Episodes

  • The Canvas / Instructure Breach – 2026-05-11

    The Canvas / Instructure Breach – 2026-05-11
    May 12 2026
    Join us LIVE on Mondays, 4:30pm EST.A weekly Podcast with BHIS and Friends. We discuss notable Infosec, and infosec-adjacent news stories gathered by our community news team.https://www.youtube.com/@BlackHillsInformationSecurityChat with us on Discord! - https://discord.gg/bhis🔴live-chatThis episode of Talking About News focuses on the reported Canvas/Instructure breach, including discussion around ShinyHunters, transparency concerns, higher education security challenges, and possible attack paths involving phishing and tenant compromise. The team also explores broader cybersecurity trends such as social engineering, ransomware pressure tactics, and the growing role of AI and platform security in modern enterprise environments.Chapters(00:00) - PreShow Banter™ — Californian Problems(02:25) - The Canvas / Instructure Breach – 2026-05-11(10:23) - Story # 1: Canvas Breach Disrupts Schools & Colleges Nationwide(13:45) - Story # 1b: Security Incident Update & FAQs(43:14) - Story # 2: Wazuh cluster sync path traversal in decompress_files() enables arbitrary file write and code execution from authenticated cluster peer(47:34) - Story # 3: Google Chrome silently installs a 4 GB AI model on your device without consent.(52:19) - Story # 4: Trellix source code breach claimed by RansomHouse hackers(58:12) - Story # 5: Rose Acre Farms Targeted in Alleged Lynx Ransomware Attack - CybersecurityLinksStory # 1: Canvas Breach Disrupts Schools & Colleges NationwideStory # 1b: Security Incident Update & FAQsStory # 2: Wazuh cluster sync path traversal in decompress_files() enables arbitrary file write and code execution from authenticated cluster peerStory # 3: Google Chrome silently installs a 4 GB AI model on your device without consent.Story # 4: Trellix source code breach claimed by RansomHouse hackersStory # 5: Rose Acre Farms Targeted in Alleged Lynx Ransomware Attack - CybersecurityWade's Workshop: Threat Actor Profiling: Know Your EnemyAlethe Denis' Webcast: How to Build a Bulletproof PretextAlethe Denis' Workshop: How to Build Pressure-Proof PretextsCreators & Guests John Strand - HostCorey Ham - HostWade Wells - HostChed "cheddar" Wiggins - GuestBronwen Aker - HostHayden Covington - HostRyan Poirier - ProducerAlethe Denis - GuestClick here to watch this episode on YouTube. Click here to view the episode transcript. 🔗 Register for FREE Infosec Webcasts, Anti-casts & Summits https://poweredbybhis.comBrought to you by:Black Hills Information Security https://www.blackhillsinfosec.comAntisyphon Traininghttps://www.antisyphontraining.com/Active Countermeasureshttps://www.activecountermeasures.comWild West Hackin Festhttps://wildwesthackinfest.com
    Show More Show Less
    1 hr and 3 mins
  • Utah Bans VPN Age Bypass - 2026-05-04

    Utah Bans VPN Age Bypass - 2026-05-04
    May 11 2026

    Join us LIVE on Mondays, 4:30pm EST.
    A weekly Podcast with BHIS and Friends. We discuss notable Infosec, and infosec-adjacent news stories gathered by our community news team.
    https://www.youtube.com/@BlackHillsInformationSecurity

    Chat with us on Discord! -
    https://discord.gg/bhis
    🔴live-chat

    This episode covers several major cybersecurity and technology news stories, including Utah’s proposed crackdown on VPNs used to bypass online age-verification systems and the privacy and enforcement concerns surrounding those laws. The hosts also discuss newly disclosed MOVEit Transfer vulnerabilities and patching guidance, software trust and code-signing weaknesses, and broader issues around internet regulation and digital identity verification. Additional discussion touches on AI, science-fiction-inspired technology concepts, relativity and time dilation, and other notable developments from the week in cybersecurity and tech news.

