Dive into the dramatic collapse of the BlackBasta ransomware group, highlighted by leaked internal chats. Discover how Russian military hackers are now targeting the messaging app Signal using QR codes. Learn about the critical Microsoft patch for a Power Pages zero-day vulnerability. Plus, hear about Meta's legal actions against a hacker who extorted users by breaching their accounts. A riveting exploration of cybersecurity challenges and legal battles awaits!

The hosts dive into the idea of retaliating against Chinese telcos due to cyber attacks on the U.S., discussing the merits of such a campaign. They highlight Samoa's bold move in publicly calling out Chinese hackers, showcasing how even smaller nations are stepping up against cyber threats. The conversation also covers the complex dynamics of surveillance and national security between the U.S. and China, as well as the delicate balance of secrecy and transparency in intelligence operations. It's a captivating look at global cyber warfare and its ramifications.

A venture capital firm falls victim to a clever social engineering attack, highlighting the ever-evolving threat landscape. Ecuador's parliament faces cyberattacks, raising concerns about governmental security. The show also addresses critical vulnerabilities, including a serious flaw in OpenSSH and an unpatched zero-day in Monero. Tune in for insights on the latest malware campaigns and legal repercussions affecting major tech services.

The discussion opens with the U.S. Vulnerabilities Equities Program, balancing intelligence needs with public safety. They dive into the dilemma of disclosing vulnerabilities, weighing the risks of keeping them secret. Techniques for exploiting systems are examined, emphasizing operational security. The notorious EternalBlue vulnerability is scrutinized for its silent dangers and delayed fixes. Lastly, the speakers explore the shifting landscape of cybersecurity, highlighting the need for adaptable strategies and the importance of transparency in vulnerability disclosure.

The podcast dives into the sinister tactics of the Sandworm group, including their use of Tor nodes on hacked networks. Learn about the UK’s unexpected decision to end military training for cyber personnel and how Russian adversaries are employing device code phishing. The discussion also covers ongoing threats from Salt Typhoon and scrutinizes the impact of cyber incidents on global security, particularly concerning Ukraine's precarious situation.

Jimmy Mesta, CTO and co-founder of Rad Security, shares insights on AI security for enterprises. He discusses the dangers of unregulated AI assistants in businesses, emphasizing the need for robust safeguards. The conversation dives into the rise of shadow AI and the challenges it poses for CISOs. Mesta also highlights the importance of responsible AI tool management and training employees to protect corporate data. He warns about potential risks associated with AI model origins and stresses the delicate balance between innovation and security regulation.

The podcast dives into Apple's bold refusal to comply with the UK's encryption demands, showcasing the ongoing clash between tech giants and governments over privacy. It highlights the progress against ransomware, revealing how government actions are pressuring criminal networks. The discussion also touches on the changing dynamics within the cybercrime realm, particularly with the decline of major ransomware groups and the rise of independent attackers. Finally, it emphasizes the relentless fight against cryptocurrency laundering and evolving law enforcement efforts.

The hosts dive into the controversial world of Paragon, an Israeli spyware vendor, and its strategies for entering the US market. They tackle the ethical dilemmas faced by intelligence agencies, especially concerning customer vetting and user privacy. Insights on a recent WhatsApp hacking campaign reveal vulnerabilities and critique the platform's response. A captivating story about intelligence operations highlights the unforeseen consequences of testing, while discussions on anonymous claims question credibility and the emotional motivations behind them.

Dive into the alarming details of a significant supply chain attack that disrupted the AdsPower browser platform, leading to widespread user vulnerabilities. Explore recent cybersecurity breaches, including serious ethical concerns surrounding Paragon. The discussion also highlights a zero-day exploit affecting Trimble Cityworks and impactful DDoS attacks on Bohemia Interactive games. Tune in for key insights and the latest updates on these pressing security issues!

UPDATED AUDIO: An earlier version of this podcast audio contained an editing mistake that desynchronised Patrick and Tom’s audio. In this podcast Tom Uren and Patrick Gray talk about the cyber espionage implications of Chinese AI firm DeepSeek’s recently released models. They will certainly be picked up by various APT crews to try and accelerate their campaigns. They also discuss the UK NCSC’s attempt to quantify ‘comedy bugs’ and whether EU sanctions against Russian military intelligence officers for a five-year-old cyber espionage campaign targeting Estonia are pointless. This episode is also available on Youtube. Show notes