Talkin' Bout [Infosec] News

Folgen

• Anti-Tech Extremism - 2026-06-01 03.06.2026 1Std. 13Min.

  This episode covers a Wired report on the rise of “anti-tech extremism” and growing public opposition to AI infrastructure projects, including debates over data centers, resource consumption, local communities, and government responses. The hosts also discuss AI coding assistants, model safety restrictions, and the evolving capabilities of large language models. Additional topics include Anthropic’s reported IPO plans and valuation, AI’s impact on the tech industry, and a conversation with David Bianco about AI-generated threat-hunting datasets and cybersecurity training.Join us LIVE on Mondays, 4:30pm EST.A weekly Podcast with BHIS and Friends. We discuss notable Infosec, and infosec-adjacent news stories gathered by our community news team.https://www.youtube.com/@BlackHillsInformationSecurityChat with us on Discord! - https://discord.gg/bhis🔴live-chatChapters(00:00) - PreShow Banter™ — Solving this thing (03:52) - Anti-Tech Extremism - 2026-06-01 (08:08) - Threat Hunter Summit | June 17th 2026 (12:11) - Story # 1: US Law Enforcement Warns of ‘Anti-Tech Extremism’ as AI Hatred Grows (20:54) - Story # 2: Anthropic files for its IPO (23:35) - Story # 3: FBI: Hackers Sending Operatives in Person to Insert USB Drives and Steal Data (29:41) - Story # 4: Microsoft Defender can now automatically isolate hacked endpoints (30:45) - Story # 5: Microsoft's GitHub bans security researcher who posted zero-day Windows exploits because company 'ruined their life' (36:54) - Story # 6: Cyber Force? Senator pushes to create service branch under the Army (42:10) - Story # 7: Are you ready? Anthropic preparing to release Mythos publicly (46:38) - Story # 8: Defense at AI speed: Microsoft’s new multi-model agentic security system tops leading industry benchmark (49:12) - Story # 9: Attackers Use LLM Agent for Post-Exploitation After Marimo CVE-2026-39987 Exploit (50:43) - Story # 10: Hackers Simply Asked Meta AI to Give Them Access to High-Profile Instagram Accounts. It Worked (56:02) - Story # 11: Kali365 phishing kit bypasses MFA and steals Microsoft logins (58:02) - Story # 12: Botnet of more than 17 million devices dismantled (01:01:13) - Story # 13: United flight returns midair after Bluetooth device name reportedly sparks security scare (01:03:49) - Story # 14: Inside the Charter data breach: hackers leak 13M+ customer data (01:04:37) - Introducing EvidenceForge: Synthetic security logs that don’t look (as) fake (01:10:04) - Threat Hunter Summit | June 17th 2026 (01:10:57) - Anti-Cast : How Hackers Attack CI/CD Pipelines w/ Phil Miller (01:11:36) - Cyber Threat Intelligence 101 2-Day Version (01:11:57) - Ralph's Practical Physical Exploitation Training & Tool Bundle Links00:00:00 - PreShow Banter™ — Solving this thing00:03:52 - Anti-Tech Extremism - 2026-06-0100:08:08 - Threat Hunter Summit | June 17th 202600:12:11 - Story # 1: US Law Enforcement Warns of ‘Anti-Tech Extremism’ as AI Hatred Grows00:20:54 - Story # 2: Anthropic files for its IPO00:23:36 - Story # 3: FBI: Hackers Sending Operatives in Person to Insert USB Drives and Steal Data00:29:41 - Story # 4: Microsoft Defender can now automatically isolate hacked endpoints00:30:46 - Story # 5: Microsoft’s GitHub bans security researcher who posted zero-day Windows exploits because company ‘ruined their life’00:36:54 - Story # 6: Cyber Force? Senator pushes to create service branch under the Army00:42:11 - Story # 7: Are you ready? Anthropic preparing to release Mythos publicly00:46:39 - Story # 8: Defense at AI speed: Microsoft’s new multi-model agentic security system tops leading industry benchmark00:49:12 - Story # 9: Attackers Use LLM Agent for Post-Exploitation After Marimo CVE-2026-39987 Exploit00:50:44 - Story # 10: Hackers Simply Asked Meta AI to Give Them Access to High-Profile Instagram Accounts. It Worked00:56:03 - Story # 11: Kali365 phishing kit bypasses MFA and steals Microsoft logins00:58:02 - Story # 12: Botnet of more than 17 million devices dismantled01:01:13 - Story # 13: United flight returns midair after Bluetooth device name reportedly sparks security scare01:03:50 - Story # 14: Inside the Charter data breach: hackers leak 13M+ customer data01:04:38 - Introducing EvidenceForge: Synthetic security logs that don’t look (as) fake01:10:05 - Threat Hunter Summit | June 17th 202601:10:57 - Anti-Cast : How Hackers Attack CI/CD Pipelines w/ Phil Miller01:11:37 - Cyber Threat Intelligence 101 2-Day Version01:11:58 - Ralph’s Practical Physical Exploitation Training & Tool BundleCreators & Guests Corey Ham - Host Ralph May - Host Shane Hartman - Guest Wade Wells - Host Ryan Poirier - Producer David Bianco - Guest Phil Miller - Guest Click here to watch this episode on YouTube. Click here to view the episode transcript. 🔗 Register for FREE Infosec Webcasts, Anti-casts & Summits https://poweredbybhis.comBrought to you by:Black Hills Information Security https://www.blackhillsinfosec.comAntisyphon Traininghttps://www.antisyphontraining.com/Active Countermeasureshttps://www.activecountermeasures.comWild West Hackin Festhttps://wildwesthackinfest.com
• GitHub bans vindictive security researcher - 2026-05-26 30.05.2026 1Std. 2Min.

  This episode covers a CISA contractor’s accidental exposure of AWS GovCloud credentials and internal system details on GitHub, the FBI’s efforts to patch vulnerable routers, and a critical NGINX vulnerability with public proof-of-concept code. The team also discusses Microsoft’s handling of a disputed Azure Backup security finding, the challenges of vulnerability disclosure and CVE assignment, and GitHub’s ban of security researcher Nightmare Eclipse following the publication of unpatched Windows vulnerability research.Join us LIVE on Mondays, 4:30pm EST.A weekly Podcast with BHIS and Friends. We discuss notable Infosec, and infosec-adjacent news stories gathered by our community news team.https://www.youtube.com/@BlackHillsInformationSecurityChat with us on Discord! - https://discord.gg/bhis🔴live-chatChapters(00:00) - PreShow Banter™ — Getting to Chili's (05:45) - GitHub bans vindictive security researcher - 2026-05-26 (07:09) - Story # 1: CISA Admin Leaked AWS GovCloud Keys on Github (10:45) - Story # 2 - PoC Code Published for Critical NGINX Vulnerability (12:53) - Story # 3 - Anthropic’s restricted Claude Mythos model may be coming to Claude Code (16:16) - Story # 4 - The FBI just remotely reset thousands of home and small office routers – and your TP-Link could be on the hitlist (22:37) - Story # 5 - Drupal to Release Emergency Core Security Updates Amid Fears of Rapid Exploitation (25:52) - Story # 6 - Microsoft rejects critical Azure vulnerability report, no CVE issued (28:09) - Story # 7 - GitHub bans vindictive security researcher dropping Windows zero-days: “I will make sure your bones are shattered” (30:41) - Story # 8a - A Hacker Group Is Poisoning Open Source Code at an Unprecedented Scale (32:16) - Story # 8b - TeamPCP breached GitHub’s internal codebase via poisoned VS Code extension (35:21) - Story # 10 - Ubiquiti patches three max severity UniFi OS vulnerabilities (37:51) - Story # 11 - Pizza Hut's AI system caused 'cascading' problems and $100M in damages, franchisee alleges in new suit (43:55) - Story # 12 - Data Leak at German Hospital (45:00) - Story # 13 - Microsoft shuts down illegal code-signing operation used by ransomware crims to mask their malware (47:50) - Story # 14 - Chicken News (50:07) - Story # 15 - New Windows 'MiniPlasma' zero-day exploit gives SYSTEM access, PoC released (51:04) - Story # 15b - Might someone pass along that Crowdstrike and Nessus are having a moment? LinksStory # 1 - CISA Admin Leaked AWS GovCloud Keys on GithubStory # 2 - PoC Code Published for Critical NGINX VulnerabilityStory # 3 - Anthropic’s restricted Claude Mythos model may be coming to Claude CodeStory # 4 - The FBI just remotely reset thousands of home and small office routers – and your TP-Link could be on the hitlistStory # 5 - Drupal to Release Emergency Core Security Updates Amid Fears of Rapid ExploitationStory # 6 - Microsoft rejects critical Azure vulnerability report, no CVE issuedStory # 7 - GitHub bans vindictive security researcher dropping Windows zero-days: “I will make sure your bones are shattered”Story # 8a - A Hacker Group Is Poisoning Open Source Code at an Unprecedented ScaleStory # 8b - TeamPCP breached GitHub’s internal codebase via poisoned VS Code extensionStory # 10 - Ubiquiti patches three max severity UniFi OS vulnerabilitiesStory # 11 - Pizza Hut’s AI system caused ‘cascading’ problems and $100M in damages, franchisee alleges in new suitStory # 12 - Data Leak at German HospitalStory # 13 - Microsoft shuts down illegal code-signing operation used by ransomware crims to mask their malwareStory # 14 - Chicken NewsStory # 15 - New Windows ‘MiniPlasma’ zero-day exploit gives SYSTEM access, PoC releasedStory # 15b - Might someone pass along that Crowdstrike and Nessus are having a moment?Creators & Guests Alethe Denis - Guest Corey Ham - Host Wade Wells - Host Bronwen Aker - Host Meagan Bentley - Producer Hayden Covington - Host Click here to watch this episode on YouTube. Click here to view the episode transcript. 🔗 Register for FREE Infosec Webcasts, Anti-casts & Summits https://poweredbybhis.comBrought to you by:Black Hills Information Security https://www.blackhillsinfosec.comAntisyphon Traininghttps://www.antisyphontraining.com/Active Countermeasureshttps://www.activecountermeasures.comWild West Hackin Festhttps://wildwesthackinfest.com
• Mythos finds a curl vulnerability - 2026-05-18 22.05.2026 1Std. 6Min.

