Risky Business is a weekly information security podcast featuring news and in-depth interviews with industry luminaries. Launched in February 2007, Risky Business is a must-listen digest for information security pros. With a running time of approximately 50-60 minutes, Risky Business is pacy; a security podcast without the waffle.
Risky Business #838 -- GitHub investigates possible breach
May 20, 2026
1:02:49
60.31 MB
Downloads: 0
On this week’s show Patrick Gray, Adam Boileau and James Wilson discuss the week’s cybersecurity news.
They cover:
- GitHub announced a possible breach
- CISA leaks important creds, keys in public repo
- Awful vulnerability in Bitlocker renders it useless without a PIN
- So. Many. Patches.
- Polish Government urges officials to ditch Signal for mSzyfr
- Much, much more
This week’s show is brought to you by Thinkst Canary. Thinkst’s founder, Haroon Meer, is this week’s sponsor guest. He joined James Wilson to talk about how doing “the basics” in security isn’t trivially easy.
This episode is also available on YouTube.
Show notes
- GitHub on X: "We are investigating unauthorized access to GitHub’s internal repositories. While we currently have no evidence of impact to customer information stored outside of GitHub’s internal repositories (such as our customers’ enterprises, organizations, and repositories), we are closely" / X
- CISA Admin Leaked AWS GovCloud Keys on Github – Krebs on Security
- Experts Confirm the Fast16 Malware Was Sabotaging Nuclear Weapons Tests, Likely in Iran
- Iran hackers: Hackers have breached tank readers at gas stations; officials suspect Iran is responsible | CNN Politics
- War and Data Centers Are Driving Up the Cost of Fiber-Optic Cable
- Microsoft on pace to break annual vulnerability record as AI-driven patch wave takes hold | The Record from Recorded Future News
- NCSC’s Ollie Whitehouse on surviving the "bugpocalypse" - Risky Business Media
- Defense at AI speed: Microsoft’s new multi-model agentic security system tops leading industry benchmark | Microsoft Security Blog
- Project Glasswing: what Mythos showed us
- Linus Torvalds says AI-powered bug hunters have made Linux security mailing list ‘almost entirely unmanageable’
- First public macOS kernel memory corruption exploit on Apple M5
- OpenAI launches Daybreak to combat cyber threats | Cybersecurity Dive
- Zero-day exploit completely defeats default Windows 11 BitLocker protections - Ars Technica
- GitHub - Wack0/bitlocker-attacks: A list of public attacks on BitLocker · GitHub
- Catalin Cimpanu: "The Polish government has advi…" - Mastodon
- CISA orders all federal agencies to patch exploited bug in Cisco SD-WAN systems by Sunday | The Record from Recorded Future News
- CVE-2026-20182: Critical authentication bypass in Cisco Catalyst SD-WAN Controller (FIXED)
- Huawei zero-day attack behind last year’s crash of Luxembourg's entire telecoms network | The Record from Recorded Future News
- Patch bypass allows hackers to exploit prior flaw in SonicWall SSL-VPN | Cybersecurity Dive
- Microsoft disrupts Fox Tempest malware-signing-as-a-service platform tied to ransomware gangs | The Record from Recorded Future News
- Streamer Realtime Deepfakes Himself into Mr. Beast, Says He Loves 'Touching Little Boys'