- 1 hour 2 minutesGitHub bans vindictive security researcher - 2026-05-26
This episode covers a CISA contractor’s accidental exposure of AWS GovCloud credentials and internal system details on GitHub, the FBI’s efforts to patch vulnerable routers, and a critical NGINX vulnerability with public proof-of-concept code. The team also discusses Microsoft’s handling of a disputed Azure Backup security finding, the challenges of vulnerability disclosure and CVE assignment, and GitHub’s ban of security researcher Nightmare Eclipse following the publication of unpatched Windows vulnerability research.
Join us LIVE on Mondays, 4:30pm EST.
A weekly Podcast with BHIS and Friends. We discuss notable Infosec, and infosec-adjacent news stories gathered by our community news team.
https://www.youtube.com/@BlackHillsInformationSecurityChat with us on Discord! -
https://discord.gg/bhis
🔴live-chat
Chapters- (00:00) - PreShow Banter™ — Getting to Chili's
- (05:45) - GitHub bans vindictive security researcher - 2026-05-26
- (07:09) - Story # 1: CISA Admin Leaked AWS GovCloud Keys on Github
- (10:45) - Story # 2 - PoC Code Published for Critical NGINX Vulnerability
- (12:53) - Story # 3 - Anthropic’s restricted Claude Mythos model may be coming to Claude Code
- (16:16) - Story # 4 - The FBI just remotely reset thousands of home and small office routers – and your TP-Link could be on the hitlist
- (22:37) - Story # 5 - Drupal to Release Emergency Core Security Updates Amid Fears of Rapid Exploitation
- (25:52) - Story # 6 - Microsoft rejects critical Azure vulnerability report, no CVE issued
- (28:09) - Story # 7 - GitHub bans vindictive security researcher dropping Windows zero-days: “I will make sure your bones are shattered”
- (30:41) - Story # 8a - A Hacker Group Is Poisoning Open Source Code at an Unprecedented Scale
- (32:16) - Story # 8b - TeamPCP breached GitHub’s internal codebase via poisoned VS Code extension
- (35:21) - Story # 10 - Ubiquiti patches three max severity UniFi OS vulnerabilities
- (37:51) - Story # 11 - Pizza Hut's AI system caused 'cascading' problems and $100M in damages, franchisee alleges in new suit
- (43:55) - Story # 12 - Data Leak at German Hospital
- (45:00) - Story # 13 - Microsoft shuts down illegal code-signing operation used by ransomware crims to mask their malware
- (47:50) - Story # 14 - Chicken News
- (50:07) - Story # 15 - New Windows 'MiniPlasma' zero-day exploit gives SYSTEM access, PoC released
- (51:04) - Story # 15b - Might someone pass along that Crowdstrike and Nessus are having a moment?
Links
Story # 1 - CISA Admin Leaked AWS GovCloud Keys on Github
Story # 2 - PoC Code Published for Critical NGINX Vulnerability
Story # 3 - Anthropic’s restricted Claude Mythos model may be coming to Claude Code
Story # 4 - The FBI just remotely reset thousands of home and small office routers – and your TP-Link could be on the hitlist
Story # 5 - Drupal to Release Emergency Core Security Updates Amid Fears of Rapid Exploitation
Story # 6 - Microsoft rejects critical Azure vulnerability report, no CVE issued
Story # 7 - GitHub bans vindictive security researcher dropping Windows zero-days: “I will make sure your bones are shattered”
Story # 8a - A Hacker Group Is Poisoning Open Source Code at an Unprecedented Scale
Story # 8b - TeamPCP breached GitHub’s internal codebase via poisoned VS Code extension
Story # 10 - Ubiquiti patches three max severity UniFi OS vulnerabilities
Story # 11 - Pizza Hut’s AI system caused ‘cascading’ problems and $100M in damages, franchisee alleges in new suit
Story # 12 - Data Leak at German Hospital
Story # 13 - Microsoft shuts down illegal code-signing operation used by ransomware crims to mask their malware
Story # 14 - Chicken News
Story # 15 - New Windows ‘MiniPlasma’ zero-day exploit gives SYSTEM access, PoC released
Story # 15b - Might someone pass along that Crowdstrike and Nessus are having a moment?Creators & Guests
Alethe Denis - Guest Corey Ham - Host Wade Wells - Host Bronwen Aker - Host Meagan Bentley - Producer Hayden Covington - Host
Click here to watch this episode on YouTube.
Click here to view the episode transcript.
🔗 Register for FREE Infosec Webcasts, Anti-casts & Summits
Brought to you by:Black Hills Information Security
https://www.blackhillsinfosec.com
Antisyphon Training
https://www.antisyphontraining.com/
Active Countermeasures
https://www.activecountermeasures.com
Wild West Hackin Fest
30 May 2026, 4:37 pm - 1 hour 6 minutesMythos finds a curl vulnerability - 2026-05-18
This episode covers Mythos uncovering a vulnerability in cURL, a recent Google Threat Intelligence report on a zero-day exploit, and the growing impact of AI on capture-the-flag competitions and bug bounty programs. The hosts also discuss the economics of AI platforms like OpenAI, security research trends, and broader concerns around software vulnerabilities, automation, and defensive tooling.
