惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

F
Full Disclosure
Recorded Future
Recorded Future
T
Tenable Blog
S
Securelist
C
CERT Recently Published Vulnerability Notes
T
Threatpost
S
Schneier on Security
A
Arctic Wolf
The Hacker News
The Hacker News
C
CXSECURITY Database RSS Feed - CXSecurity.com
Know Your Adversary
Know Your Adversary
P
Privacy International News Feed
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
The Register - Security
The Register - Security
Cisco Talos Blog
Cisco Talos Blog
AWS News Blog
AWS News Blog
K
Kaspersky official blog
T
True Tiger Recordings
T
Threat Research - Cisco Blogs
V
Vulnerabilities – Threatpost
P
Palo Alto Networks Blog
T
The Exploit Database - CXSecurity.com
小众软件
小众软件
B
Blog
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
Microsoft Azure Blog
Microsoft Azure Blog
Cyberwarzone
Cyberwarzone
C
Cybersecurity and Infrastructure Security Agency CISA
T
Tor Project blog
Spread Privacy
Spread Privacy
Malwarebytes
Malwarebytes
P
Proofpoint News Feed
F
Fox-IT International blog
F
Fortinet All Blogs
P
Privacy & Cybersecurity Law Blog
G
GRAHAM CLULEY
量子位
Latest news
Latest news
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
博客园 - 叶小钗
Project Zero
Project Zero
T
Tailwind CSS Blog
N
Netflix TechBlog - Medium
Martin Fowler
Martin Fowler
IntelliJ IDEA : IntelliJ IDEA – the Leading IDE for Professional Development in Java and Kotlin | The JetBrains Blog
IntelliJ IDEA : IntelliJ IDEA – the Leading IDE for Professional Development in Java and Kotlin | The JetBrains Blog
I
Intezer
博客园_首页
腾讯CDC
H
Hackread – Cybersecurity News, Data Breaches, AI and More
D
Darknet – Hacking Tools, Hacker News & Cyber Security

