Risky Bulletin

NIST says it won’t be enriching most CVEs, Russian hackers tried to disrupt a Swedish power plant, the EU releases its age verification app, and OpenAI announces its own private cyber model.



Show notes



Risky Bulletin: NIST gives up enriching most CVEs

Tom Uren and Amberleigh Jack talk about a new Citizen Lab report into Webloc, a tool to identify and track mobile devices. It demonstrates how the collection and sale of mobile phone geolocation data presents privacy and national security risks.

They also discuss a deep-dive into how a single hacker was able to breach nine Mexican government agencies in just weeks using AI assistants. They enabled the attacker to move much faster.

This episode is also available on YouTube



Show notes



Citizen Lab's Webloc report


Gambit's Mexican hack analysis

Researchers find malicious LLM proxy routers, a fake Ledger crypto-wallet on the Mac App Store stole $10 million dollars, a ransomware crew leaks data from 38 law firms, and Google cracks down on back button hijacking.



Show notes



Risky Bulletin: Malicious LLM proxy routers found in the wild

In this edition of Between Two Nerds Tom Uren and The Grugq discuss how the rise of AI, which is very good at vulnerability and exploit development, will change the cyber security industry and competition between states.

This episode is also available on YouTube



Show notes



The Grugq on X: People are freaking out about an impending flood of 0days


Patrick Gray with former NSA and CIA cyber leaders

France prepares to ditch Windows for Linux, OpenAI was impacted by the Axios supply chain attack, Rockstar Games gets hacked again, and Adobe patches a reader zero-day.



Show notes



Risky Bulletin: France takes first steps to ditch Windows for Linux