Talkin' Bout [Infosec] News

Register for FREE Infosec Webcasts, Anti-casts & Summits –https://poweredbybhis.com00:00 - PreShow Banter™ — The Problem With Extensions03:10 - Lawmakers Want to Ban VPNs – BHIS - Talkin’ Bout [infosec] News 2025-12-0103:47 - Story # 1: Stop Putting Your Passwords Into Random Websites (Yes, Seriously, You Are The Problem)https://labs.watchtowr.com/stop-putting-your-passwords-into-random-websites-yes-seriously-you-are-the-problem/12:05 - Story # 2: Lawmakers Want to Ban VPNs—And They Have No Idea What They’re Doinghttps://www.eff.org/deeplinks/2025/11/lawmakers-want-ban-vpns-and-they-have-no-idea-what-theyre-doing21:19 - Story # 3: Critical 7 Zip Vulnerability With Public Exploit Requires Manual Updatehttps://hackread.com/7-zip-vulnerability-public-exploit-manual-update/25:49 - Story # 4: ‘Slop Evader’ Lets You Surf the Web Like It’s 2022https://www.404media.co/slop-evader-browser-extension-pre-generative-ai-search-filter/37:08 - Story # 5: China’s Espionage in Europe is Deepening and More Sophisticated than Acknowledged, Expert Sayshttps://www.kyivpost.com/post/6481439:10 - Story # 6: Apple Update Warning For All iPhone 17, 16 And 15 Users—Act Nowhttps://www.forbes.com/sites/zakdoffman/2025/11/30/apple-update-warning-for-all-iphone-17-16-and-15-users-act-now/42:39 - Story # 6: Meta is earning a fortune on a deluge of fraudulent ads, documents showhttps://www.reuters.com/investigations/meta-is-earning-fortune-deluge-fraudulent-ads-documents-show-2025-11-06/50:23 - Story # 7: Meta had a 17-strike policy for sex trafficking, former safety leader claimshttps://www.theverge.com/news/827658/meta-17-strike-policy-sex-trafficking-testimony-lawsuit52:41 - Story # 8: Man behind in-flight Evil Twin WiFi attacks gets 7 years in prisonhttps://www.bleepingcomputer.com/news/security/man-behind-in-flight-evil-twin-wifi-attacks-gets-7-years-in-prison/Brought to you by: 🔗 Black Hills Information Securityhttps://www.blackhillsinfosec.com/🔗 Antisyphon Traininghttps://www.antisyphontraining.com/ (00:00) - PreShow Banter™ — The Problem With Extensions (03:10) - Lawmakers Want to Ban VPNs – BHIS - Talkin' Bout [infosec] News 2025-12-01 (03:47) - Story # 1: Stop Putting Your Passwords Into Random Websites (Yes, Seriously, You Are The Problem) (12:05) - Story # 2: Lawmakers Want to Ban VPNs—And They Have No Idea What They're Doing (21:18) - Story # 3: Critical 7 Zip Vulnerability With Public Exploit Requires Manual Update (25:48) - Story # 4: 'Slop Evader' Lets You Surf the Web Like It’s 2022 (37:07) - Story # 5: China’s Espionage in Europe is Deepening and More Sophisticated than Acknowledged, Expert Says (39:10) - Story # 6: Apple Update Warning For All iPhone 17, 16 And 15 Users—Act Now (42:38) - Story # 6: Meta is earning a fortune on a deluge of fraudulent ads, documents show (50:22) - Story # 7: Meta had a 17-strike policy for sex trafficking, former safety leader claims (52:40) - Story # 8: Man behind in-flight Evil Twin WiFi attacks gets 7 years in prison

Register for FREE Infosec Webcasts, Anti-casts & Summits – https://poweredbybhis.com00:00 - PreShow Banter™ — Stressed about lithium batteries04:59 - Shai-Hulud malware leaks secrets on GitHub – BHIS - Talkin’ Bout [infosec] News 2025-11-2405:57 - Story # 1: Shai-Hulud malware infects 500 npm packages, leaks secrets on GitHub11:19 - Story # 2: CrowdStrike catches insider feeding information to hackers15:50 - Story # 3: Fidelity sues Broadcom over access to key software to avoid outages22:17 - Story # 4: NetApp sues former CTO for alleged data breach26:49 - Story # 5: CrowdStrike Research: Security Flaws in DeepSeek-Generated Code Linked to Political Triggers36:05 - Story # 6: A major Cloudflare outage took down large parts of the internet - X, ChatGPT and more were affected, but all recovered now37:11 - Story # 6b: Cloudflare outage on November 18, 202541:43 - Story # 7: Iran-Linked Hackers Mapped Ship AIS Data Days Before Real-World Missile Strike Attempt46:35 - Story # 8: This Hacker Conference Installed a Literal Antivirus Monitoring System51:10 - Story # 10: Microsoft to integrate Sysmon directly into Windows 11, Server 202556:41 - Story # 9: Crypto and Carcasses: Undercover Sting Recovers $700K in Bitcoin Miners, Foils $75K Frozen Turkey Heist (00:00) - PreShow Banter™ — Stressed about lithium batteries (04:59) - Shai-Hulud malware leaks secrets on GitHub – BHIS - Talkin' Bout [infosec] News 2025-11-24 (05:57) - Story # 1: Shai-Hulud malware infects 500 npm packages, leaks secrets on GitHub (11:18) - Story # 2: CrowdStrike catches insider feeding information to hackers (15:50) - Story # 3: Fidelity sues Broadcom over access to key software to avoid outages (22:17) - Story # 4: NetApp sues former CTO for alleged data breach (26:48) - Story # 5: CrowdStrike Research: Security Flaws in DeepSeek-Generated Code Linked to Political Triggers (36:05) - Story # 6: A major Cloudflare outage took down large parts of the internet - X, ChatGPT and more were affected, but all recovered now (37:11) - Story # 6b: Cloudflare outage on November 18, 2025 (41:43) - Story # 7: Iran-Linked Hackers Mapped Ship AIS Data Days Before Real-World Missile Strike Attempt (46:34) - Story # 8: This Hacker Conference Installed a Literal Antivirus Monitoring System (51:10) - Story # 9: Microsoft to integrate Sysmon directly into Windows 11, Server 2025 (56:40) - Story # 10: Crypto and Carcasses: Undercover Sting Recovers $700K in Bitcoin Miners, Foils $75K Frozen Turkey Heist