Risky Business

Risky Business #838 -- GitHub investigates possible breach Soap Box: Where does AI fit into cloud security? Risky Business #837 -- GitHub Actions footgun claims TanStack Risky Business #836 -- You can't patch the bugpocalypse Snake Oilers: Ent AI, Spacewalk and Mondoo Risky Business #835 -- Why the Fast16 malware is badass Risky Business #834 -- Vercel gets owned, Mozilla dumps hundreds of Mythos bugs Risky Business #833 -- The Great Mythos Freakout of 2026 Snake Oilers: Burp AI, Sondera and Truffle Security Risky Business #832 -- Anthropic unveils magical 0day computer God How the World Got Owned Episode 2: The 1990s, Part One Risky Business #831 -- The AI bugpocalypse begins Soap Box: Red teaming AI systems with SpecterOps Risky Business #830 -- LiteLLM and security scanner supply chains compromised Risky Business #829 -- Sneaky lobsters: Why AI is the new insider threat Risky Biz Soap Box: It took a decade, but allowlisting is cool again Risky Business #828 -- The Coruna exploits are truly exquisite Risky Business #827 -- Iranian cyber threat actors are down but not out Risky Business #826 -- A week of AI mishaps and skulduggery Risky Biz Soap Box: The lethal trifecta of AI risks Risky Business #825 -- Palo Alto Networks blames it on the boogie Risky Business #824 -- Microsoft's Secure Future is looking a bit wobbly Risky Business #823 -- Humans impersonate clawdbots impersonating humans Risky Business #822 -- France will ditch American tech over security risks Risky Business #821 -- Wiz researchers could have owned every AWS customer Risky Business #820 -- Asian fraud kingpin will face Chinese justice (pew pew!) How the World Got Owned Episode 1: The 1980s Risky Business #819 -- Venezuela (credibly?!) blames USA for wiper attack Risky Biz Soap Box: Graph the planet! Risky Business #818 -- React2Shell is a fun one Risky Business #817 -- Less carnage than your usual Thanksgiving Risky Business #816 -- Copilot Actions for Windows is extremely dicey Risky Biz Soap Box: Greynoise knows when bad bugs are coming Risky Business #815 -- Anthropic's AI APT report is a big deal Risky Business #814 -- It's a bad time to be a scam compound operator Risky Business #813 -- FFmpeg has a point Risky Business #812 -- Alleged Trenchant exploit mole is ex-ASD Risky Business #811 -- F5 is the tip of the crap software iceberg Wide World of Cyber: A deep dive on the F5 hack Risky Biz Soap Box: Why Mastercard is scaling its cybersecurity business Risky Business #810 -- Data extortion attacks have a silver lining Snake Oilers: Realm Security, Horizon3 and Persona Risky Business #809 -- Hackers try to pay a journalist for access to the BBC Risky Business #808 -- Insane megabug in Entra left all tenants exposed Risky Business #807 -- Shai-Hulud npm worm wreaks old-school havoc Risky Biz Soap Box: runZero shakes up vulnerability management Risky Business #806 -- Apple's Memory Integrity Enforcement is a big deal Snake Oilers: Nebulock, Vali Cyber and Cape Risky Business #805 -- On the Salesloft Drift breach and "OAuth soup" Risky Business #804 -- Phrack's DPRK hacker is probably a Chinese APT guy Wide World of Cyber: Microsoft's China Entanglement Risky Business #803 -- Oracle's CSO Mary Ann Davidson quietly departs Risky Biz Soap Box: How to measure vulnerability reachability Risky Business #802 -- Accessing internal Microsoft apps with your Hotmail creds Risky Business #801 -- AI models can hack well now and it's weirding us out Soap Box: Why AI can't fix bad security products Risky Business #800 — The SharePoint bug may have leaked from Microsoft MAPP Risky Biz Soap Box: Prowler, the open cloud security platform Risky Business #798 -- Mexican cartel surveilled the FBI to identify, kill witnesses Risky Business #797 -- Stuxnet vs Massive Ordnance Penetrators Risky Business #796 -- With special guest co-host Chris Krebs Soap Box: AI has entered the SOC, and it ain't going anywhere Risky Business #795 -- How The Com is hacking Salesforce tenants Risky Business #794 -- Psychic Panda outgunned by Fluffy Lizard and UNC56728242 Risky Business #793 -- Scattered Spider is hijacking MX records Risky Business #792 -- Beware, Coinbase users. Crypto thieves are taking fingers now Risky Biz Soap Box: Push Security's browser-first twist on identity security Risky Business #791 -- Woof! Copilot for Sharepoint coughs up creds and keys Wide World of Cyber: How state adversaries attack security vendors Risky Business #790 -- Bye bye Signal-gate, hello TeleMessage-gate BONUS INTERVIEW: Senator Mark Warner on Signalgate, Volt Typhoon and tariffs Risky Business #789 -- Apple's AirPlay vulns are surprisingly awful Snake Oilers: LimaCharlie, Honeywell Cyber Insights, CobaltStrike and Outflank Snake Oilers: Pangea, Cosive and Sysdig Risky Business #788 -- Trump targets Chris Krebs, SentinelOne Wide World of Cyber: How the Trump admin is changing the cybersecurity landscape Risky Business #787 -- Trump fires NSA director, CISA cuts inbound Risky Business #786 -- Oracle is lying Soap Box: Knocknoc glues your SSO to your firewalls for Just-in-Time network access Risky Business #785 -- Signal-gate is actually as bad as it looks Risky Business #784 -- GitHub supply chain attack steals secrets from 23k projects Risky Business #783 -- Evil webcam ransomwares entire Windows network Risky Business #782 -- Are the USA and Russia cyber friends now? Risky Business #781 -- How Bybit oopsied $1.4bn Wide World of Cyber: DeepSeek lobs an AI hand grenade Risky Business #780 -- ASD torched Zservers data while admins were drunk Risky Biz Soap Box: Run your own open source IDP with Authentik Risky Business #779 -- DOGE staffer linked to The Com Risky Business #778 -- Musk's child soldiers seize control of FedGov IT systems Risky Business #777 -- It's SonicWall's turn Risky Business #776 -- Trump will flex American cyber muscles Risky Biz Soap Box: Cool compliance tricks with the Island enterprise browser Risky Business #775 -- Cl0p is back, SEC hack disclosures disappoint Wide World of Cyber: SentinelOne's Chris Krebs on Chinese cyber operations Risky Business #774 -- Cleo file transfer appliances under widespread attack Risky Biz Soapbox: Enterprise Yubikeys can now be pre-registered Risky Business #773 -- Cybercriminals are dropping like flies in Russia Risky Business #772 -- Salt Typhoon is truly a national security disaster Risky Business #771 -- Palo Alto's firewall 0days are very, very stupid Risky Business #770 -- A Russian IR guy discovers extremely cool spookware
Risky Business #799 -- Everyone's Sharepoint gets shelled
2025-07-23 · via Risky Business

