Talkin' Bout [Infosec] News

This episode covers the FCC’s move to restrict or ban certain foreign-made networking equipment—especially routers tied to Chinese manufacturers—highlighting the potential cybersecurity risks, supply chain implications, and how the rule could affect ISPs and consumers. The hosts also discuss broader concerns around hardware trust, existing infrastructure, and what qualifies as “approved” devices under FCC guidelines, along with a brief, lighter mention of a viral robot incident making the rounds online.Join us LIVE on Mondays, 4:30pm EST.A weekly Podcast with BHIS and Friends. We discuss notable Infosec, and infosec-adjacent news stories gathered by our community news team.https://www.youtube.com/@BlackHillsInformationSecurityChat with us on Discord! - https://discord.gg/bhis🔴live-chatChapters(00:00) - PreShow Banter™ — Robot Handlers (05:11) - FCC Blocks Foreign-Made Routers – 2026-03-30 (06:44) - Story # 1: FCC moves to block new foreign-made routers (17:00) - Story # 2: FBI Chief Kash Patel’s Gmail Account was Hacked by Iranian Hackers (20:07) - Story # 3: FancyBear Exposed: Major OPSEC Blunder Inside Russian Espionage Ops (24:18) - Story # 4: LiteLLM and Telnyx compromised on PyPI: Tracing the TeamPCP supply chain campaign (27:49) - Story # 4b: TeamPCP Supply Chain Campaign (42:45) - Story # 5: Spylandia: How a Stretch of Florida Real Estate Has Become a Covert Corridor for Chinese and Russian Spies (45:51) - Story # 6: Anthropic readies Mythos model with high cybersecurity risk (57:31) - Story # 7: Google Ships WebMCP, The Browser-Based Backbone For The Agentic Web (01:02:24) - Story # 8: DDR5 Memory Prices Just Took a Noticeable Dive for the First Time in Months, and Google’s TurboQuant Might Be Behind It (01:04:03) - Securing the Cloud: Foundations by Andrew Krug (01:04:47) - Incident Response Simplified by Patterson Cake News LinksStory # 1: FCC moves to block new foreign-made routersStory # 2: FBI Chief Kash Patel’s Gmail Account was Hacked by Iranian HackersStory # 3: FancyBear Exposed: Major OPSEC Blunder Inside Russian Espionage OpsStory # 4: LiteLLM and Telnyx compromised on PyPI: Tracing the TeamPCP supply chain campaignStory # 4b: TeamPCP Supply Chain CampaignStory # 5: Spylandia: How a Stretch of Florida Real Estate Has Become a Covert Corridor for Chinese and Russian SpiesStory # 6: Anthropic readies Mythos model with high cybersecurity riskStory # 7: Google Ships WebMCP, The Browser-Based Backbone For The Agentic WebStory # 8: DDR5 Memory Prices Just Took a Noticeable Dive for the First Time in Months, and Google’s TurboQuant Might Be Behind ItSecuring the Cloud: Foundations by Andrew KrugIncident Response Simplified by Patterson CakeCreators & Guests Andy Pettit "Nerf" - Guest Andrew Krug - Guest Wade Wells - Host Corey Ham - Host Bronwen Aker - Host Patterson Cake - Guest Ryan Poirier - Producer Ralph May - Host Click here to watch this episode on YouTube. Click here to view the episode transcript. 🔗 Register for FREE Infosec Webcasts, Anti-casts & Summits https://poweredbybhis.comBrought to you by:Black Hills Information Security https://www.blackhillsinfosec.comAntisyphon Traininghttps://www.antisyphontraining.com/Active Countermeasureshttps://www.activecountermeasures.comWild West Hackin Festhttps://wildwesthackinfest.com

This episode covers a range of cybersecurity and AI-related news, including how Pokémon Go players may have unknowingly helped train delivery robots using massive image datasets. The hosts also discuss the Pentagon’s reported plans to train AI systems on classified data and the potential risks of exposing sensitive information. Additional topics include major data breaches (such as a third-party breach impacting Crunchyroll user data), ongoing challenges in cybersecurity practices, evolving AI security concerns, and real-world examples of exploits and vulnerabilities affecting mobile devices and organizations.Join us LIVE on Mondays, 4:30pm EST.A weekly Podcast with BHIS and Friends. We discuss notable Infosec, and infosec-adjacent news stories gathered