Talkin' Bout [Infosec] News cover art

Talkin' Bout [Infosec] News

Talkin' Bout [Infosec] News

By: Black Hills Information Security
Listen for free

Summary

 A weekly Podcast with BHIS and Friends. We discuss notable Infosec, and infosec-adjacent news stories gathered by our community news team. Join us live on YouTube, Monday's at 4:30PM ETCopyright 2025 Talkin' About [Infosec] News, Powered by Black Hills Information Security Politics & Government
Episodes
  • The Canvas / Instructure Breach – 2026-05-11

    The Canvas / Instructure Breach – 2026-05-11
    May 12 2026
    Join us LIVE on Mondays, 4:30pm EST.A weekly Podcast with BHIS and Friends. We discuss notable Infosec, and infosec-adjacent news stories gathered by our community news team.https://www.youtube.com/@BlackHillsInformationSecurityChat with us on Discord! - https://discord.gg/bhis🔴live-chatThis episode of Talking About News focuses on the reported Canvas/Instructure breach, including discussion around ShinyHunters, transparency concerns, higher education security challenges, and possible attack paths involving phishing and tenant compromise. The team also explores broader cybersecurity trends such as social engineering, ransomware pressure tactics, and the growing role of AI and platform security in modern enterprise environments.Chapters(00:00) - PreShow Banter™ — Californian Problems(02:25) - The Canvas / Instructure Breach – 2026-05-11(10:23) - Story # 1: Canvas Breach Disrupts Schools & Colleges Nationwide(13:45) - Story # 1b: Security Incident Update & FAQs(43:14) - Story # 2: Wazuh cluster sync path traversal in decompress_files() enables arbitrary file write and code execution from authenticated cluster peer(47:34) - Story # 3: Google Chrome silently installs a 4 GB AI model on your device without consent.(52:19) - Story # 4: Trellix source code breach claimed by RansomHouse hackers(58:12) - Story # 5: Rose Acre Farms Targeted in Alleged Lynx Ransomware Attack - CybersecurityLinksStory # 1: Canvas Breach Disrupts Schools & Colleges NationwideStory # 1b: Security Incident Update & FAQsStory # 2: Wazuh cluster sync path traversal in decompress_files() enables arbitrary file write and code execution from authenticated cluster peerStory # 3: Google Chrome silently installs a 4 GB AI model on your device without consent.Story # 4: Trellix source code breach claimed by RansomHouse hackersStory # 5: Rose Acre Farms Targeted in Alleged Lynx Ransomware Attack - CybersecurityWade's Workshop: Threat Actor Profiling: Know Your EnemyAlethe Denis' Webcast: How to Build a Bulletproof PretextAlethe Denis' Workshop: How to Build Pressure-Proof PretextsCreators & Guests John Strand - HostCorey Ham - HostWade Wells - HostChed "cheddar" Wiggins - GuestBronwen Aker - HostHayden Covington - HostRyan Poirier - ProducerAlethe Denis - GuestClick here to watch this episode on YouTube. Click here to view the episode transcript. 🔗 Register for FREE Infosec Webcasts, Anti-casts & Summits https://poweredbybhis.comBrought to you by:Black Hills Information Security https://www.blackhillsinfosec.comAntisyphon Traininghttps://www.antisyphontraining.com/Active Countermeasureshttps://www.activecountermeasures.comWild West Hackin Festhttps://wildwesthackinfest.com
    Show More Show Less
    1 hr and 3 mins
  • Utah Bans VPN Age Bypass - 2026-05-04

    Utah Bans VPN Age Bypass - 2026-05-04
    May 11 2026

    Join us LIVE on Mondays, 4:30pm EST.
    A weekly Podcast with BHIS and Friends. We discuss notable Infosec, and infosec-adjacent news stories gathered by our community news team.
    https://www.youtube.com/@BlackHillsInformationSecurity

    Chat with us on Discord! -
    https://discord.gg/bhis
    🔴live-chat

    This episode covers several major cybersecurity and technology news stories, including Utah’s proposed crackdown on VPNs used to bypass online age-verification systems and the privacy and enforcement concerns surrounding those laws. The hosts also discuss newly disclosed MOVEit Transfer vulnerabilities and patching guidance, software trust and code-signing weaknesses, and broader issues around internet regulation and digital identity verification. Additional discussion touches on AI, science-fiction-inspired technology concepts, relativity and time dilation, and other notable developments from the week in cybersecurity and tech news.