Register for FREE Infosec Webcasts, Anti-casts & Summits – https://poweredbybhis.com00:00:00 - PreShow Banter™ — The Way the Community Rumbles00:08:21 - A.I. Transcription Startup Was Just A Guy Taking Notes - BHIS - Talkin’ Bout [infosec] News 2025-11-1700:09:01 - Story # 1: New data shows companies are rehiring former employees as AI falls short of expectations00:18:06 - Eric & Whitney’s “Podcast” [webcast] on training your own LLM00:22:12 - Story # 2: Founder Admits His “AI Transcription” Startup Was Just Him Joining People’s Meetings and Taking Notes by Hand00:26:20 - Story # 3: Five Plead Guilty in U.S. for Helping North Korean IT Workers Infiltrate 136 Companies00:37:35 - Story # 4: Google is easing up on Android’s new sideloading restrictions!00:43:44 - Story # 5: Google is collecting troves of data from downgraded Nest thermostats00:44:58 - Story # 5b: Hackers are saving Google’s abandoned Nest thermostats with open-source firmware00:51:34 - Story # 6: FFmpeg to Google: Fund Us or Stop Sending Bugs01:00:40 - Story # 7: Teens are Hacking School Systems. Let’s Teach Them to Protect Communities Instead01:05:55 - Story # 8: Disrupting the first reported AI-orchestrated cyber espionage campaign01:14:58 - Discord CTF Winners (00:00) - PreShow Banter™ — The Way the Community Rumbles (08:21) - A.I. Transcription Starup Was Just A Guy Taking Notes - BHIS - Talkin' Bout [infosec] News 2025-11-17 (09:01) - Story # 1: New data shows companies are rehiring former employees as AI falls short of expectations (18:05) - Eric & Whitney's "Podcast" [webcast] on training your own LLM (22:12) - Story # 2: Founder Admits His “AI Transcription” Startup Was Just Him Joining People’s Meetings and Taking Notes by Hand (26:20) - Story # 3: Five Plead Guilty in U.S. for Helping North Korean IT Workers Infiltrate 136 Companies (37:34) - Story # 4: Google is easing up on Android's new sideloading restrictions! (43:43) - Story # 5: Google is collecting troves of data from downgraded Nest thermostats (44:58) - Story # 5b: Hackers are saving Google's abandoned Nest thermostats with open-source firmware (51:33) - Story # 6: FFmpeg to Google: Fund Us or Stop Sending Bugs (01:00:39) - Story # 7: Teens are Hacking School Systems. Let’s Teach Them to Protect Communities Instead (01:05:55) - Story # 8: Disrupting the first reported AI-orchestrated cyber espionage campaign (01:14:58) - Discord CTF Winners

Register for FREE Infosec Webcasts, Anti-casts & Summits – https://poweredbybhis.com Chapters00:00 - PreShow Banter™ — Humans are Done03:04 - Louvre’s video security password was ‘Louvre’ – BHIS - Talkin’ Bout [infosec] News 2025-11-1005:11 - Story # 1: I Tried the Robot That’s Coming to Live With You. It’s Still Part Human.15:14 - Story # 2: How to trade your $214,000 cybersecurity job for a jail cell25:14 - Story # 3: The Louvre’s video security password was reportedly ‘Louvre’29:04 - Story # 4: Dangerous runC flaws could allow hackers to escape Docker containers32:58 - Story # 5: List of AI Tools Promoted by Threat Actors in Underground Forums and Their Capabilities40:00 - Story # 5b: GTIG AI Threat Tracker: Advances in Threat Actor Usage of AI Tools56:37 - BHIS Webcast – X-Typhoon - Not your Father’s China with John Strand (00:00) - PreShow Banter™ — Humans are Done (03:03) - Louvre’s video security password was ‘Louvre’ – BHIS - Talkin' Bout [infosec] News 2025-11-10 (05:10) - Story # 1: I Tried the Robot That’s Coming to Live With You. It’s Still Part Human. (15:14) - Story # 2: How to trade your $214,000 cybersecurity job for a jail cell (25:13) - Story # 3: The Louvre’s video security password was reportedly ‘Louvre’ (29:03) - Story # 4: Dangerous runC flaws could allow hackers to escape Docker containers (32:58) - Story # 5: List of AI Tools Promoted by Threat Actors in Underground Forums and Their Capabilities (40:00) - Story # 5b: GTIG AI Threat Tracker: Advances in Threat Actor Usage of AI Tools (56:37) - BHIS Webcast – X-Typhoon - Not your Father's China with John Strand

Register for FREE Infosec Webcasts, Anti-casts & Summits – https://poweredbybhis.com00:00 - PreShow Banter™ — Musical Views of the Universe04:05 - – BHIS - Talkin’ Bout [infosec] News 2025-11-0304:39 - Story # 1: Ransomware profits drop as victims stop paying hackers06:22 - Chart since 201916:06 - Story # 2: More than a million people every week show suicidal intent when chatting with ChatGPT, OpenAI estimates33:02 - Story # 3: 10M people watched a YouTuber shim a lock; the lock company sued him. Bad idea.41:18 - Story # 4: ‘Dangerous’ YouTube videos struck down for bypassing Windows 11 account setup [Update: Restored]47:13 - Story # 5: Chicago firm that resolves ransomware attacks had rogue workers carrying out their own hacks, FBI says51:08 - Story # 6: Microsoft: DNS outage impacts Azure and Microsoft 365 services54:33 - Story # 7: EY Data Leak – Massive 4TB SQL Server Backup Exposed Publicly on Microsoft Azure55:22 - Stordy # 8: Black Hat Europe 2025 Arsenal: 8 AI Security Tools Transforming Cybersecurity (00:00) - PreShow Banter™ — Musical Views of the Universe (04:04) - Ransomware Victims Stop Paying Hackers – BHIS - Talkin' Bout [infosec] News 2025-11-03 (04:38) - Story # 1: Ransomware profits drop as victims stop paying hackers (06:22) - Chart since 2019 (thumbnail) (16:06) - Story # 2: More than a million people every week show suicidal intent when chatting with ChatGPT, OpenAI estimates (33:02) - Story # 3: 10M people watched a YouTuber shim a lock; the lock company sued him. Bad idea. (41:18) - Story # 4: ‘Dangerous’ YouTube videos struck down for bypassing Windows 11 account setup [Update: Restored] (47:12) - Story # 5: Chicago firm that resolves ransomware attacks had rogue workers carrying out their own hacks, FBI says (51:07) - Story # 6: Microsoft: DNS outage impacts Azure and Microsoft 365 services (54:33) - Story # 7: EY Data Leak – Massive 4TB SQL Server Backup Exposed Publicly on Microsoft Azure (55:22) - Story # 8: Black Hat Europe 2025 Arsenal: 8 AI Security Tools Transforming Cybersecurity