Join us LIVE on Mondays, 4:30pm EST.
A weekly Podcast with BHIS and Friends. We discuss notable Infosec, and infosec-adjacent news stories gathered by our community news team.
https://www.youtube.com/@BlackHillsInformationSecurityChat with us on Discord! -
https://discord.gg/bhis
🔴live-chat
Chapters- (00:00) - PreShow Banter™ — Token CTFs
- (03:18) - Story # 1: Mythos finds a curl vulnerability
- (06:36) - Story # 2: Hackers Used AI to Develop First Known Zero-Day 2FA Bypass for Mass Exploitation
- (14:47) - Story # 3: The down fall of bug bounties
- (15:34) - Story # 3: Linus Torvalds says AI-powered bug hunters have made Linux security mailing list ‘almost entirely unmanageable’
- (40:52) - Story # 4: Germany to Flood Ukraine’s Front Lines With Hundreds of New GEREON Combat Robots
- (43:51) - Story # 4b: Wild Video Shows Delivery Robots Causing Havoc, Getting Obliterated
- (49:35) - Story # 5: Windows BitLocker zero-day gives access to protected drives, PoC released
- (56:09) - Story # 6: Deal reached with hackers to delete data stolen from the Canvas educational platform
- (58:07) - Story # 7: Celebrities’ and influencers’ private communications exposed in stalkerware data breach
- (58:54) - Story # 8: Exclusive: Hackers have breached tank readers at US gas stations; officials suspect Iran is responsible
- (01:00:29) - Threat Hunting Summit Talk: Threat Hunting in the Dark: A Practical Approach
- (01:04:47) - WEBCAST: Looking at A.I. Wrong with John Strand, BB King and Derek Banks
Links
Story # 1: Mythos finds a curl vulnerability
Story # 2: Hackers Used AI to Develop First Known Zero-Day 2FA Bypass for Mass Exploitation
Story # 3: The down fall of bug bounties
Story # 3: Linus Torvalds says AI-powered bug hunters have made Linux security mailing list ‘almost entirely unmanageable’
Story # 4: Germany to Flood Ukraine’s Front Lines With Hundreds of New GEREON Combat Robots
Story # 4b: Wild Video Shows Delivery Robots Causing Havoc, Getting Obliterated
Story # 5: Windows BitLocker zero-day gives access to protected drives, PoC released
Story # 6: Deal reached with hackers to delete data stolen from the Canvas educational platform
Story # 7: Celebrities’ and influencers’ private communications exposed in stalkerware data breach
Story # 8: Exclusive: Hackers have breached tank readers at US gas stations; officials suspect Iran is responsible
Threat Hunting Summit Talk: Threat Hunting in the Dark: A Practical Approach
WEBCAST: Looking at A.I. Wrong with John Strand, BB King and Derek BanksCreators & Guests
John Strand - Host Corey Ham - Host Wade Wells - Host Bronwen Aker - Host Ralph May - Host Shane Hartman - Guest Meagan Bentley - Producer Hayden Covington - Host
Click here to watch this episode on YouTube.
Click here to view the episode transcript.
🔗 Register for FREE Infosec Webcasts, Anti-casts & Summits
Brought to you by:Black Hills Information Security
https://www.blackhillsinfosec.com
Antisyphon Training
https://www.antisyphontraining.com/
Active Countermeasures
https://www.activecountermeasures.com
Wild West Hackin Fest
22 May 2026, 8:15 pm - 1 hour 3 minutesThe Canvas / Instructure Breach – 2026-05-11
Join us LIVE on Mondays, 4:30pm EST.
A weekly Podcast with BHIS and Friends. We discuss notable Infosec, and infosec-adjacent news stories gathered by our community news team.
https://www.youtube.com/@BlackHillsInformationSecurityChat with us on Discord! -
https://discord.gg/bhis
🔴live-chatThis episode of Talking About News focuses on the reported Canvas/Instructure breach, including discussion around ShinyHunters, transparency concerns, higher education security challenges, and possible attack paths involving phishing and tenant compromise. The team also explores broader cybersecurity trends such as social engineering, ransomware pressure tactics, and the growing role of AI and platform security in modern enterprise environments.
Chapters
- (00:00) - PreShow Banter™ — Californian Problems
- (02:25) - The Canvas / Instructure Breach – 2026-05-11
- (10:23) - Story # 1: Canvas Breach Disrupts Schools & Colleges Nationwide
- (13:45) - Story # 1b: Security Incident Update & FAQs
- (43:14) - Story # 2: Wazuh cluster sync path traversal in decompress_files() enables arbitrary file write and code execution from authenticated cluster peer
- (47:34) - Story # 3: Google Chrome silently installs a 4 GB AI model on your device without consent.
