Talkin' Bout [Infosec] News

🧦 SOC Summit 2026https://www.antisyphontraining.com/event/soc-summit/This episode covers multiple cybersecurity news stories, including Iranian hackers claiming responsibility for a cyberattack on Stryker, ongoing challenges in attributing nation-state cyber operations, and broader trends in global cyber conflict. The hosts also discuss the reliability of public breach claims, emerging threats targeting critical industries, and how organizations are responding to an increasingly complex threat landscape.Join us LIVE on Mondays, 4:30pm EST.A weekly Podcast with BHIS and Friends. We discuss notable Infosec, and infosec-adjacent news stories gathered by our community news team.https://www.youtube.com/@BlackHillsInformationSecurityChat with us on Discord! - https://discord.gg/bhis🔴live-chatChapters(00:00) - PreShow Banter™ — Organizing Family Beets (04:25) - Iranian Hackers Claim Responsibility for Stryker Attack - 2026-06-16 (09:19) - Story # 1: Iran-Backed Hackers Claim Wiper Attack on Medtech Firm Stryker (24:01) - Story # 2: How We Hacked McKinsey's AI Platform (32:53) - Story # 3: Amazon holds engineering meeting following AI-related outages (39:34) - Story # 4: Meta gets into social networks for AI agents with acquisition of viral Moltbook platform (45:47) - Story # 5: Meta to Shut Down Instagram End-to-End Encrypted Chat Support Starting May 2026 (51:08) - Story # 6: Michelin Confirms Data Breach Linked to Oracle EBS Attack (51:31) - Story # 7: New Dohdoor malware campaign targets education and health care (58:33) - Story # 8: Man's dog was riddled with tumors and dying. He used ChatGPT to design a custom cancer vaccine, stunning researchers LinksStory # 1: Iran-Backed Hackers Claim Wiper Attack on Medtech Firm StrykerStory # 2: How We Hacked McKinsey’s AI PlatformStory # 3: Amazon holds engineering meeting following AI-related outagesStory # 4: Meta gets into social networks for AI agents with acquisition of viral Moltbook platformStory # 5: Meta to Shut Down Instagram End-to-End Encrypted Chat Support Starting May 2026Story # 6: Michelin Confirms Data Breach Linked to Oracle EBS AttackStory # 7: New Dohdoor malware campaign targets education and health careStory # 8: Man’s dog was riddled with tumors and dying. He used ChatGPT to design a custom cancer vaccine, stunning researchersCreators & Guests Dan Rearden (Haircutfish) - Guest Bronwen Aker - Host Ralph May - Host John Strand - Host Troy Wojewoda - Guest Corey Ham - Host Hayden Covington - Host Wade Wells - Host Meagan Bentley - Producer Click here to watch this episode on YouTube. Click here to view the episode transcript. 🔗 Register for FREE Infosec Webcasts, Anti-casts & Summits https://poweredbybhis.comBrought to you by:Black Hills Information Security https://www.blackhillsinfosec.comAntisyphon Traininghttps://www.antisyphontraining.com/Active Countermeasureshttps://www.activecountermeasures.comWild West Hackin Festhttps://wildwesthackinfest.com

🧦 SOC Summit 2026https://www.antisyphontraining.com/event/soc-summit/Join us LIVE on Mondays, 4:30pm EST.A weekly Podcast with BHIS and Friends. We discuss notable Infosec, and infosec-adjacent news stories gathered by our community news team.https://www.youtube.com/@BlackHillsInformationSecurityChat with us on Discord! - https://discord.gg/bhis🔴live-chatChapters(00:00) - PreShow Banter™ — That's Not How It Works (04:03) - A Nightmare of Vibeware – 2026-03-09 (05:17) - Story # 1: APT36: A Nightmare of Vibeware (14:19) - Story # 2: Oracle Layoffs: Tech giant to slash 30,000 jobs as banks pull out from financing AI data centres (16:51) - Story # 3: Iran-linked hacktivist groups target US infrastructure after Feb 28 strikes, cyber activity surges: Report (24:51) - Story # 4: Introducing the First Frontier Suite built on Intelligence + Trust (29:22) - Story # 5: Motorola partners with GrapheneOS for future phones (29:36) - Story # 5b: GrapheneOS: Microsoft Authenticator does not support secure Android OS (30:16) - Story # 6: Western allies form 6G security coalition amid tech rivalry with China (34:24) - Story # 7: ShinyHunters claims ongoing Salesforce Aura data theft attacks (36:10) - Story # 8: Doppelgänger / RRN Disinformation Infrastructure Ecosystem 2026 (44:56) - Story # 9: LexisNexis confirms data breach as hackers leak stolen files (49:33) - Story # 10: Google urges Supreme Court to strike down geofence warrants as unconstitutional (56:22) - ANTI-CAST : How to Detect Malicious Remote Workers w/ James McQuiggan (57:10) - SOC Summit 2026 LinksStory # 1: APT36: A Nightmare of VibewareStory # 2: Oracle Layoffs: Tech giant to slash 30,000 jobs as banks pull out from financing AI data centresStory # 3: Iran-linked hacktivist groups target US infrastructure after Feb 28 strikes, cyber activity surges: ReportStory # 4: Introducing the First Frontier Suite built on Intelligence + TrustStory # 5: Motorola partners with GrapheneOS for future phonesStory # 5b: GrapheneOS: Microsoft Authenticator does not support secure Android OSStory # 6: Western allies form 6G security coalition amid tech rivalry with ChinaStory # 7: ShinyHunters claims ongoing Salesforce Aura data theft attacksStory # 8: Doppelgänger / RRN Disinformation Infrastructure Ecosystem 2026Story # 9: LexisNexis confirms data breach as hackers leak stolen filesStory # 10: Google urges Supreme Court to strike down geofence warrants as unconstitutionalANTI-CAST : How to Detect Malicious Remote Workers w/ James McQuigganTroy & Wade’s Upcoming Things:– Antisyphon Training SOC Summit 2026– Breach Assessment - The Curious Case of the Comburglar w/ Troy Wojewoda– Network Forensics and Incident Response with Troy Wojewoda🔗 Register for FREE Infosec Webcasts, Anti-casts & Summits https://poweredbybhis.comBrought to you by:Black Hills Information Security https://www.blackhillsinfosec.comAntisyphon Traininghttps://www.antisyphontraining.com/Active Countermeasureshttps://www.activecountermeasures.comWild West Hackin Festhttps://wildwesthackinfest.com