Register for FREE Infosec Webcasts, Anti-casts & Summits – https://poweredbybhis.comThe BHIS crew breaks down the latest cybersecurity stories making waves — from data breaches and malware campaigns to privacy issues, exploit trends, and tech policy shake-ups. Join our panel of security pros for expert analysis, sharp humor, and practical insights you can actually use. Whether it’s social engineering, AI-powered attacks, or bizarre security headlines, we dig into what matters most for defenders and curious minds alike. Stay informed, entertained, and one step ahead in the ever-changing world of infosec.00:00:00 - PreShow Banter™ — The Cost of War.xyz00:03:42 - The AI Browser Wars - BHIS - Talkin’ Bout [infosec] News 2025-10-2700:04:04 - Story # 1: Smart bed owners experience AWS outage nightmare as they’re left sweating and stuck in upright position00:10:49 - Story # 2: Robots May Replace 600,000 Human Employees at Amazon00:14:40 - Story # 3: Meet Mico, Microsoft’s AI version of Clippy00:20:59 - Story # 4: Exploitation of Windows Server Update Services Remote Code Execution Vulnerability00:26:31 - Story # 5: Ex-L3Harris executive accused of selling trade secrets to Russia00:31:29 - Story # 6: Introducing ChatGPT Atlas00:43:34 - Story # 7: ‘Phased Out’—Google Confirms Bad News For 3 Billion Chrome Users00:52:26 - Story # 8: The Y2K38 Bug Is a Vulnerability, Not Just a Date Problem, Researchers Warn01:00:16 - Story # 9: KFC Venezuela Alleged Data Breach – 1 Million Customer Records Exposed (00:00) - PreShow Banter™ — The Cost of War.xyz (03:42) - The AI Browser Wars - BHIS - Talkin' Bout [infosec] News 2025-10-27 (04:04) - Story # 1: Smart bed owners experience AWS outage nightmare as they're left sweating and stuck in upright position (10:48) - Story # 2: Robots May Replace 600,000 Human Employees at Amazon (14:40) - Story # 3: Meet Mico, Microsoft’s AI version of Clippy (20:58) - Story # 4: Exploitation of Windows Server Update Services Remote Code Execution Vulnerability (26:30) - Story # 5: Ex-L3Harris executive accused of selling trade secrets to Russia (31:28) - Story # 6: Introducing ChatGPT Atlas (43:34) - Story # 7: ‘Phased Out’—Google Confirms Bad News For 3 Billion Chrome Users (52:25) - Story # 8: The Y2K38 Bug Is a Vulnerability, Not Just a Date Problem, Researchers Warn (01:00:15) - Story # 9: KFC Venezuela Alleged Data Breach – 1 Million Customer Records Exposed

Register for FREE Infosec Webcasts, Anti-casts & Summits – https://poweredbybhis.com00:00:00 - PreShow Banter™ — AWS Snow Day Party00:11:31 - Online Book Store Takes Down Half of the Internet - BHIS - Talkin’ Bout [infosec] News 2025-10-2000:12:12 - Story # 1: F5 says hackers stole undisclosed BIG-IP flaws, source code00:35:11 - Story # 2: Newsom signs age verification law, siding with tech giants over Hollywood00:48:39 - Story # 3: Researchers find a startlingly cheap way to steal your secrets from space00:55:04 - Story # 4: Jeff Bezos Has a Plan to Curb AI’s Carbon Footprint: Send Data Centers to Space01:02:22 - Story # 5: SolarWinds Security Chief reflects on the Russian hack that exposed US government agencies (00:00) - PreShow Banter™ — AWS Snow Day Party (11:30) - Online Book Store Takes Down Half of the Internet - BHIS - Talkin' Bout [infosec] News 2025-10-20 (12:12) - Story # 1: F5 says hackers stole undisclosed BIG-IP flaws, source code (35:10) - Story # 2: Newsom signs age verification law, siding with tech giants over Hollywood (48:39) - Story # 3: Researchers find a startlingly cheap way to steal your secrets from space (55:03) - Story # 4: Jeff Bezos Has a Plan to Curb AI’s Carbon Footprint: Send Data Centers to Space (01:02:21) - Story # 5: SolarWinds Security Chief reflects on the Russian hack that exposed US government agencies

Register for FREE Infosec Webcasts, Anti-casts & Summits – https://poweredbybhis.com00:00 - PreShow Banter™ — A Real Podcast03:15 - Hackers claim Discord breach exposed data of 5.5 million users – BHIS - Talkin' Bout [infosec] News 2025-10-1305:44 - Story # 1: CamoLeak: Critical GitHub Copilot Vulnerability Leaks Private Source Code24:27 - Story # 2: Hackers claim Discord breach exposed data of 5.5 million users36:52 - Story # 3: Velociraptor leveraged in ransomware attacks46:47 - Story # 4: Huntress Threat Advisory: Widespread SonicWall SSLVPN Compromise54:48 - CTF Challenge (00:00) - PreShow Banter™ — A Real Podcast (03:14) - Hackers claim Discord breach exposed data of 5.5 million users – BHIS - Talkin' Bout [infosec] News 2025-10-13 (05:43) - Story # 1: CamoLeak: Critical GitHub Copilot Vulnerability Leaks Private Source Code (24:26) - Story # 2: Hackers claim Discord breach exposed data of 5.5 million users (36:52) - Story # 3: Velociraptor leveraged in ransomware attacks (46:46) - Story # 4: Huntress Threat Advisory: Widespread SonicWall SSLVPN Compromise (54:48) - CTF Challenge

