Best Wreak Havoc Productions Podcasts (2025)

Jeremy Neufeld (Institute for Progress) discusses how our immigration system works, why high-skilled immigrants are so important to the tech sector, what’s wrong with the Trump administration’s H-1B reforms, why America is so complacent about competing for global talent, and more. Links: Trump’s H-1B Changes Won’t Work Talent Recruitment Roulette: …

1
Risky Business #809 -- Hackers try to pay a journalist for access to the BBC 39:28

Play Pause

7d ago39:28

39:28

On this week’s show Patrick Gray is on holiday so Amberleigh Jack and Adam Boileau hijack the studio to discuss the week’s cybersecurity news, including: Hackers learn that trying to coerce a journalist just makes for … a great story? A man in his 40s gets arrested over the European airport chaos. Yep, we’re surprised, too. Adam fanboys over Watcht…

1
419: Do Tech Optimists Have a Party? 50:04

18d ago50:04

50:04

Adam Kovacevich (Chamber of Progress) discusses the populist / anti-tech turn in politics, and what can be done about it. Topics include: How did we get here? Tech optimists: There are dozens of us! Beware ThE gROupS If there’s a crisis, maybe act like it? Duct tape and bubble gum The great relearning We’re so doomed We’re so not doomed Links: Tech…

1
Risky Business #808 -- Insane megabug in Entra left all tenants exposed 52:37

14d ago52:37

52:37

On this week’s show Patrick Gray and special guest Rob Joyce discuss the week’s cybersecurity news, including: Secret Service raids a SIM farm in New York MI6 launches a dark web portal Are the 2023 Scattered Spider kids finally getting their comeuppance? Production halt continues for Jaguar Land Rover GitHub tightens its security after Shai-Hulud …

1
Risky Business #807 -- Shai-Hulud npm worm wreaks old-school havoc 53:19

21d ago53:19

53:19

On this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news, including: Shai-Hulud worm propagates via npm and steals credentials Jaguar Land Rover attack may put smaller suppliers out of business Leaked data emerges from the vendor behind the Great Firewall of China Vastaamo hacker walks free while appeal is underway Wh…

1
418: Algorithms, AI, and Product Liability 1:02:34

27d ago1:02:34

1:02:34

Ari Cohn (FIRE) and Tom Kurland (Patterson Belknap) discuss the spate of product-liability lawsuits against social-media and AI companies. Topics include: A tort law primer The ballad of Helen Palsgraf Causation, shmausation Speech =/= product Ideas are powerful. (That’s the point!) “Addiction.” You keep using that word … ♪ Junk science ♪ AI, suici…

1
Risky Biz Soap Box: runZero shakes up vulnerability management 34:17

25d ago34:17

34:17

In this sponsored Soap Box edition of the Risky Business podcast, industry legend HD Moore joins the show to talk about runZero’s major push into vulnerability management. With its new Nuclei integration, runZero is now able to get a very accurate picture of what’s vulnerable in your environment, without spraying highly privileged credentials at at…

1
Risky Business #806 -- Apple's Memory Integrity Enforcement is a big deal 51:42

28d ago51:42

51:42

On this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news, including: Apple ruins exploit developers’ week with fresh memory corruption mitigations Feross Aboukhadijeh drops by to talk about the big, dumb npm supply chain attack Salesloft says its GitHub was the initial entry point for its compromise Sitecore says peop…

1
Snake Oilers: Nebulock, Vali Cyber and Cape 46:33

1M ago46:33

46:33

In this edition of the Snake Oilers podcasts, three vendors pop in to pitch you all on their wares: Automated, AI-powered threat hunting with Nebulock Damien Lewke from Nebulock joins the show to talk about how its agentic AI platform can surface attacker activity out of all those “low” and “informational” findings your detection team doesn’t have …

1
417: Free Speech Coalition v. Paxton Is Wreaking Havoc 49:10

1M ago49:10

49:10

Host Corbin Barthold (TechFreedom) discusses why Free Speech Coalition v. Paxton is wrong, how it muddies First Amendment law, and how it is already causing wider harm. Topics include: FSC v. Paxton: a result-oriented ruling A credulous court PoRn iS sCArY Ashcroft v. ACLU is sitting right there! tEcH Is ScARy RIP First Amendment 101 The porn-to-so…

