Talkin' Bout [Infosec] News

Black Hills Information Security
  • 5.0 (4)
  • Tech News
  • Updated Weekly

A weekly Podcast with BHIS and Friends. We discuss notable Infosec, and infosec-adjacent news stories gathered by our community news team. Join us live on YouTube, Monday's at 4:30PM ET

  1. Rickrolling the FIFA World Cup - 2026-06-22

    1d ago ·  Video

    Rickrolling the FIFA World Cup - 2026-06-22

    This week’s episode covers a series of cybersecurity stories, including a researcher’s discovery of vulnerabilities in FIFA’s World Cup platform that could have enabled unauthorized administrative access and even the ability to alter live broadcasts. The team also discusses the risks of large-scale identity verification data exposure, supply chain attacks impacting the scientific research community, ongoing fallout from Broadcom’s VMware acquisition, and legal challenges from major organizations facing rising VMware costs. Along the way, the hosts share commentary on AI-related security concerns, access control failures, and the broader impact of vendor decisions on enterprise security. Join us LIVE on Mondays, 4:30pm EST.A weekly Podcast with BHIS and Friends. We discuss notable Infosec, and infosec-adjacent news stories gathered by our community news team.https://www.youtube.com/@BlackHillsInformationSecurity Chat with us on Discord! - https://discord.gg/bhis🔴live-chat Chapters (00:00) - PreShow Banter™ — There's always more suppply chain (04:52) - Rickrolling the FIFA World Cup - 2026-06-22 (07:59) - Story #1 - Texas Government Data Breach Exposes 3 Million Driver’s License Records (10:56) - Story #2 - I Could've Rickrolled the Entire FIFA World Cup. All I Needed Was My ID. (21:00) - Story #3 - FortiBleed: 75,000 Fortinet Firewalls Compromised: Global Enterprises Exposed – Claim Your Ethical Disclosure (23:58) - Story #4a - Stakeholder-Specific Vulnerability Categorization (SSVC) (25:44) - Story #4b - CVSS Is Officially Dead: What CISA's BOD 26-04 Means for Everyone (37:19) - Story #5 - Mini Shai-Hulud, Miasma, and Hades Worms Target Bioinformatics and MCP Developers via Malicious PyPI Wheels (43:56) - Story #6 - FBI disrupts massive AI-powered phishing service using a million URLs (46:12) - Story #7 - Splunk Enterprise Vulnerability Exploited in Attacks Days After Disclosure (47:12) - Story #8 - AI models that can take down governments and business months away, rare Five Eyes statement warns (48:44) - Story #9 - ANTHROPIC’S MYTHOS AI BROKE INTO ALMOST ALL NSA CLASSIFIED SYSTEMS IN HOURS (58:45) - Story #10 - Tesco moving 40,000 server workloads off VMware amid Broadcom’s “abusive conduct” LinksStory #1 - Texas Government Data Breach Exposes 3 Million Driver’s License RecordsStory #2 - I Could've Rickrolled the Entire FIFA World Cup. All I Needed Was My ID.Story #3 - FortiBleed: 75,000 Fortinet Firewalls Compromised: Global Enterprises Exposed – Claim Your Ethical DisclosureStory #4a - Stakeholder-Specific Vulnerability Categorization (SSVC)Story #4b - CVSS Is Officially Dead: What CISA's BOD 26-04 Means for EveryoneStory #5 - Mini Shai-Hulud, Miasma, and Hades Worms Target Bioinformatics and MCP Developers via Malicious PyPI WheelsStory #6 - FBI disrupts massive AI-powered phishing service using a million URLsStory #7 - Splunk Enterprise Vulnerability Exploited in Attacks Days After DisclosureStory #8 - AI models that can take down governments and business months away, rare Five Eyes statement warnsStory #9 - ANTHROPIC’S MYTHOS AI BROKE INTO ALMOST ALL NSA CLASSIFIED SYSTEMS IN HOURSStory #10 - Tesco moving 40,000 server workloads off VMware amid Broadcom’s “abusive conduct”Creators & Guests Andy Pettit "Nerf" - Guest Michael "Shecky" Kavka - Guest Ryan Poirier - Producer Corey Ham - Host Ralph May - Host John Strand - Host Click here to watch this episode on YouTube. Click here to view the episode transcript. 🔗 Register for FREE Infosec Webcasts, Anti-casts & Summits  https://poweredbybhis.com Brought to you by: Black Hills Information Security  https://www.blackhillsinfosec.com Antisyphon Training https://www.antisyphontraining.com/ Active Countermeasures https://www.activecountermeasures.com Wild West Hackin Fest https://wildwesthackinfest.com

