Podcasts about infosec

There is a con called the Spanish Prisoner. A letter arrives from a stranger: a wealthy man sits in a foreign jail, and for a small advance to free him, he will reward you many times over. The trick is at least four hundred years old. It is also, give or take a few details, the email sitting in your spam folder this morning. I keep that in mind whenever someone tells me cybercrime is a technology problem. The tools change. The mark does not. We are still robbed through the same prehistoric wiring: a flash of fear, a moment of greed, a decision made in panic before the slow part of the brain wakes up. That is the thread I pulled on with Sarah Armstrong-Smith at InfoSecurity Europe. Sarah spent nearly thirty years in cyber and crisis leadership, was Chief Security Advisor at Microsoft, and now runs Secure Horizons. She has written two books on the human side of all this and sits on the UK Government Cyber Advisory Board. After all of it, she says the thing most people in her position will not say out loud: whatever we are doing is not working. More tools, more money, more people, more AI, and the problem keeps getting worse. Attack, wake-up call, attack, wake-up call. How many wake-up calls, she asks, does anyone need? I asked what keeps her up at night. She described an industrial accident on the scale of 9/11, triggered through a network: the first time a cyber incident kills people in numbers. We have been lucky so far. She doubts luck is a plan. The industry loves a big number, and the number is exactly where the human disappears. X million records stolen, Y terabytes gone. The day before, my friend Geoff White sat in this same chair and described a ransomware attack that shut down a hospital, which meant a woman missed the cancer appointment she had counted on. That is an Armageddon, and it has a name and a face. Sarah, as it happens, knows Geoff's work well enough to carry a line from him on the back of her book. The human element keeps finding the same small circle of people willing to talk about it. So how do we move this from a line item to a fact of society? Her answer is collective resilience. There is no prize for being the last one standing, because we are all wired into the same supply chain, the same dependencies, the same brittle web. And the smallest businesses, the ones without a war chest to ride out the storm, are the ones we discuss the least. Then a statistic. Close to half of all crime in the UK is now fraud or cyber. Around one percent of policing is pointed at it. Read those two numbers again. We fund what we can see, and we want officers on the street because a visible patrol both deters the thief and reassures the neighbourhood. The crime that actually empties our accounts happens somewhere we have agreed not to look. Follow the money, Sarah says, and you rarely stop at one criminal's pocket. It pays for the next thing: drugs, weapons, and more often than people imagine, the trafficking of human beings. Will AI save us? She did not flinch. Whatever you build to detect, the other side uses to evade. The asymmetry holds. Technology is part of the answer and never the whole of it, because the problem was never only technical. So what do we carry forward, and what do we leave behind? We carry the person behind the number: the one who misses the appointment, the small shop that never reopens. We leave behind the fantasy that a clever enough machine will spare us the harder work, which is teaching a whole society to recognize the Spanish Prisoner when it arrives, wearing this year's technology. Sarah's books are linked below, with a second edition on the way. Geoff's conversation is part of this same coverage. And if you want more of these, the newsletter lives at marcociappelli.com. Let's keep thinking. — Marco Co-Founder ITSPmagazine & Studio C60 | Creative Director | Branding & Marketing Advisor | Personal Branding Coach | Journalist | Writer | Podcast: An Analog Brain In A Digital Age ⚠️ Beware: Pigs May Fly |

Evil MSI Background: BASE64 Statistical Analysis https://isc.sans.edu/diary/Evil%20MSI%20Background%3A%20BASE64%20Statistical%20Analysis/33072 Cisco Catalyst SD-WAN Manager Arbitrary File Write Vulnerability https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-arbfw-c2rZvQ TSME/SME not activating on Ryzen 7 9700X https://github.com/AMDESE/AMDSEV/issues/292 Deep-Research Agents Can Be Poisoned via User-Generated Content https://arxiv.org/pdf/2605.24245 My Upcoming Classes https://www.sans.org/profiles/dr-johannes-ullrich

