Risky Business

In this edition of Snake Oilers three vendors pitch host Patrick Gray on their tech:

• Pangea: Guardrails and security for AI agents and applications (https://pangea.cloud)

Worried about your AI apps going rogue, being mean to your customers or even disclosing sensitive information? Pangea exists to address these risks. Fascinating stuff.

• Cosive: A threat intelligence company that can host your MISP server in AWS. CloudMISP! (https://www.cosive.com/snakeoilers)

Are you running a MISP server on some old hardware under a desk in your SOC? There’s a better way! Cosive can run it for you on AWS so you can just use it instead of wrestling with maintaining it. They also do some CTI consulting to help you get better use out of MISP.

• Sysdig: A Linux runtime security platform (https://sysdig.com/)

The modern Windows network is an all-singing, all-dancing, perfectly orchestrated, EDR-protected ballet. The modern Linux production environment… isn’t. Find out how Sysdig can help you get some visibility and control over your Linux fleet.

This episode is also available on Youtube.

Show notes

On this week’s show Patrick Gray talks to former NSA Cybersecurity Director Rob Joyce about Donald Trump’s unprecedented, unwarranted and completely bonkers political persecution of Chris Krebs and his employer SentinelOne.

They also talk through the week’s cybersecurity news, covering:

• Mitre’s stewardship of the CVE database gets its funding DOGE’d
• The US signs on to the Pall Mall anti-spyware agreement
• China tries to play the nationstate cyber-attribution game, but comedically badly
• Hackers run their malware inside the Windows sandbox, for security against EDR

This week’s episode is sponsored by open source identity provider Authentik. CEO Fletcher Heisler joins to talk through the increasing sprawl of the identity ecosystem.

This episode is also available on Youtube.

Show notes

• Cybersecurity industry falls silent as Trump turns ire on SentinelOne | Reuters
• U.S. cyber defenders shaken by Trump's attack on their former boss
• Trump Revenge Tour Targets Cyber Leaders, Elections – Krebs on Security
• Wyden to block Trump's CISA nominee until agency releases report on telecoms’ ‘negligent cybersecurity’ | The Record from Recorded Future News
• Gabbard sets up DOGE-style team to cut costs, uncover intel ‘weaponization’
• MITRE Warns CVE Program Faces Disruption Amid US Funding Uncertainty
• US to sign Pall Mall pact aimed at countering spyware abuses | The Record from Recorded Future News
• Court document reveals locations of WhatsApp victims targeted by NSO spyware | TechCrunch
• Spyware Maker NSO Group Is Paving a Path Back Into Trump’s America | WIRED
• NCSC shares technical details of spyware targeting Uyghur, Tibetan and Taiwanese groups | The Record from Recorded Future News
• Risky Bulletin: Chinese APT abuses Windows Sandbox to go invisible on infected hosts
• China escalates cyber fight with U.S., names alleged NSA hackers
• Researcher uncovers dozens of sketchy Chrome extensions with 4 million installs - Ars Technica
• China-based SMS Phishing Triad Pivots to Banks – Krebs on Security
• Risky Bulletin: CA/B Forum approves 47-days TLS certs
• Ransomware in het mkb: Cybercriminelen verhogen losgeld bij cyberverzekering
• 4chan Is Down Following What Looks to Be a Major Hack Spurred By Meme War

In this podcast, Patrick Gray chats with SentinelOne’s Chris Krebs and Alex Stamos about the huge changes afoot in the United States government and what they mean for the threat environment. From the director of NSA being fired to massive job cuts at CISA and huge foreign policy shifts, tomorrow’s threat environment is going to be very different to today’s. Tune in to hear analysis from two of the best in the business!

This episode is also available on Youtube.

Show notes

On this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news:

• Oracle quietly cops to being hacked, but immediately pivots into pretending it didn’t matter
• NSA and CyberCom leaders fired for not being MAGA enough
• US Treasury had some dusty corners it hadn’t found China in yet, looked, found China in them
• …which is a great time to discuss slashing CISA’s staffing
• Ransomware crews and bullet proof hosting providers are getting rekt, and we love it
• And Microsoft patches yet another logging 0-day being used in the wild.

This episode is sponsored by Yubico, makers of Yubikey hardware authentication tokens. Yubico’s Vice President of Solutions Architecture and Alliances Derek Hanson joins to discuss how the consumer-centric passkey ecosystem has become a real challenge for enterprises. One that Yubico is actually ideally positioned to solve.

