POPULARITY
This week's episode covers a series of cybersecurity stories, including a researcher's discovery of vulnerabilities in FIFA's World Cup platform that could have enabled unauthorized administrative access and even the ability to alter live broadcasts. The team also discusses the risks of large-scale identity verification data exposure, supply chain attacks impacting the scientific research community, ongoing fallout from Broadcom's VMware acquisition, and legal challenges from major organizations facing rising VMware costs. Along the way, the hosts share commentary on AI-related security concerns, access control failures, and the broader impact of vendor decisions on enterprise security.Join us LIVE on Mondays, 4:30pm EST.A weekly Podcast with BHIS and Friends. We discuss notable Infosec, and infosec-adjacent news stories gathered by our community news team.https://www.youtube.com/@BlackHillsInformationSecurityChat with us on Discord! - https://discord.gg/bhis
This episode dives into the fallout from new restrictions on Anthropic's cybersecurity-focused AI models, Mythos and Fable, and the debate over whether government pressure has effectively blocked security researchers from using advanced AI for vulnerability discovery and code analysis. The panel discusses AI “jailbreaking” claims, export-control comparisons, the impact on penetration testing and bug hunting, and how AI is accelerating vulnerability research. Other topics include responsible disclosure challenges, the growing volume of AI-assisted security findings, and what these developments mean for researchers, vendors, and the future of offensive security.Join us LIVE on Mondays, 4:30pm EST.A weekly Podcast with BHIS and Friends. We discuss notable Infosec, and infosec-adjacent news stories gathered by our community news team.https://www.youtube.com/@BlackHillsInformationSecurityChat with us on Discord! - https://discord.gg/bhis
This episode covers the rising costs and restrictions surrounding AI agents, including token consumption, model access policies, and the growing dependence on AI tools for security work. The hosts discuss Troy Hunt's retrospective on Have I Been Pwned reaching its 1,000th tracked breach, examining why breach disclosures appear to be slowing and how GDPR and CCPA requirements affect notification practices. Additional topics include password and email hygiene, the value of breach-notification services, AI infrastructure and data center costs, and new research mapping AI-enabled cyber threats to the MITRE ATT&CK framework.Join us LIVE on Mondays, 4:30pm EST.A weekly Podcast with BHIS and Friends. We discuss notable Infosec, and infosec-adjacent news stories gathered by our community news team.https://www.youtube.com/@BlackHillsInformationSecurityChat with us on Discord! - https://discord.gg/bhis
This episode covers a Wired report on the rise of “anti-tech extremism” and growing public opposition to AI infrastructure projects, including debates over data centers, resource consumption, local communities, and government responses. The hosts also discuss AI coding assistants, model safety restrictions, and the evolving capabilities of large language models. Additional topics include Anthropic's reported IPO plans and valuation, AI's impact on the tech industry, and a conversation with David Bianco about AI-generated threat-hunting datasets and cybersecurity training.Join us LIVE on Mondays, 4:30pm EST.A weekly Podcast with BHIS and Friends. We discuss notable Infosec, and infosec-adjacent news stories gathered by our community news team.https://www.youtube.com/@BlackHillsInformationSecurityChat with us on Discord! - https://discord.gg/bhis
This episode covers a CISA contractor's accidental exposure of AWS GovCloud credentials and internal system details on GitHub, the FBI's efforts to patch vulnerable routers, and a critical NGINX vulnerability with public proof-of-concept code. The team also discusses Microsoft's handling of a disputed Azure Backup security finding, the challenges of vulnerability disclosure and CVE assignment, and GitHub's ban of security researcher Nightmare Eclipse following the publication of unpatched Windows vulnerability research.Join us LIVE on Mondays, 4:30pm EST.A weekly Podcast with BHIS and Friends. We discuss notable Infosec, and infosec-adjacent news stories gathered by our community news team.https://www.youtube.com/@BlackHillsInformationSecurityChat with us on Discord! - https://discord.gg/bhis