- (52:19) - Story # 4: Trellix source code breach claimed by RansomHouse hackers
- (58:12) - Story # 5: Rose Acre Farms Targeted in Alleged Lynx Ransomware Attack - Cybersecurity
LinksStory # 1: Canvas Breach Disrupts Schools & Colleges Nationwide
Story # 1b: Security Incident Update & FAQs
Story # 2: Wazuh cluster sync path traversal in decompress_files() enables arbitrary file write and code execution from authenticated cluster peer
Story # 3: Google Chrome silently installs a 4 GB AI model on your device without consent.
Story # 4: Trellix source code breach claimed by RansomHouse hackers
Story # 5: Rose Acre Farms Targeted in Alleged Lynx Ransomware Attack - CybersecurityWade's Workshop: Threat Actor Profiling: Know Your Enemy
Alethe Denis' Webcast: How to Build a Bulletproof Pretext
Alethe Denis' Workshop: How to Build Pressure-Proof PretextsCreators & Guests
John Strand - Host Corey Ham - Host Wade Wells - Host Ched "cheddar" Wiggins - Guest Bronwen Aker - Host Hayden Covington - Host Ryan Poirier - Producer Alethe Denis - Guest
Click here to watch this episode on YouTube.
Click here to view the episode transcript.
🔗 Register for FREE Infosec Webcasts, Anti-casts & Summits
Brought to you by:Black Hills Information Security
https://www.blackhillsinfosec.com
Antisyphon Training
https://www.antisyphontraining.com/
Active Countermeasures
https://www.activecountermeasures.com
Wild West Hackin Fest
12 May 2026, 2:19 am - 1 hour 10 minutesUtah Bans VPN Age Bypass - 2026-05-04
Join us LIVE on Mondays, 4:30pm EST.
A weekly Podcast with BHIS and Friends. We discuss notable Infosec, and infosec-adjacent news stories gathered by our community news team.
https://www.youtube.com/@BlackHillsInformationSecurityChat with us on Discord! -
https://discord.gg/bhis
🔴live-chatThis episode covers several major cybersecurity and technology news stories, including Utah’s proposed crackdown on VPNs used to bypass online age-verification systems and the privacy and enforcement concerns surrounding those laws. The hosts also discuss newly disclosed MOVEit Transfer vulnerabilities and patching guidance, software trust and code-signing weaknesses, and broader issues around internet regulation and digital identity verification. Additional discussion touches on AI, science-fiction-inspired technology concepts, relativity and time dilation, and other notable developments from the week in cybersecurity and tech news.
Chapters
- (00:00) - PreShow Banter™ — Alien Communications 101
- (03:38) - Utah Bans VPN Age Bypass - 2026-05-04
- (09:13) - Story #1 - DigiCert Revokes Certificates After Support Portal Hack
- (15:25) - Story #2 - Progress warns of critical MOVEit Automation auth bypass flaw
- (16:44) - Story #3 - Critical cPanel and WHM bug exploited as a zero-day, PoC now available
- (23:33) - Story #4 - Copy Fail
- (26:17) - Story #5 - Claude-powered AI coding agent deletes entire company database in 9 seconds — backups zapped, after Cursor tool powered by Anthropic's Claude goes rogue
- (33:42) - Story #6 - Elon Musk testifies that xAI trained Grok on OpenAI models
- (38:51) - Story #7 - Utah first state to hold websites liable for users who mask their location with VPNs — law goes into effect, designed to prevent bypassing age checks
- (51:23) - Story #8 - Why you should refuse to let your doctor record you
- (56:19) - Story #9 - Technique Change Type: How the ATT&CK Object Changed
LinksCreators & Guests
Corey Ham - Host Wade Wells - Host Ralph May - Host Tim Medin - Guest Patrick Gorman - Guest
Click here to watch this episode on YouTube.
Click here to view the episode transcript.
🔗 Register for FREE Infosec Webcasts, Anti-casts & Summits
Brought to you by:Black Hills Information Security
https://www.blackhillsinfosec.com
Antisyphon Training
https://www.antisyphontraining.com/
Active Countermeasures
https://www.activecountermeasures.com
Wild West Hackin Fest
11 May 2026, 2:12 am - 1 hour 10 minutesNASA Gets Phished by Chinese - 2026-04-27
This episode dives into the economics and competitive dynamics of the AI industry, including discussions on profitability, pricing strategies, monopolization, and the rise of open and distilled models—particularly concerns around Chinese AI competition. The hosts also cover a reported long-running phishing campaign linked to Chinese actors targeting NASA-affiliated researchers and engineers, highlighting how social engineering was used to extract sensitive aerospace information.
Join us LIVE on Mondays, 4:30pm EST.
