Risky Business Risky Business #816 -- Copilot Actions for Windows is extremely dicey
38 snips
Nov 26, 2025 H.D. Moore, a renowned security researcher and creator of Metasploit, joins to discuss RunZero's innovative tools. He elaborates on integrating RunZero with Bloodhound-style graph databases to enhance security analysis. H.D. also dives into the exciting future of AI in cybersecurity, touching on the challenges of varied deployment models. Additionally, he highlights how exposure management and user experience are shifting in product development, making security more effective and accessible.
AI Snips
Chapters
Transcript
Episode notes
Follow Device Restrictions During State Visits
- Turn off Bluetooth and Wi‑Fi on devices during sensitive official visits when advised.
- Patrick Gray urges caution though he questions whether such guidance stems from actionable intelligence.
Package Worms Abuse Tokens And CI Hooks
- NPM ecosystem enables rapid self‑propagating worms via stolen tokens and GitHub Actions.
- Adam Boileau explains Sha1‑Hulud steals tokens, uses GitHub Actions and can exec commands via discussion hooks.
Regulation Provided Telco Security Baselines
- Eliminating minimum telco cybersecurity rules reduces baseline security and shifts burden elsewhere.
- Patrick Gray and Adam Boileau argue regulation gave engineers justification to secure networks and removing it is a loss.