Register for FREE Infosec Webcasts, Anti-casts & Summits – https://poweredbybhis.com 00:00 - PreShow Banter™ — A little radiation never hurt anybody.03:07 - BHIS - Talkin’ Bout [infosec] News 2025-09-2903:29 - Story # 1: As many as 2 million Cisco devices affected by actively exploited 0-day19:07 - Story # 2: Viral call-recording app Neon goes dark after exposing users’ phone numbers, call recordings, and transcripts | TechCrunch24:25 - Story # 3: AI Darwin Awards Show AI’s Biggest Problem Is Human29:32 - Story # 4: Nikon revokes all C2PA image authenticity certificates after major vulnerability exposed34:14 - Story # 5: ‘You’ll never need to work again’: Criminals offer reporter money to hack BBC38:18 - Story # 6: Cybersecurity Training Programs Don’t Prevent Employees from Falling for Phishing Scams46:48 - Mini CTF Walkthrough56:03 - Story # 7: U.S. Secret Service dismantles imminent telecommunications threat in New York tristate area (00:00) - PreShow Banter™ — A little radiation never hurt anybody. (03:07) - BHIS - Talkin' Bout [infosec] News 2025-09-29 (03:28) - Story # 1: As many as 2 million Cisco devices affected by actively exploited 0-day (19:06) - Story # 2: Viral call-recording app Neon goes dark after exposing users' phone numbers, call recordings, and transcripts | TechCrunch (24:24) - Story # 3: AI Darwin Awards Show AI’s Biggest Problem Is Human (29:31) - Story # 4: Nikon revokes all C2PA image authenticity certificates after major vulnerability exposed (34:14) - Story # 5: 'You'll never need to work again': Criminals offer reporter money to hack BBC (38:18) - Story # 6: Cybersecurity Training Programs Don’t Prevent Employees from Falling for Phishing Scams (46:48) - Mini CTF Walkthrough (56:02) - Story # 7: U.S. Secret Service dismantles imminent telecommunications threat in New York tristate area

Register for FREE Infosec Webcasts, Anti-casts & Summits – https://poweredbybhis.com00:00 - PreShow Banter™ — Unnatural European Fridges03:34 - The Entra ID Cross-Tenant Vulnerability Discovery – BHIS - Talkin’ Bout [infosec] News 2025-09-2204:14 - Story # 1: One Token to rule them all - obtaining Global Admin in every Entra ID tenant via Actor tokens21:32 - Story # 2: Shai-Hulud: Self-Replicating Worm Compromises 500+ NPM Packages40:50 - OSSPREY – NPM Package @Ctrl/Tinycolor Compromised: Shai Hulud Malware Targets Secrets and Persistence51:41 - Story # 3: Verified Steam game steals streamer’s cancer treatment donations57:16 - Story # 4: Heathrow warns of second day of disruption after cyber-attack (00:00) - PreShow Banter™ — Unnatural European Fridges (03:07) - The Entra ID Cross-Tenant Vulnerability Discovery – BHIS - Talkin' Bout [infosec] News 2025-09-22 (03:45) - Story # 1: One Token to rule them all - obtaining Global Admin in every Entra ID tenant via Actor tokens (20:09) - Story # 2: Shai-Hulud: Self-Replicating Worm Compromises 500+ NPM Packages (38:51) - OSSPREY – NPM Package @Ctrl/Tinycolor Compromised: Shai Hulud Malware Targets Secrets and Persistence (49:28) - Story # 3: Verified Steam game steals streamer's cancer treatment donations (54:51) - Story # 4: Heathrow warns of second day of disruption after cyber-attack

???? Register for FREE Infosec Webcasts, Anti-casts & Summits – https://poweredbybhis.com 00:00 - PreShow Banter™ — Enter Dark John03:15 - Kerberoasting Goes to Washington – BHIS - Talkin’ Bout [infosec] News 2025-09-1503:49 - Story # 1: Senator blasts Microsoft for making default Windows vulnerable to “Kerberoasting”12:46 - Story # 2: How an Attacker’s Blunder Gave Us a Rare Look Inside Their Day-to-Day Operations32:42 - Story # 3: Some JLR suppliers ‘face bankruptcy’ due to hack crisis41:30 - Story # 4: AI-Powered Villager Pen Testing Tool Hits 11,000 PyPI Downloads Amid Abuse Concerns46:07 - Story # 5: All your vulns are belong to us! CISA wants to maintain gov control of CVE program49:55 - Story # 6: Qantas penalizes executives for July cyberattack51:15 - Story # 7: America’s second largest egg producer breached, claim hackers54:55 - Story # 8: Undocumented Radios Found in Solar-Powered Devices (00:00) - PreShow Banter™ — Enter Dark John (03:14) - Kerberoasting Goes to Washington – BHIS - Talkin' Bout [infosec] News 2025-09-15 (03:49) - Story # 1: Senator blasts Microsoft for making default Windows vulnerable to “Kerberoasting” (12:46) - Story # 2: How an Attacker’s Blunder Gave Us a Rare Look Inside Their Day-to-Day Operations (32:41) - Story # 3: Some JLR suppliers 'face bankruptcy' due to hack crisis (41:29) - Story # 4: AI-Powered Villager Pen Testing Tool Hits 11,000 PyPI Downloads Amid Abuse Concerns (46:06) - Story # 5: All your vulns are belong to us! CISA wants to maintain gov control of CVE program (49:54) - Story # 6: Qantas penalizes executives for July cyberattack (51:14) - Story # 7: America’s second largest egg producer breached, claim hackers (54:55) - Story # 8: Undocumented Radios Found in Solar-Powered Devices

