惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

The Hacker News
The Hacker News
C
Cisco Blogs
P
Privacy & Cybersecurity Law Blog
Cloudbric
Cloudbric
S
Security Affairs
PCI Perspectives
PCI Perspectives
The Last Watchdog
The Last Watchdog
AWS News Blog
AWS News Blog
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
N
News and Events Feed by Topic
W
WeLiveSecurity
T
Tenable Blog
L
LINUX DO - 最新话题
T
Tor Project blog
Help Net Security
Help Net Security
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
P
Proofpoint News Feed
爱范儿
爱范儿
O
OpenAI News
Hacker News - Newest:
Hacker News - Newest: "LLM"
Y
Y Combinator Blog
I
Intezer
C
Check Point Blog
Stack Overflow Blog
Stack Overflow Blog
Recent Announcements
Recent Announcements
Google DeepMind News
Google DeepMind News
S
Securelist
P
Privacy International News Feed
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
V
Vulnerabilities – Threatpost
Schneier on Security
Schneier on Security
量子位
SecWiki News
SecWiki News
L
Lohrmann on Cybersecurity
T
Threat Research - Cisco Blogs
Recent Commits to openclaw:main
Recent Commits to openclaw:main
M
MIT News - Artificial intelligence
H
Hackread – Cybersecurity News, Data Breaches, AI and More
Scott Helme
Scott Helme
H
Help Net Security
Vercel News
Vercel News
云风的 BLOG
云风的 BLOG
Spread Privacy
Spread Privacy
Know Your Adversary
Know Your Adversary
I
InfoQ
TaoSecurity Blog
TaoSecurity Blog
Blog — PlanetScale
Blog — PlanetScale
N
News | PayPal Newsroom
小众软件
小众软件
C
CERT Recently Published Vulnerability Notes

Risky Business Media

Srsly Risky Biz: Ransomware uses AI to amp up negotiations Fortibleed: The bleeding edge of AI cybercrime Between Two Nerds: Exploits are not cyber power What to do 'til the bugpocalypse gets here Risky Bulletin: NSA Tailored Access Operations is back Sponsored: Why Sublime doesn’t toss AI at every email Srsly Risky Biz: US Supreme Court undermines Section 702 intel Risky Bulletin: DHS IG investigates forced CISA reassignments Soap Box: Using threat hunting to drive detection Between Two Nerds: Why AI has not meant more hacks. Yet. Risky Bulletin: EU official’s phone infected with Pegasus Risky Bulletin: FatFs bugs enable physical access attacks on a load of devices Srsly Risky Biz: America won't beat the distillation ecosystem Risky Bulletin: Researcher drops giant cache of zero-days Risky Business #844 -- China closes AI vulndev gap as USA lifts Fable ban Mythos on your desk? Using local LLMs for code reviews Between Two Nerds: Set cyberspace ablaze Risky Bulletin: White House asks OpenAI to restrict GPT 5.6 Sponsored: Corelight’s blueprint for AI-era defence Risky Bulletin: Operation Endgame dismantles Amadey and StealerC Srsly Risky Biz: Open weight models make the Mythos debate moot Risky Bulletin: FortiBleed hacks involved a lot of traffic sniffing Risky Business #843 -- Fortibleed is kinda awesome, actually Pitching security startups to VCs in the AI era Sponsored: Trail of Bits and OpenAI patch the planet Between Two Nerds: The PRC vs AI Risky Bulletin: Klue breach impacts security firms How using open weight models can blow up in your face Risky Bulletin: Creds for 74,000 Fortinet devices leaked Srsly Risky Biz: Anthropic has artificial, but not emotional, intelligence Risky Bulletin: China arrests Silver Fox cybercrime group suspects Risky Business #842 -- Anthropic needs an adult in the C suite The state of the art in AI model jailbreaks Between Two Nerds: Why NATO and cyber don't mix Risky Bulletin: Arch Linux supply chain attack hits 1,900 packages Sponsored: Ent on using AI to track human behavior on the endpoint Why NPM v12 won’t stop supply chain attacks Risky Bulletin: CISA tightens patching rules amid bug deluge Sponsored: Understanding CI/CD attack paths Srsly Risky Biz: Europe wants to wean itself off US tech Risky Bulletin: Nightmare Eclipse drops fresh 0day Risky Business #841 -- Microsoft gets owned and 0day'd Between Two Nerds: Nerds at NATO Risky Bulletin: RubyGems adds dependency cooldowns to counter supply chain attacks Everything is getting much worse, much faster Soap Box: Detection and response in the AI age Risky Bulletin: EU unveils digital sovereignty plan Srsly Risky Biz: NATO's cyber approach needs to change Risky Bulletin: FSB calls out Western spyware operation Risky Business #840 -- Microsoft walks back researcher threats Solo podcast: A deep dive on TeamPCP Between Two Nerds: The intelligence cult Risky Bulletin: Recently patched PAN 0day exploited in the wild Sponsored: Inside CISA's disastrous secrets leak Risky Bulletin: Dutch police take down 17m device botnet Risky Bulletin: Iran to reconnect to the Internet How to survive supply chain attacks Risky Bulletin: Mythos has found thousands of critical bugs Sponsored: Teaching AI agents the rules of the road Risky Bulletin: Microsoft ends SMS MFA for personal accounts How the CopyFail disclosure went sideways Risky Business #838 -- GitHub investigates possible breach
Risky Business #839 -- TeamPCP stole GitHub's internal repos
James Wilson · 2026-05-27 · via Risky Business Media

