Risky Business

By Patrick Gray

Risky Business is a weekly information security podcast featuring news and in-depth interviews with industry luminaries. Launched in February 2007, Risky Business is a must-listen digest for informati... more

4.6

358358 ratings

Download on the App Store

Download on the App Store

Get it on Google Play

FAQs about Risky Business:

How many episodes does Risky Business have?

The podcast currently has 590 episodes available.

Risky Business episodes:

August 01, 2025Soap Box: Why AI can't fix bad security products
In this Soap Box edition of the show Patrick Gray chats with the CEO of email security company Sublime Security, Josh Kamdjou. They talk about where AI is useful, where it isn’t, and why AI can’t save vendors from their bad product design choices.
This episode is also available on Youtube.

Show notes
...more
38min
July 30, 2025Risky Business #800 — The SharePoint bug may have leaked from Microsoft MAPP
On this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news:
Did the SharePoint bug leak out of the Microsoft MAPP program?

Expel retracts its FIDO bypass writeup

The mess surrounding the women-only dating-safety app Tea gets worse

Broadcom customers struggle to get patches for VMWare hypervisor escapes

Aeroflot gets hacked by the Cyber Partisans, disrupting flights
This week’s episode is sponsored by Push Security. Daniel Cuthbert joins and explains how having telemetry about identity from inside the browser is a key pillar for investigating intrusions in the browser-centric future.
This episode is also available on Youtube.

Show notes
Microsoft Probing Whether Cyber Alert Tipped Off Chinese Hackers

Microsoft says Warlock ransomware deployed in SharePoint attacks as governments scramble | The Record from Recorded Future News

What we know about the Microsoft SharePoint attacks | Cybersecurity Dive

An important update (and apology) on our PoisonSeed blog

Tea User Files Class Action After Women’s Safety App Exposes Data

A Second Tea Breach Reveals Users’ DMs About Abortions and Cheating

Top Lawyer for National Security Agency Is Fired

From Help Desk to Hypervisor: Defending Your VMware vSphere Estate from UNC3944

VMware prevents some perpetual license holders from downloading patches

Pro-Ukrainian hackers take credit for attack that snarls Russian flight travel - Ars Technica

КИБЕРУДАР ПО АЭРОФЛОТУ РФ!v

Treasury sanctions North Koreans involved in IT-worker schemes | Cybersecurity Dive

Minnesota governor activates National Guard amid St. Paul cyberattack | StateScoop

Outage was result of cyberattack, Post Luxembourg says

Clorox files $380 million suit blaming Cognizant for 2023 cyberattack | Cybersecurity Dive

Cisco network access security platform vulnerabilities under active exploitation | CyberScoop

Arizona woman sentenced to 8.5 years for running North Korean laptop farm | The Record from Recorded Future News

Cybercrime forum Leak Zone publicly exposed its users' IP addresses | TechCrunch
...more
54min
July 23, 2025Risky Business #799 -- Everyone's Sharepoint gets shelled
Risky Biz returns after two weeks off, and there sure is cybersecurity news to catch up on. Patrick Gray and Adam Boileau discuss:
Microsoft tried to make outsourcing the Pentagon’s cloud maintenance to China okay (it was not)

She shells Sharepoint by the sea-shore (by ‘she’ we mean ‘China’)

Four (alleged) Scattered Spider members arrested (and bailed) in the UK

Hackers spend $2700 to buy creds for a Brazilian payment system, steal $100M

Fortinet has SQLI in the auth header, Citrix mem leak is weaponised, HP hardcodes creds and Sonicwalls get user-moderootkits. Just security vendor things!
This week’s episode is sponsored by Airlock Digital. CEO David Cottingham talks through what it takes to build a mature, resilient management platform for a security critical system.
This episode is also available on Youtube.

Show notes
Update on DOD’s cloud services

Microsoft to stop using engineers in China for tech support of US military, Hegseth orders review

A Little-Known Microsoft Program Could Expose the Defense Department to Chinese Hackers

While DOD policy bans unauthorized apps like TikTok from being on employees phones over national security risks

Microsoft Fix Targets Attacks on SharePoint Zero-Day – Krebs on Security

National Guard was hacked by China's 'Salt Typhoon' group, DHS says

Suspected contractor for China’s Hafnium group arrested in in Italy | Cybersecurity Dive

Singapore accuses Chinese state-backed hackers of attacking critical infrastructure networks | The Record from Recorded Future News

UK Arrests Four in ‘Scattered Spider’ Ransom Group – Krebs on Security

Four people bailed after arrests over cyber attacks on M&S, Co-op and Harrods

Brazilian police arrest IT worker over $100 million cyber theft | The Record from Recorded Future News