    1h 6m
  2. U.S. Government Effectively Bans Fable 5 and Mythos 5 - 2026-06-15

    Jun 16 ·  Video

    U.S. Government Effectively Bans Fable 5 and Mythos 5 - 2026-06-15

    This episode dives into the fallout from new restrictions on Anthropic’s cybersecurity-focused AI models, Mythos and Fable, and the debate over whether government pressure has effectively blocked security researchers from using advanced AI for vulnerability discovery and code analysis. The panel discusses AI “jailbreaking” claims, export-control comparisons, the impact on penetration testing and bug hunting, and how AI is accelerating vulnerability research. Other topics include responsible disclosure challenges, the growing volume of AI-assisted security findings, and what these developments mean for researchers, vendors, and the future of offensive security. Join us LIVE on Mondays, 4:30pm EST.A weekly Podcast with BHIS and Friends. We discuss notable Infosec, and infosec-adjacent news stories gathered by our community news team.https://www.youtube.com/@BlackHillsInformationSecurity Chat with us on Discord! - https://discord.gg/bhis🔴live-chat Chapters (00:00) - PreShow Banter™ — A Banned Phrase (04:56) - U.S. Government Effectively Bans Fable 5 and Mythos 5 - 2026-06-15 (06:29) - Story #1 - Statement on the US government directive to suspend access to Fable 5 and Mythos 5 (21:15) - Story #2 - ServiceNow discloses security incident exposing customer data (41:45) - Story #3 - Introducing Claude Corps (52:11) - Story #4 - SHINYHUNTERS HITS 100+ UNIVERSITIES WITH ORACLE ZERO-DAY (52:39) - Story #5 - Arch Linux AUR Hit By Another Wave Of Now More Sophisticated Malware Attack (59:00) - Story # - This Company Will Add Phone, AirPod, and Smartwatch Trackers to License Plate Readers Links06:30 - Story #1 - Statement on the US government directive to suspend access to Fable 5 and Mythos 521:16 - Story #2 - ServiceNow discloses security incident exposing customer data41:46 - Story #3 - Introducing Claude Corps52:12 - Story #4 - SHINYHUNTERS HITS 100+ UNIVERSITIES WITH ORACLE ZERO-DAY52:40 - Story #5 - Arch Linux AUR Hit By Another Wave Of Now More Sophisticated Malware Attack59:00 - Story # - This Company Will Add Phone, AirPod, and Smartwatch Trackers to License Plate ReadersCreators & Guests Corey Ham - Host John Strand - Host Bronwen Aker - Host Wade Wells - Host Alex Minster "Belouve" - Guest Ralph May - Host Ryan Poirier - Producer Jason Haddix - Guest Click here to watch this episode on YouTube. Click here to view the episode transcript. 🔗 Register for FREE Infosec Webcasts, Anti-casts & Summits  https://poweredbybhis.com Brought to you by: Black Hills Information Security  https://www.blackhillsinfosec.com Antisyphon Training https://www.antisyphontraining.com/ Active Countermeasures https://www.activecountermeasures.com Wild West Hackin Fest https://wildwesthackinfest.com