This episode dives into the fallout from new restrictions on Anthropic's cybersecurity-focused AI models, Mythos and Fable, and the debate over whether government pressure has effectively blocked security researchers from using advanced AI for vulnerability discovery and code analysis. The panel discusses AI “jailbreaking” claims, export-control comparisons, the impact on penetration testing and bug hunting, and how AI is accelerating vulnerability research. Other topics include responsible disclosure challenges, the growing volume of AI-assisted security findings, and what these developments mean for researchers, vendors, and the future of offensive security.Join us LIVE on Mondays, 4:30pm EST.A weekly Podcast with BHIS and Friends. We discuss notable Infosec, and infosec-adjacent news stories gathered by our community news team.https://www.youtube.com/@BlackHillsInformationSecurityChat with us on Discord! - https://discord.gg/bhis

Atomic Arch: Attackers Hijack Trusted AUR Packages to Deliver Rootkit-Like Malware https://www.sonatype.com/blog/atomic-arch-npm-campaign-adds-malicious-dependency Why Use App-Level Auth When Every Database Has Auth? (Splunk Enterprise CVE-2026-20253 Pre-Auth RCE) https://labs.watchtowr.com/why-use-app-level-auth-when-every-database-has-auth-splunk-enterprise-cve-2026-20253-pre-auth-rce/ A Fake Bug Report Hijacks Your AI Coding Agent and Nothing Catches It. https://tenetsecurity.ai/blog/agentjacking-coding-agents-with-fake-sentry-errors/ My Upcoming Classes https://www.sans.org/profiles/dr-johannes-ullrich

PODCAST EPISODE | Redefining CyberSecurity With Sean Martin — On Location at InfoSecurity Europe 2026 On Location With Sean Martin And Marco Ciappelli Adversaries are stealing encrypted data today that they cannot read yet, and storing it until a quantum computer can. Sean Martin sat down with Forescout's Rik Ferguson to talk about “harvest now, decrypt later,” why Q-Day is closer than the comfortable timelines suggest, and what the decisions you make this year have to do with secrets you thought were safe forever.

PODCAST EPISODE | Redefining CyberSecurity With Sean Martin — On Location at InfoSecurity Europe 2026 On Location With Sean Martin And Marco Ciappelli The UK's threats change by the day. Its laws change over years. Sean Martin sat down with James Morris — former Member of Parliament, now Director of the CSBR — to ask how a government writes cyber policy fast enough to matter, and why “resilience” has quietly stopped being a technical word.

More Bitlocker Issues: GreatXML https://git.churchofmalware.org/Nightmare_Eclipse/GreatXML Security Advisory Ivanti Sentry (CVE-2026-10520, CVE-2026-10523) https://hub.ivanti.com/s/article/Security-Advisory-Ivanti-Sentry-CVE-2026-10520-CVE-2026-10523?language=en_US Oracle Security Alert Advisory - CVE-2026-35273 https://www.oracle.com/security-alerts/alert-cve-2026-35273.html https://www.bleepingcomputer.com/news/security/oracle-mitigates-peoplesoft-zero-day-exploited-in-data-theft-attacks/ How Deceptive Installers Are Targeting macOS Users https://www.huntress.com/blog/deceptive-installers-macos-infostealers My Upcoming Classes https://www.sans.org/profiles/dr-johannes-ullrich

How has use of framing protection security headers changed in the past 3 years? https://isc.sans.edu/diary/How%20has%20use%20of%20framing%20protection%20security%20headers%20changed%20in%20the%20past%203%20years%3F/33068 Preparing for npm v12: install scripts and non-registry sources become opt-in https://github.com/orgs/community/discussions/198547 Adobe Patches https://helpx.adobe.com/security.html Rogue Planet new Microsoft Defender Vulnerability https://github.com/MSNightmare/RoguePlanet My Upcoming Classes https://www.sans.org/profiles/dr-johannes-ullrich