🧦 SOC Summit 2026https://www.antisyphontraining.com/event/soc-summit/Join us LIVE on Mondays, 4:30pm EST.A weekly Podcast with BHIS and Friends. We discuss notable Infosec, and infosec-adjacent news stories gathered by our community news team.https://www.youtube.com/@BlackHillsInformationSecurityChat with us on Discord! - https://discord.gg/bhis🔴live-chatChapters(00:00) - PreShow Banter™ — Kerberoasting Too Hard (05:28) - Pentagon Declares Anthropic a Supply Chain Risk — Talkin’ Bout [infosec] News 2026-03-02 (09:03) - Story # 1: Pentagon Designates Anthropic Supply Chain Risk (17:50) - Story # 2: European Parliament blocks AI on lawmakers’ devices, citing security risks (21:46) - Story # 3: Mexican Government Breach and the Rise of Agentic Cyber Threats (23:21) - Story # 4: 2026 CrowdStrike Global Threat Report: AI Accelerates Adversaries and Reshapes the Attack Surface (33:27) - Story # 5: Leak confirms GrapheneOS & Motorola partnership for non-Pixel hardware (38:47) - Story # 5b: Motorola announces a partnership with GrapheneOS Foundation, marking a new chapter in smartphone security and expanding its enterprise portfolio (39:44) - Story # 6: Immediate Action Required: CISA Issues Emergency Directive to Secure Cisco SD-WAN Systems (43:35) - Story # 7: Cops back Dutch telco Odido after second wave of ShinyHunters leaks (46:03) - Story # 8: Discord puts global age verification policy on hold after backlash (46:53) - Story # 9: A new California law says all operating systems, including Linux, need to have some form of age verification at account setup (52:14) - Story # 10: User accidentally gains control of over 6,700 robot vacuums (53:58) - Story # 11: App Warns You if Someone Is Wearing Smart Glasses Nearby (57:55) - Weekly CTF Winners (58:51) - Story # 12: Microsoft is blocking 'Microslop' comments in Copilot's official Discord server (59:24) - Story # 13: New AirSnitch attack bypasses Wi-Fi encryption in homes, offices, and enterprises LinksStory # 1: Pentagon Designates Anthropic Supply Chain RiskStory # 2: European Parliament blocks AI on lawmakers’ devices, citing security risksStory # 3: Mexican Government Breach and the Rise of Agentic Cyber ThreatsStory # 4: 2026 CrowdStrike Global Threat Report: AI Accelerates Adversaries and Reshapes the Attack SurfaceStory # 5: Leak confirms GrapheneOS & Motorola partnership for non-Pixel hardwareStory # 5b: Motorola announces a partnership with GrapheneOS Foundation, marking a new chapter in smartphone security and expanding its enterprise portfolioStory # 6: Immediate Action Required: CISA Issues Emergency Directive to Secure Cisco SD-WAN SystemsStory # 7: Cops back Dutch telco Odido after second wave of ShinyHunters leaksStory # 8: Discord puts global age verification policy on hold after backlashStory # 9: A new California law says all operating systems, including Linux, need to have some form of age verification at account setupStory # 10: User accidentally gains control of over 6,700 robot vacuumsStory # 11: App Warns You if Someone Is Wearing Smart Glasses NearbyStory # 12: Microsoft is blocking ‘Microslop’ comments in Copilot’s official Discord serverStory # 13: New AirSnitch attack bypasses Wi-Fi encryption in homes, offices, and enterprises🔗 Register for FREE Infosec Webcasts, Anti-casts & Summits https://poweredbybhis.comBrought to you by:Black Hills Information Security https://www.blackhillsinfosec.comAntisyphon Traininghttps://www.antisyphontraining.com/Active Countermeasureshttps://www.activecountermeasures.comWild West Hackin Festhttps://wildwesthackinfest.com

🧦 SOC Summit 2026https://www.antisyphontraining.com/event/soc-summit/In this episode:Agentic AI tools that can autonomously perform tasks like researching and booking flights, raising concerns about automated purchases, fraud, guardrails, and over-trust in AI systems.The idea of a coming “SaaS apocalypse,” where AI tools could replicate or replace many small- and mid-tier SaaS products by crawling and recreating their functionality—potentially disrupting payroll, accounting, and other service platforms.Android’s shift away from its open-platform roots, including concerns about reduced openness, developer anonymity in app stores, and the broader implications for privacy-focused users and alternative operating systems.Ongoing tensions in the tech ecosystem around platform control, openness, and general-purpose computing, particularly involving large vendors like Google, Apple, Oracle, and major cloud providers.Broader security implications of AI adoption, including hallucinations, accountability, and how organizations are integrating AI to cut costs versus innovate.The discussion centers strictly on these current tech news developments and their security, privacy, and market impact.Join us LIVE on Mondays, 4:30pm EST.A weekly Podcast with BHIS and Friends. We discuss notable Infosec, and infosec-adjacent news stories gathered by our community news team.https://www.youtube.com/@BlackHillsInformationSecurityChat with us on Discord! - https://discord.gg/bhis🔴live-chatChapters(00:00) - PreShow Banter™ — Take the interstate to Dubai (05:16) - The Coming SAAS Apocalypse - 2026-02-23 (08:02) - Story # 1: Keep Android Open (15:57) - Story # 2: Meta patents AI that takes over a dead person’s account to keep posting and chatting (21:36) - Story # 3: The Coming SaaS Apocalypse... (29:15) - Story # 4: Firm Data on AI (30:06) - Story # 4b: Thousands of CEOs just admitted AI had no impact on employment or productivity—and it has economists resurrecting a paradox from 40 years ago (36:38) - Story # 5: US Defense Secretary Hegseth summons Anthropic CEO for tough talks over military use of Claude, Axios reports (41:04) - Story # 6: Conduent data breach could be largest in U.S. history (43:36) - Story # 6: The Erosion of Agency and the New Burden on Leaders (46:25) - Story # 7: DSA-2026-079: Security Update for RecoverPoint for Virtual Machines Hardcoded Credential Vulnerability (48:53) - Story # 8: AI-augmented threat actor accesses FortiGate devices at scale (52:05) - Story # 9: I hacked ChatGPT and Google's AI - and it only took 20 minutes (01:03:30) - Antisyphon Training SOC Summit, March 25, 2026 (01:04:03) - Antisyphon Training: Attacking, Defending, and Leveraging AI-LLM Systems (01:04:21) - Antisyphon Workshop: Hacking AI-LLM Applications (01:04:50) - Antisyphon Anti-Cast: RED TEAMING AI: OWASP LLM TOP 10 WITH BRIAN AND DEREK (01:05:16) - PODCAST : A.I. Security Ops LinksStory # 1: Keep Android OpenStory # 2: Meta patents AI that takes over a dead person’s account to keep posting and chattingStory # 3: The Coming SaaS Apocalypse…Story # 4: Firm Data on AIStory # 4b: Thousands of CEOs just admitted AI had no impact on employment or productivity—and it has economists resurrecting a paradox from 40 years agoStory # 5: US Defense Secretary Hegseth summons Anthropic CEO for tough talks over military use of Claude, Axios reportsStory # 6: Conduent data breach could be largest in U.S. historyStory # 6: The Erosion of Agency and the New Burden on LeadersStory # 7: DSA-2026-079: Security Update for RecoverPoint for Virtual Machines Hardcoded Credential VulnerabilityStory # 8: AI-augmented threat actor accesses FortiGate devices at scaleStory # 9: I hacked ChatGPT and Google’s AI - and it only took 20 minutesAntisyphon Training SOC Summit, March 25, 2026Antisyphon Training: Attacking, Defending, and Leveraging AI-LLM SystemsAntisyphon Workshop: Hacking AI-LLM ApplicationsAntisyphon Anti-Cast: RED TEAMING AI: OWASP LLM TOP 10 WITH BRIAN AND DEREKPODCAST : A.I. Security Ops🔗 Register for FREE Infosec Webcasts, Anti-casts & Summits https://poweredbybhis.comBrought to you by:Black Hills Information Security https://www.blackhillsinfosec.comAntisyphon Traininghttps://www.antisyphontraining.com/Active Countermeasureshttps://www.activecountermeasures.comWild West Hackin Festhttps://wildwesthackinfest.comClick here to watch this episode on YouTube. Click here to view the episode transcript.