1
Risky Business #805 -- On the Salesloft Drift breach and "OAuth soup" 1:01:55

1M ago1:01:55

1:01:55

On this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news, including: The Salesloft breach and why OAuth soup is a problem The Salt Typhoon telco hackers turn out to be Chinese private sector, but state-directed Google says it will stand up a “disruption unit” Microsoft writes up a ransomware gang that’s all-in on the …

1
Risky Business #804 -- Phrack's DPRK hacker is probably a Chinese APT guy 53:32

1M ago53:32

53:32

On this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news, including: Australia expels Iranian ambassador Hackers sabotage Iranian shipping satcoms APT hacker got doxxed in Phrack. Kind of. They’re probably Chinese, not DPRK? Trail of Bits uses image-downscaling to sneak prompts into Google Gemini The Com’s King Bob ge…

1
416: Britain Censors the Internet (and More) 53:22

2M ago53:22

53:22

Shoshana Weissmann (R Street) discusses the disastrous Online Safety Act, the growth of censorship in the UK, and more. Topics include: Protect the children, they said . . . The SpongeBob videos must stop Solve problems? Or just shut people up? How dare you comply with our law! Age verification in practice Peter Kyle: polite demagogue Let’s kill KO…

1
Wide World of Cyber: Microsoft's China Entanglement 45:43

1M ago45:43

45:43

The Wide World of Cyber podcast is back! In this episode host Patrick Gray chats with Alex Stamos and Chris Krebs about Microsoft’s entanglement in China. Redmond has been using Chinese engineers to do everything from remotely support US DoD private cloud systems to maintain the on premise version of the SharePoint code base. It’s all blown up in t…

1
Risky Business #803 -- Oracle's CSO Mary Ann Davidson quietly departs 58:28

2M ago58:28

58:28

On this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news, including: Oracle’s long term CSO departs, and we’re not that sad about it Canada’s House of Commons gets popped through a Microsoft bug Russia degrades voice calls via Whatsapp and Telegram to push people towards Max South-East Asian scam compounds are also be…

1
Risky Biz Soap Box: How to measure vulnerability reachability 35:48

2M ago35:48

35:48

In this Soap Box edition of the Risky Business podcast Patrick Gray chats with Socket founder Feross Aboukhadijeh about how to measure the reachability of vulnerabilities in applications. It’s great to know there’s a CVE in a library you’re using, but it’s even better if you can say whether or not that vulnerability actually impacts your applicatio…

1
From the Vault: Revising Section 230 Will Silence Marginalized Voices 26:15

2M ago26:15

26:15

From November 8, 2020 (Episode 279): Billy Easley sits down with former host Ashkhen Kazaryan. They remind us of the value of the free and open Internet. Links: Revising the Law That Lets Platforms Moderate Content Will Silence Marginalized Voices Free Speech and Tech Policy at the US Supreme Court, 2025 (AEI Event)…

1
Risky Business #802 -- Accessing internal Microsoft apps with your Hotmail creds 1:00:00

2M ago1:00:00

1:00:00

On this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news, including: CISA warns about the path from on-prem Exchange to the cloud Microsoft awards a crisp zero dollar bill for a report about what a mess its internal Entra-authed apps are Everyone and their dog seems to have a shell in US Federal Court information syst…

1
Risky Business #801 -- AI models can hack well now and it's weirding us out 1:06:01

2M ago1:06:01

1:06:01

On this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news. Google security engineering VP Heather Adkins drops by to talk about their AI bug hunter, and Risky Business producer Amberleigh Jack makes her main show debut. This episode explores the rise of AI-powered bug hunting: Google’s Project Zero and Deepmind team up…

1
415: The State of AI Regulation 53:05

2M ago53:05

53:05

Matt Perault (a16z) joins Corbin Barthold (TechFreedom) for a wide-ranging discussion of AI bills, AI laws, and AI vibes. Part of the WLF-TechFreedom Tech in the Courts webinar series. Topics include: Why did the AI moratorium die? Activity in the states Regulate outcomes, not models? Next steps in Congress “Transparency”: so hot right now The AI p…

