On this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news, including:

• Australian spooks scrubbed Medibank data off Zservers bulletproof hosting
• Why device code phishing is the latest trick in confusing poor users about cloud authentication
• Cloudflare gets blocked in Spain, but only on weekends and because of… football?
• Palo Alto has yet another dumb bug
• Adam gushes about Qualys’ latest OpenSSH vulns

Enterprise browser maker Island is this week’s sponsor and Chief Customer Office Braden Rogers joins the show to talk about how the adoption of AI everywhere is causing headaches.

This episode is also available on Youtube.

• Five Russians went out drinking. When they got back, Australia had struck
• Dutch police say they took down 127 servers used by sanctioned hosting service | The Record from Recorded Future News
• Further cyber sanctions in response to Medibank Private cyberattack | Defence Ministers
• What is device code phishing, and why are Russian spies so successful at it? - Ars Technica
• Anyone Can Push Updates to the DOGE.gov Website
• Piracy Crisis: Cloudflare Says LaLiga Knew Dangers, Blocked IP Address Anyway (Update) * TorrentFreak
• Palo Alto Networks warns firewall vulnerability is under active exploitation | Cybersecurity Dive
• Qualys TRU Discovers Two Vulnerabilities in OpenSSH: CVE-2025-26465 & CVE-2025-26466 | Qualys Security Blog
• China’s Salt Typhoon hackers targeting Cisco devices used by telcos, universities | The Record from Recorded Future News
• RedMike Exploits Unpatched Cisco Devices in Global Telecommunications Campaign
• A Hacker Group Within Russia’s Notorious Sandworm Unit Is Breaching Western Networks | WIRED
• How Phished Data Turns into Apple & Google Wallets – Krebs on Security
• New hack uses prompt injection to corrupt Gemini’s long-term memory
• Arizona woman pleads guilty to running laptop farm for N. Korean IT workers, faces 9-year sentence | The Record from Recorded Future News
• US reportedly releases Russian cybercrime figure Alexander Vinnik in prisoner swap | The Record from Recorded Future News
• EXCLUSIVE: A Russia-linked Telegram network is inciting terrorism and is behind hate crimes in the UK – HOPE not hate
• Remembering David Jorm - fundraising for Mental Health research

In this SoapBox edition of the show Patrick Gray chats to Fletcher Heisler, the CEO of open-source identity provider Authentik.

The whole idea of Authentik is you can take control of an essential IT and security function: identity. Because Authentik is open source it’s extremely flexible, and if you’re running it yourself, you get to decide where your IDP should sit in your architecture. You can run it on prem if you’re an emergency call centre or you’re operating an airgapped network, or you can spin it up in your cloud environment if you’re a typical enterprise.

Fletcher talks through the reasons Authentik users are decoupling themselves from the major SaaS Identity Providers, and the flexibility that comes from being able to assemble exactly what you need.

This episode is also available on Youtube.