Skip to content
Chimera readability score 0.5122 out of 100, reading level.

Risky Business Podcast
March 18, 2026
Risky Business #829 -- Sneaky lobsters: Why AI is the new insider threat
Presented by
Enterprise Technology Editor
Technology Editor
CEO and Publisher
On this week’s show, Patrick Gray, Adam Boileau and James WIlson discuss the week’s cybersecurity news. They discuss:
- Iran’s Intune-based wiper attack on medical device maker Stryker
- Qihoo 360’s AI publishes its own wildcard TLS cert private key
- Instagram is canning its end-to-end encrypted messaging
- What’s going on with mobile internet access in Moscow?
- The Xbox One’s bootloader gets voltage glitched into submission
- Oh Qualys! We love you! (At least, whoever is in the basement writing these beautiful .txt files…)
This week’s episode is sponsored by browser-based detection and response company, Push Security. Researcher Dan Green and Field CTO Mark Orlando join Pat to talk through the InstallFix variant of the *Fix attack technique.
This episode is also available on Youtube.
Brought to you by Push Security
Browser-based detection and response
Show notes
Iranian Hacktivists Strike Medical Device Maker Stryker in "Severe" Attack that Wiped Systems
Stryker attack raises concerns about role of device management tool | Cybersecurity Dive
How ‘Handala’ Became the Face of Iran’s Hacker Counterattacks | WIRED
U.S Strikes Killed Iranian Cyber Chiefs, But The Hacks Continued
Risky Business Features: Being a Wartime CISO
Supply-chain attack using invisible code hits GitHub and other repositories - Ars Technica
China's biggest cybersecurity company, Qihoo 360 just leaked their own wildcard SSL private key
Emergent Cyber Behavior: When AI Agents Become Offensive Threat Actors - Irregular
Risky Business Features: MCP is Dead
Measuring AI Agents’ Progress on Multi-Step Cyber Attack Scenarios
Measuring AI Agents' Progress on Multi-Step Cyber Attack Scenarios
What is end-to-end encryption on Instagram | Instagram Help Center
US Lawmakers Move to Kill the FBI’s Warrantless Wiretap Access | WIRED
Website "whitelists" launched in Moscow | Forbes.ru
Researchers disclose vulnerabilities in IP KVMs from four manufacturers - Ars Technica
RE//verse 2026: Hacking the Xbox One by Markus 'doom' Gaasedelen - YouTube

Facts Only

Actors: Iranian hacktivists, Qihoo 360, Instagram, researchers
Actions/Events: cyberattack on Stryker, leaking of SSL private key, phasing out end-to-end encrypted messaging, discovering vulnerabilities in IP KVMs, voltage glitching Xbox One bootloader
Timeline: March 18, 2026 (podcast date)
Locations: Iran, China, various (Stryker and Instagram are global companies)

Executive Summary

On this week's Risky Business podcast, the hosts discuss various cybersecurity-related topics. The Iranian hacktivist group is suspected of launching a severe attack on medical device maker Stryker using Intune, which wiped out systems in the company. This incident raises concerns about the role of device management tools in potential cyberattacks. Qihoo 360, China's biggest cybersecurity company, leaked their own wildcard SSL private key, compromising their security. Instagram is reportedly phasing out its end-to-end encrypted messaging feature, sparking concerns about privacy. Researchers have discovered vulnerabilities in IP KVMs from four manufacturers that could potentially be exploited. The Xbox One's bootloader has been vulnerable to voltage glitching.

Full Take

In the skeptical mode:
STEELMAN: The article presents several cybersecurity incidents, including a suspected Iranian attack on Stryker, Qihoo 360 leaking their SSL private key, Instagram ending its end-to-end encrypted messaging, and vulnerabilities found in IP KVMs. These reports highlight ongoing concerns about cybersecurity threats and the need for stronger security measures.
Patterns detected: none
ROOT CAUSE: The incidents reflect a global digital landscape fraught with potential security risks, with various actors exploiting vulnerabilities for diverse motives (e.g., espionage, financial gain, political activism).
IMPLICATIONS: These events underscore the importance of robust cybersecurity practices and continued vigilance in protecting personal data, critical infrastructure, and digital platforms. Companies and governments must prioritize security investments to mitigate potential threats and safeguard their users.
BRIDGE QUESTIONS: What role do device management tools play in preventing or facilitating cyberattacks? How can we improve the security of digital communication platforms like Instagram? Are there alternative solutions for ensuring privacy and security when end-to-end encryption is eliminated?