1
Soap Box: Why AI can't fix bad security products 37:11

2M ago37:11

37:11

In this Soap Box edition of the show Patrick Gray chats with the CEO of email security company Sublime Security, Josh Kamdjou. They talk about where AI is useful, where it isn’t, and why AI can’t save vendors from their bad product design choices. This episode is also available on Youtube. Show notes…

1
Risky Business #800 — The SharePoint bug may have leaked from Microsoft MAPP 53:37

2M ago53:37

53:37

On this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news: Did the SharePoint bug leak out of the Microsoft MAPP program? Expel retracts its FIDO bypass writeup The mess surrounding the women-only dating-safety app Tea gets worse Broadcom customers struggle to get patches for VMWare hypervisor escapes Aeroflot gets hac…

1
Risky Business #799 -- Everyone's Sharepoint gets shelled 1:13:55

3M ago1:13:55

1:13:55

Risky Biz returns after two weeks off, and there sure is cybersecurity news to catch up on. Patrick Gray and Adam Boileau discuss: Microsoft tried to make outsourcing the Pentagon’s cloud maintenance to China okay (it was not) She shells Sharepoint by the sea-shore (by ‘she’ we mean ‘China’) Four (alleged) Scattered Spider members arrested (and bai…

1
414: Beware the Butlerian Jihad 1:05:16

3M ago1:05:16

1:05:16

Our host, Corbin Barthold, heads over to So to Speak: The Free Speech Podcast. He talks with Nico Perrino and Ari Cohn of FIRE about the death of the AI moratorium, a bogus wrongful death lawsuit against Character AI, the FTC’s campaign of censorship against ad agencies, and the absurdities of Europe’s Digital Services Act. Links: Shownotes, courte…

1
Risky Biz Soap Box: Prowler, the open cloud security platform 32:08

3M ago32:08

32:08

In this sponsored Soap Box edition of the Risky Business podcast Patrick Gray chats with Toni de la Fuente, founder of open source multi-cloud security product Prowler. Toni explains how Prowler came to be, and how its journey followed his own learning about the cloud. The pair also discuss Prowler’s successful transition from an open-source projec…

1
413: AI: Things Are About to Get Weird 59:19

3M ago59:19

59:19

Richard Morrison (Competitive Enterprise Institute) joins the show for a Big Picture Episode on how AI could affect art, culture, and politics. Topics include: Take your Zyn and LSD Don’t rock out to this AI band What is AI slop? (What is art?!) Cultural elites hardest hit A brief history of tech panics Ban the prompt theory! The AI civil rights mo…

1
Risky Business #798 -- Mexican cartel surveilled the FBI to identify, kill witnesses 1:02:19

3M ago1:02:19

1:02:19

On this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news: Australian airline Qantas looks like it got a Scattered Spider-ing Microsoft works towards blunting the next CrowdStrike disaster Changes are coming for Microsoft’s default enterprise app consenting setup Synology downplays hardcoded passwords for its M365 clou…

1
412: NASA: Lost in Space? 56:35

3M ago56:35

56:35

TechFreedom’s Jim Dunstan and Corbin Barthold discuss the NASA administrator vacancy, the Artemis program, the NASA budget, SpaceX and Blue Origin, the moon and Mars, the FAA and NEPA, space regulatory sandboxes, and more. Links: “A Blueprint to Launch”: Regulatory Sandboxes for Outer Space Roadster location in space Tech Policy Podcast 372: Spaces…

1
Risky Business #797 -- Stuxnet vs Massive Ordnance Penetrators 1:02:16

4M ago1:02:16

1:02:16

On this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news: We roll our eyes over the “16 billion credentials” leak hitting mainstream news Some interesting cyber angles emerge from the conflict in Iran Opensource maintainer of libxml2 is fed up with this hacker crap Shockingly, there are yet more ways to trick people i…

1
411: Live: (Fired?) FTC Commissioners Slaughter & Bedoya 1:03:45

4M ago1:03:45

1:03:45

FTC commissioners Rebecca Slaughter, Alvaro Bedoya, and Bill Kovacic speak with hosts Bilal Sayyed and Jessica Melugin at the 2025 TechFreedom / CEI Policy Summit: Constitutional Limits of FTC, FCC & DOJ Interference in Media and Speech. Links: Constitutional Limits of FTC, FCC and DOJ | Day 1 Constitutional Limits of FTC, FCC and DOJ | Day 2 SCOTU…

