• Risky Business #784 -- GitHub supply chain attack steals secrets from 23k projects

  • Mar 19 2025
  • Length: 57 mins
  • Podcast

Risky Business #784 -- GitHub supply chain attack steals secrets from 23k projects

Listen for free

View show details

  • Summary

  • On this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news: Github Actions supply chain attack loots keys and secrets from 23k projectsWhy a VC fund now owns a minority stake in Risky Business Media (!?!?)China doxes Taiwanese military hackersMicrosoft thinks .lnk file whitespace trick isn’t worth patching but APTs sure love itCISA delivers government efficiency by re-hiring fired staff… to put them on paid leave…and Google acquires Wiz for $32bn This week’s show is sponsored by Zero Networks, and they have sent along a happy customer to talk about their experience. Aaron Steinke is Head of Infrastructure at La Trobe Financial, an asset management firm in Australia. Aaron talks through bringing modern zero-trust goodness to the reality of a technology environment that’s been around 40 years. This episode is also available on Youtube. Show notes Risky Bulletin: GitHub supply chain attack prints everyone's secrets in build logs - Risky Business MediaChina says Taiwan's military is behind PoisonIvy APTChina identifies Taiwanese hackers allegedly behind cyberattacks and espionage | The Record from Recorded Future NewsCrypto exchange OKX shuts down tool used by North Korean hackers to launder stolen funds | The Record from Recorded Future NewsLazarus Group deceives developers with 6 new malicious npm packages | CyberScoopPoisoned Windows shortcuts found to be a favorite of Chinese, Russian, N. Korean state hackers | The Record from Recorded Future News'Mora_001' ransomware gang exploiting Fortinet bug spotlighted by CISA in January | The Record from Recorded Future NewsBlack Basta uses brute-forcing tool to attack edge devices | Cybersecurity DiveAlleged Russian LockBit developer extradited from Israel, appears in New Jersey court | The Record from Recorded Future NewsCISA works to contact probationary employees for reinstatement after court order - Nextgov/FCW‘People Are Scared’: Inside CISA as It Reels From Trump’s Purge | WIREDThe Wiretap: CISA Staff Are Cautiously Optimistic About Trump’s Pick For DirectorWhite House instructs agencies to avoid firing cybersecurity staff, email says | ReutersSignal no longer cooperating with Ukraine on Russian cyberthreats, official says | The Record from Recorded Future NewsTelegram CEO Pavel Durov allowed to leave France amid investigationAppellate court upholds sentence for former Uber cyber executive Joe Sullivan | The Record from Recorded Future NewsGoogle buys cloud security provider Wiz for $32 billion | The Record from Recorded Future NewsPat Gray, Founder of Risky Business, Joins Decibel as Founder Advisor - Decibel
    Show more Show less
Show more Show less
adbl_web_global_use_to_activate_webcro768_stickypopup

What listeners say about Risky Business #784 -- GitHub supply chain attack steals secrets from 23k projects

Average customer ratings

Reviews - Please select the tabs below to change the source of reviews.

Audible.com reviews

Amazon reviews
No Reviews are Available