In this sponsored Soap Box edition of the Risky Business podcast Patrick Gray chats with Dropzone AI founder Ed Wu about the role of LLMs in the SOC.

The debate about whether AI agents are going to wind up in the SOC is over, they’ve already arrived. But what are they good for? What are they NOT good for? And where else will we see AI popping up in security?

This episode is also available on Youtube.

On this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news:

• Cyber firms agree to deconflict and cross-reference hacker group names
• Russian nuclear facility blueprints gathered from public procurement websites
• Someone audio deepfaked the White House Chief of Staff, but for the dumbest reasons
• Germany identifies the Trickbot kingpin
• Google spots China’s MSS using Calendar events for malware C2
• Meta apps abuse localhost listeners to track web sessions.

This week’s episode is sponsored by automation vendor Tines. Its Field CISO, Matt Muller, joins the show to discuss an open letter penned by JP Morgan Chase’s CISO that pleads with Software as a Service suppliers to try to suck less at security.

This episode is also available on Youtube.

• 'Forest Blizzard' vs 'Fancy Bear' - cyber companies hope to untangle weird hacker nicknames | Reuters
• Ukraine's Massive Drone Attack Was Powered by Open Source Software
• Massive security breach: Russian nuclear facilities exposed online
• How a Spyware App Compromised Assad’s Army - New Lines Magazine
• Exclusive | Federal Authorities Probe Effort to Impersonate White House Chief of Staff Susie Wiles - WSJ
• Malaysian home minister’s WhatsApp hacked, used to scam contacts | The Record from Recorded Future News
• U.S. Sanctions Cloud Provider ‘Funnull’ as Top Source of ‘Pig Butchering’ Scams – Krebs on Security
• Top counter antivirus service disrupted in global takedown | CyberScoop
• Cops in Germany Claim They’ve ID’d the Mysterious Trickbot Ransomware Kingpin | WIRED
• Australian ransomware victims now must tell the government if they pay up | The Record from Recorded Future News
• Google: China-backed hackers hiding malware in calendar events | Cybersecurity Dive
• Coinbase breach linked to customer data leak in India, sources say | Reuters
• US military IT specialist arrested for allegedly trying to leak secrets to foreign government | The Record from Recorded Future News
• NSO appeals WhatsApp decision, says it can’t pay $168 million in ‘unlawful’ damages | The Record from Recorded Future News
• ConnectWise says nation-state attack targeted multiple ScreenConnect customers | The Record from Recorded Future News
• Google Online Security Blog: Sustaining Digital Certificate Security - Upcoming Changes to the Chrome Root Store
• Meta and Yandex are de-anonymizing Android users’ web browsing identifiers - Ars Technica
• An Open Letter to Third-Party Suppliers

On this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news:

• TeleMessage memory dumps show up on DDoSecrets
• Coinbase contractor bribed to hand over user data
• Telegram does seem to be actually cooperating with law enforcement
• Britain’s legal aid service gets 15 years worth of applicant data stolen
• Shocking no one, Ivanti were weaseling when they blamed latest bugs on a third party library

This week’s episode is sponsored by Prowler, who make an open source cloud security tool. Founder and original project developer Toni de la Fuente joins to talk through the flexibility that open tooling brings. Prowler is also adding support for SaaS platforms like M365, and of course, an AI assistant to help you write checks!

This episode is also available on Youtube.