🧦 SOC Summit 2026https://www.antisyphontraining.com/event/soc-summit/In this episode, the crew dives into reports that Palo Alto Networks allegedly avoided directly attributing a threat campaign to China over fears of retaliation—sparking a broader debate about corporate and government threat attribution, geopolitics, and whether attribution still matters in today’s cyber landscape.They also explore the escalating AI arms race, including Meta’s aggressive (and expensive) talent poaching, the growing rivalry between OpenAI and Anthropic, and what it all means for the future of the industry.Rounding out the episode, the team discusses the unintended consequences of the AI boom—like global hardware shortages stretching beyond GPUs to hard drives—and examines emerging prompt injection attack techniques, highlighting real-world examples and the growing security risks surrounding AI-powered tools.Join us LIVE on Mondays, 4:30pm EST.A weekly Podcast with BHIS and Friends. We discuss notable Infosec, and infosec-adjacent news stories gathered by our community news team.https://www.youtube.com/@BlackHillsInformationSecurityChat with us on Discord! - https://discord.gg/bhis🔴live-chatChapters(00:00) - PreShow Banter™ — Threat Actor Age Range (06:00) - Palo Alto Fears China Retaliation – 2026-02-16 (11:51) - Story # 1: Exclusive: Palo Alto chose not to tie China to hacking campaign for fear of retaliation from Beijing, sources say (16:24) - Story # 2: Rent a Human (21:02) - Story # 3: OpenClaw creator Peter Steinberger joining OpenAI, Altman says (24:54) - Story # 4: Western Digital runs out of HDD capacity: CEO says massive AI deals secured, price surges ahead (28:53) - Story # 5: GTIG AI Threat Tracker: Distillation, Experimentation, and (Continued) Integration of AI for Adversarial Use (30:55) - Story # 6: Data Exfil from Agents in Messaging Apps (32:38) - Story # 7: AMOS infostealer targets macOS through a popular AI app (39:48) - Story # 8: Discord Voluntarily Pushes Mandatory Age Verification Despite Recent Data Breach (46:34) - Story # 9: Vietnam bans unskippable online video ads longer than 5 seconds from next month (50:22) - Story # 10: SolarWinds Web Help Desk Exploitation - February 2026 (54:23) - Story # 11: Devilish devs spawn 287 Chrome extensions to flog your browser history to data brokers (58:36) - Story # 12: Snail mail letters target Trezor and Ledger users in crypto-theft attacks (01:01:22) - Eric's Workshop (01:01:54) - Jennifer's Workshop (01:04:59) - SOC Summit 2026 LinksStory # 1: Exclusive: Palo Alto chose not to tie China to hacking campaign for fear of retaliation from Beijing, sources sayStory # 2: Rent a HumanStory # 3: OpenClaw creator Peter Steinberger joining OpenAI, Altman saysStory # 4: Western Digital runs out of HDD capacity: CEO says massive AI deals secured, price surges aheadStory # 5: GTIG AI Threat Tracker: Distillation, Experimentation, and (Continued) Integration of AI for Adversarial UseStory # 6: Data Exfil from Agents in Messaging AppsStory # 7: AMOS infostealer targets macOS through a popular AI appStory # 8: Discord Voluntarily Pushes Mandatory Age Verification Despite Recent Data BreachStory # 9: Vietnam bans unskippable online video ads longer than 5 seconds from next monthStory # 10: SolarWinds Web Help Desk Exploitation - February 2026Story # 11: Devilish devs spawn 287 Chrome extensions to flog your browser history to data brokersStory # 12: Snail mail letters target Trezor and Ledger users in crypto-theft attacks01:01:00 - Eric’s Workshop01:01:31 - Jennifer’s Workshop01:04:37 - SOC Summit 2026Creators & Guests Corey Ham - Host Wade Wells - Host Bronwen Aker - Host Ralph May - Host Ched "cheddar" Wiggins - Guest Jennifer Shannon - Guest Eric Kuehn - Guest Click here to watch a video of this episode. 🔗 Register for FREE Infosec Webcasts, Anti-casts & Summits https://poweredbybhis.comBrought to you by:Black Hills Information Security https://www.blackhillsinfosec.comAntisyphon Traininghttps://www.antisyphontraining.com/Active Countermeasureshttps://www.activecountermeasures.comWild West Hackin Festhttps://wildwesthackinfest.comClick here to view the episode transcript.

🧦 SOC Summit 2026https://www.antisyphontraining.com/event/soc-summit/Live from Wild West Hackin’ Fest Denver 2026, the Black Hills Information Security crew brings their signature mix of sharp security insight and off-the-cuff banter to a packed in-person audience. This episode centers on a controversial Notepad update that introduced Markdown rendering—along with a potential remote code execution (RCE) issue. The hosts unpack what this says about modern software bloat, “vibe coding,” and the growing push to embed AI into everything—whether it belongs there or not. They also explore the implications of Discord's Age verification requirements, AI-generated code, including OpenAI’s latest Codex model, and debate whether we’re headed toward a wave of AI-assisted vulnerabilities.Join us LIVE on Mondays, 4:30pm EST.A weekly Podcast with BHIS and Friends. We discuss notable Infosec, and infosec-adjacent news stories gathered by our community news team.https://www.youtube.com/@BlackHillsInformationSecurityChat with us on Discord! - https://discord.gg/bhis🔴live-chatChapters(00:00) - PreShow Banter™ — Corey Olympics (02:46) - Story # 1: Critical Notepad vulnerability reignites criticism of Microsoft’s forced AI features (08:05) - Story # 2: Discord will require a face scan or ID for full access next month (10:40) - Story # 3: 2026-01-14: The Day the telnet Died (15:27) - Story # 5: BeyondTrust Remote Access Products 0-Day Vulnerability Allows Remote Code Execution (16:55) - Story # GRITREP: 0APT and the Victims Who Weren’t (21:17) - The advanced advancement of AI models Click here to watch a video of this episode. Creators & Guests John Strand - Host Corey Ham - Host Derek Banks - Guest Andrew Krug - Guest Chadd Watson - Guest Hayden Covington - Host Click here to view the episode transcript. LinksStory # 1: Critical Notepad vulnerability reignites criticism of Microsoft’s forced AI featuresStory # 2: Discord will require a face scan or ID for full access next monthStory # 3: 2026-01-14: The Day the telnet DiedStory # 5: BeyondTrust Remote Access Products 0-Day Vulnerability Allows Remote Code ExecutionStory # GRITREP: 0APT and the Victims Who Weren’t🔗 Register for FREE Infosec Webcasts, Anti-casts & Summits https://poweredbybhis.comBrought to you by:Black Hills Information Security https://www.blackhillsinfosec.comAntisyphon Traininghttps://www.antisyphontraining.com/Active Countermeasureshttps://www.activecountermeasures.comWild West Hackin Festhttps://wildwesthackinfest.com