    Chapters

    • (00:00) - PreShow Banter™ — Alien Communications 101
    • (03:38) - Utah Bans VPN Age Bypass - 2026-05-04
    • (09:13) - Story #1 - DigiCert Revokes Certificates After Support Portal Hack
    • (15:25) - Story #2 - Progress warns of critical MOVEit Automation auth bypass flaw
    • (16:44) - Story #3 - Critical cPanel and WHM bug exploited as a zero-day, PoC now available
    • (23:33) - Story #4 - Copy Fail
    • (26:17) - Story #5 - Claude-powered AI coding agent deletes entire company database in 9 seconds — backups zapped, after Cursor tool powered by Anthropic's Claude goes rogue
    • (33:42) - Story #6 - Elon Musk testifies that xAI trained Grok on OpenAI models
    • (38:51) - Story #7 - Utah first state to hold websites liable for users who mask their location with VPNs — law goes into effect, designed to prevent bypassing age checks
    • (51:23) - Story #8 - Why you should refuse to let your doctor record you
    • (56:19) - Story #9 - Technique Change Type: How the ATT&CK Object Changed

    Links

    Creators & Guests

    • Corey Ham - Host
    • Wade Wells - Host
    • Ralph May - Host
    • Tim Medin - Guest
    • Patrick Gorman - Guest

    Click here to watch this episode on YouTube.

    Click here to view the episode transcript.

    🔗 Register for FREE Infosec Webcasts, Anti-casts & Summits

    https://poweredbybhis.com


    Brought to you by:

    Black Hills Information Security

    https://www.blackhillsinfosec.com


    Antisyphon Training

    https://www.antisyphontraining.com/


    Active Countermeasures

    https://www.activecountermeasures.com


    Wild West Hackin Fest

    https://wildwesthackinfest.com
    Show More Show Less
    1 hr and 11 mins
  • NASA Gets Phished by Chinese - 2026-04-27

    NASA Gets Phished by Chinese - 2026-04-27
    Apr 28 2026
    This episode dives into the economics and competitive dynamics of the AI industry, including discussions on profitability, pricing strategies, monopolization, and the rise of open and distilled models—particularly concerns around Chinese AI competition. The hosts also cover a reported long-running phishing campaign linked to Chinese actors targeting NASA-affiliated researchers and engineers, highlighting how social engineering was used to extract sensitive aerospace information.Join us LIVE on Mondays, 4:30pm EST.A weekly Podcast with BHIS and Friends. We discuss notable Infosec, and infosec-adjacent news stories gathered by our community news team.https://www.youtube.com/@BlackHillsInformationSecurityChat with us on Discord! - https://discord.gg/bhis🔴live-chatChapters(00:00) - PreShow Banter™ — Making More Money than OpenAI(04:58) - NASA Gets Phished by Chinese - 2026-04-27(07:22) - Story # 1: ‘Scattered Spider’ Member ‘Tylerb’ Pleads Guilty(13:07) - Story # 2: A Mexican surveillance giant you’ve never heard of is now watching the U.S. border(19:59) - Story # 3: Scam messages offering ships safe transit through Hormuz, security firm warns(24:24) - Story # 4: Apple fixes bug that let the FBI recover deleted Signal messages(27:49) - Story # 5: Bitwarden CLI Compromised in Ongoing Checkmarx Supply Chain Campaign(30:28) - Story # 6: cDc communications | CULT OF THE DEAD COW | The Hacktivismo Declaration: Rebooted 2026-04-21(34:07) - Story # 7: NASA Employees Duped in Chinese Phishing Scheme Targeting U.S. Defense Software(36:29) - Story # 8: How UNC6692 Employed Social Engineering to Deploy a Custom Malware Suite(41:34) - Story # 9: Discord group says it accessed Claude Mythos by guessing location(44:19) - Story # 10: Introducing GPT‑5.5(46:46) - Story # 11: CERT-In Advisory CIAD-2026-0020(50:47) - Story # 12: pro j e c t d e a lLinksStory # 1: ‘Scattered Spider’ Member ‘Tylerb’ Pleads GuiltyStory # 2: A Mexican surveillance giant you’ve never heard of is now watching the U.S. borderStory # 3: Scam messages offering ships safe transit through Hormuz, security firm warnsStory # 4: Apple fixes bug that let the FBI recover deleted Signal messagesStory # 5: Bitwarden CLI Compromised in Ongoing Checkmarx Supply Chain CampaignStory # 6: cDc communications | CULT OF THE DEAD COW | The Hacktivismo Declaration: Rebooted 2026-04-21Story # 7: NASA Employees Duped in Chinese Phishing Scheme Targeting U.S. Defense SoftwareStory # 8: How UNC6692 Employed Social Engineering to Deploy a Custom Malware SuiteStory # 9: Discord group says it accessed Claude Mythos by guessing locationStory # 10: Introducing GPT‑5.5Story # 11: CERT-In Advisory CIAD-2026-0020Story # 12: pro j e c t d e a lCreators & Guests Aisling nic Lynne "siriciryel" - GuestCorey Ham - HostJohn Strand - HostRalph May - HostHayden Covington - HostWade Wells - HostRyan Poirier - ProducerClick here to watch this episode on YouTube. Click here to view the episode transcript. 🔗 Register for FREE Infosec Webcasts, Anti-casts & Summits https://poweredbybhis.comBrought to you by:Black Hills Information Security https://www.blackhillsinfosec.comAntisyphon Traininghttps://www.antisyphontraining.com/Active Countermeasureshttps://www.activecountermeasures.comWild West Hackin Festhttps://wildwesthackinfest.com
    Show More Show Less
    1 hr and 11 mins
  • Tim Cook Announces Apple CEO Exit - 2026-04-20

