Join us LIVE on Mondays, 4:30pm EST.
A weekly Podcast with BHIS and Friends. We discuss notable Infosec, and infosec-adjacent news stories gathered by our community news team.
https://www.youtube.com/@BlackHillsInformationSecurity

Chat with us on Discord! -
https://discord.gg/bhis
🔴live-chat

Chapters

• (00:00) - PreShow Banter™ — Watch Out for the Brownies
• (04:35) - Tim Cook Announces Apple CEO Exit - 2026-04-20
• (05:57) - Story # 1: Vercel April 2026 security incident
• (19:00) - Story # 2: 'Addicted to hacking': Young hacker behind historic breach speaks out for 1st time, before reporting to prison
• (27:19) - Story # 3: Mythos And The CVSS Problem No One Wants to Talk About (But We Need To)
• (28:49) - Story # 4: Introducing Claude Opus 4.7
• (32:14) - Story # 4b: Identity verification on Claude
• (36:00) - Story # 5: Tim Cook to become Apple Executive Chairman John Ternus to become Apple CEO
• (40:18) - Story # 6: Microsoft faces fresh Windows Recall security concerns
• (44:12) - Story # 7: WebinarTV Secretly Scraped Zoom Meetings of Anonymous Recovery Programs
• (48:20) - Story # 8: Google, Microsoft, Meta All Tracking You Even When You Opt Out, According to an Independent Audit
• (51:12) - Story # 9: Little Caesars Wants ChatGPT to Order Your Pizza for You
• (53:35) - Story # 10: NIST Updates NVD Operations to Address Record CVE Growth
• (01:00:08) - Workshop: Rapid Endpoint Investigations for Linux and Mac
• (01:01:20) - Cyber Threat Intelligence 101 2 Day Version
• (01:02:24) - ANTI-CAST: How to Break Free from the Cybersecurity Burnout Trap w/ Natalia Samman

Story # 1: Vercel April 2026 security incident
Story # 2: ‘Addicted to hacking’: Young hacker behind historic breach speaks out for 1st time, before reporting to prison
Story # 3: Mythos And The CVSS Problem No One Wants to Talk About (But We Need To)
Story # 4: Introducing Claude Opus 4.7
Story # 4b: Identity verification on Claude
Story # 5: Tim Cook to become Apple Executive Chairman John Ternus to become Apple CEO
Story # 6: Microsoft faces fresh Windows Recall security concerns
Story # 7: WebinarTV Secretly Scraped Zoom Meetings of Anonymous Recovery Programs
Story # 8: Google, Microsoft, Meta All Tracking You Even When You Opt Out, According to an Independent Audit
Story # 9: Little Caesars Wants ChatGPT to Order Your Pizza for You
Story # 10: NIST Updates NVD Operations to Address Record CVE Growth
Workshop: Rapid Endpoint Investigations for Linux and Mac
Cyber Threat Intelligence 101 2 Day Version
ANTI-CAST: How to Break Free from the Cybersecurity Burnout Trap w/ Natalia Samman

Creators & Guests

• Corey Ham - Host
• Ralph May - Host
• Patterson Cake - Guest
• Wade Wells - Host
• Bronwen Aker - Host
• Meagan Bentley - Producer

Click here to view the episode transcript.

🔗 Register for FREE Infosec Webcasts, Anti-casts & Summits 

https://poweredbybhis.com

Brought to you by:

Black Hills Information Security 

https://www.blackhillsinfosec.com

Antisyphon Training

https://www.antisyphontraining.com/

Active Countermeasures

https://www.activecountermeasures.com

Wild West Hackin Fest

https://wildwesthackinfest.com

Join us LIVE on Mondays, 4:30pm EST.
A weekly Podcast with BHIS and Friends. We discuss notable Infosec, and infosec-adjacent news stories gathered by our community news team.
https://www.youtube.com/@BlackHillsInformationSecurity

Chat with us on Discord! -
https://discord.gg/bhis
🔴live-chat

Chapters

• (00:00) - PreShow Banter™ — A Real Studio
• (03:43) - Anthropic’s Project Glasswing is an Infosec Turning Point – 2026-04-13
• (05:39) - Story # 1: Project Glasswing
• (22:20) - Story # 2: AI-Led Remediation Crisis Prompts HackerOne to Pause Bug Bounties
• (30:36) - Story # 3: Disgruntled researcher leaks “BlueHammer” Windows zero-day exploit
• (32:39) - WEBCAST: Proxy Execution with Microsoft Edge WebView2 w/ Matthew Eidelberg
• (51:47) - Story # 4: New "BrowserGate" report claims LinkedIn secretly scans user browsers for installed extensions and collects device data
• (56:32) - Story # 5: The silent “Storm”: New infostealer hijacks sessions, decrypts server-side
• (58:46) - ChickenSec: the Chicken Accords of 2026
• (01:00:27) - Story # 6: EFF is Leaving X
• (01:03:01) - Workshop: How to Think Like a Cybersecurity Defender
• (01:05:49) - AI Security Ops Podcast

Story # 1: Project Glasswing
Story # 2: AI-Led Remediation Crisis Prompts HackerOne to Pause Bug Bounties
Story # 3: Disgruntled researcher leaks “BlueHammer” Windows zero-day exploit
WEBCAST: Proxy Execution with Microsoft Edge WebView2 w/ Matthew Eidelberg
Story # 4: New “BrowserGate” report claims LinkedIn secretly scans user browsers for installed extensions and collects device data
Story # 5: The silent “Storm”: New infostealer hijacks sessions, decrypts server-side
ChickenSec: the Chicken Accords of 2026
Story # 6: EFF is Leaving X
Workshop: How to Think Like a Cybersecurity Defender
AI Security Ops Podcast

Creators & Guests

• Corey Ham - Host
• Wade Wells - Host
• Alex Minster "Belouve" - Guest
• Bronwen Aker - Host
• Ralph May - Host
• John Strand - Host
• Doc Blackburn - Guest

Click here to view the episode transcript.

🔗 Register for FREE Infosec Webcasts, Anti-casts & Summits 

https://poweredbybhis.com

Brought to you by:

Black Hills Information Security 

https://www.blackhillsinfosec.com

Antisyphon Training

https://www.antisyphontraining.com/

Active Countermeasures

https://www.activecountermeasures.com

Wild West Hackin Fest

https://wildwesthackinfest.com

Join us LIVE on Mondays, 4:30pm EST.
A weekly Podcast with BHIS and Friends. We discuss notable Infosec, and infosec-adjacent news stories gathered by our community news team.
https://www.youtube.com/@BlackHillsInformationSecurity

Chat with us on Discord! -
https://discord.gg/bhis
🔴live-chat

Chapters

• (00:00) - PreShow Banter™ — Professional Sitters
• (04:36) - Artemis Astronaut's Bad Outlooks - 2026-04-06
• (07:12) - The Absolute Truths of Cybersecurity with Doc Blackburn
• (08:52) - Professionally Evil API Testing: AAA and Keys are Not Just for Cars
• (09:35) - Story # 1: Post Mortem: axios npm supply chain compromise
• (19:54) - Story # 2: Artemis II astronaut: 'I have two Microsoft Outlooks, and neither one of those are working'
• (26:02) - Story # 3: Microsoft Copilot Terms of Service Label Copilot is for Entertainment Purposes Only
• (30:13) - Story # 4: Here’s what that Claude Code source leak reveals about Anthropic’s plans
• (35:03) - Story # 4b: https://neuromatch.social/@jonny/116325123136895805
• (37:57) - Story # 5: Meta freezes AI data work after breach puts training secrets at risk
• (41:40) - Story # 6: Possible US Government iPhone Hacking Tool Leaked
• (44:32) - Story # 7: FBI labels data breach ‘major incident,’ notifies Congress
• (46:58) - Story # 8: vSphere and BRICKSTORM Malware: A Defender's Guide
• (52:12) - Story # 9: CBP Facility Codes Sure Seem to Have Leaked Via Online Flashcards
• (01:04:26) - ChickenSec: Why did the chicken wear a reflective vest? To cross the road of course

The Absolute Truths of Cybersecurity with Doc Blackburn
Professionally Evil API Testing: AAA and Keys are Not Just for Cars
Story # 1: Post Mortem: axios npm supply chain compromise
Story # 2: Artemis II astronaut: ‘I have two Microsoft Outlooks, and neither one of those are working’
Story # 3: Microsoft Copilot Terms of Service Label Copilot is for Entertainment Purposes Only
Story # 4: Here’s what that Claude Code source leak reveals about Anthropic’s plans
Story # 4b: https://neuromatch.social/@jonny/116325123136895805
Story # 5: Meta freezes AI data work after breach puts training secrets at risk
Story # 6: Possible US Government iPhone Hacking Tool Leaked
Story # 7: FBI labels data breach ‘major incident,’ notifies Congress
Story # 8: vSphere and BRICKSTORM Malware: A Defender’s Guide
Story # 9: CBP Facility Codes Sure Seem to Have Leaked Via Online Flashcards
ChickenSec: Why did the chicken wear a reflective vest? To cross the road of course

Creators & Guests

• Jennifer Shannon - Guest
• Wade Wells - Host
• Corey Ham - Host
• Ralph May - Host
• Ryan Poirier - Producer
• Bronwen Aker - Host
• Doc Blackburn - Guest

Click here to view the episode transcript.

🔗 Register for FREE Infosec Webcasts, Anti-casts & Summits 

https://poweredbybhis.com

Brought to you by:

Black Hills Information Security 

https://www.blackhillsinfosec.com

Antisyphon Training

https://www.antisyphontraining.com/

Active Countermeasures

https://www.activecountermeasures.com

Wild West Hackin Fest

https://wildwesthackinfest.com

Join us LIVE on Mondays, 4:30pm EST.
A weekly Podcast with BHIS and Friends. We discuss notable Infosec, and infosec-adjacent news stories gathered by our community news team.
https://www.youtube.com/@BlackHillsInformationSecurity

Chat with us on Discord! -
https://discord.gg/bhis
🔴live-chat

Chapters

• (00:00) - PreShow Banter™ — Robot Handlers
• (05:11) - FCC Blocks Foreign-Made Routers – 2026-03-30
• (06:44) - Story # 1: FCC moves to block new foreign-made routers
• (17:00) - Story # 2: FBI Chief Kash Patel’s Gmail Account was Hacked by Iranian Hackers
• (20:07) - Story # 3: FancyBear Exposed: Major OPSEC Blunder Inside Russian Espionage Ops
• (24:18) - Story # 4: LiteLLM and Telnyx compromised on PyPI: Tracing the TeamPCP supply chain campaign
• (27:49) - Story # 4b: TeamPCP Supply Chain Campaign
• (42:45) - Story # 5: Spylandia: How a Stretch of Florida Real Estate Has Become a Covert Corridor for Chinese and Russian Spies
• (45:51) - Story # 6: Anthropic readies Mythos model with high cybersecurity risk
• (57:31) - Story # 7: Google Ships WebMCP, The Browser-Based Backbone For The Agentic Web
• (01:02:24) - Story # 8: DDR5 Memory Prices Just Took a Noticeable Dive for the First Time in Months, and Google’s TurboQuant Might Be Behind It
• (01:04:03) - Securing the Cloud: Foundations by Andrew Krug
• (01:04:47) - Incident Response Simplified by Patterson Cake

News Links
Story # 1: FCC moves to block new foreign-made routers
Story # 2: FBI Chief Kash Patel’s Gmail Account was Hacked by Iranian Hackers
Story # 3: FancyBear Exposed: Major OPSEC Blunder Inside Russian Espionage Ops
Story # 4: LiteLLM and Telnyx compromised on PyPI: Tracing the TeamPCP supply chain campaign
Story # 4b: TeamPCP Supply Chain Campaign
Story # 5: Spylandia: How a Stretch of Florida Real Estate Has Become a Covert Corridor for Chinese and Russian Spies
Story # 6: Anthropic readies Mythos model with high cybersecurity risk
Story # 7: Google Ships WebMCP, The Browser-Based Backbone For The Agentic Web
Story # 8: DDR5 Memory Prices Just Took a Noticeable Dive for the First Time in Months, and Google’s TurboQuant Might Be Behind It

Securing the Cloud: Foundations by Andrew Krug
Incident Response Simplified by Patterson Cake

Creators & Guests

• Andy Pettit "Nerf" - Guest
• Andrew Krug - Guest
• Wade Wells - Host
• Corey Ham - Host
• Bronwen Aker - Host
• Patterson Cake - Guest
• Ryan Poirier - Producer
• Ralph May - Host

Click here to view the episode transcript.

