Talkin' Bout [Infosec] News

Black Hills Information Security
  • 4.8 (92)
  • TECH NEWS
  • UPDATED WEEKLY

A weekly Podcast with BHIS and Friends. We discuss notable Infosec, and infosec-adjacent news stories gathered by our community news team. Join us live on YouTube, Monday's at 4:30PM ET

  1. Hot Take Predictions for Next Year – 2025-12-15

    12/18/2025

    Hot Take Predictions for Next Year – 2025-12-15

    Join us LIVE on Mondays, 4:30pm EST.A weekly Podcast with BHIS and Friends. We discuss notable Infosec, and infosec-adjacent news stories gathered by our community news team.https://www.youtube.com/@BlackHillsInformationSecurity Chat with us on Discord! - https://discord.gg/bhis🔴live-chat 🔗 Register for FREE webcasts, summits, and workshops - https://poweredbybhis.com Chapters (00:00) - PreShow Banter™ — testing testing (00:11) - Hot Take Predictions for Next Year – 2025-12-15 (02:10) - Story # 1: Russian kids revolt as Kremlin bans Roblox, other popular apps (10:21) - Story # 2: Google's killing off its dark web report because users didn't know what to do with it (20:05) - Story # 3: Coupang data breach traced to ex-employee who retained system access (31:13) - Story # 4: Roomba maker iRobot bought by Chinese supplier after filing for bankruptcy (34:18) - Story # 5: February report from researcher found Chinese KVM had an unclearly documented microphone and communicated with China-based servers, but many of the security issues are now addressed [Updated] (36:48) - Story # 6: When adversaries bring their own virtual machine for persistence (41:57) - Story # 7: Oh no! Hackers snuck malware inside uber-popular Windows app Notepad++ (44:20) - Hot Take Predictions for 2026 LinksStory # 1: Russian kids revolt as Kremlin bans Roblox, other popular appsStory # 2: Google’s killing off its dark web report because users didn’t know what to do with itStory # 3: Coupang data breach traced to ex-employee who retained system accessStory # 4: Roomba maker iRobot bought by Chinese supplier after filing for bankruptcyStory # 5: February report from researcher found Chinese KVM had an unclearly documented microphone and communicated with China-based servers, but many of the security issues are now addressed [Updated]Story # 6: When adversaries bring their own virtual machine for persistenceStory # 7: Oh no! Hackers snuck malware inside uber-popular Windows app Notepad++The team looks ahead to 2026 and shares practical, sometimes blunt predictions about where cybersecurity is heading. They discuss how AI will continue reshaping both offense and defense, with attackers using automation at scale while defenders struggle to operationalize AI beyond marketing hype. The conversation highlights growing risk from identity abuse, cloud misconfigurations, and insecure SaaS sprawl, noting that many breaches will still come down to basic failures rather than advanced exploits. They also predict continued burnout in security teams, more consolidation among security vendors, and increasing pressure to prove real ROI from security tools. On the positive side, the hosts see improved detection engineering, better security education, and more community-driven knowledge sharing. Overall, the message is clear: fundamentals still matter, hype won’t save you, and organizations that focus on people, process, and visibility will be better positioned for 2026. Brought to you by:Black Hills Information Security https://www.blackhillsinfosec.com Antisyphon Traininghttps://www.antisyphontraining.com/ Active Countermeasureshttps://www.activecountermeasures.com Wild West Hackin Festhttps://wildwesthackinfest.com

