Talkin' Bout [Infosec] News

Join us LIVE on Mondays, 4:30pm EST.A weekly Podcast with BHIS and Friends. We discuss notable Infosec, and infosec-adjacent news stories gathered by our community news team.https://www.youtube.com/@BlackHillsInformationSecurityChat with us on Discord! - https://discord.gg/bhis🔴live-chat🔗 Register for FREE webcasts, summits, and workshops - https://poweredbybhis.comChapters(00:00) - PreShow Banter™ — testing testing (00:11) - Hot Take Predictions for Next Year – 2025-12-15 (02:10) - Story # 1: Russian kids revolt as Kremlin bans Roblox, other popular apps (10:21) - Story # 2: Google's killing off its dark web report because users didn't know what to do with it (20:05) - Story # 3: Coupang data breach traced to ex-employee who retained system access (31:13) - Story # 4: Roomba maker iRobot bought by Chinese supplier after filing for bankruptcy (34:18) - Story # 5: February report from researcher found Chinese KVM had an unclearly documented microphone and communicated with China-based servers, but many of the security issues are now addressed [Updated] (36:48) - Story # 6: When adversaries bring their own virtual machine for persistence (41:57) - Story # 7: Oh no! Hackers snuck malware inside uber-popular Windows app Notepad++ (44:20) - Hot Take Predictions for 2026 LinksStory # 1: Russian kids revolt as Kremlin bans Roblox, other popular appsStory # 2: Google’s killing off its dark web report because users didn’t know what to do with itStory # 3: Coupang data breach traced to ex-employee who retained system accessStory # 4: Roomba maker iRobot bought by Chinese supplier after filing for bankruptcyStory # 5: February report from researcher found Chinese KVM had an unclearly documented microphone and communicated with China-based servers, but many of the security issues are now addressed [Updated]Story # 6: When adversaries bring their own virtual machine for persistenceStory # 7: Oh no! Hackers snuck malware inside uber-popular Windows app Notepad++The team looks ahead to 2026 and shares practical, sometimes blunt predictions about where cybersecurity is heading. They discuss how AI will continue reshaping both offense and defense, with attackers using automation at scale while defenders struggle to operationalize AI beyond marketing hype. The conversation highlights growing risk from identity abuse, cloud misconfigurations, and insecure SaaS sprawl, noting that many breaches will still come down to basic failures rather than advanced exploits. They also predict continued burnout in security teams, more consolidation among security vendors, and increasing pressure to prove real ROI from security tools. On the positive side, the hosts see improved detection engineering, better security education, and more community-driven knowledge sharing. Overall, the message is clear: fundamentals still matter, hype won’t save you, and organizations that focus on people, process, and visibility will be better positioned for 2026.Brought to you by:Black Hills Information Security https://www.blackhillsinfosec.comAntisyphon Traininghttps://www.antisyphontraining.com/Active Countermeasureshttps://www.activecountermeasures.comWild West Hackin Festhttps://wildwesthackinfest.com

🔗 Register for FREE Infosec Webcasts, Anti-casts & Summits – https://poweredbybhis.comJoin us LIVE on Mondays, 4:30pm EST.A weekly Podcast with BHIS and Friends. We discuss notable Infosec, and infosec-adjacent news stories gathered by our community news team.https://www.youtube.com/@BlackHillsInformationSecurityChat with us on Discord!https://discord.gg/bhis🔴live-chatA Live Stream From inside Lazarus Group – 2025-12-08This BHIS episode blends cybersecurity humor, hacker culture, and livestream chaos as the team jokes about nation-state threats, leaked webcams, OPSEC mishaps, and technical glitches. With unscripted banter and light industry insights, it’s a fun, energetic listen for fans of ethical hacking, infosec podcasts, and behind-the-scenes security chatter.Chapters00:00 - PreShow Banter™ — Industry Leaders02:34 - A Live Stream From inside Lazarus Group – 2025-12-0804:24 - Story # 1: React2Shell (CVE-2025-55182): Everything You Need to Know About the Critical React Vulnerability08:58 - Story # 2: A Live Stream from Inside Lazarus Group’s IT Workers Scheme20:37 - Story # 3: Contractors with hacking records accused of wiping 96 govt databases26:44 - Story # 4: Apple refuses to pre-install government app on iPhones in India37:42 - Story # 5: Russia blocks Apple's FaceTime in mounting push against foreign tech platforms44:55 - Story # 6: ‘End-to-end encrypted’ smart toilet camera is not actually end-to-end encrypted57:53 - Story # 7: Flock Uses Overseas Gig Workers to Build its Surveillance AIBrought to you by:Black Hills Information Security https://www.blackhillsinfosec.comAntisyphon Traininghttps://www.antisyphontraining.com/Active Countermeasureshttps://www.activecountermeasures.comWild West Hackin Festhttps://wildwesthackinfest.com (00:00) - 00:00 - PreShow Banter™ — Industry Leaders (02:34) - A Live Stream From inside Lazarus Group – 2025-12-08 (04:24) - Story # 1: React2Shell (CVE-2025-55182): Everything You Need to Know About the Critical React Vulnerability (08:57) - Story # 2: A Live Stream from Inside Lazarus Group’s IT Workers Scheme (20:37) - Story # 3: Contractors with hacking records accused of wiping 96 govt databases (26:44) - Story # 4: Apple refuses to pre-install government app on iPhones in India (37:41) - Story # 5: Russia blocks Apple's FaceTime in mounting push against foreign tech platforms (44:55) - Story # 6: ‘End-to-end encrypted’ smart toilet camera is not actually end-to-end encrypted (57:52) - Story # 7: Flock Uses Overseas Gig Workers to Build its Surveillance AI

