreads to security firms, a hacker breaches Brazil’s national alert system, North Koreans are behind the Mastra supply chain attack, and a new, unfixable vulnerability has been found in Apple’s A12 and A13 chips.
Show notes
Risky Bulletin: Creds for 74,000 Fortinet devices leaked
A LOT of Fortinet creds have leaked online, Canada’s spy agency allowed to remove a botnet from Canadian devices, a supply chain attack hits the Mastra AI framework, and Europol disrupts SocGolish.
Show notes
Risky Bulletin: Canada’s spy agency allowed to rem
Srsly Risky Biz: Anthropic has artificial, but not emotional, intelligence
Tom Uren and James Wilson talk about Anthropic rolling out its latest models only to have them effectively banned by the US government within days. Although the administration’s process for assessing new models is, ahem, amorphous, Anthropic is doing itself no favours by dismissing its concerns. The company needs to show some emotional intelligence and learn how to m
Risky Bulletin: China arrests Silver Fox cybercrime group suspects
66 members of the Silver Fox cybercrime group arrested in China, the EU will help Ukraine in the event of a major cyberattack, MS-ISAC loses 70% of its members after a DHS funding cut, and S-BOMs are still not widely adopted.
Show notes
Risky Bulletin: China
Between Two Nerds: Why NATO and cyber don't mix
In this edition of Between Two Nerds Tom Uren and The Grugq talk about how NATO is set up to deter conventional conflict, and how that approach is fundamentally unsuited for ongoing, everyday cyber operations that are intended to confound adversaries.
This episode is also available on YouTube.
Show notes
Risky Bulletin: Arch Linux supply chain attack hits 1,900 packages
Almost 2,000 Arch Linux packages have been infected with malware in a supply chain attack, FISA surveillance powers expire for the first time since 2008, the FBI takes down a Chinese phishing service, and a major supply chain attack hits the WordPress ecosystem.
Show notes
Sponsored: Ent on using AI to track human behavior on the endpoint
In this Risky Business sponsored interview, Catalin Cimpanu talks with Brandon Dixon, co-founder and CTO of Ent AI, about the company’s innovative use of local LLMs to track user behavior on the endpoint, and add context to suspicious events to detect or prevent malicious activity.
Show notes
Risky Bulletin: CISA tightens patching rules amid bug deluge
CISA changes federal patching rules due to AI, a House Republican was hacked by Russia, ShinyHunters go on an Oracle hacking spree, and npm will block auto-run install scripts by default.
Show notes
Risky Bulletin: In the age of AI, CISA changes federal patch
Sponsored: Understanding CI/CD attack paths
In this sponsored episode, James Wilson chats with SpecterOps CTO Jared Atkinson about the central role that GitHub has played in recent supply chain compromises. GitHub is where code gets built, tested, and shipped to devices, cloud, and on-prem environments. Understanding the paths an attacker can use to get into GitHub, and where they can pivot to from there, is e
Srsly Risky Biz: Europe wants to wean itself off US tech
Tom Uren and James Wilson talk about the European Union’s digital sovereignty push. A divorce from US tech giants is on the cards, but building sovereign infrastructure and chip capacity will be hard. From an American perspective this is an entirely predicable own-goal. You can have internationally competitive tech giants or you can have an aggressive and coercive fo
Risky Bulletin: Nightmare Eclipse drops fresh 0day
Nightmare Eclipse drops a fresh zero day, Meta says NSO is targeting WhatsApp users again, hackers breach France’s Tchap secure messenger network, Putin disables some Kremlin security cameras, and Gmail be gone! Russia bans logins from foreign email addresses.
Show notes
Between Two Nerds: Nerds at NATO
In this edition of Between Two Nerds Tom Uren and The Grugq speak at the NATO CyCon conference on Cyber Conflict in Tallinn, Estonia. The pair discuss how cyber operations complement conventional military operations and the past, present and future of cyber conflict.
This episode is also available on YouTube.
Show n
Risky Bulletin: RubyGems adds dependency cooldowns to counter supply chain attacks
RubyGems adds dependency-cooldowns to counter supply chain attacks, AT&T and IBM are accused of hiding foreign hacks, Cisco warns of a new SD-WAN zero-day, and Google layoffs hit security teams.
Show notes
Risky Bulletin: RubyGems adds dependency cooldown
Risky Bulletin: EU unveils digital sovereignty plan
The EU unveils its digital sovereignty plan, an American law firm pays a $20 million ransom, authorities take down millions of email and social media scam accounts, and a new DoS bug can crash servers within seconds.
Show notes
Risky Bulletin: The EU debuts d
Srsly Risky Biz: NATO's cyber approach needs to change
