Risky Bulletin: In the age of AI, CISA changes federal patching rules
In other news: House Republican hacked by Russia; ShinyHunters gets a new zero-day; npm to block auto-run install scripts by default.
Srsly Risky Biz: Europe Wants To Wean Itself Off US Tech
Your weekly dose of Seriously Risky Business news is written by Tom Uren and edited by Amberleigh Jack. This week's edition is sponsored by SpectreOps. You can hear a podcast discussion of this newsletter by searching for "Risky Business News" in your podcatcher or subscribing via
Risky Bulletin: Meta says NSO violated court order with new campaign targeting WhatsApp
In other news: Security incident at France's Tchap messenger; Putin cuts some Kremlin security cameras; Russia bans foreign login services.
Risky Bulletin: RubyGems adds dependency cooldowns to counter supply chain attacks
In other news: AT&T and IBM accused of hiding foreign hacks; Cisco warns of a new SD-WAN zero-day; Google layoffs hit security teams.
Risky Bulletin: The EU debuts digital sovereignty plan
In other news: American law firm pays a $20m ransom; authorities take down millions of email and social media scam accounts; new HTTP/2 Bomb attack.
Srsly Risky Biz: NATO's Cyber Approach Needs Change
Your weekly dose of Seriously Risky Business news is written by Tom Uren and edited by Amberleigh Jack. This week's edition is sponsored by Truffle Security. You can hear a podcast discussion of this newsletter by searching for "Risky Business News" in your podcatcher or subscribing
Risky Bulletin: A tenth of all new domains last year were malicious
In other news: Hackers hijack Instagram accounts with Meta's own AI; FSB unmasks Western spyware plot; Red Hat npm packages compromised.
Risky Bulletin: Russia greatly expands SORM surveillance requirements
In other news: NIST is looking for new PQC algorithms; ENSOC launches in Europe; new PAN firewall bug exploited in the wild.
Risky Bulletin: Dutch police take down giant botnet of 17 million devices
In other news: US military staff tracked with adtech location data; Google engineer arrested for Polymarket bets; unpatched bugs in Gogs and Casdoor IAM.
Risky Bulletin: BadHost vulnerability bypasses authentication on AI infrastructure
In other news: Hackers breach Lithuania's state registry; security firms take down Glassworm botnet; CERT India releases strict patching guideline.
Risky Bulletin: Mythos found thousands of critical bugs
In other news: Hackers breach Russia's SDA disinfo group; GitHub rolls out new npm security features; bulletproof hosting providers raided in the Netherlands.
Risky Bulletin: Microsoft ends SMS MFA for personal accounts
In other news: GitHub hacked via VS Code extension; CISA to let researchers submit new KEV entries; SMS blaster detained at Eurovision.