Register for FREE Infosec Webcasts, Anti-casts & Summits –https://poweredbybhis.comChapters(00:00) - PreShow Banter™ — The Problem With Extensions (03:10) - Lawmakers Want to Ban VPNs – BHIS - Talkin' Bout [infosec] News 2025-12-01 (03:47) - Story # 1: Stop Putting Your Passwords Into Random Websites (Yes, Seriously, You Are The Problem) (12:05) - Story # 2: Lawmakers Want to Ban VPNs—And They Have No Idea What They're Doing (21:18) - Story # 3: Critical 7 Zip Vulnerability With Public Exploit Requires Manual Update (25:48) - Story # 4: 'Slop Evader' Lets You Surf the Web Like It’s 2022 (37:07) - Story # 5: China’s Espionage in Europe is Deepening and More Sophisticated than Acknowledged, Expert Says (39:10) - Story # 6: Apple Update Warning For All iPhone 17, 16 And 15 Users—Act Now (42:38) - Story # 7: Meta is earning a fortune on a deluge of fraudulent ads, documents show (50:22) - Story # 8: Meta had a 17-strike policy for sex trafficking, former safety leader claims (52:40) - Story # 9: Man behind in-flight Evil Twin WiFi attacks gets 7 years in prison News LinksStory # 1: Stop Putting Your Passwords Into Random Websites (Yes, Seriously, You Are The Problem)Story # 2: Lawmakers Want to Ban VPNs—And They Have No Idea What They're DoingStory # 3: Critical 7 Zip Vulnerability With Public Exploit Requires Manual UpdateStory # 4: 'Slop Evader' Lets You Surf the Web Like It’s 2022Story # 5: China’s Espionage in Europe is Deepening and More Sophisticated than Acknowledged, Expert SaysStory # 6: Apple Update Warning For All iPhone 17, 16 And 15 Users—Act NowStory # 7: Meta is earning a fortune on a deluge of fraudulent ads, documents showStory # 8: Meta had a 17-strike policy for sex trafficking, former safety leader claimsStory # 9: Man behind in-flight Evil Twin WiFi attacks gets 7 years in prisonBrought to you by: Black Hills Information Security https://www.blackhillsinfosec.comAntisyphon Traininghttps://www.antisyphontraining.com/Active Countermeasureshttps://www.activecountermeasures.comWild West Hackin Festhttps://wildwesthackinfest.com

Register for FREE Infosec Webcasts, Anti-casts & Summits – https://poweredbybhis.comChapters(00:00) - PreShow Banter™ — Stressed about lithium batteries (04:59) - Shai-Hulud malware leaks secrets on GitHub – BHIS - Talkin' Bout [infosec] News 2025-11-24 (05:57) - Story # 1: Shai-Hulud malware infects 500 npm packages, leaks secrets on GitHub (11:18) - Story # 2: CrowdStrike catches insider feeding information to hackers (15:50) - Story # 3: Fidelity sues Broadcom over access to key software to avoid outages (22:17) - Story # 4: NetApp sues former CTO for alleged data breach (26:48) - Story # 5: CrowdStrike Research: Security Flaws in DeepSeek-Generated Code Linked to Political Triggers (36:05) - Story # 6: A major Cloudflare outage took down large parts of the internet - X, ChatGPT and more were affected, but all recovered now (37:11) - Story # 6b: Cloudflare outage on November 18, 2025 (41:43) - Story # 7: Iran-Linked Hackers Mapped Ship AIS Data Days Before Real-World Missile Strike Attempt (46:34) - Story # 8: This Hacker Conference Installed a Literal Antivirus Monitoring System (51:10) - Story # 9: Microsoft to integrate Sysmon directly into Windows 11, Server 2025 (56:40) - Story # 10: Crypto and Carcasses: Undercover Sting Recovers $700K in Bitcoin Miners, Foils $75K Frozen Turkey Heist News LinksStory # 1: Shai-Hulud malware infects 500 npm packages, leaks secrets on GitHubStory # 2: CrowdStrike catches insider feeding information to hackersStory # 3: Fidelity sues Broadcom over access to key software to avoid outagesStory # 4: NetApp sues former CTO for alleged data breachStory # 5: CrowdStrike Research: Security Flaws in DeepSeek-Generated Code Linked to Political TriggersStory # 6: A major Cloudflare outage took down large parts of the internet - X, ChatGPT and more were affected, but all recovered nowStory # 6b: Cloudflare outage on November 18, 2025Story # 7: Iran-Linked Hackers Mapped Ship AIS Data Days Before Real-World Missile Strike AttemptStory # 8: This Hacker Conference Installed a Literal Antivirus Monitoring SystemStory # 9: Microsoft to integrate Sysmon directly into Windows 11, Server 2025Story # 10: Crypto and Carcasses: Undercover Sting Recovers $700K in Bitcoin Miners, Foils $75K Frozen Turkey HeistBrought to you by:Black Hills Information Security https://www.blackhillsinfosec.comAntisyphon Traininghttps://www.antisyphontraining.com/

Register for FREE Infosec Webcasts, Anti-casts & Summits – https://poweredbybhis.com00:00:00 - PreShow Banter™ — The Way the Community Rumbles00:08:21 - A.I. Transcription Startup Was Just A Guy Taking Notes - BHIS - Talkin’ Bout [infosec] News 2025-11-1700:09:01 - Story # 1: New data shows companies are rehiring former employees as AI falls short of expectations00:18:06 - Eric & Whitney’s “Podcast” [webcast] on training your own LLM00:22:12 - Story # 2: Founder Admits His “AI Transcription” Startup Was Just Him Joining People’s Meetings and Taking Notes by Hand00:26:20 - Story # 3: Five Plead Guilty in U.S. for Helping North Korean IT Workers Infiltrate 136 Companies00:37:35 - Story # 4: Google is easing up on Android’s new sideloading restrictions!00:43:44 - Story # 5: Google is collecting troves of data from downgraded Nest thermostats00:44:58 - Story # 5b: Hackers are saving Google’s abandoned Nest thermostats with open-source firmware00:51:34 - Story # 6: FFmpeg to Google: Fund Us or Stop Sending Bugs01:00:40 - Story # 7: Teens are Hacking School Systems. Let’s Teach Them to Protect Communities Instead01:05:55 - Story # 8: Disrupting the first reported AI-orchestrated cyber espionage campaign01:14:58 - Discord CTF Winners (00:00) - PreShow Banter™ — The Way the Community Rumbles (08:21) - A.I. Transcription Starup Was Just A Guy Taking Notes - BHIS - Talkin' Bout [infosec] News 2025-11-17 (09:01) - Story # 1: New data shows companies are rehiring former employees as AI falls short of expectations (18:05) - Eric & Whitney's "Podcast" [webcast] on training your own LLM (22:12) - Story # 2: Founder Admits His “AI Transcription” Startup Was Just Him Joining People’s Meetings and Taking Notes by Hand (26:20) - Story # 3: Five Plead Guilty in U.S. for Helping North Korean IT Workers Infiltrate 136 Companies (37:34) - Story # 4: Google is easing up on Android's new sideloading restrictions! (43:43) - Story # 5: Google is collecting troves of data from downgraded Nest thermostats (44:58) - Story # 5b: Hackers are saving Google's abandoned Nest thermostats with open-source firmware (51:33) - Story # 6: FFmpeg to Google: Fund Us or Stop Sending Bugs (01:00:39) - Story # 7: Teens are Hacking School Systems. Let’s Teach Them to Protect Communities Instead (01:05:55) - Story # 8: Disrupting the first reported AI-orchestrated cyber espionage campaign (01:14:58) - Discord CTF Winners