Tom Uren and James Wilson talk about Tom’s trip to NATO’s Cyber Conflict conference. NATO countries want to bulk up their cyber efforts, and the pair discuss what that could look like.
They also look at the US military’s admission that commercial location data was used to target personnel involved in Epic Fury, the US war on Iran. This is not surprising at all, and
Risky Bulletin: FSB calls out Western spyware operation
Russia’s FSB calls out a Western spyware operation, high-profile Instagram accounts hijacked via Meta’s AI support agents, Red Hat npm packages were compromised in another supply chain attack, and ten percent of domains registered last year were malicious.
Show notes
Between Two Nerds: The intelligence cult
In this edition of Between Two Nerds Tom Uren and The Grugq talk about the ways in which intelligence agencies are just like cults.
This episode is also available on YouTube
Show notes
Risky Bulletin: Recently patched PAN 0day exploited in the wild
A new Palo Alto Networks firewall bug is being exploited in the wild, Russia expands SORM surveillance, NIST is looking for new post quantum algorithms, and ENSOC launches in Europe.
Show notes
Risky Bulletin: Russia greatly expands SORM surveillance requirem
Sponsored: Inside CISA's disastrous secrets leak
In this sponsored interview Casey Ellis chats with Truffle Security’s founder and CEO Dylan Ayrey about the recent CISA secrets leak.
Days after Brian Krebs ran the story, plenty of the exposed credentials were still live, including an admin-level GitHub app key with full rights over CISA’s org.
Dylan walks through why deleting the repo doesn’t fix anything, why mo
Risky Bulletin: Dutch police take down 17m device botnet
Dutch police take down a botnet of 17 million devices, US military staff have been tracked with ad-tech location data, a Google engineer is arrested for insider trading on Polymarket, and Gogs and the Casdoor IAM leave major bugs unpatched.
Show notes
Risky B
Risky Bulletin: Iran to reconnect to the Internet
Iran will reconnect to the Internet, a new vulnerability lets attackers bypass authentication on AI infrastructure, hackers breach Lithuania’s state registry, security firms take down the Glassworm botnet, and CERT India releases strict patching advice.
Show notes
Risky Bulletin: Mythos has found thousands of critical bugs
Anthropic says Mythos has found thousands of critical bugs, hackers leak documents from a Russian disinfo group, GitHub rolls out new npm security features, and Dutch police raid two bulletproof hosting providers.
Show notes
Risky Bulletin: Mythos has found t
Sponsored: Teaching AI agents the rules of the road
In this sponsored interview James Wilson chats with Sondera CEO Josh Devon about why guardrails and instruction files aren’t enough to keep AI agents from going haywire. EDR, DLP and other traditional controls can’t and won’t prevent agents from going rogue.
Josh explains Sondera’s “principle of least autonomy” for agents: let them do useful work, but put them in a
Risky Bulletin: Microsoft ends SMS MFA for personal accounts
Microsoft ends support for SMS MFA on personal accounts, GitHub was hacked via a malicious VS Code extension, CISA will let researchers submit new KEV entries, and an SMS blaster was detained at Eurovision.
Show notes
Risky Bulletin: Microsoft ends SMS MFA fo
Srsly Risky Biz: Politicians ditch Signal for homegrown apps
Tom Uren and James Wilson talk about moves from several European governments to ditch Signal and set up their own encrypted messaging systems for internal government use. These efforts are motivated by concerns about phishing and sovereignty, but the solutions being adopted are imperfect and will come with their own set of problems. Signal fills a space that can’t be
Risky Bulletin: Microsoft takes down crime SaaS used by ransomware gangs
Microsoft disrupts a malware-signing service used by ransomware gangs, a CISA contractor leaks sensitive GovCloud keys, vulnerability exploitation is now the dominant network entry vector, and Drupal readies security updates for a “highly critical” vulnerability.
Show notes
Between Two Nerds: Russia's hacker university
In this edition of Between Two Nerds Tom Uren and The Grugq look at Department 4 of Bauman Moscow State Technical University where students learn how to hack for the state. Its curriculum is extremely explicit about how the hacking and propaganda operations are relevant to state operations. They discuss whether this is an advantage for Russia’s cyber program and look
Risky Bulletin: Indonesia emerges as a new hub for cyber scams
Indonesia emerges as a new cyber scam hub, Grafana got hacked and held for ransom, the Fast16 malware subverted software used to simulate nuclear explosions, and a new Microsoft Exchange zero-day is under attack.
Show notes
Risky Bulletin: Indonesia emerges a