  This episode covers Mythos uncovering a vulnerability in cURL, a recent Google Threat Intelligence report on a zero-day exploit, and the growing impact of AI on capture-the-flag competitions and bug bounty programs. The hosts also discuss the economics of AI platforms like OpenAI, security research trends, and broader concerns around software vulnerabilities, automation, and defensive tooling.Join us LIVE on Mondays, 4:30pm EST.A weekly Podcast with BHIS and Friends. We discuss notable Infosec, and infosec-adjacent news stories gathered by our community news team.https://www.youtube.com/@BlackHillsInformationSecurityChat with us on Discord! - https://discord.gg/bhis🔴live-chatChapters(00:00) - PreShow Banter™ — Token CTFs (03:18) - Story # 1: Mythos finds a curl vulnerability (06:36) - Story # 2: Hackers Used AI to Develop First Known Zero-Day 2FA Bypass for Mass Exploitation (14:47) - Story # 3: The down fall of bug bounties (15:34) - Story # 3: Linus Torvalds says AI-powered bug hunters have made Linux security mailing list ‘almost entirely unmanageable’ (40:52) - Story # 4: Germany to Flood Ukraine’s Front Lines With Hundreds of New GEREON Combat Robots (43:51) - Story # 4b: Wild Video Shows Delivery Robots Causing Havoc, Getting Obliterated (49:35) - Story # 5: Windows BitLocker zero-day gives access to protected drives, PoC released (56:09) - Story # 6: Deal reached with hackers to delete data stolen from the Canvas educational platform (58:07) - Story # 7: Celebrities’ and influencers’ private communications exposed in stalkerware data breach (58:54) - Story # 8: Exclusive: Hackers have breached tank readers at US gas stations; officials suspect Iran is responsible (01:00:29) - Threat Hunting Summit Talk: Threat Hunting in the Dark: A Practical Approach (01:04:47) - WEBCAST: Looking at A.I. Wrong with John Strand, BB King and Derek Banks LinksStory # 1: Mythos finds a curl vulnerabilityStory # 2: Hackers Used AI to Develop First Known Zero-Day 2FA Bypass for Mass ExploitationStory # 3: The down fall of bug bountiesStory # 3: Linus Torvalds says AI-powered bug hunters have made Linux security mailing list ‘almost entirely unmanageable’Story # 4: Germany to Flood Ukraine’s Front Lines With Hundreds of New GEREON Combat RobotsStory # 4b: Wild Video Shows Delivery Robots Causing Havoc, Getting ObliteratedStory # 5: Windows BitLocker zero-day gives access to protected drives, PoC releasedStory # 6: Deal reached with hackers to delete data stolen from the Canvas educational platformStory # 7: Celebrities’ and influencers’ private communications exposed in stalkerware data breachStory # 8: Exclusive: Hackers have breached tank readers at US gas stations; officials suspect Iran is responsibleThreat Hunting Summit Talk: Threat Hunting in the Dark: A Practical ApproachWEBCAST: Looking at A.I. Wrong with John Strand, BB King and Derek BanksCreators & Guests John Strand - Host Corey Ham - Host Wade Wells - Host Bronwen Aker - Host Ralph May - Host Shane Hartman - Guest Meagan Bentley - Producer Hayden Covington - Host Click here to watch this episode on YouTube. Click here to view the episode transcript. 🔗 Register for FREE Infosec Webcasts, Anti-casts & Summits https://poweredbybhis.comBrought to you by:Black Hills Information Security https://www.blackhillsinfosec.comAntisyphon Traininghttps://www.antisyphontraining.com/Active Countermeasureshttps://www.activecountermeasures.comWild West Hackin Festhttps://wildwesthackinfest.com
• The Canvas / Instructure Breach – 2026-05-11 11.05.2026 1Std. 3Min.

  Join us LIVE on Mondays, 4:30pm EST.A weekly Podcast with BHIS and Friends. We discuss notable Infosec, and infosec-adjacent news stories gathered by our community news team.https://www.youtube.com/@BlackHillsInformationSecurityChat with us on Discord! - https://discord.gg/bhis🔴live-chatThis episode of Talking About News focuses on the reported Canvas/Instructure breach, including discussion around ShinyHunters, transparency concerns, higher education security challenges, and possible attack paths involving phishing and tenant compromise. The team also explores broader cybersecurity trends such as social engineering, ransomware pressure tactics, and the growing role of AI and platform security in modern enterprise environments.Chapters(00:00) - PreShow Banter™ — Californian Problems (02:25) - The Canvas / Instructure Breach – 2026-05-11 (10:23) - Story # 1: Canvas Breach Disrupts Schools & Colleges Nationwide (13:45) - Story # 1b: Security Incident Update & FAQs (43:14) - Story # 2: Wazuh cluster sync path traversal in decompress_files() enables arbitrary file write and code execution from authenticated cluster peer (47:34) - Story # 3: Google Chrome silently installs a 4 GB AI model on your device without consent. (52:19) - Story # 4: Trellix source code breach claimed by RansomHouse hackers (58:12) - Story # 5: Rose Acre Farms Targeted in Alleged Lynx Ransomware Attack - Cybersecurity LinksStory # 1: Canvas Breach Disrupts Schools & Colleges NationwideStory # 1b: Security Incident Update & FAQsStory # 2: Wazuh cluster sync path traversal in decompress_files() enables arbitrary file write and code execution from authenticated cluster peerStory # 3: Google Chrome silently installs a 4 GB AI model on your device without consent.Story # 4: Trellix source code breach claimed by RansomHouse hackersStory # 5: Rose Acre Farms Targeted in Alleged Lynx Ransomware Attack - CybersecurityWade's Workshop: Threat Actor Profiling: Know Your EnemyAlethe Denis' Webcast: How to Build a Bulletproof PretextAlethe Denis' Workshop: How to Build Pressure-Proof PretextsCreators & Guests John Strand - Host Corey Ham - Host Wade Wells - Host Ched "cheddar" Wiggins - Guest Bronwen Aker - Host Hayden Covington - Host Ryan Poirier - Producer Alethe Denis - Guest Click here to watch this episode on YouTube. Click here to view the episode transcript. 🔗 Register for FREE Infosec Webcasts, Anti-casts & Summits https://poweredbybhis.comBrought to you by:Black Hills Information Security https://www.blackhillsinfosec.comAntisyphon Traininghttps://www.antisyphontraining.com/Active Countermeasureshttps://www.activecountermeasures.comWild West Hackin Festhttps://wildwesthackinfest.com
• Utah Bans VPN Age Bypass - 2026-05-04 10.05.2026 1Std. 10Min.

  Join us LIVE on Mondays, 4:30pm EST.A weekly Podcast with BHIS and Friends. We discuss notable Infosec, and infosec-adjacent news stories gathered by our community news team.https://www.youtube.com/@BlackHillsInformationSecurityChat with us on Discord! - https://discord.gg/bhis🔴live-chatThis episode covers several major cybersecurity and technology news stories, including Utah’s proposed crackdown on VPNs used to bypass online age-verification systems and the privacy and enforcement concerns surrounding those laws. The hosts also discuss newly disclosed MOVEit Transfer vulnerabilities and patching guidance, software trust and code-signing weaknesses, and broader issues around internet regulation and digital identity verification. Additional discussion touches on AI, science-fiction-inspired technology concepts, relativity and time dilation, and other notable developments from the week in cybersecurity and tech news.Chapters(00:00) - PreShow Banter™ — Alien Communications 101 (03:38) - Utah Bans VPN Age Bypass - 2026-05-04 (09:13) - Story #1 - DigiCert Revokes Certificates After Support Portal Hack (15:25) - Story #2 - Progress warns of critical MOVEit Automation auth bypass flaw (16:44) - Story #3 - Critical cPanel and WHM bug exploited as a zero-day, PoC now available (23:33) - Story #4 - Copy Fail (26:17) - Story #5 - Claude-powered AI coding agent deletes entire company database in 9 seconds — backups zapped, after Cursor tool powered by Anthropic's Claude goes rogue (33:42) - Story #6 - Elon Musk testifies that xAI trained Grok on OpenAI models (38:51) - Story #7 - Utah first state to hold websites liable for users who mask their location with VPNs — law goes into effect, designed to prevent bypassing age checks (51:23) - Story #8 - Why you should refuse to let your doctor record you (56:19) - Story #9 - Technique Change Type: How the ATT&CK Object Changed LinksCreators & Guests Corey Ham - Host Wade Wells - Host Ralph May - Host Tim Medin - Guest Patrick Gorman - Guest Click here to watch this episode on YouTube. Click here to view the episode transcript. 🔗 Register for FREE Infosec Webcasts, Anti-casts & Summits https://poweredbybhis.comBrought to you by:Black Hills Information Security https://www.blackhillsinfosec.comAntisyphon Traininghttps://www.antisyphontraining.com/Active Countermeasureshttps://www.activecountermeasures.comWild West Hackin Festhttps://wildwesthackinfest.com
• NASA Gets Phished by Chinese - 2026-04-27 28.04.2026 1Std. 10Min.