🧦 SOC Summit 2026https://www.antisyphontraining.com/event/soc-summit/Join us LIVE on Mondays, 4:30pm EST.A weekly Podcast with BHIS and Friends. We discuss notable Infosec, and infosec-adjacent news stories gathered by our community news team.https://www.youtube.com/@BlackHillsInformationSecurityChat with us on Discord! - https://discord.gg/bhis🔴live-chatThis episode breaks down recent reports of sensitive information being shared with AI tools and what that means for security and operations. The discussion covers OPSEC failures, common misuse of ChatGPT in professional environments, how data actually flows through AI systems, and what organizations should (and shouldn’t) worry about. The hosts focus on practical risk, realistic threat models, and actionable lessons for security teams navigating AI adoption.Chapters(00:00) - PreShow Banter™ — Robot Drivers (06:52) - US Defense Chief Uploads Secret Into to ChatGTP - 2026-02-02 (10:17) - Story # 1: US cyber defense chief accidentally uploaded secret government info to ChatGPT (19:26) - Story # 2: Hackers can bypass npm’s Shai-Hulud defenses via Git dependencies (23:24) - Story # 3: Notepad++ Official Update Mechanism Hijacked to Deliver Malware to Select Users (26:53) - Story # 4: Millions of Gmail, Facebook and other account credentials exposed (31:18) - Story # 5: Exposed Moltbook Database Let Anyone Take Control of Any AI Agent on the Site (36:36) - Story # 6: County pays $600,000 to pentesters it arrested for assessing courthouse security (39:35) - Story # 7: Costco reportedly removes RAM from its display PCs to prevent tech-savvy shoplifters, customers claim — GPUs also absent across stores as PC parts become a hot commodity (41:36) - Story # 8: Claude Sonnet 5 Is Imminent — And It Could Be a Generation Ahead of Google (45:32) - Story # 9: Researchers Find 175,000 Publicly Exposed Ollama AI Servers Across 130 Countries (49:12) - Story # 10: Match, Hinge, OkCupid, and Panera Bread breached by ransomware group (52:28) - Story # 11: Hunterbrook says Ubiquiti powering Russian battlefield communications in Ukraine (54:51) - Story # 12: Attack on Renewable Energy Plants (56:49) - Story # 13: Disrupting the World's Largest Residential Proxy Network | Google Cloud Blog LinksStory # 1: US cyber defense chief accidentally uploaded secret government info to ChatGPTStory # 2: Hackers can bypass npm’s Shai-Hulud defenses via Git dependenciesStory # 3: Notepad++ Official Update Mechanism Hijacked to Deliver Malware to Select UsersStory # 4: Millions of Gmail, Facebook and other account credentials exposedStory # 5: Exposed Moltbook Database Let Anyone Take Control of Any AI Agent on the SiteStory # 6: County pays $600,000 to pentesters it arrested for assessing courthouse securityStory # 7: Costco reportedly removes RAM from its display PCs to prevent tech-savvy shoplifters, customers claim — GPUs also absent across stores as PC parts become a hot commodityStory # 8: Claude Sonnet 5 Is Imminent — And It Could Be a Generation Ahead of GoogleStory # 9: Researchers Find 175,000 Publicly Exposed Ollama AI Servers Across 130 CountriesStory # 10: Match, Hinge, OkCupid, and Panera Bread breached by ransomware groupStory # 11: Hunterbrook says Ubiquiti powering Russian battlefield communications in UkraineStory # 12: Attack on Renewable Energy PlantsStory # 13: Disrupting the World’s Largest Residential Proxy Network | Google Cloud BlogWade & Hayden on Simply Cyber - https://www.youtube.com/live/c_lUP5gR15IHayden’s Class - https://www.antisyphontraining.com/product/foundations-of-security-operations-with-hayden-covington/Mishaal’s Class - https://www.antisyphontraining.com/product/next-level-osint-with-mishaal-khan/🔗 Register for FREE Infosec Webcasts, Anti-casts & Summits https://poweredbybhis.comBrought to you by:Black Hills Information Security https://www.blackhillsinfosec.comAntisyphon Traininghttps://www.antisyphontraining.com/Active Countermeasureshttps://www.activecountermeasures.comWild West Hackin Festhttps://wildwesthackinfest.com

🧦 SOC Summit 2026https://www.antisyphontraining.com/event/soc-summit/Join us LIVE on Mondays, 4:30pm EST.A weekly Podcast with BHIS and Friends. We discuss notable Infosec, and infosec-adjacent news stories gathered by our community news team.https://www.youtube.com/@BlackHillsInformationSecurityChat with us on Discord! - https://discord.gg/bhis🔴live-chatIn this episode, the hosts break down TikTok’s latest privacy policy and why it’s raising serious red flags. They discuss how the app expands data collection and tracking, what that means for user privacy, and the broader security implications—especially concerns around data access and China. Along the way, the conversation connects these changes to ongoing TikTok ban discussions, real-world risk for individuals and organizations, and what users should consider if they continue using the platform. The episode mixes technical insight with practical takeaways, making the privacy risks easy to understand without losing nuance.Chapters:(00:00) - PreShow Banter™ — Electroshock Therapy (02:51) - 2026-01-26 (07:56) - Story # 1: Fortinet confirms critical FortiCloud auth bypass not fully patched (14:50) - Story # 2: Hackers exploit critical telnetd auth bypass flaw to get root (18:00) - Story # 3: Clara Hawking’s Post on TikTok's Pivacy Policy (24:28) - Story # 4: Supreme Court to hear Facebook pixel tracking case (31:25) - Story # 5: Google accused of grooming kids after child receives this email (35:01) - Story # 6: House of Lords backs legislation to ban social media for children under 16 (36:10) - Story # 6b: Australia has banned social media for kids under 16. How does it work? (42:43) - Story # 7: Why Software Blocks Won’t Stop Illegally 3D Printed Guns (And What Actually Might) (48:52) - Story # 8: 1Password adds pop-up warnings for suspected phishing sites (52:32) - ClawdBot / Moltbot Links:Story # 1: Fortinet confirms critical FortiCloud auth bypass not fully patchedStory # 2: Hackers exploit critical telnetd auth bypass flaw to get rootStory # 3: Clara Hawking’s Post on TikTok’s Pivacy PolicyStory # 4: Supreme Court to hear Facebook pixel tracking caseStory # 5: Google accused of grooming kids after child receives this emailStory # 6: House of Lords backs legislation to ban social media for children under 16Story # 6b: Australia has banned social media for kids under 16. How does it work?Story # 7: Why Software Blocks Won’t Stop Illegally 3D Printed Guns (And What Actually Might)Story # 8: 1Password adds pop-up warnings for suspected phishing sitesClawdBot / MoltbotTroy’s WorkshopANTI-CAST: Effective AI for Practical SecOps Workflows w/ Hayden Covington🔗 Register for FREE Infosec Webcasts, Anti-casts & Summits https://poweredbybhis.comBrought to you by:Black Hills Information Security https://www.blackhillsinfosec.comAntisyphon Traininghttps://www.antisyphontraining.com/Active Countermeasureshttps://www.activecountermeasures.comWild West Hackin Festhttps://wildwesthackinfest.com

🧦 SOC Summit 2026https://www.antisyphontraining.com/event/soc-summit/Join us LIVE on Mondays, 4:30pm EST.A weekly Podcast with BHIS and Friends. We discuss notable Infosec, and infosec-adjacent news stories gathered by our community news team.https://www.youtube.com/@BlackHillsInformationSecurityChat with us on Discord! - https://discord.gg/bhis🔴live-chat🔗 Register for FREE Infosec Webcasts, Anti-casts & Summits – https://poweredbybhis.comThis episode is a rapid-fire cybersecurity news roundup covering multiple headlines and what they mean for defenders. The crew debates reports that Chinese firms are dropping U.S. and Israeli security vendors, then pivots into breach fallout, malware activity, and real-world attacker behavior. Along the way, they unpack how geopolitics affects procurement, why supply-chain dependencies make “bans” messy, and what happens when organizations swap tools fast. Expect candid takes on ransomware trends, enterprise security operations, and where hype collides with implementation. The hosts also riff on incident response realities, risk management, and what security teams should watch for next—plus plenty of side commentary and humor in between.Chapters(00:00) - PreShow Banter™ — Podcast Banter (04:36) - Chinese firms to stop using US and Israeli cybersecurity software - 2026-01-19 (09:19) - Story # 1: Exclusive: Beijing tells Chinese firms to stop using US and Israeli cybersecurity software, sources say (14:05) - Story # 2: Tennessee man to plead guilty to hacking Supreme Court’s electronic case filing system (16:48) - Story # 3: Hacker gets seven years for breaching Rotterdam and Antwerp ports (18:43) - Story # 4: 33-year-old Dutchman arrested for enableing criminals to test malware for antivirus programs. (20:25) - Story # 5: Army to ‘kill NIPR’ at multiple locations in commercial internet experiment (28:04) - Story # 6: Hungary grants asylum to former Polish minister implicated in spyware probe (29:35) - Story # 7: California orders Elon Musk’s AI company to immediately stop sharing sexual deepfakes (42:10) - Story # 8: ServiceNow BodySnatcher flaw highlights risks of rushed AI integrations (49:53) - Story # 8b: BodySnatcher (CVE-2025-12420): A Broken Authentication and Agentic Hijacking Vulnerability in ServiceNow (55:52) - CTF Winners (59:42) - ChickenSec: KFC app 'more secure' than Manage My Health, expert claims LinksStory # 1: Exclusive: Beijing tells Chinese firms to stop using US and Israeli cybersecurity software, sources sayStory # 2: Tennessee man to plead guilty to hacking Supreme Court’s electronic case filing systemStory # 3: Hacker gets seven years for breaching Rotterdam and Antwerp portsStory # 4: 33-year-old Dutchman arrested for enableing criminals to test malware for antivirus programs.Story # 5: Army to ‘kill NIPR’ at multiple locations in commercial internet experimentStory # 6: Hungary grants asylum to former Polish minister implicated in spyware probeStory # 7: California orders Elon Musk’s AI company to immediately stop sharing sexual deepfakesStory # 8: ServiceNow BodySnatcher flaw highlights risks of rushed AI integrationsStory # 8b: BodySnatcher (CVE-2025-12420): A Broken Authentication and Agentic Hijacking Vulnerability in ServiceNowChickenSec: KFC app ‘more secure’ than Manage My Health, expert claimsBrought to you by:Black Hills Information Security https://www.blackhillsinfosec.comAntisyphon Traininghttps://www.antisyphontraining.com/Active Countermeasureshttps://www.activecountermeasures.comWild West Hackin Festhttps://wildwesthackinfest.com