    1h 8m
  3. Breach Disclosure Lag is Worse Than Ever – 2026-06-08

    Jun 9 ·  Video

    Breach Disclosure Lag is Worse Than Ever – 2026-06-08

    This episode covers the rising costs and restrictions surrounding AI agents, including token consumption, model access policies, and the growing dependence on AI tools for security work. The hosts discuss Troy Hunt’s retrospective on Have I Been Pwned reaching its 1,000th tracked breach, examining why breach disclosures appear to be slowing and how GDPR and CCPA requirements affect notification practices. Additional topics include password and email hygiene, the value of breach-notification services, AI infrastructure and data center costs, and new research mapping AI-enabled cyber threats to the MITRE ATT&CK framework. Join us LIVE on Mondays, 4:30pm EST.A weekly Podcast with BHIS and Friends. We discuss notable Infosec, and infosec-adjacent news stories gathered by our community news team.https://www.youtube.com/@BlackHillsInformationSecurity Chat with us on Discord! - https://discord.gg/bhis🔴live-chat Chapters (00:00) - PreShow Banter™ — Token Love (05:11) - Breach Disclosure is Lag Worse Than Ever – 2026-06-08 (11:25) - Story #1 - Anthropic ‘plants’ engineers at NSA despite facing ban by Pentagon (20:59) - Story #2 - A new service branch could be joining the U.S. Armed Forces family (25:47) - Story #3 - Websites have a new way to spy on visitors: Analyzing their SSD activity (31:11) - Story #4 - The Quiet Numbers Station: Decoding Nineteen Years of GPS Cryptography (37:21) - Story #5 - 1,000 Data Breaches Later, the Disclosure Lag is Worse Than Ever (43:23) - Story #6 - Mapping AI-enabled cyber threats: Insights from the LLM ATT&CK Navigator (48:00) - Story #7 - Anthropic confidentially files IPO prospectus with SEC, prepping Wall Street for landmark AI deal (01:02:26) - Story #8 - Microsoft Wants to 'Make People Addicted' to its New AI Assistant, Internal Documents Reveal (01:03:29) - Story #9 - Amazon Shuts Down Internal AI Leaderboard After Employees Cheated (01:04:57) - ANTI-CAST : RF Attacks Every InfoSec Pro Should Know with Paul Clark (01:05:54) - Workshop: Build Your Own AI Security Agent (01:06:43) - Training: Agentic AI for Threat Hunting (01:07:16) - Training: Cyber Threat Intelligence 101 2-Day Version (01:08:58) - ANTI-CAST: Prompt Engineering 201: The Context Stack w/ Bronwen Aker LinksStory #1 - Anthropic ‘plants’ engineers at NSA despite facing ban by PentagonStory #2 - A new service branch could be joining the U.S. Armed Forces familyStory #3 - Websites have a new way to spy on visitors: Analyzing their SSD activityStory #4 - The Quiet Numbers Station: Decoding Nineteen Years of GPS CryptographyStory #5 - Russia Has Been Jamming GPS from Space Since 2019Story #6 - Mapping AI-enabled cyber threats: Insights from the LLM AT&T&CK NavigatorStory #7 - Anthropic confidentially files IPO prospectus with SEC, prepping Wall Street for landmark AI dealStory #8 - Microsoft Wants to ‘Make People Addicted’ to its New AI Assistant, Internal Documents RevealStory #9 - Amazon Shuts Down Internal AI Leaderboard After Employees CheatedANTI-CAST : RF Attacks Every InfoSec Pro Should Know with Paul ClarkWorkshop: Build Your Own AI Security AgentWorkshop: Intro to SDR Hacking: Capture, Decode, Take OverTraining: Agentic AI for Threat HuntingTraining: Cyber Threat Intelligence 101 2-Day VersionANTI-CAST: Prompt Engineering 201: The Context Stack w/ Bronwen AkerCreators & Guests John Strand - Host Ralph May - Host Corey Ham - Host Bronwen Aker - Host Faan Rossouw - Guest Ryan Poirier - Producer Paul Clark - Guest Wade Wells - Host Click here to watch this episode on YouTube. Click here to view the episode transcript. 🔗 Register for FREE Infosec Webcasts, Anti-casts & Summits  https://poweredbybhis.com Brought to you by: Black Hills Information Security  https://www.blackhillsinfosec.com Antisyphon Training https://www.antisyphontraining.com/ Active Countermeasures https://www.activecountermeasures.com Wild West Hackin Fest https://wildwesthackinfest.com