  This episode dives into the economics and competitive dynamics of the AI industry, including discussions on profitability, pricing strategies, monopolization, and the rise of open and distilled models—particularly concerns around Chinese AI competition. The hosts also cover a reported long-running phishing campaign linked to Chinese actors targeting NASA-affiliated researchers and engineers, highlighting how social engineering was used to extract sensitive aerospace information.Join us LIVE on Mondays, 4:30pm EST.A weekly Podcast with BHIS and Friends. We discuss notable Infosec, and infosec-adjacent news stories gathered by our community news team.https://www.youtube.com/@BlackHillsInformationSecurityChat with us on Discord! - https://discord.gg/bhis🔴live-chatChapters(00:00) - PreShow Banter™ — Making More Money than OpenAI (04:58) - NASA Gets Phished by Chinese - 2026-04-27 (07:22) - Story # 1: ‘Scattered Spider’ Member ‘Tylerb’ Pleads Guilty (13:07) - Story # 2: A Mexican surveillance giant you’ve never heard of is now watching the U.S. border (19:59) - Story # 3: Scam messages offering ships safe transit through Hormuz, security firm warns (24:24) - Story # 4: Apple fixes bug that let the FBI recover deleted Signal messages (27:49) - Story # 5: Bitwarden CLI Compromised in Ongoing Checkmarx Supply Chain Campaign (30:28) - Story # 6: cDc communications | CULT OF THE DEAD COW | The Hacktivismo Declaration: Rebooted 2026-04-21 (34:07) - Story # 7: NASA Employees Duped in Chinese Phishing Scheme Targeting U.S. Defense Software (36:29) - Story # 8: How UNC6692 Employed Social Engineering to Deploy a Custom Malware Suite (41:34) - Story # 9: Discord group says it accessed Claude Mythos by guessing location (44:19) - Story # 10: Introducing GPT‑5.5 (46:46) - Story # 11: CERT-In Advisory CIAD-2026-0020 (50:47) - Story # 12: pro j e c t d e a l LinksStory # 1: ‘Scattered Spider’ Member ‘Tylerb’ Pleads GuiltyStory # 2: A Mexican surveillance giant you’ve never heard of is now watching the U.S. borderStory # 3: Scam messages offering ships safe transit through Hormuz, security firm warnsStory # 4: Apple fixes bug that let the FBI recover deleted Signal messagesStory # 5: Bitwarden CLI Compromised in Ongoing Checkmarx Supply Chain CampaignStory # 6: cDc communications | CULT OF THE DEAD COW | The Hacktivismo Declaration: Rebooted 2026-04-21Story # 7: NASA Employees Duped in Chinese Phishing Scheme Targeting U.S. Defense SoftwareStory # 8: How UNC6692 Employed Social Engineering to Deploy a Custom Malware SuiteStory # 9: Discord group says it accessed Claude Mythos by guessing locationStory # 10: Introducing GPT‑5.5Story # 11: CERT-In Advisory CIAD-2026-0020Story # 12: pro j e c t d e a lCreators & Guests Aisling nic Lynne "siriciryel" - Guest Corey Ham - Host John Strand - Host Ralph May - Host Hayden Covington - Host Wade Wells - Host Ryan Poirier - Producer Click here to watch this episode on YouTube. Click here to view the episode transcript. 🔗 Register for FREE Infosec Webcasts, Anti-casts & Summits https://poweredbybhis.comBrought to you by:Black Hills Information Security https://www.blackhillsinfosec.comAntisyphon Traininghttps://www.antisyphontraining.com/Active Countermeasureshttps://www.activecountermeasures.comWild West Hackin Festhttps://wildwesthackinfest.com
• Tim Cook Announces Apple CEO Exit - 2026-04-20 22.04.2026 1Std. 4Min.

  This episode covers several major cybersecurity and tech news stories, including a supply chain–related breach at Vercel involving exposed environment variables and compromised third-party AI tooling. The hosts also discuss concerns around AI-driven data risks, including browser extensions and large-scale data collection. Additional topics include a service scraping and republishing Zoom webinar recordings, evolving issues with web cookies and tracking, and industry news such as reports of Apple CEO Tim Cook stepping down.Join us LIVE on Mondays, 4:30pm EST.A weekly Podcast with BHIS and Friends. We discuss notable Infosec, and infosec-adjacent news stories gathered by our community news team.https://www.youtube.com/@BlackHillsInformationSecurityChat with us on Discord! - https://discord.gg/bhis🔴live-chatChapters(00:00) - PreShow Banter™ — Watch Out for the Brownies (04:35) - Tim Cook Announces Apple CEO Exit - 2026-04-20 (05:57) - Story # 1: Vercel April 2026 security incident (19:00) - Story # 2: 'Addicted to hacking': Young hacker behind historic breach speaks out for 1st time, before reporting to prison (27:19) - Story # 3: Mythos And The CVSS Problem No One Wants to Talk About (But We Need To) (28:49) - Story # 4: Introducing Claude Opus 4.7 (32:14) - Story # 4b: Identity verification on Claude (36:00) - Story # 5: Tim Cook to become Apple Executive Chairman John Ternus to become Apple CEO (40:18) - Story # 6: Microsoft faces fresh Windows Recall security concerns (44:12) - Story # 7: WebinarTV Secretly Scraped Zoom Meetings of Anonymous Recovery Programs (48:20) - Story # 8: Google, Microsoft, Meta All Tracking You Even When You Opt Out, According to an Independent Audit (51:12) - Story # 9: Little Caesars Wants ChatGPT to Order Your Pizza for You (53:35) - Story # 10: NIST Updates NVD Operations to Address Record CVE Growth (01:00:08) - Workshop: Rapid Endpoint Investigations for Linux and Mac (01:01:20) - Cyber Threat Intelligence 101 2 Day Version (01:02:24) - ANTI-CAST: How to Break Free from the Cybersecurity Burnout Trap w/ Natalia Samman LinksStory # 1: Vercel April 2026 security incidentStory # 2: ‘Addicted to hacking’: Young hacker behind historic breach speaks out for 1st time, before reporting to prisonStory # 3: Mythos And The CVSS Problem No One Wants to Talk About (But We Need To)Story # 4: Introducing Claude Opus 4.7Story # 4b: Identity verification on ClaudeStory # 5: Tim Cook to become Apple Executive Chairman John Ternus to become Apple CEOStory # 6: Microsoft faces fresh Windows Recall security concernsStory # 7: WebinarTV Secretly Scraped Zoom Meetings of Anonymous Recovery ProgramsStory # 8: Google, Microsoft, Meta All Tracking You Even When You Opt Out, According to an Independent AuditStory # 9: Little Caesars Wants ChatGPT to Order Your Pizza for YouStory # 10: NIST Updates NVD Operations to Address Record CVE GrowthWorkshop: Rapid Endpoint Investigations for Linux and MacCyber Threat Intelligence 101 2 Day VersionANTI-CAST: How to Break Free from the Cybersecurity Burnout Trap w/ Natalia SammanCreators & Guests Corey Ham - Host Ralph May - Host Patterson Cake - Guest Wade Wells - Host Bronwen Aker - Host Meagan Bentley - Producer Click here to watch this episode on YouTube. Click here to view the episode transcript. 🔗 Register for FREE Infosec Webcasts, Anti-casts & Summits https://poweredbybhis.comBrought to you by:Black Hills Information Security https://www.blackhillsinfosec.comAntisyphon Traininghttps://www.antisyphontraining.com/Active Countermeasureshttps://www.activecountermeasures.comWild West Hackin Festhttps://wildwesthackinfest.com
• Anthropic’s Project Glasswing is an Infosec Turning Point – 2026-04-13 14.04.2026 1Std. 6Min.