🧦 SOC Summit 2026https://www.antisyphontraining.com/event/soc-summit/Join us LIVE on Mondays, 4:30pm EST.A weekly Podcast with BHIS and Friends. We discuss notable Infosec, and infosec-adjacent news stories gathered by our community news team.https://www.youtube.com/@BlackHillsInformationSecurityChat with us on Discord! - https://discord.gg/bhis🔴live-chat🔗 Register for FREE webcasts, summits, and workshops - https://poweredbybhis.comIn this episode, we break down the “Doomsday” incident: a major breach forum gets breached, reminding everyone that even cybercriminal communities suffer constant OPSEC failures. We cover what leaked, why these underground markets keep imploding, and how infighting, reused infrastructure, weak authentication, and sloppy identity hygiene turn “elite hackers” into easy targets. Then we connect the dots to law enforcement’s latest crypto actions—how DOJ seizures and mixer investigations work, why blockchain tracing matters, and what criminals try (and fail) to do to hide money flows. Finally, we translate the news into practical defense: validate breach intel, monitor for credential stuffing, enable MFA, use unique passwords, and tighten access logs. Whether you’re a defender, creator, or online, this is the real-world cybercrime story behind the headlines.Chapters(00:00) - PreShow Banter™ — Task Overflow (02:52) - BreachForums Doomsday - 2026-01-12 (05:32) - Story # 1; Did DOJ Prosecutors Violate Trump’s Executive Order by Selling the Forfeited Samourai Wallet Bitcoin? (16:05) - Story # 2: Cloudflare defies Italy’s Piracy Shield, won’t block websites on 1.1.1.1 DNS (23:27) - Story # 3: California bans data broker reselling health data of millions (28:36) - Story # 4: Apple picks Google’s Gemini to run AI-powered Siri coming this year (36:23) - Story # 5: Ragebait as a phishing tactic (38:23) - Story # 6: Doomsday For Cybercriminals — Data Breach Of Major Dark Web Forum (40:54) - Story # 7: The Great VM Escape: ESXi Exploitation in the Wild (46:02) - Story # 8: OpenAI says ChatGPT won't use your health information to train its models (46:46) - Story # 8b: Anthropic brings Claude to healthcare with HIPAA-ready Enterprise tools (50:38) - Story # 9: Max severity Ni8mare flaw lets hackers hijack n8n servers (53:28) - Story # 10: Instagram Denies Data Breach, Fixes Unsolicited Password Reset Requests (57:12) - Reporter remembers saving animals a year after L.A. wildfires (58:15) - CTF Winners LinksStory # 1; Did DOJ Prosecutors Violate Trump’s Executive Order by Selling the Forfeited Samourai Wallet Bitcoin?Story # 2: Cloudflare defies Italy’s Piracy Shield, won’t block websites on 1.1.1.1 DNSStory # 3: California bans data broker reselling health data of millionsStory # 4: Apple picks Google’s Gemini to run AI-powered Siri coming this yearStory # 5: Ragebait as a phishing tacticStory # 6: Doomsday For Cybercriminals — Data Breach Of Major Dark Web ForumStory # 7: The Great VM Escape: ESXi Exploitation in the WildStory # 8: OpenAI says ChatGPT won’t use your health information to train its modelsStory # 8b: Anthropic brings Claude to healthcare with HIPAA-ready Enterprise toolsStory # 9: Max severity Ni8mare flaw lets hackers hijack n8n serversStory # 10: Instagram Denies Data Breach, Fixes Unsolicited Password Reset RequestsReporter remembers saving animals a year after L.A. wildfiresBrought to you by:Black Hills Information Security https://www.blackhillsinfosec.comAntisyphon Traininghttps://www.antisyphontraining.com/Active Countermeasureshttps://www.activecountermeasures.comWild West Hackin Fest - Join us for our Hybrid Conference and Pre-Conference Traininghttps://wildwesthackinfest.com

🧦 SOC Summit 2026https://www.antisyphontraining.com/event/soc-summit/Join us LIVE on Mondays, 4:30pm EST.A weekly Podcast with BHIS and Friends. We discuss notable Infosec, and infosec-adjacent news stories gathered by our community news team.https://www.youtube.com/@BlackHillsInformationSecurityChat with us on Discord! - https://discord.gg/bhis🔴live-chat🔗 Register for FREE webcasts, summits, and workshops - https://poweredbybhis.comIn this episode, we break down the growing debate around U.S. cyber operations against Venezuela—and what it means for modern cyber warfare, critical infrastructure security, and geopolitics. The conversation explores how nation-state attacks can target a country’s power grid, the challenges of attributing cyberattacks, and why industrial control systems (ICS/SCADA) remain a high-impact battleground. We also discuss the strategic value (and risks) of disrupting energy infrastructure, how these campaigns compare to other real-world incidents, and what defenders can learn to better protect utilities and national systems.Chapters(00:00) - PreShow Banter™ — Undisclosed Closets (09:30) - US Cyberattacks on Venezuela - 2026-01-05 (10:39) - Story # 1:Trump suggests US used cyberattacks to turn off lights in Venezuela during strikes (11:37) - Story # 1b: There Were BGP Anomalies During The Venezuela Blackout (21:29) - Story # 1c: Pizza index of war: Late-night traffic near Pentagon surges again as US strikes Venezuela (33:03) - Story # 2: Finland seizes ship suspected of damaging subsea cable in Baltic Sea (35:34) - Story # 3: US cybersecurity experts plead guilty to BlackCat ransomware attacks (36:09) - Story # 4: MongoDB Vulnerability CVE-2025-14847 Under Active Exploitation Worldwide (39:29) - Story # 5: Hackers claim to hack Resecurity, firm says it was a honeypot (42:29) - Story # 6: NordVPN denies breach claims, says attackers have "dummy data" (42:58) - Story # 7: Hackers say they have stolen 40 million Condé Nast Records - here's how to stay safe (44:06) - Story # 8: Hacker Dressed As Pink Power Ranger Dismantles Racist Websites Live on Stage (47:36) - Story # 9: NYC mayoral inauguration bans Flipper Zero, Raspberry Pi devices (52:41) - Story # 10: Manufacturer issues remote kill command to disable smart vacuum after engineer blocks it from collecting data — user revives it with custom hardware and Python scripts to run offline (55:38) - Story # 11: Ben Jordan Exposes Severe Security Vulnerabilities in Flock Surveillance Cameras (57:49) - Story # 11b: We Tracked Ourselves with Exposed Flock Cameras LinksStory # 1:Trump suggests US used cyberattacks to turn off lights in Venezuela during strikesStory # 1b: There Were BGP Anomalies During The Venezuela BlackoutStory # 1c: Pizza index of war: Late-night traffic near Pentagon surges again as US strikes VenezuelaStory # 2: Finland seizes ship suspected of damaging subsea cable in Baltic SeaStory # 3: US cybersecurity experts plead guilty to BlackCat ransomware attacksStory # 4: MongoDB Vulnerability CVE-2025-14847 Under Active Exploitation WorldwideStory # 5: Hackers claim to hack Resecurity, firm says it was a honeypotStory # 6: NordVPN denies breach claims, says attackers have “dummy data”Story # 7: Hackers say they have stolen 40 million Condé Nast Records - here’s how to stay safeStory # 8: Hacker Dressed As Pink Power Ranger Dismantles Racist Websites Live on StageStory # 9: NYC mayoral inauguration bans Flipper Zero, Raspberry Pi devicesStory # 10: Manufacturer issues remote kill command to disable smart vacuum after engineer blocks it from collecting data — user revives it with custom hardware and Python scripts to run offlineStory # 11: Ben Jordan Exposes Severe Security Vulnerabilities in Flock Surveillance CamerasStory # 11b: We Tracked Ourselves with Exposed Flock CamerasBrought to you by:Black Hills Information Security https://www.blackhillsinfosec.comAntisyphon Traininghttps://www.antisyphontraining.com/Active Countermeasureshttps://www.activecountermeasures.comWild West Hackin Festhttps://wildwesthackinfest.com