At Least 750 US Hospitals Faced Disruptions During Last Year’s CrowdStrike Outage, Study Finds | WIRED

Hacker returns cryptocurrency stolen from GMX exchange after $5 million bounty payment | The Record

Indian crypto exchange CoinDCX says $44 million stolen from reserves | The Record

Chainalysis: $2.17 billion in crypto stolen in first half of 2025, driven by North Korean hacks | The Record

PoisonSeed bypassing FIDO keys to ‘fetch’ user accounts

Risky Bulletin: Browser extensions hijacked for web scraping botnet

A Startup is Selling Data Hacked from Peoples’ Computers to Debt Collectors

A surveillance vendor was caught exploiting a new SS7 attack to track people's phone locations | TechCrunch

Ukrainian hackers wipe databases at Russia's Gazprom in major cyberattack, intelligence source says

File transfer company CrushFTP warns of zero-day exploit seen in the wild | The Record

HPE warns of hardcoded passwords in Aruba access points

Pre-Auth SQL Injection to RCE - Fortinet FortiWeb Fabric Connector (CVE-2025-25257)

Researchers, CISA confirm active exploitation of critical Citrix Netscaler flaw | Cybersecurity Dive

Google finds custom backdoor being installed on SonicWall network devices - Ars Technica

Hackers Can Remotely Trigger the Brakes on American Trains and the Problem Has Been Ignored for Years
...more
1h 14min
July 14, 2025Risky Biz Soap Box: Prowler, the open cloud security platform
In this sponsored Soap Box edition of the Risky Business podcast Patrick Gray chats with Toni de la Fuente, founder of open source multi-cloud security product Prowler.
Toni explains how Prowler came to be, and how its journey followed his own learning about the cloud. The pair also discuss Prowler’s successful transition from an open-source project into a community, and now a growing business with an as-a-service platform.
This episode is also available on Youtube.

Show notes
...more
33min
July 02, 2025Risky Business #798 -- Mexican cartel surveilled the FBI to identify, kill witnesses
On this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news:
Australian airline Qantas looks like it got a Scattered Spider-ing

Microsoft works towards blunting the next CrowdStrike disaster

Changes are coming for Microsoft’s default enterprise app consenting setup

Synology downplays hardcoded passwords for its M365 cloud backup agent

The next Citrix Netscaler memory disclosure looks nasty

Drug cartels used technical surveillance to find, fix and finish FBI informants and witnesses
This week’s episode is sponsored by RAD Security. Co-founder Jimmy Mesta joins to talk through how they use AI automation to assess the security posture of sprawling cloud environments.
This episode is also available on Youtube.

Show notes
" rel="noopener noreferrer">Qantas hit by cyber attack, leaving 6 million customer records at risk of data breach

" rel="noopener noreferrer">Scattered Spider appears to pivot toward aviation sector | Cybersecurity Dive

" rel="noopener noreferrer">Microsoft to make Windows more resilient following 2024 IT outage | Cybersecurity Dive

" rel="noopener noreferrer">(384) The Ultimate Guide to App Consent in Microsoft Entra - YouTube

" rel="noopener noreferrer">When Backups Open Backdoors: Accessing Sensitive Cloud Data via "Synology Active Backup for Microsoft 365" / modzero

" rel="noopener noreferrer">AT&T deploys new account lock feature to counter SIM swapping | CyberScoop

" rel="noopener noreferrer">Iran-linked hackers threaten to release Trump aides' emails | Reuters

" rel="noopener noreferrer">US government warns of new Iran-linked cyber threats on critical infrastructure | Cybersecurity Dive

" rel="noopener noreferrer">Actively exploited vulnerability gives extraordinary control over server fleets - Ars Technica

" rel="noopener noreferrer">Critical vulnerability in Citrix Netscaler raises specter of exploitation wave | Cybersecurity Dive

" rel="noopener noreferrer">Identities of More Than 80 Americans Stolen for North Korean IT Worker Scams | WIRED

" rel="noopener noreferrer">Cloudflare confirms Russia restricting access to services amid free internet crackdown | The Record from Recorded Future News

" rel="noopener noreferrer">Mexican drug cartel used hacker to track FBI official, then killed potential FBI informants, government audit says | CNN Politics

" rel="noopener noreferrer">Audit of the FBI's Efforts to Mitigate the Effects of Ubiquitous Technical Surveillance - Redacted Report

" rel="noopener noreferrer">NATO members aim for spending 5% of GDP on defense, with 1.5% eligible for cyber | The Record from Recorded Future News

