Talkin' Bout [Infosec] News

Register for FREE Infosec Webcasts, Anti-casts & Summits – https://poweredbybhis.comThe BHIS crew breaks down the latest cybersecurity stories making waves — from data breaches and malware campaigns to privacy issues, exploit trends, and tech policy shake-ups. Join our panel of security pros for expert analysis, sharp humor, and practical insights you can actually use. Whether it’s social engineering, AI-powered attacks, or bizarre security headlines, we dig into what matters most for defenders and curious minds alike. Stay informed, entertained, and one step ahead in the ever-changing world of infosec.00:00:00 - PreShow Banter™ — The Cost of War.xyz00:03:42 - The AI Browser Wars - BHIS - Talkin’ Bout [infosec] News 2025-10-2700:04:04 - Story # 1: Smart bed owners experience AWS outage nightmare as they’re left sweating and stuck in upright position00:10:49 - Story # 2: Robots May Replace 600,000 Human Employees at Amazon00:14:40 - Story # 3: Meet Mico, Microsoft’s AI version of Clippy00:20:59 - Story # 4: Exploitation of Windows Server Update Services Remote Code Execution Vulnerability00:26:31 - Story # 5: Ex-L3Harris executive accused of selling trade secrets to Russia00:31:29 - Story # 6: Introducing ChatGPT Atlas00:43:34 - Story # 7: ‘Phased Out’—Google Confirms Bad News For 3 Billion Chrome Users00:52:26 - Story # 8: The Y2K38 Bug Is a Vulnerability, Not Just a Date Problem, Researchers Warn01:00:16 - Story # 9: KFC Venezuela Alleged Data Breach – 1 Million Customer Records Exposed (00:00) - PreShow Banter™ — The Cost of War.xyz (03:42) - The AI Browser Wars - BHIS - Talkin' Bout [infosec] News 2025-10-27 (04:04) - Story # 1: Smart bed owners experience AWS outage nightmare as they're left sweating and stuck in upright position (10:48) - Story # 2: Robots May Replace 600,000 Human Employees at Amazon (14:40) - Story # 3: Meet Mico, Microsoft’s AI version of Clippy (20:58) - Story # 4: Exploitation of Windows Server Update Services Remote Code Execution Vulnerability (26:30) - Story # 5: Ex-L3Harris executive accused of selling trade secrets to Russia (31:28) - Story # 6: Introducing ChatGPT Atlas (43:34) - Story # 7: ‘Phased Out’—Google Confirms Bad News For 3 Billion Chrome Users (52:25) - Story # 8: The Y2K38 Bug Is a Vulnerability, Not Just a Date Problem, Researchers Warn (01:00:15) - Story # 9: KFC Venezuela Alleged Data Breach – 1 Million Customer Records Exposed

Register for FREE Infosec Webcasts, Anti-casts & Summits – https://poweredbybhis.com00:00:00 - PreShow Banter™ — AWS Snow Day Party00:11:31 - Online Book Store Takes Down Half of the Internet - BHIS - Talkin’ Bout [infosec] News 2025-10-2000:12:12 - Story # 1: F5 says hackers stole undisclosed BIG-IP flaws, source code00:35:11 - Story # 2: Newsom signs age verification law, siding with tech giants over Hollywood00:48:39 - Story # 3: Researchers find a startlingly cheap way to steal your secrets from space00:55:04 - Story # 4: Jeff Bezos Has a Plan to Curb AI’s Carbon Footprint: Send Data Centers to Space01:02:22 - Story # 5: SolarWinds Security Chief reflects on the Russian hack that exposed US government agencies (00:00) - PreShow Banter™ — AWS Snow Day Party (11:30) - Online Book Store Takes Down Half of the Internet - BHIS - Talkin' Bout [infosec] News 2025-10-20 (12:12) - Story # 1: F5 says hackers stole undisclosed BIG-IP flaws, source code (35:10) - Story # 2: Newsom signs age verification law, siding with tech giants over Hollywood (48:39) - Story # 3: Researchers find a startlingly cheap way to steal your secrets from space (55:03) - Story # 4: Jeff Bezos Has a Plan to Curb AI’s Carbon Footprint: Send Data Centers to Space (01:02:21) - Story # 5: SolarWinds Security Chief reflects on the Russian hack that exposed US government agencies

