Talkin' Bout [Infosec] News

This episode covers the rising costs and restrictions surrounding AI agents, including token consumption, model access policies, and the growing dependence on AI tools for security work. The hosts discuss Troy Hunt’s retrospective on Have I Been Pwned reaching its 1,000th tracked breach, examining why breach disclosures appear to be slowing and how GDPR and CCPA requirements affect notification practices. Additional topics include password and email hygiene, the value of breach-notification services, AI infrastructure and data center costs, and new research mapping AI-enabled cyber threats to the MITRE ATT&CK framework.

Join us LIVE on Mondays, 4:30pm EST.
A weekly Podcast with BHIS and Friends. We discuss notable Infosec, and infosec-adjacent news stories gathered by our community news team.
https://www.youtube.com/@BlackHillsInformationSecurity
Chat with us on Discord! -
https://discord.gg/bhis
🔴live-chat

Chapters

(00:00) - PreShow Banter™ — Token Love

(05:11) - Breach Disclosure is Lag Worse Than Ever – 2026-06-08

(11:25) - Story #1 - Anthropic ‘plants’ engineers at NSA despite facing ban by Pentagon

(20:59) - Story #2 - A new service branch could be joining the U.S. Armed Forces family

(25:47) - Story #3 - Websites have a new way to spy on visitors: Analyzing their SSD activity

(31:11) - Story #4 - The Quiet Numbers Station: Decoding Nineteen Years of GPS Cryptography

(37:21) - Story #5 - 1,000 Data Breaches Later, the Disclosure Lag is Worse Than Ever

(43:23) - Story #6 - Mapping AI-enabled cyber threats: Insights from the LLM ATT&CK Navigator

(48:00) - Story #7 - Anthropic confidentially files IPO prospectus with SEC, prepping Wall Street for landmark AI deal

(01:02:26) - Story #8 - Microsoft Wants to 'Make People Addicted' to its New AI Assistant, Internal Documents Reveal

(01:03:29) - Story #9 - Amazon Shuts Down Internal AI Leaderboard After Employees Cheated

(01:04:57) - ANTI-CAST : RF Attacks Every InfoSec Pro Should Know with Paul Clark

(01:05:54) - Workshop: Build Your Own AI Security Agent

(01:06:43) - Training: Agentic AI for Threat Hunting

(01:07:16) - Training: Cyber Threat Intelligence 101 2-Day Version

(01:08:58) - ANTI-CAST: Prompt Engineering 201: The Context Stack w/ Bronwen Aker

Links
Story #1 - Anthropic ‘plants’ engineers at NSA despite facing ban by Pentagon
Story #2 - A new service branch could be joining the U.S. Armed Forces family
Story #3 - Websites have a new way to spy on visitors: Analyzing their SSD activity
Story #4 - The Quiet Numbers Station: Decoding Nineteen Years of GPS Cryptography
Story #5 - Russia Has Been Jamming GPS from Space Since 2019
Story #6 - Mapping AI-enabled cyber threats: Insights from the LLM AT&T&CK Navigator
Story #7 - Anthropic confidentially files IPO prospectus with SEC, prepping Wall Street for landmark AI deal
Story #8 - Microsoft Wants to ‘Make People Addicted’ to its New AI Assistant, Internal Documents Reveal
Story #9 - Amazon Shuts Down Internal AI Leaderboard After Employees Cheated
ANTI-CAST : RF Attacks Every InfoSec Pro Should Know with Paul Clark
Workshop: Build Your Own AI Security Agent
Workshop: Intro to SDR Hacking: Capture, Decode, Take Over
Training: Agentic AI for Threat Hunting
Training: Cyber Threat Intelligence 101 2-Day Version
ANTI-CAST: Prompt Engineering 201: The Context Stack w/ Bronwen AkerCreators & Guests

John Strand - Host

Ralph May - Host

Corey Ham - Host

Bronwen Aker - Host

Faan Rossouw - Guest

Ryan Poirier - Producer

Paul Clark - Guest

Wade Wells - Host

Click here to watch this episode on YouTube.

Click here to view the episode transcript.