🧦 SOC Summit 2026https://www.antisyphontraining.com/event/soc-summit/Join us LIVE on Mondays, 4:30pm EST.A weekly Podcast with BHIS and Friends. We discuss notable Infosec, and infosec-adjacent news stories gathered by our community news team.https://www.youtube.com/@BlackHillsInformationSecurityChat with us on Discord! - https://discord.gg/bhis🔴live-chat🔗 Register for FREE webcasts, summits, and workshops - https://poweredbybhis.comChapters(00:00) - PreShow Banter™ — testing testing (00:34) - Hot Take Predictions for Next Year – 2025-12-15 (02:33) - Story # 1: Russian kids revolt as Kremlin bans Roblox, other popular apps (10:44) - Story # 2: Google's killing off its dark web report because users didn't know what to do with it (20:28) - Story # 3: Coupang data breach traced to ex-employee who retained system access (31:36) - Story # 4: Roomba maker iRobot bought by Chinese supplier after filing for bankruptcy (34:41) - Story # 5: February report from researcher found Chinese KVM had an unclearly documented microphone and communicated with China-based servers, but many of the security issues are now addressed [Updated] (37:11) - Story # 6: When adversaries bring their own virtual machine for persistence (42:20) - Story # 7: Oh no! Hackers snuck malware inside uber-popular Windows app Notepad++ (44:43) - Hot Take Predictions for 2026 LinksStory # 1: Russian kids revolt as Kremlin bans Roblox, other popular appsStory # 2: Google’s killing off its dark web report because users didn’t know what to do with itStory # 3: Coupang data breach traced to ex-employee who retained system accessStory # 4: Roomba maker iRobot bought by Chinese supplier after filing for bankruptcyStory # 5: February report from researcher found Chinese KVM had an unclearly documented microphone and communicated with China-based servers, but many of the security issues are now addressed [Updated]Story # 6: When adversaries bring their own virtual machine for persistenceStory # 7: Oh no! Hackers snuck malware inside uber-popular Windows app Notepad++The team looks ahead to 2026 and shares practical, sometimes blunt predictions about where cybersecurity is heading. They discuss how AI will continue reshaping both offense and defense, with attackers using automation at scale while defenders struggle to operationalize AI beyond marketing hype. The conversation highlights growing risk from identity abuse, cloud misconfigurations, and insecure SaaS sprawl, noting that many breaches will still come down to basic failures rather than advanced exploits. They also predict continued burnout in security teams, more consolidation among security vendors, and increasing pressure to prove real ROI from security tools. On the positive side, the hosts see improved detection engineering, better security education, and more community-driven knowledge sharing. Overall, the message is clear: fundamentals still matter, hype won’t save you, and organizations that focus on people, process, and visibility will be better positioned for 2026.Brought to you by:Black Hills Information Security https://www.blackhillsinfosec.comAntisyphon Traininghttps://www.antisyphontraining.com/Active Countermeasureshttps://www.activecountermeasures.comWild West Hackin Festhttps://wildwesthackinfest.com

🧦 SOC Summit 2026https://www.antisyphontraining.com/event/soc-summit/🔗 Register for FREE Infosec Webcasts, Anti-casts & Summits – https://poweredbybhis.comJoin us LIVE on Mondays, 4:30pm EST.A weekly Podcast with BHIS and Friends. We discuss notable Infosec, and infosec-adjacent news stories gathered by our community news team.https://www.youtube.com/@BlackHillsInformationSecurityChat with us on Discord!https://discord.gg/bhis🔴live-chatA Live Stream From inside Lazarus Group – 2025-12-08This BHIS episode blends cybersecurity humor, hacker culture, and livestream chaos as the team jokes about nation-state threats, leaked webcams, OPSEC mishaps, and technical glitches. With unscripted banter and light industry insights, it’s a fun, energetic listen for fans of ethical hacking, infosec podcasts, and behind-the-scenes security chatter.Chapters00:00 - PreShow Banter™ — Industry Leaders02:34 - A Live Stream From inside Lazarus Group – 2025-12-0804:24 - Story # 1: React2Shell (CVE-2025-55182): Everything You Need to Know About the Critical React Vulnerability08:58 - Story # 2: A Live Stream from Inside Lazarus Group’s IT Workers Scheme20:37 - Story # 3: Contractors with hacking records accused of wiping 96 govt databases26:44 - Story # 4: Apple refuses to pre-install government app on iPhones in India37:42 - Story # 5: Russia blocks Apple's FaceTime in mounting push against foreign tech platforms44:55 - Story # 6: ‘End-to-end encrypted’ smart toilet camera is not actually end-to-end encrypted57:53 - Story # 7: Flock Uses Overseas Gig Workers to Build its Surveillance AIBrought to you by:Black Hills Information Security https://www.blackhillsinfosec.comAntisyphon Traininghttps://www.antisyphontraining.com/Active Countermeasureshttps://www.activecountermeasures.comWild West Hackin Festhttps://wildwesthackinfest.com (00:00) - 00:00 - PreShow Banter™ — Industry Leaders (02:57) - A Live Stream From inside Lazarus Group – 2025-12-08 (04:47) - Story # 1: React2Shell (CVE-2025-55182): Everything You Need to Know About the Critical React Vulnerability (09:20) - Story # 2: A Live Stream from Inside Lazarus Group’s IT Workers Scheme (21:00) - Story # 3: Contractors with hacking records accused of wiping 96 govt databases (27:07) - Story # 4: Apple refuses to pre-install government app on iPhones in India (38:04) - Story # 5: Russia blocks Apple's FaceTime in mounting push against foreign tech platforms (45:18) - Story # 6: ‘End-to-end encrypted’ smart toilet camera is not actually end-to-end encrypted (58:15) - Story # 7: Flock Uses Overseas Gig Workers to Build its Surveillance AI