by our community news team.https://www.youtube.com/@BlackHillsInformationSecurityChat with us on Discord! - https://discord.gg/bhis🔴live-chatChapters(00:00) - PreShow Banter™ — Easier Than Printers (05:20) - Pentagon Plans to Train AI With Classified Data – BHIS - Talkin' Bout [infosec] News 2026-03-23 (06:38) - Story # 1: Sears Exposed AI Chatbot Phone Calls and Text Chats to Anyone on the Web (07:38) - Story # 1b: ALT Link - Sears Exposed AI Chatbot Phone Calls and Text Chats to Anyone on the Web (15:35) - Story # 2: Federal cyber experts called Microsoft’s cloud a “pile of shit,” approved it anyway (24:31) - Story # 3: The Pentagon is planning for AI companies to train on classified data, defense official says (34:04) - Story # 4: CISA Urges Endpoint Management System Hardening After Cyberattack Against US Organization (37:50) - Story # 5: Warning: Your AI-Generated Password Is a Major Security Risk. Here’s What to Use Instead (42:21) - Story # 6: CISA warns of active exploitation of Microsoft SharePoint vulnerability (CVE-2026-20963) (49:57) - Story # 7: Massive China Data Leak: Hackers Access 10 Petabytes of Weapons Testing Data (51:28) - Story # 8: Anime fans' credit cards might be stolen from Sony streamer Crunchyroll (55:03) - Story # 9: The Proliferation of DarkSword: iOS Exploit Chain Adopted by Multiple Threat Actors LinksStory # 1: Sears Exposed AI Chatbot Phone Calls and Text Chats to Anyone on the WebStory # 1b: ALT Link - Sears Exposed AI Chatbot Phone Calls and Text Chats to Anyone on the WebStory # 2: Federal cyber experts called Microsoft’s cloud a “pile of shit,” approved it anywayStory # 3: The Pentagon is planning for AI companies to train on classified data, defense official saysStory # 4: CISA Urges Endpoint Management System Hardening After Cyberattack Against US OrganizationStory # 5: Warning: Your AI-Generated Password Is a Major Security Risk. Here’s What to Use InsteadStory # 6: CISA warns of active exploitation of Microsoft SharePoint vulnerability (CVE-2026-20963)Story # 7: Massive China Data Leak: Hackers Access 10 Petabytes of Weapons Testing DataStory # 8: Anime fans’ credit cards might be stolen from Sony streamer CrunchyrollStory # 9: The Proliferation of DarkSword: iOS Exploit Chain Adopted by Multiple Threat ActorsCreators & Guests John Strand - Host Ralph May - Host Chadd Watson - Guest Wade Wells - Host Alex Minster "Belouve" - Guest Hayden Covington - Host Bruce Potter - Guest Ryan Poirier - Producer Click here to watch this episode on YouTube. Click here to view the episode transcript. 🔗 Register for FREE Infosec Webcasts, Anti-casts & Summits https://poweredbybhis.comBrought to you by:Black Hills Information Security https://www.blackhillsinfosec.comAntisyphon Traininghttps://www.antisyphontraining.com/Active Countermeasureshttps://www.activecountermeasures.comWild West Hackin Festhttps://wildwesthackinfest.com

This episode covers multiple cybersecurity news stories, including Iranian hackers claiming responsibility for a cyberattack on Stryker, ongoing challenges in attributing nation-state cyber operations, and broader trends in global cyber conflict. The hosts also discuss the reliability of public breach claims, emerging threats targeting critical industries, and how organizations are responding to an increasingly complex threat landscape.Join us LIVE on Mondays, 4:30pm EST.A weekly Podcast with BHIS and Friends. We discuss notable Infosec, and infosec-adjacent news stories gathered by our community news team.https://www.youtube.com/@BlackHillsInformationSecurityChat with us on Discord! - https://discord.gg/bhis🔴live-chatChapters(00:00) - PreShow Banter™ — Organizing Family Beets (04:02) - Iranian Hackers Claim Responsibility for Stryker Attack - 2026-03-16 (08:56) - Story # 1: Iran-Backed Hackers Claim Wiper Attack on Medtech Firm Stryker (23:38) - Story # 2: How We Hacked McKinsey's AI Platform (32:30) - Story # 3: Amazon holds engineering meeting following AI-related outages (39:11) - Story # 4: Meta gets into social networks for AI agents with acquisition of viral Moltbook