Talkin' About [Infosec] News, Powered by Black Hills Information Security

Black Hills Information Security
  • 4.8 (90)
  • TECH NEWS
  • UPDATED WEEKLY

Download and listen to our weekly infosec podcast where we discuss the latest attacks, breaches, and how they happened and why. We’re a team of penetration testers (ethical hackers) and friends that love how new technology can be broken and made to do things it was never intended to do.

  1. 3D AGO

    Anthropic 1.5 Billion © Settlement - 2025-09-08

    Register for FREE Infosec Webcasts, Anti-casts & Summits –  https://poweredbybhis.com 00:00 - PreShow Banter™ — If I Were French 04:35 - Anthropic 1.5 Billion © Settlement - BHIS - Talkin’ Bout [infosec] News 2025-09-08 05:48 - Hackers Threaten to Submit Artists’ Data to AI Models If Art Site Doesn’t Pay Up 08:40 - Anthropic Agrees to Pay Authors at Least $1.5 Billion in AI Copyright Settlement 23:58 - This Company Turns Dashcams into ‘Virtual CCTV Cameras.’ Then Hackers Got In 33:38 - Ice obtains access to Israeli-made spyware that can hack phones and encrypted apps 40:07 - Cloudflare Blocks Record-Breaking 11.5 Tbps DDoS Attack 44:27 - npm Packages With 2 Billion Weekly Downloads Hacked in Major Attack 46:38 - Update on Mandiant Drift and Salesloft Application Investigations 51:04 - M&S hackers claim to be behind Jaguar Land Rover cyber attack 51:55 - New TP-Link zero-day surfaces as CISA warns other flaws are exploited 54:52 - ChickenSec: US turns to Russia for chicken eggs for the first time in 32 years, despite sanctions to cripple its economy 57:58 - Cybercriminals Exploit X’s Grok AI to Bypass Ad Protections and Spread Malware to Millions

    1 hr

  2. SEP 6

    Chinese agent tried to recruit Stanford Student - 2025-09-02

    Register for FREE Infosec Webcasts, Anti-casts & Summits –  https://poweredbybhis.com 00:00 - PreShow Banter™ — It’s 8ft skeleton season. 02:18 - BHIS - Talkin’ Bout [infosec] News 2025-09-02 03:07 - Story # 1: Salesloft breached to steal OAuth tokens for Salesforce data-theft attacks 07:35 - Story # 2: DSLRoot, Proxies, and the Threat of ‘Legal Botnets’ 13:46 - Story # 3: Attackers Abuse Velociraptor Forensic Tool to Deploy Visual Studio Code for C2 Tunneling 17:44 - Story # 4: Ransomware crooks knock Swedish municipalities offline for measly sum of $168K 19:39 - Story # 5: As crippling cyberattack against Nevada continues, Lombardo says ‘we’re working through it.’ 20:56 - Story # 6: Citrix forgot to tell you CVE-2025–6543 has been used as a zero day since May 2025 22:43 - Story # 7: NetScaler ADC and NetScaler Gateway Security Bulletin for CVE-2025-7775, CVE-2025-7776 and CVE-2025-8424 25:20 - Story # 8: First known AI-powered ransomware uncovered by ESET Research 30:00 - Story # 9: In the rush to adopt hot new tech, security is often forgotten. AI is no exception 32:06 - Story # 10: TransUnion suffers data breach impacting over 4.4 million people 34:17 - Story # 11: ChickenSec FollowUp: Artificial Intelligence: The other AI 35:20 - Story # 12: They weren’t lovin’ it - hacker cracks McDonald’s security in quest for free nuggets, and it was apparently not too tricky 39:29 - Identify the birds you see or hear with Merlin Bird ID 40:04 - Story # 13: Detecting and countering misuse of AI: August 2025 51:31 - Story # 14: I’m a Stanford student. A Chinese agent tried to recruit me as a spy