    Chapters

    • (00:00) - PreShow Banter™ — Alien Communications 101
    • (03:38) - Utah Bans VPN Age Bypass - 2026-05-04
    • (09:13) - Story #1 - DigiCert Revokes Certificates After Support Portal Hack
    • (15:25) - Story #2 - Progress warns of critical MOVEit Automation auth bypass flaw
    • (16:44) - Story #3 - Critical cPanel and WHM bug exploited as a zero-day, PoC now available
    • (23:33) - Story #4 - Copy Fail
    • (26:17) - Story #5 - Claude-powered AI coding agent deletes entire company database in 9 seconds — backups zapped, after Cursor tool powered by Anthropic's Claude goes rogue
    • (33:42) - Story #6 - Elon Musk testifies that xAI trained Grok on OpenAI models
    • (38:51) - Story #7 - Utah first state to hold websites liable for users who mask their location with VPNs — law goes into effect, designed to prevent bypassing age checks
    • (51:23) - Story #8 - Why you should refuse to let your doctor record you
    • (56:19) - Story #9 - Technique Change Type: How the ATT&CK Object Changed

    Links

    Creators & Guests

    • Corey Ham - Host
    • Wade Wells - Host
    • Ralph May - Host
    • Tim Medin - Guest
    • Patrick Gorman - Guest

    Click here to watch this episode on YouTube.

    Click here to view the episode transcript.

    🔗 Register for FREE Infosec Webcasts, Anti-casts & Summits

    https://poweredbybhis.com


    Brought to you by:

    Black Hills Information Security

    https://www.blackhillsinfosec.com


    Antisyphon Training

    https://www.antisyphontraining.com/


    Active Countermeasures

    https://www.activecountermeasures.com


    Wild West Hackin Fest

    https://wildwesthackinfest.com
    Show More Show Less
    1 hr and 11 mins
  • NASA Gets Phished by Chinese - 2026-04-27

    NASA Gets Phished by Chinese - 2026-04-27
    Apr 28 2026
    This episode dives into the economics and competitive dynamics of the AI industry, including discussions on profitability, pricing strategies, monopolization, and the rise of open and distilled models—particularly concerns around Chinese AI competition. The hosts also cover a reported long-running phishing campaign linked to Chinese actors targeting NASA-affiliated researchers and engineers, highlighting how social engineering was used to extract sensitive aerospace information.Join us LIVE on Mondays, 4:30pm EST.A weekly Podcast with BHIS and Friends. We discuss notable Infosec, and infosec-adjacent news stories gathered by our community news team.https://www.youtube.com/@BlackHillsInformationSecurityChat with us on Discord! - https://discord.gg/bhis🔴live-chatChapters(00:00) - PreShow Banter™ — Making More Money than OpenAI(04:58) - NASA Gets Phished by Chinese - 2026-04-27(07:22) - Story # 1: ‘Scattered Spider’ Member ‘Tylerb’ Pleads Guilty(13:07) - Story # 2: A Mexican surveillance giant you’ve never heard of is now watching the U.S. border(19:59) - Story # 3: Scam messages offering ships safe transit through Hormuz, security firm warns(24:24) - Story # 4: Apple fixes bug that let the FBI recover deleted Signal messages(27:49) - Story # 5: Bitwarden CLI Compromised in Ongoing Checkmarx Supply Chain Campaign(30:28) - Story # 6: cDc communications | CULT OF THE DEAD COW | The Hacktivismo Declaration: Rebooted 2026-04-21(34:07) - Story # 7: NASA Employees Duped in Chinese Phishing Scheme Targeting U.S. Defense Software(36:29) - Story # 8: How UNC6692 Employed Social Engineering to Deploy a Custom Malware Suite(41:34) - Story # 9: Discord group says it accessed Claude Mythos by guessing location(44:19) - Story # 10: Introducing GPT‑5.5(46:46) - Story # 11: CERT-In Advisory CIAD-2026-0020(50:47) - Story # 12: pro j e c t d e a lLinksStory # 1: ‘Scattered Spider’ Member ‘Tylerb’ Pleads GuiltyStory # 2: A Mexican surveillance giant you’ve never heard of is now watching the U.S. borderStory # 3: Scam messages offering ships safe transit through Hormuz, security firm warnsStory # 4: Apple fixes bug that let the FBI recover deleted Signal messagesStory # 5: Bitwarden CLI Compromised in Ongoing Checkmarx Supply Chain CampaignStory # 6: cDc communications | CULT OF THE DEAD COW | The Hacktivismo Declaration: Rebooted 2026-04-21Story # 7: NASA Employees Duped in Chinese Phishing Scheme Targeting U.S. Defense SoftwareStory # 8: How UNC6692 Employed Social Engineering to Deploy a Custom Malware SuiteStory # 9: Discord group says it accessed Claude Mythos by guessing locationStory # 10: Introducing GPT‑5.5Story # 11: CERT-In Advisory CIAD-2026-0020Story # 12: pro j e c t d e a lCreators & Guests Aisling nic Lynne "siriciryel" - GuestCorey Ham - HostJohn Strand - HostRalph May - HostHayden Covington - HostWade Wells - HostRyan Poirier - ProducerClick here to watch this episode on YouTube. Click here to view the episode transcript. 🔗 Register for FREE Infosec Webcasts, Anti-casts & Summits https://poweredbybhis.comBrought to you by:Black Hills Information Security https://www.blackhillsinfosec.comAntisyphon Traininghttps://www.antisyphontraining.com/Active Countermeasureshttps://www.activecountermeasures.comWild West Hackin Festhttps://wildwesthackinfest.com
    Show More Show Less
    1 hr and 11 mins
adbl_web_anon_alc_button_suppression_c
No reviews yet