A weekly Podcast with BHIS and Friends. We discuss notable Infosec, and infosec-adjacent news stories gathered by our community news team.
https://www.youtube.com/@BlackHillsInformationSecurityChat with us on Discord! -
https://discord.gg/bhis
🔴live-chat
Chapters- (00:00) - PreShow Banter™ — Making More Money than OpenAI
- (04:58) - NASA Gets Phished by Chinese - 2026-04-27
- (07:22) - Story # 1: ‘Scattered Spider’ Member ‘Tylerb’ Pleads Guilty
- (13:07) - Story # 2: A Mexican surveillance giant you’ve never heard of is now watching the U.S. border
- (19:59) - Story # 3: Scam messages offering ships safe transit through Hormuz, security firm warns
- (24:24) - Story # 4: Apple fixes bug that let the FBI recover deleted Signal messages
- (27:49) - Story # 5: Bitwarden CLI Compromised in Ongoing Checkmarx Supply Chain Campaign
- (30:28) - Story # 6: cDc communications | CULT OF THE DEAD COW | The Hacktivismo Declaration: Rebooted 2026-04-21
- (34:07) - Story # 7: NASA Employees Duped in Chinese Phishing Scheme Targeting U.S. Defense Software
- (36:29) - Story # 8: How UNC6692 Employed Social Engineering to Deploy a Custom Malware Suite
- (41:34) - Story # 9: Discord group says it accessed Claude Mythos by guessing location
- (44:19) - Story # 10: Introducing GPT‑5.5
- (46:46) - Story # 11: CERT-In Advisory CIAD-2026-0020
- (50:47) - Story # 12: pro j e c t d e a l
Links
Story # 1: ‘Scattered Spider’ Member ‘Tylerb’ Pleads Guilty
Story # 2: A Mexican surveillance giant you’ve never heard of is now watching the U.S. border
Story # 3: Scam messages offering ships safe transit through Hormuz, security firm warns
Story # 4: Apple fixes bug that let the FBI recover deleted Signal messages
Story # 5: Bitwarden CLI Compromised in Ongoing Checkmarx Supply Chain Campaign
Story # 6: cDc communications | CULT OF THE DEAD COW | The Hacktivismo Declaration: Rebooted 2026-04-21
Story # 7: NASA Employees Duped in Chinese Phishing Scheme Targeting U.S. Defense Software
Story # 8: How UNC6692 Employed Social Engineering to Deploy a Custom Malware Suite
Story # 9: Discord group says it accessed Claude Mythos by guessing location
Story # 10: Introducing GPT‑5.5
Story # 11: CERT-In Advisory CIAD-2026-0020
Story # 12: pro j e c t d e a lCreators & Guests
Aisling nic Lynne "siriciryel" - Guest Corey Ham - Host John Strand - Host Ralph May - Host Hayden Covington - Host Wade Wells - Host Ryan Poirier - Producer
Click here to watch this episode on YouTube.
Click here to view the episode transcript.
🔗 Register for FREE Infosec Webcasts, Anti-casts & Summits
Brought to you by:Black Hills Information Security
https://www.blackhillsinfosec.com
Antisyphon Training
https://www.antisyphontraining.com/
Active Countermeasures
https://www.activecountermeasures.com
Wild West Hackin Fest
28 April 2026, 6:07 pm - 1 hour 4 minutesTim Cook Announces Apple CEO Exit - 2026-04-20
This episode covers several major cybersecurity and tech news stories, including a supply chain–related breach at Vercel involving exposed environment variables and compromised third-party AI tooling. The hosts also discuss concerns around AI-driven data risks, including browser extensions and large-scale data collection. Additional topics include a service scraping and republishing Zoom webinar recordings, evolving issues with web cookies and tracking, and industry news such as reports of Apple CEO Tim Cook stepping down.
Join us LIVE on Mondays, 4:30pm EST.
A weekly Podcast with BHIS and Friends. We discuss notable Infosec, and infosec-adjacent news stories gathered by our community news team.
https://www.youtube.com/@BlackHillsInformationSecurityChat with us on Discord! -
https://discord.gg/bhis
🔴live-chat
Chapters- (00:00) - PreShow Banter™ — Watch Out for the Brownies
- (04:35) - Tim Cook Announces Apple CEO Exit - 2026-04-20
- (05:57) - Story # 1: Vercel April 2026 security incident
- (19:00) - Story # 2: 'Addicted to hacking': Young hacker behind historic breach speaks out for 1st time, before reporting to prison
- (27:19) - Story # 3: Mythos And The CVSS Problem No One Wants to Talk About (But We Need To)
- (28:49) - Story # 4: Introducing Claude Opus 4.7
- (32:14) - Story # 4b: Identity verification on Claude
- (36:00) - Story # 5: Tim Cook to become Apple Executive Chairman John Ternus to become Apple CEO
- (40:18) - Story # 6: Microsoft faces fresh Windows Recall security concerns
- (44:12) - Story # 7: WebinarTV Secretly Scraped Zoom Meetings of Anonymous Recovery Programs
- (48:20) - Story # 8: Google, Microsoft, Meta All Tracking You Even When You Opt Out, According to an Independent Audit
- (51:12) - Story # 9: Little Caesars Wants ChatGPT to Order Your Pizza for You
- (53:35) - Story # 10: NIST Updates NVD Operations to Address Record CVE Growth
- (01:00:08) - Workshop: Rapid Endpoint Investigations for Linux and Mac
- (01:01:20) - Cyber Threat Intelligence 101 2 Day Version
- (01:02:24) - ANTI-CAST: How to Break Free from the Cybersecurity Burnout Trap w/ Natalia Samman
LinksStory # 1: Vercel April 2026 security incident
Story # 2: ‘Addicted to hacking’: Young hacker behind historic breach speaks out for 1st time, before reporting to prison
Story # 3: Mythos And The CVSS Problem No One Wants to Talk About (But We Need To)
Story # 4: Introducing Claude Opus 4.7
Story # 4b: Identity verification on Claude
Story # 5: Tim Cook to become Apple Executive Chairman John Ternus to become Apple CEO
Story # 6: Microsoft faces fresh Windows Recall security concerns
Story # 7: WebinarTV Secretly Scraped Zoom Meetings of Anonymous Recovery Programs
Story # 8: Google, Microsoft, Meta All Tracking You Even When You Opt Out, According to an Independent Audit
Story # 9: Little Caesars Wants ChatGPT to Order Your Pizza for You
Story # 10: NIST Updates NVD Operations to Address Record CVE Growth
Workshop: Rapid Endpoint Investigations for Linux and Mac
Cyber Threat Intelligence 101 2 Day Version
ANTI-CAST: How to Break Free from the Cybersecurity Burnout Trap w/ Natalia Samman
Corey Ham - Host Ralph May - Host Patterson Cake - Guest Wade Wells - Host Bronwen Aker - Host Meagan Bentley - Producer
Creators & Guests
Click here to watch this episode on YouTube.
