Risky Business #825 -- Palo Alto Networks blames it on the boogie

On this week’s show, Patrick Gray, Adam Boileau and James WIlson discuss the week’s cybersecurity news. They cover:

• Palo Alto threat researchers want to attribute to China, but management says shush
• An increasing proportion of ransomware is data extortion. Is this good?
• Cambodia says it’s going to dismantle scam compounds
• CISA sufferers through yet another shutdown
• Google Gemini’s training secrets are being systematically harvested to improve other LLMs
• Academics assess SaaS password managers’ resilience against a malicious server

This episode is sponsored by SSO-firewall integration vendor Knocknoc. Chief exec Adam Pointon joins to talk about the latest in defences… which is to say Knocknoc for Solaris/Sparc and HPUX on PA-RISC?! Okay also that other little known OS… Windows.

This episode is also available on Youtube.

Show notes

• Data-only extortion grows as ransomware gangs seek better profits | Cybersecurity Dive
• Arctic Wolf Threat Report 2026
• Exclusive: Palo Alto chose not to tie China to hacking campaign for fear of retaliation from Beijing, sources say
• Risky Bulletin: Cambodia promises to dismantle scam networks by April - Risky Business Media
• Age of the ‘scam state’: how an illicit, multibillion-dollar industry has taken root in south-east Asia | Cybercrime | The Guardian
• Critical flaw in BeyondTrust Remote Support sees early signs of exploitation | Cybersecurity Dive
• CISA Navigates DHS Shutdown With Reduced Staff - SecurityWeek
• Kimwolf Botnet Swamps Anonymity Network I2P – Krebs on Security
• BADIIS to the Bone: New Insights to a Global SEO Poisoning Campaign — Elastic Security Labs
• Over 500,000 VKontakte accounts hijacked through malicious Chrome extensions | The Record from Recorded Future News
• Password managers' promise that they can't see your vaults isn't always true - Ars Technica
• Zero Knowledge (About) Encryption: A Comparative Security Analysis of Three Cloud-based Password Managers
• Google finds state-sponsored hackers use AI at 'all stages' of attack cycle | CyberScoop
• Google: Gemini hit with 100,000+ prompts in cloning attempt
• Proofpoint acquires Acuvity to tackle the security risks of agentic AI | CyberScoop
• Cisco Redefines Security for the Agentic Era with AI Defense Expansion and AI-Aware SASE
• Sophos Acquires Arco Cyber to Bring CISO-Level, Agentic AI-Powered Expertise to Every Organization
• Dave Kennedy on X: "Regarding this, there was a couple questions on does the pacemaker continue to advertise - most BLE implantable devices go into a sleep type mode. In this case, we are lucky - it does not. We know based on law enforcement answers that she is using a more modern pacemaker with" / X
• Clash Report on X: "BIG: Dutch Defence Minister Gijs Tuinman hints that software independence is possible for F-35 jets. He literally said you can “jailbreak” an F-35. When asked if Europe can modify it without US approval: “That’s not the point… we’ll see whether the Americans will show https://t.co/f11cGvtYsO" / X
• Dutch police arrest man who refused to delete confidential files shared by mistake | The Record from Recorded Future News