May 27, 2026

Risky Business #839 -- TeamPCP stole GitHub's internal repos

Listen Later

1 hour

On this week’s show Patrick Gray, Adam Boileau and James Wilson discuss the week’s cybersecurity news. They cover:

TeamPCP breached GitHub’s internal repos. Now what?

Some absolute plonker glued Coruna to a hijacked npm package

CISA is worried about about open source and wants third party submissions for KEV

AI infrastructure is “systemically” insecure

Much, much more

This week’s episode is sponsored by allowlisting vendor Airlock Digital. Airlock’s founders David Cottingham and Daniel Schell join Patrick Gray to talk about Microsoft briefly flagging DigitCert’s root certificate as malware. Fun!

This episode is also available on YouTube

Show notes

GitHub confirms being hacked by TeamPCP, says customer data unaffected | therecord.media

Grafana Labs links GitHub environment breach to TanStack npm supply chain attack | Cybersecurity Dive

Coruna Respawned: Compromised art-template npm Package Leads... | Socket

CISA chief frets about open-source vulnerabilities, delayed security improvements | cyberscoop.com

Anthropic: Mythos finds more than 10,000 software flaws in first month | cyberscoop.com

Pardon MIE? | ironPeak Blog

CISA asks cybersecurity community to alert it to vulnerability exploitation | Cybersecurity Dive

Lawmakers Demand Answers as CISA Tries to Contain Data Leak | krebsonsecurity.com

Google publishes exploit code threatening millions of Chromium users | arstechnica.com

Millions of AI agents imperiled by critical vulnerability in open source package | arstechnica.com

Discord migrates all users to end-to-end encryption by default | The Record

Texas AG sues Meta over claims that WhatsApp doesn't provide end-to-end encryption | arstechnica.com

Alleged Kimwolf Botmaster ‘Dort’ Arrested, Charged in U.S. and Canada | krebsonsecurity.com

Iran-linked hackers target key US, allied sectors with sophisticated spear-phishing messages | Cybersecurity Dive

FBI warns about fast-growing phishing kit targeting Microsoft 365 users | cyberscoop.com

Analyzing the rise in device code phishing attacks in 2026 | Push Security

Trump Mobile confirms it exposed customers’ personal data, including phone numbers and home addresses | TechCrunch Security

Kash Patel’s clothing brand website shut down after reports it was hacked | TechCrunch Security

Tulsi Gabbard resigns as US director of national intelligence | Social Signals

When Certificate Trust Fails: The DigiCert Code-Signing Incident and Microsoft Defender False Positive |

...more

View all episodes

View all episodes

Download on the App Store

Download on the App Store

Get it on Google Play

Risky Business

By Risky Business Media

4.6

364364 ratings

May 27, 2026

Risky Business #839 -- TeamPCP stole GitHub's internal repos

Listen Later

1 hour

On this week’s show Patrick Gray, Adam Boileau and James Wilson discuss the week’s cybersecurity news. They cover:

TeamPCP breached GitHub’s internal repos. Now what?

Some absolute plonker glued Coruna to a hijacked npm package

CISA is worried about about open source and wants third party submissions for KEV

AI infrastructure is “systemically” insecure

Much, much more

This week’s episode is sponsored by allowlisting vendor Airlock Digital. Airlock’s founders David Cottingham and Daniel Schell join Patrick Gray to talk about Microsoft briefly flagging DigitCert’s root certificate as malware. Fun!

This episode is also available on YouTube

Show notes

GitHub confirms being hacked by TeamPCP, says customer data unaffected | therecord.media

Grafana Labs links GitHub environment breach to TanStack npm supply chain attack | Cybersecurity Dive

Coruna Respawned: Compromised art-template npm Package Leads... | Socket

CISA chief frets about open-source vulnerabilities, delayed security improvements | cyberscoop.com

Anthropic: Mythos finds more than 10,000 software flaws in first month | cyberscoop.com

Pardon MIE? | ironPeak Blog

CISA asks cybersecurity community to alert it to vulnerability exploitation | Cybersecurity Dive

Lawmakers Demand Answers as CISA Tries to Contain Data Leak | krebsonsecurity.com

Google publishes exploit code threatening millions of Chromium users | arstechnica.com

Millions of AI agents imperiled by critical vulnerability in open source package | arstechnica.com

Discord migrates all users to end-to-end encryption by default | The Record

Texas AG sues Meta over claims that WhatsApp doesn't provide end-to-end encryption | arstechnica.com

Alleged Kimwolf Botmaster ‘Dort’ Arrested, Charged in U.S. and Canada | krebsonsecurity.com

Iran-linked hackers target key US, allied sectors with sophisticated spear-phishing messages | Cybersecurity Dive

FBI warns about fast-growing phishing kit targeting Microsoft 365 users | cyberscoop.com

Analyzing the rise in device code phishing attacks in 2026 | Push Security

Trump Mobile confirms it exposed customers’ personal data, including phone numbers and home addresses | TechCrunch Security

Kash Patel’s clothing brand website shut down after reports it was hacked | TechCrunch Security

Tulsi Gabbard resigns as US director of national intelligence | Social Signals

When Certificate Trust Fails: The DigiCert Code-Signing Incident and Microsoft Defender False Positive |

...more

More shows like Risky Business

Hacked by Hacked

Hacked

187 Listeners

Security Now (Audio) by TWiT

Security Now (Audio)

2,011 Listeners

Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec by Jerry Bell and Andrew Kalat

Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec

372 Listeners

SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast) by Johannes B. Ullrich

SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

651 Listeners

CyberWire Daily by N2K Networks

CyberWire Daily

1,028 Listeners

Smashing Security by Graham Cluley

Smashing Security

317 Listeners

Click Here by Recorded Future News

Click Here

418 Listeners

Darknet Diaries by Jack Rhysider

Darknet Diaries

8,077 Listeners

Cybersecurity Today by Jim Love

Cybersecurity Today

175 Listeners

Hacking Humans by N2K Networks

Hacking Humans

315 Listeners

CISO Series Podcast by David Spark, Mike Johnson, and Andy Ellis

CISO Series Podcast

195 Listeners

Defense in Depth by David Spark, Steve Zalewski, Geoff Belknap

Defense in Depth

73 Listeners

Cybersecurity Headlines by CISO Series

Cybersecurity Headlines

139 Listeners

Risky Bulletin by Risky Business Media

Risky Bulletin

45 Listeners

Hacker And The Fed by Chris Tarbell & Hector Monsegur

Hacker And The Fed

168 Listeners