Sponsored: Push Security goes AI threat hunting in browser telemetry
In this sponsored interview James Wilson chats with Push Security’s Chief Research Officer Jacques Louw about how the company has integrated an army of AI agents into its threat detection platform.
Not only has agentic AI led to the discovery of Install Fix campaigns, but it will help simplify the platform for new customers.
Risky Bulletin: Shai-Hulud goes open-source
The source code for the Shai-Hulud worm has been released online, a dark web market admin was charged after a major OPSEC failure, France investigates an Israeli disinfo firm, and ‘Composer’ rushes to fix a GitHub token leak.
Show notes
Risky Bulletin: Shai-H
Srsly Risky Biz: The AI Regulation Knife Fight
Tom Uren and James Wilson talk about the argy bargy within the Trump administration about AI regulation. They cover who is fighting, what is at stake and what the real areas of concern are.
They also cover low earth orbit satellite constellations. Russia’s building one, the EU has plans and China is building two. They are the new must-have accessory for any country
Risky Bulletin: Damaging worm rips through npm ecosystem
RubyGems disables sign-ups after an attack on staff, Instructure paid the ransom, the Gentlemen ransomware operation gets hacked, and another major supply chain attack on npm (yawn).
Show notes
Risky Bulletin: RubyGems disables sign-ups after attack on staff
Between Two Nerds: The AI-first crime gang
In this edition of Between Two Nerds Tom Uren and The Grugq discuss why it makes even more sense for criminal organisations to adopt AI as compared to regular businesses.
This episode is also available on YouTube.
Show notes
Microsoft's 2026 Work Trend I
Risky Bulletin: FCC relaxes foreign router security patch ban
The FCC relaxes its foreign router ban to allow for security updates, the ShinyHunters group disrupts schools across the globe, a 21-year-old remote code execution bug turns up in FreeBSD, and another Linux privilege escalation bug was disclosed… without a patch.
Show notes
Sponsored: Knocknoc built a Greynoise integration
In this sponsored interview Patrick Gray chats with Knocknoc CEO Adam Pointon about their Greynoise integration.
Knocknoc allowlists network connections from users’ IPs after they’ve been through an SSO challenge. It’s great for protecting vulnerable or risky assets that your org has to connect to the internet. But what happens when one of your users tries to authen
Risky Bulletin: State sponsored group exploits Palo 0day
Palo Alto Networks patches a firewall zero-day, Google patches an Android remote takeover bug, Ivanti also patches one, and a leak exposes Russia’s spy and hacker school.
Show notes
Risky Bulletin: Google patches Android remote takeover bug
Srsly Risky Biz: After Mythos, US government weighs AI regulation
Tom Uren and James Wilson talk about the sudden drive to put regulation around the releases of new AI models because of their cyber security implications. A standardised approach is desirable, but clamping down too hard won’t achieve as much as might be hoped. Experts with older or even open models can get just as far as novices with the latest models.
They also dis
Risky Bulletin: Targeted supply chain attack hits DAEMON Tools
The DAEMON Tools website was hit in a targeted supply chain attack, Australia gets its own CSRB, the US arrests a wanted VOIP server hacker after 17 years, and Oracle switches to monthly security updates.
Show notes
Risky Bulletin: Extremely targeted supply c
Between Two Nerds: The wild wild west
In this edition of Between Two Nerds Tom Uren and The Grugq discuss the breakdown of cyber norms. What would have been an unthinkable cyber operation just a few years ago is now a regular occurrence.
This episode is also available on YouTube.
Show notes
Fast
Risky Bulletin: DigiCert hacked with a malicious screensaver file
DigiCert got hacked via a malicious screensaver file, two ransomware negotiators each get four years in prison, Trellix discloses a security breach, and another Russian hacker gets arrested while vacationing in the wrong place.
Show notes
Risky Bulletin: Digi
Sponsored: James Kettle built an AI hacker
In this sponsored interview, James Wilson talks with James Kettle and Daf Stuttard from PortSwigger about the incredible research James will unveil at Black Hat US this July, and how that research will be productised into Burp Suite. It shouldn’t be surprising that when James Kettle bolts an LLM into his research methodology that insanely dangerous things happen. Thi
Risky Bulletin: cPanel auth bypass exploited in wild
The Copy Fail vulnerability impacts all Linux distros going back to 2017, hackers are exploiting a cPanel auth bypass, every Moldovan citizen has their data stolen, and some scam compounds got raided raided… in Dubai.
Show notes