    1h 2m
  2. A Live Stream From inside Lazarus Group – 2025-12-08

    12/11/2025

    A Live Stream From inside Lazarus Group – 2025-12-08

    🔗 Register for FREE Infosec Webcasts, Anti-casts & Summits –  https://poweredbybhis.com Join us LIVE on Mondays, 4:30pm EST.A weekly Podcast with BHIS and Friends. We discuss notable Infosec, and infosec-adjacent news stories gathered by our community news team.https://www.youtube.com/@BlackHillsInformationSecurity Chat with us on Discord!https://discord.gg/bhis🔴live-chat A Live Stream From inside Lazarus Group – 2025-12-08This BHIS episode blends cybersecurity humor, hacker culture, and livestream chaos as the team jokes about nation-state threats, leaked webcams, OPSEC mishaps, and technical glitches. With unscripted banter and light industry insights, it’s a fun, energetic listen for fans of ethical hacking, infosec podcasts, and behind-the-scenes security chatter. Chapters00:00 - PreShow Banter™ — Industry Leaders02:34 - A Live Stream From inside Lazarus Group – 2025-12-0804:24 - Story # 1: React2Shell (CVE-2025-55182): Everything You Need to Know About the Critical React Vulnerability08:58 - Story # 2: A Live Stream from Inside Lazarus Group’s IT Workers Scheme20:37 - Story # 3: Contractors with hacking records accused of wiping 96 govt databases26:44 - Story # 4: Apple refuses to pre-install government app on iPhones in India37:42 - Story # 5: Russia blocks Apple's FaceTime in mounting push against foreign tech platforms44:55 - Story # 6: ‘End-to-end encrypted’ smart toilet camera is not actually end-to-end encrypted57:53 - Story # 7: Flock Uses Overseas Gig Workers to Build its Surveillance AI Brought to you by: Black Hills Information Security  https://www.blackhillsinfosec.com Antisyphon Training https://www.antisyphontraining.com/ Active Countermeasures https://www.activecountermeasures.com Wild West Hackin Fest https://wildwesthackinfest.com (00:00) - 00:00 - PreShow Banter™ — Industry Leaders (02:34) - A Live Stream From inside Lazarus Group – 2025-12-08 (04:24) - Story # 1: React2Shell (CVE-2025-55182): Everything You Need to Know About the Critical React Vulnerability (08:57) - Story # 2: A Live Stream from Inside Lazarus Group’s IT Workers Scheme (20:37) - Story # 3: Contractors with hacking records accused of wiping 96 govt databases (26:44) - Story # 4: Apple refuses to pre-install government app on iPhones in India (37:41) - Story # 5: Russia blocks Apple's FaceTime in mounting push against foreign tech platforms (44:55) - Story # 6: ‘End-to-end encrypted’ smart toilet camera is not actually end-to-end encrypted (57:52) - Story # 7: Flock Uses Overseas Gig Workers to Build its Surveillance AI

    1h 4m
  3. Lawmakers Want to Ban VPNs - 2025-12-01

    12/04/2025

    Lawmakers Want to Ban VPNs - 2025-12-01

    Register for FREE Infosec Webcasts, Anti-casts & Summits – https://poweredbybhis.com Chapters (00:00) - PreShow Banter™ — The Problem With Extensions (03:10) - Lawmakers Want to Ban VPNs – BHIS - Talkin' Bout [infosec] News 2025-12-01 (03:47) - Story # 1: Stop Putting Your Passwords Into Random Websites (Yes, Seriously, You Are The Problem) (12:05) - Story # 2: Lawmakers Want to Ban VPNs—And They Have No Idea What They're Doing (21:18) - Story # 3: Critical 7 Zip Vulnerability With Public Exploit Requires Manual Update (25:48) - Story # 4: 'Slop Evader' Lets You Surf the Web Like It’s 2022 (37:07) - Story # 5: China’s Espionage in Europe is Deepening and More Sophisticated than Acknowledged, Expert Says (39:10) - Story # 6: Apple Update Warning For All iPhone 17, 16 And 15 Users—Act Now (42:38) - Story # 7: Meta is earning a fortune on a deluge of fraudulent ads, documents show (50:22) - Story # 8: Meta had a 17-strike policy for sex trafficking, former safety leader claims (52:40) - Story # 9: Man behind in-flight Evil Twin WiFi attacks gets 7 years in prison News LinksStory # 1: Stop Putting Your Passwords Into Random Websites (Yes, Seriously, You Are The Problem)Story # 2: Lawmakers Want to Ban VPNs—And They Have No Idea What They're DoingStory # 3: Critical 7 Zip Vulnerability With Public Exploit Requires Manual UpdateStory # 4: 'Slop Evader' Lets You Surf the Web Like It’s 2022Story # 5: China’s Espionage in Europe is Deepening and More Sophisticated than Acknowledged, Expert SaysStory # 6: Apple Update Warning For All iPhone 17, 16 And 15 Users—Act NowStory # 7: Meta is earning a fortune on a deluge of fraudulent ads, documents showStory # 8: Meta had a 17-strike policy for sex trafficking, former safety leader claimsStory # 9: Man behind in-flight Evil Twin WiFi attacks gets 7 years in prisonBrought to you by: Black Hills Information Security https://www.blackhillsinfosec.com Antisyphon Traininghttps://www.antisyphontraining.com/ Active Countermeasureshttps://www.activecountermeasures.com Wild West Hackin Festhttps://wildwesthackinfest.com