This episode is also available on Youtube.

Show notes

• Oracle privately confirms Cloud breach to customers
• Oracle have finally issued a written notification to customers about their cybersecurity incident.
• Head of NSA and US Cyber Command reportedly fired | Cybersecurity Dive
• Trump fires numerous National Security Council staff - The Washington Post
• Trump administration under scrutiny as it puts major round of CISA cuts on the table | Cybersecurity Dive
• Hackers Spied on US Bank Regulators’ Emails for Over a Year - Bloomberg
• This is how Jeffrey Goldberg got added to the Signal chat
• Cybercriminals are trying to loot Australian pension accounts in new campaign | The Record from Recorded Future News
• $500,000 stolen in Australian super fund data breach | Superannuation | The Guardian
• Australian regulator pulls licenses of 95 companies in effort to crack down on investment scams | The Record from Recorded Future News
• Everest ransomware group’s darknet site offline following defacement | The Record from Recorded Future News
• On March 28, 2025, a threat actor leaked internal data from Medialand, a major bulletproof hosting (BPH) provider long linked to Yalishanda (LARVA-34).
• There's a ransomware group named DragonForce going around hacking its rivals. After Mamona and BlackLock, the group has now hacked RansomHub
• The DragonForce ransomware group hacked two rivals this month
• CISA, experts warn of Crush file transfer attacks as ransomware gang makes threats | The Record from Recorded Future News
• Kill Security Campaign Targets CrushFTP Servers
• National Vulnerability Database | NIST
• Microsoft patches zero-day actively exploited in string of ransomware attacks | CyberScoop
• Exploitation of CLFS zero-day leads to ransomware activity | Microsoft Security Blog
• Is The Sofistication In The Room With Us? - X-Forwarded-For and Ivanti Connect Secure (CVE-2025-22457)

On this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news:

• Yes, Oracle Health and Oracle Cloud did get hacked
• The fallout from Signalgate continues
• North Korean IT workers pivot to Europe
• Honeypot data suggests a storm is brewing for Palo Alto VPNs
• Canadian Anon gets arrested for hacking Texas GOP

This week’s episode is sponsored by Trail of Bits. Tjaden Hess, a Principal Security Engineer at Trail of Bits who specialises in cryptography, joins the show this week to talk about what a responsible crypto-currency exchange cold wallet setup looks like, and … contrasts that with Bybit.

This episode is also available on Youtube.

Show notes

• Oracle Health breach compromises patient data at US hospitals
• FBI probes Oracle hack tied to healthcare extortion: Report - Becker's Hospital Review | Healthcare News & Analysis
• Oracle Still Denies Breach as Researchers Persist
• Hacker linked to Oracle Cloud intrusion threatens to sell stolen data | Cybersecurity Dive
• Publius on X: "🚨 SIGNAL SCANDAL: Katherine Maher, the leftist NPR CEO, is currently the Chair of the Board of Signal! WHAT ARE THE ODDS? https://t.co/jWNTeAt3Jz" / X
• Mike Waltz Is Losing Support Inside the White House - WSJ
• Waltz and staff used Gmail for government communications, officials say - The Washington Post
• Pete Hegseth, Mike Waltz, Tulsi Gabbard: Private Data and Passwords of Senior U.S. Security Officials Found Online - DER SPIEGEL
• Even More Venmo Accounts Tied to Trump Officials in Signal Group Chat Left Data Public | WIRED
• You Need to Use Signal's Nickname Feature
• SignalGate Is Driving the Most US Downloads of Signal Ever | WIRED
• Wickr - Wikipedia
• When Getting Phished Puts You in Mortal Danger – Krebs on Security
• DPRK IT Workers Expanding in Scope and Scale | Google Cloud Blog
• How the FBI Tracked, and Froze, Millions Sent to Criminals in Massive Caesars Casino Hack
• Defense contractor to pay $4.6 million over third-party provider’s security weakness | The Record from Recorded Future News
• Surge in Palo Alto Networks Scanner Activity Indicates Possible Upcoming Threats
• CISA warns new malware targeting Ivanti zero-day vulnerability | Cybersecurity Dive
• Canadian hacker arrested for allegedly stealing data from Texas Republican Party | The Record from Recorded Future News
• British intel intern pleads guilty to smuggling top secret data out of protected facility | The Record from Recorded Future News