Risky Business #794 -- Psychic Panda outgunned by Fluffy Lizard and UNC56728242

Risky Business
04/06/2025 58 min

Listen "Risky Business #794 -- Psychic Panda outgunned by Fluffy Lizard and UNC56728242"

Descargar episodio Ver en sitio original

Episode Synopsis



On this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news:


Cyber firms agree to deconflict and cross-reference hacker group names
Russian nuclear facility blueprints gathered from public procurement websites
Someone audio deepfaked the White House Chief of Staff, but for the dumbest reasons
Germany identifies the Trickbot kingpin
Google spots China’s MSS using Calendar events for malware C2
Meta apps abuse localhost listeners to track web sessions.


This week’s episode is sponsored by automation vendor Tines. Its Field CISO, Matt Muller, joins the show to discuss an open letter penned by JP Morgan Chase’s CISO that pleads with Software as a Service suppliers to try to suck less at security.

This episode is also available on Youtube.



Show notes


'Forest Blizzard' vs 'Fancy Bear' - cyber companies hope to untangle weird hacker nicknames | Reuters

Ukraine's Massive Drone Attack Was Powered by Open Source Software

Massive security breach: Russian nuclear facilities exposed online

How a Spyware App Compromised Assad’s Army - New Lines Magazine

Exclusive | Federal Authorities Probe Effort to Impersonate White House Chief of Staff Susie Wiles - WSJ

Malaysian home minister’s WhatsApp hacked, used to scam contacts | The Record from Recorded Future News

U.S. Sanctions Cloud Provider ‘Funnull’ as Top Source of ‘Pig Butchering’ Scams – Krebs on Security

Top counter antivirus service disrupted in global takedown | CyberScoop

Cops in Germany Claim They’ve ID’d the Mysterious Trickbot Ransomware Kingpin | WIRED

Australian ransomware victims now must tell the government if they pay up | The Record from Recorded Future News

Google: China-backed hackers hiding malware in calendar events | Cybersecurity Dive

Coinbase breach linked to customer data leak in India, sources say | Reuters

US military IT specialist arrested for allegedly trying to leak secrets to foreign government | The Record from Recorded Future News

NSO appeals WhatsApp decision, says it can’t pay $168 million in ‘unlawful’ damages | The Record from Recorded Future News

ConnectWise says nation-state attack targeted multiple ScreenConnect customers | The Record from Recorded Future News

Google Online Security Blog: Sustaining Digital Certificate Security - Upcoming Changes to the Chrome Root Store

Meta and Yandex are de-anonymizing Android users’ web browsing identifiers - Ars Technica

An Open Letter to Third-Party Suppliers




More episodes of the podcast Risky Business

Risky Business #812 -- Alleged Trenchant exploit mole is ex-ASD 29/10/2025
Risky Business #811 -- F5 is the tip of the crap software iceberg 22/10/2025
Wide World of Cyber: A deep dive on the F5 hack 21/10/2025
Risky Biz Soap Box: Why Mastercard is scaling its cybersecurity business 17/10/2025
Risky Business #810 -- Data extortion attacks have a silver lining 15/10/2025
Snake Oilers: Realm Security, Horizon3 and Persona 08/10/2025
Risky Business #809 -- Hackers try to pay a journalist for access to the BBC 01/10/2025
Risky Business #808 -- Insane megabug in Entra left all tenants exposed 24/09/2025
Risky Business #807 -- Shai-Hulud npm worm wreaks old-school havoc 17/09/2025
Risky Biz Soap Box: runZero shakes up vulnerability management 15/09/2025
© 2003-2025 ZARZA | AHEAD OF OUR TIME
privacy policy
In God we trust In God we trust
PreSales Questions? Click Here
or call our toll-free line at +1-888-5002068 Miami, Florida, USA