Risky Bulletin

Europol successfully dismantles critical infrastructures behind Elysium, VenomRAT, and Rhadamanthys malware operations. Checkout.com makes waves by donating ransom money to cybercrime research instead of paying hackers. Cyberattacks disrupt radio broadcasts in Germany and the Netherlands. Google takes legal action against a phishing platform and makes significant changes to Android developer verification rules. Meanwhile, U.S. sanctions a military-linked scam group in Myanmar, and China disputes the origins of seized cryptocurrency.

Tom Uren, a policy and intelligence editor, dives into Meta's alarming $16 billion profit from scam ads, revealing the internal incentives that keep fraud thriving. He discusses how Meta's high denial threshold and algorithmic engagement create perverse incentives for scammers. The conversation shifts to restrained state-backed supply chain attacks and why some intrusions weren't weaponized. Lastly, Uren highlights the UK's pause on intelligence sharing with the US over concerns regarding legality in operations against suspected drug boats.

Discover the shocking leak of over 12,000 internal files from a Chinese security firm, revealing sensitive government contracts. Learn about the uncontained breach at the US Congressional Budget Office and its implications for digital communications. The Cybersecurity Information Sharing Act is looking at a vital extension. Plus, find out how ransomware attacks have impacted Jaguar's production and the UK's GDP. The latest OWASP Top 10 updates highlight emerging cybersecurity concerns, including supply chain vulnerabilities.

Tom Uren and The Grugq delve into the absurdity of AI use in cybercrime. They critique Google's AI Threat Tracker and discuss why LLMs used for malware like PromptSteal are underwhelming. The duo highlights how AI lowers skill barriers for hackers but introduces unpredictable failures. They explore how the illicit AI tooling market is maturing and debate when AI is genuinely useful in attacks versus its limitations. The conversation reveals a balanced view of AI's role in cyber operations, implying its potential benefits might not be as magical as expected.

Myanmar is making headlines as it demolishes the notorious KK Park scam compound. In cybersecurity, the US Congressional Budget Office faces a major email breach by foreign hackers. Singapore introduces harsh penalties for scammers, including caning. Meanwhile, significant sanctions hit North Korean hacking groups, and a new chairman steps in at the controversial NSO Group. Troubling data breaches continue, including a massive TISA party leak in Hungary and arrests related to online data sales in Pakistan.

Toni de la Fuente, Founder and CEO of Prowler, shares insights into leveraging AI for cloud security. He emphasizes Prowler's selective application of AI to enhance usability while retaining key deterministic checks. The discussion explores how AI augments context, improves user experience, and accelerates provider integrations. Toni advocates for open cloud security to empower organizations and highlights the efficiency of Prowler's API-driven approach compared to LLM-driven queries. He also addresses the strengths and limitations of LLMs in cloud security.

Payment service executives are arrested in a massive €300 million credit card fraud scheme. Meta faces scrutiny for raking in over $16 billion from scam ads while allowing them to flourish. In a severe crackdown, China sentences scammers to death. A German national is linked to a $275 million scam empire in Georgia. In a chilling twist, a 14-year-old is implicated in a Roblox extortion ring targeting children in the Arab world. Meanwhile, KT telecom attempts to cover up a serious malware breach during an investigation.

The hosts delve into US cyber operations against Venezuela, revealing their tactical successes but ultimate failure to topple Maduro. They explore the global risks of the adtech ecosystem and how cybercriminals partner with organized crime to steal high-value cargo. Techniques like falsified bills and hijacked logistics access illustrate the evolving landscape of crime. The conversation highlights how the economy around cargo theft thrives, even as cybercriminals adapt, signaling both progress and new dangers for the digital age.

The US indicts two cybersecurity employees for deploying ransomware, raising eyebrows in the tech community. Meanwhile, hackers target South Korean massage parlors, threatening business owners to extort customer data. In another twist, a crypto firm loses a staggering $128 million to attackers. Organized crime teams up with hackers to hijack freight shipments, creating a new level of threat in the logistics industry. Finally, a wave of arrests across Europe tackles massive online investment scams, highlighting the ongoing battle against cybercrime.

Tom Uren and The Grugq dive into the complexities of cyber messaging between states. They discuss the limitations of aggressive cyber operations and the mixed signals surrounding China's cyber activities. The hosts highlight the differences between Salt Typhoon and Vault Typhoon and critique the effectiveness of tariffs against IP theft. They explore the unpredictable nature of cyber signaling and the risks of overt retaliation. Throughout, they emphasize that cyber operations alone can't replace comprehensive diplomatic strategies.