Register for FREE Infosec Webcasts, Anti-casts & Summits – https://poweredbybhis.com00:00 - PreShow Banter™ — A Real Podcast03:15 - Hackers claim Discord breach exposed data of 5.5 million users – BHIS - Talkin' Bout [infosec] News 2025-10-1305:44 - Story # 1: CamoLeak: Critical GitHub Copilot Vulnerability Leaks Private Source Code24:27 - Story # 2: Hackers claim Discord breach exposed data of 5.5 million users36:52 - Story # 3: Velociraptor leveraged in ransomware attacks46:47 - Story # 4: Huntress Threat Advisory: Widespread SonicWall SSLVPN Compromise54:48 - CTF Challenge (00:00) - PreShow Banter™ — A Real Podcast (03:14) - Hackers claim Discord breach exposed data of 5.5 million users – BHIS - Talkin' Bout [infosec] News 2025-10-13 (05:43) - Story # 1: CamoLeak: Critical GitHub Copilot Vulnerability Leaks Private Source Code (24:26) - Story # 2: Hackers claim Discord breach exposed data of 5.5 million users (36:52) - Story # 3: Velociraptor leveraged in ransomware attacks (46:46) - Story # 4: Huntress Threat Advisory: Widespread SonicWall SSLVPN Compromise (54:48) - CTF Challenge

Register for FREE Infosec Webcasts, Anti-casts & Summits – https://poweredbybhis.com 00:00 - PreShow Banter™ — A little radiation never hurt anybody.03:07 - BHIS - Talkin’ Bout [infosec] News 2025-09-2903:29 - Story # 1: As many as 2 million Cisco devices affected by actively exploited 0-day19:07 - Story # 2: Viral call-recording app Neon goes dark after exposing users’ phone numbers, call recordings, and transcripts | TechCrunch24:25 - Story # 3: AI Darwin Awards Show AI’s Biggest Problem Is Human29:32 - Story # 4: Nikon revokes all C2PA image authenticity certificates after major vulnerability exposed34:14 - Story # 5: ‘You’ll never need to work again’: Criminals offer reporter money to hack BBC38:18 - Story # 6: Cybersecurity Training Programs Don’t Prevent Employees from Falling for Phishing Scams46:48 - Mini CTF Walkthrough56:03 - Story # 7: U.S. Secret Service dismantles imminent telecommunications threat in New York tristate area (00:00) - PreShow Banter™ — A little radiation never hurt anybody. (03:07) - BHIS - Talkin' Bout [infosec] News 2025-09-29 (03:28) - Story # 1: As many as 2 million Cisco devices affected by actively exploited 0-day (19:06) - Story # 2: Viral call-recording app Neon goes dark after exposing users' phone numbers, call recordings, and transcripts | TechCrunch (24:24) - Story # 3: AI Darwin Awards Show AI’s Biggest Problem Is Human (29:31) - Story # 4: Nikon revokes all C2PA image authenticity certificates after major vulnerability exposed (34:14) - Story # 5: 'You'll never need to work again': Criminals offer reporter money to hack BBC (38:18) - Story # 6: Cybersecurity Training Programs Don’t Prevent Employees from Falling for Phishing Scams (46:48) - Mini CTF Walkthrough (56:02) - Story # 7: U.S. Secret Service dismantles imminent telecommunications threat in New York tristate area