Risky Bulletin: The mysterious
Srsly Risky Biz: US Vows to Fight Distillation Attacks
Tom Uren and Amberleigh Jack talk about the US government stepping in to fight ‘distillation attacks’ by Chinese AI labs. These are methods used to steal the special sauce of frontier AI models simply by asking questions.
They also discuss the wide-spread shift amongst Chinese threat actors to using botnets for all aspects of their operations. It’s a problem for def
Risky Bulletin: Ukrainians hacked Russian satellite comms platform
Ukrainians hack Russian satellites, Vimeo is being extorted, Greece wants to ban anonymity on social media, and a Scattered Spider hacker was arrested in Finland.
Show notes
Risky Bulletin: UK NCSC blasts SOC metrics
Between Two Nerds: Hackers from the future
In this edition of Between Two Nerds Tom Uren and The Grugq discuss what the North Korean hack of Drift can tell us about the future of hacking.
This episode is also available on YouTube.
Show notes
Drift Protocol incident update on X
Risky Bulletin: New fingerprinting technique can track Tor users
A fingerprinting technique can track Tor users, Intellexa had an American exploit provider, the US accuses China of copying its AI, and the US router ban also covers WiFi hotspots.
Show notes
Risky Bulletin: New fingerprinting technique can track Tor users
Sponsored: RunZero accidentally got good at OT
In this Risky Business sponsored interview Casey Ellis chats to runZero’s founder and CEO HD Moore about runZero’s new release: 4.9. It drops this week and doubles down on OT scanning. Animated world and network maps add another layer to visualisation and for those that have been asking: yes, there’s a dark mode.
Sho
Risky Bulletin: Sean Plankey withdraws CISA nomination
Sean Plankey withdraws his CISA Director nomination, Russians hacked the Bundestag President, Discord users gain unauthorised access to Anthropic’s Mythos, and the US sanctions a Cambodian senator for running cyber scam compounds.
Show notes
Risky Bulletin: T
Srsly Risky Biz: Musk snubs French authorities
Tom Uren and James Wilson talk about the French criminal investigation into bias and illegal content on X. Elon Musk and former X CEO Linda Yaccarino didn’t appear for voluntary interviews scheduled this week, but refusing meetings won’t make X’s problems go away. European countries are concerned about X’s influence and regulators will be exploring all other options
Risky Bulletin: Former FBI official calls for terrorism designations for ransomware groups that target hospitals
A Former FBI official wants terrorism designations for some ransomware groups, China threatens the EU over new cybersecurity regulations, Europe commits to €180 million for a sovereign cloud and a novel data wiper was found in Venezuela during US military operations.
Show notes
Between Two Nerds: AI as the mythical 10x hacker
In this edition of Between Two Nerds Tom Uren and The Grugq take a deep dive into how a single hacker used OpenAI and Anthropic’s tools to help hack nine Mexican government organisations in quick time.
This episode is also available on YouTube.
Show notes
Ga
Risky Bulletin: ShinyHunters claim credit for Vercel hack
ShinyHunters claim credit for the Vercel hack, a malware strain attempted to sabotage Israel’s water system, the US government wants access to Mythos, and a Supreme Court hacker gets probation.
Show notes
Risky Bulletin: New malware tries to sabotage Israel&#
Sponsored: Nebulock on hunting shadow AI
In this Risky Business sponsor interview, Catalin Cimpanu talks with Sydney Marrone, Head of Threat Hunting at Nebulock, about hunting shadow AI agents on corporate networks.
Show notes
Sydney Marrone LinkedIn profile
Hunting O
Risky Bulletin: NIST gives up enriching most CVEs
NIST says it won’t be enriching most CVEs, Russian hackers tried to disrupt a Swedish power plant, the EU releases its age verification app, and OpenAI announces its own private cyber model.
Show notes
Risky Bulletin: NIST gives up enriching most CVEs
Srsly Risky Biz: Time to ban sale of precise geolocation data
Tom Uren and Amberleigh Jack talk about a new Citizen Lab report into Webloc, a tool to identify and track mobile devices. It demonstrates how the collection and sale of mobile phone geolocation data presents privacy and national security risks.
They also discuss a deep-dive into how a single hacker was able to breach nine Mexican government agencies in just weeks u
Risky Bulletin: Malicious LLM proxy routers found in the wild
Researchers find malicious LLM proxy routers, a fake Ledger crypto-wallet on the Mac App Store stole $10 million dollars, a ransomware crew leaks data from 38 law firms, and Google cracks down on back button hijacking.
Show notes
Risky Bulletin: Malicious LLM
Between Two Nerds: How AI will upset state cyber competition
