Risky Business

By Patrick Gray

Risky Business is a weekly information security podcast featuring news and in-depth interviews with industry luminaries. Launched in February 2007, Risky Business is a must-listen digest for informati... more

4.6

354354 ratings

Download on the App Store

Download on the App Store

Get it on Google Play

FAQs about Risky Business:

How many episodes does Risky Business have?

The podcast currently has 584 episodes available.

Risky Business episodes:

June 18, 2025Risky Business #796 -- With special guest co-host Chris Krebs
On this week’s show Patrick Gray and Adam Boileau are joined by special guest Chris Krebs to discuss the week’s cybersecurity news. They talk through:
Israeli “hacktivists” take out an Iranian state-owned bank

Scattered-spider and friends pivot into attacking insurers

Securing identities in a cloud-first world keeps us awake at night

Microsoft takes the “aas” out of SaaS for Europe, leaving us with just software!

An AI prompt injection into M365 exfils corporate data
This week’s episode is sponsored by Kroll’s Cyber practice. Kroll Cyber Associate Managing Director George Glass is based in London and talks through his experiences helping organisations in the UK deal with the Scattered Spider attacks.
This episode is also available on Youtube.

Show notes
Iran’s Bank Sepah disrupted by cyberattack claimed by pro-Israel hacktivist group | CyberScoop

Iran orders officials to ditch connected devices

Heightened Cyberthreat Amidst Israel-Iran Conflict

Threat group linked to UK, US retail attacks now targeting insurance industry | Cybersecurity Dive

Coming to Apple OSes: A seamless, secure way to import and export passkeys - Ars Technica

Cyberattack on Washington Post Compromises Email Accounts of Journalists

Hackers impersonating US government compromise email account of prominent Russia researcher | The Record from Recorded Future News

A good one to talk to Chris about:

Breaking down ‘EchoLeak’, the First Zero-Click AI Vulnerability Enabling Data Exfiltration from Microsoft 365 Copilot

CISA warns of supply chain risks as ransomware attacks exploit SimpleHelp flaws | Cybersecurity Dive

Whole Foods supplier making progress on restoration after cyberattack left shelves empty | The Record from Recorded Future News

Ransomware attack on ticketing platform upends South Korean entertainment industry | The Record from Recorded Future News

Advisory: Cybersecurity incident
...more
1h 2min
June 16, 2025Soap Box: AI has entered the SOC, and it ain't going anywhere
In this sponsored Soap Box edition of the Risky Business podcast Patrick Gray chats with Dropzone AI founder Ed Wu about the role of LLMs in the SOC.
The debate about whether AI agents are going to wind up in the SOC is over, they’ve already arrived. But what are they good for? What are they NOT good for? And where else will we see AI popping up in security?
This episode is also available on Youtube.

Show notes
...more
31min
June 11, 2025Risky Business #795 -- How The Com is hacking Salesforce tenants
On this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news:
New York Times gets a little stolen Russian FSB data as a treat

iVerify spots possible evidence of iOS exploitation against the Harris-Walz campaign

Researcher figures out a trick to get Google account holders’ full names and phone numbers

Major US food distributor gets ransomwared

The Com’s social engineering of Salesforce app authorisations is a harbinger of our future problems

Australian Navy forgets New Zealand has computers, zaps Kiwis with their giant radar.
This week’s episode is sponsored by identity provider Okta. Long-time friend of the show Alex Tilley is Okta’s Global Threat Research Coordinator, and he joins to discuss how organisations can use both human and technical signals to spot North Koreans in their midst.
This episode is also available on Youtube.

Show notes
How The Times Obtained Secret Russian Intelligence Documents - The New York Times

Ukraine's military intelligence claims cyberattack on Russian strategic bomber maker | The Record from Recorded Future News

Harris-Walz campaign may have been targeted by iPhone hackers, cybersecurity firm says

iVerify Uncovers Evidence of Zero-Click Mobile Exploitation in the U.S.