Click here to view the episode transcript.
🔗 Register for FREE Infosec Webcasts, Anti-casts & Summits
Brought to you by:Black Hills Information Security
https://www.blackhillsinfosec.com
Antisyphon Training
https://www.antisyphontraining.com/
Active Countermeasures
https://www.activecountermeasures.com
Wild West Hackin Fest
22 April 2026, 7:18 pm - 1 hour 6 minutesAnthropic’s Project Glasswing is an Infosec Turning Point – 2026-04-13
This episode dives into Anthropic’s “Project Glasswing” and the broader implications of AI-driven offensive security, including models autonomously discovering vulnerabilities and attempting sandbox escapes. The hosts discuss how agentic AI testing approaches could reshape vulnerability research, while also raising concerns about AI safety, regulation, and real-world risk. Additional topics include the growing impact of AI on security workflows, rising infrastructure costs tied to AI demand, a new infostealer ecosystem overview, and ongoing debates about data collection practices and platform privacy.
Join us LIVE on Mondays, 4:30pm EST.
A weekly Podcast with BHIS and Friends. We discuss notable Infosec, and infosec-adjacent news stories gathered by our community news team.
https://www.youtube.com/@BlackHillsInformationSecurityChat with us on Discord! -
https://discord.gg/bhis
🔴live-chat
Chapters- (00:00) - PreShow Banter™ — A Real Studio
- (03:43) - Anthropic’s Project Glasswing is an Infosec Turning Point – 2026-04-13
- (05:39) - Story # 1: Project Glasswing
- (22:20) - Story # 2: AI-Led Remediation Crisis Prompts HackerOne to Pause Bug Bounties
- (30:36) - Story # 3: Disgruntled researcher leaks “BlueHammer” Windows zero-day exploit
- (32:39) - WEBCAST: Proxy Execution with Microsoft Edge WebView2 w/ Matthew Eidelberg
- (51:47) - Story # 4: New "BrowserGate" report claims LinkedIn secretly scans user browsers for installed extensions and collects device data
- (56:32) - Story # 5: The silent “Storm”: New infostealer hijacks sessions, decrypts server-side
- (58:46) - ChickenSec: the Chicken Accords of 2026
- (01:00:27) - Story # 6: EFF is Leaving X
- (01:03:01) - Workshop: How to Think Like a Cybersecurity Defender
- (01:05:49) - AI Security Ops Podcast
LinksStory # 1: Project Glasswing
Corey Ham - Host Wade Wells - Host Alex Minster "Belouve" - Guest Bronwen Aker - Host Ralph May - Host John Strand - Host Doc Blackburn - Guest
Story # 2: AI-Led Remediation Crisis Prompts HackerOne to Pause Bug Bounties
Story # 3: Disgruntled researcher leaks “BlueHammer” Windows zero-day exploit
WEBCAST: Proxy Execution with Microsoft Edge WebView2 w/ Matthew Eidelberg
Story # 4: New “BrowserGate” report claims LinkedIn secretly scans user browsers for installed extensions and collects device data
Story # 5: The silent “Storm”: New infostealer hijacks sessions, decrypts server-side
ChickenSec: the Chicken Accords of 2026
Story # 6: EFF is Leaving X
Workshop: How to Think Like a Cybersecurity Defender
AI Security Ops Podcast
Creators & Guests
Click here to watch this episode on YouTube.
Click here to view the episode transcript.