🔗 Register for FREE Infosec Webcasts, Anti-casts & Summits 

https://poweredbybhis.com

Brought to you by:

Black Hills Information Security 

https://www.blackhillsinfosec.com

Antisyphon Training

https://www.antisyphontraining.com/

Active Countermeasures

https://www.activecountermeasures.com

Wild West Hackin Fest

https://wildwesthackinfest.com

Join us LIVE on Mondays, 4:30pm EST.
A weekly Podcast with BHIS and Friends. We discuss notable Infosec, and infosec-adjacent news stories gathered by our community news team.
https://www.youtube.com/@BlackHillsInformationSecurity

Chat with us on Discord! -
https://discord.gg/bhis
🔴live-chat

Chapters

• (00:00) - PreShow Banter™ — Easier Than Printers
• (05:20) - Pentagon Plans to Train AI With Classified Data – BHIS - Talkin' Bout [infosec] News 2026-03-23
• (06:38) - Story # 1: Sears Exposed AI Chatbot Phone Calls and Text Chats to Anyone on the Web
• (07:38) - Story # 1b: ALT Link - Sears Exposed AI Chatbot Phone Calls and Text Chats to Anyone on the Web
• (15:35) - Story # 2: Federal cyber experts called Microsoft’s cloud a “pile of shit,” approved it anyway
• (24:31) - Story # 3: The Pentagon is planning for AI companies to train on classified data, defense official says
• (34:04) - Story # 4: CISA Urges Endpoint Management System Hardening After Cyberattack Against US Organization
• (37:50) - Story # 5: Warning: Your AI-Generated Password Is a Major Security Risk. Here’s What to Use Instead
• (42:21) - Story # 6: CISA warns of active exploitation of Microsoft SharePoint vulnerability (CVE-2026-20963)
• (49:57) - Story # 7: Massive China Data Leak: Hackers Access 10 Petabytes of Weapons Testing Data
• (51:28) - Story # 8: Anime fans' credit cards might be stolen from Sony streamer Crunchyroll
• (55:03) - Story # 9: The Proliferation of DarkSword: iOS Exploit Chain Adopted by Multiple Threat Actors

Creators & Guests

• John Strand - Host
• Ralph May - Host
• Chadd Watson - Guest
• Wade Wells - Host
• Alex Minster "Belouve" - Guest
• Hayden Covington - Host
• Bruce Potter - Guest
• Ryan Poirier - Producer

Click here to view the episode transcript.

🔗 Register for FREE Infosec Webcasts, Anti-casts & Summits 

https://poweredbybhis.com

Brought to you by:

Black Hills Information Security 

https://www.blackhillsinfosec.com

Antisyphon Training

https://www.antisyphontraining.com/

Active Countermeasures

https://www.activecountermeasures.com

Wild West Hackin Fest

https://wildwesthackinfest.com

Join us LIVE on Mondays, 4:30pm EST.
A weekly Podcast with BHIS and Friends. We discuss notable Infosec, and infosec-adjacent news stories gathered by our community news team.
https://www.youtube.com/@BlackHillsInformationSecurity

Chat with us on Discord! -
https://discord.gg/bhis
🔴live-chat

Chapters

• (00:00) - PreShow Banter™ — Organizing Family Beets
• (04:02) - Iranian Hackers Claim Responsibility for Stryker Attack - 2026-03-16
• (08:56) - Story # 1: Iran-Backed Hackers Claim Wiper Attack on Medtech Firm Stryker
• (23:38) - Story # 2: How We Hacked McKinsey's AI Platform
• (32:30) - Story # 3: Amazon holds engineering meeting following AI-related outages
• (39:11) - Story # 4: Meta gets into social networks for AI agents with acquisition of viral Moltbook platform
• (45:24) - Story # 5: Meta to Shut Down Instagram End-to-End Encrypted Chat Support Starting May 2026
• (50:45) - Story # 6: Michelin Confirms Data Breach Linked to Oracle EBS Attack
• (51:08) - Story # 7: New Dohdoor malware campaign targets education and health care
• (58:10) - Story # 8: Man's dog was riddled with tumors and dying. He used ChatGPT to design a custom cancer vaccine, stunning researchers

Creators & Guests

• Dan Rearden (Haircutfish) - Guest
• Bronwen Aker - Host
• Ralph May - Host
• John Strand - Host
• Troy Wojewoda - Guest
• Corey Ham - Host
• Hayden Covington - Host
• Wade Wells - Host
• Meagan Bentley - Producer

Click here to view the episode transcript.

🔗 Register for FREE Infosec Webcasts, Anti-casts & Summits 

https://poweredbybhis.com

Brought to you by:

Black Hills Information Security 

https://www.blackhillsinfosec.com

Antisyphon Training

https://www.antisyphontraining.com/

Active Countermeasures

https://www.activecountermeasures.com

Wild West Hackin Fest

https://wildwesthackinfest.com

Chat with us on Discord! -
https://discord.gg/bhis
🔴live-chat

Chapters

• (00:00) - PreShow Banter™ — That's Not How It Works
• (03:40) - A Nightmare of Vibeware – 2026-03-09
• (04:54) - Story # 1: APT36: A Nightmare of Vibeware
• (13:56) - Story # 2: Oracle Layoffs: Tech giant to slash 30,000 jobs as banks pull out from financing AI data centres
• (16:28) - Story # 3: Iran-linked hacktivist groups target US infrastructure after Feb 28 strikes, cyber activity surges: Report
• (24:28) - Story # 4: Introducing the First Frontier Suite built on Intelligence + Trust
• (28:59) - Story # 5: Motorola partners with GrapheneOS for future phones
• (29:13) - Story # 5b: GrapheneOS: Microsoft Authenticator does not support secure Android OS
• (29:53) - Story # 6: Western allies form 6G security coalition amid tech rivalry with China
• (34:01) - Story # 7: ShinyHunters claims ongoing Salesforce Aura data theft attacks
• (35:47) - Story # 8: Doppelgänger / RRN Disinformation Infrastructure Ecosystem 2026
• (44:33) - Story # 9: LexisNexis confirms data breach as hackers leak stolen files
• (49:10) - Story # 10: Google urges Supreme Court to strike down geofence warrants as unconstitutional
• (55:59) - ANTI-CAST : How to Detect Malicious Remote Workers w/ James McQuiggan
• (56:47) - SOC Summit 2026

Troy & Wade’s Upcoming Things:
– Antisyphon Training SOC Summit 2026
– Breach Assessment - The Curious Case of the Comburglar w/ Troy Wojewoda
– Network Forensics and Incident Response with Troy Wojewoda

🔗 Register for FREE Infosec Webcasts, Anti-casts & Summits 

https://poweredbybhis.com

Brought to you by:

Black Hills Information Security 

https://www.blackhillsinfosec.com

Antisyphon Training

https://www.antisyphontraining.com/

Active Countermeasures

https://www.activecountermeasures.com

Wild West Hackin Fest

https://wildwesthackinfest.com

Chat with us on Discord! -
https://discord.gg/bhis
🔴live-chat

Chapters

• (00:00) - PreShow Banter™ — Kerberoasting Too Hard
• (05:05) - Pentagon Declares Anthropic a Supply Chain Risk — Talkin’ Bout [infosec] News 2026-03-02
• (08:40) - Story # 1: Pentagon Designates Anthropic Supply Chain Risk
• (17:27) - Story # 2: European Parliament blocks AI on lawmakers’ devices, citing security risks
• (21:23) - Story # 3: Mexican Government Breach and the Rise of Agentic Cyber Threats
• (22:58) - Story # 4: 2026 CrowdStrike Global Threat Report: AI Accelerates Adversaries and Reshapes the Attack Surface
• (33:04) - Story # 5: Leak confirms GrapheneOS & Motorola partnership for non-Pixel hardware
• (38:24) - Story # 5b: Motorola announces a partnership with GrapheneOS Foundation, marking a new chapter in smartphone security and expanding its enterprise portfolio
• (39:21) - Story # 6: Immediate Action Required: CISA Issues Emergency Directive to Secure Cisco SD-WAN Systems
• (43:12) - Story # 7: Cops back Dutch telco Odido after second wave of ShinyHunters leaks
• (45:40) - Story # 8: Discord puts global age verification policy on hold after backlash
• (46:30) - Story # 9: A new California law says all operating systems, including Linux, need to have some form of age verification at account setup
• (51:51) - Story # 10: User accidentally gains control of over 6,700 robot vacuums
• (53:35) - Story # 11: App Warns You if Someone Is Wearing Smart Glasses Nearby
• (57:32) - Weekly CTF Winners
• (58:28) - Story # 12: Microsoft is blocking 'Microslop' comments in Copilot's official Discord server
• (59:01) - Story # 13: New AirSnitch attack bypasses Wi-Fi encryption in homes, offices, and enterprises

🔗 Register for FREE Infosec Webcasts, Anti-casts & Summits 

https://poweredbybhis.com

Brought to you by:

Black Hills Information Security 

https://www.blackhillsinfosec.com

Antisyphon Training

https://www.antisyphontraining.com/

Active Countermeasures

https://www.activecountermeasures.com

Wild West Hackin Fest

https://wildwesthackinfest.com

• Agentic AI tools that can autonomously perform tasks like researching and booking flights, raising concerns about automated purchases, fraud, guardrails, and over-trust in AI systems.
• The idea of a coming “SaaS apocalypse,” where AI tools could replicate or replace many small- and mid-tier SaaS products by crawling and recreating their functionality—potentially disrupting payroll, accounting, and other service platforms.
• Android’s shift away from its open-platform roots, including concerns about reduced openness, developer anonymity in app stores, and the broader implications for privacy-focused users and alternative operating systems.
• Ongoing tensions in the tech ecosystem around platform control, openness, and general-purpose computing, particularly involving large vendors like Google, Apple, Oracle, and major cloud providers.
• Broader security implications of AI adoption, including hallucinations, accountability, and how organizations are integrating AI to cut costs versus innovate.

The discussion centers strictly on these current tech news developments and their security, privacy, and market impact.

Join us LIVE on Mondays, 4:30pm EST.
A weekly Podcast with BHIS and Friends. We discuss notable Infosec, and infosec-adjacent news stories gathered by our community news team.
https://www.youtube.com/@BlackHillsInformationSecurity

Chat with us on Discord! -
https://discord.gg/bhis
🔴live-chat

Chapters

• (00:00) - PreShow Banter™ — Take the interstate to Dubai
• (04:53) - The Coming SAAS Apocalypse - 2026-02-23
• (07:39) - Story # 1: Keep Android Open
• (15:34) - Story # 2: Meta patents AI that takes over a dead person’s account to keep posting and chatting
• (21:13) - Story # 3: The Coming SaaS Apocalypse...
• (28:52) - Story # 4: Firm Data on AI
• (29:43) - Story # 4b: Thousands of CEOs just admitted AI had no impact on employment or productivity—and it has economists resurrecting a paradox from 40 years ago
• (36:15) - Story # 5: US Defense Secretary Hegseth summons Anthropic CEO for tough talks over military use of Claude, Axios reports
• (40:41) - Story # 6: Conduent data breach could be largest in U.S. history
• (43:13) - Story # 6: The Erosion of Agency and the New Burden on Leaders
• (46:02) - Story # 7: DSA-2026-079: Security Update for RecoverPoint for Virtual Machines Hardcoded Credential Vulnerability
• (48:30) - Story # 8: AI-augmented threat actor accesses FortiGate devices at scale
• (51:42) - Story # 9: I hacked ChatGPT and Google's AI - and it only took 20 minutes
• (01:03:07) - Antisyphon Training SOC Summit, March 25, 2026
• (01:03:40) - Antisyphon Training: Attacking, Defending, and Leveraging AI-LLM Systems
• (01:03:58) - Antisyphon Workshop: Hacking AI-LLM Applications
• (01:04:27) - Antisyphon Anti-Cast: RED TEAMING AI: OWASP LLM TOP 10 WITH BRIAN AND DEREK
• (01:04:53) - PODCAST : A.I. Security Ops

🔗 Register for FREE Infosec Webcasts, Anti-casts & Summits 

https://poweredbybhis.com

Brought to you by:

Black Hills Information Security 

https://www.blackhillsinfosec.com

Antisyphon Training

https://www.antisyphontraining.com/

Active Countermeasures

https://www.activecountermeasures.com

Wild West Hackin Fest

https://wildwesthackinfest.com

Click here to watch this episode on YouTube.

Click here to view the episode transcript.

They also explore the escalating AI arms race, including Meta’s aggressive (and expensive) talent poaching, the growing rivalry between OpenAI and Anthropic, and what it all means for the future of the industry.

Rounding out the episode, the team discusses the unintended consequences of the AI boom—like global hardware shortages stretching beyond GPUs to hard drives—and examines emerging prompt injection attack techniques, highlighting real-world examples and the growing security risks surrounding AI-powered tools.

Join us LIVE on Mondays, 4:30pm EST.
A weekly Podcast with BHIS and Friends. We discuss notable Infosec, and infosec-adjacent news stories gathered by our community news team.
https://www.youtube.com/@BlackHillsInformationSecurity

Chat with us on Discord! -
https://discord.gg/bhis
🔴live-chat

Chapters

• (00:00) - PreShow Banter™ — Threat Actor Age Range
• (05:37) - Palo Alto Fears China Retaliation – 2026-02-16
• (11:28) - Story # 1: Exclusive: Palo Alto chose not to tie China to hacking campaign for fear of retaliation from Beijing, sources say
• (16:01) - Story # 2: Rent a Human
• (20:39) - Story # 3: OpenClaw creator Peter Steinberger joining OpenAI, Altman says
• (24:31) - Story # 4: Western Digital runs out of HDD capacity: CEO says massive AI deals secured, price surges ahead
• (28:30) - Story # 5: GTIG AI Threat Tracker: Distillation, Experimentation, and (Continued) Integration of AI for Adversarial Use
• (30:32) - Story # 6: Data Exfil from Agents in Messaging Apps
• (32:15) - Story # 7: AMOS infostealer targets macOS through a popular AI app
• (39:25) - Story # 8: Discord Voluntarily Pushes Mandatory Age Verification Despite Recent Data Breach
• (46:11) - Story # 9: Vietnam bans unskippable online video ads longer than 5 seconds from next month
• (49:59) - Story # 10: SolarWinds Web Help Desk Exploitation - February 2026
• (54:00) - Story # 11: Devilish devs spawn 287 Chrome extensions to flog your browser history to data brokers
• (58:13) - Story # 12: Snail mail letters target Trezor and Ledger users in crypto-theft attacks
• (01:00:59) - Eric's Workshop
• (01:01:31) - Jennifer's Workshop
• (01:04:36) - SOC Summit 2026

Creators & Guests

• Corey Ham - Host
• Wade Wells - Host
• Bronwen Aker - Host
• Ralph May - Host
• Ched "cheddar" Wiggins - Guest
• Jennifer Shannon - Guest
• Eric Kuehn - Guest

🔗 Register for FREE Infosec Webcasts, Anti-casts & Summits 

https://poweredbybhis.com

Brought to you by:

Black Hills Information Security 

https://www.blackhillsinfosec.com

Antisyphon Training

https://www.antisyphontraining.com/

Active Countermeasures

https://www.activecountermeasures.com

Wild West Hackin Fest

https://wildwesthackinfest.com

Click here to view the episode transcript.

