Risky Biz returns after two weeks off, and there sure is cybersecurity news to catch up on. Patrick Gray and Adam Boileau discuss:
Microsoft tried to make outsourcing the Pentagon’s cloud maintenance to China okay (it was not)
She shells Sharepoint by the sea-shore (by ‘she’ we mean ‘China’)
Four (alleged) Scattered Spider members arrested (and bailed) in the UK
Hackers spend $2700 to buy creds for a Brazilian payment system, steal $100M
Fortinet has SQLI in the auth header, Citrix mem leak is weaponised, HP hardcodes creds and Sonicwalls get user-moderootkits. Just security vendor things!This week’s episode is sponsored by Airlock Digital. CEO David Cottingham talks through what it takes to build a mature, resilient management platform for a security critical system.
This episode is also available on Youtube.
Show notes
Update on DOD’s cloud services
Microsoft to stop using engineers in China for tech support of US military, Hegseth orders review
A Little-Known Microsoft Program Could Expose the Defense Department to Chinese Hackers
While DOD policy bans unauthorized apps like TikTok from being on employees phones over national security risks
Microsoft Fix Targets Attacks on SharePoint Zero-Day – Krebs on Security
National Guard was hacked by China's 'Salt Typhoon' group, DHS says
Suspected contractor for China’s Hafnium group arrested in in Italy | Cybersecurity Dive
Singapore accuses Chinese state-backed hackers of attacking critical infrastructure networks | The Record from Recorded Future News
UK Arrests Four in ‘Scattered Spider’ Ransom Group – Krebs on Security
Four people bailed after arrests over cyber attacks on M&S, Co-op and Harrods
Brazilian police arrest IT worker over $100 million cyber theft | The Record from Recorded Future News
At Least 750 US Hospitals Faced Disruptions During Last Year’s CrowdStrike Outage, Study Finds | WIRED
Hacker returns cryptocurrency stolen from GMX exchange after $5 million bounty payment | The Record
Indian crypto exchange CoinDCX says $44 million stolen from reserves | The Record
Chainalysis: $2.17 billion in crypto stolen in first half of 2025, driven by North Korean hacks | The Record
PoisonSeed bypassing FIDO keys to ‘fetch’ user accounts
Risky Bulletin: Browser extensions hijacked for web scraping botnet
A Startup is Selling Data Hacked from Peoples’ Computers to Debt Collectors
A surveillance vendor was caught exploiting a new SS7 attack to track people's phone locations | TechCrunch
Ukrainian hackers wipe databases at Russia's Gazprom in major cyberattack, intelligence source says
File transfer company CrushFTP warns of zero-day exploit seen in the wild | The Record
HPE warns of hardcoded passwords in Aruba access points
Pre-Auth SQL Injection to RCE - Fortinet FortiWeb Fabric Connector (CVE-2025-25257)
Researchers, CISA confirm active exploitation of critical Citrix Netscaler flaw | Cybersecurity Dive
Google finds custom backdoor being installed on SonicWall network devices - Ars Technica
Hackers Can Remotely Trigger the Brakes on American Trains and the Problem Has Been Ignored for Years