Risky Business #825 -- Palo Alto Networks Blames It on the Boogie

On this week’s show, Patrick Gray, Adam Boileau and James WIlson discuss the week’s cybersecurity news. They cover:

Palo Alto threat researchers want to attribute to China, but management says shush

An increasing proportion of ransomware is data extortion. Is this good?

Cambodia says it’s going to dismantle scam compounds

CISA sufferers through yet another shutdown

Google Gemini’s training secrets are being systematically harvested to improve other LLMs

Academics assess SaaS password managers’ resilience against a malicious server

This episode is sponsored by SSO-firewall integration vendor Knocknoc. Chief exec Adam Pointon joins to talk about the latest in defences… which is to say Knocknoc for Solaris/Sparc and HPUX on PA-RISC?! Okay also that other little known OS… Windows.

This episode is also available on Youtube.

Show notes

Data-only extortion grows as ransomware gangs seek better profits | Cybersecurity Dive

Arctic Wolf Threat Report 2026

Exclusive: Palo Alto chose not to tie China to hacking campaign for fear of retaliation from Beijing, sources say

Risky Bulletin: Cambodia promises to dismantle scam networks by April - Risky Business Media

Age of the ‘scam state’: how an illicit, multibillion-dollar industry has taken root in south-east Asia | Cybercrime | The Guardian

Critical flaw in BeyondTrust Remote Support sees early signs of exploitation | Cybersecurity Dive

CISA Navigates DHS Shutdown With Reduced Staff - SecurityWeek

Kimwolf Botnet Swamps Anonymity Network I2P – Krebs on Security

BADIIS to the Bone: New Insights to a Global SEO Poisoning Campaign — Elastic Security Labs

Over 500,000 VKontakte accounts hijacked through malicious Chrome extensions | The Record from Recorded Future News

Password managers' promise that they can't see your vaults isn't always true - Ars Technica

Zero Knowledge (About) Encryption: A Comparative Security Analysis of Three Cloud-based Password Managers

Google finds state-sponsored hackers use AI at 'all stages' of attack cycle | CyberScoop

Google: Gemini hit with 100,000+ prompts in cloning attempt

Proofpoint acquires Acuvity to tackle the security risks of agentic AI | CyberScoop

Cisco Redefines Security for the Agentic Era with AI Defense Expansion and AI-Aware SASE

Sophos Acquires Arco Cyber to Bring CISO-Level, Agentic AI-Powered Expertise to Every Organization

Dave Kennedy on X: "Regarding this, there was a couple questions on does the pacemaker continue to advertise - most BLE implantable devices go into a sleep type mode. In this case, we are lucky - it does not. We know based on law enforcement answers that she is using a more modern pacemaker with" / X

Clash Report on X: "BIG: Dutch Defence Minister Gijs Tuinman hints that software independence is possible for F-35 jets. He literally said you can “jailbreak” an F-35. When asked if Europe can modify it without US approval: “That’s not the point… we’ll see whether the Americans will show https://t.co/f11cGvtYsO" / X

Dutch police arrest man who refused to delete confidential files shared by mistake | The Record from Recorded Future News