Microsoft June 2026 Patch Tuesday https://isc.sans.edu/diary/Microsoft%20June%202026%20Patch%20Tuesday/33064 Miasma Software Supply Chain Attack Toolkit Source Published https://safedep.io/inside-the-miasma-supply-chain-attack-toolkit/ Fortinet FortiSandbox Vulnerability https://fortiguard.fortinet.com/psirt/FG-IR-26-141 My Upcoming Classes https://www.sans.org/profiles/dr-johannes-ullrich

There is a moment in every conversation about cybercrime when the criminal stops being a shadow and becomes a person with a desk, a calendar, and a complaint about Monday. That moment is the one that interests me. For years I've been told cybersecurity is a technical problem. Firewalls, patches, acronyms nobody outside the room understands. And it is, partly. But sit with Geoff White for fifteen minutes at InfoSecurity Europe and the technical layer becomes what it always was underneath: people. People who get out of bed, argue with their partners, drink too much vodka after a breakup, and worry about a grandmother in the hospital — while running an extortion racket that, somewhere else, is shutting down the hospital treating someone else's grandmother. Geoff is an investigative journalist and author who has built a career out of refusing to let crime stay abstract. His new BBC series, Cyber Hack — the strand that grew out of The Lazarus Heist — turns its attention to one of the world's biggest ransomware gangs, Conti. And here is the detail that stayed with me: he has read their mail. Three hundred thousand internal messages, leaked, written by the criminals themselves when they assumed no one was watching. A journalist's candy store, as he called it. Also a nightmare — in Russian, thick with slang, mistranslated so often that “Bitcoin” comes out as “cue ball” and money hides behind the word for “grandmothers.” What fascinates me is not the heist. It is the self-portrait. Because the gang does not see a gang. They see a company. They have clients, they say. Customers. Negotiations conducted professionally. Some of them even hand the victim a report afterward — here is how we got in, here is what you should fix — as though extortion were a security audit with an invoice attached. Geoff has a theory I find hard to argue with: extortion is exhausting work for a smart person to do every day, so the brain quietly rewrites the job description. Criminal becomes businessman. The part that knows the truth shrinks. The story they tell themselves takes over. I'm Italian, so of course The Godfather arrived uninvited in the middle of our conversation. It's a business. Nothing personal. We laughed — I get to make that joke and Geoff doesn't — but underneath the laugh is something genuinely unsettling, and it has nothing to do with hackers. It's about all of us. We are all narrating ourselves into the people we'd prefer to be. The ransomware gang simply does it with higher stakes and worse intentions. This is why storytelling isn't decoration on top of cybersecurity. It's the only tool that makes the invisible visible. Geoff's last BBC series landed at number seven on the US charts, a few slots below Joe Rogan, because he tells these stories as stories — with the technical iceberg sitting safely below the waterline. People learn when they aren't being lectured. And we should learn, quickly. The same week I'm laughing about cue balls, Geoff describes cloning his own mother's voice with an AI tool and phoning her. She thought the line was just a little muffled. I told him what I tell my parents: if anything feels strange, hang up and call me directly. A pre-digital instinct, used as armor against a very digital trick. So what do we carry forward, and what do we leave behind? We carry the stories. We leave behind the comfortable idea that any of this is happening somewhere else, to someone else. The new season of Cyber Hack is expected in July. Listen to it — not because it will scare you, though it might, but because it makes a hidden world legible, and legibility is where every defense we have begins. Geoff's books and the show are linked below. And if you'd like more of these conversations, subscribe to the newsletter at marcociappelli.com. Let's keep thinking. — Marco Co-Founder ITSPmagazine & Studio C60 | Creative Director | Branding & Marketing Advisor | Personal Branding Coach | Journalist | Writer | Podcast: An Analog Brain In A Digital Age ⚠️ Beware: Pigs May Fly |