  This episode dives into Anthropic’s “Project Glasswing” and the broader implications of AI-driven offensive security, including models autonomously discovering vulnerabilities and attempting sandbox escapes. The hosts discuss how agentic AI testing approaches could reshape vulnerability research, while also raising concerns about AI safety, regulation, and real-world risk. Additional topics include the growing impact of AI on security workflows, rising infrastructure costs tied to AI demand, a new infostealer ecosystem overview, and ongoing debates about data collection practices and platform privacy.Join us LIVE on Mondays, 4:30pm EST.A weekly Podcast with BHIS and Friends. We discuss notable Infosec, and infosec-adjacent news stories gathered by our community news team.https://www.youtube.com/@BlackHillsInformationSecurityChat with us on Discord! - https://discord.gg/bhis🔴live-chatChapters(00:00) - PreShow Banter™ — A Real Studio (03:43) - Anthropic’s Project Glasswing is an Infosec Turning Point – 2026-04-13 (05:39) - Story # 1: Project Glasswing (22:20) - Story # 2: AI-Led Remediation Crisis Prompts HackerOne to Pause Bug Bounties (30:36) - Story # 3: Disgruntled researcher leaks “BlueHammer” Windows zero-day exploit (32:39) - WEBCAST: Proxy Execution with Microsoft Edge WebView2 w/ Matthew Eidelberg (51:47) - Story # 4: New "BrowserGate" report claims LinkedIn secretly scans user browsers for installed extensions and collects device data (56:32) - Story # 5: The silent “Storm”: New infostealer hijacks sessions, decrypts server-side (58:46) - ChickenSec: the Chicken Accords of 2026 (01:00:27) - Story # 6: EFF is Leaving X (01:03:01) - Workshop: How to Think Like a Cybersecurity Defender (01:05:49) - AI Security Ops Podcast LinksStory # 1: Project GlasswingStory # 2: AI-Led Remediation Crisis Prompts HackerOne to Pause Bug BountiesStory # 3: Disgruntled researcher leaks “BlueHammer” Windows zero-day exploitWEBCAST: Proxy Execution with Microsoft Edge WebView2 w/ Matthew EidelbergStory # 4: New “BrowserGate” report claims LinkedIn secretly scans user browsers for installed extensions and collects device dataStory # 5: The silent “Storm”: New infostealer hijacks sessions, decrypts server-sideChickenSec: the Chicken Accords of 2026Story # 6: EFF is Leaving XWorkshop: How to Think Like a Cybersecurity DefenderAI Security Ops PodcastCreators & Guests Corey Ham - Host Wade Wells - Host Alex Minster "Belouve" - Guest Bronwen Aker - Host Ralph May - Host John Strand - Host Doc Blackburn - Guest Click here to watch this episode on YouTube. Click here to view the episode transcript. 🔗 Register for FREE Infosec Webcasts, Anti-casts & Summits https://poweredbybhis.comBrought to you by:Black Hills Information Security https://www.blackhillsinfosec.comAntisyphon Traininghttps://www.antisyphontraining.com/Active Countermeasureshttps://www.activecountermeasures.comWild West Hackin Festhttps://wildwesthackinfest.com
• Artemis Astronaut's Bad Outlooks - 2026-04-06 09.04.2026 1Std. 6Min.

  This episode covers several major cybersecurity and tech news stories, including a sophisticated NPM supply chain attack that compromised the widely used Axios library through advanced social engineering, and the broader implications for software security. The hosts also discuss the accidental leak of Anthropic’s Claude codebase, what it reveals about AI development practices, and the risks of misconfigurations exposing sensitive systems. Additional conversation touches on AI reliability, “vibe-coded” software, and the growing role of AI in both development and attack techniques.Join us LIVE on Mondays, 4:30pm EST.A weekly Podcast with BHIS and Friends. We discuss notable Infosec, and infosec-adjacent news stories gathered by our community news team.https://www.youtube.com/@BlackHillsInformationSecurityChat with us on Discord! - https://discord.gg/bhis🔴live-chatChapters(00:00) - PreShow Banter™ — Professional Sitters (04:36) - Artemis Astronaut's Bad Outlooks - 2026-04-06 (07:12) - The Absolute Truths of Cybersecurity with Doc Blackburn (08:52) - Professionally Evil API Testing: AAA and Keys are Not Just for Cars (09:35) - Story # 1: Post Mortem: axios npm supply chain compromise (19:54) - Story # 2: Artemis II astronaut: 'I have two Microsoft Outlooks, and neither one of those are working' (26:02) - Story # 3: Microsoft Copilot Terms of Service Label Copilot is for Entertainment Purposes Only (30:13) - Story # 4: Here’s what that Claude Code source leak reveals about Anthropic’s plans (35:03) - Story # 4b: https://neuromatch.social/@jonny/116325123136895805 (37:57) - Story # 5: Meta freezes AI data work after breach puts training secrets at risk (41:40) - Story # 6: Possible US Government iPhone Hacking Tool Leaked (44:32) - Story # 7: FBI labels data breach ‘major incident,’ notifies Congress (46:58) - Story # 8: vSphere and BRICKSTORM Malware: A Defender's Guide (52:12) - Story # 9: CBP Facility Codes Sure Seem to Have Leaked Via Online Flashcards (01:04:26) - ChickenSec: Why did the chicken wear a reflective vest? To cross the road of course LinksThe Absolute Truths of Cybersecurity with Doc BlackburnProfessionally Evil API Testing: AAA and Keys are Not Just for CarsStory # 1: Post Mortem: axios npm supply chain compromiseStory # 2: Artemis II astronaut: ‘I have two Microsoft Outlooks, and neither one of those are working’Story # 3: Microsoft Copilot Terms of Service Label Copilot is for Entertainment Purposes OnlyStory # 4: Here’s what that Claude Code source leak reveals about Anthropic’s plansStory # 4b: https://neuromatch.social/@jonny/116325123136895805Story # 5: Meta freezes AI data work after breach puts training secrets at riskStory # 6: Possible US Government iPhone Hacking Tool LeakedStory # 7: FBI labels data breach ‘major incident,’ notifies CongressStory # 8: vSphere and BRICKSTORM Malware: A Defender’s GuideStory # 9: CBP Facility Codes Sure Seem to Have Leaked Via Online FlashcardsChickenSec: Why did the chicken wear a reflective vest? To cross the road of courseCreators & Guests Jennifer Shannon - Guest Wade Wells - Host Corey Ham - Host Ralph May - Host Ryan Poirier - Producer Bronwen Aker - Host Doc Blackburn - Guest Click here to watch this episode on YouTube. Click here to view the episode transcript. 🔗 Register for FREE Infosec Webcasts, Anti-casts & Summits https://poweredbybhis.comBrought to you by:Black Hills Information Security https://www.blackhillsinfosec.comAntisyphon Traininghttps://www.antisyphontraining.com/Active Countermeasureshttps://www.activecountermeasures.comWild West Hackin Festhttps://wildwesthackinfest.com
• FCC Blocks Foreign-Made Routers – 2026-03-30 01.04.2026 1Std. 7Min.

  This episode covers the FCC’s move to restrict or ban certain foreign-made networking equipment—especially routers tied to Chinese manufacturers—highlighting the potential cybersecurity risks, supply chain implications, and how the rule could affect ISPs and consumers. The hosts also discuss broader concerns around hardware trust, existing infrastructure, and what qualifies as “approved” devices under FCC guidelines, along with a brief, lighter mention of a viral robot incident making the rounds online.Join us LIVE on Mondays, 4:30pm EST.A weekly Podcast with BHIS and Friends. We discuss notable Infosec, and infosec-adjacent news stories gathered by our community news team.https://www.youtube.com/@BlackHillsInformationSecurityChat with us on Discord! - https://discord.gg/bhis🔴live-chatChapters(00:00) - PreShow Banter™ — Robot Handlers (05:11) - FCC Blocks Foreign-Made Routers – 2026-03-30 (06:44) - Story # 1: FCC moves to block new foreign-made routers (17:00) - Story # 2: FBI Chief Kash Patel’s Gmail Account was Hacked by Iranian Hackers (20:07) - Story # 3: FancyBear Exposed: Major OPSEC Blunder Inside Russian Espionage Ops (24:18) - Story # 4: LiteLLM and Telnyx compromised on PyPI: Tracing the TeamPCP supply chain campaign (27:49) - Story # 4b: TeamPCP Supply Chain Campaign (42:45) - Story # 5: Spylandia: How a Stretch of Florida Real Estate Has Become a Covert Corridor for Chinese and Russian Spies (45:51) - Story # 6: Anthropic readies Mythos model with high cybersecurity risk (57:31) - Story # 7: Google Ships WebMCP, The Browser-Based Backbone For The Agentic Web (01:02:24) - Story # 8: DDR5 Memory Prices Just Took a Noticeable Dive for the First Time in Months, and Google’s TurboQuant Might Be Behind It (01:04:03) - Securing the Cloud: Foundations by Andrew Krug (01:04:47) - Incident Response Simplified by Patterson Cake News LinksStory # 1: FCC moves to block new foreign-made routersStory # 2: FBI Chief Kash Patel’s Gmail Account was Hacked by Iranian HackersStory # 3: FancyBear Exposed: Major OPSEC Blunder Inside Russian Espionage OpsStory # 4: LiteLLM and Telnyx compromised on PyPI: Tracing the TeamPCP supply chain campaignStory # 4b: TeamPCP Supply Chain CampaignStory # 5: Spylandia: How a Stretch of Florida Real Estate Has Become a Covert Corridor for Chinese and Russian SpiesStory # 6: Anthropic readies Mythos model with high cybersecurity riskStory # 7: Google Ships WebMCP, The Browser-Based Backbone For The Agentic WebStory # 8: DDR5 Memory Prices Just Took a Noticeable Dive for the First Time in Months, and Google’s TurboQuant Might Be Behind ItSecuring the Cloud: Foundations by Andrew KrugIncident Response Simplified by Patterson CakeCreators & Guests Andy Pettit "Nerf" - Guest Andrew Krug - Guest Wade Wells - Host Corey Ham - Host Bronwen Aker - Host Patterson Cake - Guest Ryan Poirier - Producer Ralph May - Host Click here to watch this episode on YouTube. Click here to view the episode transcript. 🔗 Register for FREE Infosec Webcasts, Anti-casts & Summits https://poweredbybhis.comBrought to you by:Black Hills Information Security https://www.blackhillsinfosec.comAntisyphon Traininghttps://www.antisyphontraining.com/Active Countermeasureshttps://www.activecountermeasures.comWild West Hackin Festhttps://wildwesthackinfest.com
• Pentagon Plans to Train AI With Classified Data – 2026-03-23 27.03.2026 1Std. 4Min.