    1h 3m
  4. Shai-Hulud malware leaks secrets on GitHub – 2025-11-24

    11/26/2025

    Shai-Hulud malware leaks secrets on GitHub – 2025-11-24

    Register for FREE Infosec Webcasts, Anti-casts & Summits – https://poweredbybhis.com Chapters (00:00) - PreShow Banter™ — Stressed about lithium batteries (04:59) - Shai-Hulud malware leaks secrets on GitHub – BHIS - Talkin' Bout [infosec] News 2025-11-24 (05:57) - Story # 1: Shai-Hulud malware infects 500 npm packages, leaks secrets on GitHub (11:18) - Story # 2: CrowdStrike catches insider feeding information to hackers (15:50) - Story # 3: Fidelity sues Broadcom over access to key software to avoid outages (22:17) - Story # 4: NetApp sues former CTO for alleged data breach (26:48) - Story # 5: CrowdStrike Research: Security Flaws in DeepSeek-Generated Code Linked to Political Triggers (36:05) - Story # 6: A major Cloudflare outage took down large parts of the internet - X, ChatGPT and more were affected, but all recovered now (37:11) - Story # 6b: Cloudflare outage on November 18, 2025 (41:43) - Story # 7: Iran-Linked Hackers Mapped Ship AIS Data Days Before Real-World Missile Strike Attempt (46:34) - Story # 8: This Hacker Conference Installed a Literal Antivirus Monitoring System (51:10) - Story # 9: Microsoft to integrate Sysmon directly into Windows 11, Server 2025 (56:40) - Story # 10: Crypto and Carcasses: Undercover Sting Recovers $700K in Bitcoin Miners, Foils $75K Frozen Turkey Heist News LinksStory # 1: Shai-Hulud malware infects 500 npm packages, leaks secrets on GitHubStory # 2: CrowdStrike catches insider feeding information to hackersStory # 3: Fidelity sues Broadcom over access to key software to avoid outagesStory # 4: NetApp sues former CTO for alleged data breachStory # 5: CrowdStrike Research: Security Flaws in DeepSeek-Generated Code Linked to Political TriggersStory # 6: A major Cloudflare outage took down large parts of the internet - X, ChatGPT and more were affected, but all recovered nowStory # 6b: Cloudflare outage on November 18, 2025Story # 7: Iran-Linked Hackers Mapped Ship AIS Data Days Before Real-World Missile Strike AttemptStory # 8: This Hacker Conference Installed a Literal Antivirus Monitoring SystemStory # 9: Microsoft to integrate Sysmon directly into Windows 11, Server 2025Story # 10: Crypto and Carcasses: Undercover Sting Recovers $700K in Bitcoin Miners, Foils $75K Frozen Turkey HeistBrought to you by: Black Hills Information Security  https://www.blackhillsinfosec.com Antisyphon Traininghttps://www.antisyphontraining.com/

    1h 5m
  5. A.I. Transcription Startup Was Just A Guy Taking Notes- 2025-11-17

    11/21/2025

    A.I. Transcription Startup Was Just A Guy Taking Notes- 2025-11-17

    Register for FREE Infosec Webcasts, Anti-casts & Summits –  https://poweredbybhis.com 00:00:00 - PreShow Banter™ — The Way the Community Rumbles 00:08:21 - A.I. Transcription Startup Was Just A Guy Taking Notes - BHIS - Talkin’ Bout [infosec] News 2025-11-17 00:09:01 - Story # 1: New data shows companies are rehiring former employees as AI falls short of expectations 00:18:06 - Eric & Whitney’s “Podcast” [webcast] on training your own LLM 00:22:12 - Story # 2: Founder Admits His “AI Transcription” Startup Was Just Him Joining People’s Meetings and Taking Notes by Hand 00:26:20 - Story # 3: Five Plead Guilty in U.S. for Helping North Korean IT Workers Infiltrate 136 Companies 00:37:35 - Story # 4: Google is easing up on Android’s new sideloading restrictions! 00:43:44 - Story # 5: Google is collecting troves of data from downgraded Nest thermostats 00:44:58 - Story # 5b: Hackers are saving Google’s abandoned Nest thermostats with open-source firmware 00:51:34 - Story # 6: FFmpeg to Google: Fund Us or Stop Sending Bugs 01:00:40 - Story # 7: Teens are Hacking School Systems. Let’s Teach Them to Protect Communities Instead 01:05:55 - Story # 8: Disrupting the first reported AI-orchestrated cyber espionage campaign 01:14:58 - Discord CTF Winners (00:00) - PreShow Banter™ — The Way the Community Rumbles (08:21) - A.I. Transcription Starup Was Just A Guy Taking Notes - BHIS - Talkin' Bout [infosec] News 2025-11-17 (09:01) - Story # 1: New data shows companies are rehiring former employees as AI falls short of expectations (18:05) - Eric & Whitney's "Podcast" [webcast] on training your own LLM (22:12) - Story # 2: Founder Admits His “AI Transcription” Startup Was Just Him Joining People’s Meetings and Taking Notes by Hand (26:20) - Story # 3: Five Plead Guilty in U.S. for Helping North Korean IT Workers Infiltrate 136 Companies (37:34) - Story # 4: Google is easing up on Android's new sideloading restrictions! (43:43) - Story # 5: Google is collecting troves of data from downgraded Nest thermostats (44:58) - Story # 5b: Hackers are saving Google's abandoned Nest thermostats with open-source firmware (51:33) - Story # 6: FFmpeg to Google: Fund Us or Stop Sending Bugs (01:00:39) - Story # 7: Teens are Hacking School Systems. Let’s Teach Them to Protect Communities Instead (01:05:55) - Story # 8: Disrupting the first reported AI-orchestrated cyber espionage campaign (01:14:58) - Discord CTF Winners

