Risky Bulletin

ShinyHunters claim credit for the Vercel hack, a malware strain attempted to sabotage Israel’s water system, the US government wants access to Mythos, and a Supreme Court hacker gets probation.



Show notes



Risky Bulletin: New malware tries to sabotage Israel's water system but fails because it's buggy

In this Risky Business sponsor interview, Catalin Cimpanu talks with Sydney Marrone, Head of Threat Hunting at Nebulock, about hunting shadow AI agents on corporate networks.



Show notes



Sydney Marrone LinkedIn profile


Hunting OpenClaw and Agentic AI Through Behavior

NIST says it won’t be enriching most CVEs, Russian hackers tried to disrupt a Swedish power plant, the EU releases its age verification app, and OpenAI announces its own private cyber model.



Show notes



Risky Bulletin: NIST gives up enriching most CVEs

Tom Uren and Amberleigh Jack talk about a new Citizen Lab report into Webloc, a tool to identify and track mobile devices. It demonstrates how the collection and sale of mobile phone geolocation data presents privacy and national security risks.

They also discuss a deep-dive into how a single hacker was able to breach nine Mexican government agencies in just weeks using AI assistants. They enabled the attacker to move much faster.

This episode is also available on YouTube



Show notes



Citizen Lab's Webloc report


Gambit's Mexican hack analysis

Researchers find malicious LLM proxy routers, a fake Ledger crypto-wallet on the Mac App Store stole $10 million dollars, a ransomware crew leaks data from 38 law firms, and Google cracks down on back button hijacking.



Show notes



Risky Bulletin: Malicious LLM proxy routers found in the wild