Register for FREE Infosec Webcasts, Anti-casts & Summits – https://poweredbybhis.com Chapters00:00 - PreShow Banter™ — Humans are Done03:04 - Louvre’s video security password was ‘Louvre’ – BHIS - Talkin’ Bout [infosec] News 2025-11-1005:11 - Story # 1: I Tried the Robot That’s Coming to Live With You. It’s Still Part Human.15:14 - Story # 2: How to trade your $214,000 cybersecurity job for a jail cell25:14 - Story # 3: The Louvre’s video security password was reportedly ‘Louvre’29:04 - Story # 4: Dangerous runC flaws could allow hackers to escape Docker containers32:58 - Story # 5: List of AI Tools Promoted by Threat Actors in Underground Forums and Their Capabilities40:00 - Story # 5b: GTIG AI Threat Tracker: Advances in Threat Actor Usage of AI Tools56:37 - BHIS Webcast – X-Typhoon - Not your Father’s China with John Strand (00:00) - PreShow Banter™ — Humans are Done (03:03) - Louvre’s video security password was ‘Louvre’ – BHIS - Talkin' Bout [infosec] News 2025-11-10 (05:10) - Story # 1: I Tried the Robot That’s Coming to Live With You. It’s Still Part Human. (15:14) - Story # 2: How to trade your $214,000 cybersecurity job for a jail cell (25:13) - Story # 3: The Louvre’s video security password was reportedly ‘Louvre’ (29:03) - Story # 4: Dangerous runC flaws could allow hackers to escape Docker containers (32:58) - Story # 5: List of AI Tools Promoted by Threat Actors in Underground Forums and Their Capabilities (40:00) - Story # 5b: GTIG AI Threat Tracker: Advances in Threat Actor Usage of AI Tools (56:37) - BHIS Webcast – X-Typhoon - Not your Father's China with John Strand

Register for FREE Infosec Webcasts, Anti-casts & Summits – https://poweredbybhis.com00:00 - PreShow Banter™ — Musical Views of the Universe04:05 - – BHIS - Talkin’ Bout [infosec] News 2025-11-0304:39 - Story # 1: Ransomware profits drop as victims stop paying hackers06:22 - Chart since 201916:06 - Story # 2: More than a million people every week show suicidal intent when chatting with ChatGPT, OpenAI estimates33:02 - Story # 3: 10M people watched a YouTuber shim a lock; the lock company sued him. Bad idea.41:18 - Story # 4: ‘Dangerous’ YouTube videos struck down for bypassing Windows 11 account setup [Update: Restored]47:13 - Story # 5: Chicago firm that resolves ransomware attacks had rogue workers carrying out their own hacks, FBI says51:08 - Story # 6: Microsoft: DNS outage impacts Azure and Microsoft 365 services54:33 - Story # 7: EY Data Leak – Massive 4TB SQL Server Backup Exposed Publicly on Microsoft Azure55:22 - Stordy # 8: Black Hat Europe 2025 Arsenal: 8 AI Security Tools Transforming Cybersecurity (00:00) - PreShow Banter™ — Musical Views of the Universe (04:04) - Ransomware Victims Stop Paying Hackers – BHIS - Talkin' Bout [infosec] News 2025-11-03 (04:38) - Story # 1: Ransomware profits drop as victims stop paying hackers (06:22) - Chart since 2019 (thumbnail) (16:06) - Story # 2: More than a million people every week show suicidal intent when chatting with ChatGPT, OpenAI estimates (33:02) - Story # 3: 10M people watched a YouTuber shim a lock; the lock company sued him. Bad idea. (41:18) - Story # 4: ‘Dangerous’ YouTube videos struck down for bypassing Windows 11 account setup [Update: Restored] (47:12) - Story # 5: Chicago firm that resolves ransomware attacks had rogue workers carrying out their own hacks, FBI says (51:07) - Story # 6: Microsoft: DNS outage impacts Azure and Microsoft 365 services (54:33) - Story # 7: EY Data Leak – Massive 4TB SQL Server Backup Exposed Publicly on Microsoft Azure (55:22) - Story # 8: Black Hat Europe 2025 Arsenal: 8 AI Security Tools Transforming Cybersecurity