Azure Functions Action and 72 Other Repositories Disabled After Supply Chain Attack https://www.stepsecurity.io/blog/miasma-worm-hits-microsoft-again-azure-functions-action-and-72-other-repositories-disabled-after-supply-chain-attack-targeting-ai-coding-agents Active Exploitation of Check Point VPN Authentication Bypass (CVE-2026-50751) https://blog.checkpoint.com/security/check-point-releases-important-hotfix-for-vulnerabilities-in-deprecated-ikev1-vpn-protocol/ Missing IPsec Integrity Protection for IMS SIP Signaling in Verizon VoLTE Deployments https://kb.cert.org/vuls/id/615987 My Upcoming Classes https://www.sans.org/profiles/dr-johannes-ullrich

This episode covers the rising costs and restrictions surrounding AI agents, including token consumption, model access policies, and the growing dependence on AI tools for security work. The hosts discuss Troy Hunt's retrospective on Have I Been Pwned reaching its 1,000th tracked breach, examining why breach disclosures appear to be slowing and how GDPR and CCPA requirements affect notification practices. Additional topics include password and email hygiene, the value of breach-notification services, AI infrastructure and data center costs, and new research mapping AI-enabled cyber threats to the MITRE ATT&CK framework.Join us LIVE on Mondays, 4:30pm EST.A weekly Podcast with BHIS and Friends. We discuss notable Infosec, and infosec-adjacent news stories gathered by our community news team.https://www.youtube.com/@BlackHillsInformationSecurityChat with us on Discord! - https://discord.gg/bhis

Show Summary:    Mudita Khurana — Tech Lead at Airbnb and the person who always says, “I got this” No Password Required Season 7: Episode 6 - Mudita Khurana   Mudita Khurana is a Tech Lead for Automated Tooling and Vulnerability Management at Airbnb, where she focuses on building modular, scalable security systems in an era of rapidly evolving AI threats. Before Airbnb, she spent nearly a decade in security roles across Accenture, Meta, and PwC, making bold career pivots along the way, including turning down a PwC return offer to join Facebook's product security team. In this episode, Mudita shares her journey from a family of doctors in India to Carnegie Mellon and into the heart of Big Tech security. She discusses what it means to thrive as a non-traditional engineer in a deeply technical field, why she stepped back from management to get closer to the work, and how she thinks about building security tooling that won't be obsolete in three months. Jack Clabby and co-host Kayley Melton, recording live from Tampa B-Sides at the University of South Florida, talk with Mudita about imposter syndrome, AI's curveballs for security teams, leadership without a leadership title, and the importance of community in staying on top of a field that never stops moving. She also reflects on what great mentorship looks like early in a career and why clarity, ownership, and consistency are the leadership qualities she keeps coming back to. In the Lifestyle Polygraph, Mudita firmly plants her flag in the Harry Potter universe as Hermione, explains why Deadpool doesn't qualify as a superhero, debates gym vs. nature as a reset strategy, and reveals her dream remote work base: a high-altitude Buddhist mountain town in the Himalayas.   Follow Mudita on LinkedIn: https://www.linkedin.com/in/muditakhurana/     In this episode: Mudita shares her unconventional path into cybersecurity, highlighting the importance of mentorship and curiosity (0:25 - 1:37) The significance of mentorship, especially Vandana Verma, in her career development (2:26 - 4:00) Transition from management to technical IC roles and why staying close to technical work matters (9:29 - 10:23) The influence of her education at Carnegie Mellon and how it broadened her problem-solving skills (6:23 - 7:41) Navigating imposter syndrome and embracing challenges as growth opportunities (3:26 - 5:29) How AI is changing cybersecurity strategies—building modular, layered systems for agility (15:31 - 16:26) The importance of community, trust, and consensus in cybersecurity decision-making (17:06 - 17:47) Mudita's favorite places for remote work and balancing planning with spontaneity in travel (23:01 - 24:13) Her personal approach to wellness, exercise, and resets during busy days (21:32 - 22:36) Her unique perspective on superhero characters, favorite places, and cultural roots (18:54 - 19:36, 25:19 - 26:21) Timestamp Highlights: (00:25) Mudita's 10-year journey into cybersecurity starting from India (02:26) Mentorship's critical role in her growth and her admiration for Vandana Verma (09:29) Transition from management back to technical roles and why staying close to the work matters (15:31) How AI fosters layered, modular security systems for faster adaptation (17:06) The importance of community and trusted information sources in security (21:32) Reset routines—gym versus nature hikes—and staying grounded during busy days (25:19) Leh, Ladakh: Mudita's ideal remote work location nestled in Himalayan beauty Resources & Links: Vandana Verma - Influential mentor in cybersecurity ThreatLocker - Supporter of this podcast Cyber Florida – The Mother Ship

