Risky Business is a weekly information security podcast featuring news and in-depth interviews with industry luminaries. Launched in February 2007, Risky Business is a must-listen digest for information security pros. With a running time of approximately 50-60 minutes, Risky Business is pacy; a security podcast without the waffle.
Risky Business #791 -- Woof! Copilot for Sharepoint coughs up creds and keys
May 14, 2025
0:57:52
55.57 MB
Downloads: 0
On this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news:
- Struggling to find that pesky passwords.xlsx in Sharepoint? Copilot has your back!
- The ransomware ecosystem is finding life a bit tough lately
- SAP Netweaver bug being used by Chinese APT crew
- Academics keep just keep finding CPU side-channel attacks
- And of course… bugs! Asus, Ivanti, Fortinet… and a Nissan LEAF?
This week’s episode is sponsored by Resourcely, who will soothe your Terraform pains. Founder and CEO Tracis McPeak joins to talk about how to get from a very red dashboard full of cloud problems to a workable future.
This episode is also available on Youtube.
Show notes
- Exploiting Copilot AI for SharePoint | Pen Test Partners
- MrBruh's Epic Blog
- Ransomware group Lockbit appears to have been hacked, analysts say | Reuters
- "CONTI LEAK: Video they tried to bury! 6+ Conti members on a private jet. TARGET’s birthday — $10M bounty on his head. Filmed by TARGET himself. Original erased — we kept a copy."
- Mysterious hackers who targeted Marks and Spencer's computer systems hint at political allegiance as they warn other tech criminals not to attack former Soviet states
- The organizational structure of ransomware groups is evolving rapidly.
- SAP NetWeaver exploitation enters second wave of threat activity
- China-Nexus Nation State Actors Exploit SAP NetWeaver (CVE-2025-31324) to Target Critical Infrastructures
- DOGE software engineer’s computer infected by info-stealing malware
- Hackers hijack Japanese financial accounts to conduct nearly $2 billion in trades
- FBI and Dutch police seize and shut down botnet of hacked routers
- Poland arrests four in global DDoS-for-hire takedown
- School districts hit with extortion attempts after PowerSchool breach
- EU launches vulnerability database to tackle cybersecurity threats
- Training Solo - vusec
- Branch Privilege Injection: Exploiting Branch Predictor Race Conditions – Computer Security Group
- Remote Exploitation of Nissan Leaf: Controlling Critical Body Elements from the Internet
- PSIRT | FortiGuard Labs
- EPMM Security Update | Ivanti