Talkin' Bout [Infosec] News – Details, episodes & analysis

🔗 Register for FREE Infosec Webcasts, Anti-casts & Summits – 

https://poweredbybhis.com

Join us LIVE on Mondays, 4:30pm EST.
A weekly Podcast with BHIS and Friends. We discuss notable Infosec, and infosec-adjacent news stories gathered by our community news team.
https://www.youtube.com/@BlackHillsInformationSecurity

Chat with us on Discord!
https://discord.gg/bhis
🔴live-chat

A Live Stream From inside Lazarus Group – 2025-12-08
This BHIS episode blends cybersecurity humor, hacker culture, and livestream chaos as the team jokes about nation-state threats, leaked webcams, OPSEC mishaps, and technical glitches. With unscripted banter and light industry insights, it’s a fun, energetic listen for fans of ethical hacking, infosec podcasts, and behind-the-scenes security chatter.

Chapters
00:00 - PreShow Banter™ — Industry Leaders
02:34 - A Live Stream From inside Lazarus Group – 2025-12-08
04:24 - Story # 1: React2Shell (CVE-2025-55182): Everything You Need to Know About the Critical React Vulnerability
08:58 - Story # 2: A Live Stream from Inside Lazarus Group’s IT Workers Scheme
20:37 - Story # 3: Contractors with hacking records accused of wiping 96 govt databases
26:44 - Story # 4: Apple refuses to pre-install government app on iPhones in India
37:42 - Story # 5: Russia blocks Apple's FaceTime in mounting push against foreign tech platforms
44:55 - Story # 6: ‘End-to-end encrypted’ smart toilet camera is not actually end-to-end encrypted
57:53 - Story # 7: Flock Uses Overseas Gig Workers to Build its Surveillance AI

Brought to you by:

Black Hills Information Security 

https://www.blackhillsinfosec.com

Antisyphon Training

https://www.antisyphontraining.com/

Active Countermeasures

https://www.activecountermeasures.com

Wild West Hackin Fest

https://wildwesthackinfest.com

• (00:00) - 00:00 - PreShow Banter™ — Industry Leaders
• (02:34) - A Live Stream From inside Lazarus Group – 2025-12-08
• (04:24) - Story # 1: React2Shell (CVE-2025-55182): Everything You Need to Know About the Critical React Vulnerability
• (08:57) - Story # 2: A Live Stream from Inside Lazarus Group’s IT Workers Scheme
• (20:37) - Story # 3: Contractors with hacking records accused of wiping 96 govt databases
• (26:44) - Story # 4: Apple refuses to pre-install government app on iPhones in India
• (37:41) - Story # 5: Russia blocks Apple's FaceTime in mounting push against foreign tech platforms
• (44:55) - Story # 6: ‘End-to-end encrypted’ smart toilet camera is not actually end-to-end encrypted
• (57:52) - Story # 7: Flock Uses Overseas Gig Workers to Build its Surveillance AI

Register for FREE Infosec Webcasts, Anti-casts & Summits –

https://poweredbybhis.com

Chapters

• (00:00) - PreShow Banter™ — The Problem With Extensions
• (03:10) - Lawmakers Want to Ban VPNs – BHIS - Talkin' Bout [infosec] News 2025-12-01
• (03:47) - Story # 1: Stop Putting Your Passwords Into Random Websites (Yes, Seriously, You Are The Problem)
• (12:05) - Story # 2: Lawmakers Want to Ban VPNs—And They Have No Idea What They're Doing
• (21:18) - Story # 3: Critical 7 Zip Vulnerability With Public Exploit Requires Manual Update
• (25:48) - Story # 4: 'Slop Evader' Lets You Surf the Web Like It’s 2022
• (37:07) - Story # 5: China’s Espionage in Europe is Deepening and More Sophisticated than Acknowledged, Expert Says
• (39:10) - Story # 6: Apple Update Warning For All iPhone 17, 16 And 15 Users—Act Now
• (42:38) - Story # 7: Meta is earning a fortune on a deluge of fraudulent ads, documents show
• (50:22) - Story # 8: Meta had a 17-strike policy for sex trafficking, former safety leader claims
• (52:40) - Story # 9: Man behind in-flight Evil Twin WiFi attacks gets 7 years in prison

Brought to you by:
Black Hills Information Security
https://www.blackhillsinfosec.com

Antisyphon Training
https://www.antisyphontraining.com/

Active Countermeasures
https://www.activecountermeasures.com

Wild West Hackin Fest
https://wildwesthackinfest.com

Register for FREE Infosec Webcasts, Anti-casts & Summits – https://poweredbybhis.com