The Evil MSI Background is Back! https://isc.sans.edu/diary/The%20Evil%20MSI%20Background%20is%20Back!/33054 The Smart TV in Your LivingRoom Is a Node in the AIScraping Economy https://blog.includesecurity.com/2026/06/the-smart-tv-in-your-livingroom-is-a-node-in-the-aiscraping-economy/ Brute force attack on Dashlane user accounts https://support.dashlane.com/hc/en-us/articles/36038764990866-Security-advisory-Brute-force-attack-on-Dashlane-user-accounts#update-jun-4 My Upcoming Classes https://www.sans.org/profiles/dr-johannes-ullrich

Microsoft's Coreutils for Windows https://isc.sans.edu/diary/Microsoft%27s%20Coreutils%20for%20Windows/33048 Cisco Unified Communications Manager Server-Side Request Forgery Vulnerability CVE-2026-20230 https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-ssrf-cXPnHcW Firmware Update for Acer Connect W6x Router https://community.acer.com/en/kb/articles/19672 OAuth marketplace apps keep access after publishers vanish https://www.helpnetsecurity.com/2026/06/04/oauth-marketplace-apps-audit/ My Upcoming Classes https://www.sans.org/profiles/dr-johannes-ullrich

Continuing Scans for swagger.json https://isc.sans.edu/diary/Continuing+Scans+for+swaggerjson/33044/#comments Fake call detection on Android https://blog.google/security/android-fake-call-detection/ Anthropic's coordinated vulnerability disclosure dashboard https://red.anthropic.com/2026/cvd/ My Upcoming Classes https://www.sans.org/profiles/dr-johannes-ullrich

New Wave Of Phishing Emails with SVG Files https://isc.sans.edu/diary/New%20Wave%20Of%20Phishing%20Emails%20with%20SVG%20Files/33040 Android 2026-06-01 security patch level vulnerability details https://source.android.com/docs/security/bulletin/2026/2026-06-01 Poly Voice Possible Remote Control of Certain Poly Devices CVE-2026-0826 https://support.hp.com/us-en/document/ish_15052661-15052687-16/hpsbpy04083 https://www.rapid7.com/blog/post/ve-cve-2026-0826-critical-unauthenticated-stack-buffer-overflow-hp-poly-vvx-trio-voip-phones-fixed/ Security Advisory Ivanti Neurons for ITSM (CVE-2026-9614) https://hub.ivanti.com/s/article/Security-Advisory-Ivanti-Neurons-for-ITSM-CVE-2026-9614?language=en_US My Upcoming Classes https://www.sans.org/profiles/dr-johannes-ullrich

This episode covers a Wired report on the rise of “anti-tech extremism” and growing public opposition to AI infrastructure projects, including debates over data centers, resource consumption, local communities, and government responses. The hosts also discuss AI coding assistants, model safety restrictions, and the evolving capabilities of large language models. Additional topics include Anthropic's reported IPO plans and valuation, AI's impact on the tech industry, and a conversation with David Bianco about AI-generated threat-hunting datasets and cybersecurity training.Join us LIVE on Mondays, 4:30pm EST.A weekly Podcast with BHIS and Friends. We discuss notable Infosec, and infosec-adjacent news stories gathered by our community news team.https://www.youtube.com/@BlackHillsInformationSecurityChat with us on Discord! - https://discord.gg/bhis