    1h 10m
  4. Anti-Tech Extremism - 2026-06-01

    Jun 3 ·  Video

    Anti-Tech Extremism - 2026-06-01

    This episode covers a Wired report on the rise of “anti-tech extremism” and growing public opposition to AI infrastructure projects, including debates over data centers, resource consumption, local communities, and government responses. The hosts also discuss AI coding assistants, model safety restrictions, and the evolving capabilities of large language models. Additional topics include Anthropic’s reported IPO plans and valuation, AI’s impact on the tech industry, and a conversation with David Bianco about AI-generated threat-hunting datasets and cybersecurity training. Join us LIVE on Mondays, 4:30pm EST.A weekly Podcast with BHIS and Friends. We discuss notable Infosec, and infosec-adjacent news stories gathered by our community news team.https://www.youtube.com/@BlackHillsInformationSecurity Chat with us on Discord! - https://discord.gg/bhis🔴live-chat Chapters (00:00) - PreShow Banter™ — Solving this thing (03:52) - Anti-Tech Extremism - 2026-06-01 (08:08) - Threat Hunter Summit | June 17th 2026 (12:11) - Story # 1: US Law Enforcement Warns of ‘Anti-Tech Extremism’ as AI Hatred Grows (20:54) - Story # 2: Anthropic files for its IPO (23:35) - Story # 3: FBI: Hackers Sending Operatives in Person to Insert USB Drives and Steal Data (29:41) - Story # 4: Microsoft Defender can now automatically isolate hacked endpoints (30:45) - Story # 5: Microsoft's GitHub bans security researcher who posted zero-day Windows exploits because company 'ruined their life' (36:54) - Story # 6: Cyber Force? Senator pushes to create service branch under the Army (42:10) - Story # 7: Are you ready? Anthropic preparing to release Mythos publicly (46:38) - Story # 8: Defense at AI speed: Microsoft’s new multi-model agentic security system tops leading industry benchmark (49:12) - Story # 9: Attackers Use LLM Agent for Post-Exploitation After Marimo CVE-2026-39987 Exploit (50:43) - Story # 10: Hackers Simply Asked Meta AI to Give Them Access to High-Profile Instagram Accounts. It Worked (56:02) - Story # 11: Kali365 phishing kit bypasses MFA and steals Microsoft logins (58:02) - Story # 12: Botnet of more than 17 million devices dismantled (01:01:13) - Story # 13: United flight returns midair after Bluetooth device name reportedly sparks security scare (01:03:49) - Story # 14: Inside the Charter data breach: hackers leak 13M+ customer data (01:04:37) - Introducing EvidenceForge: Synthetic security logs that don’t look (as) fake (01:10:04) - Threat Hunter Summit | June 17th 2026 (01:10:57) - Anti-Cast : How Hackers Attack CI/CD Pipelines w/ Phil Miller (01:11:36) - Cyber Threat Intelligence 101 2-Day Version (01:11:57) - Ralph's Practical Physical Exploitation Training & Tool Bundle Links00:00:00 - PreShow Banter™ — Solving this thing00:03:52 - Anti-Tech Extremism - 2026-06-0100:08:08 - Threat Hunter Summit | June 17th 202600:12:11 - Story # 1: US Law Enforcement Warns of ‘Anti-Tech Extremism’ as AI Hatred Grows00:20:54 - Story # 2: Anthropic files for its IPO00:23:36 - Story # 3: FBI: Hackers Sending Operatives in Person to Insert USB Drives and Steal Data00:29:41 - Story # 4: Microsoft Defender can now automatically isolate hacked endpoints00:30:46 - Story # 5: Microsoft’s GitHub bans security researcher who posted zero-day Windows exploits because company ‘ruined their life’00:36:54 - Story # 6: Cyber Force? Senator pushes to create service branch under the Army00:42:11 - Story # 7: Are you ready? Anthropic preparing to release Mythos publicly00:46:39 - Story # 8: Defense at AI speed: Microsoft’s new multi-model agentic security system tops leading industry benchmark00:49:12 - Story # 9: Attackers Use LLM Agent for Post-Exploitation After Marimo CVE-2026-39987 Exploit00:50:44 - Story # 10: Hackers Simply Asked Meta AI to Give Them Access to High-Profile Instagram Accounts. It Worked00:56:03 - Story # 11: Kali365 phishing kit bypasses MFA and steals Microsoft logins00:58:02 - Story # 12: Botnet of more than 17 million devices dismantled01:01:13 - Story # 13: United flight returns midair after Bluetooth device name reportedly sparks security scare01:03:50 - Story # 14: Inside the Charter data breach: hackers leak 13M+ customer data01:04:38 - Introducing EvidenceForge: Synthetic security logs that don’t look (as) fake01:10:05 - Threat Hunter Summit | June 17th 202601:10:57 - Anti-Cast : How Hackers Attack CI/CD Pipelines w/ Phil Miller01:11:37 - Cyber Threat Intelligence 101 2-Day Version01:11:58 - Ralph’s Practical Physical Exploitation Training & Tool BundleCreators & Guests Corey Ham - Host Ralph May - Host Shane Hartman - Guest Wade Wells - Host Ryan Poirier - Producer David Bianco - Guest Phil Miller - Guest Click here to watch this episode on YouTube. Click here to view the episode transcript. 🔗 Register for FREE Infosec Webcasts, Anti-casts & Summits  https://poweredbybhis.com Brought to you by: Black Hills Information Security  https://www.blackhillsinfosec.com Antisyphon Training https://www.antisyphontraining.com/ Active Countermeasures https://www.activecountermeasures.com Wild West Hackin Fest https://wildwesthackinfest.com