Spyware maker cuts ties with Italy after government refused audit into hack of journalist’s phone | The Record from Recorded Future News

Italian lawmakers say Italy used spyware to target phones of immigration activists, but not against journalist | TechCrunch

Android chipmaker Qualcomm fixes three zero-days exploited by hackers | TechCrunch

Cellebrite to acquire mobile testing firm Corellium in $200 million deal | CyberScoop

Apple Gave Governments Data on Thousands of Push Notifications

A Researcher Figured Out How to Reveal Any Phone Number Linked to a Google Account

Bruteforcing the phone number of any Google user

Acreed infostealer poised to replace Lumma after global crackdown | The Record from Recorded Future News

BidenCash darknet forum taken down by US, Dutch law enforcement | The Record from Recorded Future News

NHS calls for 1 million blood donors as UK stocks remain low following cyberattack | The Record from Recorded Future News

Major food wholesaler says cyberattack impacting distribution systems | The Record from Recorded Future News

Kettering Health confirms attack by Interlock ransomware group as health record system is restored | The Record from Recorded Future News

Hackers abuse malicious version of Salesforce tool for data theft, extortion | Cybersecurity Dive

shubs on X: "IP whitelisting is fundamentally broken. At @assetnote, we've successfully bypassed network controls by routing traffic through a specific location (cloud provider, geo-location). Today, we're releasing Newtowner, to help test for this issue: https://t.co/X3dkMz9gwK" / X

Ross Ulbricht Got a $31 Million Donation From a Dark Web Dealer, Crypto Tracers Suspect | WIRED

Australian navy ship causes radio and internet outages to parts of New Zealand
...more
1h 8min
June 04, 2025Risky Business #794 -- Psychic Panda outgunned by Fluffy Lizard and UNC56728242
On this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news:
Cyber firms agree to deconflict and cross-reference hacker group names

Russian nuclear facility blueprints gathered from public procurement websites

Someone audio deepfaked the White House Chief of Staff, but for the dumbest reasons

Germany identifies the Trickbot kingpin

Google spots China’s MSS using Calendar events for malware C2

Meta apps abuse localhost listeners to track web sessions.
This week’s episode is sponsored by automation vendor Tines. Its Field CISO, Matt Muller, joins the show to discuss an open letter penned by JP Morgan Chase’s CISO that pleads with Software as a Service suppliers to try to suck less at security.
This episode is also available on Youtube.

Show notes
'Forest Blizzard' vs 'Fancy Bear' - cyber companies hope to untangle weird hacker nicknames | Reuters

Ukraine's Massive Drone Attack Was Powered by Open Source Software

Massive security breach: Russian nuclear facilities exposed online

How a Spyware App Compromised Assad’s Army - New Lines Magazine

Exclusive | Federal Authorities Probe Effort to Impersonate White House Chief of Staff Susie Wiles - WSJ

Malaysian home minister’s WhatsApp hacked, used to scam contacts | The Record from Recorded Future News

U.S. Sanctions Cloud Provider ‘Funnull’ as Top Source of ‘Pig Butchering’ Scams – Krebs on Security

Top counter antivirus service disrupted in global takedown | CyberScoop

Cops in Germany Claim They’ve ID’d the Mysterious Trickbot Ransomware Kingpin | WIRED

Australian ransomware victims now must tell the government if they pay up | The Record from Recorded Future News

Google: China-backed hackers hiding malware in calendar events | Cybersecurity Dive

Coinbase breach linked to customer data leak in India, sources say | Reuters

US military IT specialist arrested for allegedly trying to leak secrets to foreign government | The Record from Recorded Future News

NSO appeals WhatsApp decision, says it can’t pay $168 million in ‘unlawful’ damages | The Record from Recorded Future News

ConnectWise says nation-state attack targeted multiple ScreenConnect customers | The Record from Recorded Future News

Google Online Security Blog: Sustaining Digital Certificate Security - Upcoming Changes to the Chrome Root Store

Meta and Yandex are de-anonymizing Android users’ web browsing identifiers - Ars Technica

An Open Letter to Third-Party Suppliers
...more
59min
May 28, 2025Risky Business #793 -- Scattered Spider is hijacking MX records
In this week’s edition of Risky Business Dmitri Alperovitch and Adam Boileau join Patrick Gray to talk through the week’s news, including:
EXCLUSIVE: A Scattered Spider-style crew is hijacking DNS MX entries and compromising enterprises within minutes

The SVG format brings the all horrors of HTML+JS to image files, and attackers have noticed

Brian Krebs eats a 6.3Tbps DDoS … ‘cause that’s how you demo your packet cannon

Law enforcement takes out Lumma Stealer, Qakbot, Danabot and some dark web drug traffickers

Iranian behind 2019 Baltimore ransomware mysteriously appears in North Carolina and pleads guilty

CISA’s leadership is fleeing in droves, even though the US needs them more than ever.
This week’s episode is sponsored by Thinkst Canary. Long time friend of the show Haroon Meer joins and talks through where he feels the industry is at, having just returned home from the AI-fueled hype at this year’s RSA conference.
This episode is also available on Youtube.

