A cyberattack disrupts Bridgestone tyre factories in North America, a new infostealer takes your photo while you watch porn, bad certificates for Cloudflare infrastructure went undetected for more than a year, and Brazil deals with another payment system hack. Show notes Risky Bulletin: Chrome 140 comes with new hardened cookies...
Tom Uren and Amberleigh Jack talk about Google starting a cyber disruption unit. It’s a sign of the times but could also point the way forward for policymakers looking to involve the private sector in government-endorsed efforts to strike back in cyberspace. They also talk about cyber security authorities from 13 different countries pegging Salt Typhoon to three Chinese companies. That’s a lot of countries, but Tom wonders whether attribution is just viewed as a cost of doing business for the Ch...
Two YouTube channels help dismantle a Chinese scam operation, Cloudflare, Zscaler, and Palo Alto disclose Salesloft-related breaches, a ransomware attack disrupts vehicle production at Jaguar Land Rover, and we have a new record DDoS attack. Show notes Risky Bulletin: YouTubers unmask and help dismantle giant Chinese scam ring...
In this edition of Between Two Nerds Tom Uren and The Grugq talk about how cyber threat actors are using AI tools to fill in resource and skills gaps that they have. This episode is also available on Youtube . Show notes Anthropic's August 2025 Threat Report BTN episode 50...
FEMA’s IT staff fired over an alleged breach, WhatsApp patches a zero-day, the Salesloft breach impacted more than just Salesforce, and a scammer steals $1.5 million dollars from the city of Baltimore. Show notes Risky Bulletin: Noem fires FEMA IT team over alleged cybersecurity failures...
In this sponsored interview Casey Ellis chats with Push Security co-founder Jacques Louw. Push’s browser plugin gives a unique level of visibility into how users interact with the web and the attacks they face. Jacques talks through what they’re seeing, and their recently published taxonomy of phishing attacks. It’s on Github for everyone to contribute to! Show notes Introducing our guide to phishing detection evasion techniques...
An npm supply chain attack uses AI to steal credentials and crypto-wallet keys, Google establishes a cyber disruption unit, a ransomware attack disrupts more than 200 Swedish municipalities, and Salt Typhoon hacks have now hit more than 80 countries. Show notes Risky Bulletin: npm attack uses AI prompts to steal creds, crypto-wallet keys...
Tom Uren and Amberleigh Jack talk about proposed legislation that would allow the President to license private sector hackers to go after cybercrime groups. The bill won’t pass, but letting hackers loose on industrial-scale scam farms actually makes sense. They also talk about Microsoft’s blind spot regarding China. It has trusted China-based engineers with sensitive work, and is now only just realising that China’s security interests are not compatible with Microsoft’s. This episode is also ava...
The FCC removes 1,200 voice providers from the US phone network, a cyberattack shuts down Nevada’s state government services; hackers breach Salesloft and pivot into Salesforce accounts, and Citrix patches yet another zero-day. Show notes Risky Bulletin: FCC removes 1,200 voice providers from US phone network...
In this edition of Between Two Nerds, Tom Uren and The Grugq talk about how the teenage hacking groups Scattered Spider, Lapsus$ and Shiny Hunters are collaborating. They examine whether this is bad news and what will it take to slow these wrecking crews down. Plus, how teenage hackers are like goldfish. This episode is also available on Youtube . Show notes The Register, Three notorious cybercrime gangs appear to be collaborating Between Two Nerds episode 103 Sponsor interview with Brett Winter...
Hackers sabotage Iranian ships for a second time this year, mass cybercrime arrests across Africa, South Korea extradites a Chinese man behind celebrity hacks, and a French supermarket chain discloses a data breach. Show notes Risky Bulletin: Hackers sabotage Iranian ships at sea, again...
In this Risky Business News sponsor interview Tom Uren talks to Brett Winterford, Okta’s VP of Threat Intelligence about FastPass. Brett explains what it is, how Okta uses it and why threat actors avoid it. Show notes
