On this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news, including: * Apple ruins exploit developers’ week with fresh memory corruption mitigations * Feross Aboukhadijeh drops by to talk about the big, dumb npm supply chain attack * Salesloft says its GitHub was the initial entry point for its compromise * Sitecore says people should "patch" its using-the-keymat-from-the-documentation "zero day" * Rogue certs for 1.1.1.1 appear to be just (stupid) testing * Jaguar Land Rover ransomware attackers are courting trouble This week's episode is sponsored by open source cloud security tool, Prowler. Founder Toni de la Fuente joins to discuss their new support for Microsoft 365. Time to point Prowler at your OneDrive and Sharepoint! Show Notes: Blog - Memory Integrity Enforcement: A complete vision for memory safety in Apple devices - Apple Security Research https://security.apple.com/blog/memory-integrity-enforcement/ Venezuela's president thinks American spies can't hack Huawei phones | TechCrunch https://techcrunch.com/2025/09/03/venezuelas-president-thinks-american-spies-cant-hack-huawei-phones/ 18 Popular Code Packages Hacked, Rigged to Steal Crypto – Krebs on Security https://krebsonsecurity.com/2025/09/18-popular-code-packages-hacked-rigged-to-steal-crypto/ Software packages with more than 2 billion weekly downloads hit in supply-chain attack - Ars Technica https://arstechnica.com/security/2025/09/software-packages-with-more-than-2-billion-weekly-downloads-hit-in-supply-chain-attack/ Salesloft platform integration restored after probe reveals monthslong GitHub account compromise | Cybersecurity Dive https://www.cybersecuritydive.com/news/salesloft-drift-restored-probe-github/759506/ CISA orders federal agencies to patch Sitecore zero-day following hacking reports | The Record from Recorded Future News https://therecord.media/cisa-orders-patch-for-sitecore-zero-day SAP warns of high-severity vulnerabilities in multiple products - Ars Technica https://arstechnica.com/security/2025/09/as-hackers-exploit-one-high-severity-sap-flaw-company-warns-of-3-more/ The number of mis-issued 1.1.1.1 certificates grows. Here’s the latest. - Ars Technica https://arstechnica.com/information-technology/2025/09/the-number-of-mis-issued-1-1-1-1-certificates-grows-heres-the-latest/ Cyberattack on Jaguar Land Rover threatens to hit British economic growth | The Record from Recorded Future News https://therecord.media/cyberattack-jaguar-land-rover-economic-growth-uk-government Cyberattack forces Jaguar Land Rover to tell staff to stay at home | The Record from Recorded Future News https://therecord.media/jaguar-land-rover-cyberattack-workers-stay-home Bridgestone Americas continues probe as it looks to restore operations | Cybersecurity Dive https://www.cybersecuritydive.com/news/bridgestone-americas--probe-restore-operations/759577/ Qantas penalizes executives for July cyberattack | The Record from Recorded Future News https://therecord.media/qantas-airline-reduces-bonuses-executives-data-breach Cyber Command, NSA to remain under single leader as officials shelve plan to end 'dual hat' | The Record from Recorded Future News https://therecord.media/cyber-command-nsa-dual-hat-single-leader-trump-administration GOP Cries Censorship Over Spam Filters That Work – Krebs on Security https://krebsonsecurity.com/2025/09/gop-cries-censorship-over-spam-filters-that-work/ Risky Bulletin: APT report? No, just a phishing test! - Risky Business Media https://risky.biz/risky-bulletin-apt-report-no-just-a-phishing-test/ Post by @patrick.risky.biz — Bluesky https://bsky.app/prof ile/patrick.risky.biz/post/3lygvoef6es22

Srsly Risky Biz: Open weight models make the Mythos debate moot
494 views

Risky Business (843): Fortibleed is kinda awesome, actually
751 views

Pitching security startups to VCs in the AI era
203 views

Between Two Nerds: The PRC vs AI
342 views

Srsly Risky Biz: Anthropic has artificial, but not emotional, intelligence
460 views

Risky Business Weekly (842): Anthropic needs an adult in the C suite
1.2K views