How Airlock blocks reflective .NET loads

Risky Business returns for 2026! Patrick Gray and Adam Boileau talk through the week’s cybersecurity news, including:

• Santa brings hackers MongoDB memory leaks for Christmas
• Vercel pays out a million bucks to improve its React2Shell WAF defences
• 39C3 delivers; the pink Power Ranger deletes nazis, while a catgirl ruins GnuPG
• Cambodian scam compound kingpin gets extradited to China, and we don’t think it’ll go well for him
• Krebs picks apart the Kimwolf botnet and residential proxy networks
• So many healthcare data leaks that we have a roundup section

This week’s episode is sponsored by Airlock Digital. The founders of the application allow-listing vendor, David Cottingham and Daniel Schell, discuss Microsoft’s ClickOnce .NET app packaging, and how attackers have been abusing it to load code. Airlock hates it when you load code!

This episode is also available on Youtube.

Show notes

• US, Australia say ‘MongoBleed’ bug being exploited | The Record from Recorded Future News
• Merry Christmas Day! Have a MongoDB security incident. | by Kevin Beaumont | Dec, 2025 | DoublePulsar
• Inside Vercel’s sleep-deprived race to contain React2Shell | CyberScoop
• gpg.fail
• Hacktivist deletes white supremacist websites live onstage during hacker conference | TechCrunch
• Chinese attackers exploiting zero-day to target Cisco email security products | The Record from Recorded Future News
• Ni8mare  -  Unauthenticated Remote Code Execution in n8n (CVE-2026-21858) | Cyera Research Labs
• ServiceNow patches critical AI platform flaw that could allow user impersonation | CyberScoop
• Alleged cyber scam kingpin arrested, extradited to China | The Record from Recorded Future News
• FCC IoT labeling program loses lead company after China probe | Cybersecurity Dive
• Trump picks Lt. Gen. Joshua Rudd to lead NSA spy agency - The Washington Post
• NSA cyber directorate gets new acting leadership | The Record from Recorded Future News
• Dutch court sentences hacker who used port systems to smuggle cocaine to 7 years | The Record from Recorded Future News
• ECLI:NL:GHAMS:2026:22, Amsterdam Court of Appeal, 23-003218-22
• The Kimwolf Botnet is Stalking Your Local Network – Krebs on Security
• Who Benefited from the Aisuru and Kimwolf Botnets? – Krebs on Security
• Coupang recovers smashed laptop that alleged data leaker threw into river | The Record from Recorded Future News
• Ransomware responders plead guilty to using ALPHV in attacks on US organizations | The Record from Recorded Future News
• Nearly 480,000 impacted by Covenant Health data breach | The Record from Recorded Future News
• Illinois health department exposed over 700,000 residents' personal data for years | TechCrunch
• Tech provider for NHS England confirms data breach | TechCrunch
• Hacker claiming to be behind ManageMyHealth breach: ‘I do it for the money and I’m in negotiations to get it’ - NZ Herald