Risky Business #837: GitHub Actions, Data Extortion, and Linux 0days
This week's episode of Risky Business covers the TanStack compromise via GitHub Actions, data extortion at Instructure, and new Linux privilege escalation vulnerabilities.
This week's episode of the Risky Business podcast covers a range of significant cybersecurity developments. The hosts discuss the compromise of TanStack, which was facilitated by a GitHub Actions vulnerability, and the ongoing data extortion efforts targeting the Canvas e-learning platform [Risky Business].
The episode also highlights new Linux privilege escalation vulnerabilities and discusses efforts by CISA to assist critical infrastructure operators in rearchitecting networks to support offline operations. Additionally, the show features a discussion on the current market evaluation of agentic AI, noting a growing sense of "AI fatigue" among buyers [Risky Business].
The podcast provides valuable context for security professionals navigating these evolving threats. Listeners are encouraged to review the show notes for detailed information on the vulnerabilities and incidents discussed, including the 'Mini Shai-Hulud' malware campaign [Risky Business].