Register for FREE Infosec Webcasts, Anti-casts & Summits – https://poweredbybhis.comThe BHIS crew breaks down the latest cybersecurity stories making waves — from data breaches and malware campaigns to privacy issues, exploit trends, and tech policy shake-ups. Join our panel of security pros for expert analysis, sharp humor, and practical insights you can actually use. Whether it’s social engineering, AI-powered attacks, or bizarre security headlines, we dig into what matters most for defenders and curious minds alike. Stay informed, entertained, and one step ahead in the ever-changing world of infosec.00:00:00 - PreShow Banter™ — The Cost of War.xyz00:03:42 - The AI Browser Wars - BHIS - Talkin’ Bout [infosec] News 2025-10-2700:04:04 - Story # 1: Smart bed owners experience AWS outage nightmare as they’re left sweating and stuck in upright position00:10:49 - Story # 2: Robots May Replace 600,000 Human Employees at Amazon00:14:40 - Story # 3: Meet Mico, Microsoft’s AI version of Clippy00:20:59 - Story # 4: Exploitation of Windows Server Update Services Remote Code Execution Vulnerability00:26:31 - Story # 5: Ex-L3Harris executive accused of selling trade secrets to Russia00:31:29 - Story # 6: Introducing ChatGPT Atlas00:43:34 - Story # 7: ‘Phased Out’—Google Confirms Bad News For 3 Billion Chrome Users00:52:26 - Story # 8: The Y2K38 Bug Is a Vulnerability, Not Just a Date Problem, Researchers Warn01:00:16 - Story # 9: KFC Venezuela Alleged Data Breach – 1 Million Customer Records Exposed (00:00) - PreShow Banter™ — The Cost of War.xyz (03:42) - The AI Browser Wars - BHIS - Talkin' Bout [infosec] News 2025-10-27 (04:04) - Story # 1: Smart bed owners experience AWS outage nightmare as they're left sweating and stuck in upright position (10:48) - Story # 2: Robots May Replace 600,000 Human Employees at Amazon (14:40) - Story # 3: Meet Mico, Microsoft’s AI version of Clippy (20:58) - Story # 4: Exploitation of Windows Server Update Services Remote Code Execution Vulnerability (26:30) - Story # 5: Ex-L3Harris executive accused of selling trade secrets to Russia (31:28) - Story # 6: Introducing ChatGPT Atlas (43:34) - Story # 7: ‘Phased Out’—Google Confirms Bad News For 3 Billion Chrome Users (52:25) - Story # 8: The Y2K38 Bug Is a Vulnerability, Not Just a Date Problem, Researchers Warn (01:00:15) - Story # 9: KFC Venezuela Alleged Data Breach – 1 Million Customer Records Exposed

Register for FREE Infosec Webcasts, Anti-casts & Summits – https://poweredbybhis.com00:00:00 - PreShow Banter™ — AWS Snow Day Party00:11:31 - Online Book Store Takes Down Half of the Internet - BHIS - Talkin’ Bout [infosec] News 2025-10-2000:12:12 - Story # 1: F5 says hackers stole undisclosed BIG-IP flaws, source code00:35:11 - Story # 2: Newsom signs age verification law, siding with tech giants over Hollywood00:48:39 - Story # 3: Researchers find a startlingly cheap way to steal your secrets from space00:55:04 - Story # 4: Jeff Bezos Has a Plan to Curb AI’s Carbon Footprint: Send Data Centers to Space01:02:22 - Story # 5: SolarWinds Security Chief reflects on the Russian hack that exposed US government agencies (00:00) - PreShow Banter™ — AWS Snow Day Party (11:30) - Online Book Store Takes Down Half of the Internet - BHIS - Talkin' Bout [infosec] News 2025-10-20 (12:12) - Story # 1: F5 says hackers stole undisclosed BIG-IP flaws, source code (35:10) - Story # 2: Newsom signs age verification law, siding with tech giants over Hollywood (48:39) - Story # 3: Researchers find a startlingly cheap way to steal your secrets from space (55:03) - Story # 4: Jeff Bezos Has a Plan to Curb AI’s Carbon Footprint: Send Data Centers to Space (01:02:21) - Story # 5: SolarWinds Security Chief reflects on the Russian hack that exposed US government agencies

Register for FREE Infosec Webcasts, Anti-casts & Summits – https://poweredbybhis.com00:00 - PreShow Banter™ — A Real Podcast03:15 - Hackers claim Discord breach exposed data of 5.5 million users – BHIS - Talkin' Bout [infosec] News 2025-10-1305:44 - Story # 1: CamoLeak: Critical GitHub Copilot Vulnerability Leaks Private Source Code24:27 - Story # 2: Hackers claim Discord breach exposed data of 5.5 million users36:52 - Story # 3: Velociraptor leveraged in ransomware attacks46:47 - Story # 4: Huntress Threat Advisory: Widespread SonicWall SSLVPN Compromise54:48 - CTF Challenge (00:00) - PreShow Banter™ — A Real Podcast (03:14) - Hackers claim Discord breach exposed data of 5.5 million users – BHIS - Talkin' Bout [infosec] News 2025-10-13 (05:43) - Story # 1: CamoLeak: Critical GitHub Copilot Vulnerability Leaks Private Source Code (24:26) - Story # 2: Hackers claim Discord breach exposed data of 5.5 million users (36:52) - Story # 3: Velociraptor leveraged in ransomware attacks (46:46) - Story # 4: Huntress Threat Advisory: Widespread SonicWall SSLVPN Compromise (54:48) - CTF Challenge

Register for FREE Infosec Webcasts, Anti-casts & Summits – https://poweredbybhis.com 00:00 - PreShow Banter™ — A little radiation never hurt anybody.03:07 - BHIS - Talkin’ Bout [infosec] News 2025-09-2903:29 - Story # 1: As many as 2 million Cisco devices affected by actively exploited 0-day19:07 - Story # 2: Viral call-recording app Neon goes dark after exposing users’ phone numbers, call recordings, and transcripts | TechCrunch24:25 - Story # 3: AI Darwin Awards Show AI’s Biggest Problem Is Human29:32 - Story # 4: Nikon revokes all C2PA image authenticity certificates after major vulnerability exposed34:14 - Story # 5: ‘You’ll never need to work again’: Criminals offer reporter money to hack BBC38:18 - Story # 6: Cybersecurity Training Programs Don’t Prevent Employees from Falling for Phishing Scams46:48 - Mini CTF Walkthrough56:03 - Story # 7: U.S. Secret Service dismantles imminent telecommunications threat in New York tristate area (00:00) - PreShow Banter™ — A little radiation never hurt anybody. (03:07) - BHIS - Talkin' Bout [infosec] News 2025-09-29 (03:28) - Story # 1: As many as 2 million Cisco devices affected by actively exploited 0-day (19:06) - Story # 2: Viral call-recording app Neon goes dark after exposing users' phone numbers, call recordings, and transcripts | TechCrunch (24:24) - Story # 3: AI Darwin Awards Show AI’s Biggest Problem Is Human (29:31) - Story # 4: Nikon revokes all C2PA image authenticity certificates after major vulnerability exposed (34:14) - Story # 5: 'You'll never need to work again': Criminals offer reporter money to hack BBC (38:18) - Story # 6: Cybersecurity Training Programs Don’t Prevent Employees from Falling for Phishing Scams (46:48) - Mini CTF Walkthrough (56:02) - Story # 7: U.S. Secret Service dismantles imminent telecommunications threat in New York tristate area