    Tim Cook Announces Apple CEO Exit - 2026-04-20
    Apr 22 2026
    This episode covers several major cybersecurity and tech news stories, including a supply chain–related breach at Vercel involving exposed environment variables and compromised third-party AI tooling. The hosts also discuss concerns around AI-driven data risks, including browser extensions and large-scale data collection. Additional topics include a service scraping and republishing Zoom webinar recordings, evolving issues with web cookies and tracking, and industry news such as reports of Apple CEO Tim Cook stepping down.Join us LIVE on Mondays, 4:30pm EST.A weekly Podcast with BHIS and Friends. We discuss notable Infosec, and infosec-adjacent news stories gathered by our community news team.https://www.youtube.com/@BlackHillsInformationSecurityChat with us on Discord! - https://discord.gg/bhis🔴live-chatChapters(00:00) - PreShow Banter™ — Watch Out for the Brownies(04:35) - Tim Cook Announces Apple CEO Exit - 2026-04-20(05:57) - Story # 1: Vercel April 2026 security incident(19:00) - Story # 2: 'Addicted to hacking': Young hacker behind historic breach speaks out for 1st time, before reporting to prison(27:19) - Story # 3: Mythos And The CVSS Problem No One Wants to Talk About (But We Need To)(28:49) - Story # 4: Introducing Claude Opus 4.7(32:14) - Story # 4b: Identity verification on Claude(36:00) - Story # 5: Tim Cook to become Apple Executive Chairman John Ternus to become Apple CEO(40:18) - Story # 6: Microsoft faces fresh Windows Recall security concerns(44:12) - Story # 7: WebinarTV Secretly Scraped Zoom Meetings of Anonymous Recovery Programs(48:20) - Story # 8: Google, Microsoft, Meta All Tracking You Even When You Opt Out, According to an Independent Audit(51:12) - Story # 9: Little Caesars Wants ChatGPT to Order Your Pizza for You(53:35) - Story # 10: NIST Updates NVD Operations to Address Record CVE Growth(01:00:08) - Workshop: Rapid Endpoint Investigations for Linux and Mac(01:01:20) - Cyber Threat Intelligence 101 2 Day Version(01:02:24) - ANTI-CAST: How to Break Free from the Cybersecurity Burnout Trap w/ Natalia SammanLinksStory # 1: Vercel April 2026 security incidentStory # 2: ‘Addicted to hacking’: Young hacker behind historic breach speaks out for 1st time, before reporting to prisonStory # 3: Mythos And The CVSS Problem No One Wants to Talk About (But We Need To)Story # 4: Introducing Claude Opus 4.7Story # 4b: Identity verification on ClaudeStory # 5: Tim Cook to become Apple Executive Chairman John Ternus to become Apple CEOStory # 6: Microsoft faces fresh Windows Recall security concernsStory # 7: WebinarTV Secretly Scraped Zoom Meetings of Anonymous Recovery ProgramsStory # 8: Google, Microsoft, Meta All Tracking You Even When You Opt Out, According to an Independent AuditStory # 9: Little Caesars Wants ChatGPT to Order Your Pizza for YouStory # 10: NIST Updates NVD Operations to Address Record CVE GrowthWorkshop: Rapid Endpoint Investigations for Linux and MacCyber Threat Intelligence 101 2 Day VersionANTI-CAST: How to Break Free from the Cybersecurity Burnout Trap w/ Natalia SammanCreators & Guests Corey Ham - HostRalph May - HostPatterson Cake - GuestWade Wells - HostBronwen Aker - HostMeagan Bentley - ProducerClick here to watch this episode on YouTube. Click here to view the episode transcript. 🔗 Register for FREE Infosec Webcasts, Anti-casts & Summits https://poweredbybhis.comBrought to you by:Black Hills Information Security https://www.blackhillsinfosec.comAntisyphon Traininghttps://www.antisyphontraining.com/Active Countermeasureshttps://www.activecountermeasures.comWild West Hackin Festhttps://wildwesthackinfest.com
    Show More Show Less
    1 hr and 5 mins
  • Anthropic’s Project Glasswing is an Infosec Turning Point – 2026-04-13