00:00 - PreShow Banter™ — Unnatural European Fridges

03:34 - The Entra ID Cross-Tenant Vulnerability Discovery – BHIS - Talkin’ Bout [infosec] News 2025-09-22

04:14 - Story # 1: One Token to rule them all - obtaining Global Admin in every Entra ID tenant via Actor tokens

21:32 - Story # 2: Shai-Hulud: Self-Replicating Worm Compromises 500+ NPM Packages

40:50 - OSSPREY – NPM Package @Ctrl/Tinycolor Compromised: Shai Hulud Malware Targets Secrets and Persistence

51:41 - Story # 3: Verified Steam game steals streamer’s cancer treatment donations

57:16 - Story # 4: Heathrow warns of second day of disruption after cyber-attack

• (00:00) - PreShow Banter™ — Unnatural European Fridges
• (03:07) - The Entra ID Cross-Tenant Vulnerability Discovery – BHIS - Talkin' Bout [infosec] News 2025-09-22
• (03:45) - Story # 1: One Token to rule them all - obtaining Global Admin in every Entra ID tenant via Actor tokens
• (20:09) - Story # 2: Shai-Hulud: Self-Replicating Worm Compromises 500+ NPM Packages
• (38:51) - OSSPREY – NPM Package @Ctrl/Tinycolor Compromised: Shai Hulud Malware Targets Secrets and Persistence
• (49:28) - Story # 3: Verified Steam game steals streamer's cancer treatment donations
• (54:51) - Story # 4: Heathrow warns of second day of disruption after cyber-attack

The post Talkin’ About Infosec News – 11/22/2023 appeared first on Black Hills Information Security.

• (00:00) - PreShow Banter™ — A clean-shaven galaxy, a long time away.
• (07:50) - BHIS - Talkin' Bout [infosec] News 2023-11-20
• (09:53) - Story # 1: Ransomware gang files complaint with SEC complaining victim didn’t promptly announce breach
• (12:36) - Story # 1b: AlphV files an SEC complaint against MeridianLink for not disclosing a breach to the SEC (2)
• (17:04) - Story # 1c : Services in North Carolina town unavailable after ransomware attack
• (18:13) - Story # 1d: WHISTLEBLOWER AWARD PROCEEDING
• (20:32) - Story # 2: Taylor Swift Fans Spring Into Action After Singer’s Hotel Location Leaks
• (26:01) - Story # 3: Recognizing fake news now a required subject in California schools
• (35:34) - Story # 4: Hackers breach healthcare orgs via ScreenConnect remote access
• (37:07) - Story # 4b: Bitter Pill: Third-Party Pharmaceutical Vendor Linked to Pharmacy and Health Clinic Cyberattack
• (42:59) - Story # 5: Russian hackers use Ngrok feature and WinRAR exploit to attack embassies
• (47:19) - Story # 6: US Announces IPStorm Botnet Takedown and Its Creator’s Guilty Plea
• (50:32) - Story # 7: Ignite News: Augment your EDR with deception tactics to catch adversaries early
• (59:54) - Snake Oil? Summit 2023

The post Talkin’ About Infosec News – 11/13/2023 appeared first on Black Hills Information Security.

• (00:00) - PreShow Banter™ — Tinder Skills Endorsements
• (01:38) - BHIS - Talkin' Bout [infosec] News 2023-11-13
• (02:42) - Story # 1: Boeing data published by Lockbit hacking gang
• (03:57) - Story # 2: Google, Meta, Discord, and more team up to fight child abuse online
• (28:06) - Story # 3: Data broker’s “staggering” sale of sensitive info exposed in unsealed FTC filing
• (39:37) - Story # 4: Maine government says data breach affects 1.3 million people
• (44:40) - Story # 1 REPRISE: Boeing data published by Lockbit hacking gang
• (50:52) - Story # 5: Inside Denmark’s hell week as critical infrastructure orgs faced cyberattacks

The post Talkin’ About Infosec News – 11/10/2023 appeared first on Black Hills Information Security.

