On this week’s show, Patrick Gray and James Wilson are joined by special guest co-host Brad Arkin. They discuss the week’s cybersecurity news, including: The US Government says we just have to patch faster, but… Bugs in cPanel, MoveIt and all Linux distributions this week show that patching alone isn’t enough James gets mad about lame AI Agent adoption advice from the US and Australian Governments James Kettle and Niels Provos both showed us that any model can find 0day like Mythos And the cyber-assisted theft of cargo results in an astonishing loss of $725 million dollars This week’s show is sponsored by SpecterOps. Their CTO, Jared Atkinson, chats to Pat about the big changes in the threat landscape, brought about by AI, that are causing a pivot away from detection and remediation, and toward prevention. This episode is also available on Youtube.

Risky Business

Risky Business Media

Risky Business #836 -- You can't patch the bugpocalypse

MAY 6, 202661 MIN
Risky Business

Risky Business #836 -- You can't patch the bugpocalypse

MAY 6, 202661 MIN

Description

<p>On this week’s show, Patrick Gray and James Wilson are joined by special guest co-host Brad Arkin. They discuss the week’s cybersecurity news, including:</p> <ul> <li>The US Government says we just have to patch faster, but…</li> <li>Bugs in cPanel, MoveIt and all Linux distributions this week show that patching alone isn’t enough</li> <li>James gets mad about lame AI Agent adoption advice from the US and Australian Governments</li> <li>James Kettle and Niels Provos both showed us that any model can find 0day like Mythos</li> <li>And the cyber-assisted theft of cargo results in an astonishing loss of $725 million dollars</li> </ul> <p>This week’s show is sponsored by SpecterOps. Their CTO, Jared Atkinson, chats to Pat about the big changes in the threat landscape, brought about by AI, that are causing a pivot away from detection and remediation, and toward prevention.</p> <p>This episode is also available on <a href="https://youtu.be/FgNVxZHrtqw">Youtube</a>.</p> <h3 class="panel-title">Show notes</h3> <ul> <li><a href="https://www.reuters.com/legal/litigation/us-officials-weigh-cutting-deadlines-fix-digital-flaws-amid-worries-over-ai-2026-05-01/">Exclusive: US officials weigh cutting deadlines to fix digital flaws amid worries over AI-powered hacking, sources say | Reuters</a></li> <li><a href="https://therecord.media/british-cyber-ai-patch-wave">British cyber agency warns of looming ‘patch wave’ as AI speeds flaw discovery | The Record from Recorded Future News</a></li> <li><a href="https://therecord.media/cisa-orders-federal-agencies-to-patch-cpanel-bug">Federal agencies must patch cPanel bug by Sunday, CISA says | The Record from Recorded Future News</a></li> <li><a href="https://www.helpnetsecurity.com/2026/04/30/cpanel-zero-day-vulnerability-cve-2026-41940-exploited/#:~:text=Share-,cPanel%20zero%2Dday%20exploited%20for%20months%20before%20patch%20release%20(CVE,been%20abusing%20it%20even%20earlier.">cPanel zero-day exploited for months before patch release (CVE-2026-41940) - Help Net Security</a></li> <li><a href="https://arstechnica.com/security/2026/04/as-the-most-severe-linux-threat-in-years-surfaces-the-world-scrambles/">The most severe Linux threat to surface in years catches the world flat-footed - Ars Technica</a></li> <li><a href="https://www.cybersecuritydive.com/news/moveit-vulnerabilities-authentication-bypass-privilege-escalation/819187/">New MOVEit vulnerabilities prompt urgent patch warning | Cybersecurity Dive</a></li> <li><a href="https://www.cybersecuritydive.com/news/ai-agents-security-guidance-australia-us/819076/">US and allies urge ‘careful adoption’ of AI agents | Cybersecurity Dive</a></li> <li><a href="https://www.cyber.gov.au/sites/default/files/2026-05/careful_adoption_of_agentic_ai_services.pdf">careful_adoption_of_agentic_ai_services.pdf</a></li> <li><a href="https://www.cryptopolitan.com/user-tricked-grok-bankrbot-to-send-tokens/">User just tricked Grok and Bankrbot to send tokens with Morse code - Cryptopolitan</a></li> <li><a href="https://www.provos.org/p/finding-zero-days-with-any-model/">Finding Zero-Days with Any Model</a></li> <li><a href="https://www.youtube.com/watch?v=GdFG85oCWFI">(1872) Sponsored: James Kettle built an AI hacker - YouTube</a></li> <li><a href="https://risky.biz/RBFEATURES16/">Feature Interview: Nicholas Carlini, Anthropic - Risky Business Media</a></li> <li><a href="https://www.cybersecuritydive.com/news/trellix-investigating-breach-source-code-repository/819327/">Trellix investigating breach of source code repository | Cybersecurity Dive</a></li> <li><a href="https://securelist.com/tr/daemon-tools-backdoor/119654/">Popular DAEMON Tools software compromised | Securelist</a></li> <li><a href="https://www.huntress.com/blog/komari-c2-agent-abuse">Komari Red: The Monitoring Tool with a Built-in Reverse Shell | Huntress</a></li> <li><a href="https://therecord.media/hackers-earning-millions-from-hijacked-cargo-fbi">Hackers earning millions from hijacked cargo, FBI says | The Record from Recorded Future News</a></li> <li><a href="https://therecord.media/congress-punts-fisa-renewal-to-june">Congress punts FISA renewal to June | The Record from Recorded Future News</a></li> <li><a href="https://www.forbes.com/sites/the-wiretap/2026/05/05/apple-subpoena-and-car-bluetooth-help-cops-unmask-crypto-robber-suspect/">Cops Use Apple Data And Car Bluetooth To Identify Crypto Robbery Suspect</a></li> <li><a href="https://iapp.org/news/a/stewart-baker-outspoken-voice-on-cybersecurity-and-national-security-law-dies-at-78">Stewart Baker, outspoken voice on cybersecurity and national security law, dies at 78 | IAPP</a></li> </ul>