Risky Business Risky Business #813 -- FFmpeg has a point
72 snips
Nov 5, 2025 In this engaging discussion, security journalist Adam Boileau sheds light on the recent drama between FFmpeg and Google over vulnerability disclosures. He advocates for clearer responsibilities among researchers and larger firms regarding bug fixes. The episode also explores OpenAI's Aardvark system and its innovative approach to bug hunting, alongside critical conversations about arrests of ransomware responders and the resurgence of notorious hackers. Adam's insights into the evolving landscape of cybersecurity make this chat both informative and captivating.
AI Snips
Chapters
Transcript
Episode notes
Insider Sold Exploits To Foreign Broker
- Peter Williams, a Trenchant exec, sold exploits to a Russian broker even after knowing prior sales were used by brokers.
- He reportedly received about $1.3M while claimed losses from exposed exploits reached ~$35M.
Market Pressure Shapes Offensive Tech Behavior
- Expanding offensive cyber capacity via private firms raises trust and vetting challenges, but sanctions and norms can deter reckless vendors.
- Public naming and targeting (e.g., NSO) can sharply reduce investor appetite for irresponsible vendors.
Spyware Vendor Admits Tool Use In Russia
- Memento (ex-Hacking Team) confirmed its tools appeared in Russia and blamed customers for using legacy Windows implants.
- The CEO openly admitting their tooling was present is an unusual public stance for such vendors.