This episode centers on a controversial Notepad update that introduced Markdown rendering—along with a potential remote code execution (RCE) issue. The hosts unpack what this says about modern software bloat, “vibe coding,” and the growing push to embed AI into everything—whether it belongs there or not. They also explore the implications of Discord's Age verification requirements, AI-generated code, including OpenAI’s latest Codex model, and debate whether we’re headed toward a wave of AI-assisted vulnerabilities.

Join us LIVE on Mondays, 4:30pm EST.
A weekly Podcast with BHIS and Friends. We discuss notable Infosec, and infosec-adjacent news stories gathered by our community news team.
https://www.youtube.com/@BlackHillsInformationSecurity

Chat with us on Discord! -
https://discord.gg/bhis
🔴live-chat

Chapters

• (00:00) - PreShow Banter™ — Corey Olympics
• (02:23) - Story # 1: Critical Notepad vulnerability reignites criticism of Microsoft’s forced AI features
• (07:42) - Story # 2: Discord will require a face scan or ID for full access next month
• (10:17) - Story # 3: 2026-01-14: The Day the telnet Died
• (15:04) - Story # 5: BeyondTrust Remote Access Products 0-Day Vulnerability Allows Remote Code Execution
• (16:32) - Story # GRITREP: 0APT and the Victims Who Weren’t
• (20:54) - The advanced advancement of AI models

🔗 Register for FREE Infosec Webcasts, Anti-casts & Summits 

https://poweredbybhis.com

Brought to you by:

Black Hills Information Security 

https://www.blackhillsinfosec.com

Antisyphon Training

https://www.antisyphontraining.com/

Active Countermeasures

https://www.activecountermeasures.com

Wild West Hackin Fest

https://wildwesthackinfest.com

Chat with us on Discord! -
https://discord.gg/bhis
🔴live-chat

This episode breaks down recent reports of sensitive information being shared with AI tools and what that means for security and operations. The discussion covers OPSEC failures, common misuse of ChatGPT in professional environments, how data actually flows through AI systems, and what organizations should (and shouldn’t) worry about. The hosts focus on practical risk, realistic threat models, and actionable lessons for security teams navigating AI adoption.

Chapters

• (00:00) - PreShow Banter™ — Robot Drivers
• (06:29) - US Defense Chief Uploads Secret Into to ChatGTP - 2026-02-02
• (09:54) - Story # 1: US cyber defense chief accidentally uploaded secret government info to ChatGPT
• (19:03) - Story # 2: Hackers can bypass npm’s Shai-Hulud defenses via Git dependencies
• (23:01) - Story # 3: Notepad++ Official Update Mechanism Hijacked to Deliver Malware to Select Users
• (26:30) - Story # 4: Millions of Gmail, Facebook and other account credentials exposed
• (30:55) - Story # 5: Exposed Moltbook Database Let Anyone Take Control of Any AI Agent on the Site
• (36:13) - Story # 6: County pays $600,000 to pentesters it arrested for assessing courthouse security
• (39:12) - Story # 7: Costco reportedly removes RAM from its display PCs to prevent tech-savvy shoplifters, customers claim — GPUs also absent across stores as PC parts become a hot commodity
• (41:13) - Story # 8: Claude Sonnet 5 Is Imminent — And It Could Be a Generation Ahead of Google
• (45:09) - Story # 9: Researchers Find 175,000 Publicly Exposed Ollama AI Servers Across 130 Countries
• (48:49) - Story # 10: Match, Hinge, OkCupid, and Panera Bread breached by ransomware group
• (52:05) - Story # 11: Hunterbrook says Ubiquiti powering Russian battlefield communications in Ukraine
• (54:28) - Story # 12: Attack on Renewable Energy Plants
• (56:26) - Story # 13: Disrupting the World's Largest Residential Proxy Network | Google Cloud Blog

Wade & Hayden on Simply Cyber -
https://www.youtube.com/live/c_lUP5gR15I

Hayden’s Class -
https://www.antisyphontraining.com/product/foundations-of-security-operations-with-hayden-covington/

Mishaal’s Class -
https://www.antisyphontraining.com/product/next-level-osint-with-mishaal-khan/

🔗 Register for FREE Infosec Webcasts, Anti-casts & Summits 

https://poweredbybhis.com

Brought to you by:

Black Hills Information Security 

https://www.blackhillsinfosec.com

Antisyphon Training

https://www.antisyphontraining.com/

Active Countermeasures

https://www.activecountermeasures.com

Wild West Hackin Fest

https://wildwesthackinfest.com

Chat with us on Discord! -
https://discord.gg/bhis
🔴live-chat

In this episode, the hosts break down TikTok’s latest privacy policy and why it’s raising serious red flags. They discuss how the app expands data collection and tracking, what that means for user privacy, and the broader security implications—especially concerns around data access and China. Along the way, the conversation connects these changes to ongoing TikTok ban discussions, real-world risk for individuals and organizations, and what users should consider if they continue using the platform. The episode mixes technical insight with practical takeaways, making the privacy risks easy to understand without losing nuance.

Chapters:

• (00:00) - PreShow Banter™ — Electroshock Therapy
• (02:28) - 2026-01-26
• (07:33) - Story # 1: Fortinet confirms critical FortiCloud auth bypass not fully patched
• (14:27) - Story # 2: Hackers exploit critical telnetd auth bypass flaw to get root
• (17:37) - Story # 3: Clara Hawking’s Post on TikTok's Pivacy Policy
• (24:05) - Story # 4: Supreme Court to hear Facebook pixel tracking case
• (31:02) - Story # 5: Google accused of grooming kids after child receives this email
• (34:38) - Story # 6: House of Lords backs legislation to ban social media for children under 16
• (35:47) - Story # 6b: Australia has banned social media for kids under 16. How does it work?
• (42:20) - Story # 7: Why Software Blocks Won’t Stop Illegally 3D Printed Guns (And What Actually Might)
• (48:29) - Story # 8: 1Password adds pop-up warnings for suspected phishing sites
• (52:09) - ClawdBot / Moltbot

🔗 Register for FREE Infosec Webcasts, Anti-casts & Summits 

https://poweredbybhis.com

Brought to you by:

Black Hills Information Security 

https://www.blackhillsinfosec.com

Antisyphon Training

https://www.antisyphontraining.com/

Active Countermeasures

https://www.activecountermeasures.com

Wild West Hackin Fest

https://wildwesthackinfest.com

Chat with us on Discord! -
https://discord.gg/bhis
🔴live-chat

🔗 Register for FREE Infosec Webcasts, Anti-casts & Summits – 

https://poweredbybhis.com

This episode is a rapid-fire cybersecurity news roundup covering multiple headlines and what they mean for defenders. The crew debates reports that Chinese firms are dropping U.S. and Israeli security vendors, then pivots into breach fallout, malware activity, and real-world attacker behavior. Along the way, they unpack how geopolitics affects procurement, why supply-chain dependencies make “bans” messy, and what happens when organizations swap tools fast. 

Expect candid takes on ransomware trends, enterprise security operations, and where hype collides with implementation. The hosts also riff on incident response realities, risk management, and what security teams should watch for next—plus plenty of side commentary and humor in between.

Chapters

• (00:00) - PreShow Banter™ — Podcast Banter
• (04:13) - Chinese firms to stop using US and Israeli cybersecurity software - 2026-01-19
• (08:56) - Story # 1: Exclusive: Beijing tells Chinese firms to stop using US and Israeli cybersecurity software, sources say
• (13:42) - Story # 2: Tennessee man to plead guilty to hacking Supreme Court’s electronic case filing system
• (16:25) - Story # 3: Hacker gets seven years for breaching Rotterdam and Antwerp ports
• (18:20) - Story # 4: 33-year-old Dutchman arrested for enableing criminals to test malware for antivirus programs.
• (20:02) - Story # 5: Army to ‘kill NIPR’ at multiple locations in commercial internet experiment
• (27:41) - Story # 6: Hungary grants asylum to former Polish minister implicated in spyware probe
• (29:12) - Story # 7: California orders Elon Musk’s AI company to immediately stop sharing sexual deepfakes
• (41:47) - Story # 8: ServiceNow BodySnatcher flaw highlights risks of rushed AI integrations
• (49:30) - Story # 8b: BodySnatcher (CVE-2025-12420): A Broken Authentication and Agentic Hijacking Vulnerability in ServiceNow
• (55:29) - CTF Winners
• (59:19) - ChickenSec: KFC app 'more secure' than Manage My Health, expert claims

ChickenSec: KFC app ‘more secure’ than Manage My Health, expert claims

Brought to you by:

Black Hills Information Security 

https://www.blackhillsinfosec.com

Antisyphon Training

https://www.antisyphontraining.com/

Active Countermeasures

https://www.activecountermeasures.com

Wild West Hackin Fest

https://wildwesthackinfest.com

Chat with us on Discord! -
https://discord.gg/bhis
🔴live-chat

🔗 Register for FREE webcasts, summits, and workshops -
https://poweredbybhis.com

In this episode, we break down the “Doomsday” incident: a major breach forum gets breached, reminding everyone that even cybercriminal communities suffer constant OPSEC failures. We cover what leaked, why these underground markets keep imploding, and how infighting, reused infrastructure, weak authentication, and sloppy identity hygiene turn “elite hackers” into easy targets. Then we connect the dots to law enforcement’s latest crypto actions—how DOJ seizures and mixer investigations work, why blockchain tracing matters, and what criminals try (and fail) to do to hide money flows. Finally, we translate the news into practical defense: validate breach intel, monitor for credential stuffing, enable MFA, use unique passwords, and tighten access logs. Whether you’re a defender, creator, or online, this is the real-world cybercrime story behind the headlines.

Chapters

• (00:00) - PreShow Banter™ — Task Overflow
• (02:29) - BreachForums Doomsday - 2026-01-12
• (05:09) - Story # 1; Did DOJ Prosecutors Violate Trump’s Executive Order by Selling the Forfeited Samourai Wallet Bitcoin?
• (15:42) - Story # 2: Cloudflare defies Italy’s Piracy Shield, won’t block websites on 1.1.1.1 DNS
• (23:04) - Story # 3: California bans data broker reselling health data of millions
• (28:13) - Story # 4: Apple picks Google’s Gemini to run AI-powered Siri coming this year
• (36:00) - Story # 5: Ragebait as a phishing tactic
• (38:00) - Story # 6: Doomsday For Cybercriminals — Data Breach Of Major Dark Web Forum
• (40:31) - Story # 7: The Great VM Escape: ESXi Exploitation in the Wild
• (45:39) - Story # 8: OpenAI says ChatGPT won't use your health information to train its models
• (46:23) - Story # 8b: Anthropic brings Claude to healthcare with HIPAA-ready Enterprise tools
• (50:15) - Story # 9: Max severity Ni8mare flaw lets hackers hijack n8n servers
• (53:05) - Story # 10: Instagram Denies Data Breach, Fixes Unsolicited Password Reset Requests
• (56:49) - Reporter remembers saving animals a year after L.A. wildfires
• (57:52) - CTF Winners

Brought to you by:
Black Hills Information Security
https://www.blackhillsinfosec.com

Antisyphon Training
https://www.antisyphontraining.com/

Active Countermeasures
https://www.activecountermeasures.com

Wild West Hackin Fest - Join us for our Hybrid Conference and Pre-Conference Training
https://wildwesthackinfest.com

Chat with us on Discord! -
https://discord.gg/bhis
🔴live-chat

🔗 Register for FREE webcasts, summits, and workshops -
https://poweredbybhis.com

In this episode, we break down the growing debate around U.S. cyber operations against Venezuela—and what it means for modern cyber warfare, critical infrastructure security, and geopolitics. The conversation explores how nation-state attacks can target a country’s power grid, the challenges of attributing cyberattacks, and why industrial control systems (ICS/SCADA) remain a high-impact battleground. We also discuss the strategic value (and risks) of disrupting energy infrastructure, how these campaigns compare to other real-world incidents, and what defenders can learn to better protect utilities and national systems.