1
Risky Business #796 -- With special guest co-host Chris Krebs 1:01:04

4M ago1:01:04

1:01:04

On this week’s show Patrick Gray and Adam Boileau are joined by special guest Chris Krebs to discuss the week’s cybersecurity news. They talk through: Israeli “hacktivists” take out an Iranian state-owned bank Scattered-spider and friends pivot into attacking insurers Securing identities in a cloud-first world keeps us awake at night Microsoft take…

1
Soap Box: AI has entered the SOC, and it ain't going anywhere 30:58

4M ago30:58

30:58

In this sponsored Soap Box edition of the Risky Business podcast Patrick Gray chats with Dropzone AI founder Ed Wu about the role of LLMs in the SOC. The debate about whether AI agents are going to wind up in the SOC is over, they’ve already arrived. But what are they good for? What are they NOT good for? And where else will we see AI popping up in…

1
410: The FTC and Online Speech: What’s Next? 49:13

4M ago49:13

49:13

Maneesha Mithal (Wilson Sonsini) discusses the FTC’s investigation of social media companies. What’s going on behind the scenes? What’s the FTC likely to do now? How can platforms prepare? How much damage to the First Amendment can the FTC inflict? We cover all this and more. Links: Tech Policy Podcast 409: The FTC’s Quixotic Social Media Inquiry T…

1
Risky Business #795 -- How The Com is hacking Salesforce tenants 1:07:34

4M ago1:07:34

1:07:34

On this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news: New York Times gets a little stolen Russian FSB data as a treat iVerify spots possible evidence of iOS exploitation against the Harris-Walz campaign Researcher figures out a trick to get Google account holders’ full names and phone numbers Major US food distrib…

1
Risky Business #794 -- Psychic Panda outgunned by Fluffy Lizard and UNC56728242 58:22

4M ago58:22

58:22

On this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news: Cyber firms agree to deconflict and cross-reference hacker group names Russian nuclear facility blueprints gathered from public procurement websites Someone audio deepfaked the White House Chief of Staff, but for the dumbest reasons Germany identifies the Trick…

1
409: The FTC’s Quixotic Social Media Inquiry 57:48

4M ago57:48

57:48

Mike Masnick (Techdirt) and Santana Boulton (TechFreedom) discuss the FTC’s “Inquiry on Tech Censorship.” Topics include: What are we doing here? The myth surrounding Hunter Biden’s laptop Does the FTC know how terms of service work? Does the FTC know how cartels work? Content moderation is pro-free speech Jawboning on steroids Links: Copia Institu…

1
Risky Business #793 -- Scattered Spider is hijacking MX records 1:04:52

5M ago1:04:52

1:04:52

In this week’s edition of Risky Business Dmitri Alperovitch and Adam Boileau join Patrick Gray to talk through the week’s news, including: EXCLUSIVE: A Scattered Spider-style crew is hijacking DNS MX entries and compromising enterprises within minutes The SVG format brings the all horrors of HTML+JS to image files, and attackers have noticed Brian …

1
408: Live: FCC Commissioner Anna Gomez 44:30

5M ago44:30

44:30

FCC Commissioner Anna Gomez speaks with TechFreedom President Berin Szóka at the 2025 TechFreedom / CEI Policy Forum: Constitutional Limits on FTC, FCC, and DOJ Interference in Media and Speech. Topics include: Nice broadcast license. Would be a pity if … Section 230 is good, actually Agency independence is good, actually How do you litigate regula…

1
Risky Business #792 -- Beware, Coinbase users. Crypto thieves are taking fingers now 53:01

5M ago53:01

53:01

On this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news: TeleMessage memory dumps show up on DDoSecrets Coinbase contractor bribed to hand over user data Telegram does seem to be actually cooperating with law enforcement Britain’s legal aid service gets 15 years worth of applicant data stolen Shocking no one, Ivanti …

