Risky Bulletin

Cambodia vows to dismantle cyber scam compounds by April after raids and arrests. CISA pushes the OpenEOX standard amid staffing concerns. Linux, macOS and Windows add post‑quantum signature support. Reports say attribution was softened in an APT report to avoid fallout. A range of breaches, malware botnets and vulnerabilities get spotlighted.

Todd Beardsley, VP of Security at RunZero and former operator of CISA’s KEV catalog, discusses Kevology and filtering KEV for real exploitability. He covers limitations of one-size mandates, signals used to find truly exploitable RCEs, prioritizing end-of-life systems, and why some exposures need operational fixes rather than patches.

A malware developer faked his own death to dodge law enforcement. Apple patched a dynamic linker zero-day tied to targeted attacks. Researchers caught the first malicious Outlook add-in hijack. Tianfu Cup returned using AI to find zero-days. Major platforms faced government blocks and data breach fallout across Europe.

Tom Uren, policy and intelligence editor and author of the Seriously Risky Biz newsletter, analyzes Microsoft’s leadership shift toward selling security products rather than building them. He explores China’s Expedition Cloud cyber range that mimics neighboring infrastructure. He also discusses the surprising scale of cyber’s role in US strikes on Iranian nuclear facilities.

A China-linked campaign that compromised all major Singapore telcos is discussed. New Windows 11 security options and Intel confidential computing updates are covered. A large stalkerware data leak and GRU information warfare unit mapping by researchers are highlighted. Other items include Discord age checks, FTC warnings to data brokers, and multinational cybercrime arrests.

A fast-paced talk about a short-seller’s claim that consumer networking gear reached frontline units and how markets reacted. They explore why convenience often wins over security and which groups face the biggest risks. Conversation covers ransomware as a real incentive to improve, limits of bug bounties, telco reforms for officials, and why insecurity is a systemic outcome rather than a moral failing.

A software vendor is compromised through flaws in its own product. European agencies are hit using recent zero-days. A Signal pairing phishing campaign is linked to a state actor targeting Germany. Massive data extortion claims and large ransomware costs make headlines. AI skill uploads trigger new malware scanning measures.

Dan Guido, CEO of Trail of Bits and cybersecurity leader applying AI to security engineering. He explains reorganizing the firm to be AI-native and publishing Claude skills. He describes teaching LLMs operational guidance, automating reviews and verifiers, and scaling AI-driven workflows to speed testing, audits, and CI.

Denmark is recruiting hackers for a five-month offensive cyber academy with minimal prerequisites. CISA orders agencies to inventory and retire unsupported edge devices within a year. A contractor sold Coinbase user data and was dismissed. Microsoft names a new top security executive. Reports cover cloud-targeting groups, high-value scams, and large data exposures.

Tom Uren, policy and intelligence editor and author of the Seriously Risky Business newsletter, unpacks Google’s takedown of the IPIDEA residential proxy network. He also covers SpaceX’s swift fixes after Starlink was adapted for long-range drone guidance. The conversation spotlights private-sector disruption, faster legal takedowns, and why corporate pressure matters.