" rel="noopener noreferrer">US sanctions bulletproof hosting provider for supporting ransomware, infostealer operations | CyberScoop

" rel="noopener noreferrer">US, French authorities confirm arrest of BreachForums hackers | TechCrunch

" rel="noopener noreferrer">Spanish police arrest five over $542 million crypto investment scheme | The Record from Recorded Future News

" rel="noopener noreferrer">Scam compounds labeled a 'living nightmare' as Cambodian government accused of turning a blind eye | The Record from Recorded Future News
...more
1h 3min
June 25, 2025Risky Business #797 -- Stuxnet vs Massive Ordnance Penetrators
On this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news:
We roll our eyes over the “16 billion credentials” leak hitting mainstream news

Some interesting cyber angles emerge from the conflict in Iran

Opensource maintainer of libxml2 is fed up with this hacker crap

Shockingly, there are yet more ways to trick people into pasting commands into Windows

Veeam “patches” its backup software RCE like it’s 2002 … by breaking the public PoC
This week’s episode is sponsored by Internet-wide honeypot reconnaissance platform, Greynoise. Founder Andrew Morris joins to talk about their journey spotting Chinese ORB-builders hacking thousands of ASUS routers, and why they’re destined for the woodchipper.
This episode is also available on Youtube.

Show notes
" rel="noopener noreferrer">No, the 16 billion credentials leak is not a new data breach

" rel="noopener noreferrer">Canadian telecom hacked by suspected China state group - Ars Technica

" rel="noopener noreferrer">Telecom giant Viasat breached by China's Salt Typhoon hackers

" rel="noopener noreferrer">WarTranslated on X: "Iran’s jamming GPS in the Strait of Hormuz, messing with ~970 ships, per Windward. UKMTO confirms the interference. Faulty AIS coordinates are screwing up navigation in the Persian Gulf. The IRGC threatens to shut the strait down in hours. https://t.co/kdMJvshOGC" / X

" rel="noopener noreferrer">Dmitri Alperovitch on X: "Chairman of the Joint Chiefs Gen. Dan Caine says @US_CYBERCOM supported this strike mission" / X

" rel="noopener noreferrer">Top Pentagon spy pick rejected by White House - POLITICO

" rel="noopener noreferrer">DHS warns of heightened cyber threat as US enters Iran conflict | Cybersecurity Dive

" rel="noopener noreferrer">Exclusive: Early US intel assessment suggests strikes on Iran did not destroy nuclear sites, sources say

" rel="noopener noreferrer">U.S. braces for Iran's response after overnight strikes on nuclear sites

" rel="noopener noreferrer">Assessing the Damage to Iran’s Nuclear Program

" rel="noopener noreferrer">Iran Hacks Tirana Municipality in Retaliation Over MEK - Tirana Times

" rel="noopener noreferrer">Iran's government says it shut down internet to protect against cyberattacks | TechCrunch

" rel="noopener noreferrer">Aflac discloses cyber intrusion linked to wider crime spree targeting insurance industry | Cybersecurity Dive

" rel="noopener noreferrer">Tonga Ministry of Health hit with cyberattack affecting website, IT systems | The Record from Recorded Future News

" rel="noopener noreferrer">Alleged Ryuk ransomware gang member arrested in Ukraine and extradited to US | The Record from Recorded Future News

" rel="noopener noreferrer">Russia releases REvil members after convictions for payment card fraud | The Record from Recorded Future News

" rel="noopener noreferrer">OneLogin, Many Issues: How I Pivoted from a Trial Tenant to Compromising Customer Signing Keys - SpecterOps

" rel="noopener noreferrer">Triaging security issues reported by third parties (#913) · Issue · GNOME/libxml2

" rel="noopener noreferrer">README: Set expectations straight (35d04a08) · Commits · GNOME / libxml2 · GitLab

" rel="noopener noreferrer">What’s in an ASP? Creative Phishing Attack on Prominent Academics and Critics of Russia | Google Cloud Blog

" rel="noopener noreferrer">FileFix - A ClickFix Alternative | mr.d0x

" rel="noopener noreferrer">Address bar shows hp.com. Browser displays scammers’ malicious text anyway. - Ars Technica

" rel="noopener noreferrer">Researchers urge vigilance as Veeam releases patch to address critical flaw | Cybersecurity Dive

" rel="noopener noreferrer">ASUSpicious Flaw - Millions of Users’ Information Exposed Since 2022 | MrBruh's Epic Blog

" rel="noopener noreferrer">Perth dad who created ‘evil twin’ Wi-Fi did so to access pictures of women

" rel="noopener noreferrer">GreyNoise Discovers Stealthy Backdoor Campaign Affecting Thousands of ASUS Routers
...more
1h 3min
June 18, 2025Risky Business #796 -- With special guest co-host Chris Krebs
On this week’s show Patrick Gray and Adam Boileau are joined by special guest Chris Krebs to discuss the week’s cybersecurity news. They talk through:
Israeli “hacktivists” take out an Iranian state-owned bank

Scattered-spider and friends pivot into attacking insurers

Securing identities in a cloud-first world keeps us awake at night

Microsoft takes the “aas” out of SaaS for Europe, leaving us with just software!