In this edition of Between Two Nerds Tom Uren and The Grugq discuss how the rise of AI, which is very good at vulnerability and exploit development, will change the cyber security industry and competition between states.
This episode is also available on YouTube
Show notes
Risky Bulletin: France takes first steps to ditch Windows for Linux
France prepares to ditch Windows for Linux, OpenAI was impacted by the Axios supply chain attack, Rockstar Games gets hacked again, and Adobe patches a reader zero-day.
Show notes
Risky Bulletin: France takes first steps to ditch Windows for Linux
Sponsored: Corelight Agentic Triage helps defenders stay ahead
In this sponsored interview, Corelight’s Senior Director of Product Management, Dave Getman, tells James Wilson how Corelight Agentic Triage helps defenders stay ahead of AI-powered attacks.
Corelight makes NDR hardware that runs a heavily optimised version of the Zeek network monitoring tool. Corelight Agentic Triage integrates with EDR and other data sources, and
Risky Bulletin: FBI extracted Signal chats from iPhone notifications logs
The FBI extracted Signal chats from iPhone notifications logs, Los Angeles police data was leaked online, a former Meta employee is under investigation for downloading private photos, and an Adobe Reader zero-day is being exploited in the wild.
Show notes
Ris
Srsly Risky Biz: American diplomats to fight foreign propaganda... on X
Tom Uren and Amberleigh Jack talk about the State Department taking to X to counter foreign propaganda. US Secretary of State Marco Rubio dismantled the State Department’s counter-propaganda office when he took charge, but it turns out that giving adversary states free reign online is a bad idea.
They also discuss how America’s lawful intercept systems are high valu
Risky Bulletin: Cybercrime losses passed $20 billion last year
Cybercrime losses surpassed $20 billion last year, authorities disrupt a Russian router botnet that intercepted email logins, Iran hacks PLCs across the US, and exploitation hits ComfyUI and Flowise-AI-servers.
Show notes
Risky Bulletin: Cybercrime losses pas
Between Two Nerds: Make cyber, not war
In this edition of Between Two Nerds Tom Uren and The Grugq discuss how Iran’s cyber forces have been used during the ongoing war so far.
Show notes
The Financial Times on the plan to kill Ali Khamenei
Israel National News, 50
Risky Bulletin: New Cambodian law will put scam compound operators in prison for life
Cambodia prepares harsher prison terms for scam compound operators,
an Italian museum moves valuables into a bank vault after a cyberattack, hackers exploit a bug in Vite-based apps and sites, and a supply chain attack hits an e-learning platform.
Show notes
Sponsored: Application allowlisting, but not as you know it
In this Risky Business sponsored interview, James Wilson chats with Airlock Digital co-founders, David Cottingham and Daniel Schell, about how they’re moving up the stack from file-based allowlisting to application-based allowlisting. David and Daniel explain how they’re making a seamless and quite logical move into application allowlisting, but with a new take on th
Risky Bulletin: Russia will revoke licenses for unruly ISPs
Russia wants to revoke small ISP licenses, a cyberattack has disrupted access to US newspaper archives, Node.js pauses bug bounty program after its funding lapses and Apple backports patches for DarkSword.
Show notes
Risky Bulletin: Russia will revoke license
Srsly Risky Biz: America's next top (cyber) model
Tom Uren and Amberleigh Jack talk about how incredibly good AI models have gotten at finding and exploiting vulnerabilities. That will upend the cyber security industry and it has implications for state cyber organisations such as NSA and Cyber Command.
They also discuss how broadband wireless communications links are critical in the war in Ukraine. After losing acc
Risky Bulletin: Iranian password sprays came first, then came the missiles
Iranian password spraying targets Israel ahead of missile strikes, a major npm package gets hacked, Iran says it will bomb US tech firms in the Middle East, and Flint24 hackers are sentenced to prison in Russia.
Show notes
Risky Bulletin: Iranian password spr
Between Two Nerds: More secure but less safe
In this edition of Between Two Nerds Tom Uren and The Grugq talk about hacking and scams. While hacking is disappearing as a threat for most people, it is a new golden age for scammers. Even Tom has been scammed!
This episode is also available on Youtube.
Show notes
Recommended

The Conspiracy Files

TechnoSnobCast

The Young and Called Podcast .

Snoop Dogg - Flash Biográfico

Deadline: White House

Thrilling Threads - Conspiracy Theories, Strange Phenomena, True Crime, Unsolved Mysteries, etc!

The Daily Conspiracy Podcast

2819 Church

Markus Schulz presents Global DJ Broadcast

Bad Friends

The Bill Simmons Podcast

The Joe Rogan Experience