This episode covers Mythos uncovering a vulnerability in cURL, a recent Google Threat Intelligence report on a zero-day exploit, and the growing impact of AI on capture-the-flag competitions and bug bounty programs. The hosts also discuss the economics of AI platforms like OpenAI, security research trends, and broader concerns around software vulnerabilities, automation, and defensive tooling.Join us LIVE on Mondays, 4:30pm EST.A weekly Podcast with BHIS and Friends. We discuss notable Infosec, and infosec-adjacent news stories gathered by our community news team.https://www.youtube.com/@BlackHillsInformationSecurityChat with us on Discord! - https://discord.gg/bhis
Join us LIVE on Mondays, 4:30pm EST.A weekly Podcast with BHIS and Friends. We discuss notable Infosec, and infosec-adjacent news stories gathered by our community news team.https://www.youtube.com/@BlackHillsInformationSecurityChat with us on Discord! - https://discord.gg/bhis
Join us LIVE on Mondays, 4:30pm EST.A weekly Podcast with BHIS and Friends. We discuss notable Infosec, and infosec-adjacent news stories gathered by our community news team.https://www.youtube.com/@BlackHillsInformationSecurityChat with us on Discord! - https://discord.gg/bhis
This episode dives into the economics and competitive dynamics of the AI industry, including discussions on profitability, pricing strategies, monopolization, and the rise of open and distilled models—particularly concerns around Chinese AI competition. The hosts also cover a reported long-running phishing campaign linked to Chinese actors targeting NASA-affiliated researchers and engineers, highlighting how social engineering was used to extract sensitive aerospace information.Join us LIVE on Mondays, 4:30pm EST.A weekly Podcast with BHIS and Friends. We discuss notable Infosec, and infosec-adjacent news stories gathered by our community news team.https://www.youtube.com/@BlackHillsInformationSecurityChat with us on Discord! - https://discord.gg/bhis
This episode covers several major cybersecurity and tech news stories, including a supply chain–related breach at Vercel involving exposed environment variables and compromised third-party AI tooling. The hosts also discuss concerns around AI-driven data risks, including browser extensions and large-scale data collection. Additional topics include a service scraping and republishing Zoom webinar recordings, evolving issues with web cookies and tracking, and industry news such as reports of Apple CEO Tim Cook stepping down.Join us LIVE on Mondays, 4:30pm EST.A weekly Podcast with BHIS and Friends. We discuss notable Infosec, and infosec-adjacent news stories gathered by our community news team.https://www.youtube.com/@BlackHillsInformationSecurityChat with us on Discord! - https://discord.gg/bhis
This episode dives into Anthropic's “Project Glasswing” and the broader implications of AI-driven offensive security, including models autonomously discovering vulnerabilities and attempting sandbox escapes. The hosts discuss how agentic AI testing approaches could reshape vulnerability research, while also raising concerns about AI safety, regulation, and real-world risk. Additional topics include the growing impact of AI on security workflows, rising infrastructure costs tied to AI demand, a new infostealer ecosystem overview, and ongoing debates about data collection practices and platform privacy.Join us LIVE on Mondays, 4:30pm EST.A weekly Podcast with BHIS and Friends. We discuss notable Infosec, and infosec-adjacent news stories gathered by our community news team.https://www.youtube.com/@BlackHillsInformationSecurityChat with us on Discord! - https://discord.gg/bhis
