Breaking Badness

In this episode of Breaking Badness, host Kali Fencl is joined by DomainTools' Daniel Schwabe and disinformation expert Scot Terban to uncover how modern Russian disinformation campaigns are using domain registrars, homoglyph attacks, and generative AI to mimic legitimate news outlets and manipulate public perception. From the eerie sophistication of Doppelganger operations to the exploitation of domain infrastructure, this episode sheds light on how truth is being weaponized in the digital era. We also explore how AI is accelerating the speed and scale of these attacks, and the limited levers defenders have to push back.

In this special DNS Masterclass episode of Breaking Badness, hosts Kali Fencl, Tim Helming, and Taylor Wilkes-Pierce take a deep dive into the Domain Name System often dubbed the backbone and battleground of the internet. From its humble beginnings with host files to its critical role in modern security, the episode unpacks DNS’s evolution, vulnerabilities, and impact on InfoSec.

Explore the fascinating evolution of threat intelligence, from early days of basic rules to advanced AI analysis with graph technology. Discover how community collaboration enhances cybersecurity practices and speeds up threat detection. Learn about the impactful tools like AlphaHunt that empower both junior and seasoned analysts. The podcast sheds light on the importance of sharing knowledge and adapting to new threats, while also addressing the balance between risk management and corporate profits in cybersecurity.

In this episode of Breaking Badness, we dive into two major cybersecurity stories: the exploitation of a VPN vulnerability by Chinese APT 41 and the newly discovered “Wall Bleed” flaw in the Great Firewall of China. APT 41 has been using a critical VPN vulnerability to infiltrate operational technology (OT) organizations, targeting industries like aerospace and defense. Meanwhile, researchers have uncovered a flaw in China's DNS injection system, which inadvertently leaks internal data—an ironic twist for a government known for its strict internet censorship. Join us as we break down these exploits, their impact on cybersecurity, and what they reveal about modern cyber espionage. We also discuss best practices for securing VPNs, firewall vulnerabilities, and the ethical implications of studying censorship technologies.

Episode 202 of Breaking Badness takes a deep dive into two of the biggest cybersecurity stories of the year (so far): ● Black Basta’s Leaked Chats – A major data leak has exposed internal conversations from this notorious ransomware gang, revealing their internal struggles, ransom negotiations, and even workplace drama. ● Salt Typhoon’s Cyber Espionage – A sophisticated Chinese threat group has been caught infiltrating major U.S. telecommunications providers, raising serious concerns about national security.

In this episode of Breaking Badness, we sit down with Bruce and Heidi Potter, two of the masterminds behind ShmooCon, the legendary cybersecurity conference that ran for 20 years. They take us behind the scenes, from its hilarious bar-napkin origins to how they built a tight-knit hacker community that thrived for two decades.

In this episode of Breaking Badness, we dive into two major cybersecurity concerns: the risks of abandoned S3 buckets and a wave of phishing attacks impersonating DeepSeek. Watchtowr Labs uncovers how forgotten AWS storage can be hijacked for malicious purposes, potentially compromising military, government, and enterprise systems. Meanwhile, attackers exploit DeepSeek’s rising popularity to create lookalike sites, tricking unsuspecting users into downloading malware or exposing credentials. Join hosts Kali Fencl, Tim Helming, and Taylor Wilkes-Pierce as they break down these findings with humor, deep insights, and even a few pop culture references. Plus, we rate the severity of these threats on our infamous Hoodie Scale and wrap up with Gold, Guidance & Grievances.

Welcome to the 200th episode of Breaking Badness! 🎉 In this special milestone edition, we take a nostalgic stroll down memory lane, discuss the evolution of cybersecurity, and explore how the podcast—and the security landscape—has changed since 2019. In this special milestone episode, hosts Kali Fencl, Tim Helming, and Taylor Wilkes-Pierce are joined by longtime friend of the show, Allan Liska, to reflect on how both the podcast and cybersecurity world have evolved over the past six years. Let’s take a stroll down memory lane and explore how Breaking Badness went from an experimental idea to a trusted, pun-filled source of cybersecurity insights.

In this episode of Breaking Badness, we welcome back Tanya Janca, aka SheHacksPurple, to discuss her latest book, Alice and Bob Learn Secure Coding. Tanya dives deep into the fundamental principles of secure software development, the psychology behind developer incentives, and the often-overlooked importance of zero trust security.

In this episode of Breaking Badness, we analyze two fascinating cybersecurity incidents that expose both corporate misconfigurations and hacker missteps. Security researcher Philippe Caturegli discovered a typo in MasterCard’s DNS records, which left the company open to traffic hijacking and data exposure. This long-overlooked flaw, dating back years, could have been exploited by attackers to redirect users, intercept data, and manipulate services. The Script Kiddie Trap: In a turn of events that underscores the “no honor among thieves” trope, a threat actor baited low-skilled hackers (script kiddies) with a fake malware builder. Instead of gaining hacking capabilities, they unwittingly installed a backdoor on their own machines, allowing the original attacker to steal their data and take control of their systems.