🧦 SOC Summit 2026https://www.antisyphontraining.com/event/soc-summit/Register for FREE Infosec Webcasts, Anti-casts & Summits –https://poweredbybhis.comChapters(00:00) - PreShow Banter™ — The Problem With Extensions (03:33) - Lawmakers Want to Ban VPNs – BHIS - Talkin' Bout [infosec] News 2025-12-01 (04:10) - Story # 1: Stop Putting Your Passwords Into Random Websites (Yes, Seriously, You Are The Problem) (12:28) - Story # 2: Lawmakers Want to Ban VPNs—And They Have No Idea What They're Doing (21:41) - Story # 3: Critical 7 Zip Vulnerability With Public Exploit Requires Manual Update (26:11) - Story # 4: 'Slop Evader' Lets You Surf the Web Like It’s 2022 (37:30) - Story # 5: China’s Espionage in Europe is Deepening and More Sophisticated than Acknowledged, Expert Says (39:33) - Story # 6: Apple Update Warning For All iPhone 17, 16 And 15 Users—Act Now (43:01) - Story # 7: Meta is earning a fortune on a deluge of fraudulent ads, documents show (50:45) - Story # 8: Meta had a 17-strike policy for sex trafficking, former safety leader claims (53:03) - Story # 9: Man behind in-flight Evil Twin WiFi attacks gets 7 years in prison News LinksStory # 1: Stop Putting Your Passwords Into Random Websites (Yes, Seriously, You Are The Problem)Story # 2: Lawmakers Want to Ban VPNs—And They Have No Idea What They're DoingStory # 3: Critical 7 Zip Vulnerability With Public Exploit Requires Manual UpdateStory # 4: 'Slop Evader' Lets You Surf the Web Like It’s 2022Story # 5: China’s Espionage in Europe is Deepening and More Sophisticated than Acknowledged, Expert SaysStory # 6: Apple Update Warning For All iPhone 17, 16 And 15 Users—Act NowStory # 7: Meta is earning a fortune on a deluge of fraudulent ads, documents showStory # 8: Meta had a 17-strike policy for sex trafficking, former safety leader claimsStory # 9: Man behind in-flight Evil Twin WiFi attacks gets 7 years in prisonBrought to you by: Black Hills Information Security https://www.blackhillsinfosec.comAntisyphon Traininghttps://www.antisyphontraining.com/Active Countermeasureshttps://www.activecountermeasures.comWild West Hackin Festhttps://wildwesthackinfest.com

🧦 SOC Summit 2026https://www.antisyphontraining.com/event/soc-summit/Register for FREE Infosec Webcasts, Anti-casts & Summits – https://poweredbybhis.comChapters(00:00) - PreShow Banter™ — Stressed about lithium batteries (05:22) - Shai-Hulud malware leaks secrets on GitHub – BHIS - Talkin' Bout [infosec] News 2025-11-24 (06:20) - Story # 1: Shai-Hulud malware infects 500 npm packages, leaks secrets on GitHub (11:41) - Story # 2: CrowdStrike catches insider feeding information to hackers (16:13) - Story # 3: Fidelity sues Broadcom over access to key software to avoid outages (22:40) - Story # 4: NetApp sues former CTO for alleged data breach (27:11) - Story # 5: CrowdStrike Research: Security Flaws in DeepSeek-Generated Code Linked to Political Triggers (36:28) - Story # 6: A major Cloudflare outage took down large parts of the internet - X, ChatGPT and more were affected, but all recovered now (37:34) - Story # 6b: Cloudflare outage on November 18, 2025 (42:06) - Story # 7: Iran-Linked Hackers Mapped Ship AIS Data Days Before Real-World Missile Strike Attempt (46:57) - Story # 8: This Hacker Conference Installed a Literal Antivirus Monitoring System (51:33) - Story # 9: Microsoft to integrate Sysmon directly into Windows 11, Server 2025 (57:03) - Story # 10: Crypto and Carcasses: Undercover Sting Recovers $700K in Bitcoin Miners, Foils $75K Frozen Turkey Heist News LinksStory # 1: Shai-Hulud malware infects 500 npm packages, leaks secrets on GitHubStory # 2: CrowdStrike catches insider feeding information to hackersStory # 3: Fidelity sues Broadcom over access to key software to avoid outagesStory # 4: NetApp sues former CTO for alleged data breachStory # 5: CrowdStrike Research: Security Flaws in DeepSeek-Generated Code Linked to Political TriggersStory # 6: A major Cloudflare outage took down large parts of the internet - X, ChatGPT and more were affected, but all recovered nowStory # 6b: Cloudflare outage on November 18, 2025Story # 7: Iran-Linked Hackers Mapped Ship AIS Data Days Before Real-World Missile Strike AttemptStory # 8: This Hacker Conference Installed a Literal Antivirus Monitoring SystemStory # 9: Microsoft to integrate Sysmon directly into Windows 11, Server 2025Story # 10: Crypto and Carcasses: Undercover Sting Recovers $700K in Bitcoin Miners, Foils $75K Frozen Turkey HeistBrought to you by:Black Hills Information Security https://www.blackhillsinfosec.comAntisyphon Traininghttps://www.antisyphontraining.com/

🧦 SOC Summit 2026https://www.antisyphontraining.com/event/soc-summit/Register for FREE Infosec Webcasts, Anti-casts & Summits – https://poweredbybhis.com00:00:00 - PreShow Banter™ — The Way the Community Rumbles00:08:21 - A.I. Transcription Startup Was Just A Guy Taking Notes - BHIS - Talkin’ Bout [infosec] News 2025-11-1700:09:01 - Story # 1: New data shows companies are rehiring former employees as AI falls short of expectations00:18:06 - Eric & Whitney’s “Podcast” [webcast] on training your own LLM00:22:12 - Story # 2: Founder Admits His “AI Transcription” Startup Was Just Him Joining People’s Meetings and Taking Notes by Hand00:26:20 - Story # 3: Five Plead Guilty in U.S. for Helping North Korean IT Workers Infiltrate 136 Companies00:37:35 - Story # 4: Google is easing up on Android’s new sideloading restrictions!00:43:44 - Story # 5: Google is collecting troves of data from downgraded Nest thermostats00:44:58 - Story # 5b: Hackers are saving Google’s abandoned Nest thermostats with open-source firmware00:51:34 - Story # 6: FFmpeg to Google: Fund Us or Stop Sending Bugs01:00:40 - Story # 7: Teens are Hacking School Systems. Let’s Teach Them to Protect Communities Instead01:05:55 - Story # 8: Disrupting the first reported AI-orchestrated cyber espionage campaign01:14:58 - Discord CTF Winners (00:00) - PreShow Banter™ — The Way the Community Rumbles (08:44) - A.I. Transcription Starup Was Just A Guy Taking Notes - BHIS - Talkin' Bout [infosec] News 2025-11-17 (09:24) - Story # 1: New data shows companies are rehiring former employees as AI falls short of expectations (18:28) - Eric & Whitney's "Podcast" [webcast] on training your own LLM (22:35) - Story # 2: Founder Admits His “AI Transcription” Startup Was Just Him Joining People’s Meetings and Taking Notes by Hand (26:43) - Story # 3: Five Plead Guilty in U.S. for Helping North Korean IT Workers Infiltrate 136 Companies (37:57) - Story # 4: Google is easing up on Android's new sideloading restrictions! (44:06) - Story # 5: Google is collecting troves of data from downgraded Nest thermostats (45:21) - Story # 5b: Hackers are saving Google's abandoned Nest thermostats with open-source firmware (51:56) - Story # 6: FFmpeg to Google: Fund Us or Stop Sending Bugs (01:01:02) - Story # 7: Teens are Hacking School Systems. Let’s Teach Them to Protect Communities Instead (01:06:18) - Story # 8: Disrupting the first reported AI-orchestrated cyber espionage campaign (01:15:21) - Discord CTF Winners