Register for FREE Infosec Webcasts, Anti-casts & Summits – https://poweredbybhis.com00:00 - PreShow Banter™ — Unnatural European Fridges03:34 - The Entra ID Cross-Tenant Vulnerability Discovery – BHIS - Talkin’ Bout [infosec] News 2025-09-2204:14 - Story # 1: One Token to rule them all - obtaining Global Admin in every Entra ID tenant via Actor tokens21:32 - Story # 2: Shai-Hulud: Self-Replicating Worm Compromises 500+ NPM Packages40:50 - OSSPREY – NPM Package @Ctrl/Tinycolor Compromised: Shai Hulud Malware Targets Secrets and Persistence51:41 - Story # 3: Verified Steam game steals streamer’s cancer treatment donations57:16 - Story # 4: Heathrow warns of second day of disruption after cyber-attack (00:00) - PreShow Banter™ — Unnatural European Fridges (03:07) - The Entra ID Cross-Tenant Vulnerability Discovery – BHIS - Talkin' Bout [infosec] News 2025-09-22 (03:45) - Story # 1: One Token to rule them all - obtaining Global Admin in every Entra ID tenant via Actor tokens (20:09) - Story # 2: Shai-Hulud: Self-Replicating Worm Compromises 500+ NPM Packages (38:51) - OSSPREY – NPM Package @Ctrl/Tinycolor Compromised: Shai Hulud Malware Targets Secrets and Persistence (49:28) - Story # 3: Verified Steam game steals streamer's cancer treatment donations (54:51) - Story # 4: Heathrow warns of second day of disruption after cyber-attack

???? Register for FREE Infosec Webcasts, Anti-casts & Summits – https://poweredbybhis.com 00:00 - PreShow Banter™ — Enter Dark John03:15 - Kerberoasting Goes to Washington – BHIS - Talkin’ Bout [infosec] News 2025-09-1503:49 - Story # 1: Senator blasts Microsoft for making default Windows vulnerable to “Kerberoasting”12:46 - Story # 2: How an Attacker’s Blunder Gave Us a Rare Look Inside Their Day-to-Day Operations32:42 - Story # 3: Some JLR suppliers ‘face bankruptcy’ due to hack crisis41:30 - Story # 4: AI-Powered Villager Pen Testing Tool Hits 11,000 PyPI Downloads Amid Abuse Concerns46:07 - Story # 5: All your vulns are belong to us! CISA wants to maintain gov control of CVE program49:55 - Story # 6: Qantas penalizes executives for July cyberattack51:15 - Story # 7: America’s second largest egg producer breached, claim hackers54:55 - Story # 8: Undocumented Radios Found in Solar-Powered Devices (00:00) - PreShow Banter™ — Enter Dark John (03:14) - Kerberoasting Goes to Washington – BHIS - Talkin' Bout [infosec] News 2025-09-15 (03:49) - Story # 1: Senator blasts Microsoft for making default Windows vulnerable to “Kerberoasting” (12:46) - Story # 2: How an Attacker’s Blunder Gave Us a Rare Look Inside Their Day-to-Day Operations (32:41) - Story # 3: Some JLR suppliers 'face bankruptcy' due to hack crisis (41:29) - Story # 4: AI-Powered Villager Pen Testing Tool Hits 11,000 PyPI Downloads Amid Abuse Concerns (46:06) - Story # 5: All your vulns are belong to us! CISA wants to maintain gov control of CVE program (49:54) - Story # 6: Qantas penalizes executives for July cyberattack (51:14) - Story # 7: America’s second largest egg producer breached, claim hackers (54:55) - Story # 8: Undocumented Radios Found in Solar-Powered Devices

Register for FREE Infosec Webcasts, Anti-casts & Summits – https://poweredbybhis.com00:00 - PreShow Banter™ — If I Were French04:35 - Anthropic 1.5 Billion © Settlement - BHIS - Talkin’ Bout [infosec] News 2025-09-0805:48 - Hackers Threaten to Submit Artists’ Data to AI Models If Art Site Doesn’t Pay Up08:40 - Anthropic Agrees to Pay Authors at Least $1.5 Billion in AI Copyright Settlement23:58 - This Company Turns Dashcams into ‘Virtual CCTV Cameras.’ Then Hackers Got In33:38 - Ice obtains access to Israeli-made spyware that can hack phones and encrypted apps40:07 - Cloudflare Blocks Record-Breaking 11.5 Tbps DDoS Attack44:27 - npm Packages With 2 Billion Weekly Downloads Hacked in Major Attack46:38 - Update on Mandiant Drift and Salesloft Application Investigations51:04 - M&S hackers claim to be behind Jaguar Land Rover cyber attack51:55 - New TP-Link zero-day surfaces as CISA warns other flaws are exploited54:52 - ChickenSec: US turns to Russia for chicken eggs for the first time in 32 years, despite sanctions to cripple its economy57:58 - Cybercriminals Exploit X’s Grok AI to Bypass Ad Protections and Spread Malware to Millions (00:00) - PreShow Banter™ — If I Were French (04:35) - Anthropic 1.5 Billion © Settlement - BHIS - Talkin' Bout [infosec] News 2025-09-08 (05:47) - Hackers Threaten to Submit Artists' Data to AI Models If Art Site Doesn't Pay Up (08:40) - Anthropic Agrees to Pay Authors at Least $1.5 Billion in AI Copyright Settlement (23:57) - This Company Turns Dashcams into ‘Virtual CCTV Cameras.’ Then Hackers Got In (33:38) - Ice obtains access to Israeli-made spyware that can hack phones and encrypted apps (40:07) - Cloudflare Blocks Record-Breaking 11.5 Tbps DDoS Attack (44:26) - npm Packages With 2 Billion Weekly Downloads Hacked in Major Attack (46:37) - Update on Mandiant Drift and Salesloft Application Investigations (51:03) - M&S hackers claim to be behind Jaguar Land Rover cyber attack (51:54) - New TP-Link zero-day surfaces as CISA warns other flaws are exploited (54:52) - ChickenSec: US turns to Russia for chicken eggs for the first time in 32 years, despite sanctions to cripple its economy (57:57) - Cybercriminals Exploit X's Grok AI to Bypass Ad Protections and Spread Malware to Millions

