In this edition of Between Two Nerds Tom Uren and The Grugq discuss the breakdown of cyber norms. What would have been an unthinkable cyber operation just a few years ago is now a regular occurrence.

This episode is also available on YouTube.

• Fast16 analysis by SentinelOne
• Fast16 malware
• Zero Day on the wiper targeting Venezuela's state oil company

DigiCert got hacked via a malicious screensaver file, two ransomware negotiators each get four years in prison, Trellix discloses a security breach, and another Russian hacker gets arrested while vacationing in the wrong place.

• Risky Bulletin: DigiCert hacked with a malicious screensaver file

In this sponsored interview, James Wilson talks with James Kettle and Daf Stuttard from PortSwigger about the incredible research James will unveil at Black Hat US this July, and how that research will be productised into Burp Suite. It shouldn’t be surprising that when James Kettle bolts an LLM into his research methodology that insanely dangerous things happen. This interview is a window into the future of AI-enabled hacking and security testing.

This interview is also available on YouTube.

The Copy Fail vulnerability impacts all Linux distros going back to 2017, hackers are exploiting a cPanel auth bypass, every Moldovan citizen has their data stolen, and some scam compounds got raided raided… in Dubai.

• Risky Bulletin: The mysterious hack of Moldova's healthcare database

Tom Uren and Amberleigh Jack talk about the US government stepping in to fight ‘distillation attacks’ by Chinese AI labs. These are methods used to steal the special sauce of frontier AI models simply by asking questions.

They also discuss the wide-spread shift amongst Chinese threat actors to using botnets for all aspects of their operations. It’s a problem for defenders, but also a disruption opportunity for authorities.

This episode is also available on YouTube.

Ukrainians hack Russian satellites, Vimeo is being extorted, Greece wants to ban anonymity on social media, and a Scattered Spider hacker was arrested in Finland.

• Risky Bulletin: UK NCSC blasts SOC metrics

In this edition of Between Two Nerds Tom Uren and The Grugq discuss what the North Korean hack of Drift can tell us about the future of hacking.

This episode is also available on YouTube.

• Drift Protocol incident update on X
• Cointelegraph coverage
• CredShields incident post-morten

A fingerprinting technique can track Tor users, Intellexa had an American exploit provider, the US accuses China of copying its AI, and the US router ban also covers WiFi hotspots.

• Risky Bulletin: New fingerprinting technique can track Tor users