An AI prompt injection into M365 exfils corporate data
This week’s episode is sponsored by Kroll’s Cyber practice. Kroll Cyber Associate Managing Director George Glass is based in London and talks through his experiences helping organisations in the UK deal with the Scattered Spider attacks.
This episode is also available on Youtube.

Show notes
Iran’s Bank Sepah disrupted by cyberattack claimed by pro-Israel hacktivist group | CyberScoop

Iran orders officials to ditch connected devices

Heightened Cyberthreat Amidst Israel-Iran Conflict

Threat group linked to UK, US retail attacks now targeting insurance industry | Cybersecurity Dive

Coming to Apple OSes: A seamless, secure way to import and export passkeys - Ars Technica

Cyberattack on Washington Post Compromises Email Accounts of Journalists

Hackers impersonating US government compromise email account of prominent Russia researcher | The Record from Recorded Future News

A good one to talk to Chris about:

Breaking down ‘EchoLeak’, the First Zero-Click AI Vulnerability Enabling Data Exfiltration from Microsoft 365 Copilot

CISA warns of supply chain risks as ransomware attacks exploit SimpleHelp flaws | Cybersecurity Dive

Whole Foods supplier making progress on restoration after cyberattack left shelves empty | The Record from Recorded Future News

Ransomware attack on ticketing platform upends South Korean entertainment industry | The Record from Recorded Future News

Advisory: Cybersecurity incident
...more
1h 2min
June 16, 2025Soap Box: AI has entered the SOC, and it ain't going anywhere
In this sponsored Soap Box edition of the Risky Business podcast Patrick Gray chats with Dropzone AI founder Ed Wu about the role of LLMs in the SOC.
The debate about whether AI agents are going to wind up in the SOC is over, they’ve already arrived. But what are they good for? What are they NOT good for? And where else will we see AI popping up in security?
This episode is also available on Youtube.

Show notes
...more
31min
June 11, 2025Risky Business #795 -- How The Com is hacking Salesforce tenants
On this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news:
New York Times gets a little stolen Russian FSB data as a treat

iVerify spots possible evidence of iOS exploitation against the Harris-Walz campaign

Researcher figures out a trick to get Google account holders’ full names and phone numbers

Major US food distributor gets ransomwared

The Com’s social engineering of Salesforce app authorisations is a harbinger of our future problems

Australian Navy forgets New Zealand has computers, zaps Kiwis with their giant radar.
This week’s episode is sponsored by identity provider Okta. Long-time friend of the show Alex Tilley is Okta’s Global Threat Research Coordinator, and he joins to discuss how organisations can use both human and technical signals to spot North Koreans in their midst.
This episode is also available on Youtube.

Show notes
How The Times Obtained Secret Russian Intelligence Documents - The New York Times

Ukraine's military intelligence claims cyberattack on Russian strategic bomber maker | The Record from Recorded Future News

Harris-Walz campaign may have been targeted by iPhone hackers, cybersecurity firm says

iVerify Uncovers Evidence of Zero-Click Mobile Exploitation in the U.S.

Spyware maker cuts ties with Italy after government refused audit into hack of journalist’s phone | The Record from Recorded Future News

Italian lawmakers say Italy used spyware to target phones of immigration activists, but not against journalist | TechCrunch

Android chipmaker Qualcomm fixes three zero-days exploited by hackers | TechCrunch

Cellebrite to acquire mobile testing firm Corellium in $200 million deal | CyberScoop

Apple Gave Governments Data on Thousands of Push Notifications

A Researcher Figured Out How to Reveal Any Phone Number Linked to a Google Account

Bruteforcing the phone number of any Google user

Acreed infostealer poised to replace Lumma after global crackdown | The Record from Recorded Future News

BidenCash darknet forum taken down by US, Dutch law enforcement | The Record from Recorded Future News

NHS calls for 1 million blood donors as UK stocks remain low following cyberattack | The Record from Recorded Future News

