On this week’s show Patrick Gray and Adam Boileau are joined by special guest Chris Krebs to discuss the week’s cybersecurity news. They talk through: * Israeli "hacktivists" take out an Iranian state-owned bank * Scattered-spider and friends pivot into attacking insurers * Securing identities in a cloud-first world keeps us awake at night * Microsoft takes the "aas" out of SaaS for Europe, leaving us with just software! * An AI prompt injection into M365 exfils corporate data This week's episode is sponsored by Kroll's Cyber practice. Kroll Cyber Associate Managing Director George Glass is based in London and talks through his experiences helping organisations in the UK deal with the Scattered Spider attacks. Show Notes: Iran’s Bank Sepah disrupted by cyberattack claimed by pro-Israel hacktivist group | CyberScoop https://cyberscoop.com/iran-bank-sepah-cyberattack/. Iran orders officials to ditch connected devices https://www.politico.eu/article/iran-orders-officials-to-ditch-connected-devices/ Heightened Cyberthreat Amidst Israel-Iran Conflict https://www.radware.com/getattachment/072a3d01-ad06-4070-99bc-1162d7d05906/Threat-Alert-Heightened-Cyberthreat-Amidst-Israel-Iran-Conflict.pdf.aspx Threat group linked to UK, US retail attacks now targeting insurance industry | Cybersecurity Dive https://www.cybersecuritydive.com/news/threat-group-linked-to-uk-us-retail-attacks-now-targeting-insurance-indust/750870/ Coming to Apple OSes: A seamless, secure way to import and export passkeys - Ars Technica https://arstechnica.com/security/2025/06/apple-previews-new-import-export-feature-to-make-passkeys-more-interoperable/ Cyberattack on Washington Post Compromises Email Accounts of Journalists https://www.wsj.com/tech/cybersecurity/cyberattack-on-washington-post-compromises-email-accounts-of-journalists-70bf1300 Hackers impersonating US government compromise email account of prominent Russia researcher | The Record from Recorded Future News https://therecord.media/keir-giles-russia-researcher-email-hacked A good one to talk to Chris about: https://blogs.microsoft.com/blog/2025/06/16/announcing-comprehensive-sovereign-solutions-empowering-european-organizations/ Breaking down ‘EchoLeak’, the First Zero-Click AI Vulnerability Enabling Data Exfiltration from Microsoft 365 Copilot https://www.aim.security/lp/aim-labs-echoleak-blogpost CISA warns of supply chain risks as ransomware attacks exploit SimpleHelp flaws | Cybersecurity Dive https://www.cybersecuritydive.com/news/simplehelp-vulnerabilities-cisa-warning/750676/ Whole Foods supplier making progress on restoration after cyberattack left shelves empty | The Record from Recorded Future News https://therecord.media/unfi-groceries-supplier-cyberattack-update Ransomware attack on ticketing platform upends South Korean entertainment industry | The Record from Recorded Future News https://therecord.media/yes24-south-korea-ransomware-attack Advisory: Cybersecurity incident https://www.westjet.com/en-ca/news/2025/advisory--cybersecurity-incident-

Srsly Risky Biz: Open weight models make the Mythos debate moot
494 views

Risky Business (843): Fortibleed is kinda awesome, actually
751 views

Pitching security startups to VCs in the AI era
203 views

Between Two Nerds: The PRC vs AI
342 views

Srsly Risky Biz: Anthropic has artificial, but not emotional, intelligence
460 views

Risky Business Weekly (842): Anthropic needs an adult in the C suite
1.2K views