Risky Business is a weekly information security podcast featuring news and in-depth interviews with industry luminaries. Launched in February 2007, Risky Business is a must-listen digest for information security pros. With a running time of approximately 50-60 minutes, Risky Business is pacy; a security podcast without the waffle.
Risky Business #825 -- Palo Alto Networks blames it on the boogie
On this week’s show, Patrick Gray, Adam Boileau and James WIlson discuss the week’s cybersecurity news. They cover:
- Palo Alto threat researchers want to attribute to China, but management says shush
- An increasing proportion of ransomware is data extortion. Is this good?
- Cambodia says it’s going to dismantle scam compounds
- CISA sufferers through yet another shutdown
- Google Gemini’s training secrets are being systematically harvested to improve other LLMs
- Academics assess SaaS password managers’ resilience against a malicious server
This episode is sponsored by SSO-firewall integration vendor Knocknoc. Chief exec Adam Pointon joins to talk about the latest in defences… which is to say Knocknoc for Solaris/Sparc and HPUX on PA-RISC?! Okay also that other little known OS… Windows.
This episode is also available on Youtube.
Show notes
- Data-only extortion grows as ransomware gangs seek better profits | Cybersecurity Dive
- Arctic Wolf Threat Report 2026
- Exclusive: Palo Alto chose not to tie China to hacking campaign for fear of retaliation from Beijing, sources say
- Risky Bulletin: Cambodia promises to dismantle scam networks by April - Risky Business Media
- Age of the ‘scam state’: how an illicit, multibillion-dollar industry has taken root in south-east Asia | Cybercrime | The Guardian
- Critical flaw in BeyondTrust Remote Support sees early signs of exploitation | Cybersecurity Dive
- CISA Navigates DHS Shutdown With Reduced Staff - SecurityWeek
- Kimwolf Botnet Swamps Anonymity Network I2P – Krebs on Security
- BADIIS to the Bone: New Insights to a Global SEO Poisoning Campaign — Elastic Security Labs
- Over 500,000 VKontakte accounts hijacked through malicious Chrome extensions | The Record from Recorded Future News
- Password managers' promise that they can't see your vaults isn't always true - Ars Technica
- Zero Knowledge (About) Encryption: A Comparative Security Analysis of Three Cloud-based Password Managers
- Google finds state-sponsored hackers use AI at 'all stages' of attack cycle | CyberScoop
- Google: Gemini hit with 100,000+ prompts in cloning attempt
- Proofpoint acquires Acuvity to tackle the security risks of agentic AI | CyberScoop
- Cisco Redefines Security for the Agentic Era with AI Defense Expansion and AI-Aware SASE
- Sophos Acquires Arco Cyber to Bring CISO-Level, Agentic AI-Powered Expertise to Every Organization
- Dave Kennedy on X: "Regarding this, there was a couple questions on does the pacemaker continue to advertise - most BLE implantable devices go into a sleep type mode. In this case, we are lucky - it does not. We know based on law enforcement answers that she is using a more modern pacemaker with" / X
- Clash Report on X: "BIG: Dutch Defence Minister Gijs Tuinman hints that software independence is possible for F-35 jets. He literally said you can “jailbreak” an F-35. When asked if Europe can modify it without US approval: “That’s not the point… we’ll see whether the Americans will show https://t.co/f11cGvtYsO" / X
- Dutch police arrest man who refused to delete confidential files shared by mistake | The Record from Recorded Future News