In this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news. They discuss: * La France is tres sérieux about ditching US productivity software * China's Salt Typhoon was snooping on Downing Street * Trump wields the mighty DISCOMBOBULATOR * ESET says the Polish power grid wiper was Russia's GRU Sandworm crew * US cyber institutions CISA and NIST are struggling * Voice phishing for MFA bypass is getting even more polished This episode is sponsored by Sublime Security. Brian Baskin is one of the team behind Sublime's 2026 Email Threat Research report. He joins to talk through what they see of attackers' use of AI, as well as the other trends of the year. Show Notes: France to ditch US platforms Microsoft Teams, Zoom for ‘sovereign platform’ amid security concerns | Euronews https://www.euronews.com/next/2026/01/27/france-to-ditch-us-platforms-microsoft-teams-zoom-for-sovereign-platform-amid-security-con Suite Numérique plan - Google Search https://www.google.com/search?q=Suite+Num%C3%A9rique+plan&rlz=1C5CHFA_enAU857AU857&oq=Suite+Num%C3%A9rique+plan&gs_lcrp=EgZjaHJvbWUyBggAEEUYOTIKCAEQABgKGBYYHjIICAIQABgWGB4yBwgDEAAY7wUyCggEEAAYgAQYogQyCggFEAAYgAQYogQyBwgGEAAY7wUyBwgHEAAY7wXSAQczMDRqMGo3qAIAsAIA&sourceid=chrome&ie=UTF-8 China hacked Downing Street phones for years https://www.telegraph.co.uk/news/2026/01/26/china-hacked-downing-street-phones-for-years Cyberattack Targeting Poland’s Energy Grid Used a Wiper https://www.zetter-zeroday.com/cyberattack-targeting-polands-energy-grid-used-a-wiper/ Trump says U.S. used secret 'discombobulator' on Venezuelan equipment during Maduro raid | PBS News https://www.pbs.org/newshour/nation/trump-says-u-s-used-secret-discombobulator-on-venezuelan-equipment-during-maduro-raid Risky Bulletin: Cyberattack cripples cars across Russia - Risky Business Media https://risky.biz/risky-bulletin-cyberattack-cripples-cars-across-russia/ Lawmakers probe CISA leader over staffing decisions | CyberScoop https://cyberscoop.com/cisa-madhu-gottumukkala-house-homeland-hearing-workforce-staffing-levels/ Trump’s acting cyber chief uploaded sensitive files into a public version of ChatGPT - POLITICO https://www.politico.com/news/2026/01/27/cisa-madhu-gottumukkala-chatgpt-00749361 Acting CISA director failed a polygraph. Career staff are now under investigation. - POLITICO https://www.politico.com/news/2025/12/21/cisa-acting-director-madhu-gottumukkala-polygraph-investigation-00701996 NIST is rethinking its role in analyzing software vulnerabilities | Cybersecurity Dive https://www.cybersecuritydive.com/news/nist-cve-vulnerability-analysis-nvd-review/810300/ Federal agencies abruptly pull out of RSAC after organizer hires Easterly | Cybersecurity Dive https://www.cybersecuritydive.com/news/cisa-nsa-fbi-rsac-conference-jen-easterly/810482/ Real-Time phishing kits target Okta, Microsoft, Google https://cyberscoop.com/shinyhunters-voice-phishing-sso-okta-mfa-bypass-data-theft/ Phishing kits adapt to the script of callers https://www.okta.com/blog/threat-intelligence/phishing-kits-adapt-to-the-script-of-callers/ On the Coming Industrialisation of Exploit Generation with LLMs – Sean Heelan's Blog https://sean.heelan.io/2026/01/18/on-the-coming-industrialisation-of-exploit-generation-with-llms/ GitHub - SeanHeelan/anamnesis-release: Automatic Exploit Generation with LLMs https://github.com/SeanHeelan/anamnesis-release/ Overrun with AI slop, cURL scraps bug bounties to ensure "intact mental health" - Ars Technica https://arstechnica.com/security/2026/01/overrun-with-ai-slop-curl-scraps-bug-bounties-to-ensure-intact-mental-health/ Bypassing Windows Administrator Protection - Project Zero https://projectzero.google/2026/26/windows-administrator-protection.html Task Failed Successfully - Microsoft’s “Immediate” Retirement of MDT - SpecterOps https://specterops.io/blog/2026/01/21/task-failed-successfully-microsofts-immediate-retirement-of-mdt/ Kubernetes Remote Code Execution Via Nodes/Proxy GET Permission https://grahamhelton.com/blog/nodes-proxy-rce WhatsApp's Latest Privacy Protection: Strict Account Settings - WhatsApp Blog https://blog.whatsapp.com/whatsapps-latest-privacy-protection-strict-account-settings Microsoft gave FBI a set of BitLocker encryption keys to unlock suspects' laptops: Reports | TechCrunch https://techcrunch.com/2026/01/23/microsoft-gave-fbi-a-set-of-bitlocker-encryption-keys-to-unlock-suspects-laptops-reports/ He Leaked the Secrets of a Southeast Asian Scam Compound. Then He Had to Get Out Alive | WIRED https://www.wired.com/story/he-leaked-the-secrets-southeast-asian-scam-compound-then-had-to-get-out-alive/ Key findings from the 2026 Sublime Email Threat Research Report https://sublime.security/blog/key-findings-from-the-2026-sublime-email-threat-research-report/

Srsly Risky Biz: Open weight models make the Mythos debate moot
494 views

Risky Business (843): Fortibleed is kinda awesome, actually
751 views

Pitching security startups to VCs in the AI era
203 views

Between Two Nerds: The PRC vs AI
342 views

Srsly Risky Biz: Anthropic has artificial, but not emotional, intelligence
460 views

Risky Business Weekly (842): Anthropic needs an adult in the C suite
1.2K views