🔗 Register for FREE Infosec Webcasts, Anti-casts & Summits
Brought to you by:Black Hills Information Security
https://www.blackhillsinfosec.com
Antisyphon Training
https://www.antisyphontraining.com/
Active Countermeasures
https://www.activecountermeasures.com
Wild West Hackin Fest
14 April 2026, 7:14 pm - 1 hour 6 minutesArtemis Astronaut's Bad Outlooks - 2026-04-06
This episode covers several major cybersecurity and tech news stories, including a sophisticated NPM supply chain attack that compromised the widely used Axios library through advanced social engineering, and the broader implications for software security. The hosts also discuss the accidental leak of Anthropic’s Claude codebase, what it reveals about AI development practices, and the risks of misconfigurations exposing sensitive systems. Additional conversation touches on AI reliability, “vibe-coded” software, and the growing role of AI in both development and attack techniques.
Join us LIVE on Mondays, 4:30pm EST.
A weekly Podcast with BHIS and Friends. We discuss notable Infosec, and infosec-adjacent news stories gathered by our community news team.
https://www.youtube.com/@BlackHillsInformationSecurityChat with us on Discord! -
https://discord.gg/bhis
🔴live-chat
Chapters- (00:00) - PreShow Banter™ — Professional Sitters
- (04:36) - Artemis Astronaut's Bad Outlooks - 2026-04-06
- (07:12) - The Absolute Truths of Cybersecurity with Doc Blackburn
- (08:52) - Professionally Evil API Testing: AAA and Keys are Not Just for Cars
- (09:35) - Story # 1: Post Mortem: axios npm supply chain compromise
- (19:54) - Story # 2: Artemis II astronaut: 'I have two Microsoft Outlooks, and neither one of those are working'
- (26:02) - Story # 3: Microsoft Copilot Terms of Service Label Copilot is for Entertainment Purposes Only
- (30:13) - Story # 4: Here’s what that Claude Code source leak reveals about Anthropic’s plans
- (35:03) - Story # 4b: https://neuromatch.social/@jonny/116325123136895805
- (37:57) - Story # 5: Meta freezes AI data work after breach puts training secrets at risk
- (41:40) - Story # 6: Possible US Government iPhone Hacking Tool Leaked
- (44:32) - Story # 7: FBI labels data breach ‘major incident,’ notifies Congress
- (46:58) - Story # 8: vSphere and BRICKSTORM Malware: A Defender's Guide
- (52:12) - Story # 9: CBP Facility Codes Sure Seem to Have Leaked Via Online Flashcards
- (01:04:26) - ChickenSec: Why did the chicken wear a reflective vest? To cross the road of course
LinksThe Absolute Truths of Cybersecurity with Doc Blackburn
Professionally Evil API Testing: AAA and Keys are Not Just for Cars
Story # 1: Post Mortem: axios npm supply chain compromise
Story # 2: Artemis II astronaut: ‘I have two Microsoft Outlooks, and neither one of those are working’
Story # 3: Microsoft Copilot Terms of Service Label Copilot is for Entertainment Purposes Only
Story # 4: Here’s what that Claude Code source leak reveals about Anthropic’s plans
Story # 4b: https://neuromatch.social/@jonny/116325123136895805
Story # 5: Meta freezes AI data work after breach puts training secrets at risk
Story # 6: Possible US Government iPhone Hacking Tool Leaked
Story # 7: FBI labels data breach ‘major incident,’ notifies Congress
Story # 8: vSphere and BRICKSTORM Malware: A Defender’s Guide
Story # 9: CBP Facility Codes Sure Seem to Have Leaked Via Online Flashcards
ChickenSec: Why did the chicken wear a reflective vest? To cross the road of courseCreators & Guests
Jennifer Shannon - Guest Wade Wells - Host Corey Ham - Host Ralph May - Host Ryan Poirier - Producer Bronwen Aker - Host Doc Blackburn - Guest
Click here to watch this episode on YouTube.
Click here to view the episode transcript.
🔗 Register for FREE Infosec Webcasts, Anti-casts & Summits
Brought to you by:Black Hills Information Security
https://www.blackhillsinfosec.com
Antisyphon Training
https://www.antisyphontraining.com/
Active Countermeasures
https://www.activecountermeasures.com
Wild West Hackin Fest
9 April 2026, 7:09 pm - 1 hour 7 minutesFCC Blocks Foreign-Made Routers – 2026-03-30
This episode covers the FCC’s move to restrict or ban certain foreign-made networking equipment—especially routers tied to Chinese manufacturers—highlighting the potential cybersecurity risks, supply chain implications, and how the rule could affect ISPs and consumers. The hosts also discuss broader concerns around hardware trust, existing infrastructure, and what qualifies as “approved” devices under FCC guidelines, along with a brief, lighter mention of a viral robot incident making the rounds online.
Join us LIVE on Mondays, 4:30pm EST.