Register for FREE Infosec Webcasts, Anti-casts & Summits – https://poweredbybhis.com00:00 - PreShow Banter™ — Unnatural European Fridges03:34 - The Entra ID Cross-Tenant Vulnerability Discovery – BHIS - Talkin’ Bout [infosec] News 2025-09-2204:14 - Story # 1: One Token to rule them all - obtaining Global Admin in every Entra ID tenant via Actor tokens21:32 - Story # 2: Shai-Hulud: Self-Replicating Worm Compromises 500+ NPM Packages40:50 - OSSPREY – NPM Package @Ctrl/Tinycolor Compromised: Shai Hulud Malware Targets Secrets and Persistence51:41 - Story # 3: Verified Steam game steals streamer’s cancer treatment donations57:16 - Story # 4: Heathrow warns of second day of disruption after cyber-attack (00:00) - PreShow Banter™ — Unnatural European Fridges (03:07) - The Entra ID Cross-Tenant Vulnerability Discovery – BHIS - Talkin' Bout [infosec] News 2025-09-22 (03:45) - Story # 1: One Token to rule them all - obtaining Global Admin in every Entra ID tenant via Actor tokens (20:09) - Story # 2: Shai-Hulud: Self-Replicating Worm Compromises 500+ NPM Packages (38:51) - OSSPREY – NPM Package @Ctrl/Tinycolor Compromised: Shai Hulud Malware Targets Secrets and Persistence (49:28) - Story # 3: Verified Steam game steals streamer's cancer treatment donations (54:51) - Story # 4: Heathrow warns of second day of disruption after cyber-attack

???? Register for FREE Infosec Webcasts, Anti-casts & Summits – https://poweredbybhis.com 00:00 - PreShow Banter™ — Enter Dark John03:15 - Kerberoasting Goes to Washington – BHIS - Talkin’ Bout [infosec] News 2025-09-1503:49 - Story # 1: Senator blasts Microsoft for making default Windows vulnerable to “Kerberoasting”12:46 - Story # 2: How an Attacker’s Blunder Gave Us a Rare Look Inside Their Day-to-Day Operations32:42 - Story # 3: Some JLR suppliers ‘face bankruptcy’ due to hack crisis41:30 - Story # 4: AI-Powered Villager Pen Testing Tool Hits 11,000 PyPI Downloads Amid Abuse Concerns46:07 - Story # 5: All your vulns are belong to us! CISA wants to maintain gov control of CVE program49:55 - Story # 6: Qantas penalizes executives for July cyberattack51:15 - Story # 7: America’s second largest egg producer breached, claim hackers54:55 - Story # 8: Undocumented Radios Found in Solar-Powered Devices (00:00) - PreShow Banter™ — Enter Dark John (03:14) - Kerberoasting Goes to Washington – BHIS - Talkin' Bout [infosec] News 2025-09-15 (03:49) - Story # 1: Senator blasts Microsoft for making default Windows vulnerable to “Kerberoasting” (12:46) - Story # 2: How an Attacker’s Blunder Gave Us a Rare Look Inside Their Day-to-Day Operations (32:41) - Story # 3: Some JLR suppliers 'face bankruptcy' due to hack crisis (41:29) - Story # 4: AI-Powered Villager Pen Testing Tool Hits 11,000 PyPI Downloads Amid Abuse Concerns (46:06) - Story # 5: All your vulns are belong to us! CISA wants to maintain gov control of CVE program (49:54) - Story # 6: Qantas penalizes executives for July cyberattack (51:14) - Story # 7: America’s second largest egg producer breached, claim hackers (54:55) - Story # 8: Undocumented Radios Found in Solar-Powered Devices

Register for FREE Infosec Webcasts, Anti-casts & Summits – https://poweredbybhis.com00:00 - PreShow Banter™ — If I Were French04:35 - Anthropic 1.5 Billion © Settlement - BHIS - Talkin’ Bout [infosec] News 2025-09-0805:48 - Hackers Threaten to Submit Artists’ Data to AI Models If Art Site Doesn’t Pay Up08:40 - Anthropic Agrees to Pay Authors at Least $1.5 Billion in AI Copyright Settlement23:58 - This Company Turns Dashcams into ‘Virtual CCTV Cameras.’ Then Hackers Got In33:38 - Ice obtains access to Israeli-made spyware that can hack phones and encrypted apps40:07 - Cloudflare Blocks Record-Breaking 11.5 Tbps DDoS Attack44:27 - npm Packages With 2 Billion Weekly Downloads Hacked in Major Attack46:38 - Update on Mandiant Drift and Salesloft Application Investigations51:04 - M&S hackers claim to be behind Jaguar Land Rover cyber attack51:55 - New TP-Link zero-day surfaces as CISA warns other flaws are exploited54:52 - ChickenSec: US turns to Russia for chicken eggs for the first time in 32 years, despite sanctions to cripple its economy57:58 - Cybercriminals Exploit X’s Grok AI to Bypass Ad Protections and Spread Malware to Millions (00:00) - PreShow Banter™ — If I Were French (04:35) - Anthropic 1.5 Billion © Settlement - BHIS - Talkin' Bout [infosec] News 2025-09-08 (05:47) - Hackers Threaten to Submit Artists' Data to AI Models If Art Site Doesn't Pay Up (08:40) - Anthropic Agrees to Pay Authors at Least $1.5 Billion in AI Copyright Settlement (23:57) - This Company Turns Dashcams into ‘Virtual CCTV Cameras.’ Then Hackers Got In (33:38) - Ice obtains access to Israeli-made spyware that can hack phones and encrypted apps (40:07) - Cloudflare Blocks Record-Breaking 11.5 Tbps DDoS Attack (44:26) - npm Packages With 2 Billion Weekly Downloads Hacked in Major Attack (46:37) - Update on Mandiant Drift and Salesloft Application Investigations (51:03) - M&S hackers claim to be behind Jaguar Land Rover cyber attack (51:54) - New TP-Link zero-day surfaces as CISA warns other flaws are exploited (54:52) - ChickenSec: US turns to Russia for chicken eggs for the first time in 32 years, despite sanctions to cripple its economy (57:57) - Cybercriminals Exploit X's Grok AI to Bypass Ad Protections and Spread Malware to Millions

Register for FREE Infosec Webcasts, Anti-casts & Summits – https://poweredbybhis.com00:00 - PreShow Banter™ — It’s 8ft skeleton season.02:18 - BHIS - Talkin’ Bout [infosec] News 2025-09-0203:07 - Story # 1: Salesloft breached to steal OAuth tokens for Salesforce data-theft attacks07:35 - Story # 2: DSLRoot, Proxies, and the Threat of ‘Legal Botnets’13:46 - Story # 3: Attackers Abuse Velociraptor Forensic Tool to Deploy Visual Studio Code for C2 Tunneling17:44 - Story # 4: Ransomware crooks knock Swedish municipalities offline for measly sum of $168K19:39 - Story # 5: As crippling cyberattack against Nevada continues, Lombardo says ‘we’re working through it.’20:56 - Story # 6: Citrix forgot to tell you CVE-2025–6543 has been used as a zero day since May 202522:43 - Story # 7: NetScaler ADC and NetScaler Gateway Security Bulletin for CVE-2025-7775, CVE-2025-7776 and CVE-2025-842425:20 - Story # 8: First known AI-powered ransomware uncovered by ESET Research30:00 - Story # 9: In the rush to adopt hot new tech, security is often forgotten. AI is no exception32:06 - Story # 10: TransUnion suffers data breach impacting over 4.4 million people34:17 - Story # 11: ChickenSec FollowUp: Artificial Intelligence: The other AI35:20 - Story # 12: They weren’t lovin’ it - hacker cracks McDonald’s security in quest for free nuggets, and it was apparently not too tricky39:29 - Identify the birds you see or hear with Merlin Bird ID40:04 - Story # 13: Detecting and countering misuse of AI: August 202551:31 - Story # 14: I’m a Stanford student. A Chinese agent tried to recruit me as a spy (00:00) - PreShow Banter™ — It’s 8ft skeleton season. (02:17) - BHIS - Talkin' Bout [infosec] News 2025-09-02 (03:07) - Story # 1: Salesloft breached to steal OAuth tokens for Salesforce data-theft attacks (07:35) - Story # 2: DSLRoot, Proxies, and the Threat of ‘Legal Botnets’ (13:46) - Story # 3: Attackers Abuse Velociraptor Forensic Tool to Deploy Visual Studio Code for C2 Tunneling (17:44) - Story # 4: Ransomware crooks knock Swedish municipalities offline for measly sum of $168K (19:39) - Story # 5: As crippling cyberattack against Nevada continues, Lombardo says ‘we’re working through it.’ (20:56) - Story # 6: Citrix forgot to tell you CVE-2025–6543 has been used as a zero day since May 2025 (22:43) - Story # 7: NetScaler ADC and NetScaler Gateway Security Bulletin for CVE-2025-7775, CVE-2025-7776 and CVE-2025-8424 (25:19) - Story # 8: First known AI-powered ransomware uncovered by ESET Research (30:00) - Story # 9: In the rush to adopt hot new tech, security is often forgotten. AI is no exception (32:05) - Story # 10: TransUnion suffers data breach impacting over 4.4 million people (34:16) - Story # 11: ChickenSec FollowUp: Artificial Intelligence: The other AI (35:20) - Story # 12: They weren't lovin' it - hacker cracks McDonald's security in quest for free nuggets, and it was apparently not too tricky (39:29) - Identify the birds you see or hear with Merlin Bird ID (40:03) - Story # 13: Detecting and countering misuse of AI: August 2025 (51:31) - Story # 14: I’m a Stanford student. A Chinese agent tried to recruit me as a spy

Register for FREE Infosec Webcasts, Anti-casts & Summits – https://poweredbybhis.com00:00 - PreShow Banter™ — Canadian Chicken02:01 - The AI Bubble BHIS - Talkin’ Bout [infosec] News 2025-08-2502:23 - Story # 1: Congressman proposes bringing back letters of marque for cyber privateers09:27 - Story # 2: SIM-Swapper, Scattered Spider Hacker Gets 10 Years12:43 - Story # 3: Developer jailed for taking down employer’s network with kill switch malware16:33 - Story # 4: Agentic Browser Security: Indirect Prompt Injection in Perplexity Comet20:42 - The Utopia Chronicles23:20 - Story # 5: “Unstoppable Power Surges”: China’s Quantum Processor Outspeeds Supercomputers by 1 Quadrillion and Triggers US Intelligence Panic28:47 - Story # 6: Bank forced to rehire workers after lying about chatbot productivity, union says41:21 - Story # 7: It Took Many Years And Billions Of Dollars, But Microsoft Finally Invented A Calculator That Is Wrong Sometimes43:41 - Story # 8: Copilot Broke Your Audit Log, but Microsoft Won’t Tell You46:33 - Story # 9: Russian state-sponsored espionage group Static Tundra compromises unpatched end-of-life network devices49:24 - Story # 10 : Zero-Day Clickjacking Flaws Found in Password Managers Used by Millions53:12 - Story # 11: Cybersecurity training doesn’t work: time wasted with no impact, study finds59:07 - ChickenSec: Artificial Intelligence: The other AI (00:00) - PreShow Banter™ — Canadian Chicken (02:01) - The AI Bubble BHIS - Talkin' Bout [infosec] News 2025-08-25 (02:23) - Story # 1: Congressman proposes bringing back letters of marque for cyber privateers (09:27) - Story # 2: SIM-Swapper, Scattered Spider Hacker Gets 10 Years (12:42) - Story # 3: Developer jailed for taking down employer's network with kill switch malware (16:33) - Story # 4: Agentic Browser Security: Indirect Prompt Injection in Perplexity Comet (20:41) - The Utopia Chronicles (23:20) - Story # 5: “Unstoppable Power Surges”: China’s Quantum Processor Outspeeds Supercomputers by 1 Quadrillion and Triggers US Intelligence Panic (28:46) - Story # 6: Bank forced to rehire workers after lying about chatbot productivity, union says (41:21) - Story # 7: It Took Many Years And Billions Of Dollars, But Microsoft Finally Invented A Calculator That Is Wrong Sometimes (43:41) - Story # 8: Copilot Broke Your Audit Log, but Microsoft Won’t Tell You (46:33) - Story # 9: Russian state-sponsored espionage group Static Tundra compromises unpatched end-of-life network devices (49:24) - Story # 10 : Zero-Day Clickjacking Flaws Found in Password Managers Used by Millions (53:12) - Story # 11: Cybersecurity training doesn’t work: time wasted with no impact, study finds (59:06) - ChickenSec: Artificial Intelligence: The other AI

