Risky Business #827 -- Iranian cyber threat actors are down but not out

On this week’s show, Patrick Gray, Adam Boileau and James WIlson discuss the week’s cybersecurity news. They cover:

• The US-Israeli attack on Iran had a whole lot of cyber. It’s clearly in the playbook now!
• The NSA Triangulation / L3 Harris Trenchant iOS exploit kit is on the loose, and being used by Chinese crypto scammers
• So long Maddhu Gottumukkala, but CISA’s annus horribilis continues
• Adam “humbug” Boileau complains about the Airsnitch wifi attack just being three ethernets in a trenchcoat
• ASD’s Cisco SD-WAN threat hunting guide is clearly borne of … experience

This week’s episode is sponsored by AI threat hunting platform Nebulock. Sydney Marrone joins to talk about how useful AI models are on the hunt, and her work building out an open source framework and maturity model. It’s methodology agnostic, so you can adapt it for your environment, and the github link is in the show notes!

This episode is also available on Youtube.

Show notes

• Inside the plan to kill Ali Khamenei
• Hacked traffic cams and hijacked TVs: How cyber operations supported the war against Iran | TechCrunch
• Matthew Prince 🌥 on X: "Counter to what some cyber vendors are saying, there’s been a dramatic drop in Iranian cyber operations. Likely as the operators are sheltering. They may pick back up, but right now there’s a noticeable lull." / X
• Cyber Command disrupted Iranian comms, sensors, top general says | The Record from Recorded Future News
• Iranian Hackers Use Elon Musk’s Starlink To Stay Online
• Exclusive | U.S. Smuggled Thousands of Starlink Terminals Into Iran After Protest Crackdown - WSJ
• Attacks on GPS Spike Amid US and Israeli War on Iran | WIRED
• Amazon Data Centers on Fire After Iranian Missile Strikes on Dubai
• A Possible US Government iPhone-Hacking Toolkit Is Now in the Hands of Foreign Spies and Criminals | WIRED
• Canceled contracts, a failed polygraph and personal disputes: Inside the turbulent tenure of Noem’s former cyber czar - POLITICO
• CISA CIO Robert Costello exits agency | CyberScoop
• OpenAI alters deal with Pentagon as critics sound alarm over surveillance
• Inside Anthropic’s Killer-Robot Dispute With the Pentagon - The Atlantic
• Read the full transcript of our interview with Anthropic CEO Dario Amodei - CBS News
• CBP Tapped Into the Online Advertising Ecosystem To Track Peoples’ Movements
• Large-Scale Online Deanonymization with LLMs
• Hackers Weaponize Claude Code in Mexican Government Cyberattack - SecurityWeek
• New AirSnitch attack bypasses Wi-Fi encryption in homes, offices, and enterprises - Ars Technica
• CISA orders agencies to patch Cisco devices now under attack | Cybersecurity Dive
• CISCO SD-WAN THREAT HUNT GUIDE
• ClawJacked attack let malicious websites hijack OpenClaw to steal data
• Area Man Accidentally Hacks 6,700 Camera-Enabled Robot Vacuums | WIRED
• Intellexa founder, three others sentenced to 8 years in prison over Greek spyware scandal | The Record from Recorded Future News
• Moscow man accused of posing as FSB officer to extort Conti ransomware gang | The Record from Recorded Future News
• Farewell, Felix · The Recurity Lablog
• Atmos Sphere 2026 | Atmos
• The Agentic Threat Hunting Framework | Nebulock blog
• GitHub - Nebulock-Inc/agentic-threat-hunting-framework: ATHF is a framework for agentic threat hunting - building systems that can remember, learn, and act with increasing autonomy. · GitHub