    Anthropic’s Project Glasswing is an Infosec Turning Point – 2026-04-13
    Apr 14 2026
    This episode dives into Anthropic’s “Project Glasswing” and the broader implications of AI-driven offensive security, including models autonomously discovering vulnerabilities and attempting sandbox escapes. The hosts discuss how agentic AI testing approaches could reshape vulnerability research, while also raising concerns about AI safety, regulation, and real-world risk. Additional topics include the growing impact of AI on security workflows, rising infrastructure costs tied to AI demand, a new infostealer ecosystem overview, and ongoing debates about data collection practices and platform privacy.Join us LIVE on Mondays, 4:30pm EST.A weekly Podcast with BHIS and Friends. We discuss notable Infosec, and infosec-adjacent news stories gathered by our community news team.https://www.youtube.com/@BlackHillsInformationSecurityChat with us on Discord! - https://discord.gg/bhis🔴live-chatChapters(00:00) - PreShow Banter™ — A Real Studio(03:43) - Anthropic’s Project Glasswing is an Infosec Turning Point – 2026-04-13(05:39) - Story # 1: Project Glasswing(22:20) - Story # 2: AI-Led Remediation Crisis Prompts HackerOne to Pause Bug Bounties(30:36) - Story # 3: Disgruntled researcher leaks “BlueHammer” Windows zero-day exploit(32:39) - WEBCAST: Proxy Execution with Microsoft Edge WebView2 w/ Matthew Eidelberg(51:47) - Story # 4: New "BrowserGate" report claims LinkedIn secretly scans user browsers for installed extensions and collects device data(56:32) - Story # 5: The silent “Storm”: New infostealer hijacks sessions, decrypts server-side(58:46) - ChickenSec: the Chicken Accords of 2026(01:00:27) - Story # 6: EFF is Leaving X(01:03:01) - Workshop: How to Think Like a Cybersecurity Defender(01:05:49) - AI Security Ops PodcastLinksStory # 1: Project GlasswingStory # 2: AI-Led Remediation Crisis Prompts HackerOne to Pause Bug BountiesStory # 3: Disgruntled researcher leaks “BlueHammer” Windows zero-day exploitWEBCAST: Proxy Execution with Microsoft Edge WebView2 w/ Matthew EidelbergStory # 4: New “BrowserGate” report claims LinkedIn secretly scans user browsers for installed extensions and collects device dataStory # 5: The silent “Storm”: New infostealer hijacks sessions, decrypts server-sideChickenSec: the Chicken Accords of 2026Story # 6: EFF is Leaving XWorkshop: How to Think Like a Cybersecurity DefenderAI Security Ops PodcastCreators & Guests Corey Ham - HostWade Wells - HostAlex Minster "Belouve" - GuestBronwen Aker - HostRalph May - HostJohn Strand - HostDoc Blackburn - GuestClick here to watch this episode on YouTube. Click here to view the episode transcript. 🔗 Register for FREE Infosec Webcasts, Anti-casts & Summits https://poweredbybhis.comBrought to you by:Black Hills Information Security https://www.blackhillsinfosec.comAntisyphon Traininghttps://www.antisyphontraining.com/Active Countermeasureshttps://www.activecountermeasures.comWild West Hackin Festhttps://wildwesthackinfest.com
    Show More Show Less
    1 hr and 6 mins
  • Artemis Astronaut's Bad Outlooks - 2026-04-06

