Risky Business #791 -- Woof! Copilot for Sharepoint coughs up creds and keys

Risky Business
14/05/2025 57 min

Listen "Risky Business #791 -- Woof! Copilot for Sharepoint coughs up creds and keys"

Descargar episodio Ver en sitio original

Episode Synopsis



On this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news:


Struggling to find that pesky passwords.xlsx in Sharepoint? Copilot has your back!
The ransomware ecosystem is finding life a bit tough lately
SAP Netweaver bug being used by Chinese APT crew
Academics keep just keep finding CPU side-channel attacks
And of course… bugs! Asus, Ivanti, Fortinet… and a Nissan LEAF?


This week’s episode is sponsored by Resourcely, who will soothe your Terraform pains. Founder and CEO Tracis McPeak joins to talk about how to get from a very red dashboard full of cloud problems to a workable future.

This episode is also available on Youtube.



Show notes


Exploiting Copilot AI for SharePoint | Pen Test Partners


MrBruh's Epic Blog


Ransomware group Lockbit appears to have been hacked, analysts say | Reuters


"CONTI LEAK: Video they tried to bury! 6+ Conti members on a private jet. TARGET’s birthday — $10M bounty on his head. Filmed by TARGET himself. Original erased — we kept a copy."


Mysterious hackers who targeted Marks and Spencer's computer systems hint at political allegiance as they warn other tech criminals not to attack former Soviet states


The organizational structure of ransomware groups is evolving rapidly.


SAP NetWeaver exploitation enters second wave of threat activity


China-Nexus Nation State Actors Exploit SAP NetWeaver (CVE-2025-31324) to Target Critical Infrastructures


DOGE software engineer’s computer infected by info-stealing malware


Hackers hijack Japanese financial accounts to conduct nearly $2 billion in trades


FBI and Dutch police seize and shut down botnet of hacked routers


Poland arrests four in global DDoS-for-hire takedown


School districts hit with extortion attempts after PowerSchool breach


EU launches vulnerability database to tackle cybersecurity threats


Training Solo - vusec


Branch Privilege Injection: Exploiting Branch Predictor Race Conditions – Computer Security Group


Remote Exploitation of Nissan Leaf: Controlling Critical Body Elements from the Internet


PSIRT | FortiGuard Labs


EPMM Security Update | Ivanti





More episodes of the podcast Risky Business

Risky Business #812 -- Alleged Trenchant exploit mole is ex-ASD 29/10/2025
Risky Business #811 -- F5 is the tip of the crap software iceberg 22/10/2025
Wide World of Cyber: A deep dive on the F5 hack 21/10/2025
Risky Biz Soap Box: Why Mastercard is scaling its cybersecurity business 17/10/2025
Risky Business #810 -- Data extortion attacks have a silver lining 15/10/2025
Snake Oilers: Realm Security, Horizon3 and Persona 08/10/2025
Risky Business #809 -- Hackers try to pay a journalist for access to the BBC 01/10/2025
Risky Business #808 -- Insane megabug in Entra left all tenants exposed 24/09/2025
Risky Business #807 -- Shai-Hulud npm worm wreaks old-school havoc 17/09/2025
Risky Biz Soap Box: runZero shakes up vulnerability management 15/09/2025
© 2003-2025 ZARZA | AHEAD OF OUR TIME
privacy policy
In God we trust In God we trust
PreSales Questions? Click Here
or call our toll-free line at +1-888-5002068 Miami, Florida, USA