Risky Business Risky Business #821 -- Wiz researchers could have owned every AWS customer
23 snips
Jan 21, 2026 
Joe Tidy, BBC World Service's cybersecurity correspondent and author of Control Alt Chaos, dives into the complexities of U.S. cyber operations and their implications. He discusses the evolving teen hacker culture shaped by social media and cryptocurrency. Haroon Meer, founder of Thinkst, shares insights on deception tools and their recent acquisition efforts, alongside the exciting work at the South African Computer Olympiad. Together, they explore the future of cybersecurity, the risky world of Amazon Web Services exploits, and the challenges of communicating these themes to the public.
AI Snips
Chapters
Books
Transcript
Episode notes
Patch Moderate Bugs If They're Exploited
- Patch actively exploited lower-severity bugs even if their CVSS is moderate, because attackers use them to bypass defenses.
- Prioritize fixes CISA calls out and monitor for in-the-wild exploitation rather than only chasing 'critical' labels.
CI Regex Flaw Can Become Internet-Scale Risk
- A single CI regex bug could let an attacker alter widely used SDK code and affect millions of AWS consoles.
- Wiz demonstrated that chained automation and unchecked patterns create systemic cloud-wide blast radius risks.
AI Acts As Malware Development Force Multiplier
- AI-assisted development appears as a force multiplier for competent malware when operators poorly manage OPSEC.
- Check Point found traces suggesting AI tooling sped development, but human oversight and artifacts remained critical to attribution.
