In this podcast, Patrick Gray chats with SentinelOne’s Chris Krebs and Alex Stamos about the huge changes afoot in the United States government and what they mean for the threat environment. From the director of NSA being fired to massive job cuts at CISA and huge foreign policy shifts, tomorrow’s threat environment is going to be very different to today’s. Tune in to hear analysis from two of the best in the business!

This episode is also available on Youtube.

In this edition of Snake Oilers three vendors pitch host Patrick Gray on their tech:

• Pangea: Guardrails and security for AI agents and applications (https://pangea.cloud)

Worried about your AI apps going rogue, being mean to your customers or even disclosing sensitive information? Pangea exists to address these risks. Fascinating stuff.

• Cosive: A threat intelligence company that can host your MISP server in AWS. CloudMISP! (https://www.cosive.com/capabilities/cloud-misp)

Are you running a MISP server on some old hardware under a desk in your SOC? There’s a better way! Cosive can run it for you on AWS so you can just use it instead of wrestling with maintaining it. They also do some CTI consulting to help you get better use out of MISP.

• Sysdig: A Linux runtime security platform (https://sysdig.com/)

The modern Windows network is an all-singing, all-dancing, perfectly orchestrated, EDR-protected ballet. The modern Linux production environment… isn’t. Find out how Sysdig can help you get some visibility and control over your Linux fleet.

This episode is also available on Youtube.

On this week’s show Patrick Gray talks to former NSA Cybersecurity Director Rob Joyce about Donald Trump’s unprecedented, unwarranted and completely bonkers political persecution of Chris Krebs and his employer SentinelOne.

They also talk through the week’s cybersecurity news, covering:

• Mitre’s stewardship of the CVE database gets its funding DOGE’d
• The US signs on to the Pall Mall anti-spyware agreement
• China tries to play the nationstate cyber-attribution game, but comedically badly
• Hackers run their malware inside the Windows sandbox, for security against EDR

This week’s episode is sponsored by open source identity provider Authentik. CEO Fletcher Heisler joins to talk through the increasing sprawl of the identity ecosystem.

This episode is also available on Youtube.

• Cybersecurity industry falls silent as Trump turns ire on SentinelOne | Reuters
• U.S. cyber defenders shaken by Trump's attack on their former boss
• Trump Revenge Tour Targets Cyber Leaders, Elections – Krebs on Security
• Wyden to block Trump's CISA nominee until agency releases report on telecoms’ ‘negligent cybersecurity’ | The Record from Recorded Future News
• Gabbard sets up DOGE-style team to cut costs, uncover intel ‘weaponization’
• MITRE Warns CVE Program Faces Disruption Amid US Funding Uncertainty
• US to sign Pall Mall pact aimed at countering spyware abuses | The Record from Recorded Future News
• Court document reveals locations of WhatsApp victims targeted by NSO spyware | TechCrunch
• Spyware Maker NSO Group Is Paving a Path Back Into Trump’s America | WIRED
• NCSC shares technical details of spyware targeting Uyghur, Tibetan and Taiwanese groups | The Record from Recorded Future News
• Risky Bulletin: Chinese APT abuses Windows Sandbox to go invisible on infected hosts
• China escalates cyber fight with U.S., names alleged NSA hackers
• Researcher uncovers dozens of sketchy Chrome extensions with 4 million installs - Ars Technica
• China-based SMS Phishing Triad Pivots to Banks – Krebs on Security
• Risky Bulletin: CA/B Forum approves 47-days TLS certs
• Ransomware in het mkb: Cybercriminelen verhogen losgeld bij cyberverzekering
• 4chan Is Down Following What Looks to Be a Major Hack Spurred By Meme War

In this Soap Box edition of Risky Business host Patrick Gray talks to Knocknoc CEO Adam Pointon about how to easily rein in attack surface by glueing your single sign-on service to your network controls.

Do your Palo Alto and Fortinet devices really need to be discoverable by ransomware crews? Does your file transfer appliance need to be open to the whole world? What about your SSH and RDP? Your Citrix? Your (gasp) Exchange Online servers??

You can do a lot with IP allowlisting and simple Identity Aware Proxies (IAPs) to minimise your exposure.

Knocknoc is a bit of a “Risky Business special”, too. Pat helped Knocknoc to raise a seed round through Decibel Partners where he’s a founder advisor. He also serves on Knocknoc’s board of directors.

This episode is also available on Youtube.

On this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news:

• Yes, the Trump admin really did just add a journo to their Yemen-attack-planning Signal group
• The Github actions hack is smaller than we thought, but was targeting crypto
• Remote code exec in Kubernetes, ouch
• Oracle denies its cloud got owned, but that sure does look like customer keymat
• Taiwanese hardware maker Clevo packs its private keys into bios update zip
• US Treasury un-sanctions Tornado Cash, party time in Pyongyang?

This week’s episode is sponsored by runZero. Long time hackerman HD Moore joins to talk about how network vulnerability scanning has atrophied, and what he’s doing to bring it back en vogue. Do you miss early 2000s Nessus? HD knows it, he’s got you fam.

This episode is also available on Youtube.

• The Trump Administration Accidentally Texted Me Its War Plans - The Atlantic
• Using Starlink Wi-Fi in the White House Is a Slippery Slope for US Federal IT | WIRED
• Coinbase Initially Targeted in GitHub Actions Supply Chain Attack; 218 Repositories' CI/CD Secrets Exposed
• GitHub Actions Supply Chain Attack: A Targeted Attack on Coinbase Expanded to the Widespread tj-actions/changed-files Incident: Threat Assessment (Updated 3/21)
• Critical vulnerabilities put Kubernetes environments in jeopardy | Cybersecurity Dive
• Researchers back claim of Oracle Cloud breach despite company’s denials | Cybersecurity Dive
• The Biggest Supply Chain Hack Of 2025: 6M Records Exfiltrated from Oracle Cloud affecting over 140k Tenants | CloudSEK
• Capital One hacker Paige Thompson got too light a sentence, appeals court rules | CyberScoop
• US scraps sanctions on Tornado Cash, crypto ‘mixer’ accused of laundering North Korea money | Reuters
• Tornado Cash Delisting | U.S. Department of the Treasury
• Major web services go dark in Russia amid reported Cloudflare block | The Record from Recorded Future News
• Clevo Boot Guard Keys Leaked in Update Package
• Six additional countries identified as suspected Paragon spyware customers | CyberScoop
• The Citizen Lab’s director dissects spyware and the ‘proliferating’ market for it | The Record from Recorded Future News
• Malaysia PM says country rejected $10 million ransom demand after airport outages | The Record from Recorded Future News
• Hacker defaces NYU website, exposing admissions data on 1 million students | The Record from Recorded Future News
• Notre Dame uni students say outage creating enrolment, graduation, assignment mayhem - ABC News
• DNA of 15 Million People for Sale in 23andMe Bankruptcy