This episode covers several major cybersecurity and tech news stories, including a sophisticated NPM supply chain attack that compromised the widely used Axios library through advanced social engineering, and the broader implications for software security. The hosts also discuss the accidental leak of Anthropic's Claude codebase, what it reveals about AI development practices, and the risks of misconfigurations exposing sensitive systems. Additional conversation touches on AI reliability, “vibe-coded” software, and the growing role of AI in both development and attack techniques.Join us LIVE on Mondays, 4:30pm EST.A weekly Podcast with BHIS and Friends. We discuss notable Infosec, and infosec-adjacent news stories gathered by our community news team.https://www.youtube.com/@BlackHillsInformationSecurityChat with us on Discord! - https://discord.gg/bhis
This episode covers the FCC's move to restrict or ban certain foreign-made networking equipment—especially routers tied to Chinese manufacturers—highlighting the potential cybersecurity risks, supply chain implications, and how the rule could affect ISPs and consumers. The hosts also discuss broader concerns around hardware trust, existing infrastructure, and what qualifies as “approved” devices under FCC guidelines, along with a brief, lighter mention of a viral robot incident making the rounds online.Join us LIVE on Mondays, 4:30pm EST.A weekly Podcast with BHIS and Friends. We discuss notable Infosec, and infosec-adjacent news stories gathered by our community news team.https://www.youtube.com/@BlackHillsInformationSecurityChat with us on Discord! - https://discord.gg/bhis
This episode covers a range of cybersecurity and AI-related news, including how Pokémon Go players may have unknowingly helped train delivery robots using massive image datasets. The hosts also discuss the Pentagon's reported plans to train AI systems on classified data and the potential risks of exposing sensitive information. Additional topics include major data breaches (such as a third-party breach impacting Crunchyroll user data), ongoing challenges in cybersecurity practices, evolving AI security concerns, and real-world examples of exploits and vulnerabilities affecting mobile devices and organizations.Join us LIVE on Mondays, 4:30pm EST.A weekly Podcast with BHIS and Friends. We discuss notable Infosec, and infosec-adjacent news stories gathered by our community news team.https://www.youtube.com/@BlackHillsInformationSecurityChat with us on Discord! - https://discord.gg/bhis
Our featured guest this month is CJ Cox, COO of Black Hills Information Security, interviewed by Frank Victory. News from City of Denver, Block, Zvelo, Lares, FusionAuth, RADICL, Ping Identity, Red Canary and a lot more! We often talk about cybersecurity as a series of technical hurdles, but CJ frames it through Maslow's Hierarchy of Needs. At the bottom? Paying the mortgage and surviving the 4th-quarter burnout. At the top? Self-actualization. Doing great work with cool people. But here's the kicker: CJ argues that real security doesn't come from the name on your badge or the company you work for. It comes from your internal capability to learn and adapt. We're experimenting with a new, long-form format on the podcast to explore these "human" elements of the industry—the leadership, the culture, and the "why" behind the "how."Check out the full episode where we discuss: Why BHIS says "No" to multi-million dollar buyouts. The "Borg" effect of corporate acquisitions. Why building a SOC is a three-year slog, not an "easy button." Come join us on the Colorado = Security Slack channel to meet old and new friends. Sign up for our mailing list on the main site to receive weekly updates - https://www.colorado-security.com/. If you have any questions or comments, or any organizations or events we should highlight, contact Alex and Robb at info@colorado-security.com This week's news: Colorado ranks 28th for family-friendly home buyers in national study Block cuts 61 Colorado jobs in AI-driven automation push Denver turns to AI to help fix permitting speed, consistency Denver set to pause data center development as mayor joins call for moratorium Colorado man, cybersecurity experts and BBB warn about AI deepfake scams Building the Future of Defense Tech Your Token Proves Who You Are, Not What You Own The Visibility