Risky Bulletin

DigiCert got hacked via a malicious screensaver file, two ransomware negotiators each get four years in prison, Trellix discloses a security breach, and another Russian hacker gets arrested while vacationing in the wrong place.



Show notes



Risky Bulletin: DigiCert hacked with a malicious screensaver file

In this sponsored interview, James Wilson talks with James Kettle and Daf Stuttard from PortSwigger about the incredible research James will unveil at Black Hat US this July, and how that research will be productised into Burp Suite. It shouldn’t be surprising that when James Kettle bolts an LLM into his research methodology that insanely dangerous things happen. This interview is a window into the future of AI-enabled hacking and security testing.

This interview is also available on YouTube.



Show notes

The Copy Fail vulnerability impacts all Linux distros going back to 2017, hackers are exploiting a cPanel auth bypass, every Moldovan citizen has their data stolen, and some scam compounds got raided raided… in Dubai.



Show notes



Risky Bulletin: The mysterious hack of Moldova's healthcare database

Tom Uren and Amberleigh Jack talk about the US government stepping in to fight ‘distillation attacks’ by Chinese AI labs. These are methods used to steal the special sauce of frontier AI models simply by asking questions.

They also discuss the wide-spread shift amongst Chinese threat actors to using botnets for all aspects of their operations. It’s a problem for defenders, but also a disruption opportunity for authorities.

This episode is also available on YouTube.



Show notes

Ukrainians hack Russian satellites, Vimeo is being extorted, Greece wants to ban anonymity on social media, and a Scattered Spider hacker was arrested in Finland.



Show notes



Risky Bulletin: UK NCSC blasts SOC metrics