    Artemis Astronaut's Bad Outlooks - 2026-04-06
    Apr 9 2026
    This episode covers several major cybersecurity and tech news stories, including a sophisticated NPM supply chain attack that compromised the widely used Axios library through advanced social engineering, and the broader implications for software security. The hosts also discuss the accidental leak of Anthropic’s Claude codebase, what it reveals about AI development practices, and the risks of misconfigurations exposing sensitive systems. Additional conversation touches on AI reliability, “vibe-coded” software, and the growing role of AI in both development and attack techniques.Join us LIVE on Mondays, 4:30pm EST.A weekly Podcast with BHIS and Friends. We discuss notable Infosec, and infosec-adjacent news stories gathered by our community news team.https://www.youtube.com/@BlackHillsInformationSecurityChat with us on Discord! - https://discord.gg/bhis🔴live-chatChapters(00:00) - PreShow Banter™ — Professional Sitters(04:36) - Artemis Astronaut's Bad Outlooks - 2026-04-06(07:12) - The Absolute Truths of Cybersecurity with Doc Blackburn(08:52) - Professionally Evil API Testing: AAA and Keys are Not Just for Cars(09:35) - Story # 1: Post Mortem: axios npm supply chain compromise(19:54) - Story # 2: Artemis II astronaut: 'I have two Microsoft Outlooks, and neither one of those are working'(26:02) - Story # 3: Microsoft Copilot Terms of Service Label Copilot is for Entertainment Purposes Only(30:13) - Story # 4: Here’s what that Claude Code source leak reveals about Anthropic’s plans(35:03) - Story # 4b: https://neuromatch.social/@jonny/116325123136895805(37:57) - Story # 5: Meta freezes AI data work after breach puts training secrets at risk(41:40) - Story # 6: Possible US Government iPhone Hacking Tool Leaked(44:32) - Story # 7: FBI labels data breach ‘major incident,’ notifies Congress(46:58) - Story # 8: vSphere and BRICKSTORM Malware: A Defender's Guide(52:12) - Story # 9: CBP Facility Codes Sure Seem to Have Leaked Via Online Flashcards(01:04:26) - ChickenSec: Why did the chicken wear a reflective vest? To cross the road of courseLinksThe Absolute Truths of Cybersecurity with Doc BlackburnProfessionally Evil API Testing: AAA and Keys are Not Just for CarsStory # 1: Post Mortem: axios npm supply chain compromiseStory # 2: Artemis II astronaut: ‘I have two Microsoft Outlooks, and neither one of those are working’Story # 3: Microsoft Copilot Terms of Service Label Copilot is for Entertainment Purposes OnlyStory # 4: Here’s what that Claude Code source leak reveals about Anthropic’s plansStory # 4b: https://neuromatch.social/@jonny/116325123136895805Story # 5: Meta freezes AI data work after breach puts training secrets at riskStory # 6: Possible US Government iPhone Hacking Tool LeakedStory # 7: FBI labels data breach ‘major incident,’ notifies CongressStory # 8: vSphere and BRICKSTORM Malware: A Defender’s GuideStory # 9: CBP Facility Codes Sure Seem to Have Leaked Via Online FlashcardsChickenSec: Why did the chicken wear a reflective vest? To cross the road of courseCreators & Guests Jennifer Shannon - GuestWade Wells - HostCorey Ham - HostRalph May - HostRyan Poirier - ProducerBronwen Aker - HostDoc Blackburn - GuestClick here to watch this episode on YouTube. Click here to view the episode transcript. 🔗 Register for FREE Infosec Webcasts, Anti-casts & Summits https://poweredbybhis.comBrought to you by:Black Hills Information Security https://www.blackhillsinfosec.comAntisyphon Traininghttps://www.antisyphontraining.com/Active Countermeasureshttps://www.activecountermeasures.comWild West Hackin Festhttps://wildwesthackinfest.com
    Show More Show Less
    1 hr and 6 mins
  • FCC Blocks Foreign-Made Routers – 2026-03-30

