In this week’s show, Patrick Gray and Adam Boileau discuss the week’s cybersecurity news, joined by a special guest. BBC World Cyber Correspondent Joe Tidy is a long time listener and he pops in for a ride-along in the news segment plus a chat about his new book.

This week news includes:

• Did the US cyber Venezuela’s power grid, or do they just want us to think they coulda?


• US govt might boycott the RSAC Conference ‘cause Jen Easterly being CEO makes them mad


• MS Patch Tuesday fixes CVSS5.5 bug and … stops you shutting down


• Wiz pulls off cloud stunt hack that ends with control of everyone’s AWS console


• Millions of Bluetooth devices that use Google’s Fast Pairing will pair with anyone, any time


• GNU inet-tools’ telnetd parties like it’s 2007, and brings -f root unauthed remote login back

Thinkst is this week’s sponsor, and long time friend of the show Haroon Meer joins. As always they’re polishing their Canary tokens - adding breadcrumbs to lead you to them - but they’re also a bunch of giant nerds who now run South Africa’s Computer Olympiad.

This episode is also available on Youtube.

Show notes

• Cyberattack in Venezuela Demonstrated Precision of U.S. Capabilities - The New York Times



• Why I’m withholding certainty that “precise” US cyber-op disrupted Venezuelan electricity - Ars Technica



• Layered Ambiguity: US Cyber Capabilities in the Raid to Extract Maduro from Venezuela | Royal United Services Institute



• Former CISA Director Jen Easterly Will Lead RSAC Conference | WIRED



• Trump officials consider skipping premier cyber conference after Biden-era cyber leader named CEO - Nextgov/FCW



• Federal agencies ordered to patch Microsoft Desktop Windows Manager bug | The Record from Recorded Future News



• Windows 11 shutdown bug forces Microsoft into damage control • The Register



• CodeBreach: Supply Chain Vuln & AWS CodeBuild Misconfig | Wiz Blog



• Critical flaw in AWS Console risked compromise of build environment | Cybersecurity Dive



• Never-before-seen Linux malware is “far more advanced than typical” - Ars Technica



• VoidLink: Evidence That the Era of Advanced AI-Generated Malware Has Begun - Check Point Research



• Hundreds of Millions of Audio Devices Need a Patch to Prevent Wireless Hacking and Tracking | WIRED



• Critical flaw in Fortinet FortiSIEM targeted in exploitation threat | Cybersecurity Dive



• CVE-2025-64155: 3 Years of Remotely Rooting the FortiSIEM



• A single click mounted a covert, multistage attack against Copilot - Ars Technica



• Police raid homes of alleged Black Basta hackers, hunt suspected Russian ringleader | The Record from Recorded Future News



• Jordanian initial access broker pleads guilty to helping target 50 companies | The Record from Recorded Future News



• Supreme Court hacker posted stolen government data on Instagram | TechCrunch



• oss-sec: GNU InetUtils Security Advisory: remote authentication by-pass in telnetd



• How crypto criminals stole $700 million from people - often using age-old tricks



• Ctrl + Alt + Chaos: How Teenage Hackers Hijack the Internet