Major food wholesaler says cyberattack impacting distribution systems | The Record from Recorded Future News

Kettering Health confirms attack by Interlock ransomware group as health record system is restored | The Record from Recorded Future News

Hackers abuse malicious version of Salesforce tool for data theft, extortion | Cybersecurity Dive

shubs on X: "IP whitelisting is fundamentally broken. At @assetnote, we've successfully bypassed network controls by routing traffic through a specific location (cloud provider, geo-location). Today, we're releasing Newtowner, to help test for this issue: https://t.co/X3dkMz9gwK" / X

Ross Ulbricht Got a $31 Million Donation From a Dark Web Dealer, Crypto Tracers Suspect | WIRED

Australian navy ship causes radio and internet outages to parts of New Zealand
...more
1h 8min
June 04, 2025Risky Business #794 -- Psychic Panda outgunned by Fluffy Lizard and UNC56728242
On this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news:
Cyber firms agree to deconflict and cross-reference hacker group names

Russian nuclear facility blueprints gathered from public procurement websites

Someone audio deepfaked the White House Chief of Staff, but for the dumbest reasons

Germany identifies the Trickbot kingpin

Google spots China’s MSS using Calendar events for malware C2

Meta apps abuse localhost listeners to track web sessions.
This week’s episode is sponsored by automation vendor Tines. Its Field CISO, Matt Muller, joins the show to discuss an open letter penned by JP Morgan Chase’s CISO that pleads with Software as a Service suppliers to try to suck less at security.
This episode is also available on Youtube.

Show notes
'Forest Blizzard' vs 'Fancy Bear' - cyber companies hope to untangle weird hacker nicknames | Reuters

Ukraine's Massive Drone Attack Was Powered by Open Source Software

Massive security breach: Russian nuclear facilities exposed online

How a Spyware App Compromised Assad’s Army - New Lines Magazine

Exclusive | Federal Authorities Probe Effort to Impersonate White House Chief of Staff Susie Wiles - WSJ

Malaysian home minister’s WhatsApp hacked, used to scam contacts | The Record from Recorded Future News

U.S. Sanctions Cloud Provider ‘Funnull’ as Top Source of ‘Pig Butchering’ Scams – Krebs on Security

Top counter antivirus service disrupted in global takedown | CyberScoop

Cops in Germany Claim They’ve ID’d the Mysterious Trickbot Ransomware Kingpin | WIRED

Australian ransomware victims now must tell the government if they pay up | The Record from Recorded Future News

Google: China-backed hackers hiding malware in calendar events | Cybersecurity Dive

Coinbase breach linked to customer data leak in India, sources say | Reuters

US military IT specialist arrested for allegedly trying to leak secrets to foreign government | The Record from Recorded Future News

NSO appeals WhatsApp decision, says it can’t pay $168 million in ‘unlawful’ damages | The Record from Recorded Future News

ConnectWise says nation-state attack targeted multiple ScreenConnect customers | The Record from Recorded Future News

Google Online Security Blog: Sustaining Digital Certificate Security - Upcoming Changes to the Chrome Root Store

Meta and Yandex are de-anonymizing Android users’ web browsing identifiers - Ars Technica

An Open Letter to Third-Party Suppliers
...more
59min

FAQs about Risky Business:

How many episodes does Risky Business have?

The podcast currently has 590 episodes available.

More shows like Risky Business

Security Now (Audio) by TWiT

Security Now (Audio)

1,981 Listeners

SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast) by Johannes B. Ullrich

SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

639 Listeners

Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec by Jerry Bell and Andrew Kalat

Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec

370 Listeners

Hacked by Hacked

Hacked

182 Listeners

CyberWire Daily by N2K Networks

CyberWire Daily

1,013 Listeners

Smashing Security by Graham Cluley

Smashing Security

314 Listeners

Click Here by Recorded Future News

Click Here

408 Listeners

Malicious Life by Malicious Life

Malicious Life

925 Listeners

Darknet Diaries by Jack Rhysider

Darknet Diaries

7,921 Listeners

Cybersecurity Today by Jim Love

Cybersecurity Today

163 Listeners

CISO Series Podcast by David Spark, Mike Johnson, and Andy Ellis

CISO Series Podcast

190 Listeners

Hacking Humans by N2K Networks

Hacking Humans

311 Listeners

Defense in Depth by David Spark, Steve Zalewski, Geoff Belknap

Defense in Depth

76 Listeners

Cyber Security Headlines by CISO Series

Cyber Security Headlines

128 Listeners

Risky Bulletin by risky.biz

Risky Bulletin

43 Listeners