Risky Business Podcast

July 23, 2025

Presented by

Adam Boileau

Adam Boileau

Co-host at large

Patrick Gray

Patrick Gray

CEO and Publisher

Risky Biz returns after two weeks off, and there sure is cybersecurity news to catch up on. Patrick Gray and Adam Boileau discuss:

  • Microsoft tried to make outsourcing the Pentagon’s cloud maintenance to China okay (it was not)
  • She shells Sharepoint by the sea-shore (by ‘she’ we mean ‘China’)
  • Four (alleged) Scattered Spider members arrested (and bailed) in the UK
  • Hackers spend $2700 to buy creds for a Brazilian payment system, steal $100M
  • Fortinet has SQLI in the auth header, Citrix mem leak is weaponised, HP hardcodes creds and Sonicwalls get user-moderootkits. Just security vendor things!

This week’s episode is sponsored by Airlock Digital. CEO David Cottingham talks through what it takes to build a mature, resilient management platform for a security critical system.

This episode is also available on Youtube.

Risky Business #799 -- Everyone's Sharepoint gets shelled

0:00 / 73:55

Subscribe  

Logo

Show notes

Update on DOD’s cloud services

Microsoft to stop using engineers in China for tech support of US military, Hegseth orders review

A Little-Known Microsoft Program Could Expose the Defense Department to Chinese Hackers

While DOD policy bans unauthorized apps like TikTok from being on employees phones over national security risks

Microsoft Fix Targets Attacks on SharePoint Zero-Day – Krebs on Security

National Guard was hacked by China's 'Salt Typhoon' group, DHS says

Suspected contractor for China’s Hafnium group arrested in in Italy | Cybersecurity Dive

Singapore accuses Chinese state-backed hackers of attacking critical infrastructure networks | The Record from Recorded Future News

UK Arrests Four in ‘Scattered Spider’ Ransom Group – Krebs on Security

Four people bailed after arrests over cyber attacks on M&S, Co-op and Harrods

Brazilian police arrest IT worker over $100 million cyber theft | The Record from Recorded Future News

At Least 750 US Hospitals Faced Disruptions During Last Year’s CrowdStrike Outage, Study Finds | WIRED

Hacker returns cryptocurrency stolen from GMX exchange after $5 million bounty payment | The Record

Indian crypto exchange CoinDCX says $44 million stolen from reserves | The Record

Chainalysis: $2.17 billion in crypto stolen in first half of 2025, driven by North Korean hacks | The Record

PoisonSeed bypassing FIDO keys to ‘fetch’ user accounts

Risky Bulletin: Browser extensions hijacked for web scraping botnet

A Startup is Selling Data Hacked from Peoples’ Computers to Debt Collectors

A surveillance vendor was caught exploiting a new SS7 attack to track people's phone locations | TechCrunch

Ukrainian hackers wipe databases at Russia's Gazprom in major cyberattack, intelligence source says

File transfer company CrushFTP warns of zero-day exploit seen in the wild | The Record

HPE warns of hardcoded passwords in Aruba access points

Pre-Auth SQL Injection to RCE - Fortinet FortiWeb Fabric Connector (CVE-2025-25257)

Researchers, CISA confirm active exploitation of critical Citrix Netscaler flaw | Cybersecurity Dive

Google finds custom backdoor being installed on SonicWall network devices - Ars Technica

Hackers Can Remotely Trigger the Brakes on American Trains and the Problem Has Been Ignored for Years

此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。