A weekly Podcast with BHIS and Friends. We discuss notable Infosec, and infosec-adjacent news stories gathered by our community news team.
https://www.youtube.com/@BlackHillsInformationSecurityChat with us on Discord! -
https://discord.gg/bhis
🔴live-chat
Chapters- (00:00) - PreShow Banter™ — Robot Handlers
- (05:11) - FCC Blocks Foreign-Made Routers – 2026-03-30
- (06:44) - Story # 1: FCC moves to block new foreign-made routers
- (17:00) - Story # 2: FBI Chief Kash Patel’s Gmail Account was Hacked by Iranian Hackers
- (20:07) - Story # 3: FancyBear Exposed: Major OPSEC Blunder Inside Russian Espionage Ops
- (24:18) - Story # 4: LiteLLM and Telnyx compromised on PyPI: Tracing the TeamPCP supply chain campaign
- (27:49) - Story # 4b: TeamPCP Supply Chain Campaign
- (42:45) - Story # 5: Spylandia: How a Stretch of Florida Real Estate Has Become a Covert Corridor for Chinese and Russian Spies
- (45:51) - Story # 6: Anthropic readies Mythos model with high cybersecurity risk
- (57:31) - Story # 7: Google Ships WebMCP, The Browser-Based Backbone For The Agentic Web
- (01:02:24) - Story # 8: DDR5 Memory Prices Just Took a Noticeable Dive for the First Time in Months, and Google’s TurboQuant Might Be Behind It
- (01:04:03) - Securing the Cloud: Foundations by Andrew Krug
- (01:04:47) - Incident Response Simplified by Patterson Cake
News Links
Story # 1: FCC moves to block new foreign-made routers
Story # 2: FBI Chief Kash Patel’s Gmail Account was Hacked by Iranian Hackers
Story # 3: FancyBear Exposed: Major OPSEC Blunder Inside Russian Espionage Ops
Story # 4: LiteLLM and Telnyx compromised on PyPI: Tracing the TeamPCP supply chain campaign
Story # 4b: TeamPCP Supply Chain Campaign
Story # 5: Spylandia: How a Stretch of Florida Real Estate Has Become a Covert Corridor for Chinese and Russian Spies
Story # 6: Anthropic readies Mythos model with high cybersecurity risk
Story # 7: Google Ships WebMCP, The Browser-Based Backbone For The Agentic Web
Story # 8: DDR5 Memory Prices Just Took a Noticeable Dive for the First Time in Months, and Google’s TurboQuant Might Be Behind It
Securing the Cloud: Foundations by Andrew Krug
Incident Response Simplified by Patterson CakeCreators & Guests
Andy Pettit "Nerf" - Guest Andrew Krug - Guest Wade Wells - Host Corey Ham - Host Bronwen Aker - Host Patterson Cake - Guest Ryan Poirier - Producer Ralph May - Host
Click here to watch this episode on YouTube.
Click here to view the episode transcript.
🔗 Register for FREE Infosec Webcasts, Anti-casts & Summits
Brought to you by:Black Hills Information Security
https://www.blackhillsinfosec.com
Antisyphon Training
https://www.antisyphontraining.com/
Active Countermeasures
https://www.activecountermeasures.com
Wild West Hackin Fest
1 April 2026, 11:52 pm - 1 hour 4 minutesPentagon Plans to Train AI With Classified Data – 2026-03-23
This episode covers a range of cybersecurity and AI-related news, including how Pokémon Go players may have unknowingly helped train delivery robots using massive image datasets. The hosts also discuss the Pentagon’s reported plans to train AI systems on classified data and the potential risks of exposing sensitive information. Additional topics include major data breaches (such as a third-party breach impacting Crunchyroll user data), ongoing challenges in cybersecurity practices, evolving AI security concerns, and real-world examples of exploits and vulnerabilities affecting mobile devices and organizations.
Join us LIVE on Mondays, 4:30pm EST.
A weekly Podcast with BHIS and Friends. We discuss notable Infosec, and infosec-adjacent news stories gathered by our community news team.
