In this sponsored soap box edition of the Risky Business podcast Patrick Gray chats with Toni de la Fuente, the founder of Prowler.
Prowler started off as a bunch of scripts in a trenchcoat, then became an open source cloud security tool, and it’s now a venture-funded cloud security business. In th…
On this week’s show, Patrick Gray and James Wilson are joined by special guest The Grugq. They discuss the week’s cybersecurity news, including:
Vercel got owned, and there’s a few infostealer and compromised employee dots to connect
Mozilla used Mythos to find 271 bugs, which feels like a sig…
On this week’s show Patrick Gray, Adam Boileau and James Wilson discuss the week’s cybersecurity news.
They cover:
Mini Shai-Hulud and the TanStack compromise using Github Actions
Instructure pays Canvas elearning platform data extortionists
More Linux privilege escalation 0days!
CISA hel…
On this week’s show, Patrick Gray, Adam Boileau and James Wilson discuss the week’s cybersecurity news. They cover:
Everyone has an opinion about Claude Mythos… even though almost nobody has used it yet
CISA adds a 2009 Excel bug to the KEV list, u wot?
Adobe also parties like it’s the 2000s…
On this week’s show Patrick Gray, Adam Boileau and James Wilson discuss the week’s cybersecurity news.
They cover:
GitHub announced a possible breach
CISA leaks important creds, keys in public repo
Awful vulnerability in Bitlocker renders it useless without a PIN
So. Many. Patches.
Poli…
On this week’s show, Patrick Gray, Adam Boileau and James Wilson discuss the week’s cybersecurity news. They cover:
Anthropic’s new Mythos model hunts bugs and chains exploits together so well that… you cant have it…
…Unless you’re one of their Project Glasswing partners
The world isn’t shor…
In this edition of the Snake Oilers podcast three vendors stop by to pitch the audience on their products:
Burp AI and DAST: The founder of PortSwigger and creator of legendary security software Burp Suite, Dafydd Stuttard, drops by to pitch listeners on Burp AI and Burp Suite DAST.
…
On this week’s show, Patrick Gray and James Wilson are joined by special guest co-host Brad Arkin. They discuss the week’s cybersecurity news, including:
The US Government says we just have to patch faster, but…
Bugs in cPanel, MoveIt and all Linux distributions this week show that patching al…
In this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news. It’s a quiet week with Thanksgiving in the US, but there’s always some cyber to talk about:
Airbus rolls out software updates after a cosmic ray bitflips an A320 into a dive
Krebs tracks down a Scattered L…
In this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news, including:
There’s a CVSS 10/10 remote code exec in the React javascript server. JS server? U wot mate?
China is out popping shells with it
Linux adds support for PCIe bus encryption
Amnesty Internatio…
In this sponsored Soap Box edition of the Risky Business podcast, Patrick Gray chats with Jared Atkinson, CTO of SpecterOps, about BloodHound OpenGraph.
OpenGraph enumerates attack paths across platforms and services, not just your primary directories.
A compromised GitHub account to on-prem AD co…
In the final show of 2025, Patrick Gray and Adam Boileau discuss the week’s cybersecurity news, including:
React2Shell attacks continue, surprising no one
The unholy combination of OAuth consent phishing, social engineering and Azure CLI
Venezuela’s state oil firm gets ransomware’d, blames U…
In this special documentary episode, Patrick Gray and Amberleigh Jack take a historical dive into hacking in the 1980s. Through the words of those that were there, they discuss life on the ARPANET, the 414s hacking group, the Morris Worm, the vibe inside the NSA and a parallel hunt for German hacker…
Risky Business returns for 2026! Patrick Gray and Adam Boileau talk through the week’s cybersecurity news, including:
Santa brings hackers MongoDB memory leaks for Christmas
Vercel pays out a million bucks to improve its React2Shell WAF defences
39C3 delivers; the pink Power Ranger deletes n…
In this week’s show, Patrick Gray and Adam Boileau discuss the week’s cybersecurity news, joined by a special guest. BBC World Cyber Correspondent Joe Tidy is a long time listener and he pops in for a ride-along in the news segment plus a chat about his new book.