Chapters

• (00:00) - PreShow Banter™ — Undisclosed Closets
• (09:07) - US Cyberattacks on Venezuela - 2026-01-05
• (10:16) - Story # 1:Trump suggests US used cyberattacks to turn off lights in Venezuela during strikes
• (11:14) - Story # 1b: There Were BGP Anomalies During The Venezuela Blackout
• (21:06) - Story # 1c: Pizza index of war: Late-night traffic near Pentagon surges again as US strikes Venezuela
• (32:40) - Story # 2: Finland seizes ship suspected of damaging subsea cable in Baltic Sea
• (35:11) - Story # 3: US cybersecurity experts plead guilty to BlackCat ransomware attacks
• (35:46) - Story # 4: MongoDB Vulnerability CVE-2025-14847 Under Active Exploitation Worldwide
• (39:06) - Story # 5: Hackers claim to hack Resecurity, firm says it was a honeypot
• (42:06) - Story # 6: NordVPN denies breach claims, says attackers have "dummy data"
• (42:35) - Story # 7: Hackers say they have stolen 40 million Condé Nast Records - here's how to stay safe
• (43:43) - Story # 8: Hacker Dressed As Pink Power Ranger Dismantles Racist Websites Live on Stage
• (47:13) - Story # 9: NYC mayoral inauguration bans Flipper Zero, Raspberry Pi devices
• (52:18) - Story # 10: Manufacturer issues remote kill command to disable smart vacuum after engineer blocks it from collecting data — user revives it with custom hardware and Python scripts to run offline
• (55:15) - Story # 11: Ben Jordan Exposes Severe Security Vulnerabilities in Flock Surveillance Cameras
• (57:26) - Story # 11b: We Tracked Ourselves with Exposed Flock Cameras

Story # 1:Trump suggests US used cyberattacks to turn off lights in Venezuela during strikes
Story # 1b: There Were BGP Anomalies During The Venezuela Blackout
Story # 1c: Pizza index of war: Late-night traffic near Pentagon surges again as US strikes Venezuela
Story # 2: Finland seizes ship suspected of damaging subsea cable in Baltic Sea
Story # 3: US cybersecurity experts plead guilty to BlackCat ransomware attacks
Story # 4: MongoDB Vulnerability CVE-2025-14847 Under Active Exploitation Worldwide
Story # 5: Hackers claim to hack Resecurity, firm says it was a honeypot
Story # 6: NordVPN denies breach claims, says attackers have “dummy data”
Story # 7: Hackers say they have stolen 40 million Condé Nast Records - here’s how to stay safe
Story # 8: Hacker Dressed As Pink Power Ranger Dismantles Racist Websites Live on Stage
Story # 9: NYC mayoral inauguration bans Flipper Zero, Raspberry Pi devices
Story # 10: Manufacturer issues remote kill command to disable smart vacuum after engineer blocks it from collecting data — user revives it with custom hardware and Python scripts to run offline
Story # 11: Ben Jordan Exposes Severe Security Vulnerabilities in Flock Surveillance Cameras
Story # 11b: We Tracked Ourselves with Exposed Flock Cameras

Brought to you by:

Black Hills Information Security 

https://www.blackhillsinfosec.com

Antisyphon Training

https://www.antisyphontraining.com/

Active Countermeasures

https://www.activecountermeasures.com

Wild West Hackin Fest

https://wildwesthackinfest.com

Chat with us on Discord! -
https://discord.gg/bhis
🔴live-chat

🔗 Register for FREE webcasts, summits, and workshops -
https://poweredbybhis.com

Chapters

• (00:00) - PreShow Banter™ — testing testing
• (00:11) - Hot Take Predictions for Next Year – 2025-12-15
• (02:10) - Story # 1: Russian kids revolt as Kremlin bans Roblox, other popular apps
• (10:21) - Story # 2: Google's killing off its dark web report because users didn't know what to do with it
• (20:05) - Story # 3: Coupang data breach traced to ex-employee who retained system access
• (31:13) - Story # 4: Roomba maker iRobot bought by Chinese supplier after filing for bankruptcy
• (34:18) - Story # 5: February report from researcher found Chinese KVM had an unclearly documented microphone and communicated with China-based servers, but many of the security issues are now addressed [Updated]
• (36:48) - Story # 6: When adversaries bring their own virtual machine for persistence
• (41:57) - Story # 7: Oh no! Hackers snuck malware inside uber-popular Windows app Notepad++
• (44:20) - Hot Take Predictions for 2026

The team looks ahead to 2026 and shares practical, sometimes blunt predictions about where cybersecurity is heading. They discuss how AI will continue reshaping both offense and defense, with attackers using automation at scale while defenders struggle to operationalize AI beyond marketing hype.

The conversation highlights growing risk from identity abuse, cloud misconfigurations, and insecure SaaS sprawl, noting that many breaches will still come down to basic failures rather than advanced exploits. They also predict continued burnout in security teams, more consolidation among security vendors, and increasing pressure to prove real ROI from security tools.

On the positive side, the hosts see improved detection engineering, better security education, and more community-driven knowledge sharing. Overall, the message is clear: fundamentals still matter, hype won’t save you, and organizations that focus on people, process, and visibility will be better positioned for 2026.

Brought to you by:
Black Hills Information Security
https://www.blackhillsinfosec.com

Antisyphon Training
https://www.antisyphontraining.com/

Active Countermeasures
https://www.activecountermeasures.com

Wild West Hackin Fest
https://wildwesthackinfest.com

https://poweredbybhis.com

Join us LIVE on Mondays, 4:30pm EST.
A weekly Podcast with BHIS and Friends. We discuss notable Infosec, and infosec-adjacent news stories gathered by our community news team.
https://www.youtube.com/@BlackHillsInformationSecurity

Chat with us on Discord!
https://discord.gg/bhis
🔴live-chat

A Live Stream From inside Lazarus Group – 2025-12-08
This BHIS episode blends cybersecurity humor, hacker culture, and livestream chaos as the team jokes about nation-state threats, leaked webcams, OPSEC mishaps, and technical glitches. With unscripted banter and light industry insights, it’s a fun, energetic listen for fans of ethical hacking, infosec podcasts, and behind-the-scenes security chatter.

Chapters
00:00 - PreShow Banter™ — Industry Leaders
02:34 - A Live Stream From inside Lazarus Group – 2025-12-08
04:24 - Story # 1: React2Shell (CVE-2025-55182): Everything You Need to Know About the Critical React Vulnerability
08:58 - Story # 2: A Live Stream from Inside Lazarus Group’s IT Workers Scheme
20:37 - Story # 3: Contractors with hacking records accused of wiping 96 govt databases
26:44 - Story # 4: Apple refuses to pre-install government app on iPhones in India
37:42 - Story # 5: Russia blocks Apple's FaceTime in mounting push against foreign tech platforms
44:55 - Story # 6: ‘End-to-end encrypted’ smart toilet camera is not actually end-to-end encrypted
57:53 - Story # 7: Flock Uses Overseas Gig Workers to Build its Surveillance AI

Brought to you by:

Black Hills Information Security 

https://www.blackhillsinfosec.com

Antisyphon Training

https://www.antisyphontraining.com/

Active Countermeasures

https://www.activecountermeasures.com

Wild West Hackin Fest

https://wildwesthackinfest.com

• (00:00) - 00:00 - PreShow Banter™ — Industry Leaders
• (02:34) - A Live Stream From inside Lazarus Group – 2025-12-08
• (04:24) - Story # 1: React2Shell (CVE-2025-55182): Everything You Need to Know About the Critical React Vulnerability
• (08:57) - Story # 2: A Live Stream from Inside Lazarus Group’s IT Workers Scheme
• (20:37) - Story # 3: Contractors with hacking records accused of wiping 96 govt databases
• (26:44) - Story # 4: Apple refuses to pre-install government app on iPhones in India
• (37:41) - Story # 5: Russia blocks Apple's FaceTime in mounting push against foreign tech platforms
• (44:55) - Story # 6: ‘End-to-end encrypted’ smart toilet camera is not actually end-to-end encrypted
• (57:52) - Story # 7: Flock Uses Overseas Gig Workers to Build its Surveillance AI

https://poweredbybhis.com

Chapters

• (00:00) - PreShow Banter™ — The Problem With Extensions
• (03:10) - Lawmakers Want to Ban VPNs – BHIS - Talkin' Bout [infosec] News 2025-12-01
• (03:47) - Story # 1: Stop Putting Your Passwords Into Random Websites (Yes, Seriously, You Are The Problem)
• (12:05) - Story # 2: Lawmakers Want to Ban VPNs—And They Have No Idea What They're Doing
• (21:18) - Story # 3: Critical 7 Zip Vulnerability With Public Exploit Requires Manual Update
• (25:48) - Story # 4: 'Slop Evader' Lets You Surf the Web Like It’s 2022
• (37:07) - Story # 5: China’s Espionage in Europe is Deepening and More Sophisticated than Acknowledged, Expert Says
• (39:10) - Story # 6: Apple Update Warning For All iPhone 17, 16 And 15 Users—Act Now
• (42:38) - Story # 7: Meta is earning a fortune on a deluge of fraudulent ads, documents show
• (50:22) - Story # 8: Meta had a 17-strike policy for sex trafficking, former safety leader claims
• (52:40) - Story # 9: Man behind in-flight Evil Twin WiFi attacks gets 7 years in prison

Brought to you by:
Black Hills Information Security
https://www.blackhillsinfosec.com

Antisyphon Training
https://www.antisyphontraining.com/

Active Countermeasures
https://www.activecountermeasures.com

Wild West Hackin Fest
https://wildwesthackinfest.com

Chapters

• (00:00) - PreShow Banter™ — Stressed about lithium batteries
• (04:59) - Shai-Hulud malware leaks secrets on GitHub – BHIS - Talkin' Bout [infosec] News 2025-11-24
• (05:57) - Story # 1: Shai-Hulud malware infects 500 npm packages, leaks secrets on GitHub
• (11:18) - Story # 2: CrowdStrike catches insider feeding information to hackers
• (15:50) - Story # 3: Fidelity sues Broadcom over access to key software to avoid outages
• (22:17) - Story # 4: NetApp sues former CTO for alleged data breach
• (26:48) - Story # 5: CrowdStrike Research: Security Flaws in DeepSeek-Generated Code Linked to Political Triggers
• (36:05) - Story # 6: A major Cloudflare outage took down large parts of the internet - X, ChatGPT and more were affected, but all recovered now
• (37:11) - Story # 6b: Cloudflare outage on November 18, 2025
• (41:43) - Story # 7: Iran-Linked Hackers Mapped Ship AIS Data Days Before Real-World Missile Strike Attempt
• (46:34) - Story # 8: This Hacker Conference Installed a Literal Antivirus Monitoring System
• (51:10) - Story # 9: Microsoft to integrate Sysmon directly into Windows 11, Server 2025
• (56:40) - Story # 10: Crypto and Carcasses: Undercover Sting Recovers $700K in Bitcoin Miners, Foils $75K Frozen Turkey Heist

Brought to you by:

Black Hills Information Security 

https://www.blackhillsinfosec.com

Antisyphon Training
https://www.antisyphontraining.com/

https://poweredbybhis.com

00:00:00 - PreShow Banter™ — The Way the Community Rumbles

00:08:21 - A.I. Transcription Startup Was Just A Guy Taking Notes - BHIS - Talkin’ Bout [infosec] News 2025-11-17

00:09:01 - Story # 1: New data shows companies are rehiring former employees as AI falls short of expectations

00:18:06 - Eric & Whitney’s “Podcast” [webcast] on training your own LLM

00:22:12 - Story # 2: Founder Admits His “AI Transcription” Startup Was Just Him Joining People’s Meetings and Taking Notes by Hand

00:26:20 - Story # 3: Five Plead Guilty in U.S. for Helping North Korean IT Workers Infiltrate 136 Companies

00:37:35 - Story # 4: Google is easing up on Android’s new sideloading restrictions!

00:43:44 - Story # 5: Google is collecting troves of data from downgraded Nest thermostats

00:44:58 - Story # 5b: Hackers are saving Google’s abandoned Nest thermostats with open-source firmware

00:51:34 - Story # 6: FFmpeg to Google: Fund Us or Stop Sending Bugs

01:00:40 - Story # 7: Teens are Hacking School Systems. Let’s Teach Them to Protect Communities Instead

01:05:55 - Story # 8: Disrupting the first reported AI-orchestrated cyber espionage campaign

01:14:58 - Discord CTF Winners

• (00:00) - PreShow Banter™ — The Way the Community Rumbles
• (08:21) - A.I. Transcription Starup Was Just A Guy Taking Notes - BHIS - Talkin' Bout [infosec] News 2025-11-17
• (09:01) - Story # 1: New data shows companies are rehiring former employees as AI falls short of expectations
• (18:05) - Eric & Whitney's "Podcast" [webcast] on training your own LLM
• (22:12) - Story # 2: Founder Admits His “AI Transcription” Startup Was Just Him Joining People’s Meetings and Taking Notes by Hand
• (26:20) - Story # 3: Five Plead Guilty in U.S. for Helping North Korean IT Workers Infiltrate 136 Companies
• (37:34) - Story # 4: Google is easing up on Android's new sideloading restrictions!
• (43:43) - Story # 5: Google is collecting troves of data from downgraded Nest thermostats
• (44:58) - Story # 5b: Hackers are saving Google's abandoned Nest thermostats with open-source firmware
• (51:33) - Story # 6: FFmpeg to Google: Fund Us or Stop Sending Bugs
• (01:00:39) - Story # 7: Teens are Hacking School Systems. Let’s Teach Them to Protect Communities Instead
• (01:05:55) - Story # 8: Disrupting the first reported AI-orchestrated cyber espionage campaign
• (01:14:58) - Discord CTF Winners

Chapters

00:00 - PreShow Banter™ — Humans are Done

03:04 - Louvre’s video security password was ‘Louvre’ – BHIS - Talkin’ Bout [infosec] News 2025-11-10

05:11 - Story # 1: I Tried the Robot That’s Coming to Live With You. It’s Still Part Human.

