Risky Business

Risky Business #837 -- GitHub Actions footgun claims TanStack

Listen Later

On this week’s show Patrick Gray, Adam Boileau and James Wilson discuss the week’s cybersecurity news.

They cover:

  • Mini Shai-Hulud and the TanStack compromise using Github Actions
  • Instructure pays Canvas elearning platform data extortionists
  • More Linux privilege escalation 0days!
  • CISA helping critical infrastructure operators rearchitect their networks so they work offline

    • This week’s episode is sponsored by email security platform Sublime Security. Bobby Filar chats with Patrick about how agentic AI is being evaluated by buyers in a marketplace that’s experiencing “AI fatigue”.

    This episode is also available on Youtube.

    Show notes
    • ‘Mini Shai-Hulud’ malware compromises hundreds of open-source packages in sprawling supply-chain attack | CyberScoop
    • Hardening TanStack After the npm Compromise | TanStack Blog
    • Canvas Breach Disrupts Schools & Colleges Nationwide – Krebs on Security
    • Instructure pays ransom after Canvas incident as Congress announces investigation | The Record from Recorded Future News
    • When DNSSEC goes wrong: how we responded to the .de TLD outage
    • Adversaries Leverage AI for Vulnerability Exploitation, Augmented Operations, and Initial Access | Google Cloud Blog
    • Mythos smythos! How to find 0day with lesser models - Risky Business Media
    • GitHub - V4bel/dirtyfrag · GitHub
    • retr0.zip
    • NVD - CVE-2026-42511
    • Flaw in Claude’s Chrome extension allowed ‘any’ other plugin to hijack victims’ AI | CyberScoop
    • Ivanti customers confront yet another actively exploited zero-day | CyberScoop
    • Palo Alto warns of critical software bug used in firewall attacks | The Record from Recorded Future News
    • Where Have All the Complex Windows Malware and Their Analyses Gone?
    • Meet Rassvet, Russia’s Answer to Starlink | WIRED
    • DOJ says ransomware gang tapped into Russian government databases | TechCrunch
    • Iranian government hackers using Chaos ransomware as cover, researchers say | The Record from Recorded Future News
    • Foxconn confirms cyberattack impacting North American factories | The Record from Recorded Future News
    • New CISA initiative aims for critical infrastructure to operate offline during cyberattacks | The Record from Recorded Future News
    • ‘HELLO BOSS’: Inside the Chinese Realtime Deepfake Software Powering Scams Around the World
    • How to Disable Google's Gemini in Chrome | WIRED
    • FCC pushes ban on security updates for foreign-made routers, drones to 2029 | The Record from Recorded Future News
      • ...more
      View all episodesView all episodes
      Download on the App Store
      Risky BusinessBy Risky Business Media
      • 4.6
      • 4.6
      • 4.6
      • 4.6
      • 4.6

      4.6

      364 ratings

      More shows like Risky Business

      View all
      Hacked by Hacked

      Hacked

      187 Listeners

      Security Now (Audio) by TWiT

      Security Now (Audio)

      2,011 Listeners

      Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec by Jerry Bell and Andrew Kalat

      Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec

      372 Listeners

      SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast) by Johannes B. Ullrich

      SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

      651 Listeners

      CyberWire Daily by N2K Networks

      CyberWire Daily

      1,028 Listeners

      Smashing Security by Graham Cluley

      Smashing Security

      317 Listeners

      Click Here by Recorded Future News

      Click Here

      418 Listeners

      Darknet Diaries by Jack Rhysider

      Darknet Diaries

      8,077 Listeners

      Cybersecurity Today by Jim Love

      Cybersecurity Today

      175 Listeners

      Hacking Humans by N2K Networks

      Hacking Humans

      315 Listeners

      CISO Series Podcast by David Spark, Mike Johnson, and Andy Ellis

      CISO Series Podcast

      195 Listeners

      Defense in Depth by David Spark, Steve Zalewski, Geoff Belknap

      Defense in Depth

      73 Listeners

      Cybersecurity Headlines by CISO Series

      Cybersecurity Headlines

      139 Listeners

      Risky Bulletin by Risky Business Media

      Risky Bulletin

      45 Listeners

      Hacker And The Fed by Chris Tarbell & Hector Monsegur

      Hacker And The Fed

      168 Listeners