Register for FREE Infosec Webcasts, Anti-casts & Summits – https://poweredbybhis.com00:00 - PreShow Banter™ — If I Were French04:35 - Anthropic 1.5 Billion © Settlement - BHIS - Talkin’ Bout [infosec] News 2025-09-0805:48 - Hackers Threaten to Submit Artists’ Data to AI Models If Art Site Doesn’t Pay Up08:40 - Anthropic Agrees to Pay Authors at Least $1.5 Billion in AI Copyright Settlement23:58 - This Company Turns Dashcams into ‘Virtual CCTV Cameras.’ Then Hackers Got In33:38 - Ice obtains access to Israeli-made spyware that can hack phones and encrypted apps40:07 - Cloudflare Blocks Record-Breaking 11.5 Tbps DDoS Attack44:27 - npm Packages With 2 Billion Weekly Downloads Hacked in Major Attack46:38 - Update on Mandiant Drift and Salesloft Application Investigations51:04 - M&S hackers claim to be behind Jaguar Land Rover cyber attack51:55 - New TP-Link zero-day surfaces as CISA warns other flaws are exploited54:52 - ChickenSec: US turns to Russia for chicken eggs for the first time in 32 years, despite sanctions to cripple its economy57:58 - Cybercriminals Exploit X’s Grok AI to Bypass Ad Protections and Spread Malware to Millions (00:00) - PreShow Banter™ — If I Were French (04:35) - Anthropic 1.5 Billion © Settlement - BHIS - Talkin' Bout [infosec] News 2025-09-08 (05:47) - Hackers Threaten to Submit Artists' Data to AI Models If Art Site Doesn't Pay Up (08:40) - Anthropic Agrees to Pay Authors at Least $1.5 Billion in AI Copyright Settlement (23:57) - This Company Turns Dashcams into ‘Virtual CCTV Cameras.’ Then Hackers Got In (33:38) - Ice obtains access to Israeli-made spyware that can hack phones and encrypted apps (40:07) - Cloudflare Blocks Record-Breaking 11.5 Tbps DDoS Attack (44:26) - npm Packages With 2 Billion Weekly Downloads Hacked in Major Attack (46:37) - Update on Mandiant Drift and Salesloft Application Investigations (51:03) - M&S hackers claim to be behind Jaguar Land Rover cyber attack (51:54) - New TP-Link zero-day surfaces as CISA warns other flaws are exploited (54:52) - ChickenSec: US turns to Russia for chicken eggs for the first time in 32 years, despite sanctions to cripple its economy (57:57) - Cybercriminals Exploit X's Grok AI to Bypass Ad Protections and Spread Malware to Millions

Register for FREE Infosec Webcasts, Anti-casts & Summits – https://poweredbybhis.com00:00 - PreShow Banter™ — It’s 8ft skeleton season.02:18 - BHIS - Talkin’ Bout [infosec] News 2025-09-0203:07 - Story # 1: Salesloft breached to steal OAuth tokens for Salesforce data-theft attacks07:35 - Story # 2: DSLRoot, Proxies, and the Threat of ‘Legal Botnets’13:46 - Story # 3: Attackers Abuse Velociraptor Forensic Tool to Deploy Visual Studio Code for C2 Tunneling17:44 - Story # 4: Ransomware crooks knock Swedish municipalities offline for measly sum of $168K19:39 - Story # 5: As crippling cyberattack against Nevada continues, Lombardo says ‘we’re working through it.’20:56 - Story # 6: Citrix forgot to tell you CVE-2025–6543 has been used as a zero day since May 202522:43 - Story # 7: NetScaler ADC and NetScaler Gateway Security Bulletin for CVE-2025-7775, CVE-2025-7776 and CVE-2025-842425:20 - Story # 8: First known AI-powered ransomware uncovered by ESET Research30:00 - Story # 9: In the rush to adopt hot new tech, security is often forgotten. AI is no exception32:06 - Story # 10: TransUnion suffers data breach impacting over 4.4 million people34:17 - Story # 11: ChickenSec FollowUp: Artificial Intelligence: The other AI35:20 - Story # 12: They weren’t lovin’ it - hacker cracks McDonald’s security in quest for free nuggets, and it was apparently not too tricky39:29 - Identify the birds you see or hear with Merlin Bird ID40:04 - Story # 13: Detecting and countering misuse of AI: August 202551:31 - Story # 14: I’m a Stanford student. A Chinese agent tried to recruit me as a spy (00:00) - PreShow Banter™ — It’s 8ft skeleton season. (02:17) - BHIS - Talkin' Bout [infosec] News 2025-09-02 (03:07) - Story # 1: Salesloft breached to steal OAuth tokens for Salesforce data-theft attacks (07:35) - Story # 2: DSLRoot, Proxies, and the Threat of ‘Legal Botnets’ (13:46) - Story # 3: Attackers Abuse Velociraptor Forensic Tool to Deploy Visual Studio Code for C2 Tunneling (17:44) - Story # 4: Ransomware crooks knock Swedish municipalities offline for measly sum of $168K (19:39) - Story # 5: As crippling cyberattack against Nevada continues, Lombardo says ‘we’re working through it.’ (20:56) - Story # 6: Citrix forgot to tell you CVE-2025–6543 has been used as a zero day since May 2025 (22:43) - Story # 7: NetScaler ADC and NetScaler Gateway Security Bulletin for CVE-2025-7775, CVE-2025-7776 and CVE-2025-8424 (25:19) - Story # 8: First known AI-powered ransomware uncovered by ESET Research (30:00) - Story # 9: In the rush to adopt hot new tech, security is often forgotten. AI is no exception (32:05) - Story # 10: TransUnion suffers data breach impacting over 4.4 million people (34:16) - Story # 11: ChickenSec FollowUp: Artificial Intelligence: The other AI (35:20) - Story # 12: They weren't lovin' it - hacker cracks McDonald's security in quest for free nuggets, and it was apparently not too tricky (39:29) - Identify the birds you see or hear with Merlin Bird ID (40:03) - Story # 13: Detecting and countering misuse of AI: August 2025 (51:31) - Story # 14: I’m a Stanford student. A Chinese agent tried to recruit me as a spy