  This episode covers a range of cybersecurity and AI-related news, including how Pokémon Go players may have unknowingly helped train delivery robots using massive image datasets. The hosts also discuss the Pentagon’s reported plans to train AI systems on classified data and the potential risks of exposing sensitive information. Additional topics include major data breaches (such as a third-party breach impacting Crunchyroll user data), ongoing challenges in cybersecurity practices, evolving AI security concerns, and real-world examples of exploits and vulnerabilities affecting mobile devices and organizations.Join us LIVE on Mondays, 4:30pm EST.A weekly Podcast with BHIS and Friends. We discuss notable Infosec, and infosec-adjacent news stories gathered by our community news team.https://www.youtube.com/@BlackHillsInformationSecurityChat with us on Discord! - https://discord.gg/bhis🔴live-chatChapters(00:00) - PreShow Banter™ — Easier Than Printers (05:20) - Pentagon Plans to Train AI With Classified Data – BHIS - Talkin' Bout [infosec] News 2026-03-23 (06:38) - Story # 1: Sears Exposed AI Chatbot Phone Calls and Text Chats to Anyone on the Web (07:38) - Story # 1b: ALT Link - Sears Exposed AI Chatbot Phone Calls and Text Chats to Anyone on the Web (15:35) - Story # 2: Federal cyber experts called Microsoft’s cloud a “pile of shit,” approved it anyway (24:31) - Story # 3: The Pentagon is planning for AI companies to train on classified data, defense official says (34:04) - Story # 4: CISA Urges Endpoint Management System Hardening After Cyberattack Against US Organization (37:50) - Story # 5: Warning: Your AI-Generated Password Is a Major Security Risk. Here’s What to Use Instead (42:21) - Story # 6: CISA warns of active exploitation of Microsoft SharePoint vulnerability (CVE-2026-20963) (49:57) - Story # 7: Massive China Data Leak: Hackers Access 10 Petabytes of Weapons Testing Data (51:28) - Story # 8: Anime fans' credit cards might be stolen from Sony streamer Crunchyroll (55:03) - Story # 9: The Proliferation of DarkSword: iOS Exploit Chain Adopted by Multiple Threat Actors LinksStory # 1: Sears Exposed AI Chatbot Phone Calls and Text Chats to Anyone on the WebStory # 1b: ALT Link - Sears Exposed AI Chatbot Phone Calls and Text Chats to Anyone on the WebStory # 2: Federal cyber experts called Microsoft’s cloud a “pile of shit,” approved it anywayStory # 3: The Pentagon is planning for AI companies to train on classified data, defense official saysStory # 4: CISA Urges Endpoint Management System Hardening After Cyberattack Against US OrganizationStory # 5: Warning: Your AI-Generated Password Is a Major Security Risk. Here’s What to Use InsteadStory # 6: CISA warns of active exploitation of Microsoft SharePoint vulnerability (CVE-2026-20963)Story # 7: Massive China Data Leak: Hackers Access 10 Petabytes of Weapons Testing DataStory # 8: Anime fans’ credit cards might be stolen from Sony streamer CrunchyrollStory # 9: The Proliferation of DarkSword: iOS Exploit Chain Adopted by Multiple Threat ActorsCreators & Guests John Strand - Host Ralph May - Host Chadd Watson - Guest Wade Wells - Host Alex Minster "Belouve" - Guest Hayden Covington - Host Bruce Potter - Guest Ryan Poirier - Producer Click here to watch this episode on YouTube. Click here to view the episode transcript. 🔗 Register for FREE Infosec Webcasts, Anti-casts & Summits https://poweredbybhis.comBrought to you by:Black Hills Information Security https://www.blackhillsinfosec.comAntisyphon Traininghttps://www.antisyphontraining.com/Active Countermeasureshttps://www.activecountermeasures.comWild West Hackin Festhttps://wildwesthackinfest.com
• Iranian Hackers Claim Responsibility for Stryker Attack - 2026-03-16 17.03.2026 1Std. 1Min.

  This episode covers multiple cybersecurity news stories, including Iranian hackers claiming responsibility for a cyberattack on Stryker, ongoing challenges in attributing nation-state cyber operations, and broader trends in global cyber conflict. The hosts also discuss the reliability of public breach claims, emerging threats targeting critical industries, and how organizations are responding to an increasingly complex threat landscape.Join us LIVE on Mondays, 4:30pm EST.A weekly Podcast with BHIS and Friends. We discuss notable Infosec, and infosec-adjacent news stories gathered by our community news team.https://www.youtube.com/@BlackHillsInformationSecurityChat with us on Discord! - https://discord.gg/bhis🔴live-chatChapters(00:00) - PreShow Banter™ — Organizing Family Beets (04:02) - Iranian Hackers Claim Responsibility for Stryker Attack - 2026-03-16 (08:56) - Story # 1: Iran-Backed Hackers Claim Wiper Attack on Medtech Firm Stryker (23:38) - Story # 2: How We Hacked McKinsey's AI Platform (32:30) - Story # 3: Amazon holds engineering meeting following AI-related outages (39:11) - Story # 4: Meta gets into social networks for AI agents with acquisition of viral Moltbook platform (45:24) - Story # 5: Meta to Shut Down Instagram End-to-End Encrypted Chat Support Starting May 2026 (50:45) - Story # 6: Michelin Confirms Data Breach Linked to Oracle EBS Attack (51:08) - Story # 7: New Dohdoor malware campaign targets education and health care (58:10) - Story # 8: Man's dog was riddled with tumors and dying. He used ChatGPT to design a custom cancer vaccine, stunning researchers LinksStory # 1: Iran-Backed Hackers Claim Wiper Attack on Medtech Firm StrykerStory # 2: How We Hacked McKinsey’s AI PlatformStory # 3: Amazon holds engineering meeting following AI-related outagesStory # 4: Meta gets into social networks for AI agents with acquisition of viral Moltbook platformStory # 5: Meta to Shut Down Instagram End-to-End Encrypted Chat Support Starting May 2026Story # 6: Michelin Confirms Data Breach Linked to Oracle EBS AttackStory # 7: New Dohdoor malware campaign targets education and health careStory # 8: Man’s dog was riddled with tumors and dying. He used ChatGPT to design a custom cancer vaccine, stunning researchersCreators & Guests Dan Rearden (Haircutfish) - Guest Bronwen Aker - Host Ralph May - Host John Strand - Host Troy Wojewoda - Guest Corey Ham - Host Hayden Covington - Host Wade Wells - Host Meagan Bentley - Producer Click here to watch this episode on YouTube. Click here to view the episode transcript. 🔗 Register for FREE Infosec Webcasts, Anti-casts & Summits https://poweredbybhis.comBrought to you by:Black Hills Information Security https://www.blackhillsinfosec.comAntisyphon Traininghttps://www.antisyphontraining.com/Active Countermeasureshttps://www.activecountermeasures.comWild West Hackin Festhttps://wildwesthackinfest.com
• A Nightmare of Vibeware - 2026-03-09 10.03.2026 1Std.