https://www.youtube.com/@BlackHillsInformationSecurityChat with us on Discord! -
https://discord.gg/bhis
🔴live-chat
Chapters- (00:00) - PreShow Banter™ — Easier Than Printers
- (05:20) - Pentagon Plans to Train AI With Classified Data – BHIS - Talkin' Bout [infosec] News 2026-03-23
- (06:38) - Story # 1: Sears Exposed AI Chatbot Phone Calls and Text Chats to Anyone on the Web
- (07:38) - Story # 1b: ALT Link - Sears Exposed AI Chatbot Phone Calls and Text Chats to Anyone on the Web
- (15:35) - Story # 2: Federal cyber experts called Microsoft’s cloud a “pile of shit,” approved it anyway
- (24:31) - Story # 3: The Pentagon is planning for AI companies to train on classified data, defense official says
- (34:04) - Story # 4: CISA Urges Endpoint Management System Hardening After Cyberattack Against US Organization
- (37:50) - Story # 5: Warning: Your AI-Generated Password Is a Major Security Risk. Here’s What to Use Instead
- (42:21) - Story # 6: CISA warns of active exploitation of Microsoft SharePoint vulnerability (CVE-2026-20963)
- (49:57) - Story # 7: Massive China Data Leak: Hackers Access 10 Petabytes of Weapons Testing Data
- (51:28) - Story # 8: Anime fans' credit cards might be stolen from Sony streamer Crunchyroll
- (55:03) - Story # 9: The Proliferation of DarkSword: iOS Exploit Chain Adopted by Multiple Threat Actors
Links
Story # 1: Sears Exposed AI Chatbot Phone Calls and Text Chats to Anyone on the Web
Story # 1b: ALT Link - Sears Exposed AI Chatbot Phone Calls and Text Chats to Anyone on the Web
Story # 2: Federal cyber experts called Microsoft’s cloud a “pile of shit,” approved it anyway
Story # 3: The Pentagon is planning for AI companies to train on classified data, defense official says
Story # 4: CISA Urges Endpoint Management System Hardening After Cyberattack Against US Organization
Story # 5: Warning: Your AI-Generated Password Is a Major Security Risk. Here’s What to Use Instead
Story # 6: CISA warns of active exploitation of Microsoft SharePoint vulnerability (CVE-2026-20963)
Story # 7: Massive China Data Leak: Hackers Access 10 Petabytes of Weapons Testing Data
Story # 8: Anime fans’ credit cards might be stolen from Sony streamer Crunchyroll
Story # 9: The Proliferation of DarkSword: iOS Exploit Chain Adopted by Multiple Threat ActorsCreators & Guests
John Strand - Host Ralph May - Host Chadd Watson - Guest Wade Wells - Host Alex Minster "Belouve" - Guest Hayden Covington - Host Bruce Potter - Guest Ryan Poirier - Producer
Click here to watch this episode on YouTube.
Click here to view the episode transcript.
🔗 Register for FREE Infosec Webcasts, Anti-casts & Summits
Brought to you by:Black Hills Information Security
https://www.blackhillsinfosec.com
Antisyphon Training
https://www.antisyphontraining.com/
Active Countermeasures
https://www.activecountermeasures.com
Wild West Hackin Fest
27 March 2026, 6:01 pm - 1 hour 1 minuteIranian Hackers Claim Responsibility for Stryker Attack - 2026-03-16
This episode covers multiple cybersecurity news stories, including Iranian hackers claiming responsibility for a cyberattack on Stryker, ongoing challenges in attributing nation-state cyber operations, and broader trends in global cyber conflict. The hosts also discuss the reliability of public breach claims, emerging threats targeting critical industries, and how organizations are responding to an increasingly complex threat landscape.
Join us LIVE on Mondays, 4:30pm EST.
A weekly Podcast with BHIS and Friends. We discuss notable Infosec, and infosec-adjacent news stories gathered by our community news team.
https://www.youtube.com/@BlackHillsInformationSecurityChat with us on Discord! -
https://discord.gg/bhis
🔴live-chat
Chapters- (00:00) - PreShow Banter™ — Organizing Family Beets
- (04:02) - Iranian Hackers Claim Responsibility for Stryker Attack - 2026-03-16
- (08:56) - Story # 1: Iran-Backed Hackers Claim Wiper Attack on Medtech Firm Stryker
- (23:38) - Story # 2: How We Hacked McKinsey's AI Platform
- (32:30) - Story # 3: Amazon holds engineering meeting following AI-related outages
- (39:11) - Story # 4: Meta gets into social networks for AI agents with acquisition of viral Moltbook platform
- (45:24) - Story # 5: Meta to Shut Down Instagram End-to-End Encrypted Chat Support Starting May 2026
- (50:45) - Story # 6: Michelin Confirms Data Breach Linked to Oracle EBS Attack
- (51:08) - Story # 7: New Dohdoor malware campaign targets education and health care
- (58:10) - Story # 8: Man's dog was riddled with tumors and dying. He used ChatGPT to design a custom cancer vaccine, stunning researchers
Links
Story # 1: Iran-Backed Hackers Claim Wiper Attack on Medtech Firm Stryker
Story # 2: How We Hacked McKinsey’s AI Platform
Story # 3: Amazon holds engineering meeting following AI-related outages
Story # 4: Meta gets into social networks for AI agents with acquisition of viral Moltbook platform
Story # 5: Meta to Shut Down Instagram End-to-End Encrypted Chat Support Starting May 2026
Story # 6: Michelin Confirms Data Breach Linked to Oracle EBS Attack
Story # 7: New Dohdoor malware campaign targets education and health care
Story # 8: Man’s dog was riddled with tumors and dying. He used ChatGPT to design a custom cancer vaccine, stunning researchersCreators & Guests
Dan Rearden (Haircutfish) - Guest Bronwen Aker - Host Ralph May - Host John Strand - Host Troy Wojewoda - Guest Corey Ham - Host Hayden Covington - Host Wade Wells - Host Meagan Bentley - Producer
Click here to watch this episode on YouTube.
Click here to view the episode transcript.
🔗 Register for FREE Infosec Webcasts, Anti-casts & Summits
Brought to you by:Black Hills Information Security
https://www.blackhillsinfosec.com
Antisyphon Training
https://www.antisyphontraining.com/
Active Countermeasures
https://www.activecountermeasures.com
Wild West Hackin Fest
17 March 2026, 5:05 pm - More Episodes? Get the App