November 05, 2025

Risky Business #813 -- FFmpeg has a point

Listen Later

1 hour 5 minutes

In this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news, including:

We love some good vulnerability reporting drama, this time FFmpeg’s got beef with Google

OpenAI announces its Aardvark bug-gobbling system

Two US ransomware responders get arrested for… ransomware

Memento (nee HackingTeam) CEO says: Sì, those are totally our tools getting snapped in Russia

Hackers help freight theft gangs steal shipments to resell

A second Jabber Zeus mastermind gets his comeuppance 15 years on

This week’s episode is sponsored by Nucleus Security, who make a vulnerability information management system. Co-founder Scott Kuffer says that approaches for triaging vulnerabilities have started to fall apart, given there are just. So. Many. And they’re all important!

This episode is also available on Youtube.

Show notes

vx-underground on X: "Yeah, so pretty much this entire drama thing is FFmpeg are a bunch of nerds…"

FFmpeg on X: "@DavidEGrayson It's someone's hobby project of an obscure 1990s decoder…"

Halvar Flake on X: "Given the extremely big role ffmpeg has played historically..."

thaddeus e. grugq on X: "Current drama: Plucky security researcher Google takes on volunteer open source behemoth FFmpeg."

Robert Graham on X: "Current status: There's a conflict between Google…"

Introducing Aardvark: OpenAI’s agentic security researcher | OpenAI

Bugcrowd acquires Mayhem Security to advance AI-powered security testing | CyberScoop

Prosecutors allege incident response pros used ALPHV/BlackCat to commit string of ransomware attacks | CyberScoop

Former Trenchant Exec Sold Stolen Code to Russian Buyer Even After Learning that Other Code He Sold Was Being "Utilized" by Different Broker in South Korea

How an ex-L3Harris Trenchant boss stole and sold cyber exploits to Russia | TechCrunch

Operation Zero — A Zero-Day Vulnerability Platform

John Scott-Railton on X: "7/ There's a push to scale up America's offensive industry right now…"

CEO of spyware maker Memento Labs confirms one of its government customers was caught using its malware | TechCrunch

Exploiting Microsoft Teams: Impersonation and Spoofing Vulnerabilities Exposed Microsoft Teams Vulnerabilities Uncovered

Cargo theft gets a boost from hackers using remote monitoring tools | The Record from Recorded Future News

Remote access, real cargo: cybercriminals targeting trucking and logistics | Proofpoint US

Alleged Conti ransomware gang affiliate appears in Tennessee court after Ireland extradition | The Record from Recorded Future News

Three suspected developers of Meduza Stealer malware arrested in Russia | The Record from Recorded Future News

Alleged Jabber Zeus Coder ‘MrICQ’ in U.S. Custody – Krebs on Security

Windows Server Update Service exploitation ensnares at least 50 victims | Cybersecurity Dive

Post by @paulschnack.bsky.social — Bluesky

...more

View all episodes

View all episodes

Download on the App Store

Download on the App Store

Get it on Google Play

Risky Business

By Patrick Gray

4.6

364364 ratings

November 05, 2025

Risky Business #813 -- FFmpeg has a point

Listen Later

1 hour 5 minutes

In this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news, including:

We love some good vulnerability reporting drama, this time FFmpeg’s got beef with Google

OpenAI announces its Aardvark bug-gobbling system

Two US ransomware responders get arrested for… ransomware

Memento (nee HackingTeam) CEO says: Sì, those are totally our tools getting snapped in Russia

Hackers help freight theft gangs steal shipments to resell

A second Jabber Zeus mastermind gets his comeuppance 15 years on

This week’s episode is sponsored by Nucleus Security, who make a vulnerability information management system. Co-founder Scott Kuffer says that approaches for triaging vulnerabilities have started to fall apart, given there are just. So. Many. And they’re all important!

This episode is also available on Youtube.

Show notes

vx-underground on X: "Yeah, so pretty much this entire drama thing is FFmpeg are a bunch of nerds…"

FFmpeg on X: "@DavidEGrayson It's someone's hobby project of an obscure 1990s decoder…"

Halvar Flake on X: "Given the extremely big role ffmpeg has played historically..."

thaddeus e. grugq on X: "Current drama: Plucky security researcher Google takes on volunteer open source behemoth FFmpeg."

Robert Graham on X: "Current status: There's a conflict between Google…"

Introducing Aardvark: OpenAI’s agentic security researcher | OpenAI

Bugcrowd acquires Mayhem Security to advance AI-powered security testing | CyberScoop

Prosecutors allege incident response pros used ALPHV/BlackCat to commit string of ransomware attacks | CyberScoop

Former Trenchant Exec Sold Stolen Code to Russian Buyer Even After Learning that Other Code He Sold Was Being "Utilized" by Different Broker in South Korea

How an ex-L3Harris Trenchant boss stole and sold cyber exploits to Russia | TechCrunch

Operation Zero — A Zero-Day Vulnerability Platform

John Scott-Railton on X: "7/ There's a push to scale up America's offensive industry right now…"

CEO of spyware maker Memento Labs confirms one of its government customers was caught using its malware | TechCrunch

Exploiting Microsoft Teams: Impersonation and Spoofing Vulnerabilities Exposed Microsoft Teams Vulnerabilities Uncovered

Cargo theft gets a boost from hackers using remote monitoring tools | The Record from Recorded Future News

Remote access, real cargo: cybercriminals targeting trucking and logistics | Proofpoint US

Alleged Conti ransomware gang affiliate appears in Tennessee court after Ireland extradition | The Record from Recorded Future News

Three suspected developers of Meduza Stealer malware arrested in Russia | The Record from Recorded Future News

Alleged Jabber Zeus Coder ‘MrICQ’ in U.S. Custody – Krebs on Security

Windows Server Update Service exploitation ensnares at least 50 victims | Cybersecurity Dive

Post by @paulschnack.bsky.social — Bluesky

...more

More shows like Risky Business

Hacked by Hacked

Hacked

190 Listeners

Security Now (Audio) by TWiT

Security Now (Audio)

2,002 Listeners

Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec by Jerry Bell and Andrew Kalat

Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec

374 Listeners

SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast) by Johannes B. Ullrich

SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

652 Listeners

CyberWire Daily by N2K Networks

CyberWire Daily

1,022 Listeners

Smashing Security by Graham Cluley

Smashing Security

319 Listeners

Click Here by Recorded Future News

Click Here

418 Listeners

Darknet Diaries by Jack Rhysider

Darknet Diaries

8,017 Listeners

Cybersecurity Today by Jim Love

Cybersecurity Today

177 Listeners

Hacking Humans by N2K Networks

Hacking Humans

315 Listeners

CISO Series Podcast by David Spark, Mike Johnson, and Andy Ellis

CISO Series Podcast

188 Listeners

Defense in Depth by David Spark, Steve Zalewski, Geoff Belknap

Defense in Depth

74 Listeners

Cyber Security Headlines by CISO Series

Cyber Security Headlines

136 Listeners

Risky Bulletin by risky.biz

Risky Bulletin

46 Listeners

Hacker And The Fed by Chris Tarbell & Hector Monsegur

Hacker And The Fed

171 Listeners