Register for FREE Infosec Webcasts, Anti-casts & Summits – https://poweredbybhis.com00:00 - PreShow Banter™ — Canadian Chicken02:01 - The AI Bubble BHIS - Talkin’ Bout [infosec] News 2025-08-2502:23 - Story # 1: Congressman proposes bringing back letters of marque for cyber privateers09:27 - Story # 2: SIM-Swapper, Scattered Spider Hacker Gets 10 Years12:43 - Story # 3: Developer jailed for taking down employer’s network with kill switch malware16:33 - Story # 4: Agentic Browser Security: Indirect Prompt Injection in Perplexity Comet20:42 - The Utopia Chronicles23:20 - Story # 5: “Unstoppable Power Surges”: China’s Quantum Processor Outspeeds Supercomputers by 1 Quadrillion and Triggers US Intelligence Panic28:47 - Story # 6: Bank forced to rehire workers after lying about chatbot productivity, union says41:21 - Story # 7: It Took Many Years And Billions Of Dollars, But Microsoft Finally Invented A Calculator That Is Wrong Sometimes43:41 - Story # 8: Copilot Broke Your Audit Log, but Microsoft Won’t Tell You46:33 - Story # 9: Russian state-sponsored espionage group Static Tundra compromises unpatched end-of-life network devices49:24 - Story # 10 : Zero-Day Clickjacking Flaws Found in Password Managers Used by Millions53:12 - Story # 11: Cybersecurity training doesn’t work: time wasted with no impact, study finds59:07 - ChickenSec: Artificial Intelligence: The other AI (00:00) - PreShow Banter™ — Canadian Chicken (02:01) - The AI Bubble BHIS - Talkin' Bout [infosec] News 2025-08-25 (02:23) - Story # 1: Congressman proposes bringing back letters of marque for cyber privateers (09:27) - Story # 2: SIM-Swapper, Scattered Spider Hacker Gets 10 Years (12:42) - Story # 3: Developer jailed for taking down employer's network with kill switch malware (16:33) - Story # 4: Agentic Browser Security: Indirect Prompt Injection in Perplexity Comet (20:41) - The Utopia Chronicles (23:20) - Story # 5: “Unstoppable Power Surges”: China’s Quantum Processor Outspeeds Supercomputers by 1 Quadrillion and Triggers US Intelligence Panic (28:46) - Story # 6: Bank forced to rehire workers after lying about chatbot productivity, union says (41:21) - Story # 7: It Took Many Years And Billions Of Dollars, But Microsoft Finally Invented A Calculator That Is Wrong Sometimes (43:41) - Story # 8: Copilot Broke Your Audit Log, but Microsoft Won’t Tell You (46:33) - Story # 9: Russian state-sponsored espionage group Static Tundra compromises unpatched end-of-life network devices (49:24) - Story # 10 : Zero-Day Clickjacking Flaws Found in Password Managers Used by Millions (53:12) - Story # 11: Cybersecurity training doesn’t work: time wasted with no impact, study finds (59:06) - ChickenSec: Artificial Intelligence: The other AI

Register for FREE Infosec Webcasts, Anti-casts & Summits – https://poweredbybhis.com00:00 - PreShow Banter™ — The gif that keeps on giffing01:46 - Cyberattack Bricks Speed Cameras – BHIS - Talkin’ Bout [infosec] News 2025-08-1802:39 - Story # 1: Perplexity made a sky-high $34.5 billion bid for Google Chrome — a bold and unusual move in the midst of antitrust scrutiny07:16 - Story # 2: Exclusive: US embeds trackers in AI chip shipments to catch diversions to China, sources say10:22 - Story # 3: How we found TeaOnHer spilling users’ driver’s licenses in less than 10 minutes12:17 - Story # 4: Cisco discloses maximum-severity defect in firewall software13:56 - Story # 5: Data Dump From APT Actor Yields Clues to Attacker Capabilities19:13 - Story # 6: Russian cyberattack in the Netherlands leaves speed cameras offline indefinitely23:30 - Story # 7: HTTP/2 MadeYouReset Vulnerability Enables Massive DDoS Attacks24:51 - Story # 8: LAPD Eyes ‘GeoSpy’, an AI Tool That Can Geolocate Photos in Seconds29:05 - Story # 9: Manpower discloses data breach affecting nearly 145,000 people34:51 - Story # 10: Hacker Offers to Sell 15.8 Million Plain-Text PayPal Credentials On Dark Web Forum35:34 - Story # 11: The First Federal Cybersecurity Disaster of Trump 2.0 Has Arrived40:54 - Story # 12: New Clever Phishing Attack Uses Japanese Character “ん” to Mimic Forward Slash “/”46:28 - Story # 13: Fortinet warns of FortiSIEM pre-auth RCE flaw with exploit in the wild48:13 - Story # 14: Plex warns users to patch security vulnerability immediately50:53 - ChickenSec: Noble Foods using soil mapping technology at organic egg farm (00:00) - PreShow Banter™ — The gif that keeps on giffing (01:46) - Cyberattack Bricks Speed Cameras – BHIS - Talkin' Bout [infosec] News 2025-08-18 (02:38) - Story # 1: Perplexity made a sky-high $34.5 billion bid for Google Chrome — a bold and unusual move in the midst of antitrust scrutiny (07:16) - Story # 2: Exclusive: US embeds trackers in AI chip shipments to catch diversions to China, sources say (10:22) - Story # 3: How we found TeaOnHer spilling users’ driver’s licenses in less than 10 minutes (12:16) - Story # 4: Cisco discloses maximum-severity defect in firewall software (13:55) - Story # 5: Data Dump From APT Actor Yields Clues to Attacker Capabilities (19:13) - Story # 6: Russian cyberattack in the Netherlands leaves speed cameras offline indefinitely (23:30) - Story # 7: HTTP/2 MadeYouReset Vulnerability Enables Massive DDoS Attacks (24:51) - Story # 8: LAPD Eyes ‘GeoSpy’, an AI Tool That Can Geolocate Photos in Seconds (29:04) - Story # 9: Manpower discloses data breach affecting nearly 145,000 people (34:50) - Story # 10: Hacker Offers to Sell 15.8 Million Plain-Text PayPal Credentials On Dark Web Forum (35:34) - Story # 11: The First Federal Cybersecurity Disaster of Trump 2.0 Has Arrived (40:53) - Story # 12: New Clever Phishing Attack Uses Japanese Character “ん” to Mimic Forward Slash “/” (46:27) - Story # 13: Fortinet warns of FortiSIEM pre-auth RCE flaw with exploit in the wild (48:13) - Story # 14: Plex warns users to patch security vulnerability immediately (50:52) - ChickenSec: Noble Foods using soil mapping technology at organic egg farm