🔗 Register for FREE Infosec Webcasts, Anti-casts & Summits 
https://poweredbybhis.com

Brought to you by:
Black Hills Information Security 
https://www.blackhillsinfosec.com

Antisyphon Training
https://www.antisyphontraining.com/

Active Countermeasures
https://www.activecountermeasures.com

Wild West Hackin Fest
https://wildwesthackinfest.com

This episode covers a Wired report on the rise of “anti-tech extremism” and growing public opposition to AI infrastructure projects, including debates over data centers, resource consumption, local communities, and government responses. The hosts also discuss AI coding assistants, model safety restrictions, and the evolving capabilities of large language models. Additional topics include Anthropic’s reported IPO plans and valuation, AI’s impact on the tech industry, and a conversation with David Bianco about AI-generated threat-hunting datasets and cybersecurity training.
Join us LIVE on Mondays, 4:30pm EST.
A weekly Podcast with BHIS and Friends. We discuss notable Infosec, and infosec-adjacent news stories gathered by our community news team.
https://www.youtube.com/@BlackHillsInformationSecurity
Chat with us on Discord! -
https://discord.gg/bhis
🔴live-chat

Chapters

(00:00) - PreShow Banter™ — Solving this thing

(03:52) - Anti-Tech Extremism - 2026-06-01

(08:08) - Threat Hunter Summit | June 17th 2026

(12:11) - Story # 1: US Law Enforcement Warns of ‘Anti-Tech Extremism’ as AI Hatred Grows

(20:54) - Story # 2: Anthropic files for its IPO

(23:35) - Story # 3: FBI: Hackers Sending Operatives in Person to Insert USB Drives and Steal Data

(29:41) - Story # 4: Microsoft Defender can now automatically isolate hacked endpoints

(30:45) - Story # 5: Microsoft's GitHub bans security researcher who posted zero-day Windows exploits because company 'ruined their life'

(36:54) - Story # 6: Cyber Force? Senator pushes to create service branch under the Army

(42:10) - Story # 7: Are you ready? Anthropic preparing to release Mythos publicly

(46:38) - Story # 8: Defense at AI speed: Microsoft’s new multi-model agentic security system tops leading industry benchmark

(49:12) - Story # 9: Attackers Use LLM Agent for Post-Exploitation After Marimo CVE-2026-39987 Exploit

(50:43) - Story # 10: Hackers Simply Asked Meta AI to Give Them Access to High-Profile Instagram Accounts. It Worked

(56:02) - Story # 11: Kali365 phishing kit bypasses MFA and steals Microsoft logins

(58:02) - Story # 12: Botnet of more than 17 million devices dismantled

(01:01:13) - Story # 13: United flight returns midair after Bluetooth device name reportedly sparks security scare

(01:03:49) - Story # 14: Inside the Charter data breach: hackers leak 13M+ customer data

(01:04:37) - Introducing EvidenceForge: Synthetic security logs that don’t look (as) fake

(01:10:04) - Threat Hunter Summit | June 17th 2026

(01:10:57) - Anti-Cast : How Hackers Attack CI/CD Pipelines w/ Phil Miller

(01:11:36) - Cyber Threat Intelligence 101 2-Day Version

(01:11:57) - Ralph's Practical Physical Exploitation Training & Tool Bundle

Links
00:00:00 - PreShow Banter™ — Solving this thing
00:03:52 - Anti-Tech Extremism - 2026-06-01
00:08:08 - Threat Hunter Summit | June 17th 2026
00:12:11 - Story # 1: US Law Enforcement Warns of ‘Anti-Tech Extremism’ as AI Hatred Grows
00:20:54 - Story # 2: Anthropic files for its IPO
00:23:36 - Story # 3: FBI: Hackers Sending Operatives in Person to Insert USB Drives and Steal Data
00:29:41 - Story # 4: Microsoft Defender can now automatically isolate hacked endpoints
00:30:46 - Story # 5: Microsoft’s GitHub bans security researcher who posted zero-day Windows exploits because company ‘ruined their life’
00:36:54 - Story # 6: Cyber Force? Senator pushes to create service branch under the Army
00:42:11 - Story # 7: Are you ready? Anthropic preparing to release Mythos publicly
00:46:39 - Story # 8: Defense at AI speed: Microsoft’s new multi-model agentic security system tops leading industry benchmark
00:49:12 - Story # 9: Attackers Use LLM Agent for Post-Exploitation After Marimo CVE-2026-39987 Exploit
00:50:44 - Story # 10: Hackers Simply Asked Meta AI to Give Them Access to High-Profile Instagram Accounts. It Worked
00:56:03 - Story # 11: Kali365 phishing kit bypasses MFA and steals Microsoft logins
00:58:02 - Story # 12: Botnet of more than 17 million devices dismantled
01:01:13 - Story # 13: United flight returns midair after Bluetooth device name reportedly sparks security scare
01:03:50 - Story # 14: Inside the Charter data breach: hackers leak 13M+ customer data
01:04:38 - Introducing EvidenceForge: Synthetic security logs that don’t look (as) fake
01:10:05 - Threat Hunter Summit | June 17th 2026
01:10:57 - Anti-Cast : How Hackers Attack CI/CD Pipelines w/ Phil Miller
01:11:37 - Cyber Threat Intelligence 101 2-Day Version
01:11:58 - Ralph’s Practical Physical Exploitation Training & Tool BundleCreators & Guests