• TeleMessage - Distributed Denial of Secrets
• How the Signal Knockoff App TeleMessage Got Hacked in 20 Minutes | WIRED
• Coinbase says thieves stole user data and tried to extort $20M
• Hack could cost Coinbase up to $400M: filing | Cybersecurity Dive
• Severed Fingers and ‘Wrench Attacks’ Rattle the Crypto Elite
• Money Stuff: US Debt Rates Itself | NewsletterHunt
• 2 massive black market services blocked by Telegram, messaging app says | Reuters
• Telegram Gave Authorities Data on More than 20,000 Users
• GovDelivery, an email alert system used by governments, abused to send scam messages | TechCrunch
• ATO warning as hackers steal $14,000 in tax returns: ‘Be wary’
• Hack of SEC social media account earns 14-month prison sentence for Alabama man | The Record from Recorded Future News
• 19-year-old accused of largest child data breach in U.S. agrees to plead guilty
• Beach mansion, Benz and Bitcoin worth $4.5m seized from League of Legends hacker Shane Stephen Duffy | 7NEWS
• Pegasus spyware maker rebuffed in efforts to get off trade blacklist - The Washington Post
• Ransomware attack hits supplier of refrigerated groceries to British supermarkets | The Record from Recorded Future News
• UK government confirms massive data breach following hack of Legal Aid Agency | The Record from Recorded Future News
• Ivanti Endpoint Mobile Manager customers exploited via chained vulnerabilities | Cybersecurity Dive
• Expression Payloads Meet Mayhem - Ivanti EPMM Unauth RCE Chain (CVE-2025-4427 and CVE-2025-4428)

In this wholly sponsored Soap Box edition of the show, Patrick Gray chats with Adam Bateman and Luke Jennings from Push Security.

Push has built an identity security platform that collects identity information from your users’ browsers. It can detect phish kits and stop them, protect SSO passwords, and even find every single shadow/personal account that a user has spun up.

We think about phishing as protecting your users’ SSO details. But what about all the SaaS they’re using? What about the automation platforms your developers and admins use? What about data platforms like Snowflake? Are they using MFA? How would you know?

This is a fun one!

This episode is also available on Youtube.

On this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news:

• Struggling to find that pesky passwords.xlsx in Sharepoint? Copilot has your back!
• The ransomware ecosystem is finding life a bit tough lately
• SAP Netweaver bug being used by Chinese APT crew
• Academics keep just keep finding CPU side-channel attacks
• And of course… bugs! Asus, Ivanti, Fortinet… and a Nissan LEAF?

This week’s episode is sponsored by Resourcely, who will soothe your Terraform pains. Founder and CEO Tracis McPeak joins to talk about how to get from a very red dashboard full of cloud problems to a workable future.

This episode is also available on Youtube.

• Exploiting Copilot AI for SharePoint | Pen Test Partners
• MrBruh's Epic Blog
• Ransomware group Lockbit appears to have been hacked, analysts say | Reuters
• "CONTI LEAK: Video they tried to bury! 6+ Conti members on a private jet. TARGET’s birthday — $10M bounty on his head. Filmed by TARGET himself. Original erased — we kept a copy."
• Mysterious hackers who targeted Marks and Spencer's computer systems hint at political allegiance as they warn other tech criminals not to attack former Soviet states
• The organizational structure of ransomware groups is evolving rapidly.
• SAP NetWeaver exploitation enters second wave of threat activity
• China-Nexus Nation State Actors Exploit SAP NetWeaver (CVE-2025-31324) to Target Critical Infrastructures
• DOGE software engineer’s computer infected by info-stealing malware
• Hackers hijack Japanese financial accounts to conduct nearly $2 billion in trades
• FBI and Dutch police seize and shut down botnet of hacked routers
• Poland arrests four in global DDoS-for-hire takedown
• School districts hit with extortion attempts after PowerSchool breach
• EU launches vulnerability database to tackle cybersecurity threats
• Training Solo - vusec
• Branch Privilege Injection: Exploiting Branch Predictor Race Conditions – Computer Security Group
• Remote Exploitation of Nissan Leaf: Controlling Critical Body Elements from the Internet
• PSIRT | FortiGuard Labs
• EPMM Security Update | Ivanti

In this edition of the Wide World of Cyber podcast Patrick Gray talks to SentinelOne’s Steve Stone and Alex Stamos about how foreign adversaries are targeting security vendors, including them.

From North Korean IT workers to Chinese supply chain attacks, SentinelOne and its competitors are constantly fending off sophisticated hacking campaigns.

This edition of the Wide World of Cyber was recorded in front of a live audience in San Francisco, with Patrick attending via Zoom.

The Wide World of Cyber podcast series is a wholly sponsored co-production between SentinelOne and Risky Business Media.

This episode is also available on Youtube.