Register for FREE Infosec Webcasts, Anti-casts & Summits – https://poweredbybhis.com00:00 - PreShow Banter™ — Wading Through Woods06:06 - DEF CON RECAP - Talkin’ Bout [infosec] News 2025-08-1109:16 - Story # 1: It’s time to acknowledge HTTP/1.1 is insecure12:36 - Story # 2: Research reveals possible privacy gaps in Apple Intelligence’s data handling17:51 - Story # 3: Federal court filing system hit in sweeping hack21:09 - Story # 4: Cisco discloses data breach impacting Cisco.com user accounts32:17 - Story # 5: Google says its AI-based bug hunter found 20 security vulnerabilities34:20 - Story # 6: Automate security reviews with Claude Code39:01 - Story # 7: Flipper Zero ‘DarkWeb’ Firmware Bypasses Rolling Code Security on Major Vehicle Brands44:44 - Story # 7b: OnStar assists CHP in stopping fleeing SUV with toddler inside47:12 - Story # 7c: That viral video of a ‘deactivated’ Tesla Cybertruck is a fake49:37 - Story # 8: LegalPwn Attack Tricks GenAI Tools Into Misclassifying Malware as Safe Code50:53 - Story # 9: Microsoft Launches Project Ire to Autonomously Classify Malware Using AI Tools53:08 - Story # 10: A Single Poisoned Document Could Leak ‘Secret’ Data Via ChatGPT58:10 - Story # 11: Millions of Dell Laptops Vulnerable to Device Takeover and Persistent Malware Attacks (00:00) - PreShow Banter™ — Wading Through Woods (06:06) - DEF CON RECAP - Talkin' Bout [infosec] News 2025-08-11 (09:15) - Story # 1: It's time to acknowledge HTTP/1.1 is insecure (12:36) - Story # 2: Research reveals possible privacy gaps in Apple Intelligence’s data handling (17:50) - Story # 3: Federal court filing system hit in sweeping hack (21:08) - Story # 4: Cisco discloses data breach impacting Cisco.com user accounts (32:16) - Story # 5: Google says its AI-based bug hunter found 20 security vulnerabilities (34:20) - Story # 6: Automate security reviews with Claude Code (39:00) - Story # 7: Flipper Zero ‘DarkWeb’ Firmware Bypasses Rolling Code Security on Major Vehicle Brands (44:43) - Story # 7b: OnStar assists CHP in stopping fleeing SUV with toddler inside (47:11) - Story # 7c: That viral video of a ‘deactivated’ Tesla Cybertruck is a fake (49:36) - Story # 8: LegalPwn Attack Tricks GenAI Tools Into Misclassifying Malware as Safe Code (50:52) - Story # 9: Microsoft Launches Project Ire to Autonomously Classify Malware Using AI Tools (53:08) - Story # 10: A Single Poisoned Document Could Leak ‘Secret’ Data Via ChatGPT (58:09) - Story # 11: Millions of Dell Laptops Vulnerable to Device Takeover and Persistent Malware Attacks

Register for FREE Infosec Webcasts, Anti-casts & Summits – https://poweredbybhis.com00:00:00 - PreShow Banter™ — Stop Asking Wade if he’s in Vegas00:02:16 - Perplexity Uses Stealth Crawlers to Evade No-Crawl Directives – 2025-08-0400:11:25 - Story # 1: Insurance won’t cover $5M in City of Hamilton claims for cyberattack, citing lack of log-in security00:18:40 - Story # 2: States Enact Safe Harbor Laws that Provide Affirmative Defenses in Data Breach Litigation00:26:45 - Story # 3: Hackers Destroy Aeroflot’s IT Infrastructure, Causing Over 42 Flight Cancellations00:34:18 - Story # 4: Attackers exploit link-wrapping services to steal Microsoft 365 logins00:40:09 - Story # 5: Mozilla flags phishing wave aimed at hijacking trusted Firefox add-ons00:42:18 - Wade’s plugin recommendation00:44:39 - Story # 6: Perplexity is using stealth, undeclared crawlers to evade website no-crawl directives00:51:11 - Story # 7: After Backlash, ChatGPT Removes Option to Have Private Chats Indexed by Google00:55:21 - AI 202701:01:01 - What’s Ralph been up to? (00:00) - PreShow Banter™ — Stop Asking Wade if he's in Vegas (02:16) - Perplexity Uses Stealth Crawlers to Evade No-Crawl Directives – 2025-08-04 (11:25) - Story # 1: Insurance won't cover $5M in City of Hamilton claims for cyberattack, citing lack of log-in security (18:39) - Story # 2: States Enact Safe Harbor Laws that Provide Affirmative Defenses in Data Breach Litigation (26:44) - Story # 3: Hackers Destroy Aeroflot’s IT Infrastructure, Causing Over 42 Flight Cancellations (34:18) - Story # 4: Attackers exploit link-wrapping services to steal Microsoft 365 logins (40:09) - Story # 5: Mozilla flags phishing wave aimed at hijacking trusted Firefox add-ons (42:17) - Wade’s plugin recommendation (44:38) - Story # 6: Perplexity is using stealth, undeclared crawlers to evade website no-crawl directives (51:10) - Story # 7: After Backlash, ChatGPT Removes Option to Have Private Chats Indexed by Google (55:20) - AI 2027 (01:01:00) - What’s Ralph been up to?