15:14 - Story # 2: How to trade your $214,000 cybersecurity job for a jail cell

25:14 - Story # 3: The Louvre’s video security password was reportedly ‘Louvre’

29:04 - Story # 4: Dangerous runC flaws could allow hackers to escape Docker containers

32:58 - Story # 5: List of AI Tools Promoted by Threat Actors in Underground Forums and Their Capabilities

40:00 - Story # 5b: GTIG AI Threat Tracker: Advances in Threat Actor Usage of AI Tools

56:37 - BHIS Webcast – X-Typhoon - Not your Father’s China with John Strand

• (00:00) - PreShow Banter™ — Humans are Done
• (03:03) - Louvre’s video security password was ‘Louvre’ – BHIS - Talkin' Bout [infosec] News 2025-11-10
• (05:10) - Story # 1: I Tried the Robot That’s Coming to Live With You. It’s Still Part Human.
• (15:14) - Story # 2: How to trade your $214,000 cybersecurity job for a jail cell
• (25:13) - Story # 3: The Louvre’s video security password was reportedly ‘Louvre’
• (29:03) - Story # 4: Dangerous runC flaws could allow hackers to escape Docker containers
• (32:58) - Story # 5: List of AI Tools Promoted by Threat Actors in Underground Forums and Their Capabilities
• (40:00) - Story # 5b: GTIG AI Threat Tracker: Advances in Threat Actor Usage of AI Tools
• (56:37) - BHIS Webcast – X-Typhoon - Not your Father's China with John Strand

00:00 - PreShow Banter™ — Musical Views of the Universe

04:05 - – BHIS - Talkin’ Bout [infosec] News 2025-11-03

04:39 - Story # 1: Ransomware profits drop as victims stop paying hackers

06:22 - Chart since 2019

16:06 - Story # 2: More than a million people every week show suicidal intent when chatting with ChatGPT, OpenAI estimates

33:02 - Story # 3: 10M people watched a YouTuber shim a lock; the lock company sued him. Bad idea.

41:18 - Story # 4: ‘Dangerous’ YouTube videos struck down for bypassing Windows 11 account setup [Update: Restored]

47:13 - Story # 5: Chicago firm that resolves ransomware attacks had rogue workers carrying out their own hacks, FBI says

51:08 - Story # 6: Microsoft: DNS outage impacts Azure and Microsoft 365 services

54:33 - Story # 7: EY Data Leak – Massive 4TB SQL Server Backup Exposed Publicly on Microsoft Azure

55:22 - Stordy # 8: Black Hat Europe 2025 Arsenal: 8 AI Security Tools Transforming Cybersecurity

• (00:00) - PreShow Banter™ — Musical Views of the Universe
• (04:04) - Ransomware Victims Stop Paying Hackers – BHIS - Talkin' Bout [infosec] News 2025-11-03
• (04:38) - Story # 1: Ransomware profits drop as victims stop paying hackers
• (06:22) - Chart since 2019 (thumbnail)
• (16:06) - Story # 2: More than a million people every week show suicidal intent when chatting with ChatGPT, OpenAI estimates
• (33:02) - Story # 3: 10M people watched a YouTuber shim a lock; the lock company sued him. Bad idea.
• (41:18) - Story # 4: ‘Dangerous’ YouTube videos struck down for bypassing Windows 11 account setup [Update: Restored]
• (47:12) - Story # 5: Chicago firm that resolves ransomware attacks had rogue workers carrying out their own hacks, FBI says
• (51:07) - Story # 6: Microsoft: DNS outage impacts Azure and Microsoft 365 services
• (54:33) - Story # 7: EY Data Leak – Massive 4TB SQL Server Backup Exposed Publicly on Microsoft Azure
• (55:22) - Story # 8: Black Hat Europe 2025 Arsenal: 8 AI Security Tools Transforming Cybersecurity

https://poweredbybhis.com

The BHIS crew breaks down the latest cybersecurity stories making waves — from data breaches and malware campaigns to privacy issues, exploit trends, and tech policy shake-ups. Join our panel of security pros for expert analysis, sharp humor, and practical insights you can actually use. Whether it’s social engineering, AI-powered attacks, or bizarre security headlines, we dig into what matters most for defenders and curious minds alike. Stay informed, entertained, and one step ahead in the ever-changing world of infosec.

00:00:00 - PreShow Banter™ — The Cost of War.xyz

00:03:42 - The AI Browser Wars - BHIS - Talkin’ Bout [infosec] News 2025-10-27

00:04:04 - Story # 1: Smart bed owners experience AWS outage nightmare as they’re left sweating and stuck in upright position

00:10:49 - Story # 2: Robots May Replace 600,000 Human Employees at Amazon

00:14:40 - Story # 3: Meet Mico, Microsoft’s AI version of Clippy

00:20:59 - Story # 4: Exploitation of Windows Server Update Services Remote Code Execution Vulnerability

00:26:31 - Story # 5: Ex-L3Harris executive accused of selling trade secrets to Russia

00:31:29 - Story # 6: Introducing ChatGPT Atlas

00:43:34 - Story # 7: ‘Phased Out’—Google Confirms Bad News For 3 Billion Chrome Users

00:52:26 - Story # 8: The Y2K38 Bug Is a Vulnerability, Not Just a Date Problem, Researchers Warn

01:00:16 - Story # 9: KFC Venezuela Alleged Data Breach – 1 Million Customer Records Exposed

• (00:00) - PreShow Banter™ — The Cost of War.xyz
• (03:42) - The AI Browser Wars - BHIS - Talkin' Bout [infosec] News 2025-10-27
• (04:04) - Story # 1: Smart bed owners experience AWS outage nightmare as they're left sweating and stuck in upright position
• (10:48) - Story # 2: Robots May Replace 600,000 Human Employees at Amazon
• (14:40) - Story # 3: Meet Mico, Microsoft’s AI version of Clippy
• (20:58) - Story # 4: Exploitation of Windows Server Update Services Remote Code Execution Vulnerability
• (26:30) - Story # 5: Ex-L3Harris executive accused of selling trade secrets to Russia
• (31:28) - Story # 6: Introducing ChatGPT Atlas
• (43:34) - Story # 7: ‘Phased Out’—Google Confirms Bad News For 3 Billion Chrome Users
• (52:25) - Story # 8: The Y2K38 Bug Is a Vulnerability, Not Just a Date Problem, Researchers Warn
• (01:00:15) - Story # 9: KFC Venezuela Alleged Data Breach – 1 Million Customer Records Exposed

https://poweredbybhis.com

00:00:00 - PreShow Banter™ — AWS Snow Day Party

00:11:31 - Online Book Store Takes Down Half of the Internet - BHIS - Talkin’ Bout [infosec] News 2025-10-20

00:12:12 - Story # 1: F5 says hackers stole undisclosed BIG-IP flaws, source code

00:35:11 - Story # 2: Newsom signs age verification law, siding with tech giants over Hollywood

00:48:39 - Story # 3: Researchers find a startlingly cheap way to steal your secrets from space

00:55:04 - Story # 4: Jeff Bezos Has a Plan to Curb AI’s Carbon Footprint: Send Data Centers to Space

01:02:22 - Story # 5: SolarWinds Security Chief reflects on the Russian hack that exposed US government agencies

• (00:00) - PreShow Banter™ — AWS Snow Day Party
• (11:30) - Online Book Store Takes Down Half of the Internet - BHIS - Talkin' Bout [infosec] News 2025-10-20
• (12:12) - Story # 1: F5 says hackers stole undisclosed BIG-IP flaws, source code
• (35:10) - Story # 2: Newsom signs age verification law, siding with tech giants over Hollywood
• (48:39) - Story # 3: Researchers find a startlingly cheap way to steal your secrets from space
• (55:03) - Story # 4: Jeff Bezos Has a Plan to Curb AI’s Carbon Footprint: Send Data Centers to Space
• (01:02:21) - Story # 5: SolarWinds Security Chief reflects on the Russian hack that exposed US government agencies

https://poweredbybhis.com

00:00 - PreShow Banter™ — A Real Podcast

03:15 - Hackers claim Discord breach exposed data of 5.5 million users – BHIS - Talkin' Bout [infosec] News 2025-10-13

05:44 - Story # 1: CamoLeak: Critical GitHub Copilot Vulnerability Leaks Private Source Code

24:27 - Story # 2: Hackers claim Discord breach exposed data of 5.5 million users

36:52 - Story # 3: Velociraptor leveraged in ransomware attacks

46:47 - Story # 4: Huntress Threat Advisory: Widespread SonicWall SSLVPN Compromise

54:48 - CTF Challenge

• (00:00) - PreShow Banter™ — A Real Podcast
• (03:14) - Hackers claim Discord breach exposed data of 5.5 million users – BHIS - Talkin' Bout [infosec] News 2025-10-13
• (05:43) - Story # 1: CamoLeak: Critical GitHub Copilot Vulnerability Leaks Private Source Code
• (24:26) - Story # 2: Hackers claim Discord breach exposed data of 5.5 million users
• (36:52) - Story # 3: Velociraptor leveraged in ransomware attacks
• (46:46) - Story # 4: Huntress Threat Advisory: Widespread SonicWall SSLVPN Compromise
• (54:48) - CTF Challenge

00:00 - PreShow Banter™ — A little radiation never hurt anybody.

03:07 - BHIS - Talkin’ Bout [infosec] News 2025-09-29

03:29 - Story # 1: As many as 2 million Cisco devices affected by actively exploited 0-day

19:07 - Story # 2: Viral call-recording app Neon goes dark after exposing users’ phone numbers, call recordings, and transcripts | TechCrunch

24:25 - Story # 3: AI Darwin Awards Show AI’s Biggest Problem Is Human

29:32 - Story # 4: Nikon revokes all C2PA image authenticity certificates after major vulnerability exposed

34:14 - Story # 5: ‘You’ll never need to work again’: Criminals offer reporter money to hack BBC

38:18 - Story # 6: Cybersecurity Training Programs Don’t Prevent Employees from Falling for Phishing Scams

46:48 - Mini CTF Walkthrough

56:03 - Story # 7: U.S. Secret Service dismantles imminent telecommunications threat in New York tristate area

• (00:00) - PreShow Banter™ — A little radiation never hurt anybody.
• (03:07) - BHIS - Talkin' Bout [infosec] News 2025-09-29
• (03:28) - Story # 1: As many as 2 million Cisco devices affected by actively exploited 0-day
• (19:06) - Story # 2: Viral call-recording app Neon goes dark after exposing users' phone numbers, call recordings, and transcripts | TechCrunch
• (24:24) - Story # 3: AI Darwin Awards Show AI’s Biggest Problem Is Human
• (29:31) - Story # 4: Nikon revokes all C2PA image authenticity certificates after major vulnerability exposed
• (34:14) - Story # 5: 'You'll never need to work again': Criminals offer reporter money to hack BBC
• (38:18) - Story # 6: Cybersecurity Training Programs Don’t Prevent Employees from Falling for Phishing Scams
• (46:48) - Mini CTF Walkthrough
• (56:02) - Story # 7: U.S. Secret Service dismantles imminent telecommunications threat in New York tristate area

00:00 - PreShow Banter™ — Unnatural European Fridges

03:34 - The Entra ID Cross-Tenant Vulnerability Discovery – BHIS - Talkin’ Bout [infosec] News 2025-09-22

04:14 - Story # 1: One Token to rule them all - obtaining Global Admin in every Entra ID tenant via Actor tokens

21:32 - Story # 2: Shai-Hulud: Self-Replicating Worm Compromises 500+ NPM Packages

40:50 - OSSPREY – NPM Package @Ctrl/Tinycolor Compromised: Shai Hulud Malware Targets Secrets and Persistence

51:41 - Story # 3: Verified Steam game steals streamer’s cancer treatment donations

57:16 - Story # 4: Heathrow warns of second day of disruption after cyber-attack

• (00:00) - PreShow Banter™ — Unnatural European Fridges
• (03:07) - The Entra ID Cross-Tenant Vulnerability Discovery – BHIS - Talkin' Bout [infosec] News 2025-09-22
• (03:45) - Story # 1: One Token to rule them all - obtaining Global Admin in every Entra ID tenant via Actor tokens
• (20:09) - Story # 2: Shai-Hulud: Self-Replicating Worm Compromises 500+ NPM Packages
• (38:51) - OSSPREY – NPM Package @Ctrl/Tinycolor Compromised: Shai Hulud Malware Targets Secrets and Persistence
• (49:28) - Story # 3: Verified Steam game steals streamer's cancer treatment donations
• (54:51) - Story # 4: Heathrow warns of second day of disruption after cyber-attack

00:00 - PreShow Banter™ — Enter Dark John

03:15 - Kerberoasting Goes to Washington – BHIS - Talkin’ Bout [infosec] News 2025-09-15

03:49 - Story # 1: Senator blasts Microsoft for making default Windows vulnerable to “Kerberoasting”

12:46 - Story # 2: How an Attacker’s Blunder Gave Us a Rare Look Inside Their Day-to-Day Operations

32:42 - Story # 3: Some JLR suppliers ‘face bankruptcy’ due to hack crisis

41:30 - Story # 4: AI-Powered Villager Pen Testing Tool Hits 11,000 PyPI Downloads Amid Abuse Concerns

46:07 - Story # 5: All your vulns are belong to us! CISA wants to maintain gov control of CVE program