platform (45:24) - Story # 5: Meta to Shut Down Instagram End-to-End Encrypted Chat Support Starting May 2026 (50:45) - Story # 6: Michelin Confirms Data Breach Linked to Oracle EBS Attack (51:08) - Story # 7: New Dohdoor malware campaign targets education and health care (58:10) - Story # 8: Man's dog was riddled with tumors and dying. He used ChatGPT to design a custom cancer vaccine, stunning researchers LinksStory # 1: Iran-Backed Hackers Claim Wiper Attack on Medtech Firm StrykerStory # 2: How We Hacked McKinsey’s AI PlatformStory # 3: Amazon holds engineering meeting following AI-related outagesStory # 4: Meta gets into social networks for AI agents with acquisition of viral Moltbook platformStory # 5: Meta to Shut Down Instagram End-to-End Encrypted Chat Support Starting May 2026Story # 6: Michelin Confirms Data Breach Linked to Oracle EBS AttackStory # 7: New Dohdoor malware campaign targets education and health careStory # 8: Man’s dog was riddled with tumors and dying. He used ChatGPT to design a custom cancer vaccine, stunning researchersCreators & Guests Dan Rearden (Haircutfish) - Guest Bronwen Aker - Host Ralph May - Host John Strand - Host Troy Wojewoda - Guest Corey Ham - Host Hayden Covington - Host Wade Wells - Host Meagan Bentley - Producer Click here to watch this episode on YouTube. Click here to view the episode transcript. 🔗 Register for FREE Infosec Webcasts, Anti-casts & Summits https://poweredbybhis.comBrought to you by:Black Hills Information Security https://www.blackhillsinfosec.comAntisyphon Traininghttps://www.antisyphontraining.com/Active Countermeasureshttps://www.activecountermeasures.comWild West Hackin Festhttps://wildwesthackinfest.com

Join us LIVE on Mondays, 4:30pm EST.A weekly Podcast with BHIS and Friends. We discuss notable Infosec, and infosec-adjacent news stories gathered by our community news team.https://www.youtube.com/@BlackHillsInformationSecurityChat with us on Discord! - https://discord.gg/bhis🔴live-chatChapters(00:00) - PreShow Banter™ — That's Not How It Works (03:40) - A Nightmare of Vibeware – 2026-03-09 (04:54) - Story # 1: APT36: A Nightmare of Vibeware (13:56) - Story # 2: Oracle Layoffs: Tech giant to slash 30,000 jobs as banks pull out from financing AI data centres (16:28) - Story # 3: Iran-linked hacktivist groups target US infrastructure after Feb 28 strikes, cyber activity surges: Report (24:28) - Story # 4: Introducing the First Frontier Suite built on Intelligence + Trust (28:59) - Story # 5: Motorola partners with GrapheneOS for future phones (29:13) - Story # 5b: GrapheneOS: Microsoft Authenticator does not support secure Android OS (29:53) - Story # 6: Western allies form 6G security coalition amid tech rivalry with China (34:01) - Story # 7: ShinyHunters claims ongoing Salesforce Aura data theft attacks (35:47) - Story # 8: Doppelgänger / RRN Disinformation Infrastructure Ecosystem 2026 (44:33) - Story # 9: LexisNexis confirms data breach as hackers leak stolen files (49:10) - Story # 10: Google urges Supreme Court to strike down geofence warrants as unconstitutional (55:59) - ANTI-CAST : How to Detect Malicious Remote Workers w/ James McQuiggan (56:47) - SOC Summit 2026 LinksStory # 1: APT36: A Nightmare of VibewareStory # 2: Oracle Layoffs: Tech giant to slash 30,000 jobs as banks pull out from financing AI data centresStory # 3: Iran-linked hacktivist groups target US infrastructure after Feb 28 strikes, cyber activity surges: ReportStory # 4: Introducing the First Frontier Suite built on Intelligence + TrustStory # 5: Motorola partners with GrapheneOS for future phonesStory # 5b: GrapheneOS: Microsoft Authenticator does not support secure Android OSStory # 6: Western allies form 6G security coalition amid tech rivalry with ChinaStory # 7: ShinyHunters claims ongoing Salesforce Aura data theft attacksStory # 8: Doppelgänger / RRN Disinformation Infrastructure Ecosystem 2026Story # 9: LexisNexis confirms data breach as hackers leak stolen filesStory # 10: Google urges Supreme Court to strike down geofence warrants as unconstitutionalANTI-CAST : How to Detect Malicious Remote Workers w/ James McQuigganTroy & Wade’s Upcoming Things:– Antisyphon Training SOC Summit 2026– Breach Assessment - The Curious Case of the Comburglar w/ Troy Wojewoda– Network Forensics and Incident Response with Troy Wojewoda🔗 Register for FREE Infosec Webcasts, Anti-casts & Summits https://poweredbybhis.comBrought to you by:Black Hills Information Security https://www.blackhillsinfosec.comAntisyphon Traininghttps://www.antisyphontraining.com/Active Countermeasureshttps://www.activecountermeasures.comWild West Hackin Festhttps://wildwesthackinfest.com