Show notes
" rel="noopener noreferrer">China-linked ‘Silk Typhoon’ hackers accessed Commvault cloud environments, person familiar says - Nextgov/FCW

" rel="noopener noreferrer">Risky Bulletin: SVG use for phishing explodes in 2025 - Risky Business Media

" rel="noopener noreferrer">KrebsOnSecurity Hit With Near-Record 6.3 Tbps DDoS – Krebs on Security

" rel="noopener noreferrer">Midwestern telco Cellcom confirms cyber incident after days of service outages | The Record from Recorded Future News

" rel="noopener noreferrer">Microsoft leads international takedown of Lumma Stealer | Cybersecurity Dive

" rel="noopener noreferrer">Who said what? on X: "Message from the administrator of Lumma Stealer on the forums about the recent events🕊️👀 https://t.co/MOjCSMMErK" / X

" rel="noopener noreferrer">Ransomware hackers charged, infrastructure dismantled in international law enforcement operation | The Record from Recorded Future News

" rel="noopener noreferrer">Oops: DanaBot Malware Devs Infected Their Own PCs – Krebs on Security

" rel="noopener noreferrer">DOJ charges man allegedly behind Qakbot malware | The Record from Recorded Future News

" rel="noopener noreferrer">US, Europol arrest 270 dark web drug traffickers in Operation RapTor | The Record from Recorded Future News

" rel="noopener noreferrer">Iranian pleads guilty to launching Baltimore ransomware attack, faces 30 years behind bars | The Record from Recorded Future News

" rel="noopener noreferrer">Decentralized crypto platform Cetus hit with $223 million hack | The Record from Recorded Future News

" rel="noopener noreferrer">Nearly 70,000 impacted by Coinbase breach involving $20 million ransom demand | The Record from Recorded Future News

" rel="noopener noreferrer">USA: Crypto investor charged with kidnapping, torturing man in an NYC apartment

" rel="noopener noreferrer">Vietnam orders ban on Telegram messaging app over security concerns | The Record from Recorded Future News

" rel="noopener noreferrer">Exclusive: Hacker who breached communications app used by Trump aide stole data from across US government | Reuters

" rel="noopener noreferrer">CISA loses nearly all top officials as purge continues | Cybersecurity Dive

" rel="noopener noreferrer">White House dismisses scores of National Security Council staff - The Washington Post
...more
1h 5min
May 21, 2025Risky Business #792 -- Beware, Coinbase users. Crypto thieves are taking fingers now
On this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news:
TeleMessage memory dumps show up on DDoSecrets

Coinbase contractor bribed to hand over user data

Telegram does seem to be actually cooperating with law enforcement

Britain’s legal aid service gets 15 years worth of applicant data stolen

Shocking no one, Ivanti were weaseling when they blamed latest bugs on a third party library
This week’s episode is sponsored by Prowler, who make an open source cloud security tool. Founder and original project developer Toni de la Fuente joins to talk through the flexibility that open tooling brings. Prowler is also adding support for SaaS platforms like M365, and of course, an AI assistant to help you write checks!
This episode is also available on Youtube.

Show notes
TeleMessage - Distributed Denial of Secrets

How the Signal Knockoff App TeleMessage Got Hacked in 20 Minutes | WIRED

Coinbase says thieves stole user data and tried to extort $20M

Hack could cost Coinbase up to $400M: filing | Cybersecurity Dive

Severed Fingers and ‘Wrench Attacks’ Rattle the Crypto Elite

Money Stuff: US Debt Rates Itself | NewsletterHunt

2 massive black market services blocked by Telegram, messaging app says | Reuters

Telegram Gave Authorities Data on More than 20,000 Users

GovDelivery, an email alert system used by governments, abused to send scam messages | TechCrunch

ATO warning as hackers steal $14,000 in tax returns: ‘Be wary’

Hack of SEC social media account earns 14-month prison sentence for Alabama man | The Record from Recorded Future News

19-year-old accused of largest child data breach in U.S. agrees to plead guilty

Beach mansion, Benz and Bitcoin worth $4.5m seized from League of Legends hacker Shane Stephen Duffy | 7NEWS

Pegasus spyware maker rebuffed in efforts to get off trade blacklist - The Washington Post