Register for FREE Infosec Webcasts, Anti-casts & Summits – https://poweredbybhis.com00:00 - PreShow Banter™ — It’s 8ft skeleton season.02:18 - BHIS - Talkin’ Bout [infosec] News 2025-09-0203:07 - Story # 1: Salesloft breached to steal OAuth tokens for Salesforce data-theft attacks07:35 - Story # 2: DSLRoot, Proxies, and the Threat of ‘Legal Botnets’13:46 - Story # 3: Attackers Abuse Velociraptor Forensic Tool to Deploy Visual Studio Code for C2 Tunneling17:44 - Story # 4: Ransomware crooks knock Swedish municipalities offline for measly sum of $168K19:39 - Story # 5: As crippling cyberattack against Nevada continues, Lombardo says ‘we’re working through it.’20:56 - Story # 6: Citrix forgot to tell you CVE-2025–6543 has been used as a zero day since May 202522:43 - Story # 7: NetScaler ADC and NetScaler Gateway Security Bulletin for CVE-2025-7775, CVE-2025-7776 and CVE-2025-842425:20 - Story # 8: First known AI-powered ransomware uncovered by ESET Research30:00 - Story # 9: In the rush to adopt hot new tech, security is often forgotten. AI is no exception32:06 - Story # 10: TransUnion suffers data breach impacting over 4.4 million people34:17 - Story # 11: ChickenSec FollowUp: Artificial Intelligence: The other AI35:20 - Story # 12: They weren’t lovin’ it - hacker cracks McDonald’s security in quest for free nuggets, and it was apparently not too tricky39:29 - Identify the birds you see or hear with Merlin Bird ID40:04 - Story # 13: Detecting and countering misuse of AI: August 202551:31 - Story # 14: I’m a Stanford student. A Chinese agent tried to recruit me as a spy (00:00) - PreShow Banter™ — It’s 8ft skeleton season. (02:17) - BHIS - Talkin' Bout [infosec] News 2025-09-02 (03:07) - Story # 1: Salesloft breached to steal OAuth tokens for Salesforce data-theft attacks (07:35) - Story # 2: DSLRoot, Proxies, and the Threat of ‘Legal Botnets’ (13:46) - Story # 3: Attackers Abuse Velociraptor Forensic Tool to Deploy Visual Studio Code for C2 Tunneling (17:44) - Story # 4: Ransomware crooks knock Swedish municipalities offline for measly sum of $168K (19:39) - Story # 5: As crippling cyberattack against Nevada continues, Lombardo says ‘we’re working through it.’ (20:56) - Story # 6: Citrix forgot to tell you CVE-2025–6543 has been used as a zero day since May 2025 (22:43) - Story # 7: NetScaler ADC and NetScaler Gateway Security Bulletin for CVE-2025-7775, CVE-2025-7776 and CVE-2025-8424 (25:19) - Story # 8: First known AI-powered ransomware uncovered by ESET Research (30:00) - Story # 9: In the rush to adopt hot new tech, security is often forgotten. AI is no exception (32:05) - Story # 10: TransUnion suffers data breach impacting over 4.4 million people (34:16) - Story # 11: ChickenSec FollowUp: Artificial Intelligence: The other AI (35:20) - Story # 12: They weren't lovin' it - hacker cracks McDonald's security in quest for free nuggets, and it was apparently not too tricky (39:29) - Identify the birds you see or hear with Merlin Bird ID (40:03) - Story # 13: Detecting and countering misuse of AI: August 2025 (51:31) - Story # 14: I’m a Stanford student. A Chinese agent tried to recruit me as a spy

Register for FREE Infosec Webcasts, Anti-casts & Summits – https://poweredbybhis.com00:00 - PreShow Banter™ — Canadian Chicken02:01 - The AI Bubble BHIS - Talkin’ Bout [infosec] News 2025-08-2502:23 - Story # 1: Congressman proposes bringing back letters of marque for cyber privateers09:27 - Story # 2: SIM-Swapper, Scattered Spider Hacker Gets 10 Years12:43 - Story # 3: Developer jailed for taking down employer’s network with kill switch malware16:33 - Story # 4: Agentic Browser Security: Indirect Prompt Injection in Perplexity Comet20:42 - The Utopia Chronicles23:20 - Story # 5: “Unstoppable Power Surges”: China’s Quantum Processor Outspeeds Supercomputers by 1 Quadrillion and Triggers US Intelligence Panic28:47 - Story # 6: Bank forced to rehire workers after lying about chatbot productivity, union says41:21 - Story # 7: It Took Many Years And Billions Of Dollars, But Microsoft Finally Invented A Calculator That Is Wrong Sometimes43:41 - Story # 8: Copilot Broke Your Audit Log, but Microsoft Won’t Tell You46:33 - Story # 9: Russian state-sponsored espionage group Static Tundra compromises unpatched end-of-life network devices49:24 - Story # 10 : Zero-Day Clickjacking Flaws Found in Password Managers Used by Millions53:12 - Story # 11: Cybersecurity training doesn’t work: time wasted with no impact, study finds59:07 - ChickenSec: Artificial Intelligence: The other AI (00:00) - PreShow Banter™ — Canadian Chicken (02:01) - The AI Bubble BHIS - Talkin' Bout [infosec] News 2025-08-25 (02:23) - Story # 1: Congressman proposes bringing back letters of marque for cyber privateers (09:27) - Story # 2: SIM-Swapper, Scattered Spider Hacker Gets 10 Years (12:42) - Story # 3: Developer jailed for taking down employer's network with kill switch malware (16:33) - Story # 4: Agentic Browser Security: Indirect Prompt Injection in Perplexity Comet (20:41) - The Utopia Chronicles (23:20) - Story # 5: “Unstoppable Power Surges”: China’s Quantum Processor Outspeeds Supercomputers by 1 Quadrillion and Triggers US Intelligence Panic (28:46) - Story # 6: Bank forced to rehire workers after lying about chatbot productivity, union says (41:21) - Story # 7: It Took Many Years And Billions Of Dollars, But Microsoft Finally Invented A Calculator That Is Wrong Sometimes (43:41) - Story # 8: Copilot Broke Your Audit Log, but Microsoft Won’t Tell You (46:33) - Story # 9: Russian state-sponsored espionage group Static Tundra compromises unpatched end-of-life network devices (49:24) - Story # 10 : Zero-Day Clickjacking Flaws Found in Password Managers Used by Millions (53:12) - Story # 11: Cybersecurity training doesn’t work: time wasted with no impact, study finds (59:06) - ChickenSec: Artificial Intelligence: The other AI