    1h 14m
  5. GitHub bans vindictive security researcher - 2026-05-26

    May 30 ·  Video

    GitHub bans vindictive security researcher - 2026-05-26

    This episode covers a CISA contractor’s accidental exposure of AWS GovCloud credentials and internal system details on GitHub, the FBI’s efforts to patch vulnerable routers, and a critical NGINX vulnerability with public proof-of-concept code. The team also discusses Microsoft’s handling of a disputed Azure Backup security finding, the challenges of vulnerability disclosure and CVE assignment, and GitHub’s ban of security researcher Nightmare Eclipse following the publication of unpatched Windows vulnerability research. Join us LIVE on Mondays, 4:30pm EST.A weekly Podcast with BHIS and Friends. We discuss notable Infosec, and infosec-adjacent news stories gathered by our community news team.https://www.youtube.com/@BlackHillsInformationSecurity Chat with us on Discord! - https://discord.gg/bhis🔴live-chat Chapters (00:00) - PreShow Banter™ — Getting to Chili's (05:45) - GitHub bans vindictive security researcher - 2026-05-26 (07:09) - Story # 1: CISA Admin Leaked AWS GovCloud Keys on Github (10:45) - Story # 2 - PoC Code Published for Critical NGINX Vulnerability (12:53) - Story # 3 - Anthropic’s restricted Claude Mythos model may be coming to Claude Code (16:16) - Story # 4 - The FBI just remotely reset thousands of home and small office routers – and your TP-Link could be on the hitlist (22:37) - Story # 5 - Drupal to Release Emergency Core Security Updates Amid Fears of Rapid Exploitation (25:52) - Story # 6 - Microsoft rejects critical Azure vulnerability report, no CVE issued (28:09) - Story # 7 - GitHub bans vindictive security researcher dropping Windows zero-days: “I will make sure your bones are shattered” (30:41) - Story # 8a - A Hacker Group Is Poisoning Open Source Code at an Unprecedented Scale (32:16) - Story # 8b - TeamPCP breached GitHub’s internal codebase via poisoned VS Code extension (35:21) - Story # 10 - Ubiquiti patches three max severity UniFi OS vulnerabilities (37:51) - Story # 11 - Pizza Hut's AI system caused 'cascading' problems and $100M in damages, franchisee alleges in new suit (43:55) - Story # 12 - Data Leak at German Hospital (45:00) - Story # 13 - Microsoft shuts down illegal code-signing operation used by ransomware crims to mask their malware (47:50) - Story # 14 - Chicken News (50:07) - Story # 15 - New Windows 'MiniPlasma' zero-day exploit gives SYSTEM access, PoC released (51:04) - Story # 15b - Might someone pass along that Crowdstrike and Nessus are having a moment? LinksStory # 1 - CISA Admin Leaked AWS GovCloud Keys on GithubStory # 2 - PoC Code Published for Critical NGINX VulnerabilityStory # 3 - Anthropic’s restricted Claude Mythos model may be coming to Claude CodeStory # 4 - The FBI just remotely reset thousands of home and small office routers – and your TP-Link could be on the hitlistStory # 5 - Drupal to Release Emergency Core Security Updates Amid Fears of Rapid ExploitationStory # 6 - Microsoft rejects critical Azure vulnerability report, no CVE issuedStory # 7 - GitHub bans vindictive security researcher dropping Windows zero-days: “I will make sure your bones are shattered”Story # 8a - A Hacker Group Is Poisoning Open Source Code at an Unprecedented ScaleStory # 8b - TeamPCP breached GitHub’s internal codebase via poisoned VS Code extensionStory # 10 - Ubiquiti patches three max severity UniFi OS vulnerabilitiesStory # 11 - Pizza Hut’s AI system caused ‘cascading’ problems and $100M in damages, franchisee alleges in new suitStory # 12 - Data Leak at German HospitalStory # 13 - Microsoft shuts down illegal code-signing operation used by ransomware crims to mask their malwareStory # 14 - Chicken NewsStory # 15 - New Windows ‘MiniPlasma’ zero-day exploit gives SYSTEM access, PoC releasedStory # 15b - Might someone pass along that Crowdstrike and Nessus are having a moment?Creators & Guests Alethe Denis - Guest Corey Ham - Host Wade Wells - Host Bronwen Aker - Host Meagan Bentley - Producer Hayden Covington - Host Click here to watch this episode on YouTube. Click here to view the episode transcript. 🔗 Register for FREE Infosec Webcasts, Anti-casts & Summits  https://poweredbybhis.com Brought to you by: Black Hills Information Security  https://www.blackhillsinfosec.com Antisyphon Training https://www.antisyphontraining.com/ Active Countermeasures https://www.activecountermeasures.com Wild West Hackin Fest https://wildwesthackinfest.com