Ransomware attack hits supplier of refrigerated groceries to British supermarkets | The Record from Recorded Future News

UK government confirms massive data breach following hack of Legal Aid Agency | The Record from Recorded Future News

Ivanti Endpoint Mobile Manager customers exploited via chained vulnerabilities | Cybersecurity Dive

Expression Payloads Meet Mayhem - Ivanti EPMM Unauth RCE Chain (CVE-2025-4427 and CVE-2025-4428)
...more
54min
May 15, 2025Risky Biz Soap Box: Push Security's browser-first twist on identity security
In this wholly sponsored Soap Box edition of the show, Patrick Gray chats with Adam Bateman and Luke Jennings from Push Security.
Push has built an identity security platform that collects identity information and events from your users’ browsers. It can detect phish kits and shut down phishing attempts, protect SSO credentials, and find shadow/personal account that a user has spun up.
It’s extremely difficult to bypass. That’s because when you’re in the browser it doesn’t matter how a phishing link arrives, or how a threat actor has concealed it from your detection stack – if the user sees it, Push sees it.
There are solutions for protecting your users SSO credentials, like passkeys. But what about all the SaaS in your environment? Even if it’s enrolled into your SSO, are you sure that’s how your users are authenticating to it? What about the automation platforms your developers and admins use? What about data platforms like Snowflake? Are your using setting up passkeys for those accounts? How would you know, and what problems can it cause if those accounts are vulnerable?
This is a fun one!
This episode is also available on Youtube.

Show notes
...more
35min
May 14, 2025Risky Business #791 -- Woof! Copilot for Sharepoint coughs up creds and keys
On this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news:
Struggling to find that pesky passwords.xlsx in Sharepoint? Copilot has your back!

The ransomware ecosystem is finding life a bit tough lately

SAP Netweaver bug being used by Chinese APT crew

Academics keep just keep finding CPU side-channel attacks

And of course… bugs! Asus, Ivanti, Fortinet… and a Nissan LEAF?
This week’s episode is sponsored by Resourcely, who will soothe your Terraform pains. Founder and CEO Tracis McPeak joins to talk about how to get from a very red dashboard full of cloud problems to a workable future.
This episode is also available on Youtube.

Show notes
" rel="noopener noreferrer">Exploiting Copilot AI for SharePoint | Pen Test Partners

" rel="noopener noreferrer">MrBruh's Epic Blog

" rel="noopener noreferrer">Ransomware group Lockbit appears to have been hacked, analysts say | Reuters

" rel="noopener noreferrer">"CONTI LEAK: Video they tried to bury! 6+ Conti members on a private jet. TARGET’s birthday — $10M bounty on his head. Filmed by TARGET himself. Original erased — we kept a copy."

" rel="noopener noreferrer">Mysterious hackers who targeted Marks and Spencer's computer systems hint at political allegiance as they warn other tech criminals not to attack former Soviet states

" rel="noopener noreferrer">The organizational structure of ransomware groups is evolving rapidly.

" rel="noopener noreferrer">SAP NetWeaver exploitation enters second wave of threat activity

" rel="noopener noreferrer">China-Nexus Nation State Actors Exploit SAP NetWeaver (CVE-2025-31324) to Target Critical Infrastructures

" rel="noopener noreferrer">DOGE software engineer’s computer infected by info-stealing malware

" rel="noopener noreferrer">Hackers hijack Japanese financial accounts to conduct nearly $2 billion in trades

" rel="noopener noreferrer">FBI and Dutch police seize and shut down botnet of hacked routers

" rel="noopener noreferrer">Poland arrests four in global DDoS-for-hire takedown

" rel="noopener noreferrer">School districts hit with extortion attempts after PowerSchool breach

" rel="noopener noreferrer">EU launches vulnerability database to tackle cybersecurity threats

" rel="noopener noreferrer">Training Solo - vusec

" rel="noopener noreferrer">Branch Privilege Injection: Exploiting Branch Predictor Race Conditions – Computer Security Group

" rel="noopener noreferrer">Remote Exploitation of Nissan Leaf: Controlling Critical Body Elements from the Internet

" rel="noopener noreferrer">PSIRT | FortiGuard Labs

" rel="noopener noreferrer">EPMM Security Update | Ivanti
...more
58min
May 09, 2025Wide World of Cyber: How state adversaries attack security vendors
In this edition of the Wide World of Cyber podcast Patrick Gray talks to SentinelOne’s Steve Stone and Alex Stamos about how foreign adversaries are targeting security vendors, including them.
From North Korean IT workers to Chinese supply chain attacks, SentinelOne and its competitors are constantly fending off sophisticated hacking campaigns.
This edition of the Wide World of Cyber was recorded in front of a live audience in San Francisco, with Patrick attending via Zoom.
The Wide World of Cyber podcast series is a wholly sponsored co-production between SentinelOne and Risky Business Media.
This episode is also available on Youtube.