Join us LIVE on Mondays, 4:30pm EST.A weekly Podcast with BHIS and Friends. We discuss notable Infosec, and infosec-adjacent news stories gathered by our community news team.https://www.youtube.com/@BlackHillsInformationSecurityChat with us on Discord! - https://discord.gg/bhis🔴live-chatChapters(00:00) - PreShow Banter™ — Kerberoasting Too Hard (05:05) - Pentagon Declares Anthropic a Supply Chain Risk — Talkin’ Bout [infosec] News 2026-03-02 (08:40) - Story # 1: Pentagon Designates Anthropic Supply Chain Risk (17:27) - Story # 2: European Parliament blocks AI on lawmakers’ devices, citing security risks (21:23) - Story # 3: Mexican Government Breach and the Rise of Agentic Cyber Threats (22:58) - Story # 4: 2026 CrowdStrike Global Threat Report: AI Accelerates Adversaries and Reshapes the Attack Surface (33:04) - Story # 5: Leak confirms GrapheneOS & Motorola partnership for non-Pixel hardware (38:24) - Story # 5b: Motorola announces a partnership with GrapheneOS Foundation, marking a new chapter in smartphone security and expanding its enterprise portfolio (39:21) - Story # 6: Immediate Action Required: CISA Issues Emergency Directive to Secure Cisco SD-WAN Systems (43:12) - Story # 7: Cops back Dutch telco Odido after second wave of ShinyHunters leaks (45:40) - Story # 8: Discord puts global age verification policy on hold after backlash (46:30) - Story # 9: A new California law says all operating systems, including Linux, need to have some form of age verification at account setup (51:51) - Story # 10: User accidentally gains control of over 6,700 robot vacuums (53:35) - Story # 11: App Warns You if Someone Is Wearing Smart Glasses Nearby (57:32) - Weekly CTF Winners (58:28) - Story # 12: Microsoft is blocking 'Microslop' comments in Copilot's official Discord server (59:01) - Story # 13: New AirSnitch attack bypasses Wi-Fi encryption in homes, offices, and enterprises LinksStory # 1: Pentagon Designates Anthropic Supply Chain RiskStory # 2: European Parliament blocks AI on lawmakers’ devices, citing security risksStory # 3: Mexican Government Breach and the Rise of Agentic Cyber ThreatsStory # 4: 2026 CrowdStrike Global Threat Report: AI Accelerates Adversaries and Reshapes the Attack SurfaceStory # 5: Leak confirms GrapheneOS & Motorola partnership for non-Pixel hardwareStory # 5b: Motorola announces a partnership with GrapheneOS Foundation, marking a new chapter in smartphone security and expanding its enterprise portfolioStory # 6: Immediate Action Required: CISA Issues Emergency Directive to Secure Cisco SD-WAN SystemsStory # 7: Cops back Dutch telco Odido after second wave of ShinyHunters leaksStory # 8: Discord puts global age verification policy on hold after backlashStory # 9: A new California law says all operating systems, including Linux, need to have some form of age verification at account setupStory # 10: User accidentally gains control of over 6,700 robot vacuumsStory # 11: App Warns You if Someone Is Wearing Smart Glasses NearbyStory # 12: Microsoft is blocking ‘Microslop’ comments in Copilot’s official Discord serverStory # 13: New AirSnitch attack bypasses Wi-Fi encryption in homes, offices, and enterprises🔗 Register for FREE Infosec Webcasts, Anti-casts & Summits https://poweredbybhis.comBrought to you by:Black Hills Information Security https://www.blackhillsinfosec.comAntisyphon Traininghttps://www.antisyphontraining.com/Active Countermeasureshttps://www.activecountermeasures.comWild West Hackin Festhttps://wildwesthackinfest.com