Register for FREE Infosec Webcasts, Anti-casts & Summits – https://poweredbybhis.com00:00 - PreShow Banter™ — The gif that keeps on giffing01:46 - Cyberattack Bricks Speed Cameras – BHIS - Talkin’ Bout [infosec] News 2025-08-1802:39 - Story # 1: Perplexity made a sky-high $34.5 billion bid for Google Chrome — a bold and unusual move in the midst of antitrust scrutiny07:16 - Story # 2: Exclusive: US embeds trackers in AI chip shipments to catch diversions to China, sources say10:22 - Story # 3: How we found TeaOnHer spilling users’ driver’s licenses in less than 10 minutes12:17 - Story # 4: Cisco discloses maximum-severity defect in firewall software13:56 - Story # 5: Data Dump From APT Actor Yields Clues to Attacker Capabilities19:13 - Story # 6: Russian cyberattack in the Netherlands leaves speed cameras offline indefinitely23:30 - Story # 7: HTTP/2 MadeYouReset Vulnerability Enables Massive DDoS Attacks24:51 - Story # 8: LAPD Eyes ‘GeoSpy’, an AI Tool That Can Geolocate Photos in Seconds29:05 - Story # 9: Manpower discloses data breach affecting nearly 145,000 people34:51 - Story # 10: Hacker Offers to Sell 15.8 Million Plain-Text PayPal Credentials On Dark Web Forum35:34 - Story # 11: The First Federal Cybersecurity Disaster of Trump 2.0 Has Arrived40:54 - Story # 12: New Clever Phishing Attack Uses Japanese Character “ん” to Mimic Forward Slash “/”46:28 - Story # 13: Fortinet warns of FortiSIEM pre-auth RCE flaw with exploit in the wild48:13 - Story # 14: Plex warns users to patch security vulnerability immediately50:53 - ChickenSec: Noble Foods using soil mapping technology at organic egg farm (00:00) - PreShow Banter™ — The gif that keeps on giffing (01:46) - Cyberattack Bricks Speed Cameras – BHIS - Talkin' Bout [infosec] News 2025-08-18 (02:38) - Story # 1: Perplexity made a sky-high $34.5 billion bid for Google Chrome — a bold and unusual move in the midst of antitrust scrutiny (07:16) - Story # 2: Exclusive: US embeds trackers in AI chip shipments to catch diversions to China, sources say (10:22) - Story # 3: How we found TeaOnHer spilling users’ driver’s licenses in less than 10 minutes (12:16) - Story # 4: Cisco discloses maximum-severity defect in firewall software (13:55) - Story # 5: Data Dump From APT Actor Yields Clues to Attacker Capabilities (19:13) - Story # 6: Russian cyberattack in the Netherlands leaves speed cameras offline indefinitely (23:30) - Story # 7: HTTP/2 MadeYouReset Vulnerability Enables Massive DDoS Attacks (24:51) - Story # 8: LAPD Eyes ‘GeoSpy’, an AI Tool That Can Geolocate Photos in Seconds (29:04) - Story # 9: Manpower discloses data breach affecting nearly 145,000 people (34:50) - Story # 10: Hacker Offers to Sell 15.8 Million Plain-Text PayPal Credentials On Dark Web Forum (35:34) - Story # 11: The First Federal Cybersecurity Disaster of Trump 2.0 Has Arrived (40:53) - Story # 12: New Clever Phishing Attack Uses Japanese Character “ん” to Mimic Forward Slash “/” (46:27) - Story # 13: Fortinet warns of FortiSIEM pre-auth RCE flaw with exploit in the wild (48:13) - Story # 14: Plex warns users to patch security vulnerability immediately (50:52) - ChickenSec: Noble Foods using soil mapping technology at organic egg farm