
Risky Business #837 -- GitHub Actions footgun claims TanStack
From Risky Business by Risky Business Media
May 13, 2026 · 1h 5m
About this episode
The episode discusses recent cybersecurity news including GitHub Actions vulnerabilities and data extortion incidents.
On this week’s show Patrick Gray, Adam Boileau and James Wilson discuss the week’s cybersecurity news. They cover: Mini Shai-Hulud and the TanStack compromise using Github Actions Instructure pays Canvas elearning platform data extortionists More Linux privilege escalation 0days! CISA helping critical infrastructure operators rearchitect their networks so they work offline This week’s episode is sponsored by email security platform Sublime Security. Bobby Filar chats with Patrick about how agentic AI is being evaluated by buyers in a marketplace that’s experiencing “AI fatigue”. This episode is also available on Youtube.
People in this episode
Hosts: Patrick Gray, Adam Boileau, James Wilson
Guest: Bobby Filar
Topics covered
- cybersecurity news
- GitHub Actions
- data extortion
- Linux privilege escalation
- critical infrastructure
- AI evaluation
Keywords
- cybersecurity
- GitHub Actions
- TanStack
- data extortion
- Linux
- CISA
- AI fatigue
Sponsors
Sublime Security
Mentioned in this episode
Organizations: TanStack, Instructure, Canvas, CISA
More episodes of Risky Business
- Risky Business #841 -- Microsoft gets owned and 0day'd · June 10, 2026 · 1h 3m
- Soap Box: Detection and response in the AI age · June 5, 2026 · 37 min
- Risky Business #840 -- Microsoft walks back researcher threats · June 3, 2026 · 1h 6m
- Risky Business #839 -- TeamPCP stole GitHub's internal repos · May 27, 2026 · 1h 0m
- Risky Business #838 -- GitHub investigates possible breach · May 20, 2026 · 1h 3m
- Soap Box: Where does AI fit into cloud security? · May 15, 2026 · 34 min
Explore listener stats, chart rankings, contacts and more on the Risky Business podcast page.