In this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news, including:

• FBI intervenes in Scattered Spider Salesforce leaksite


• Clop loots Oracle E-Biz deployments


• Plus so much more data extortion.. At least it’s not ransomware … we guess?


• The US still can’t decide who’s gonna be in charge of NSA & Cybercom


• Cambodian scam compounds get sanctioned and $15b in crypto is seized


• NSO gets sold for pocket-lint-grade money


• Bugs! Redis CVSS 10, Ivanti, Crowdstrike and… Internet Explorer?! zeroday?! In the wild?!!!?

This week’s episode is sponsored by Stairwell. Founder Mike Wiacek talks about how Stairwell brings VirusTotal-like visibility to private files, and about integrating the insights that brings into your SOC workflow.

This episode is also available on Youtube.

Show notes

• FBI takedown banner appears on BreachForums site as Scattered Spider promotes leak | The Record from Recorded Future News



• Dozens of Oracle customers impacted by Clop data theft for extortion campaign | CyberScoop



• Well, Well, Well. It’s Another Day. (Oracle E-Business Suite Pre-Auth RCE Chain - CVE-2025-61882)



• Clop is a Big Fish, But Not Worth Hunting - Risky Business Media



• ShinyHunters Wage Broad Corporate Extortion Spree – Krebs on Security



• The company Discord blamed for its recent breach says it wasn't hacked



• Qantas confirms cybercriminals released stolen customer data | The Record from Recorded Future News



• Red Hat confirms breach of GitLab instance, which stored company’s consulting data | CyberScoop



• Risky Bulletin: Microsoft revamps Edge's "IE Mode" after zero-day attacks - Risky Business Media



• Teenagers arrested in England over cyberattack on nursery chain Kido | The Record from Recorded Future News



• Acting US Cyber Command, NSA chief won’t be nominated for the job, sources say | The Record from Recorded Future News



• Layoffs, reassignments further deplete CISA | Cybersecurity Dive



• Trump’s scandalous directive to AG Pam Bondi reached the public by accident



• Feds sanction Cambodian conglomerate over cyber scams, seize $15 billion from chairman | The Record from Recorded Future News



• US Congress committee investigating Musk-owned Starlink over Myanmar scam centres | Myanmar | The Guardian



• Satellites Are Leaking the World’s Secrets: Calls, Texts, Military and Corporate Data | WIRED



• Netherlands invokes special powers against Chinese-owned semiconductor company Nexperia | The Record from Recorded Future News



• Spyware maker NSO Group confirms acquisition by US investors | TechCrunch



• Apple Announces $2 Million Bug Bounty Reward for the Most Dangerous Exploits | WIRED



• Wiz Finds Critical Redis RCE Vulnerability: CVE‑2025‑49844 | Wiz Blog



• SonicWall admits attacker accessed all customer firewall configurations stored on cloud portal | CyberScoop



• SonicWall SSLVPN devices compromised using valid credentials | Cybersecurity Dive



• Issues Affecting CrowdStrike Falcon Sensor for Windows



• ZDI Drops 13 Unpatched Ivanti Endpoint Manager Vulnerabilities - SecurityWeek



• Jaguar Land Rover launches phased restart at factories after cyber-attack | Jaguar Land Rover | The Guardian



• Windows 10 support ends today — here's who's affected and what you need to do