49:55 - Story # 6: Qantas penalizes executives for July cyberattack

51:15 - Story # 7: America’s second largest egg producer breached, claim hackers

54:55 - Story # 8: Undocumented Radios Found in Solar-Powered Devices

• (00:00) - PreShow Banter™ — Enter Dark John
• (03:14) - Kerberoasting Goes to Washington – BHIS - Talkin' Bout [infosec] News 2025-09-15
• (03:49) - Story # 1: Senator blasts Microsoft for making default Windows vulnerable to “Kerberoasting”
• (12:46) - Story # 2: How an Attacker’s Blunder Gave Us a Rare Look Inside Their Day-to-Day Operations
• (32:41) - Story # 3: Some JLR suppliers 'face bankruptcy' due to hack crisis
• (41:29) - Story # 4: AI-Powered Villager Pen Testing Tool Hits 11,000 PyPI Downloads Amid Abuse Concerns
• (46:06) - Story # 5: All your vulns are belong to us! CISA wants to maintain gov control of CVE program
• (49:54) - Story # 6: Qantas penalizes executives for July cyberattack
• (51:14) - Story # 7: America’s second largest egg producer breached, claim hackers
• (54:55) - Story # 8: Undocumented Radios Found in Solar-Powered Devices

https://poweredbybhis.com

00:00 - PreShow Banter™ — If I Were French

04:35 - Anthropic 1.5 Billion © Settlement - BHIS - Talkin’ Bout [infosec] News 2025-09-08

05:48 - Hackers Threaten to Submit Artists’ Data to AI Models If Art Site Doesn’t Pay Up

08:40 - Anthropic Agrees to Pay Authors at Least $1.5 Billion in AI Copyright Settlement

23:58 - This Company Turns Dashcams into ‘Virtual CCTV Cameras.’ Then Hackers Got In

33:38 - Ice obtains access to Israeli-made spyware that can hack phones and encrypted apps

40:07 - Cloudflare Blocks Record-Breaking 11.5 Tbps DDoS Attack

44:27 - npm Packages With 2 Billion Weekly Downloads Hacked in Major Attack

46:38 - Update on Mandiant Drift and Salesloft Application Investigations

51:04 - M&S hackers claim to be behind Jaguar Land Rover cyber attack

51:55 - New TP-Link zero-day surfaces as CISA warns other flaws are exploited

54:52 - ChickenSec: US turns to Russia for chicken eggs for the first time in 32 years, despite sanctions to cripple its economy

57:58 - Cybercriminals Exploit X’s Grok AI to Bypass Ad Protections and Spread Malware to Millions

• (00:00) - PreShow Banter™ — If I Were French
• (04:35) - Anthropic 1.5 Billion © Settlement - BHIS - Talkin' Bout [infosec] News 2025-09-08
• (05:47) - Hackers Threaten to Submit Artists' Data to AI Models If Art Site Doesn't Pay Up
• (08:40) - Anthropic Agrees to Pay Authors at Least $1.5 Billion in AI Copyright Settlement
• (23:57) - This Company Turns Dashcams into ‘Virtual CCTV Cameras.’ Then Hackers Got In
• (33:38) - Ice obtains access to Israeli-made spyware that can hack phones and encrypted apps
• (40:07) - Cloudflare Blocks Record-Breaking 11.5 Tbps DDoS Attack
• (44:26) - npm Packages With 2 Billion Weekly Downloads Hacked in Major Attack
• (46:37) - Update on Mandiant Drift and Salesloft Application Investigations
• (51:03) - M&S hackers claim to be behind Jaguar Land Rover cyber attack
• (51:54) - New TP-Link zero-day surfaces as CISA warns other flaws are exploited
• (54:52) - ChickenSec: US turns to Russia for chicken eggs for the first time in 32 years, despite sanctions to cripple its economy
• (57:57) - Cybercriminals Exploit X's Grok AI to Bypass Ad Protections and Spread Malware to Millions

https://poweredbybhis.com

00:00 - PreShow Banter™ — It’s 8ft skeleton season.

02:18 - BHIS - Talkin’ Bout [infosec] News 2025-09-02

03:07 - Story # 1: Salesloft breached to steal OAuth tokens for Salesforce data-theft attacks

07:35 - Story # 2: DSLRoot, Proxies, and the Threat of ‘Legal Botnets’

13:46 - Story # 3: Attackers Abuse Velociraptor Forensic Tool to Deploy Visual Studio Code for C2 Tunneling

17:44 - Story # 4: Ransomware crooks knock Swedish municipalities offline for measly sum of $168K

19:39 - Story # 5: As crippling cyberattack against Nevada continues, Lombardo says ‘we’re working through it.’

20:56 - Story # 6: Citrix forgot to tell you CVE-2025–6543 has been used as a zero day since May 2025

22:43 - Story # 7: NetScaler ADC and NetScaler Gateway Security Bulletin for CVE-2025-7775, CVE-2025-7776 and CVE-2025-8424

25:20 - Story # 8: First known AI-powered ransomware uncovered by ESET Research

30:00 - Story # 9: In the rush to adopt hot new tech, security is often forgotten. AI is no exception

32:06 - Story # 10: TransUnion suffers data breach impacting over 4.4 million people

34:17 - Story # 11: ChickenSec FollowUp: Artificial Intelligence: The other AI

35:20 - Story # 12: They weren’t lovin’ it - hacker cracks McDonald’s security in quest for free nuggets, and it was apparently not too tricky

39:29 - Identify the birds you see or hear with Merlin Bird ID

40:04 - Story # 13: Detecting and countering misuse of AI: August 2025

51:31 - Story # 14: I’m a Stanford student. A Chinese agent tried to recruit me as a spy

• (00:00) - PreShow Banter™ — It’s 8ft skeleton season.
• (02:17) - BHIS - Talkin' Bout [infosec] News 2025-09-02
• (03:07) - Story # 1: Salesloft breached to steal OAuth tokens for Salesforce data-theft attacks
• (07:35) - Story # 2: DSLRoot, Proxies, and the Threat of ‘Legal Botnets’
• (13:46) - Story # 3: Attackers Abuse Velociraptor Forensic Tool to Deploy Visual Studio Code for C2 Tunneling
• (17:44) - Story # 4: Ransomware crooks knock Swedish municipalities offline for measly sum of $168K
• (19:39) - Story # 5: As crippling cyberattack against Nevada continues, Lombardo says ‘we’re working through it.’
• (20:56) - Story # 6: Citrix forgot to tell you CVE-2025–6543 has been used as a zero day since May 2025
• (22:43) - Story # 7: NetScaler ADC and NetScaler Gateway Security Bulletin for CVE-2025-7775, CVE-2025-7776 and CVE-2025-8424
• (25:19) - Story # 8: First known AI-powered ransomware uncovered by ESET Research
• (30:00) - Story # 9: In the rush to adopt hot new tech, security is often forgotten. AI is no exception
• (32:05) - Story # 10: TransUnion suffers data breach impacting over 4.4 million people
• (34:16) - Story # 11: ChickenSec FollowUp: Artificial Intelligence: The other AI
• (35:20) - Story # 12: They weren't lovin' it - hacker cracks McDonald's security in quest for free nuggets, and it was apparently not too tricky
• (39:29) - Identify the birds you see or hear with Merlin Bird ID
• (40:03) - Story # 13: Detecting and countering misuse of AI: August 2025
• (51:31) - Story # 14: I’m a Stanford student. A Chinese agent tried to recruit me as a spy

https://poweredbybhis.com

00:00 - PreShow Banter™ — Canadian Chicken

02:01 - The AI Bubble BHIS - Talkin’ Bout [infosec] News 2025-08-25

02:23 - Story # 1: Congressman proposes bringing back letters of marque for cyber privateers

09:27 - Story # 2: SIM-Swapper, Scattered Spider Hacker Gets 10 Years

12:43 - Story # 3: Developer jailed for taking down employer’s network with kill switch malware

16:33 - Story # 4: Agentic Browser Security: Indirect Prompt Injection in Perplexity Comet

20:42 - The Utopia Chronicles

23:20 - Story # 5: “Unstoppable Power Surges”: China’s Quantum Processor Outspeeds Supercomputers by 1 Quadrillion and Triggers US Intelligence Panic

28:47 - Story # 6: Bank forced to rehire workers after lying about chatbot productivity, union says

41:21 - Story # 7: It Took Many Years And Billions Of Dollars, But Microsoft Finally Invented A Calculator That Is Wrong Sometimes

43:41 - Story # 8: Copilot Broke Your Audit Log, but Microsoft Won’t Tell You

46:33 - Story # 9: Russian state-sponsored espionage group Static Tundra compromises unpatched end-of-life network devices

49:24 - Story # 10 : Zero-Day Clickjacking Flaws Found in Password Managers Used by Millions

53:12 - Story # 11: Cybersecurity training doesn’t work: time wasted with no impact, study finds

59:07 - ChickenSec: Artificial Intelligence: The other AI

• (00:00) - PreShow Banter™ — Canadian Chicken
• (02:01) - The AI Bubble BHIS - Talkin' Bout [infosec] News 2025-08-25
• (02:23) - Story # 1: Congressman proposes bringing back letters of marque for cyber privateers
• (09:27) - Story # 2: SIM-Swapper, Scattered Spider Hacker Gets 10 Years
• (12:42) - Story # 3: Developer jailed for taking down employer's network with kill switch malware
• (16:33) - Story # 4: Agentic Browser Security: Indirect Prompt Injection in Perplexity Comet
• (20:41) - The Utopia Chronicles
• (23:20) - Story # 5: “Unstoppable Power Surges”: China’s Quantum Processor Outspeeds Supercomputers by 1 Quadrillion and Triggers US Intelligence Panic
• (28:46) - Story # 6: Bank forced to rehire workers after lying about chatbot productivity, union says
• (41:21) - Story # 7: It Took Many Years And Billions Of Dollars, But Microsoft Finally Invented A Calculator That Is Wrong Sometimes
• (43:41) - Story # 8: Copilot Broke Your Audit Log, but Microsoft Won’t Tell You
• (46:33) - Story # 9: Russian state-sponsored espionage group Static Tundra compromises unpatched end-of-life network devices
• (49:24) - Story # 10 : Zero-Day Clickjacking Flaws Found in Password Managers Used by Millions
• (53:12) - Story # 11: Cybersecurity training doesn’t work: time wasted with no impact, study finds
• (59:06) - ChickenSec: Artificial Intelligence: The other AI

https://poweredbybhis.com

00:00 - PreShow Banter™ — The gif that keeps on giffing

01:46 - Cyberattack Bricks Speed Cameras – BHIS - Talkin’ Bout [infosec] News 2025-08-18

02:39 - Story # 1: Perplexity made a sky-high $34.5 billion bid for Google Chrome — a bold and unusual move in the midst of antitrust scrutiny

07:16 - Story # 2: Exclusive: US embeds trackers in AI chip shipments to catch diversions to China, sources say

10:22 - Story # 3: How we found TeaOnHer spilling users’ driver’s licenses in less than 10 minutes

12:17 - Story # 4: Cisco discloses maximum-severity defect in firewall software

13:56 - Story # 5: Data Dump From APT Actor Yields Clues to Attacker Capabilities

19:13 - Story # 6: Russian cyberattack in the Netherlands leaves speed cameras offline indefinitely

23:30 - Story # 7: HTTP/2 MadeYouReset Vulnerability Enables Massive DDoS Attacks

24:51 - Story # 8: LAPD Eyes ‘GeoSpy’, an AI Tool That Can Geolocate Photos in Seconds

29:05 - Story # 9: Manpower discloses data breach affecting nearly 145,000 people

34:51 - Story # 10: Hacker Offers to Sell 15.8 Million Plain-Text PayPal Credentials On Dark Web Forum

35:34 - Story # 11: The First Federal Cybersecurity Disaster of Trump 2.0 Has Arrived

40:54 - Story # 12: New Clever Phishing Attack Uses Japanese Character “ん” to Mimic Forward Slash “/”

46:28 - Story # 13: Fortinet warns of FortiSIEM pre-auth RCE flaw with exploit in the wild

48:13 - Story # 14: Plex warns users to patch security vulnerability immediately

50:53 - ChickenSec: Noble Foods using soil mapping technology at organic egg farm

• (00:00) - PreShow Banter™ — The gif that keeps on giffing
• (01:46) - Cyberattack Bricks Speed Cameras – BHIS - Talkin' Bout [infosec] News 2025-08-18
• (02:38) - Story # 1: Perplexity made a sky-high $34.5 billion bid for Google Chrome — a bold and unusual move in the midst of antitrust scrutiny
• (07:16) - Story # 2: Exclusive: US embeds trackers in AI chip shipments to catch diversions to China, sources say
• (10:22) - Story # 3: How we found TeaOnHer spilling users’ driver’s licenses in less than 10 minutes
• (12:16) - Story # 4: Cisco discloses maximum-severity defect in firewall software
• (13:55) - Story # 5: Data Dump From APT Actor Yields Clues to Attacker Capabilities
• (19:13) - Story # 6: Russian cyberattack in the Netherlands leaves speed cameras offline indefinitely
• (23:30) - Story # 7: HTTP/2 MadeYouReset Vulnerability Enables Massive DDoS Attacks
• (24:51) - Story # 8: LAPD Eyes ‘GeoSpy’, an AI Tool That Can Geolocate Photos in Seconds
• (29:04) - Story # 9: Manpower discloses data breach affecting nearly 145,000 people
• (34:50) - Story # 10: Hacker Offers to Sell 15.8 Million Plain-Text PayPal Credentials On Dark Web Forum
• (35:34) - Story # 11: The First Federal Cybersecurity Disaster of Trump 2.0 Has Arrived
• (40:53) - Story # 12: New Clever Phishing Attack Uses Japanese Character “ん” to Mimic Forward Slash “/”
• (46:27) - Story # 13: Fortinet warns of FortiSIEM pre-auth RCE flaw with exploit in the wild
• (48:13) - Story # 14: Plex warns users to patch security vulnerability immediately
• (50:52) - ChickenSec: Noble Foods using soil mapping technology at organic egg farm

https://poweredbybhis.com

00:00 - PreShow Banter™ — Wading Through Woods

06:06 - DEF CON RECAP - Talkin’ Bout [infosec] News 2025-08-11

09:16 - Story # 1: It’s time to acknowledge HTTP/1.1 is insecure

12:36 - Story # 2: Research reveals possible privacy gaps in Apple Intelligence’s data handling