Corey Ham - Host

Ralph May - Host

Shane Hartman - Guest

Wade Wells - Host

Ryan Poirier - Producer

David Bianco - Guest

Phil Miller - Guest

Click here to watch this episode on YouTube.

Click here to view the episode transcript.

🔗 Register for FREE Infosec Webcasts, Anti-casts & Summits 
https://poweredbybhis.com

Brought to you by:
Black Hills Information Security 
https://www.blackhillsinfosec.com

Antisyphon Training
https://www.antisyphontraining.com/

Active Countermeasures
https://www.activecountermeasures.com

Wild West Hackin Fest
https://wildwesthackinfest.com

This episode covers a CISA contractor’s accidental exposure of AWS GovCloud credentials and internal system details on GitHub, the FBI’s efforts to patch vulnerable routers, and a critical NGINX vulnerability with public proof-of-concept code. The team also discusses Microsoft’s handling of a disputed Azure Backup security finding, the challenges of vulnerability disclosure and CVE assignment, and GitHub’s ban of security researcher Nightmare Eclipse following the publication of unpatched Windows vulnerability research.
Join us LIVE on Mondays, 4:30pm EST.
A weekly Podcast with BHIS and Friends. We discuss notable Infosec, and infosec-adjacent news stories gathered by our community news team.
https://www.youtube.com/@BlackHillsInformationSecurity
Chat with us on Discord! -
https://discord.gg/bhis
🔴live-chat

Chapters

(00:00) - PreShow Banter™ — Getting to Chili's

(05:45) - GitHub bans vindictive security researcher - 2026-05-26

(07:09) - Story # 1: CISA Admin Leaked AWS GovCloud Keys on Github

(10:45) - Story # 2 - PoC Code Published for Critical NGINX Vulnerability

(12:53) - Story # 3 - Anthropic’s restricted Claude Mythos model may be coming to Claude Code

(16:16) - Story # 4 - The FBI just remotely reset thousands of home and small office routers – and your TP-Link could be on the hitlist

(22:37) - Story # 5 - Drupal to Release Emergency Core Security Updates Amid Fears of Rapid Exploitation

(25:52) - Story # 6 - Microsoft rejects critical Azure vulnerability report, no CVE issued

(28:09) - Story # 7 - GitHub bans vindictive security researcher dropping Windows zero-days: “I will make sure your bones are shattered”

(30:41) - Story # 8a - A Hacker Group Is Poisoning Open Source Code at an Unprecedented Scale

(32:16) - Story # 8b - TeamPCP breached GitHub’s internal codebase via poisoned VS Code extension

(35:21) - Story # 10 - Ubiquiti patches three max severity UniFi OS vulnerabilities

(37:51) - Story # 11 - Pizza Hut's AI system caused 'cascading' problems and $100M in damages, franchisee alleges in new suit

(43:55) - Story # 12 - Data Leak at German Hospital

(45:00) - Story # 13 - Microsoft shuts down illegal code-signing operation used by ransomware crims to mask their malware

(47:50) - Story # 14 - Chicken News

(50:07) - Story # 15 - New Windows 'MiniPlasma' zero-day exploit gives SYSTEM access, PoC released

(51:04) - Story # 15b - Might someone pass along that Crowdstrike and Nessus are having a moment?