    1h 2m
  6. Mythos finds a curl vulnerability - 2026-05-18

    May 22 ·  Video

    Mythos finds a curl vulnerability - 2026-05-18

    This episode covers Mythos uncovering a vulnerability in cURL, a recent Google Threat Intelligence report on a zero-day exploit, and the growing impact of AI on capture-the-flag competitions and bug bounty programs. The hosts also discuss the economics of AI platforms like OpenAI, security research trends, and broader concerns around software vulnerabilities, automation, and defensive tooling. Join us LIVE on Mondays, 4:30pm EST.A weekly Podcast with BHIS and Friends. We discuss notable Infosec, and infosec-adjacent news stories gathered by our community news team.https://www.youtube.com/@BlackHillsInformationSecurity Chat with us on Discord! - https://discord.gg/bhis🔴live-chat Chapters (00:00) - PreShow Banter™ — Token CTFs (03:18) - Story # 1: Mythos finds a curl vulnerability (06:36) - Story # 2: Hackers Used AI to Develop First Known Zero-Day 2FA Bypass for Mass Exploitation (14:47) - Story # 3: The down fall of bug bounties (15:34) - Story # 3: Linus Torvalds says AI-powered bug hunters have made Linux security mailing list ‘almost entirely unmanageable’ (40:52) - Story # 4: Germany to Flood Ukraine’s Front Lines With Hundreds of New GEREON Combat Robots (43:51) - Story # 4b: Wild Video Shows Delivery Robots Causing Havoc, Getting Obliterated (49:35) - Story # 5: Windows BitLocker zero-day gives access to protected drives, PoC released (56:09) - Story # 6: Deal reached with hackers to delete data stolen from the Canvas educational platform (58:07) - Story # 7: Celebrities’ and influencers’ private communications exposed in stalkerware data breach (58:54) - Story # 8: Exclusive: Hackers have breached tank readers at US gas stations; officials suspect Iran is responsible (01:00:29) - Threat Hunting Summit Talk: Threat Hunting in the Dark: A Practical Approach (01:04:47) - WEBCAST: Looking at A.I. Wrong with John Strand, BB King and Derek Banks LinksStory # 1: Mythos finds a curl vulnerabilityStory # 2: Hackers Used AI to Develop First Known Zero-Day 2FA Bypass for Mass ExploitationStory # 3: The down fall of bug bountiesStory # 3: Linus Torvalds says AI-powered bug hunters have made Linux security mailing list ‘almost entirely unmanageable’Story # 4: Germany to Flood Ukraine’s Front Lines With Hundreds of New GEREON Combat RobotsStory # 4b: Wild Video Shows Delivery Robots Causing Havoc, Getting ObliteratedStory # 5: Windows BitLocker zero-day gives access to protected drives, PoC releasedStory # 6: Deal reached with hackers to delete data stolen from the Canvas educational platformStory # 7: Celebrities’ and influencers’ private communications exposed in stalkerware data breachStory # 8: Exclusive: Hackers have breached tank readers at US gas stations; officials suspect Iran is responsibleThreat Hunting Summit Talk: Threat Hunting in the Dark: A Practical ApproachWEBCAST: Looking at A.I. Wrong with John Strand, BB King and Derek BanksCreators & Guests John Strand - Host Corey Ham - Host Wade Wells - Host Bronwen Aker - Host Ralph May - Host Shane Hartman - Guest Meagan Bentley - Producer Hayden Covington - Host Click here to watch this episode on YouTube. Click here to view the episode transcript. 🔗 Register for FREE Infosec Webcasts, Anti-casts & Summits  https://poweredbybhis.com Brought to you by: Black Hills Information Security  https://www.blackhillsinfosec.com Antisyphon Training https://www.antisyphontraining.com/ Active Countermeasures https://www.activecountermeasures.com Wild West Hackin Fest https://wildwesthackinfest.com