  Join us LIVE on Mondays, 4:30pm EST.A weekly Podcast with BHIS and Friends. We discuss notable Infosec, and infosec-adjacent news stories gathered by our community news team.https://www.youtube.com/@BlackHillsInformationSecurityChat with us on Discord! - https://discord.gg/bhis🔴live-chatChapters(00:00) - PreShow Banter™ — That's Not How It Works (03:40) - A Nightmare of Vibeware – 2026-03-09 (04:54) - Story # 1: APT36: A Nightmare of Vibeware (13:56) - Story # 2: Oracle Layoffs: Tech giant to slash 30,000 jobs as banks pull out from financing AI data centres (16:28) - Story # 3: Iran-linked hacktivist groups target US infrastructure after Feb 28 strikes, cyber activity surges: Report (24:28) - Story # 4: Introducing the First Frontier Suite built on Intelligence + Trust (28:59) - Story # 5: Motorola partners with GrapheneOS for future phones (29:13) - Story # 5b: GrapheneOS: Microsoft Authenticator does not support secure Android OS (29:53) - Story # 6: Western allies form 6G security coalition amid tech rivalry with China (34:01) - Story # 7: ShinyHunters claims ongoing Salesforce Aura data theft attacks (35:47) - Story # 8: Doppelgänger / RRN Disinformation Infrastructure Ecosystem 2026 (44:33) - Story # 9: LexisNexis confirms data breach as hackers leak stolen files (49:10) - Story # 10: Google urges Supreme Court to strike down geofence warrants as unconstitutional (55:59) - ANTI-CAST : How to Detect Malicious Remote Workers w/ James McQuiggan (56:47) - SOC Summit 2026 LinksStory # 1: APT36: A Nightmare of VibewareStory # 2: Oracle Layoffs: Tech giant to slash 30,000 jobs as banks pull out from financing AI data centresStory # 3: Iran-linked hacktivist groups target US infrastructure after Feb 28 strikes, cyber activity surges: ReportStory # 4: Introducing the First Frontier Suite built on Intelligence + TrustStory # 5: Motorola partners with GrapheneOS for future phonesStory # 5b: GrapheneOS: Microsoft Authenticator does not support secure Android OSStory # 6: Western allies form 6G security coalition amid tech rivalry with ChinaStory # 7: ShinyHunters claims ongoing Salesforce Aura data theft attacksStory # 8: Doppelgänger / RRN Disinformation Infrastructure Ecosystem 2026Story # 9: LexisNexis confirms data breach as hackers leak stolen filesStory # 10: Google urges Supreme Court to strike down geofence warrants as unconstitutionalANTI-CAST : How to Detect Malicious Remote Workers w/ James McQuigganTroy & Wade’s Upcoming Things:– Antisyphon Training SOC Summit 2026– Breach Assessment - The Curious Case of the Comburglar w/ Troy Wojewoda– Network Forensics and Incident Response with Troy Wojewoda🔗 Register for FREE Infosec Webcasts, Anti-casts & Summits https://poweredbybhis.comBrought to you by:Black Hills Information Security https://www.blackhillsinfosec.comAntisyphon Traininghttps://www.antisyphontraining.com/Active Countermeasureshttps://www.activecountermeasures.comWild West Hackin Festhttps://wildwesthackinfest.com
• Pentagon Declares Anthropic a Supply Chain Risk — 2026-03-02 06.03.2026 1Std. 4Min.

  Join us LIVE on Mondays, 4:30pm EST.A weekly Podcast with BHIS and Friends. We discuss notable Infosec, and infosec-adjacent news stories gathered by our community news team.https://www.youtube.com/@BlackHillsInformationSecurityChat with us on Discord! - https://discord.gg/bhis🔴live-chatChapters(00:00) - PreShow Banter™ — Kerberoasting Too Hard (05:05) - Pentagon Declares Anthropic a Supply Chain Risk — Talkin’ Bout [infosec] News 2026-03-02 (08:40) - Story # 1: Pentagon Designates Anthropic Supply Chain Risk (17:27) - Story # 2: European Parliament blocks AI on lawmakers’ devices, citing security risks (21:23) - Story # 3: Mexican Government Breach and the Rise of Agentic Cyber Threats (22:58) - Story # 4: 2026 CrowdStrike Global Threat Report: AI Accelerates Adversaries and Reshapes the Attack Surface (33:04) - Story # 5: Leak confirms GrapheneOS & Motorola partnership for non-Pixel hardware (38:24) - Story # 5b: Motorola announces a partnership with GrapheneOS Foundation, marking a new chapter in smartphone security and expanding its enterprise portfolio (39:21) - Story # 6: Immediate Action Required: CISA Issues Emergency Directive to Secure Cisco SD-WAN Systems (43:12) - Story # 7: Cops back Dutch telco Odido after second wave of ShinyHunters leaks (45:40) - Story # 8: Discord puts global age verification policy on hold after backlash (46:30) - Story # 9: A new California law says all operating systems, including Linux, need to have some form of age verification at account setup (51:51) - Story # 10: User accidentally gains control of over 6,700 robot vacuums (53:35) - Story # 11: App Warns You if Someone Is Wearing Smart Glasses Nearby (57:32) - Weekly CTF Winners (58:28) - Story # 12: Microsoft is blocking 'Microslop' comments in Copilot's official Discord server (59:01) - Story # 13: New AirSnitch attack bypasses Wi-Fi encryption in homes, offices, and enterprises LinksStory # 1: Pentagon Designates Anthropic Supply Chain RiskStory # 2: European Parliament blocks AI on lawmakers’ devices, citing security risksStory # 3: Mexican Government Breach and the Rise of Agentic Cyber ThreatsStory # 4: 2026 CrowdStrike Global Threat Report: AI Accelerates Adversaries and Reshapes the Attack SurfaceStory # 5: Leak confirms GrapheneOS & Motorola partnership for non-Pixel hardwareStory # 5b: Motorola announces a partnership with GrapheneOS Foundation, marking a new chapter in smartphone security and expanding its enterprise portfolioStory # 6: Immediate Action Required: CISA Issues Emergency Directive to Secure Cisco SD-WAN SystemsStory # 7: Cops back Dutch telco Odido after second wave of ShinyHunters leaksStory # 8: Discord puts global age verification policy on hold after backlashStory # 9: A new California law says all operating systems, including Linux, need to have some form of age verification at account setupStory # 10: User accidentally gains control of over 6,700 robot vacuumsStory # 11: App Warns You if Someone Is Wearing Smart Glasses NearbyStory # 12: Microsoft is blocking ‘Microslop’ comments in Copilot’s official Discord serverStory # 13: New AirSnitch attack bypasses Wi-Fi encryption in homes, offices, and enterprises🔗 Register for FREE Infosec Webcasts, Anti-casts & Summits https://poweredbybhis.comBrought to you by:Black Hills Information Security https://www.blackhillsinfosec.comAntisyphon Traininghttps://www.antisyphontraining.com/Active Countermeasureshttps://www.activecountermeasures.comWild West Hackin Festhttps://wildwesthackinfest.com
• The Coming SAAS Apocalypse - 2026-02-23 25.02.2026 1Std. 6Min.

  In this episode:Agentic AI tools that can autonomously perform tasks like researching and booking flights, raising concerns about automated purchases, fraud, guardrails, and over-trust in AI systems.The idea of a coming “SaaS apocalypse,” where AI tools could replicate or replace many small- and mid-tier SaaS products by crawling and recreating their functionality—potentially disrupting payroll, accounting, and other service platforms.Android’s shift away from its open-platform roots, including concerns about reduced openness, developer anonymity in app stores, and the broader implications for privacy-focused users and alternative operating systems.Ongoing tensions in the tech ecosystem around platform control, openness, and general-purpose computing, particularly involving large vendors like Google, Apple, Oracle, and major cloud providers.Broader security implications of AI adoption, including hallucinations, accountability, and how organizations are integrating AI to cut costs versus innovate.The discussion centers strictly on these current tech news developments and their security, privacy, and market impact.Join us LIVE on Mondays, 4:30pm EST.A weekly Podcast with BHIS and Friends. We discuss notable Infosec, and infosec-adjacent news stories gathered by our community news team.https://www.youtube.com/@BlackHillsInformationSecurityChat with us on Discord! - https://discord.gg/bhis🔴live-chatChapters(00:00) - PreShow Banter™ — Take the interstate to Dubai (04:53) - The Coming SAAS Apocalypse - 2026-02-23 (07:39) - Story # 1: Keep Android Open (15:34) - Story # 2: Meta patents AI that takes over a dead person’s account to keep posting and chatting (21:13) - Story # 3: The Coming SaaS Apocalypse... (28:52) - Story # 4: Firm Data on AI (29:43) - Story # 4b: Thousands of CEOs just admitted AI had no impact on employment or productivity—and it has economists resurrecting a paradox from 40 years ago (36:15) - Story # 5: US Defense Secretary Hegseth summons Anthropic CEO for tough talks over military use of Claude, Axios reports (40:41) - Story # 6: Conduent data breach could be largest in U.S. history (43:13) - Story # 6: The Erosion of Agency and the New Burden on Leaders (46:02) - Story # 7: DSA-2026-079: Security Update for RecoverPoint for Virtual Machines Hardcoded Credential Vulnerability (48:30) - Story # 8: AI-augmented threat actor accesses FortiGate devices at scale (51:42) - Story # 9: I hacked ChatGPT and Google's AI - and it only took 20 minutes (01:03:07) - Antisyphon Training SOC Summit, March 25, 2026 (01:03:40) - Antisyphon Training: Attacking, Defending, and Leveraging AI-LLM Systems (01:03:58) - Antisyphon Workshop: Hacking AI-LLM Applications (01:04:27) - Antisyphon Anti-Cast: RED TEAMING AI: OWASP LLM TOP 10 WITH BRIAN AND DEREK (01:04:53) - PODCAST : A.I. Security Ops LinksStory # 1: Keep Android OpenStory # 2: Meta patents AI that takes over a dead person’s account to keep posting and chattingStory # 3: The Coming SaaS Apocalypse…Story # 4: Firm Data on AIStory # 4b: Thousands of CEOs just admitted AI had no impact on employment or productivity—and it has economists resurrecting a paradox from 40 years agoStory # 5: US Defense Secretary Hegseth summons Anthropic CEO for tough talks over military use of Claude, Axios reportsStory # 6: Conduent data breach could be largest in U.S. historyStory # 6: The Erosion of Agency and the New Burden on LeadersStory # 7: DSA-2026-079: Security Update for RecoverPoint for Virtual Machines Hardcoded Credential VulnerabilityStory # 8: AI-augmented threat actor accesses FortiGate devices at scaleStory # 9: I hacked ChatGPT and Google’s AI - and it only took 20 minutesAntisyphon Training SOC Summit, March 25, 2026Antisyphon Training: Attacking, Defending, and Leveraging AI-LLM SystemsAntisyphon Workshop: Hacking AI-LLM ApplicationsAntisyphon Anti-Cast: RED TEAMING AI: OWASP LLM TOP 10 WITH BRIAN AND DEREKPODCAST : A.I. Security Ops🔗 Register for FREE Infosec Webcasts, Anti-casts & Summits https://poweredbybhis.comBrought to you by:Black Hills Information Security https://www.blackhillsinfosec.comAntisyphon Traininghttps://www.antisyphontraining.com/Active Countermeasureshttps://www.activecountermeasures.comWild West Hackin Festhttps://wildwesthackinfest.comClick here to watch this episode on YouTube. Click here to view the episode transcript.
• Palo Alto Fears China Retaliation – 2026-02-16 22.02.2026 1Std. 7Min.