Register for FREE Infosec Webcasts, Anti-casts & Summits – https://poweredbybhis.com 00:00 - PreShow Banter™ — National Chicken Wing Day04:16 - BHIS - Talkin’ Bout [infosec] News 2025-07-2805:30 - Story # 1: Bad vibes: How an AI agent coded its way to disaster08:40 - Story # 1b: Replit goes rogue, deletes entire database.15:44 - Story # 2: A major AI training data set contains millions of examples of personal data26:05 - Story # 3: Women Dating Safety App ‘Tea’ Breached, Users’ IDs Posted to 4chan33:19 - Story # 4:A Startup is Selling Data Hacked from Peoples’ Computers to Debt Collectors40:28 - Story # 5: Clorox Sues IT Provider Cognizant For Simply Giving Employee Password to Hackers49:46 - Story # 6: Businesses banned from paying hackers’ ransoms to target cybercrime57:38 - SharePoint Follow Up (00:00) - PreShow Banter™ — National Chicken Wing Day (04:15) - BHIS - Talkin' Bout [infosec] News 2025-07-28 (05:29) - Story # 1: Bad vibes: How an AI agent coded its way to disaster (08:39) - Story # 1b: Replit goes rogue, deletes entire database. (15:43) - Story # 2: A major AI training data set contains millions of examples of personal data (26:04) - Story # 3: Women Dating Safety App 'Tea' Breached, Users' IDs Posted to 4chan (33:18) - Story # 4:A Startup is Selling Data Hacked from Peoples’ Computers to Debt Collectors (40:27) - Story # 5: Clorox Sues IT Provider Cognizant For Simply Giving Employee Password to Hackers (49:46) - Story # 6: Businesses banned from paying hackers’ ransoms to target cybercrime (57:38) - SharePoint Follow Up

Register for FREE Infosec Webcasts, Anti-casts & Summits – https://poweredbybhis.com00:00 - PreShow Banter™ — PaintBallers03:55 - BHIS - Talkin’ Bout [infosec] News 2025-07-2104:21 - Story # 1: Microsoft 0-day Mass Exploitation09:39 - Story # 2: Replit AI went rogue, deleted a company’s entire database, then hid it and lied about it13:15 - Story # 3: ‘All US forces must now assume their networks are compromised’ after Salt Typhoon breach18:08 - Story # 4: After FBI Warning, Alaska Airlines Grounded; Salt Typhoon Suspected20:45 - Story # 5: FBI Cybersecurity Breach Led to Murders of Informants in El Chapo Case21:54 - Story # 5b: FBI’s Report29:57 - Story # 6: Google fixes actively exploited sandbox escape zero day in Chrome31:30 - Story # 7: Exploited Wing file transfer bug risks ‘total server compromise,’ CISA warns32:33 - Story # 8: CitrixBleed 2 situation update — everybody already got owned33:01 - Story # 9: At Least 750 US Hospitals Faced Disruptions During Last Year’s CrowdStrike Outage, Study Finds46:14 - Story # 10: Amazon Ring Doorbell May 28 Mass Hacking Claim Goes Viral48:56 - jdbgmgr.exe virus hoax51:52 - Story # 11: HPE warns of hardcoded passwords in Aruba access points (00:00) - PreShow Banter™ — PaintBallers (03:55) - BHIS - Talkin' Bout [infosec] News 2025-07-21 (04:20) - Story # 1: Microsoft 0-day Mass Exploitation (09:39) - Story # 2: Replit AI went rogue, deleted a company's entire database, then hid it and lied about it (13:14) - Story # 3: ‘All US forces must now assume their networks are compromised’ after Salt Typhoon breach (18:08) - Story # 4: After FBI Warning, Alaska Airlines Grounded; Salt Typhoon Suspected (20:44) - Story # 5: FBI Cybersecurity Breach Led to Murders of Informants in El Chapo Case (21:53) - Story # 5b: FBI's Report (29:56) - Story # 6: Google fixes actively exploited sandbox escape zero day in Chrome (31:30) - Story # 7: Exploited Wing file transfer bug risks ‘total server compromise,’ CISA warns (32:32) - Story # 8: CitrixBleed 2 situation update — everybody already got owned (33:00) - Story # 9: At Least 750 US Hospitals Faced Disruptions During Last Year’s CrowdStrike Outage, Study Finds (46:14) - Story # 10: Amazon Ring Doorbell May 28 Mass Hacking Claim Goes Viral (48:55) - jdbgmgr.exe virus hoax (51:52) - Story # 11: HPE warns of hardcoded passwords in Aruba access points

Register for FREE Infosec Webcasts, Anti-casts & Summits – https://poweredbybhis.com 00:00 - PreShow Banter™ — Traditional Finger00:21 - BHIS - Talkin’ Bout [infosec] News 2025-07-1401:29 - Story # 1: ‘123456’ password exposed chats for 64 million McDonald’s job chatbot applications22:12 - Story # 2: Employee gets $920 for credentials used in $140 million bank heist33:50 - Story # 3: Microsoft laying off about 9,000 employees in latest round of cuts37:21 - Story # 5: Scammy YouTube Ads46:31 - Story # 6: New ServiceNow flaw lets attackers enumerate restricted data (00:00) - PreShow Banter™ — Traditional Finger (00:21) - BHIS - Talkin' Bout [infosec] News 2025-07-14 (01:28) - Story # 1: '123456' password exposed chats for 64 million McDonald’s job chatbot applications (22:12) - Story # 2: Employee gets $920 for credentials used in $140 million bank heist (33:50) - Story # 3: Microsoft laying off about 9,000 employees in latest round of cuts (37:20) - Story # 5: Scammy YouTube Ads (46:31) - Story # 6: New ServiceNow flaw lets attackers enumerate restricted data