On this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news: * Struggling to find that pesky passwords.xlsx in Sharepoint? Copilot has your back! * The ransomware ecosystem is finding life a bit tough lately * SAP Netweaver bug being used by Chinese APT crew * Academics keep just keep finding CPU side-channel attacks * And of course… bugs! Asus, Ivanti, Fortinet… and a Nissan LEAF? This week's episode is sponsored by Resourcely, who will soothe your Terraform pains. Founder and CEO Tracis McPeak joins to talk about how to get from a very red dashboard full of cloud problems to a workable future. Show Notes: Exploiting Copilot AI for SharePoint | Pen Test Partners https://www.pentestpartners.com/security-blog/exploiting-copilot-ai-for-sharepoint/ MrBruh's Epic Blog https://mrbruh.com/asusdriverhub/ Ransomware group Lockbit appears to have been hacked, analysts say | Reuters https://www.reuters.com/technology/ransomware-group-lockbit-appears-have-been-hacked-analysts-say-2025-05-08/ "CONTI LEAK: Video they tried to bury! 6+ Conti members on a private jet. TARGET’s birthday — $10M bounty on his head. Filmed by TARGET himself. Original erased — we kept a copy." https://x.com/GangExposed/status/1919741718338936980 Mysterious hackers who targeted Marks and Spencer's computer systems hint at political allegiance as they warn other tech criminals not to attack former Soviet states https://www.dailymail.co.uk/news/article-14699457/hackers-target-Marks-Spencers-political-allegiance.html The organizational structure of ransomware groups is evolving rapidly. https://www.coveware.com/blog/2025/4/29/the-organizational-structure-of-ransomware-threat-actor-groups-is-evolving-before-our-eyes SAP NetWeaver exploitation enters second wave of threat activity https://www.cybersecuritydive.com/news/sap-netweaver-exploitation-second-wave/747661/ China-Nexus Nation State Actors Exploit SAP NetWeaver (CVE-2025-31324) to Target Critical Infrastructures https://blog.eclecticiq.com/china-nexus-nation-state-actors-exploit-sap-netweaver-cve-2025-31324-to-target-critical-infrastructures DOGE software engineer’s computer infected by info-stealing malware https://arstechnica.com/security/2025/05/doge-software-engineers-computer-infected-by-info-stealing-malware/ Hackers hijack Japanese financial accounts to conduct nearly $2 billion in trades https://therecord.media/hackers-hijack-japan-finance-accounts FBI and Dutch police seize and shut down botnet of hacked routers https://techcrunch.com/2025/05/09/fbi-and-dutch-police-seize-and-shut-down-botnet-of-hacked-routers/ Poland arrests four in global DDoS-for-hire takedown https://therecord.media/poland-arrests-four-ddos-hire School districts hit with extortion attempts after PowerSchool breach https://www.nbcnews.com/tech/security/school-districts-hit-extortion-attempts-powerschool-breach-rcna205429 EU launches vulnerability database to tackle cybersecurity threats https://therecord.media/eu-launches-vulnerability-database Training Solo - vusec https://www.vusec.net/projects/training-solo/ Branch Privilege Injection: Exploiting Branch Predictor Race Conditions – Computer Security Group https://comsec.ethz.ch/research/microarch/branch-privilege-injection/ Remote Exploitation of Nissan Leaf: Controlling Critical Body Elements from the Internet https://i.blackhat.com/Asia-25/Asia-25-Evdokimov-Remote-Exploitation-of-Nissan-Leaf.pdf PSIRT | FortiGuard Labs https://fortiguard.fortinet.com/psirt/FG-IR-25-254 EPMM Security Update | Ivanti https://www.ivanti.com/blog/epmm-security-update

Srsly Risky Biz: Open weight models make the Mythos debate moot
494 views

Risky Business (843): Fortibleed is kinda awesome, actually
751 views

Pitching security startups to VCs in the AI era
203 views

Between Two Nerds: The PRC vs AI
342 views

Srsly Risky Biz: Anthropic has artificial, but not emotional, intelligence
460 views

Risky Business Weekly (842): Anthropic needs an adult in the C suite
1.2K views