  In this episode, the crew dives into reports that Palo Alto Networks allegedly avoided directly attributing a threat campaign to China over fears of retaliation—sparking a broader debate about corporate and government threat attribution, geopolitics, and whether attribution still matters in today’s cyber landscape.They also explore the escalating AI arms race, including Meta’s aggressive (and expensive) talent poaching, the growing rivalry between OpenAI and Anthropic, and what it all means for the future of the industry.Rounding out the episode, the team discusses the unintended consequences of the AI boom—like global hardware shortages stretching beyond GPUs to hard drives—and examines emerging prompt injection attack techniques, highlighting real-world examples and the growing security risks surrounding AI-powered tools.Join us LIVE on Mondays, 4:30pm EST.A weekly Podcast with BHIS and Friends. We discuss notable Infosec, and infosec-adjacent news stories gathered by our community news team.https://www.youtube.com/@BlackHillsInformationSecurityChat with us on Discord! - https://discord.gg/bhis🔴live-chatChapters(00:00) - PreShow Banter™ — Threat Actor Age Range (05:37) - Palo Alto Fears China Retaliation – 2026-02-16 (11:28) - Story # 1: Exclusive: Palo Alto chose not to tie China to hacking campaign for fear of retaliation from Beijing, sources say (16:01) - Story # 2: Rent a Human (20:39) - Story # 3: OpenClaw creator Peter Steinberger joining OpenAI, Altman says (24:31) - Story # 4: Western Digital runs out of HDD capacity: CEO says massive AI deals secured, price surges ahead (28:30) - Story # 5: GTIG AI Threat Tracker: Distillation, Experimentation, and (Continued) Integration of AI for Adversarial Use (30:32) - Story # 6: Data Exfil from Agents in Messaging Apps (32:15) - Story # 7: AMOS infostealer targets macOS through a popular AI app (39:25) - Story # 8: Discord Voluntarily Pushes Mandatory Age Verification Despite Recent Data Breach (46:11) - Story # 9: Vietnam bans unskippable online video ads longer than 5 seconds from next month (49:59) - Story # 10: SolarWinds Web Help Desk Exploitation - February 2026 (54:00) - Story # 11: Devilish devs spawn 287 Chrome extensions to flog your browser history to data brokers (58:13) - Story # 12: Snail mail letters target Trezor and Ledger users in crypto-theft attacks (01:00:59) - Eric's Workshop (01:01:31) - Jennifer's Workshop (01:04:36) - SOC Summit 2026 LinksStory # 1: Exclusive: Palo Alto chose not to tie China to hacking campaign for fear of retaliation from Beijing, sources sayStory # 2: Rent a HumanStory # 3: OpenClaw creator Peter Steinberger joining OpenAI, Altman saysStory # 4: Western Digital runs out of HDD capacity: CEO says massive AI deals secured, price surges aheadStory # 5: GTIG AI Threat Tracker: Distillation, Experimentation, and (Continued) Integration of AI for Adversarial UseStory # 6: Data Exfil from Agents in Messaging AppsStory # 7: AMOS infostealer targets macOS through a popular AI appStory # 8: Discord Voluntarily Pushes Mandatory Age Verification Despite Recent Data BreachStory # 9: Vietnam bans unskippable online video ads longer than 5 seconds from next monthStory # 10: SolarWinds Web Help Desk Exploitation - February 2026Story # 11: Devilish devs spawn 287 Chrome extensions to flog your browser history to data brokersStory # 12: Snail mail letters target Trezor and Ledger users in crypto-theft attacks01:01:00 - Eric’s Workshop01:01:31 - Jennifer’s Workshop01:04:37 - SOC Summit 2026Creators & Guests Corey Ham - Host Wade Wells - Host Bronwen Aker - Host Ralph May - Host Ched "cheddar" Wiggins - Guest Jennifer Shannon - Guest Eric Kuehn - Guest Click here to watch a video of this episode. 🔗 Register for FREE Infosec Webcasts, Anti-casts & Summits https://poweredbybhis.comBrought to you by:Black Hills Information Security https://www.blackhillsinfosec.comAntisyphon Traininghttps://www.antisyphontraining.com/Active Countermeasureshttps://www.activecountermeasures.comWild West Hackin Festhttps://wildwesthackinfest.comClick here to view the episode transcript.
• Live From WWHF Mile High 2026 – 2026-02-11 18.02.2026 33Min.

  Live from Wild West Hackin’ Fest Denver 2026, the Black Hills Information Security crew brings their signature mix of sharp security insight and off-the-cuff banter to a packed in-person audience. This episode centers on a controversial Notepad update that introduced Markdown rendering—along with a potential remote code execution (RCE) issue. The hosts unpack what this says about modern software bloat, “vibe coding,” and the growing push to embed AI into everything—whether it belongs there or not. They also explore the implications of Discord's Age verification requirements, AI-generated code, including OpenAI’s latest Codex model, and debate whether we’re headed toward a wave of AI-assisted vulnerabilities.Join us LIVE on Mondays, 4:30pm EST.A weekly Podcast with BHIS and Friends. We discuss notable Infosec, and infosec-adjacent news stories gathered by our community news team.https://www.youtube.com/@BlackHillsInformationSecurityChat with us on Discord! - https://discord.gg/bhis🔴live-chatChapters(00:00) - PreShow Banter™ — Corey Olympics (02:23) - Story # 1: Critical Notepad vulnerability reignites criticism of Microsoft’s forced AI features (07:42) - Story # 2: Discord will require a face scan or ID for full access next month (10:17) - Story # 3: 2026-01-14: The Day the telnet Died (15:04) - Story # 5: BeyondTrust Remote Access Products 0-Day Vulnerability Allows Remote Code Execution (16:32) - Story # GRITREP: 0APT and the Victims Who Weren’t (20:54) - The advanced advancement of AI models Click here to watch a video of this episode. Creators & Guests John Strand - Host Corey Ham - Host Derek Banks - Guest Andrew Krug - Guest Chadd Watson - Guest Hayden Covington - Host Click here to view the episode transcript. LinksStory # 1: Critical Notepad vulnerability reignites criticism of Microsoft’s forced AI featuresStory # 2: Discord will require a face scan or ID for full access next monthStory # 3: 2026-01-14: The Day the telnet DiedStory # 5: BeyondTrust Remote Access Products 0-Day Vulnerability Allows Remote Code ExecutionStory # GRITREP: 0APT and the Victims Who Weren’t🔗 Register for FREE Infosec Webcasts, Anti-casts & Summits https://poweredbybhis.comBrought to you by:Black Hills Information Security https://www.blackhillsinfosec.comAntisyphon Traininghttps://www.antisyphontraining.com/Active Countermeasureshttps://www.activecountermeasures.comWild West Hackin Festhttps://wildwesthackinfest.com
• US Defense Chief Uploads Secret Into to ChatGTP - 2026-02-02 05.02.2026 1Std. 4Min.