Show notes
...more
53min
May 07, 2025Risky Business #790 -- Bye bye Signal-gate, hello TeleMessage-gate
On this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news:
White House’s off-brand Israeli Signal fork logs cleartext messages with hard coded creds while getting hacked (twice). Just … Wow.

Ransomware attacks on UK retailers are linked, and Marks & Spencer has it extra bad

After six years dormant, a Magento eCommerce platform backdoor comes to life

The North Korean IT worker scam is truly webscale

NSO group owes Meta $168m for hacking WhatsApp
This week’s episode is sponsored by vulnerability management wranglers, Nucleus Security. Aaron Unterberger joins to talk through the complexities of tracking vulnerabilities in cloud components - left to the source, right to the deployments, and …sideways into the sidecars?
This week’s show also features an excerpt from Pat’s interview with Senator Mark Warner - Scoot back one in your podcast feed to check out the full chat, or find it on Youtube.
This episode is available on Youtube too.

Show notes
Mike Waltz Accidentally Reveals Obscure App the Government Is Using to Archive Signal Messages

Despite misleading marketing, Israeli company TeleMessage, used by Trump officials, can access plaintext chat logs

The Signal Clone the Trump Admin Uses Was Hacked

App used by Mike Waltz suspends services after hacking claims

Senator Demands Investigation into Trump Admin Signal Clone After 404 Media Investigation

MG on X: "Looks like TeleMessage was probably procured and rolled out under Biden. There are public records for it. https://t.co/XCuZpi8PL3" / X

Harrods becomes latest retailer to announce attempted cyberattack | The Record from Recorded Future News

Co-op DragonForce cyber attack includes customer data, firm admits

Co-op cyber attack: Staff told to keep cameras on in meetings

Hundreds of e-commerce sites hacked in supply-chain attack - Ars Technica

Microsoft’s new “passwordless by default” is great but comes at a cost - Ars Technica

Windows RDP lets you log in using revoked passwords. Microsoft is OK with that. - Ars Technica

North Korean operatives have infiltrated hundreds of Fortune 500 companies | CyberScoop

US wants to cut off key player in Southeast Asian cybercrime industry | The Record from Recorded Future News

Myanmar militia leader sanctioned by US over cyber scam connections | The Record from Recorded Future News

Trump proposes major cut to CISA’s budget, citing false ‘censorship’ claims | Cybersecurity Dive

NSA to cut up to 2,000 civilian roles as part of intel community downsizing | The Record from Recorded Future News

NSO Group owes $168M in damages to WhatsApp over spyware infections, jury says | CyberScoop
...more
57min

FAQs about Risky Business:

How many episodes does Risky Business have?

The podcast currently has 584 episodes available.

More shows like Risky Business

Security Now (Audio) by TWiT

Security Now (Audio)

1,970 Listeners

SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast) by Johannes B. Ullrich

SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

626 Listeners

Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec by Jerry Bell and Andrew Kalat

Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec

367 Listeners

Hacked by Hacked

Hacked

176 Listeners

CyberWire Daily by N2K Networks

CyberWire Daily

1,006 Listeners

Smashing Security by Graham Cluley & Carole Theriault

Smashing Security

311 Listeners

Click Here by Recorded Future News

Click Here

407 Listeners

Malicious Life by Malicious Life

Malicious Life

925 Listeners

Darknet Diaries by Jack Rhysider

Darknet Diaries

7,875 Listeners

Cybersecurity Today by Jim Love

Cybersecurity Today

166 Listeners

CISO Series Podcast by David Spark, Mike Johnson, and Andy Ellis

CISO Series Podcast

187 Listeners

Hacking Humans by N2K Networks

Hacking Humans

314 Listeners

Defense in Depth by David Spark, Steve Zalewski, Geoff Belknap

Defense in Depth

74 Listeners

Cyber Security Headlines by CISO Series

Cyber Security Headlines

127 Listeners

Risky Bulletin by risky.biz

Risky Bulletin

33 Listeners