Register for FREE Infosec Webcasts, Anti-casts & Summits – https://poweredbybhis.com00:00 - PreShow Banter™ — The gif that keeps on giffing01:46 - Cyberattack Bricks Speed Cameras – BHIS - Talkin’ Bout [infosec] News 2025-08-1802:39 - Story # 1: Perplexity made a sky-high $34.5 billion bid for Google Chrome — a bold and unusual move in the midst of antitrust scrutiny07:16 - Story # 2: Exclusive: US embeds trackers in AI chip shipments to catch diversions to China, sources say10:22 - Story # 3: How we found TeaOnHer spilling users’ driver’s licenses in less than 10 minutes12:17 - Story # 4: Cisco discloses maximum-severity defect in firewall software13:56 - Story # 5: Data Dump From APT Actor Yields Clues to Attacker Capabilities19:13 - Story # 6: Russian cyberattack in the Netherlands leaves speed cameras offline indefinitely23:30 - Story # 7: HTTP/2 MadeYouReset Vulnerability Enables Massive DDoS Attacks24:51 - Story # 8: LAPD Eyes ‘GeoSpy’, an AI Tool That Can Geolocate Photos in Seconds29:05 - Story # 9: Manpower discloses data breach affecting nearly 145,000 people34:51 - Story # 10: Hacker Offers to Sell 15.8 Million Plain-Text PayPal Credentials On Dark Web Forum35:34 - Story # 11: The First Federal Cybersecurity Disaster of Trump 2.0 Has Arrived40:54 - Story # 12: New Clever Phishing Attack Uses Japanese Character “ん” to Mimic Forward Slash “/”46:28 - Story # 13: Fortinet warns of FortiSIEM pre-auth RCE flaw with exploit in the wild48:13 - Story # 14: Plex warns users to patch security vulnerability immediately50:53 - ChickenSec: Noble Foods using soil mapping technology at organic egg farm (00:00) - PreShow Banter™ — The gif that keeps on giffing (01:46) - Cyberattack Bricks Speed Cameras – BHIS - Talkin' Bout [infosec] News 2025-08-18 (02:38) - Story # 1: Perplexity made a sky-high $34.5 billion bid for Google Chrome — a bold and unusual move in the midst of antitrust scrutiny (07:16) - Story # 2: Exclusive: US embeds trackers in AI chip shipments to catch diversions to China, sources say (10:22) - Story # 3: How we found TeaOnHer spilling users’ driver’s licenses in less than 10 minutes (12:16) - Story # 4: Cisco discloses maximum-severity defect in firewall software (13:55) - Story # 5: Data Dump From APT Actor Yields Clues to Attacker Capabilities (19:13) - Story # 6: Russian cyberattack in the Netherlands leaves speed cameras offline indefinitely (23:30) - Story # 7: HTTP/2 MadeYouReset Vulnerability Enables Massive DDoS Attacks (24:51) - Story # 8: LAPD Eyes ‘GeoSpy’, an AI Tool That Can Geolocate Photos in Seconds (29:04) - Story # 9: Manpower discloses data breach affecting nearly 145,000 people (34:50) - Story # 10: Hacker Offers to Sell 15.8 Million Plain-Text PayPal Credentials On Dark Web Forum (35:34) - Story # 11: The First Federal Cybersecurity Disaster of Trump 2.0 Has Arrived (40:53) - Story # 12: New Clever Phishing Attack Uses Japanese Character “ん” to Mimic Forward Slash “/” (46:27) - Story # 13: Fortinet warns of FortiSIEM pre-auth RCE flaw with exploit in the wild (48:13) - Story # 14: Plex warns users to patch security vulnerability immediately (50:52) - ChickenSec: Noble Foods using soil mapping technology at organic egg farm