    1h 17m
  6. Louvre’s Video Security Password Was ‘Louvre’ 2025-11-10

    11/13/2025

    Louvre’s Video Security Password Was ‘Louvre’ 2025-11-10

    Register for FREE Infosec Webcasts, Anti-casts & Summits – https://poweredbybhis.com  Chapters 00:00 - PreShow Banter™ — Humans are Done 03:04 - Louvre’s video security password was ‘Louvre’ – BHIS - Talkin’ Bout [infosec] News 2025-11-10 05:11 - Story # 1: I Tried the Robot That’s Coming to Live With You. It’s Still Part Human. 15:14 - Story # 2: How to trade your $214,000 cybersecurity job for a jail cell 25:14 - Story # 3: The Louvre’s video security password was reportedly ‘Louvre’ 29:04 - Story # 4: Dangerous runC flaws could allow hackers to escape Docker containers 32:58 - Story # 5: List of AI Tools Promoted by Threat Actors in Underground Forums and Their Capabilities 40:00 - Story # 5b: GTIG AI Threat Tracker: Advances in Threat Actor Usage of AI Tools 56:37 - BHIS Webcast – X-Typhoon - Not your Father’s China with John Strand (00:00) - PreShow Banter™ — Humans are Done (03:03) - Louvre’s video security password was ‘Louvre’ – BHIS - Talkin' Bout [infosec] News 2025-11-10 (05:10) - Story # 1: I Tried the Robot That’s Coming to Live With You. It’s Still Part Human. (15:14) - Story # 2: How to trade your $214,000 cybersecurity job for a jail cell (25:13) - Story # 3: The Louvre’s video security password was reportedly ‘Louvre’ (29:03) - Story # 4: Dangerous runC flaws could allow hackers to escape Docker containers (32:58) - Story # 5: List of AI Tools Promoted by Threat Actors in Underground Forums and Their Capabilities (40:00) - Story # 5b: GTIG AI Threat Tracker: Advances in Threat Actor Usage of AI Tools (56:37) - BHIS Webcast – X-Typhoon - Not your Father's China with John Strand

    59 min
  7. Ransomware Victims Stop Paying Hackers – 2025-11-03

    11/06/2025

    Ransomware Victims Stop Paying Hackers – 2025-11-03

    Register for FREE Infosec Webcasts, Anti-casts & Summits – https://poweredbybhis.com 00:00 - PreShow Banter™ — Musical Views of the Universe 04:05 - – BHIS - Talkin’ Bout [infosec] News 2025-11-03 04:39 - Story # 1: Ransomware profits drop as victims stop paying hackers 06:22 - Chart since 2019 16:06 - Story # 2: More than a million people every week show suicidal intent when chatting with ChatGPT, OpenAI estimates 33:02 - Story # 3: 10M people watched a YouTuber shim a lock; the lock company sued him. Bad idea. 41:18 - Story # 4: ‘Dangerous’ YouTube videos struck down for bypassing Windows 11 account setup [Update: Restored] 47:13 - Story # 5: Chicago firm that resolves ransomware attacks had rogue workers carrying out their own hacks, FBI says 51:08 - Story # 6: Microsoft: DNS outage impacts Azure and Microsoft 365 services 54:33 - Story # 7: EY Data Leak – Massive 4TB SQL Server Backup Exposed Publicly on Microsoft Azure 55:22 - Stordy # 8: Black Hat Europe 2025 Arsenal: 8 AI Security Tools Transforming Cybersecurity (00:00) - PreShow Banter™ — Musical Views of the Universe (04:04) - Ransomware Victims Stop Paying Hackers – BHIS - Talkin' Bout [infosec] News 2025-11-03 (04:38) - Story # 1: Ransomware profits drop as victims stop paying hackers (06:22) - Chart since 2019 (thumbnail) (16:06) - Story # 2: More than a million people every week show suicidal intent when chatting with ChatGPT, OpenAI estimates (33:02) - Story # 3: 10M people watched a YouTuber shim a lock; the lock company sued him. Bad idea. (41:18) - Story # 4: ‘Dangerous’ YouTube videos struck down for bypassing Windows 11 account setup [Update: Restored] (47:12) - Story # 5: Chicago firm that resolves ransomware attacks had rogue workers carrying out their own hacks, FBI says (51:07) - Story # 6: Microsoft: DNS outage impacts Azure and Microsoft 365 services (54:33) - Story # 7: EY Data Leak – Massive 4TB SQL Server Backup Exposed Publicly on Microsoft Azure (55:22) - Story # 8: Black Hat Europe 2025 Arsenal: 8 AI Security Tools Transforming Cybersecurity