Gap: 5 Purple Team Tests Your EDR is Probably Missing AI Model Drift Is Inevitable. Trusted Intelligence Requires Human Supervision. Breaking down a supply chain attack leveraging a malicious Google Workspace OAuth app Upcoming Events: Check out the full calendar ISSA COS - March Chapter Meeting -3/10 ISSA Denver - March Chapter Meeting - 3/11 IdentiBeer - 3/18 Denver OWASP - MCP LFI in 60 minutes (or your money back) - 3/18 ISACA Denver - March Chapter Meeting (virtual) - 3/19 ISC2 Pikes Peak - 3/25 ISACA Denver - CISA Spring Training Classes - 3/28 View our events page for a full list of upcoming events * Thanks to CJ Adams for our intro and exit! If you need any voiceover work, you can contact him here at carrrladams@gmail.com. Check out his other voice work here. * Intro and exit song: "The Language of Blame" by The Agrarians is licensed under CC BY 2.0
In this episode, the crew dives into reports that Palo Alto Networks allegedly avoided directly attributing a threat campaign to China over fears of retaliation—sparking a broader debate about corporate and government threat attribution, geopolitics, and whether attribution still matters in today's cyber landscape.They also explore the escalating AI arms race, including Meta's aggressive (and expensive) talent poaching, the growing rivalry between OpenAI and Anthropic, and what it all means for the future of the industry.Rounding out the episode, the team discusses the unintended consequences of the AI boom—like global hardware shortages stretching beyond GPUs to hard drives—and examines emerging prompt injection attack techniques, highlighting real-world examples and the growing security risks surrounding AI-powered tools.Join us LIVE on Mondays, 4:30pm EST.A weekly Podcast with BHIS and Friends. We discuss notable Infosec, and infosec-adjacent news stories gathered by our community news team.https://www.youtube.com/@BlackHillsInformationSecurityChat with us on Discord! - https://discord.gg/bhis
Live from Wild West Hackin' Fest Denver 2026, the Black Hills Information Security crew brings their signature mix of sharp security insight and off-the-cuff banter to a packed in-person audience. This episode centers on a controversial Notepad update that introduced Markdown rendering—along with a potential remote code execution (RCE) issue. The hosts unpack what this says about modern software bloat, “vibe coding,” and the growing push to embed AI into everything—whether it belongs there or not. They also explore the implications of Discord's Age verification requirements, AI-generated code, including OpenAI's latest Codex model, and debate whether we're headed toward a wave of AI-assisted vulnerabilities.Join us LIVE on Mondays, 4:30pm EST.A weekly Podcast with BHIS and Friends. We discuss notable Infosec, and infosec-adjacent news stories gathered by our community news team.https://www.youtube.com/@BlackHillsInformationSecurityChat with us on Discord! - https://discord.gg/bhis
Join us LIVE on Mondays, 4:30pm EST.A weekly Podcast with BHIS and Friends. We discuss notable Infosec, and infosec-adjacent news stories gathered by our community news team.https://www.youtube.com/@BlackHillsInformationSecurityChat with us on Discord! - https://discord.gg/bhis
Join us LIVE on Mondays, 4:30pm EST.A weekly Podcast with BHIS and Friends. We discuss notable Infosec, and infosec-adjacent news stories gathered by our community news team.https://www.youtube.com/@BlackHillsInformationSecurityChat with us on Discord! - https://discord.gg/bhis
Join us LIVE on Mondays, 4:30pm EST.A weekly Podcast with BHIS and Friends. We discuss notable Infosec, and infosec-adjacent news stories gathered by our community news team.https://www.youtube.com/@BlackHillsInformationSecurityChat with us on Discord! - https://discord.gg/bhis
Join us LIVE on Mondays, 4:30pm EST.A weekly Podcast with BHIS and Friends. We discuss notable Infosec, and infosec-adjacent news stories gathered by our community news team.https://www.youtube.com/@BlackHillsInformationSecurityChat with us on Discord! - https://discord.gg/bhis