  Join us LIVE on Mondays, 4:30pm EST.A weekly Podcast with BHIS and Friends. We discuss notable Infosec, and infosec-adjacent news stories gathered by our community news team.https://www.youtube.com/@BlackHillsInformationSecurityChat with us on Discord! - https://discord.gg/bhis🔴live-chatThis episode breaks down recent reports of sensitive information being shared with AI tools and what that means for security and operations. The discussion covers OPSEC failures, common misuse of ChatGPT in professional environments, how data actually flows through AI systems, and what organizations should (and shouldn’t) worry about. The hosts focus on practical risk, realistic threat models, and actionable lessons for security teams navigating AI adoption.Chapters(00:00) - PreShow Banter™ — Robot Drivers (06:29) - US Defense Chief Uploads Secret Into to ChatGTP - 2026-02-02 (09:54) - Story # 1: US cyber defense chief accidentally uploaded secret government info to ChatGPT (19:03) - Story # 2: Hackers can bypass npm’s Shai-Hulud defenses via Git dependencies (23:01) - Story # 3: Notepad++ Official Update Mechanism Hijacked to Deliver Malware to Select Users (26:30) - Story # 4: Millions of Gmail, Facebook and other account credentials exposed (30:55) - Story # 5: Exposed Moltbook Database Let Anyone Take Control of Any AI Agent on the Site (36:13) - Story # 6: County pays $600,000 to pentesters it arrested for assessing courthouse security (39:12) - Story # 7: Costco reportedly removes RAM from its display PCs to prevent tech-savvy shoplifters, customers claim — GPUs also absent across stores as PC parts become a hot commodity (41:13) - Story # 8: Claude Sonnet 5 Is Imminent — And It Could Be a Generation Ahead of Google (45:09) - Story # 9: Researchers Find 175,000 Publicly Exposed Ollama AI Servers Across 130 Countries (48:49) - Story # 10: Match, Hinge, OkCupid, and Panera Bread breached by ransomware group (52:05) - Story # 11: Hunterbrook says Ubiquiti powering Russian battlefield communications in Ukraine (54:28) - Story # 12: Attack on Renewable Energy Plants (56:26) - Story # 13: Disrupting the World's Largest Residential Proxy Network | Google Cloud Blog LinksStory # 1: US cyber defense chief accidentally uploaded secret government info to ChatGPTStory # 2: Hackers can bypass npm’s Shai-Hulud defenses via Git dependenciesStory # 3: Notepad++ Official Update Mechanism Hijacked to Deliver Malware to Select UsersStory # 4: Millions of Gmail, Facebook and other account credentials exposedStory # 5: Exposed Moltbook Database Let Anyone Take Control of Any AI Agent on the SiteStory # 6: County pays $600,000 to pentesters it arrested for assessing courthouse securityStory # 7: Costco reportedly removes RAM from its display PCs to prevent tech-savvy shoplifters, customers claim — GPUs also absent across stores as PC parts become a hot commodityStory # 8: Claude Sonnet 5 Is Imminent — And It Could Be a Generation Ahead of GoogleStory # 9: Researchers Find 175,000 Publicly Exposed Ollama AI Servers Across 130 CountriesStory # 10: Match, Hinge, OkCupid, and Panera Bread breached by ransomware groupStory # 11: Hunterbrook says Ubiquiti powering Russian battlefield communications in UkraineStory # 12: Attack on Renewable Energy PlantsStory # 13: Disrupting the World’s Largest Residential Proxy Network | Google Cloud BlogWade & Hayden on Simply Cyber - https://www.youtube.com/live/c_lUP5gR15IHayden’s Class - https://www.antisyphontraining.com/product/foundations-of-security-operations-with-hayden-covington/Mishaal’s Class - https://www.antisyphontraining.com/product/next-level-osint-with-mishaal-khan/🔗 Register for FREE Infosec Webcasts, Anti-casts & Summits https://poweredbybhis.comBrought to you by:Black Hills Information Security https://www.blackhillsinfosec.comAntisyphon Traininghttps://www.antisyphontraining.com/Active Countermeasureshttps://www.activecountermeasures.comWild West Hackin Festhttps://wildwesthackinfest.com
• TikTok's invasive Privacy Policy - 2026-01-26 28.01.2026 1Std. 3Min.

  Join us LIVE on Mondays, 4:30pm EST.A weekly Podcast with BHIS and Friends. We discuss notable Infosec, and infosec-adjacent news stories gathered by our community news team.https://www.youtube.com/@BlackHillsInformationSecurityChat with us on Discord! - https://discord.gg/bhis🔴live-chatIn this episode, the hosts break down TikTok’s latest privacy policy and why it’s raising serious red flags. They discuss how the app expands data collection and tracking, what that means for user privacy, and the broader security implications—especially concerns around data access and China. Along the way, the conversation connects these changes to ongoing TikTok ban discussions, real-world risk for individuals and organizations, and what users should consider if they continue using the platform. The episode mixes technical insight with practical takeaways, making the privacy risks easy to understand without losing nuance.Chapters:(00:00) - PreShow Banter™ — Electroshock Therapy (02:28) - 2026-01-26 (07:33) - Story # 1: Fortinet confirms critical FortiCloud auth bypass not fully patched (14:27) - Story # 2: Hackers exploit critical telnetd auth bypass flaw to get root (17:37) - Story # 3: Clara Hawking’s Post on TikTok's Pivacy Policy (24:05) - Story # 4: Supreme Court to hear Facebook pixel tracking case (31:02) - Story # 5: Google accused of grooming kids after child receives this email (34:38) - Story # 6: House of Lords backs legislation to ban social media for children under 16 (35:47) - Story # 6b: Australia has banned social media for kids under 16. How does it work? (42:20) - Story # 7: Why Software Blocks Won’t Stop Illegally 3D Printed Guns (And What Actually Might) (48:29) - Story # 8: 1Password adds pop-up warnings for suspected phishing sites (52:09) - ClawdBot / Moltbot Links:Story # 1: Fortinet confirms critical FortiCloud auth bypass not fully patchedStory # 2: Hackers exploit critical telnetd auth bypass flaw to get rootStory # 3: Clara Hawking’s Post on TikTok’s Pivacy PolicyStory # 4: Supreme Court to hear Facebook pixel tracking caseStory # 5: Google accused of grooming kids after child receives this emailStory # 6: House of Lords backs legislation to ban social media for children under 16Story # 6b: Australia has banned social media for kids under 16. How does it work?Story # 7: Why Software Blocks Won’t Stop Illegally 3D Printed Guns (And What Actually Might)Story # 8: 1Password adds pop-up warnings for suspected phishing sitesClawdBot / MoltbotTroy’s WorkshopANTI-CAST: Effective AI for Practical SecOps Workflows w/ Hayden Covington🔗 Register for FREE Infosec Webcasts, Anti-casts & Summits https://poweredbybhis.comBrought to you by:Black Hills Information Security https://www.blackhillsinfosec.comAntisyphon Traininghttps://www.antisyphontraining.com/Active Countermeasureshttps://www.activecountermeasures.comWild West Hackin Festhttps://wildwesthackinfest.com
• Chinese firms drop US and Israeli cybersecurity software - 2026-01-19 20.01.2026 1Std. 3Min.

  Join us LIVE on Mondays, 4:30pm EST.A weekly Podcast with BHIS and Friends. We discuss notable Infosec, and infosec-adjacent news stories gathered by our community news team.https://www.youtube.com/@BlackHillsInformationSecurityChat with us on Discord! - https://discord.gg/bhis🔴live-chat🔗 Register for FREE Infosec Webcasts, Anti-casts & Summits – https://poweredbybhis.comThis episode is a rapid-fire cybersecurity news roundup covering multiple headlines and what they mean for defenders. The crew debates reports that Chinese firms are dropping U.S. and Israeli security vendors, then pivots into breach fallout, malware activity, and real-world attacker behavior. Along the way, they unpack how geopolitics affects procurement, why supply-chain dependencies make “bans” messy, and what happens when organizations swap tools fast. Expect candid takes on ransomware trends, enterprise security operations, and where hype collides with implementation. The hosts also riff on incident response realities, risk management, and what security teams should watch for next—plus plenty of side commentary and humor in between.Chapters(00:00) - PreShow Banter™ — Podcast Banter (04:13) - Chinese firms to stop using US and Israeli cybersecurity software - 2026-01-19 (08:56) - Story # 1: Exclusive: Beijing tells Chinese firms to stop using US and Israeli cybersecurity software, sources say (13:42) - Story # 2: Tennessee man to plead guilty to hacking Supreme Court’s electronic case filing system (16:25) - Story # 3: Hacker gets seven years for breaching Rotterdam and Antwerp ports (18:20) - Story # 4: 33-year-old Dutchman arrested for enableing criminals to test malware for antivirus programs. (20:02) - Story # 5: Army to ‘kill NIPR’ at multiple locations in commercial internet experiment (27:41) - Story # 6: Hungary grants asylum to former Polish minister implicated in spyware probe (29:12) - Story # 7: California orders Elon Musk’s AI company to immediately stop sharing sexual deepfakes (41:47) - Story # 8: ServiceNow BodySnatcher flaw highlights risks of rushed AI integrations (49:30) - Story # 8b: BodySnatcher (CVE-2025-12420): A Broken Authentication and Agentic Hijacking Vulnerability in ServiceNow (55:29) - CTF Winners (59:19) - ChickenSec: KFC app 'more secure' than Manage My Health, expert claims LinksStory # 1: Exclusive: Beijing tells Chinese firms to stop using US and Israeli cybersecurity software, sources sayStory # 2: Tennessee man to plead guilty to hacking Supreme Court’s electronic case filing systemStory # 3: Hacker gets seven years for breaching Rotterdam and Antwerp portsStory # 4: 33-year-old Dutchman arrested for enableing criminals to test malware for antivirus programs.Story # 5: Army to ‘kill NIPR’ at multiple locations in commercial internet experimentStory # 6: Hungary grants asylum to former Polish minister implicated in spyware probeStory # 7: California orders Elon Musk’s AI company to immediately stop sharing sexual deepfakesStory # 8: ServiceNow BodySnatcher flaw highlights risks of rushed AI integrationsStory # 8b: BodySnatcher (CVE-2025-12420): A Broken Authentication and Agentic Hijacking Vulnerability in ServiceNowChickenSec: KFC app ‘more secure’ than Manage My Health, expert claimsBrought to you by:Black Hills Information Security https://www.blackhillsinfosec.comAntisyphon Traininghttps://www.antisyphontraining.com/Active Countermeasureshttps://www.activecountermeasures.comWild West Hackin Festhttps://wildwesthackinfest.com