1
Risky Biz Soap Box: Push Security's browser-first twist on identity security 34:24

5M ago34:24

34:24

In this wholly sponsored Soap Box edition of the show, Patrick Gray chats with Adam Bateman and Luke Jennings from Push Security. Push has built an identity security platform that collects identity information and events from your users’ browsers. It can detect phish kits and shut down phishing attempts, protect SSO credentials, and find shadow/per…

1
407: Google Search Antitrust Remedies 50:16

5M ago50:16

50:16

Vidushi Dyall (Chamber of Progress) discusses the remedies phase of the Google search antitrust trial. Will Judge Mehta order Google to sell Chrome? To license its search data? To stop paying Apple for default status? And: With AI advancing rapidly, why are we talking about any of this? Sorry about Corbin’s sound quality! He’ll be back in front of …

1
Risky Business #791 -- Woof! Copilot for Sharepoint coughs up creds and keys 57:52

5M ago57:52

57:52

On this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news: Struggling to find that pesky passwords.xlsx in Sharepoint? Copilot has your back! The ransomware ecosystem is finding life a bit tough lately SAP Netweaver bug being used by Chinese APT crew Academics keep just keep finding CPU side-channel attacks And of cour…

1
Wide World of Cyber: How state adversaries attack security vendors 52:42

5M ago52:42

52:42

In this edition of the Wide World of Cyber podcast Patrick Gray talks to SentinelOne’s Steve Stone and Alex Stamos about how foreign adversaries are targeting security vendors, including them. From North Korean IT workers to Chinese supply chain attacks, SentinelOne and its competitors are constantly fending off sophisticated hacking campaigns. Thi…

1
406: The Take It Down Act (Is a Weapon) 56:21

5M ago56:21

56:21

Jess Miers (Akron Law) discusses the problems with the Take It Down Act—the federal bill that (ostensibly) targets non-consensual intimate imagery. Topics include: What does Take It Down (claim) to do? FFS, enforce the laws you have! “Sexually explicit content” (in a normal world) Brendan Carr is a preview of things to come Amy Klobuchar is asleep …

1
Risky Business #790 -- Bye bye Signal-gate, hello TeleMessage-gate 56:12

5M ago56:12

56:12

On this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news: White House’s off-brand Israeli Signal fork logs cleartext messages with hard coded creds while getting hacked (twice). Just … Wow. Ransomware attacks on UK retailers are linked, and Marks & Spencer has it extra bad After six years dormant, a Magento eCommerce …

1
BONUS INTERVIEW: Senator Mark Warner on Signalgate, Volt Typhoon and tariffs 49:44

5M ago49:44

49:44

In this extended interview the Vice Chair of the Senate Select Committee on Intelligence, Senator Mark Warner, joins Risky Business host Patrick Gray to talk about: The latest developments in the Signalgate scandal Why America needs to be more aggressive in responding to Volt Typhoon How tariffs are affecting American alliances Why the Five Eyes al…

1
405: No, Internet Age Verification Has Not Been “Solved” 49:21

6M ago49:21

49:21

Eric Goldman (Santa Clara Law) discusses his new paper, “The ‘Segregate-and-Suppress’ Approach to Regulating Child Safety Online.” Topics include: The many kinds of online age-verification law Age verification as an information problem Fancy tech as deus ex machina Data collection today; state surveillance tomorrow What about devices and app stores…

1
Risky Business #789 -- Apple's AirPlay vulns are surprisingly awful 1:02:31

5M ago1:02:31

1:02:31

On this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news: British retail stalwart Marks & Spencer gets cybered South Korean telco sets out to replace all its subscriber SIMs after (we assume) it lost the keymat It’s a good exploit week! Bugs in Apple Airplay, SAP webservers, Erlang SSH and CommVault backups Juice jack…

1
Snake Oilers: LimaCharlie, Honeywell Cyber Insights, CobaltStrike and Outflank 38:50

6M ago38:50

38:50

In this edition of the Snake Oilers podcast, three sponsors come along to pitch their products: LimaCharlie: A public cloud for SecOps Honeywell Cyber Insights: An OT security/discovery solution Fortra’s CobaltStrike and Outflank: Security tooling for red teamers This episode is also available on Youtube. Show notes…