    1h 7m
  7. The Canvas / Instructure Breach – 2026-05-11

    May 12 ·  Video

    The Canvas / Instructure Breach – 2026-05-11

    Join us LIVE on Mondays, 4:30pm EST.A weekly Podcast with BHIS and Friends. We discuss notable Infosec, and infosec-adjacent news stories gathered by our community news team.https://www.youtube.com/@BlackHillsInformationSecurity Chat with us on Discord! - https://discord.gg/bhis🔴live-chat This episode of Talking About News focuses on the reported Canvas/Instructure breach, including discussion around ShinyHunters, transparency concerns, higher education security challenges, and possible attack paths involving phishing and tenant compromise. The team also explores broader cybersecurity trends such as social engineering, ransomware pressure tactics, and the growing role of AI and platform security in modern enterprise environments. Chapters (00:00) - PreShow Banter™ — Californian Problems (02:25) - The Canvas / Instructure Breach – 2026-05-11 (10:23) - Story # 1: Canvas Breach Disrupts Schools & Colleges Nationwide (13:45) - Story # 1b: Security Incident Update & FAQs (43:14) - Story # 2: Wazuh cluster sync path traversal in decompress_files() enables arbitrary file write and code execution from authenticated cluster peer (47:34) - Story # 3: Google Chrome silently installs a 4 GB AI model on your device without consent. (52:19) - Story # 4: Trellix source code breach claimed by RansomHouse hackers (58:12) - Story # 5: Rose Acre Farms Targeted in Alleged Lynx Ransomware Attack - Cybersecurity LinksStory # 1: Canvas Breach Disrupts Schools & Colleges NationwideStory # 1b: Security Incident Update & FAQsStory # 2: Wazuh cluster sync path traversal in decompress_files() enables arbitrary file write and code execution from authenticated cluster peerStory # 3: Google Chrome silently installs a 4 GB AI model on your device without consent.Story # 4: Trellix source code breach claimed by RansomHouse hackersStory # 5: Rose Acre Farms Targeted in Alleged Lynx Ransomware Attack - Cybersecurity Wade's Workshop: Threat Actor Profiling: Know Your EnemyAlethe Denis' Webcast: How to Build a Bulletproof PretextAlethe Denis' Workshop: How to Build Pressure-Proof Pretexts Creators & Guests John Strand - Host Corey Ham - Host Wade Wells - Host Ched "cheddar" Wiggins - Guest Bronwen Aker - Host Hayden Covington - Host Ryan Poirier - Producer Alethe Denis - Guest Click here to watch this episode on YouTube. Click here to view the episode transcript. 🔗 Register for FREE Infosec Webcasts, Anti-casts & Summits  https://poweredbybhis.com Brought to you by: Black Hills Information Security  https://www.blackhillsinfosec.com Antisyphon Training https://www.antisyphontraining.com/ Active Countermeasures https://www.activecountermeasures.com Wild West Hackin Fest https://wildwesthackinfest.com

