Risky Business #827 -- Iranian cyber threat actors are down but not out
04 March 2026

Risky Business #827 -- Iranian cyber threat actors are down but not out

Risky Business

About

On this week’s show, Patrick Gray, Adam Boileau and James WIlson discuss the week’s cybersecurity news. They cover:




    The US-Israeli attack on Iran had a whole lot of cyber. It’s clearly in the playbook now!
    The NSA Triangulation / L3 Harris Trenchant iOS exploit kit is on the loose, and being used by Chinese crypto scammers
    So long Maddhu Gottumukkala, but CISA’s annus horribilis continues
    Adam “humbug” Boileau complains about the Airsnitch wifi attack just being three ethernets in a trenchcoat
    ASD’s Cisco SD-WAN threat hunting guide is clearly borne of … experience


This week’s episode is sponsored by AI threat hunting platform Nebulock. Sydney Marrone joins to talk about how useful AI models are on the hunt, and her work building out an open source framework and maturity model. It’s methodology agnostic, so you can adapt it for your environment, and the github link is in the show notes!



This episode is also available on Youtube.





Show notes


    Inside the plan to kill Ali Khamenei

    Hacked traffic cams and hijacked TVs: How cyber operations supported the war against Iran | TechCrunch

    Matthew Prince 🌥 on X: "Counter to what some cyber vendors are saying, there’s been a dramatic drop in Iranian cyber operations. Likely as the operators are sheltering. They may pick back up, but right now there’s a noticeable lull." / X

    Cyber Command disrupted Iranian comms, sensors, top general says | The Record from Recorded Future News

    Iranian Hackers Use Elon Musk’s Starlink To Stay Online

    Exclusive | U.S. Smuggled Thousands of Starlink Terminals Into Iran After Protest Crackdown - WSJ

    Attacks on GPS Spike Amid US and Israeli War on Iran | WIRED

    Amazon Data Centers on Fire After Iranian Missile Strikes on Dubai

    A Possible US Government iPhone-Hacking Toolkit Is Now in the Hands of Foreign Spies and Criminals | WIRED

    Canceled contracts, a failed polygraph and personal disputes: Inside the turbulent tenure of Noem’s former cyber czar - POLITICO

    CISA CIO Robert Costello exits agency | CyberScoop

    OpenAI alters deal with Pentagon as critics sound alarm over surveillance

    Inside Anthropic’s Killer-Robot Dispute With the Pentagon - The Atlantic

    Read the full transcript of our interview with Anthropic CEO Dario Amodei - CBS News

    CBP Tapped Into the Online Advertising Ecosystem To Track Peoples’ Movements

    Large-Scale Online Deanonymization with LLMs

    Hackers Weaponize Claude Code in Mexican Government Cyberattack - SecurityWeek

    New AirSnitch attack bypasses Wi-Fi encryption in homes, offices, and enterprises - Ars Technica

    CISA orders agencies to patch Cisco devices now under attack | Cybersecurity Dive

    CISCO SD-WAN THREAT HUNT GUIDE

    ClawJacked attack let malicious websites hijack OpenClaw to steal data

    Area Man Accidentally Hacks 6,700 Camera-Enabled Robot Vacuums | WIRED

    Intellexa founder, three others sentenced to 8 years in prison over Greek spyware scandal | The Record from Recorded Future News

    Moscow man accused of posing as FSB officer to extort Conti ransomware gang | The Record from Recorded Future News

    Farewell, Felix · The Recurity Lablog

    Atmos Sphere 2026 | Atmos

    The Agentic Threat Hunting Framework | Nebulock blog

    GitHub - Nebulock-Inc/agentic-threat-hunting-framework: ATHF is a framework for agentic threat hunting - building systems that can remember, learn, and act with increasing autonomy. · GitHub