    56 min

  3. AUG 30

    The Impending AI Bubble 2025-08-25

    Register for FREE Infosec Webcasts, Anti-casts & Summits –  https://poweredbybhis.com 00:00 - PreShow Banter™ — Canadian Chicken 02:01 - The AI Bubble BHIS - Talkin’ Bout [infosec] News 2025-08-25 02:23 - Story # 1: Congressman proposes bringing back letters of marque for cyber privateers 09:27 - Story # 2: SIM-Swapper, Scattered Spider Hacker Gets 10 Years 12:43 - Story # 3: Developer jailed for taking down employer’s network with kill switch malware 16:33 - Story # 4: Agentic Browser Security: Indirect Prompt Injection in Perplexity Comet 20:42 - The Utopia Chronicles 23:20 - Story # 5: “Unstoppable Power Surges”: China’s Quantum Processor Outspeeds Supercomputers by 1 Quadrillion and Triggers US Intelligence Panic 28:47 - Story # 6: Bank forced to rehire workers after lying about chatbot productivity, union says 41:21 - Story # 7: It Took Many Years And Billions Of Dollars, But Microsoft Finally Invented A Calculator That Is Wrong Sometimes 43:41 - Story # 8: Copilot Broke Your Audit Log, but Microsoft Won’t Tell You 46:33 - Story # 9: Russian state-sponsored espionage group Static Tundra compromises unpatched end-of-life network devices 49:24 - Story # 10 : Zero-Day Clickjacking Flaws Found in Password Managers Used by Millions 53:12 - Story # 11: Cybersecurity training doesn’t work: time wasted with no impact, study finds 59:07 - ChickenSec: Artificial Intelligence: The other AI

    1h 4m

  4. AUG 20

    Cyberattack Bricks Speed Cameras – 2025-08-18

    Register for FREE Infosec Webcasts, Anti-casts & Summits –  https://poweredbybhis.com 00:00 - PreShow Banter™ — The gif that keeps on giffing 01:46 - Cyberattack Bricks Speed Cameras – BHIS - Talkin’ Bout [infosec] News 2025-08-18 02:39 - Story # 1: Perplexity made a sky-high $34.5 billion bid for Google Chrome — a bold and unusual move in the midst of antitrust scrutiny 07:16 - Story # 2: Exclusive: US embeds trackers in AI chip shipments to catch diversions to China, sources say 10:22 - Story # 3: How we found TeaOnHer spilling users’ driver’s licenses in less than 10 minutes 12:17 - Story # 4: Cisco discloses maximum-severity defect in firewall software 13:56 - Story # 5: Data Dump From APT Actor Yields Clues to Attacker Capabilities 19:13 - Story # 6: Russian cyberattack in the Netherlands leaves speed cameras offline indefinitely 23:30 - Story # 7: HTTP/2 MadeYouReset Vulnerability Enables Massive DDoS Attacks 24:51 - Story # 8: LAPD Eyes ‘GeoSpy’, an AI Tool That Can Geolocate Photos in Seconds 29:05 - Story # 9: Manpower discloses data breach affecting nearly 145,000 people 34:51 - Story # 10: Hacker Offers to Sell 15.8 Million Plain-Text PayPal Credentials On Dark Web Forum 35:34 - Story # 11: The First Federal Cybersecurity Disaster of Trump 2.0 Has Arrived 40:54 - Story # 12: New Clever Phishing Attack Uses Japanese Character “ん” to Mimic Forward Slash “/” 46:28 - Story # 13: Fortinet warns of FortiSIEM pre-auth RCE flaw with exploit in the wild 48:13 - Story # 14: Plex warns users to patch security vulnerability immediately 50:53 - ChickenSec: Noble Foods using soil mapping technology at organic egg farm

    58 min

  5. AUG 14

    DEF CON RECAP – 2025-08-11

    Register for FREE Infosec Webcasts, Anti-casts & Summits –  https://poweredbybhis.com 00:00 - PreShow Banter™ — Wading Through Woods 06:06 - DEF CON RECAP - Talkin’ Bout [infosec] News 2025-08-11 09:16 - Story # 1: It’s time to acknowledge HTTP/1.1 is insecure 12:36 - Story # 2: Research reveals possible privacy gaps in Apple Intelligence’s data handling 17:51 - Story # 3: Federal court filing system hit in sweeping hack 21:09 - Story # 4: Cisco discloses data breach impacting Cisco.com user accounts 32:17 - Story # 5: Google says its AI-based bug hunter found 20 security vulnerabilities 34:20 - Story # 6: Automate security reviews with Claude Code 39:01 - Story # 7: Flipper Zero ‘DarkWeb’ Firmware Bypasses Rolling Code Security on Major Vehicle Brands 44:44 - Story # 7b: OnStar assists CHP in stopping fleeing SUV with toddler inside 47:12 - Story # 7c: That viral video of a ‘deactivated’ Tesla Cybertruck is a fake 49:37 - Story # 8: LegalPwn Attack Tricks GenAI Tools Into Misclassifying Malware as Safe Code 50:53 - Story # 9: Microsoft Launches Project Ire to Autonomously Classify Malware Using AI Tools 53:08 - Story # 10: A Single Poisoned Document Could Leak ‘Secret’ Data Via ChatGPT 58:10 - Story # 11: Millions of Dell Laptops Vulnerable to Device Takeover and Persistent Malware Attacks

