Risky Business #821 -- Wiz researchers could have owned every AWS customer
Risky Business #821 -- Wiz researchers could have owned every AWS customer  
Podcast: Risky Business
Published On: Wed Jan 21 2026
Description: In this week’s show, Patrick Gray and Adam Boileau discuss the week’s cybersecurity news, joined by a special guest. BBC World Cyber Correspondent Joe Tidy is a long time listener and he pops in for a ride-along in the news segment plus a chat about his new book. This week news includes: Did the US cyber Venezuela’s power grid, or do they just want us to think they coulda? US govt might boycott the RSAC Conference ‘cause Jen Easterly being CEO makes them mad MS Patch Tuesday fixes CVSS5.5 bug and … stops you shutting down Wiz pulls off cloud stunt hack that ends with control of everyone’s AWS console Millions of Bluetooth devices that use Google’s Fast Pairing will pair with anyone, any time GNU inet-tools’ telnetd parties like it’s 2007, and brings -f root unauthed remote login back Thinkst is this week’s sponsor, and long time friend of the show Haroon Meer joins. As always they’re polishing their Canary tokens - adding breadcrumbs to lead you to them - but they’re also a bunch of giant nerds who now run South Africa’s Computer Olympiad. This episode is also available on Youtube. Show notes Cyberattack in Venezuela Demonstrated Precision of U.S. Capabilities - The New York Times Why I’m withholding certainty that “precise” US cyber-op disrupted Venezuelan electricity - Ars Technica Layered Ambiguity: US Cyber Capabilities in the Raid to Extract Maduro from Venezuela | Royal United Services Institute Former CISA Director Jen Easterly Will Lead RSAC Conference | WIRED Trump officials consider skipping premier cyber conference after Biden-era cyber leader named CEO - Nextgov/FCW Federal agencies ordered to patch Microsoft Desktop Windows Manager bug | The Record from Recorded Future News Windows 11 shutdown bug forces Microsoft into damage control • The Register CodeBreach: Supply Chain Vuln & AWS CodeBuild Misconfig | Wiz Blog Critical flaw in AWS Console risked compromise of build environment | Cybersecurity Dive Never-before-seen Linux malware is “far more advanced than typical” - Ars Technica VoidLink: Evidence That the Era of Advanced AI-Generated Malware Has Begun - Check Point Research Hundreds of Millions of Audio Devices Need a Patch to Prevent Wireless Hacking and Tracking | WIRED Critical flaw in Fortinet FortiSIEM targeted in exploitation threat | Cybersecurity Dive CVE-2025-64155: 3 Years of Remotely Rooting the FortiSIEM A single click mounted a covert, multistage attack against Copilot - Ars Technica Police raid homes of alleged Black Basta hackers, hunt suspected Russian ringleader | The Record from Recorded Future News Jordanian initial access broker pleads guilty to helping target 50 companies | The Record from Recorded Future News Supreme Court hacker posted stolen government data on Instagram | TechCrunch oss-sec: GNU InetUtils Security Advisory: remote authentication by-pass in telnetd How crypto criminals stole $700 million from people - often using age-old tricks Ctrl + Alt + Chaos: How Teenage Hackers Hijack the Internet