On this week’s show special guest co-host Andy Boyd joins Patrick Gray and James Wilson to discuss the week’s cybersecurity news. Andy is the CEO of REDLattice, which makes the Paragon "intelligence collection and reconnaissance" solution. They cover: * Adversaries are tracking US troop locations with commercially available location data * A new Signal phishing campaign is going after message backups * 404 Media is suing ICE to get its spyware contract with REDLattice (lol) * Microsoft’s tone-deaf response to ‘never justifiable’ zero-day disclosures * Mini Shai-Hulud pops up again just as Glassworm gets shattered * Much, much more This week’s episode is sponsored by Authentik, an open source identity platform that you can host yourself. In this week's sponsor interview Authentik's CEO Fletcher Heisler joins Patrick Gray to talk about how they’re keeping up with the bugpocalypse, and also the work they’re doing to support identities for AI agents. Show notes: U.S. says troops were targeted with location data, as senator warns ad industry is a ‘national security threat’ https://techcrunch.com/2026/05/28/u-s-says-troops-were-targeted-with-location-data-as-senator-warns-ad-industry-is-a-national-security-threat DOD location data attachment (Wyden) https://www.documentcloud.org/documents/28169995-dod-location-data-attachment-wyden Risky Business #830 -- LiteLLM and security scanner supply chains compromised | Risky Business Media https://risky.biz/RB830 US has seized nearly $1 billion in crypto from Iran, Bessent says | https://www.theblock.co/post/403075/us-has-seized-nearly-1-billion-in-crypto-from-iran-bessent-says Russia claims foreign spy agencies hacked officials' phones | therecord.media https://therecord.media/russia-claims-foreign-spy-agencies-hacked-gov-officials Hackers are trying to steal Signal users’ backups in new wave of phishing attacks | TechCrunch Security https://techcrunch.com/2026/05/28/hackers-are-trying-to-steal-signal-users-backups-in-new-wave-of-phishing-attacks We Sued ICE to Get Its Spyware Contract. The Agency Is Redacting Essentially Everything | Social Signals https://www.404media.co/we-sued-ice-to-get-its-spyware-contract-the-agency-is-redacting-essentially-everything A shared responsibility: Protecting customers through Coordinated Vulnerability Disclosure | Social Signals https://www.microsoft.com/en-us/msrc/blog/2026/05/a-shared-responsibility-protecting-customers-through-coordinated-vulnerability-disclosure Microsoft says it will not pursue security researchers after zero-day backlash | therecord.media https://therecord.media/microsoft-says-it-will-not-pursue-security-researchers-disclosure IBM’s new $5B initiative will help enterprises rapidly patch open-source vulnerabilities | Social Signals https://www.cybersecuritydive.com/news/ibm-open-source-security-ai-project-lightwell/821348 Federal audit reveals NIST’s NVD is plagued by poor planning and duplication | cyberscoop.com https://cyberscoop.com/nist-nvd-audit-mismanagement-duplication Hackers Used Meta’s AI Support Bot to Seize Instagram Accounts https://krebsonsecurity.com/2026/06/hackers-used-metas-ai-support-bot-to-seize-instagram-accounts Critical Windows Netlogon RCE flaw now exploited in attacks https://www.bleepingcomputer.com/news/microsoft/critical-windows-netlogon-remote-code-execution-flaw-now-exploited-in-attacks CISA adds exploited Palo Alto Networks GlobalProtect flaw to KEV https://www.cybersecuritydive.com/news/palo-alto-networks-firewall-flaw-exploitation-cisa-kev/821598 Password manager Dashlane says hackers stole some customers’ password vaults https://techcrunch.com/2026/06/02/password-manager-dashlane-says-hackers-stole-some-customers-password-vaults CrowdStrike disrupts Glassworm botnet that preyed on open-source supply chain | cyberscoop.com https://cyberscoop.com/crowdstrike-glassworm-botnet-takedown Botnet of more than 17 million devices dismantled | arstechnica.com https://arstechnica.com/security/2026/05/botnet-of-more-than-17-million-devices-dismantled Chinese-speaking fraud gang could be stealing millions from 2026 World Cup fans https://therecord.media/chinese-speaking-fraud-gang-fifa-world-cup-scam ACCC investigating Olympics ticket scam https://www.abc.net.au/news/2008-08-04/accc-investigating-olympics-ticket-scam/463464 Dozens of Red Hat packages backdoored through its offical NPM channel https://arstechnica.com/security/2026/06/dozens-of-red-hat-packages-backdoored-through-its-offical-npm-channel Solo podcast: A deep dive on TeamPCP - Risky Business Media | https://risky.biz/RBFEATURES24 Trump administration releases scaled-back AI executive order https://cyberscoop.com/donald-trump-white-house-ai-executive-order-scaled-back Google security engineer accused of turning confidential search trends into $1.2M win on Polymarket https://cyberscoop.com/google-security-engineer-insider-trading-polymarket

Srsly Risky Biz: Open weight models make the Mythos debate moot
494 views

Risky Business (843): Fortibleed is kinda awesome, actually
751 views

Pitching security startups to VCs in the AI era
203 views

Between Two Nerds: The PRC vs AI
342 views

Srsly Risky Biz: Anthropic has artificial, but not emotional, intelligence
460 views

Risky Business Weekly (842): Anthropic needs an adult in the C suite
1.2K views