Join us LIVE on Mondays, 4:30pm EST.A weekly Podcast with BHIS and Friends. We discuss notable Infosec, and infosec-adjacent news stories gathered by our community news team.https://www.youtube.com/@BlackHillsInformationSecurityChat with us on Discord! - https://discord.gg/bhis
Join us LIVE on Mondays, 4:30pm EST.A weekly Podcast with BHIS and Friends. We discuss notable Infosec, and infosec-adjacent news stories gathered by our community news team.https://www.youtube.com/@BlackHillsInformationSecurityChat with us on Discord! - https://discord.gg/bhis
MalwareTech was an anonymous security researcher, until he accidentally stopped WannaCry, one of the largest ransomware attacks in history. That single act of heroism shattered his anonymity and pulled him into a world he never expected.https://malwaretech.comSponsorsSupport for the show comes from Black Hills Information Security. Black Hills has a variety of penetration assessment and security auditing services they provide customers to help keep improve the security of a company. If you need a penetration test check out www.blackhillsinfosec.com/darknet.Support for this show comes from Arctic Wolf. Arctic Wolf is the industry leader in security operations solutions, delivering 24x7 monitoring, assessment, and response through our patented Concierge Security model. They work with your existing tools and become an extension of your existing IT team. Visit arcticwolf.com/darknet to learn more.Support for this show comes from Cloaked, a digital privacy tool. Cloaked offers private email, phone numbers, and virtual credit card numbers. So you can be anonymous online. They also will remove your personal information from the internet. Like home address, SSN, and phone numbers. Listeners get 20% off a Cloaked subscription when they visit https://cloaked.com/darknet. Calling 1-855-752-5625 for a free scan to check if your personal information is exposed!
Dorota Kozlowska is a social engineer and penetration tester for Black Hills Information Security. She has her own podcast which can be found on Twitch and YouTube and recently presented at the Disobey conference in Finland. On this episode, she talks about how to get into social engineering as a job, some techniques for elicitation, what skills one needs to be a social engineer and the all-important sympathy vs. empathy.
The stories that matter most to #cybersecurity insiders, analysts, and business leaders. Delivered every weekday.
The stories that matter most to #cybersecurity insiders, analysts, and business leaders. Delivered every weekday.
The stories that matter most to #cybersecurity insiders, analysts, and business leaders. Delivered every weekday.
The stories that matter most to #cybersecurity insiders, analysts, and business leaders. Delivered every weekday.
The stories that matter most to #cybersecurity insiders, analysts, and business leaders. Delivered every weekday.
The stories that matter most to #cybersecurity insiders, analysts, and business leaders. Delivered every weekday.
The stories that matter most to #cybersecurity insiders, analysts, and business leaders. Delivered every weekday.
The stories that matter most to #cybersecurity insiders, analysts, and business leaders. Delivered every weekday.
The stories that matter most to #cybersecurity insiders, analysts, and business leaders. Delivered every weekday.
The stories that matter most to #cybersecurity insiders, analysts, and business leaders. Delivered every day.
The stories that matter most to #cybersecurity insiders, analysts, and business leaders. Delivered every weekday.
The stories that matter most to #cybersecurity insiders, analysts, and business leaders. Delivered every weekday.
The stories that matter most to #cybersecurity insiders, analysts, and business leaders. Delivered every weekday.
The stories that matter most to #cybersecurity insiders, analysts, and business leaders. Delivered every weekday.
The stories that matter most to #cybersecurity insiders, analysts, and business leaders. Delivered every weekday.
The stories that matter most to #cybersecurity insiders, analysts, and business leaders. Delivered every weekday.
The stories that matter most to #cybersecurity insiders, analysts, and business leaders. Delivered every weekday.
