Risky Bulletin

Tom Uren, policy and intelligence editor and author of the Seriously Risky Business newsletter, unpacks Google’s takedown of the IPIDEA residential proxy network. He also covers SpaceX’s swift fixes after Starlink was adapted for long-range drone guidance. The conversation spotlights private-sector disruption, faster legal takedowns, and why corporate pressure matters.

A halted supply‑chain sabotage against a CMS and a six‑month compromise of Notepad++ servers that pushed targeted backdoor updates. A spike in malicious OpenClaw skills and a massive API token leak. French police raids tied to AI deepfake nudity probes and companies disabling license‑plate readers after unauthorized access.

A deep dive into a recent Russian strike on Polish electricity infrastructure. They unpack why Poland near Ukraine was targeted and how attribution differs across reports. Conversation covers how distributed renewables and default configurations affected the attack. They explore shifting tactics from central systems to edge devices and the information impact versus technical damage.

A data leak tied to a US border agent and a massive chatbot backend exposure make for tense privacy talk. Microsoft moving to disable NTLM and strengthen Kerberos gets security protocol focus. Poland banning Chinese cars from military bases raises geopolitical supply chain concerns. Multiple zero-days, large-scale DDoS mitigation, and major breach settlements round out the hard-hitting cyber news.

Edward Wu, founder and CEO of Dropzone AI, builds AI-powered SOCs to speed alert investigations. He discusses a Vanderbilt report warning of growing adversary resources. He argues AI is essential because hiring alone cannot match nation-state scale. He urges automation of alert investigations and sharing TTP-level intelligence to scale small security teams.

A supply-chain breach pushed a backdoor through an antivirus update. A large proxy botnet was taken down and Android SDKs tied to it may be blocked. A destructive wiper hit dozens of Polish energy sites. Reports cover low GDPR fine collections, new location-privacy controls, major legal settlements over tracking, and rising crypto laundering routes.

Tom Uren, policy and intelligence editor who analyzes cybersecurity policy and spyware impacts, joins to discuss the Pall Mall Process and international efforts to curb abusive spyware. He explores the U.S. strategy of punishing miscreants while rewarding compliant firms. They also unpack the Salt Typhoon telecom compromises against senior UK officials and what strict telco rules actually buy us.

A cyberattack left smart alarms and cars across Russia unusable. Microsoft rushed an out-of-band Office patch for an active zero-day. WhatsApp introduced a strict account lockdown with enforced protections. Chrome extensions were found stealing ChatGPT authentication tokens. Investigations and legal fallout ripple across governments and firms.

The Grugq, an experienced cyber security practitioner and analyst known for offensive security and espionage tradecraft, joins to unpack attacker uncertainty after being detected. They explore offensive counterintelligence, parallels with human espionage, what happens when implants are pinged, and why publishing technical reports both clarifies detection and forces attackers to change tradecraft.

In this Risky Business News sponsor interview, Catalin Cimpanu talks with Luke Jennings, VP of Research & Development at Push Security, about ConsentFix. It’s a new form of email-based social engineering attack used in the wild, an evolution of the ClickFix attack that goes after your identity. Show notes ConsentFix: Analysing a browser-native ClickFix-style attack that hijacks OAuth consent grants ConsentFix debrief: latest community insights, recommendations, and predictions Luke Jennings, ConsentFix LinkedIn post Year in Review: How Phishing Attacks Evolved in 2025