    FCC Blocks Foreign-Made Routers – 2026-03-30
    Apr 1 2026
    This episode covers the FCC’s move to restrict or ban certain foreign-made networking equipment—especially routers tied to Chinese manufacturers—highlighting the potential cybersecurity risks, supply chain implications, and how the rule could affect ISPs and consumers. The hosts also discuss broader concerns around hardware trust, existing infrastructure, and what qualifies as “approved” devices under FCC guidelines, along with a brief, lighter mention of a viral robot incident making the rounds online.Join us LIVE on Mondays, 4:30pm EST.A weekly Podcast with BHIS and Friends. We discuss notable Infosec, and infosec-adjacent news stories gathered by our community news team.https://www.youtube.com/@BlackHillsInformationSecurityChat with us on Discord! - https://discord.gg/bhis🔴live-chatChapters(00:00) - PreShow Banter™ — Robot Handlers(05:11) - FCC Blocks Foreign-Made Routers – 2026-03-30(06:44) - Story # 1: FCC moves to block new foreign-made routers(17:00) - Story # 2: FBI Chief Kash Patel’s Gmail Account was Hacked by Iranian Hackers(20:07) - Story # 3: FancyBear Exposed: Major OPSEC Blunder Inside Russian Espionage Ops(24:18) - Story # 4: LiteLLM and Telnyx compromised on PyPI: Tracing the TeamPCP supply chain campaign(27:49) - Story # 4b: TeamPCP Supply Chain Campaign(42:45) - Story # 5: Spylandia: How a Stretch of Florida Real Estate Has Become a Covert Corridor for Chinese and Russian Spies(45:51) - Story # 6: Anthropic readies Mythos model with high cybersecurity risk(57:31) - Story # 7: Google Ships WebMCP, The Browser-Based Backbone For The Agentic Web(01:02:24) - Story # 8: DDR5 Memory Prices Just Took a Noticeable Dive for the First Time in Months, and Google’s TurboQuant Might Be Behind It(01:04:03) - Securing the Cloud: Foundations by Andrew Krug(01:04:47) - Incident Response Simplified by Patterson CakeNews LinksStory # 1: FCC moves to block new foreign-made routersStory # 2: FBI Chief Kash Patel’s Gmail Account was Hacked by Iranian HackersStory # 3: FancyBear Exposed: Major OPSEC Blunder Inside Russian Espionage OpsStory # 4: LiteLLM and Telnyx compromised on PyPI: Tracing the TeamPCP supply chain campaignStory # 4b: TeamPCP Supply Chain CampaignStory # 5: Spylandia: How a Stretch of Florida Real Estate Has Become a Covert Corridor for Chinese and Russian SpiesStory # 6: Anthropic readies Mythos model with high cybersecurity riskStory # 7: Google Ships WebMCP, The Browser-Based Backbone For The Agentic WebStory # 8: DDR5 Memory Prices Just Took a Noticeable Dive for the First Time in Months, and Google’s TurboQuant Might Be Behind ItSecuring the Cloud: Foundations by Andrew KrugIncident Response Simplified by Patterson CakeCreators & Guests Andy Pettit "Nerf" - GuestAndrew Krug - GuestWade Wells - HostCorey Ham - HostBronwen Aker - HostPatterson Cake - GuestRyan Poirier - ProducerRalph May - HostClick here to watch this episode on YouTube. Click here to view the episode transcript. 🔗 Register for FREE Infosec Webcasts, Anti-casts & Summits https://poweredbybhis.comBrought to you by:Black Hills Information Security https://www.blackhillsinfosec.comAntisyphon Traininghttps://www.antisyphontraining.com/Active Countermeasureshttps://www.activecountermeasures.comWild West Hackin Festhttps://wildwesthackinfest.com
    Show More Show Less
    1 hr and 7 mins
  • Pentagon Plans to Train AI With Classified Data – 2026-03-23