Links
Story # 1 - CISA Admin Leaked AWS GovCloud Keys on Github
Story # 2 - PoC Code Published for Critical NGINX Vulnerability
Story # 3 - Anthropic’s restricted Claude Mythos model may be coming to Claude Code
Story # 4 - The FBI just remotely reset thousands of home and small office routers – and your TP-Link could be on the hitlist
Story # 5 - Drupal to Release Emergency Core Security Updates Amid Fears of Rapid Exploitation
Story # 6 - Microsoft rejects critical Azure vulnerability report, no CVE issued
Story # 7 - GitHub bans vindictive security researcher dropping Windows zero-days: “I will make sure your bones are shattered”
Story # 8a - A Hacker Group Is Poisoning Open Source Code at an Unprecedented Scale
Story # 8b - TeamPCP breached GitHub’s internal codebase via poisoned VS Code extension
Story # 10 - Ubiquiti patches three max severity UniFi OS vulnerabilities
Story # 11 - Pizza Hut’s AI system caused ‘cascading’ problems and $100M in damages, franchisee alleges in new suit
Story # 12 - Data Leak at German Hospital
Story # 13 - Microsoft shuts down illegal code-signing operation used by ransomware crims to mask their malware
Story # 14 - Chicken News
Story # 15 - New Windows ‘MiniPlasma’ zero-day exploit gives SYSTEM access, PoC released
Story # 15b - Might someone pass along that Crowdstrike and Nessus are having a moment?Creators & Guests

Alethe Denis - Guest

Corey Ham - Host

Wade Wells - Host

Bronwen Aker - Host

Meagan Bentley - Producer

Hayden Covington - Host

Click here to watch this episode on YouTube.

Click here to view the episode transcript.

🔗 Register for FREE Infosec Webcasts, Anti-casts & Summits 
https://poweredbybhis.com

Brought to you by:
Black Hills Information Security 
https://www.blackhillsinfosec.com

Antisyphon Training
https://www.antisyphontraining.com/

Active Countermeasures
https://www.activecountermeasures.com

Wild West Hackin Fest
https://wildwesthackinfest.com

This episode covers Mythos uncovering a vulnerability in cURL, a recent Google Threat Intelligence report on a zero-day exploit, and the growing impact of AI on capture-the-flag competitions and bug bounty programs. The hosts also discuss the economics of AI platforms like OpenAI, security research trends, and broader concerns around software vulnerabilities, automation, and defensive tooling.
Join us LIVE on Mondays, 4:30pm EST.
A weekly Podcast with BHIS and Friends. We discuss notable Infosec, and infosec-adjacent news stories gathered by our community news team.
https://www.youtube.com/@BlackHillsInformationSecurity
Chat with us on Discord! -
https://discord.gg/bhis
🔴live-chat

Chapters

(00:00) - PreShow Banter™ — Token CTFs

(03:18) - Story # 1: Mythos finds a curl vulnerability

(06:36) - Story # 2: Hackers Used AI to Develop First Known Zero-Day 2FA Bypass for Mass Exploitation

(14:47) - Story # 3: The down fall of bug bounties

(15:34) - Story # 3: Linus Torvalds says AI-powered bug hunters have made Linux security mailing list ‘almost entirely unmanageable’

(40:52) - Story # 4: Germany to Flood Ukraine’s Front Lines With Hundreds of New GEREON Combat Robots

(43:51) - Story # 4b: Wild Video Shows Delivery Robots Causing Havoc, Getting Obliterated

(49:35) - Story # 5: Windows BitLocker zero-day gives access to protected drives, PoC released

(56:09) - Story # 6: Deal reached with hackers to delete data stolen from the Canvas educational platform

(58:07) - Story # 7: Celebrities’ and influencers’ private communications exposed in stalkerware data breach

(58:54) - Story # 8: Exclusive: Hackers have breached tank readers at US gas stations; officials suspect Iran is responsible

(01:00:29) - Threat Hunting Summit Talk: Threat Hunting in the Dark: A Practical Approach

(01:04:47) - WEBCAST: Looking at A.I. Wrong with John Strand, BB King and Derek Banks