    1 hr

  6. AUG 7

    Perplexity Stealth Crawlers Evade No-Crawl Directives - 2025-08-04

    Register for FREE Infosec Webcasts, Anti-casts & Summits –  https://poweredbybhis.com 00:00:00 - PreShow Banter™ — Stop Asking Wade if he’s in Vegas 00:02:16 - Perplexity Uses Stealth Crawlers to Evade No-Crawl Directives – 2025-08-04 00:11:25 - Story # 1: Insurance won’t cover $5M in City of Hamilton claims for cyberattack, citing lack of log-in security 00:18:40 - Story # 2: States Enact Safe Harbor Laws that Provide Affirmative Defenses in Data Breach Litigation 00:26:45 - Story # 3: Hackers Destroy Aeroflot’s IT Infrastructure, Causing Over 42 Flight Cancellations 00:34:18 - Story # 4: Attackers exploit link-wrapping services to steal Microsoft 365 logins 00:40:09 - Story # 5: Mozilla flags phishing wave aimed at hijacking trusted Firefox add-ons 00:42:18 - Wade’s plugin recommendation 00:44:39 - Story # 6: Perplexity is using stealth, undeclared crawlers to evade website no-crawl directives 00:51:11 - Story # 7: After Backlash, ChatGPT Removes Option to Have Private Chats Indexed by Google 00:55:21 - AI 2027 01:01:01 - What’s Ralph been up to?

    1h 3m

  7. AUG 1

    UK Bans Ransomware Payments - 2025-07-28

    Register for FREE Infosec Webcasts, Anti-casts & Summits – https://poweredbybhis.com 00:00 - PreShow Banter™ — National Chicken Wing Day 04:16 - BHIS - Talkin’ Bout [infosec] News 2025-07-28 05:30 - Story # 1: Bad vibes: How an AI agent coded its way to disaster 08:40 - Story # 1b: Replit goes rogue, deletes entire database. 15:44 - Story # 2: A major AI training data set contains millions of examples of personal data 26:05 - Story # 3: Women Dating Safety App ‘Tea’ Breached, Users’ IDs Posted to 4chan 33:19 - Story # 4:A Startup is Selling Data Hacked from Peoples’ Computers to Debt Collectors 40:28 - Story # 5: Clorox Sues IT Provider Cognizant For Simply Giving Employee Password to Hackers 49:46 - Story # 6: Businesses banned from paying hackers’ ransoms to target cybercrime 57:38 - SharePoint Follow Up

    1h 2m

  8. JUL 23

    Microsoft's OverSharePoint 0-Day Exploit – 2025-07-21

    Register for FREE Infosec Webcasts, Anti-casts & Summits –  https://poweredbybhis.com 00:00 - PreShow Banter™ — PaintBallers 03:55 - BHIS - Talkin’ Bout [infosec] News 2025-07-21 04:21 - Story # 1: Microsoft 0-day Mass Exploitation 09:39 - Story # 2: Replit AI went rogue, deleted a company’s entire database, then hid it and lied about it 13:15 - Story # 3: ‘All US forces must now assume their networks are compromised’ after Salt Typhoon breach 18:08 - Story # 4: After FBI Warning, Alaska Airlines Grounded; Salt Typhoon Suspected 20:45 - Story # 5: FBI Cybersecurity Breach Led to Murders of Informants in El Chapo Case 21:54 - Story # 5b: FBI’s Report 29:57 - Story # 6: Google fixes actively exploited sandbox escape zero day in Chrome 31:30 - Story # 7: Exploited Wing file transfer bug risks ‘total server compromise,’ CISA warns 32:33 - Story # 8: CitrixBleed 2 situation update — everybody already got owned 33:01 - Story # 9: At Least 750 US Hospitals Faced Disruptions During Last Year’s CrowdStrike Outage, Study Finds 46:14 - Story # 10: Amazon Ring Doorbell May 28 Mass Hacking Claim Goes Viral 48:56 - jdbgmgr.exe virus hoax 51:52 - Story # 11: HPE warns of hardcoded passwords in Aruba access points

    1h 4m
See All (20)

4.8
out of 5
90 Ratings

About

Download and listen to our weekly infosec podcast where we discuss the latest attacks, breaches, and how they happened and why. We’re a team of penetration testers (ethical hackers) and friends that love how new technology can be broken and made to do things it was never intended to do.

Information

You Might Also Like