Corey Quinn talks with Serena DiPenti, aka “SheNetworks,” about her career from Cisco to Black Hills Information Security and her challenges in content creation. Serena reflects on starting at Cisco, where her role as a tech engineer required deep expertise and navigating rigid, high-pressure situations that led to burnout and limited growth opportunities. Now at Black Hills, she enjoys the hands-on work in security analysis and network-based penetration testing. Serena finds content creation more demanding than her cybersecurity work, often facing audience skepticism and burnout. However, her podcast Breaking the Internet provides a rewarding, conversational outlet for sharing insights.Show Highlights(00:00) Introduction(00:37) Dragonfly sponsor read(1:20) Catching up with Serena since she was last on the show(2:34) Serena's experience at CISCO(8:00) How Serena got stuck in her TAC role(11:06) Serena's pivot to her new role at Black Hills Information Security(14:10) When Serena finds time to sleep during her busy schedule(16:43) Corey's short-lived attempt at YouTube(20:28) The importance of conversational content(21:43) Serena's plans for naming and branding(25:49) Where Serena sees herself aiming next(31:18) How to follow Serena's workAbout SerenaSerena DiPenti is an offensive security professional who shares her experiences and expertise through her Shenetworks educational content on platforms like TikTok, Twitter (X), YouTube, and Twitch. Her focus includes topics related to penetration testing, ethical hacking, and other areas of cybersecurity. She's passionate about helping others break into the cybersecurity field, offering tips, guidance, and career advice.Serena's work includes creating accessible and engaging content that demystifies complex cybersecurity concepts, making the industry more inclusive and approachable for beginners and professionals alike.LinksYouTube: https://www.youtube.com/@shenetworks TikTok: https://www.tiktok.com/@shenetworks?lang=en Twitter: https://x.com/shenetworksBuy our charity shirt to help support 826 National!https://store.lastweekinaws.com/SponsorDragonfly: dragonflydb.io
The stories that matter most to #cybersecurity insiders, analysts, and business leaders. Delivered every weekday.
CJ Cox, Chief Operating Officer at Black Hills Information Security is our feature interview this week, interviewed by Frank Victory. News from Sundance Film, Valhallan, Red Canary, Optiv and a lot more. Support us on Patreon! Fun swag available - all proceeds will directly support the Colorado = Security infrastructure. Come join us on the new Colorado = Security Slack channel to meet old and new friends. Sign up for our mailing list on the main site to receive weekly updates - https://www.colorado-security.com/. If you have any questions or comments, or any organizations or events we should highlight, contact Alex and Robb at info@colorado-security.com This week's news: Join the Colorado = Security Slack channel Boulder selected as 1 of 3 finalists to host Sundance Film Festival in 2027 Colorado adds a single Michelin-starred restaurant Houston-based esports company opens metro-area training center, plans more Five Colorado small businesses rank among U.S. Chamber's top 100 How Arvada became Colorado's quantum hub The CrowdStrike outage: Detection and defense in depth | Red Canary A Technological Revolution: How AI is Increasing Efficiency in Cybersecurity Top Five Budget-Friendly OT Networking Improvements for Small Manufacturers UCCS Day of Service – Community Cyber Hygiene Open House - National Cybersecurity Center Job Openings: Invenergy - Director, Cyber Security Programs Twilio - Director, Cybersecurity Counsel S&P Global - Head of Security Architecture & Engineering Moody's - VP-Cybersecurity Engineer (Cyber Investigations Manager) The Trade Desk - Sr. Manager, Global Security & Resilience Bank of America - Cloud Security Controls Deployment Specialist – Global Information Security Protiviti - Privacy Management Senior Consultant ZOLL - Information Security Architect Red Canary - Senior Threat Hunter Xcel Energy - Senior Regulatory Security Consultant Upcoming Events: This Week and Next: Secure World Denver - 10/10 ISSA COS - October Meeting - 10/15 Let's Talk Software Security - Is Pursuing CHANGE Essential in AppSec? - 10/15 CSA Colorado - October Meeting: Addressing Material Risks - 10/15 ISACA Denver - October Chapter Meeting (Online only): Auditing with AI - Demos - 10/17 Webinar: Cisco SCOR: Building a Strong Cybersecurity Foundation - 10/17 ISSA COS - October Mini Seminar - 10/19 ISC2 Pikes Peak - October Meeting - 10/23 View our events page for a full list of upcoming events * Thanks to CJ Adams for our intro and exit! If you need any voiceover work, you can contact him here at carrrladams@gmail.com. Check out his other voice work here. * Intro and exit song: "The Language of Blame" by The Agrarians is licensed under CC BY 2.0