Links
Story # 1: Mythos finds a curl vulnerability
Story # 2: Hackers Used AI to Develop First Known Zero-Day 2FA Bypass for Mass Exploitation
Story # 3: The down fall of bug bounties
Story # 3: Linus Torvalds says AI-powered bug hunters have made Linux security mailing list ‘almost entirely unmanageable’
Story # 4: Germany to Flood Ukraine’s Front Lines With Hundreds of New GEREON Combat Robots
Story # 4b: Wild Video Shows Delivery Robots Causing Havoc, Getting Obliterated
Story # 5: Windows BitLocker zero-day gives access to protected drives, PoC released
Story # 6: Deal reached with hackers to delete data stolen from the Canvas educational platform
Story # 7: Celebrities’ and influencers’ private communications exposed in stalkerware data breach
Story # 8: Exclusive: Hackers have breached tank readers at US gas stations; officials suspect Iran is responsible
Threat Hunting Summit Talk: Threat Hunting in the Dark: A Practical Approach
WEBCAST: Looking at A.I. Wrong with John Strand, BB King and Derek BanksCreators & Guests

John Strand - Host

Corey Ham - Host

Wade Wells - Host

Bronwen Aker - Host

Ralph May - Host

Shane Hartman - Guest

Meagan Bentley - Producer

Hayden Covington - Host

Click here to watch this episode on YouTube.

Click here to view the episode transcript.

🔗 Register for FREE Infosec Webcasts, Anti-casts & Summits 
https://poweredbybhis.com

Brought to you by:
Black Hills Information Security 
https://www.blackhillsinfosec.com

Antisyphon Training
https://www.antisyphontraining.com/

Active Countermeasures
https://www.activecountermeasures.com

Wild West Hackin Fest
https://wildwesthackinfest.com

Join us LIVE on Mondays, 4:30pm EST.
A weekly Podcast with BHIS and Friends. We discuss notable Infosec, and infosec-adjacent news stories gathered by our community news team.
https://www.youtube.com/@BlackHillsInformationSecurity
Chat with us on Discord! -
https://discord.gg/bhis
🔴live-chat
This episode of Talking About News focuses on the reported Canvas/Instructure breach, including discussion around ShinyHunters, transparency concerns, higher education security challenges, and possible attack paths involving phishing and tenant compromise. The team also explores broader cybersecurity trends such as social engineering, ransomware pressure tactics, and the growing role of AI and platform security in modern enterprise environments.
Chapters

(00:00) - PreShow Banter™ — Californian Problems

(02:25) - The Canvas / Instructure Breach – 2026-05-11

(10:23) - Story # 1: Canvas Breach Disrupts Schools & Colleges Nationwide

(13:45) - Story # 1b: Security Incident Update & FAQs

(43:14) - Story # 2: Wazuh cluster sync path traversal in decompress_files() enables arbitrary file write and code execution from authenticated cluster peer

(47:34) - Story # 3: Google Chrome silently installs a 4 GB AI model on your device without consent.

(52:19) - Story # 4: Trellix source code breach claimed by RansomHouse hackers

(58:12) - Story # 5: Rose Acre Farms Targeted in Alleged Lynx Ransomware Attack - Cybersecurity

LinksStory # 1: Canvas Breach Disrupts Schools & Colleges Nationwide
Story # 1b: Security Incident Update & FAQs
Story # 2: Wazuh cluster sync path traversal in decompress_files() enables arbitrary file write and code execution from authenticated cluster peer
Story # 3: Google Chrome silently installs a 4 GB AI model on your device without consent.
Story # 4: Trellix source code breach claimed by RansomHouse hackers
Story # 5: Rose Acre Farms Targeted in Alleged Lynx Ransomware Attack - Cybersecurity
Wade's Workshop: Threat Actor Profiling: Know Your Enemy
Alethe Denis' Webcast: How to Build a Bulletproof Pretext
Alethe Denis' Workshop: How to Build Pressure-Proof Pretexts
Creators & Guests

John Strand - Host

Corey Ham - Host

Wade Wells - Host

Ched "cheddar" Wiggins - Guest

Bronwen Aker - Host

Hayden Covington - Host

Ryan Poirier - Producer

Alethe Denis - Guest

Click here to watch this episode on YouTube.

Click here to view the episode transcript.

🔗 Register for FREE Infosec Webcasts, Anti-casts & Summits 
https://poweredbybhis.com

Brought to you by:
Black Hills Information Security 
https://www.blackhillsinfosec.com

Antisyphon Training
https://www.antisyphontraining.com/

Active Countermeasures
https://www.activecountermeasures.com

Wild West Hackin Fest
https://wildwesthackinfest.com