    Pentagon Plans to Train AI With Classified Data – 2026-03-23
    Mar 27 2026
    This episode covers a range of cybersecurity and AI-related news, including how Pokémon Go players may have unknowingly helped train delivery robots using massive image datasets. The hosts also discuss the Pentagon’s reported plans to train AI systems on classified data and the potential risks of exposing sensitive information. Additional topics include major data breaches (such as a third-party breach impacting Crunchyroll user data), ongoing challenges in cybersecurity practices, evolving AI security concerns, and real-world examples of exploits and vulnerabilities affecting mobile devices and organizations.Join us LIVE on Mondays, 4:30pm EST.A weekly Podcast with BHIS and Friends. We discuss notable Infosec, and infosec-adjacent news stories gathered by our community news team.https://www.youtube.com/@BlackHillsInformationSecurityChat with us on Discord! - https://discord.gg/bhis🔴live-chatChapters(00:00) - PreShow Banter™ — Easier Than Printers(05:20) - Pentagon Plans to Train AI With Classified Data – BHIS - Talkin' Bout [infosec] News 2026-03-23(06:38) - Story # 1: Sears Exposed AI Chatbot Phone Calls and Text Chats to Anyone on the Web(07:38) - Story # 1b: ALT Link - Sears Exposed AI Chatbot Phone Calls and Text Chats to Anyone on the Web(15:35) - Story # 2: Federal cyber experts called Microsoft’s cloud a “pile of shit,” approved it anyway(24:31) - Story # 3: The Pentagon is planning for AI companies to train on classified data, defense official says(34:04) - Story # 4: CISA Urges Endpoint Management System Hardening After Cyberattack Against US Organization(37:50) - Story # 5: Warning: Your AI-Generated Password Is a Major Security Risk. Here’s What to Use Instead(42:21) - Story # 6: CISA warns of active exploitation of Microsoft SharePoint vulnerability (CVE-2026-20963)(49:57) - Story # 7: Massive China Data Leak: Hackers Access 10 Petabytes of Weapons Testing Data(51:28) - Story # 8: Anime fans' credit cards might be stolen from Sony streamer Crunchyroll(55:03) - Story # 9: The Proliferation of DarkSword: iOS Exploit Chain Adopted by Multiple Threat ActorsLinksStory # 1: Sears Exposed AI Chatbot Phone Calls and Text Chats to Anyone on the WebStory # 1b: ALT Link - Sears Exposed AI Chatbot Phone Calls and Text Chats to Anyone on the WebStory # 2: Federal cyber experts called Microsoft’s cloud a “pile of shit,” approved it anywayStory # 3: The Pentagon is planning for AI companies to train on classified data, defense official saysStory # 4: CISA Urges Endpoint Management System Hardening After Cyberattack Against US OrganizationStory # 5: Warning: Your AI-Generated Password Is a Major Security Risk. Here’s What to Use InsteadStory # 6: CISA warns of active exploitation of Microsoft SharePoint vulnerability (CVE-2026-20963)Story # 7: Massive China Data Leak: Hackers Access 10 Petabytes of Weapons Testing DataStory # 8: Anime fans’ credit cards might be stolen from Sony streamer CrunchyrollStory # 9: The Proliferation of DarkSword: iOS Exploit Chain Adopted by Multiple Threat ActorsCreators & Guests John Strand - HostRalph May - HostChadd Watson - GuestWade Wells - HostAlex Minster "Belouve" - GuestHayden Covington - HostBruce Potter - GuestRyan Poirier - ProducerClick here to watch this episode on YouTube. Click here to view the episode transcript. 🔗 Register for FREE Infosec Webcasts, Anti-casts & Summits https://poweredbybhis.comBrought to you by:Black Hills Information Security https://www.blackhillsinfosec.comAntisyphon Traininghttps://www.antisyphontraining.com/Active Countermeasureshttps://www.activecountermeasures.comWild West Hackin Festhttps://wildwesthackinfest.com
    Show More Show Less
    1 hr and 5 mins