    1h 3m
  8. Utah Bans VPN Age Bypass - 2026-05-04

    May 11 ·  Video

    Utah Bans VPN Age Bypass - 2026-05-04

    Join us LIVE on Mondays, 4:30pm EST.A weekly Podcast with BHIS and Friends. We discuss notable Infosec, and infosec-adjacent news stories gathered by our community news team.https://www.youtube.com/@BlackHillsInformationSecurity Chat with us on Discord! - https://discord.gg/bhis🔴live-chat This episode covers several major cybersecurity and technology news stories, including Utah’s proposed crackdown on VPNs used to bypass online age-verification systems and the privacy and enforcement concerns surrounding those laws. The hosts also discuss newly disclosed MOVEit Transfer vulnerabilities and patching guidance, software trust and code-signing weaknesses, and broader issues around internet regulation and digital identity verification. Additional discussion touches on AI, science-fiction-inspired technology concepts, relativity and time dilation, and other notable developments from the week in cybersecurity and tech news. Chapters (00:00) - PreShow Banter™ — Alien Communications 101 (03:38) - Utah Bans VPN Age Bypass - 2026-05-04 (09:13) - Story #1 - DigiCert Revokes Certificates After Support Portal Hack (15:25) - Story #2 - Progress warns of critical MOVEit Automation auth bypass flaw (16:44) - Story #3 - Critical cPanel and WHM bug exploited as a zero-day, PoC now available (23:33) - Story #4 - Copy Fail (26:17) - Story #5 - Claude-powered AI coding agent deletes entire company database in 9 seconds — backups zapped, after Cursor tool powered by Anthropic's Claude goes rogue (33:42) - Story #6 - Elon Musk testifies that xAI trained Grok on OpenAI models (38:51) - Story #7 - Utah first state to hold websites liable for users who mask their location with VPNs — law goes into effect, designed to prevent bypassing age checks (51:23) - Story #8 - Why you should refuse to let your doctor record you (56:19) - Story #9 - Technique Change Type: How the ATT&CK Object Changed LinksCreators & Guests Corey Ham - Host Wade Wells - Host Ralph May - Host Tim Medin - Guest Patrick Gorman - Guest Click here to watch this episode on YouTube. Click here to view the episode transcript. 🔗 Register for FREE Infosec Webcasts, Anti-casts & Summits  https://poweredbybhis.com Brought to you by: Black Hills Information Security  https://www.blackhillsinfosec.com Antisyphon Training https://www.antisyphontraining.com/ Active Countermeasures https://www.activecountermeasures.com Wild West Hackin Fest https://wildwesthackinfest.com

    1h 11m
See All (342)

Ratings & Reviews

5
out of 5
4 Ratings

About

A weekly Podcast with BHIS and Friends. We discuss notable Infosec, and infosec-adjacent news stories gathered by our community news team. Join us live on YouTube, Monday's at 4:30PM ET

Information

  • Creator
    Black Hills Information Security
  • Years Active
    2018 - 2026
  • Episodes
    342
  • Rating
    Explicit
  • Copyright
    © Copyright 2025 Talkin' About [Infosec] News, Powered by Black Hills Information Security
  • Show Website
    Talkin' Bout [Infosec] News

You Might Also Like