Risky Business is a weekly information security podcast featuring news and in-depth interviews with industry luminaries. Launched in February 2007, Risky Business is a must-listen digest for information security pros. With a running time of approximately 50-60 minutes, Risky Business is pacy; a security podcast without the waffle.
Risky Business #824 -- Microsoft's Secure Future is looking a bit wobbly
On this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news, including:
- Microsoft reshuffles security leadership. It doesn’t spark joy.
- Russia is hacking the Winter Olympics. Again. But y tho?
- China-linked groups are keeping busy, hacking telcos in Norway, Singapore and dozens of others
- Campaigns underway targeting Ivanti, BeyondTrust and SolarWinds products
- An unknown hero blocks 23/tcp on the US internet backbone
- And James Wilson pops into talk about Claude’s go at a C compiler
This week’s episode is sponsored by Ent.AI, an AI startup that isn’t quite ready to tell us all what they’re doing. But nevertheless, founder Brandon Dixon joins to discuss AI’s role in security. Where does language-based understanding take us that previous methods couldn’t?
This episode is also available on Youtube.
Show notes
- Updates in two of our core priorities - The Official Microsoft Blog
- Strengthening Windows trust and security through User Transparency and Consent | Windows Experience Blog
- Microsoft prepares to refresh Secure Boot’s digital certificate | Cybersecurity Dive
- Microsoft Patch Tuesday matches last year’s zero-day high with six actively exploited vulnerabilities | CyberScoop
- Microsoft releases urgent Office patch. Russian-state hackers pounce. - Ars Technica
- Italy blames Russia-linked hackers for cyberattacks ahead of Winter Olympics | The Record from Recorded Future News
- Researchers uncover vast cyberespionage operation targeting dozens of governments worldwide | The Record from Recorded Future News
- Germany warns of state-linked phishing campaign targeting journalists, government officials | The Record from Recorded Future News
- Norwegian intelligence discloses country hit by Salt Typhoon campaign | The Record from Recorded Future News
- Singapore says China-linked hackers targeted telecom providers in major spying campaign | The Record from Recorded Future News
- Largest Multi-Agency Cyber Operation Mounted to Counter Threat Posed by Advanced Persistent Threat (APT) Actor UNC3886 to Singapore’s Telecommunications Sector | Cyber Security Agency of Singapore
- How Intel and Google Collaborate to Strengthen Intel® TDX
- Strengthening the Foundation: A Joint Security Review of Intel TDX 1.5 - Google Bug Hunters
- Active Exploitation of SolarWinds Web Help Desk (CVE-2025-26399) | Huntress
- EU, Dutch government announce hacks following Ivanti zero-days | The Record from Recorded Future News
- North Korean hackers targeted crypto exec with fake Zoom meeting, ClickFix scam | The Record from Recorded Future News
- BeyondTrust warns of critical RCE flaw in remote support software
- Rapid7 Analysis of CVE-2026-1731
- Building a C compiler with a team of parallel Claudes \ Anthropic
- (1) Post by @ryiron.bsky.social — Bluesky
- What AI Security Research Looks Like When It Works | AISLE
- South Korean crypto exchange races to recover $40bn of bitcoin sent to customers by mistake | South Korea | The Guardian
- White House to meet with GOP lawmakers on FISA Section 702 renewal | The Record from Recorded Future News