• (00:00) - PreShow Banter™ — The Jerky Experience
• (03:40) - BHIS - Talkin' Bout [infosec] News 2023-11-06
• (04:34) - Story # 1: Okta hit by third-party data breach exposing employee information
• (07:03) - Story # 1b: Okta Hack Blamed on Employee Using Personal Google Account on Company Laptop
• (13:13) - Story # 2: Boeing confirms cyberattack, global services disrupted
• (14:34) - Story # 3: Four dozen countries declare they won’t pay ransomware ransoms
• (15:26) - Story # 4: https://www.healthcareinfosecurity.com/feds-levy-first-ever-hipaa-fine-for-ransomware-data-breach-a-23448
• (27:08) - Story # 5: “This vulnerability is now under mass exploitation.” Citrix Bleed bug bites hard
• (30:52) - Story # 6: 3,000 Apache ActiveMQ servers vulnerable to RCE attacks exposed online
• (32:03) - Story # 7: Exploit released for critical Cisco IOS XE flaw, many hosts still hacked
• (33:28) - Story # 7b: Cisco IOS XE CVE-2023-20198: Deep Dive and POC
• (42:38) - Story # 8: SEC charges SolarWinds CISO with fraud for misleading investors before major cyberattack

The post Talkin’ About Infosec News – 11/09/2023 appeared first on Black Hills Information Security.

• (00:00) - PreShow Banter™ — Costume Party
• (02:04) - BHIS - Talkin' Bout [infosec] News 2023-10-30
• (03:24) - Story # 1: Okta cybersecurity breach wipes out more than $2 billion in market cap
• (18:43) - Story # 2: Boeing assessing Lockbit hacking gang threat of sensitive data leak
• (26:09) - Story # 3: The AI-Generated Child Abuse Nightmare Is Here
• (41:37) - Story # 4: MGM Resorts hackers 'one of the most dangerous financial criminal groups’

The post Talkin’ About Infosec News – 11/4/2023 appeared first on Black Hills Information Security.

• (00:00) - PreShow Banter™ — Pre-Con-Crud
• (01:49) - BHIS - Talkin' Bout [infosec] News 2023-10-23
• (04:33) - WWHF 2023 recap
• (12:20) - Story # 1: Mysterious APT compromises Asian government's secure USBs
• (16:13) - Story # 2: CIA exposed to potential intelligence interception due to X's URL bug
• (20:02) - Story # 3: EPA withdraws cyber audit requirement for water systems
• (22:54) - Story # 3b: Florida Water Treatment Plant Hit With Cyber Attack
• (27:00) - Story # 4: Thousands of remote IT workers sent wages to North Korea to help fund weapons program, FBI says
• (33:10) - Story # 5: Okta says its support system was breached using stolen credentials
• (37:13) - Story # 6: Casio discloses data breach impacting customers in 149 countries
• (41:44) - Story # 7: Ragnar Locker ransomware’s dark web extortion sites seized by police
• (44:02) - Story # 7b: Ragnar Locker ransomware developer arrested in France
• (46:54) - Story # 8: Flipper Zero can be used to crash iPhones running iOS 17, but there's a way to foil the attack
• (50:42) - Story # 9: U.S. Government Releases Popular Phishing Technique Used by Hackers
• (53:39) - Story # 10: Selfie-scraper, Clearview AI, wins appeal against UK privacy sanction

The post Talkin’ About Infosec News – 10/10/23 appeared first on Black Hills Information Security.

• (00:00) - PreShow Banter™ — Canadian Bacon Day
• (04:35) - BHIS - Talkin' Bout [infosec] News 2023-10-09
• (06:19) - Story # 1: NSA and CISA reveal top 10 cybersecurity misconfigurations
• (13:35) - Story # 1b: NSA and CISA Red and Blue Teams Share Top Ten Cybersecurity Misconfigurations
• (21:21) - Story # 2: QR codes in emails? Watch out - it could be part of a 'Quishing' scam
• (25:07) - Story # 2b: https://github.com/jocephus/QuellR
• (28:16) - Story # 2c: https://twitter.com/vmyths/status/1212201412068818944
• (30:47) - Story # 3: New Marvin attack revives 25-year-old decryption flaw in RSA
• (35:59) - Story # 4: Bounty offered for secret NSA seeds behind NIST elliptic curves algo
• (38:01) - Story # 5: Rules of engagement issued to hacktivists after chaos
• (01:02:55) - PROGRAMMING NOTE – WWHF2023

The post Talkin’ About Infosec News – 10/9/2023 appeared first on Black Hills Information Security.

• (00:00) - PreShow Banter™ — The Scented Podcast
• (04:42) - BHIS - Talkin' Bout [infosec] News 2023-10-02
• (07:24) - Story # 1: Google assigns new maximum rated CVE to libwebp bug exploited in attacks
• (24:13) - Story # 2: Progress warns of maximum severity WS_FTP Server vulnerability
• (31:16) - Story # 3: Sony PlayStation Hack: What We Know So Far About the LAPSUS$ Cyberattack
• (36:10) - Story # 4: City of Fort Lauderdale loses $1.2 million in phishing scam, police in Florida say
• (41:42) - Story # 5: FCC announces plans to reinstate net neutrality
• (52:32) - Story # 6: [New research] Do longer passwords protect you from compromise?