On this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news, including:

• Oracle’s long term CSO departs, and we’re not that sad about it
• Canada’s House of Commons gets popped through a Microsoft bug
• Russia degrades voice calls via Whatsapp and Telegram to push people towards Max
• South-East Asian scam compounds are also behind child sextortion
• Reports that the UK has backed down on Apple crypto are… strange
• Oh and of course there’s a Fortinet bug! There’s always a Fortinet bug!

This week’s episode is sponsored by open source identity provider Authentik. CEO Fletcher Heisler joins the show this week, and explains the journey of implementing SSO backed login on Windows, Mac and Linux. You’ll never guess which one was a few lines of PAM config, and which was a multi-month engineering project!

This episode is also available on Youtube.

• Is Oracle facing headwinds? After layoffs, its 4-decade veteran Chief Security Officer Mary Ann Davidson departs
• Oracle CSO blasted over anti-security research rant - iTnews
• New York lawsuit against Zelle creator alleges features allowed $1 billion in thefts | The Record from Recorded Future News
• Mobile Phishers Target Brokerage Accounts in ‘Ramp and Dump’ Cashout Scheme – Krebs on Security
• How we found TeaOnHer spilling users' driver's licenses in less than 10 minutes | TechCrunch
• UK has backed down on demand to access US Apple user data, spy chief says
• DNI Tulsi Gabbard on X: "As a result, the UK has agreed to drop its mandate for"
• Hackers target Workday in social engineering attack
• Russia curbs WhatsApp, Telegram calls to counter cybercrime | The Record from Recorded Future News
• Hackers reportedly compromise Canadian House of Commons through Microsoft vulnerability | The Record from Recorded Future News
• Norway police believe pro-Russian hackers were behind April dam sabotage | The Record from Recorded Future News
• US agencies, international allies issue guidance on OT asset inventorying | Cybersecurity Dive
• FortMajeure: Authentication Bypass in FortiWeb (CVE-2025-52970)
• U.S. State Dept - Near Eastern Affairs on X: "He did not claim diplomatic immunity and was released by a state judge"
• 493 Cases of Sextortion Against Children Linked to Notorious Scam Compounds | WIRED
• .:: Phrack Magazine ::.
• Accenture to buy Australian cyber security firm CyberCX - iTnews

In this Soap Box edition of the Risky Business podcast Patrick Gray chats with Socket founder Feross Aboukhadijeh about how to measure the reachability of vulnerabilities in applications.

It’s great to know there’s a CVE in a library you’re using, but it’s even better if you can say whether or not that vulnerability actually impacts your application.

They also talk about how Socket started out as a way to discover malicious packages in software projects, but these days it’s playing the CVE game as well.

This episode is also available on Youtube.