This week news includes:
Did the…
In this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news. They discuss:
La France is tres sérieux about ditching US productivity software
China’s Salt Typhoon was snooping on Downing Street
Trump wields the mighty DISCOMBOBULATOR
ESET says the Polish power gr…
Patrick Gray and Adam Boileau are joined by the newest guy on the Risky Business Media team, James WIlson. They discuss the week’s cybersecurity news, including:
Notepad++ update supply chain attack has been attributed to China
The AI agent future is even more stupid than expected; behold the …
On this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news, including:
Microsoft reshuffles security leadership. It doesn’t spark joy.
Russia is hacking the Winter Olympics. Again. But y tho?
China-linked groups are keeping busy, hacking telcos in Norway, Singapo…
On this week’s show, Patrick Gray, Adam Boileau and James WIlson discuss the week’s cybersecurity news. They cover:
Palo Alto threat researchers want to attribute to China, but management says shush
An increasing proportion of ransomware is data extortion. Is this good?
Cambodia says it’s go…
There’s a lethal trifecta of AI risks: access to private data, exposure to untrusted content, and external communication. In this conversation, Risky Business host Patrick Gray chats with Josh Devon, the co-founder of Sondera, about how to best address these risks.
There is no magic solution to thi…
On this week’s show, Patrick Gray, Adam Boileau and James WIlson discuss the week’s cybersecurity news. They cover:
Low skill actors compromise 600 Fortinets with AI-generated playbooks
Anthropic calls out Chinese AI firms over model distillation
Meta’s director of AI safety tells her ClawdB…
On this week’s show, Patrick Gray, Adam Boileau and James WIlson discuss the week’s cybersecurity news. They cover:
The US-Israeli attack on Iran had a whole lot of cyber. It’s clearly in the playbook now!
The NSA Triangulation / L3 Harris Trenchant iOS exploit kit is on the loose, and being u…
On this week’s show, Patrick Gray, Adam Boileau and James WIlson discuss the week’s cybersecurity news. They cover:
The Coruna exploits were L3 Harris, but it seems Triangulation… was not!
Iran’s cyber HQ hit by Israeli (kinetic) strikes
Trump’s cyber “strategy” is … well, all we’ve got is j…
In this Soap Box edition of the Risky Business podcast Patrick Gray sits down with Airlock Digital co-founders Daniel Schell and David Cottingham to talk about the role AI models could play in managing enterprise allowlists.
They also talk about the durability of allowlisting as a control. After 12…
On this week’s show, Patrick Gray, Adam Boileau and James WIlson discuss the week’s cybersecurity news. They discuss:
Iran’s Intune-based wiper attack on medical device maker Stryker
Qihoo 360’s AI publishes its own wildcard TLS cert private key
Instagram is canning its end-to-end encrypted …
On this week’s show, Patrick Gray, Adam Boileau and James WIlson discuss the week’s cybersecurity news. They talk through:
TeamPCP’s supply chain attack on Github, and they threw in an anti-Iran wiper, because why not?!
Anthropic hooks up its models to just… use your whole computer
After Str…
In this sponsored Soap Box edition of the show, Patrick Gray and James Wilson talk about red teaming AI systems with Russel Van Tuyl, Vice President of Services at elite penetration testing firm SpecterOps.
SpecterOps is the company behind attack path enumeration tool Bloodhound and Bloodhound Ente…
On this week’s show, Patrick Gray, Adam Boileau and James Wilson discuss the week’s cybersecurity news. They cover:
Those pesky North Koreans shim a backdoor into a 100M-downloads-a-week npm package
TeamPCP appear to have ransacked Cisco’s source and cloud environments
AI is getting legitima…
In this special documentary episode, Patrick Gray and Amberleigh Jack take a look back at hacking throughout the 1990s, from the feel-good vibes of the early hacking communities to the antics of young hackers who wound up on the run from the FBI.
Part one features recollections from:
Jeff Moss …
In this edition of the Snake Oilers podcast three vendors stop by to pitch the audience on their products:
Ent AI: Co-founder Brandon Dixon pitched Ent, an intent-aware, AI-powered endpoint security control.
Spacewalk AI: Founders Chris Fuller and Tim Wenzlau pitch Spacewalk, an A…
On this week’s show, Patrick Gray and James Wilson are joined by special guest-host Dmitri Alperovitch. They discuss the week’s cybersecurity news, including:
The US government is mad as hell about Chinese firms stealing American AI technology
Dmitri has an opinion or two about the US selling …