Risky Business #816 -- Copilot Actions for Windows is extremely dicey
Nov 26, 2025•58 min
Listen to this episode in Metacast mobile app
Don't just listen to podcasts. Learn from them with transcripts, summaries, and chapters for every episode. Skim, search, and bookmark insights. Learn more
Episode description
In this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news, including:
- Salesforce partner Gainsight has customer data stolen
- Crowdstrike fires insider who gave hackers screenshots of internal systems
- Australian Parliament turns off wifi and bluetooth in fear of of visiting Chinese bigwigs
- Shai-Hulud npm/Github worm is back, and rm -rf’ier than ever
- SEC gives up on Solarwinds lawsuit
- Dog eats cryptographer’s key material
This week’s episode is sponsored by runZero. HD Moore pops in to talk about how they’re integrating runZero with Bloodhound-style graph databases. He also discusses uses for driving runZero’s tools with an AI, plus the complexities of shipping AI when the company has a variety of deployment models.
This episode is also available on Youtube.
Show notes- Google says hackers stole data from 200 companies following Gainsight breach
- Gainsight Status
- Trust Status
- CrowdStrike fires 'suspicious insider' who passed information to hackers
- Salesforce cuts off access to third-party app after discovering ‘unusual activity’
- Атаки разящей панды: APT31 сегодня
- Office of Public Affairs | Seven Hackers Associated with Chinese Government Charged with Computer Intrusions
- Australian federal MPs warned to turn off phones when Chinese delegation visits Parliament House
- Sha1-Hulud: The Second Coming of the NPM Worm is Digging For Secrets
- FCC eliminates cybersecurity requirements for telecom companies
- Trade Associations Cybersecurity Practices Ex Parte
- SEC voluntarily dismisses SolarWinds lawsuit
- Record-breaking DDoS attack against Microsoft Azure mitigated
- The Cloudflare Outage May Be a Security Roadmap – Krebs on Security
- Critics scoff after Microsoft warns AI feature can infect machines and pilfer data
- vx-underground on X: "I've had a surprising amount of people ask me about Copilot"
- Researchers warn command injection flaw in Fortinet FortiWeb is under exploitation
- Two suspected Scattered Spider hackers plead not guilty over Transport for London cyberattack
- Russia arrests young cybersecurity entrepreneur on treason charges
- This campaign aims to tackle persistent security myths in favor of better advice
- Oops. Cryptographers cancel election results after losing decryption key.
- Uncovering network attack paths with runZeroHound
- Model Context Protocol
For the best experience, listen in Metacast app for iOS or Android