Risky Business Podcast

May 27, 2026

Presented by

James Wilson

James Wilson

Technology Editor

Adam Boileau

Adam Boileau

Co-host at large

Patrick Gray

Patrick Gray

CEO and Publisher

On this week’s show Patrick Gray, Adam Boileau and James Wilson discuss the week’s cybersecurity news. They cover:

  • TeamPCP breached GitHub’s internal repos. Now what?
  • Some absolute plonker glued Coruna to a hijacked npm package
  • CISA is worried about about open source and wants third party submissions for KEV
  • AI infrastructure is “systemically” insecure
  • Much, much more

This week’s episode is sponsored by allowlisting vendor Airlock Digital. Airlock’s founders David Cottingham and Daniel Schell join Patrick Gray to talk about Microsoft briefly flagging DigitCert’s root certificate as malware. Fun!

This episode is also available on YouTube

Your browser does not support the audio element.

Risky Business #839 -- TeamPCP stole GitHub's internal repos

0:00 / 60:23

Subscribe  

Logo

Airlock Digital Logo

Brought to you by Airlock Digital

Allowlisting Software - Allowlist Made Simple

Show notes

GitHub confirms being hacked by TeamPCP, says customer data unaffected | therecord.media

Grafana Labs links GitHub environment breach to TanStack npm supply chain attack | Cybersecurity Dive

Coruna Respawned: Compromised art-template npm Package Leads... | Socket

CISA chief frets about open-source vulnerabilities, delayed security improvements | cyberscoop.com

Anthropic: Mythos finds more than 10,000 software flaws in first month | cyberscoop.com

Pardon MIE? | ironPeak Blog

CISA asks cybersecurity community to alert it to vulnerability exploitation | Cybersecurity Dive

Lawmakers Demand Answers as CISA Tries to Contain Data Leak | krebsonsecurity.com

Google publishes exploit code threatening millions of Chromium users | arstechnica.com

Millions of AI agents imperiled by critical vulnerability in open source package | arstechnica.com

Discord migrates all users to end-to-end encryption by default | The Record

Texas AG sues Meta over claims that WhatsApp doesn't provide end-to-end encryption | arstechnica.com

Alleged Kimwolf Botmaster ‘Dort’ Arrested, Charged in U.S. and Canada | krebsonsecurity.com

Iran-linked hackers target key US, allied sectors with sophisticated spear-phishing messages | Cybersecurity Dive

FBI warns about fast-growing phishing kit targeting Microsoft 365 users | cyberscoop.com

Analyzing the rise in device code phishing attacks in 2026 | Push Security

Trump Mobile confirms it exposed customers’ personal data, including phone numbers and home addresses | TechCrunch Security

Kash Patel’s clothing brand website shut down after reports it was hacked | TechCrunch Security

Tulsi Gabbard resigns as US director of national intelligence | Social Signals

When Certificate Trust Fails: The DigiCert Code-Signing Incident and Microsoft Defender False Positive |