    1h 4m
  8. The AI Browser Wars - 2025-10-27

    10/31/2025

    The AI Browser Wars - 2025-10-27

    Register for FREE Infosec Webcasts, Anti-casts & Summits –  https://poweredbybhis.com The BHIS crew breaks down the latest cybersecurity stories making waves — from data breaches and malware campaigns to privacy issues, exploit trends, and tech policy shake-ups. Join our panel of security pros for expert analysis, sharp humor, and practical insights you can actually use. Whether it’s social engineering, AI-powered attacks, or bizarre security headlines, we dig into what matters most for defenders and curious minds alike. Stay informed, entertained, and one step ahead in the ever-changing world of infosec. 00:00:00 - PreShow Banter™ — The Cost of War.xyz 00:03:42 - The AI Browser Wars - BHIS - Talkin’ Bout [infosec] News 2025-10-27 00:04:04 - Story # 1: Smart bed owners experience AWS outage nightmare as they’re left sweating and stuck in upright position 00:10:49 - Story # 2: Robots May Replace 600,000 Human Employees at Amazon 00:14:40 - Story # 3: Meet Mico, Microsoft’s AI version of Clippy 00:20:59 - Story # 4: Exploitation of Windows Server Update Services Remote Code Execution Vulnerability 00:26:31 - Story # 5: Ex-L3Harris executive accused of selling trade secrets to Russia 00:31:29 - Story # 6: Introducing ChatGPT Atlas 00:43:34 - Story # 7: ‘Phased Out’—Google Confirms Bad News For 3 Billion Chrome Users 00:52:26 - Story # 8: The Y2K38 Bug Is a Vulnerability, Not Just a Date Problem, Researchers Warn 01:00:16 - Story # 9: KFC Venezuela Alleged Data Breach – 1 Million Customer Records Exposed (00:00) - PreShow Banter™ — The Cost of War.xyz (03:42) - The AI Browser Wars - BHIS - Talkin' Bout [infosec] News 2025-10-27 (04:04) - Story # 1: Smart bed owners experience AWS outage nightmare as they're left sweating and stuck in upright position (10:48) - Story # 2: Robots May Replace 600,000 Human Employees at Amazon (14:40) - Story # 3: Meet Mico, Microsoft’s AI version of Clippy (20:58) - Story # 4: Exploitation of Windows Server Update Services Remote Code Execution Vulnerability (26:30) - Story # 5: Ex-L3Harris executive accused of selling trade secrets to Russia (31:28) - Story # 6: Introducing ChatGPT Atlas (43:34) - Story # 7: ‘Phased Out’—Google Confirms Bad News For 3 Billion Chrome Users (52:25) - Story # 8: The Y2K38 Bug Is a Vulnerability, Not Just a Date Problem, Researchers Warn (01:00:15) - Story # 9: KFC Venezuela Alleged Data Breach – 1 Million Customer Records Exposed

    1h 1m
See All (326)

4.8
out of 5
92 Ratings

About

A weekly Podcast with BHIS and Friends. We discuss notable Infosec, and infosec-adjacent news stories gathered by our community news team. Join us live on YouTube, Monday's at 4:30PM ET

Information

  • Creator
    Black Hills Information Security
  • Years Active
    2018 - 2025
  • Episodes
    326
  • Rating
    Explicit
  • Copyright
    © Copyright 2025 Talkin' About [Infosec] News, Powered by Black Hills Information Security
  • Show Website
    Talkin' Bout [Infosec] News

You Might Also Like