Risky Business #810 -- Data extortion attacks have a silver lining

In this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news, including:

• FBI intervenes in Scattered Spider Salesforce leaksite
• Clop loots Oracle E-Biz deployments
• Plus so much more data extortion.. At least it’s not ransomware … we guess?
• The US still can’t decide who’s gonna be in charge of NSA & Cybercom
• Cambodian scam compounds get sanctioned and $15b in crypto is seized
• NSO gets sold for pocket-lint-grade money
• Bugs! Redis CVSS 10, Ivanti, Crowdstrike and… Internet Explorer?! zeroday?! In the wild?!!!?

This week’s episode is sponsored by Stairwell. Founder Mike Wiacek talks about how Stairwell brings VirusTotal-like visibility to private files, and about integrating the insights that brings into your SOC workflow.

This episode is also available on Youtube.

Show notes

• FBI takedown banner appears on BreachForums site as Scattered Spider promotes leak | The Record from Recorded Future News
• Dozens of Oracle customers impacted by Clop data theft for extortion campaign | CyberScoop
• Well, Well, Well. It’s Another Day. (Oracle E-Business Suite Pre-Auth RCE Chain - CVE-2025-61882)
• Clop is a Big Fish, But Not Worth Hunting - Risky Business Media
• ShinyHunters Wage Broad Corporate Extortion Spree – Krebs on Security
• The company Discord blamed for its recent breach says it wasn't hacked
• Qantas confirms cybercriminals released stolen customer data | The Record from Recorded Future News
• Red Hat confirms breach of GitLab instance, which stored company’s consulting data | CyberScoop
• Risky Bulletin: Microsoft revamps Edge's "IE Mode" after zero-day attacks - Risky Business Media
• Teenagers arrested in England over cyberattack on nursery chain Kido | The Record from Recorded Future News
• Acting US Cyber Command, NSA chief won’t be nominated for the job, sources say | The Record from Recorded Future News
• Layoffs, reassignments further deplete CISA | Cybersecurity Dive
• Trump’s scandalous directive to AG Pam Bondi reached the public by accident
• Feds sanction Cambodian conglomerate over cyber scams, seize $15 billion from chairman | The Record from Recorded Future News
• US Congress committee investigating Musk-owned Starlink over Myanmar scam centres | Myanmar | The Guardian
• Satellites Are Leaking the World’s Secrets: Calls, Texts, Military and Corporate Data | WIRED
• Netherlands invokes special powers against Chinese-owned semiconductor company Nexperia | The Record from Recorded Future News
• Spyware maker NSO Group confirms acquisition by US investors | TechCrunch
• Apple Announces $2 Million Bug Bounty Reward for the Most Dangerous Exploits | WIRED
• Wiz Finds Critical Redis RCE Vulnerability: CVE‑2025‑49844 | Wiz Blog
• SonicWall admits attacker accessed all customer firewall configurations stored on cloud portal | CyberScoop
• SonicWall SSLVPN devices compromised using valid credentials | Cybersecurity Dive
• Issues Affecting CrowdStrike Falcon Sensor for Windows
• ZDI Drops 13 Unpatched Ivanti Endpoint Manager Vulnerabilities - SecurityWeek
• Jaguar Land Rover launches phased restart at factories after cyber-attack | Jaguar Land Rover | The Guardian
• Windows 10 support ends today — here's who's affected and what you need to do