17:51 - Story # 3: Federal court filing system hit in sweeping hack

21:09 - Story # 4: Cisco discloses data breach impacting Cisco.com user accounts

32:17 - Story # 5: Google says its AI-based bug hunter found 20 security vulnerabilities

34:20 - Story # 6: Automate security reviews with Claude Code

39:01 - Story # 7: Flipper Zero ‘DarkWeb’ Firmware Bypasses Rolling Code Security on Major Vehicle Brands

44:44 - Story # 7b: OnStar assists CHP in stopping fleeing SUV with toddler inside

47:12 - Story # 7c: That viral video of a ‘deactivated’ Tesla Cybertruck is a fake

49:37 - Story # 8: LegalPwn Attack Tricks GenAI Tools Into Misclassifying Malware as Safe Code

50:53 - Story # 9: Microsoft Launches Project Ire to Autonomously Classify Malware Using AI Tools

53:08 - Story # 10: A Single Poisoned Document Could Leak ‘Secret’ Data Via ChatGPT

58:10 - Story # 11: Millions of Dell Laptops Vulnerable to Device Takeover and Persistent Malware Attacks

• (00:00) - PreShow Banter™ — Wading Through Woods
• (06:06) - DEF CON RECAP - Talkin' Bout [infosec] News 2025-08-11
• (09:15) - Story # 1: It's time to acknowledge HTTP/1.1 is insecure
• (12:36) - Story # 2: Research reveals possible privacy gaps in Apple Intelligence’s data handling
• (17:50) - Story # 3: Federal court filing system hit in sweeping hack
• (21:08) - Story # 4: Cisco discloses data breach impacting Cisco.com user accounts
• (32:16) - Story # 5: Google says its AI-based bug hunter found 20 security vulnerabilities
• (34:20) - Story # 6: Automate security reviews with Claude Code
• (39:00) - Story # 7: Flipper Zero ‘DarkWeb’ Firmware Bypasses Rolling Code Security on Major Vehicle Brands
• (44:43) - Story # 7b: OnStar assists CHP in stopping fleeing SUV with toddler inside
• (47:11) - Story # 7c: That viral video of a ‘deactivated’ Tesla Cybertruck is a fake
• (49:36) - Story # 8: LegalPwn Attack Tricks GenAI Tools Into Misclassifying Malware as Safe Code
• (50:52) - Story # 9: Microsoft Launches Project Ire to Autonomously Classify Malware Using AI Tools
• (53:08) - Story # 10: A Single Poisoned Document Could Leak ‘Secret’ Data Via ChatGPT
• (58:09) - Story # 11: Millions of Dell Laptops Vulnerable to Device Takeover and Persistent Malware Attacks

https://poweredbybhis.com

00:00:00 - PreShow Banter™ — Stop Asking Wade if he’s in Vegas

00:02:16 - Perplexity Uses Stealth Crawlers to Evade No-Crawl Directives – 2025-08-04

00:11:25 - Story # 1: Insurance won’t cover $5M in City of Hamilton claims for cyberattack, citing lack of log-in security

00:18:40 - Story # 2: States Enact Safe Harbor Laws that Provide Affirmative Defenses in Data Breach Litigation

00:26:45 - Story # 3: Hackers Destroy Aeroflot’s IT Infrastructure, Causing Over 42 Flight Cancellations

00:34:18 - Story # 4: Attackers exploit link-wrapping services to steal Microsoft 365 logins

00:40:09 - Story # 5: Mozilla flags phishing wave aimed at hijacking trusted Firefox add-ons

00:42:18 - Wade’s plugin recommendation

00:44:39 - Story # 6: Perplexity is using stealth, undeclared crawlers to evade website no-crawl directives

00:51:11 - Story # 7: After Backlash, ChatGPT Removes Option to Have Private Chats Indexed by Google

00:55:21 - AI 2027

01:01:01 - What’s Ralph been up to?

• (00:00) - PreShow Banter™ — Stop Asking Wade if he's in Vegas
• (02:16) - Perplexity Uses Stealth Crawlers to Evade No-Crawl Directives – 2025-08-04
• (11:25) - Story # 1: Insurance won't cover $5M in City of Hamilton claims for cyberattack, citing lack of log-in security
• (18:39) - Story # 2: States Enact Safe Harbor Laws that Provide Affirmative Defenses in Data Breach Litigation
• (26:44) - Story # 3: Hackers Destroy Aeroflot’s IT Infrastructure, Causing Over 42 Flight Cancellations
• (34:18) - Story # 4: Attackers exploit link-wrapping services to steal Microsoft 365 logins
• (40:09) - Story # 5: Mozilla flags phishing wave aimed at hijacking trusted Firefox add-ons
• (42:17) - Wade’s plugin recommendation
• (44:38) - Story # 6: Perplexity is using stealth, undeclared crawlers to evade website no-crawl directives
• (51:10) - Story # 7: After Backlash, ChatGPT Removes Option to Have Private Chats Indexed by Google
• (55:20) - AI 2027
• (01:01:00) - What’s Ralph been up to?

00:00 - PreShow Banter™ — National Chicken Wing Day

04:16 - BHIS - Talkin’ Bout [infosec] News 2025-07-28

05:30 - Story # 1: Bad vibes: How an AI agent coded its way to disaster

08:40 - Story # 1b: Replit goes rogue, deletes entire database.

15:44 - Story # 2: A major AI training data set contains millions of examples of personal data

26:05 - Story # 3: Women Dating Safety App ‘Tea’ Breached, Users’ IDs Posted to 4chan

33:19 - Story # 4:A Startup is Selling Data Hacked from Peoples’ Computers to Debt Collectors

40:28 - Story # 5: Clorox Sues IT Provider Cognizant For Simply Giving Employee Password to Hackers

49:46 - Story # 6: Businesses banned from paying hackers’ ransoms to target cybercrime

57:38 - SharePoint Follow Up

• (00:00) - PreShow Banter™ — National Chicken Wing Day
• (04:15) - BHIS - Talkin' Bout [infosec] News 2025-07-28
• (05:29) - Story # 1: Bad vibes: How an AI agent coded its way to disaster
• (08:39) - Story # 1b: Replit goes rogue, deletes entire database.
• (15:43) - Story # 2: A major AI training data set contains millions of examples of personal data
• (26:04) - Story # 3: Women Dating Safety App 'Tea' Breached, Users' IDs Posted to 4chan
• (33:18) - Story # 4:A Startup is Selling Data Hacked from Peoples’ Computers to Debt Collectors
• (40:27) - Story # 5: Clorox Sues IT Provider Cognizant For Simply Giving Employee Password to Hackers
• (49:46) - Story # 6: Businesses banned from paying hackers’ ransoms to target cybercrime
• (57:38) - SharePoint Follow Up

https://poweredbybhis.com

00:00 - PreShow Banter™ — PaintBallers

03:55 - BHIS - Talkin’ Bout [infosec] News 2025-07-21

04:21 - Story # 1: Microsoft 0-day Mass Exploitation

09:39 - Story # 2: Replit AI went rogue, deleted a company’s entire database, then hid it and lied about it

13:15 - Story # 3: ‘All US forces must now assume their networks are compromised’ after Salt Typhoon breach

18:08 - Story # 4: After FBI Warning, Alaska Airlines Grounded; Salt Typhoon Suspected

20:45 - Story # 5: FBI Cybersecurity Breach Led to Murders of Informants in El Chapo Case

21:54 - Story # 5b: FBI’s Report

29:57 - Story # 6: Google fixes actively exploited sandbox escape zero day in Chrome

31:30 - Story # 7: Exploited Wing file transfer bug risks ‘total server compromise,’ CISA warns

32:33 - Story # 8: CitrixBleed 2 situation update — everybody already got owned

33:01 - Story # 9: At Least 750 US Hospitals Faced Disruptions During Last Year’s CrowdStrike Outage, Study Finds

46:14 - Story # 10: Amazon Ring Doorbell May 28 Mass Hacking Claim Goes Viral

48:56 - jdbgmgr.exe virus hoax

51:52 - Story # 11: HPE warns of hardcoded passwords in Aruba access points

• (00:00) - PreShow Banter™ — PaintBallers
• (03:55) - BHIS - Talkin' Bout [infosec] News 2025-07-21
• (04:20) - Story # 1: Microsoft 0-day Mass Exploitation
• (09:39) - Story # 2: Replit AI went rogue, deleted a company's entire database, then hid it and lied about it
• (13:14) - Story # 3: ‘All US forces must now assume their networks are compromised’ after Salt Typhoon breach
• (18:08) - Story # 4: After FBI Warning, Alaska Airlines Grounded; Salt Typhoon Suspected
• (20:44) - Story # 5: FBI Cybersecurity Breach Led to Murders of Informants in El Chapo Case
• (21:53) - Story # 5b: FBI's Report
• (29:56) - Story # 6: Google fixes actively exploited sandbox escape zero day in Chrome
• (31:30) - Story # 7: Exploited Wing file transfer bug risks ‘total server compromise,’ CISA warns
• (32:32) - Story # 8: CitrixBleed 2 situation update — everybody already got owned
• (33:00) - Story # 9: At Least 750 US Hospitals Faced Disruptions During Last Year’s CrowdStrike Outage, Study Finds
• (46:14) - Story # 10: Amazon Ring Doorbell May 28 Mass Hacking Claim Goes Viral
• (48:55) - jdbgmgr.exe virus hoax
• (51:52) - Story # 11: HPE warns of hardcoded passwords in Aruba access points

00:00 - PreShow Banter™ — Traditional Finger

00:21 - BHIS - Talkin’ Bout [infosec] News 2025-07-14

01:29 - Story # 1: ‘123456’ password exposed chats for 64 million McDonald’s job chatbot applications

22:12 - Story # 2: Employee gets $920 for credentials used in $140 million bank heist

33:50 - Story # 3: Microsoft laying off about 9,000 employees in latest round of cuts

37:21 - Story # 5: Scammy YouTube Ads

46:31 - Story # 6: New ServiceNow flaw lets attackers enumerate restricted data

• (00:00) - PreShow Banter™ — Traditional Finger
• (00:21) - BHIS - Talkin' Bout [infosec] News 2025-07-14
• (01:28) - Story # 1: '123456' password exposed chats for 64 million McDonald’s job chatbot applications
• (22:12) - Story # 2: Employee gets $920 for credentials used in $140 million bank heist
• (33:50) - Story # 3: Microsoft laying off about 9,000 employees in latest round of cuts
• (37:20) - Story # 5: Scammy YouTube Ads
• (46:31) - Story # 6: New ServiceNow flaw lets attackers enumerate restricted data

https://poweredbybhis.com

00:00 - PreShow Banter™ — Pre Stream Appropriate

03:39 - N. Korean Remote Workers are at it Again! – BHIS - Talkin’ Bout [infosec] News 2025-07-07

05:41 - Story # 1: Fortune 500 Cyber Spending Pays Off: Large Enterprise Risk Falls 33% Despite Rising Threats

20:01 - Story # 2: Jasper Sleet: North Korean remote IT workers’ evolving tactics to infiltrate organizations

25:49 - Story # 2b: Engineer caught juggling multiple startup jobs is a cautionary tale of ‘extreme’ hustle culture, experts say

34:47 - Story # 3: Taking SHELLTER: a commercial evasion framework abused in- the- wild

42:15 - Story # 3b: Statement Regarding Recent Misuse of Shellter Elite and Elastic Security Labs’ Handling

46:58 - Story # 4: Ingram Micro outage caused by SafePay ransomware attack

49:45 - Story # 5: Germany asks Google, Apple to remove DeepSeek AI from app stores

53:13 - Story # 6: This Call of Duty game just hit Xbox Game Pass, but it’s infested with RCE hackers — I’d take cover and avoid playing until there’s a fix

• (00:00) - PreShow Banter™ — Pre Stream Appropriate
• (03:39) - N. Korean Remote Workers are at it Again! – BHIS - Talkin' Bout [infosec] News 2025-07-07
• (05:40) - Story # 1: Fortune 500 Cyber Spending Pays Off: Large Enterprise Risk Falls 33% Despite Rising Threats
• (20:00) - Story # 2: Jasper Sleet: North Korean remote IT workers’ evolving tactics to infiltrate organizations
• (25:49) - Story # 2b: Engineer caught juggling multiple startup jobs is a cautionary tale of ‘extreme’ hustle culture, experts say
• (34:47) - Story # 3: Taking SHELLTER: a commercial evasion framework abused in- the- wild
• (42:14) - Story # 3b: Statement Regarding Recent Misuse of Shellter Elite and Elastic Security Labs’ Handling
• (46:58) - Story # 4: Ingram Micro outage caused by SafePay ransomware attack
• (49:44) - Story # 5: Germany asks Google, Apple to remove DeepSeek AI from app stores
• (53:13) - Story # 6: This Call of Duty game just hit Xbox Game Pass, but it's infested with RCE hackers — I'd take cover and avoid playing until there's a fix

https://poweredbybhis.com

Chapters:

00:00 - PreShow Banter™ — Names on Cups

01:39 - Year of the [European Union] Linux Desktop Finally Arrives? | BHIS - Talkin’ Bout [infosec] News 2025-06-30

03:34 - Story # 1: You should probably delete any sensitive screenshots you have in your phone right now.