🧦 SOC Summit 2026https://www.antisyphontraining.com/event/soc-summit/Register for FREE Infosec Webcasts, Anti-casts & Summits – https://poweredbybhis.com Chapters00:00 - PreShow Banter™ — Humans are Done03:04 - Louvre’s video security password was ‘Louvre’ – BHIS - Talkin’ Bout [infosec] News 2025-11-1005:11 - Story # 1: I Tried the Robot That’s Coming to Live With You. It’s Still Part Human.15:14 - Story # 2: How to trade your $214,000 cybersecurity job for a jail cell25:14 - Story # 3: The Louvre’s video security password was reportedly ‘Louvre’29:04 - Story # 4: Dangerous runC flaws could allow hackers to escape Docker containers32:58 - Story # 5: List of AI Tools Promoted by Threat Actors in Underground Forums and Their Capabilities40:00 - Story # 5b: GTIG AI Threat Tracker: Advances in Threat Actor Usage of AI Tools56:37 - BHIS Webcast – X-Typhoon - Not your Father’s China with John Strand (00:00) - PreShow Banter™ — Humans are Done (03:26) - Louvre’s video security password was ‘Louvre’ – BHIS - Talkin' Bout [infosec] News 2025-11-10 (05:33) - Story # 1: I Tried the Robot That’s Coming to Live With You. It’s Still Part Human. (15:37) - Story # 2: How to trade your $214,000 cybersecurity job for a jail cell (25:36) - Story # 3: The Louvre’s video security password was reportedly ‘Louvre’ (29:26) - Story # 4: Dangerous runC flaws could allow hackers to escape Docker containers (33:21) - Story # 5: List of AI Tools Promoted by Threat Actors in Underground Forums and Their Capabilities (40:23) - Story # 5b: GTIG AI Threat Tracker: Advances in Threat Actor Usage of AI Tools (57:00) - BHIS Webcast – X-Typhoon - Not your Father's China with John Strand

🧦 SOC Summit 2026https://www.antisyphontraining.com/event/soc-summit/Register for FREE Infosec Webcasts, Anti-casts & Summits – https://poweredbybhis.com00:00 - PreShow Banter™ — Musical Views of the Universe04:05 - – BHIS - Talkin’ Bout [infosec] News 2025-11-0304:39 - Story # 1: Ransomware profits drop as victims stop paying hackers06:22 - Chart since 201916:06 - Story # 2: More than a million people every week show suicidal intent when chatting with ChatGPT, OpenAI estimates33:02 - Story # 3: 10M people watched a YouTuber shim a lock; the lock company sued him. Bad idea.41:18 - Story # 4: ‘Dangerous’ YouTube videos struck down for bypassing Windows 11 account setup [Update: Restored]47:13 - Story # 5: Chicago firm that resolves ransomware attacks had rogue workers carrying out their own hacks, FBI says51:08 - Story # 6: Microsoft: DNS outage impacts Azure and Microsoft 365 services54:33 - Story # 7: EY Data Leak – Massive 4TB SQL Server Backup Exposed Publicly on Microsoft Azure55:22 - Stordy # 8: Black Hat Europe 2025 Arsenal: 8 AI Security Tools Transforming Cybersecurity (00:00) - PreShow Banter™ — Musical Views of the Universe (04:27) - Ransomware Victims Stop Paying Hackers – BHIS - Talkin' Bout [infosec] News 2025-11-03 (05:01) - Story # 1: Ransomware profits drop as victims stop paying hackers (06:45) - Chart since 2019 (thumbnail) (16:29) - Story # 2: More than a million people every week show suicidal intent when chatting with ChatGPT, OpenAI estimates (33:25) - Story # 3: 10M people watched a YouTuber shim a lock; the lock company sued him. Bad idea. (41:41) - Story # 4: ‘Dangerous’ YouTube videos struck down for bypassing Windows 11 account setup [Update: Restored] (47:35) - Story # 5: Chicago firm that resolves ransomware attacks had rogue workers carrying out their own hacks, FBI says (51:30) - Story # 6: Microsoft: DNS outage impacts Azure and Microsoft 365 services (54:56) - Story # 7: EY Data Leak – Massive 4TB SQL Server Backup Exposed Publicly on Microsoft Azure (55:45) - Story # 8: Black Hat Europe 2025 Arsenal: 8 AI Security Tools Transforming Cybersecurity

🧦 SOC Summit 2026https://www.antisyphontraining.com/event/soc-summit/Register for FREE Infosec Webcasts, Anti-casts & Summits – https://poweredbybhis.comThe BHIS crew breaks down the latest cybersecurity stories making waves — from data breaches and malware campaigns to privacy issues, exploit trends, and tech policy shake-ups. Join our panel of security pros for expert analysis, sharp humor, and practical insights you can actually use. Whether it’s social engineering, AI-powered attacks, or bizarre security headlines, we dig into what matters most for defenders and curious minds alike. Stay informed, entertained, and one step ahead in the ever-changing world of infosec.00:00:00 - PreShow Banter™ — The Cost of War.xyz00:03:42 - The AI Browser Wars - BHIS - Talkin’ Bout [infosec] News 2025-10-2700:04:04 - Story # 1: Smart bed owners experience AWS outage nightmare as they’re left sweating and stuck in upright position00:10:49 - Story # 2: Robots May Replace 600,000 Human Employees at Amazon00:14:40 - Story # 3: Meet Mico, Microsoft’s AI version of Clippy00:20:59 - Story # 4: Exploitation of Windows Server Update Services Remote Code Execution Vulnerability00:26:31 - Story # 5: Ex-L3Harris executive accused of selling trade secrets to Russia00:31:29 - Story # 6: Introducing ChatGPT Atlas00:43:34 - Story # 7: ‘Phased Out’—Google Confirms Bad News For 3 Billion Chrome Users00:52:26 - Story # 8: The Y2K38 Bug Is a Vulnerability, Not Just a Date Problem, Researchers Warn01:00:16 - Story # 9: KFC Venezuela Alleged Data Breach – 1 Million Customer Records Exposed (00:00) - PreShow Banter™ — The Cost of War.xyz (04:05) - The AI Browser Wars - BHIS - Talkin' Bout [infosec] News 2025-10-27 (04:27) - Story # 1: Smart bed owners experience AWS outage nightmare as they're left sweating and stuck in upright position (11:11) - Story # 2: Robots May Replace 600,000 Human Employees at Amazon (15:03) - Story # 3: Meet Mico, Microsoft’s AI version of Clippy (21:21) - Story # 4: Exploitation of Windows Server Update Services Remote Code Execution Vulnerability (26:53) - Story # 5: Ex-L3Harris executive accused of selling trade secrets to Russia (31:51) - Story # 6: Introducing ChatGPT Atlas (43:57) - Story # 7: ‘Phased Out’—Google Confirms Bad News For 3 Billion Chrome Users (52:48) - Story # 8: The Y2K38 Bug Is a Vulnerability, Not Just a Date Problem, Researchers Warn (01:00:38) - Story # 9: KFC Venezuela Alleged Data Breach – 1 Million Customer Records Exposed

🧦 SOC Summit 2026https://www.antisyphontraining.com/event/soc-summit/Register for FREE Infosec Webcasts, Anti-casts & Summits – https://poweredbybhis.com00:00:00 - PreShow Banter™ — AWS Snow Day Party00:11:31 - Online Book Store Takes Down Half of the Internet - BHIS - Talkin’ Bout [infosec] News 2025-10-2000:12:12 - Story # 1: F5 says hackers stole undisclosed BIG-IP flaws, source code00:35:11 - Story # 2: Newsom signs age verification law, siding with tech giants over Hollywood00:48:39 - Story # 3: Researchers find a startlingly cheap way to steal your secrets from space00:55:04 - Story # 4: Jeff Bezos Has a Plan to Curb AI’s Carbon Footprint: Send Data Centers to Space01:02:22 - Story # 5: SolarWinds Security Chief reflects on the Russian hack that exposed US government agencies (00:00) - PreShow Banter™ — AWS Snow Day Party (11:53) - Online Book Store Takes Down Half of the Internet - BHIS - Talkin' Bout [infosec] News 2025-10-20 (12:35) - Story # 1: F5 says hackers stole undisclosed BIG-IP flaws, source code (35:33) - Story # 2: Newsom signs age verification law, siding with tech giants over Hollywood (49:02) - Story # 3: Researchers find a startlingly cheap way to steal your secrets from space (55:26) - Story # 4: Jeff Bezos Has a Plan to Curb AI’s Carbon Footprint: Send Data Centers to Space (01:02:44) - Story # 5: SolarWinds Security Chief reflects on the Russian hack that exposed US government agencies