Register for FREE Infosec Webcasts, Anti-casts & Summits – https://poweredbybhis.com00:00 - PreShow Banter™ — Wading Through Woods06:06 - DEF CON RECAP - Talkin’ Bout [infosec] News 2025-08-1109:16 - Story # 1: It’s time to acknowledge HTTP/1.1 is insecure12:36 - Story # 2: Research reveals possible privacy gaps in Apple Intelligence’s data handling17:51 - Story # 3: Federal court filing system hit in sweeping hack21:09 - Story # 4: Cisco discloses data breach impacting Cisco.com user accounts32:17 - Story # 5: Google says its AI-based bug hunter found 20 security vulnerabilities34:20 - Story # 6: Automate security reviews with Claude Code39:01 - Story # 7: Flipper Zero ‘DarkWeb’ Firmware Bypasses Rolling Code Security on Major Vehicle Brands44:44 - Story # 7b: OnStar assists CHP in stopping fleeing SUV with toddler inside47:12 - Story # 7c: That viral video of a ‘deactivated’ Tesla Cybertruck is a fake49:37 - Story # 8: LegalPwn Attack Tricks GenAI Tools Into Misclassifying Malware as Safe Code50:53 - Story # 9: Microsoft Launches Project Ire to Autonomously Classify Malware Using AI Tools53:08 - Story # 10: A Single Poisoned Document Could Leak ‘Secret’ Data Via ChatGPT58:10 - Story # 11: Millions of Dell Laptops Vulnerable to Device Takeover and Persistent Malware Attacks (00:00) - PreShow Banter™ — Wading Through Woods (06:06) - DEF CON RECAP - Talkin' Bout [infosec] News 2025-08-11 (09:15) - Story # 1: It's time to acknowledge HTTP/1.1 is insecure (12:36) - Story # 2: Research reveals possible privacy gaps in Apple Intelligence’s data handling (17:50) - Story # 3: Federal court filing system hit in sweeping hack (21:08) - Story # 4: Cisco discloses data breach impacting Cisco.com user accounts (32:16) - Story # 5: Google says its AI-based bug hunter found 20 security vulnerabilities (34:20) - Story # 6: Automate security reviews with Claude Code (39:00) - Story # 7: Flipper Zero ‘DarkWeb’ Firmware Bypasses Rolling Code Security on Major Vehicle Brands (44:43) - Story # 7b: OnStar assists CHP in stopping fleeing SUV with toddler inside (47:11) - Story # 7c: That viral video of a ‘deactivated’ Tesla Cybertruck is a fake (49:36) - Story # 8: LegalPwn Attack Tricks GenAI Tools Into Misclassifying Malware as Safe Code (50:52) - Story # 9: Microsoft Launches Project Ire to Autonomously Classify Malware Using AI Tools (53:08) - Story # 10: A Single Poisoned Document Could Leak ‘Secret’ Data Via ChatGPT (58:09) - Story # 11: Millions of Dell Laptops Vulnerable to Device Takeover and Persistent Malware Attacks

Register for FREE Infosec Webcasts, Anti-casts & Summits – https://poweredbybhis.com00:00:00 - PreShow Banter™ — Stop Asking Wade if he’s in Vegas00:02:16 - Perplexity Uses Stealth Crawlers to Evade No-Crawl Directives – 2025-08-0400:11:25 - Story # 1: Insurance won’t cover $5M in City of Hamilton claims for cyberattack, citing lack of log-in security00:18:40 - Story # 2: States Enact Safe Harbor Laws that Provide Affirmative Defenses in Data Breach Litigation00:26:45 - Story # 3: Hackers Destroy Aeroflot’s IT Infrastructure, Causing Over 42 Flight Cancellations00:34:18 - Story # 4: Attackers exploit link-wrapping services to steal Microsoft 365 logins00:40:09 - Story # 5: Mozilla flags phishing wave aimed at hijacking trusted Firefox add-ons00:42:18 - Wade’s plugin recommendation00:44:39 - Story # 6: Perplexity is using stealth, undeclared crawlers to evade website no-crawl directives00:51:11 - Story # 7: After Backlash, ChatGPT Removes Option to Have Private Chats Indexed by Google00:55:21 - AI 202701:01:01 - What’s Ralph been up to? (00:00) - PreShow Banter™ — Stop Asking Wade if he's in Vegas (02:16) - Perplexity Uses Stealth Crawlers to Evade No-Crawl Directives – 2025-08-04 (11:25) - Story # 1: Insurance won't cover $5M in City of Hamilton claims for cyberattack, citing lack of log-in security (18:39) - Story # 2: States Enact Safe Harbor Laws that Provide Affirmative Defenses in Data Breach Litigation (26:44) - Story # 3: Hackers Destroy Aeroflot’s IT Infrastructure, Causing Over 42 Flight Cancellations (34:18) - Story # 4: Attackers exploit link-wrapping services to steal Microsoft 365 logins (40:09) - Story # 5: Mozilla flags phishing wave aimed at hijacking trusted Firefox add-ons (42:17) - Wade’s plugin recommendation (44:38) - Story # 6: Perplexity is using stealth, undeclared crawlers to evade website no-crawl directives (51:10) - Story # 7: After Backlash, ChatGPT Removes Option to Have Private Chats Indexed by Google (55:20) - AI 2027 (01:01:00) - What’s Ralph been up to?

Register for FREE Infosec Webcasts, Anti-casts & Summits – https://poweredbybhis.com 00:00 - PreShow Banter™ — National Chicken Wing Day04:16 - BHIS - Talkin’ Bout [infosec] News 2025-07-2805:30 - Story # 1: Bad vibes: How an AI agent coded its way to disaster08:40 - Story # 1b: Replit goes rogue, deletes entire database.15:44 - Story # 2: A major AI training data set contains millions of examples of personal data26:05 - Story # 3: Women Dating Safety App ‘Tea’ Breached, Users’ IDs Posted to 4chan33:19 - Story # 4:A Startup is Selling Data Hacked from Peoples’ Computers to Debt Collectors40:28 - Story # 5: Clorox Sues IT Provider Cognizant For Simply Giving Employee Password to Hackers49:46 - Story # 6: Businesses banned from paying hackers’ ransoms to target cybercrime57:38 - SharePoint Follow Up (00:00) - PreShow Banter™ — National Chicken Wing Day (04:15) - BHIS - Talkin' Bout [infosec] News 2025-07-28 (05:29) - Story # 1: Bad vibes: How an AI agent coded its way to disaster (08:39) - Story # 1b: Replit goes rogue, deletes entire database. (15:43) - Story # 2: A major AI training data set contains millions of examples of personal data (26:04) - Story # 3: Women Dating Safety App 'Tea' Breached, Users' IDs Posted to 4chan (33:18) - Story # 4:A Startup is Selling Data Hacked from Peoples’ Computers to Debt Collectors (40:27) - Story # 5: Clorox Sues IT Provider Cognizant For Simply Giving Employee Password to Hackers (49:46) - Story # 6: Businesses banned from paying hackers’ ransoms to target cybercrime (57:38) - SharePoint Follow Up