10:55 - Story # 2: Ongoing Campaign Abuses Microsoft 365’s Direct Send to Deliver Phishing Emails

14:07 - Story # 3: The year of the European Union Linux desktop may finally arrive

24:46 - Story # 4: Restricted data once again leaked on War Thunder forums

27:04 - Story # 5: Scale AI Leaks Meta, Google, xAI Confidential Files Through ‘Incredibly Janky’ Document Practices

31:47 - Story # 6: French police reportedly arrest suspected BreachForums administrators

34:22 - Story # 7: Another Wave: North Korean Contagious Interview Campaign Drops 35 New Malicious npm Packages

39:41 - Story # 8: CitrixBleed 2: Electric Boogaloo — CVE-2025–5777

42:16 - Story # 9: Millions of Brother Printers Hit by Critical, Unpatchable Bug

47:05 - Story # 10: Canada orders China’s Hikvision to close Canadian operations

50:13 - Story # 11: US House bans WhatsApp on staff devices over security concerns

53:17 - ChickenSec: Chickens are becoming 3rd most popular pet: Tractor Supply CEO

56:34 - Story # 12: Norway Dam Hacked, Valve Opened But No Danger

58:11 - Review your calendar invites!

• (00:00) - PreShow Banter™ — Names on Cups
• (01:38) - Year of the [European Union] Linux Desktop Finally Arrives? | BHIS - Talkin' Bout [infosec] News 2025-06-30
• (03:33) - Story # 1: You should probably delete any sensitive screenshots you have in your phone right now.
• (10:55) - Story # 2: Ongoing Campaign Abuses Microsoft 365’s Direct Send to Deliver Phishing Emails
• (14:07) - Story # 3: The year of the European Union Linux desktop may finally arrive
• (24:45) - Story # 4: Restricted data once again leaked on War Thunder forums
• (27:03) - Story # 5: Scale AI Leaks Meta, Google, xAI Confidential Files Through ‘Incredibly Janky’ Document Practices
• (31:46) - Story # 6: French police reportedly arrest suspected BreachForums administrators
• (34:21) - Story # 7: Another Wave: North Korean Contagious Interview Campaign Drops 35 New Malicious npm Packages
• (39:40) - Story # 8: CitrixBleed 2: Electric Boogaloo — CVE-2025–5777
• (42:16) - Story # 9: Millions of Brother Printers Hit by Critical, Unpatchable Bug
• (47:05) - Story # 10: Canada orders China's Hikvision to close Canadian operations
• (50:12) - Story # 11: US House bans WhatsApp on staff devices over security concerns
• (53:16) - ChickenSec: Chickens are becoming 3rd most popular pet: Tractor Supply CEO
• (56:33) - Story # 12: Norway Dam Hacked, Valve Opened But No Danger
• (58:11) - Review your calendar invites!

https://poweredbybhis.com

00:00 - PreShow Banter™ — Explaining the Muppets

03:09 - Iran Shuts Down It's Own Internet- BHIS - Talkin’ Bout [infosec] News 2025-06-23

04:52 - Story # 1: Iran’s government says it shut down internet to protect against cyberattacks

20:20 - Story # 2: Iranian bank linked to revolutionary guard hit by ‘cyber attack’

22:11 - Story # 3: Hackers switch to targeting U.S. insurance companies

23:32 - Story # 3b: Statement: Erie Insurance Information Security Incident (June 23)

33:33 - Story # 4: No, the 16 billion credentials leak is not a new data breach

43:23 - Story # 5: ‘Water Curse’ Targets Infosec Pros via Poisoned GitHub Repositories

47:09 - Story # 6: CISA Reveals ‘Pattern’ of Ransomware Attacks Against SimpleHelp RMM

48:49 - Story # 7: Report Links Los Pollos and RichAds to Malware Traffic Operations

58:29 - Story # 8: Minnesota lawmaker’s alleged killer had list of data broker websites in car, FBI says

• (00:00) - PreShow Banter™ — Explaining the Muppets
• (03:08) - Iran Shuts Down It's Own Internet - BHIS - Talkin' Bout [infosec] News 2025-06-23
• (04:52) - Story # 1: Iran’s government says it shut down internet to protect against cyberattacks
• (20:19) - Story # 2: Iranian bank linked to revolutionary guard hit by ‘cyber attack’
• (22:11) - Story # 3: Hackers switch to targeting U.S. insurance companies
• (23:31) - Story # 3b: Statement: Erie Insurance Information Security Incident (June 23)
• (33:32) - Story # 4: No, the 16 billion credentials leak is not a new data breach
• (43:22) - Story # 5: 'Water Curse' Targets Infosec Pros via Poisoned GitHub Repositories
• (47:09) - Story # 6: CISA Reveals 'Pattern' of Ransomware Attacks Against SimpleHelp RMM
• (48:48) - Story # 7: Report Links Los Pollos and RichAds to Malware Traffic Operations
• (58:29) - Story # 8: Minnesota lawmaker’s alleged killer had list of data broker websites in car, FBI says

https://poweredbybhis.com

00:00 - PreShow Banter™ — Government Linux

04:16 - Denmark is Done with Teams! - Talkin’ Bout [infosec] News 2025-06-16

05:02 - Story # 1: ‘We’re done with Teams’: German state hits uninstall on Microsoft

17:34 - Story # 1b: Denmark Wants to Dump Microsoft Software for Linux, LibreOffice

18:14 - Story # 2: Zero-click AI data leak flaw uncovered in Microsoft 365 Copilot

25:50 - Story # 3: Fog ransomware attacks use employee monitoring tool to break into business networks

30:25 - Story # 4: Expired Discord Invites Hijacked for Stealthy Malware Attacks

34:00 - Story # 5: SmartAttack uses smartwatches to steal data from air-gapped systems

40:25 - Story # 6: Mirai Botnets Exploiting Wazuh Security Platform Vulnerability

44:47 - Story # 7: Google Cloud and Cloudflare hit by widespread service outages

48:04 - Story # 8: UNFI cyberattack shuts down network and leaves Whole Foods and others in limbo

50:34 - Story # 9: New SharePoint Phishing Attacks Using Lick Deceptive Techniques

51:08 - Story # 10: US-backed Israeli company’s spyware used to target European journalists, Citizen Lab finds

53:32 - Story # 11: Five Zero-Days, 15 Misconfigurations Found in Salesforce Industry Cloud

• (00:00) - PreShow Banter™ — Government Linux
• (04:15) - Denmark is Done with Teams! - Talkin' Bout [infosec] News 2025-06-16
• (05:02) - Story # 1: 'We're done with Teams': German state hits uninstall on Microsoft
• (17:33) - Story # 1b: Denmark Wants to Dump Microsoft Software for Linux, LibreOffice
• (18:14) - Story # 2: Zero-click AI data leak flaw uncovered in Microsoft 365 Copilot
• (25:49) - Story # 3: Fog ransomware attacks use employee monitoring tool to break into business networks
• (30:24) - Story # 4: Expired Discord Invites Hijacked for Stealthy Malware Attacks
• (33:59) - Story # 5: SmartAttack uses smartwatches to steal data from air-gapped systems
• (40:25) - Story # 6: Mirai Botnets Exploiting Wazuh Security Platform Vulnerability
• (44:47) - Story # 7: Google Cloud and Cloudflare hit by widespread service outages
• (48:03) - Story # 8: UNFI cyberattack shuts down network and leaves Whole Foods and others in limbo
• (50:33) - Story # 9: New SharePoint Phishing Attacks Using Lick Deceptive Techniques
• (51:08) - Story # 10: US-backed Israeli company’s spyware used to target European journalists, Citizen Lab finds
• (53:31) - Story # 11: Five Zero-Days, 15 Misconfigurations Found in Salesforce Industry Cloud

https://poweredbybhis.com

00:00 - PreShow Banter™ — Time to Bake

05:12 - Chatbot Tells Addict to Take Drugs - Talkin’ Bout [infosec] News 2025-05-06

06:08 - Story # 1: Meta and Yandex are de-anonymizing Android users’ web browsing identifiers

12:55 - Story # 2: Therapy Chatbot Tells Recovering Addict to Have a Little Meth as a Treat

16:11 - Story # 3: The Cost of a Call: From Voice Phishing to Data Extortion

26:56 - Story # 4: Questions Swirl Around ConnectWise Flaw Used in Attacks

27:40 - Story # 4b: ConnectWise email

35:28 - Story # 5: Critical Cisco ISE Auth Bypass Flaw Impacts Cloud Deployments on AWS, Azure, and OCI

39:27 - Story # 6: Misconfigured HMIs Expose US Water Systems to Anyone With a Browser

52:20 - Story # 7: Fact Sheet: President Donald J. Trump Reprioritizes Cybersecurity Efforts to Protect America

• (00:00) - PreShow Banter™ — Time to Bake
• (05:12) - Chatbot Tells Addict to Take Drugs - Talkin' Bout [infosec] News 2025-05-06
• (06:08) - Story # 1: Meta and Yandex are de-anonymizing Android users’ web browsing identifiers
• (12:55) - Story # 2: Therapy Chatbot Tells Recovering Addict to Have a Little Meth as a Treat
• (16:11) - Story # 3: The Cost of a Call: From Voice Phishing to Data Extortion
• (26:56) - Story # 4: Questions Swirl Around ConnectWise Flaw Used in Attacks
• (27:40) - Story # 4b: ConnectWise email
• (35:27) - Story # 5: Critical Cisco ISE Auth Bypass Flaw Impacts Cloud Deployments on AWS, Azure, and OCI
• (39:26) - Story # 6: Misconfigured HMIs Expose US Water Systems to Anyone With a Browser
• (52:19) - Story # 7: Trump cyber executive order takes aim at prior orders, secure software, identity

https://poweredbybhis.com

00:00 - PreShow Banter™ — natural MSG

05:31 - Victoria’s Secrets are Compromised - Talkin’ Bout [infosec] News 2025-06-02

06:31 - Story # 1: Authors Are Accidentally Leaving AI Prompts In their Novels

08:36 - Story # 1b: This Latest AI Book Debacle Is A Disturbing Part Of A Growing Trend

09:41 - Story # 2: Developer Builds Tool That Scrapes YouTube Comments, Uses AI to Predict Where Users Live

10:48 - Story # 2b: AI-powered OSINT tool profiles YouTube users, raising privacy concerns

15:55 - Story # 2c: Researchers Dump 2 Billion Scraped Discord Messages Online

20:28 - Story # 3: Vending-Bench: A Benchmark for Long-Term Coherence of Autonomous Agents

21:02 - Story # 3b: An AI Goes Insane, Emails FBI Over $2 (YouTube)

26:55 - Story # 4: The UK will totally replace two-thirds of junior civil servants with AI chatbots, says the chatbot

27:27 - Story # 4b: Reeves confirms 15% cut to Civil Service running costs

29:29 - Story # 5: ConnectWise Breached, ScreenConnect Customers Targeted

31:28 - LOLRMM - a curated list of Remote Monitoring and Management (RMM) tools that could potentially be abused by threat actors.

35:34 - Story # 6: New Windows RAT Evades Detection for Weeks Using Corrupted DOS and PE Headers

36:19 - Story # 7: US intelligence employee arrested for alleged double-dealing of classified info

40:12 - Story # 8: Victoria’s Secret takes down website after security incident

45:43 - Story # 9: Microsoft and CrowdStrike partner to link hacking group names

46:59 - Story # 10: Zscaler Acquisition of Red Canary

49:57 - Story # 11: Most of CISA’s senior leaders are leaving the agency

51:22 - Story # 12: Telegram announces partnership with Musk’s xAI

51:32 - Story # 13: Google warns of Vietnam-based hackers using bogus AI video generators to spread malware

• (00:00) - PreShow Banter™ — natural MSG
• (05:31) - BHIS - Talkin' Bout [infosec] News 2025-06-02
• (06:31) - Story # 1: Authors Are Accidentally Leaving AI Prompts In their Novels
• (08:36) - Story # 1b: This Latest AI Book Debacle Is A Disturbing Part Of A Growing Trend
• (09:40) - Story # 2: Developer Builds Tool That Scrapes YouTube Comments, Uses AI to Predict Where Users Live
• (10:47) - Story # 2b: AI-powered OSINT tool profiles YouTube users, raising privacy concerns
• (15:55) - Story # 2c: Researchers Dump 2 Billion Scraped Discord Messages Online
• (20:28) - Story # 3: Vending-Bench: A Benchmark for Long-Term Coherence of Autonomous Agents
• (21:02) - Story # 3b: An AI Goes Insane, Emails FBI Over $2 (YouTube)
• (26:55) - Story # 4: The UK will totally replace two-thirds of junior civil servants with AI chatbots, says the chatbot
• (27:27) - Story # 4b: Reeves confirms 15% cut to Civil Service running costs
• (29:28) - Story # 5: ConnectWise Breached, ScreenConnect Customers Targeted
• (31:27) - LOLRMM - a curated list of Remote Monitoring and Management (RMM) tools that could potentially be abused by threat actors.
• (35:33) - Story # 6: New Windows RAT Evades Detection for Weeks Using Corrupted DOS and PE Headers
• (36:18) - Story # 7: US intelligence employee arrested for alleged double-dealing of classified info
• (40:12) - Story # 8: Victoria’s Secret takes down website after security incident
• (45:42) - Story # 9: Microsoft and CrowdStrike partner to link hacking group names
• (46:59) - Story # 10: Zscaler Acquisition of Red Canary
• (49:57) - Story # 11: Most of CISA’s senior leaders are leaving the agency
• (51:21) - Story # 12: Telegram announces partnership with Musk's xAI
• (51:32) - Story # 13: Google warns of Vietnam-based hackers using bogus AI video generators to spread malware