Unidentified RAT pushes NetSupport RAT https://isc.sans.edu/diary/Unidentified%20RAT%20pushes%20NetSupport%20RAT/33034 CVE-2026-41089: Windows Netlogon Vulnerability Exploited https://ccb.belgium.be/advisories/warning-microsoft-patch-tuesday-may-2026-patches-118-vulnerabilities-16-critical-102 RedHat npm Packages Affected https://www.aikido.dev/blog/red-hat-npm-packages-compromised-credential-stealing-worm Dashlane Locking Accounts after Brute Force https://status.dashlane.com/pages/5aabcb89fccc4b04d3774443 My Upcoming Classes https://www.sans.org/profiles/dr-johannes-ullrich

Announcing Bitskrieg https://deadeclipse666.blogspot.com/2026/05/announcing-bitskrieg.html Vulnerability in Gogs https://www.rapid7.com/blog/post/ve-authenticated-rce-via-argument-injection-gogs-unfixed/ Oracle Critical Security Patch Update Advisory - May 2026 https://www.oracle.com/security-alerts/cspumay2026.html GlobalProtect Authentication Bypass Vulnerabilities CVE-2026-0257 https://security.paloaltonetworks.com/CVE-2026-0257

This episode covers a CISA contractor's accidental exposure of AWS GovCloud credentials and internal system details on GitHub, the FBI's efforts to patch vulnerable routers, and a critical NGINX vulnerability with public proof-of-concept code. The team also discusses Microsoft's handling of a disputed Azure Backup security finding, the challenges of vulnerability disclosure and CVE assignment, and GitHub's ban of security researcher Nightmare Eclipse following the publication of unpatched Windows vulnerability research.Join us LIVE on Mondays, 4:30pm EST.A weekly Podcast with BHIS and Friends. We discuss notable Infosec, and infosec-adjacent news stories gathered by our community news team.https://www.youtube.com/@BlackHillsInformationSecurityChat with us on Discord! - https://discord.gg/bhis

Research Review Journal https://assets.contentstack.io/v3/assets/blt83c410d686aa5f84/blt3cff46f63887f83e/research-review-journal https://www.sans.edu/cyber-research Analysis of a Year of Files Uploaded to DShield Sensors https://isc.sans.edu/diary/Analysis%20of%20a%20Year%20of%20Files%20Uploaded%20to%20DShield%20Sensors/33026 The Word 'Toad' Gave Any Website Full Control of Chrome's Most Popular VPN https://amibeingpwned.com/blog/urban-vpn-postmessage-command-injection Silent Ransom Group Impersonating IT Personnel through Social Engineering https://www.ic3.gov/CSA/2026/260526.pdf

Reconstructing an Akira Ransomware Kill Chain from Perimeter and Endpoint Logs https://isc.sans.edu/diary/Reconstructing%20an%20Akira%20Ransomware%20Kill%20Chain%20from%20Perimeter%20and%20Endpoint%20Logs/33024 Vaultjacking: One Captured PIN, the Entire Google Password Manager Vault https://phishu.net/blogs/blog-vaultjacking-phishing-the-google-password-manager-vault-in-the-phishu-framework.html From poisoned search results to GPU mining: A cryptojacking campaign abusing ScreenConnect and Microsoft .NET utilities https://www.microsoft.com/en-us/security/blog/2026/05/26/poisoned-search-results-gpu-mining-cryptojacking-campaign-abusing-screenconnect-microsoft-net-utilities/

Possible ACR Stealer From Page Impersonating Claude https://isc.sans.edu/diary/Possible%20ACR%20Stealer%20From%20Page%20Impersonating%20Claude/33018 Microsoft SharePoint Remote Code Execution Vulnerability CVE-2026-45659 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45659 Multiple Vulnerabilities in Angular Language Service VS Code Extension https://github.com/angular/angular/security/advisories/GHSA-ccq4-xmxr-8hcq

Microsoft Access VBA https://isc.sans.edu/diary/Microsoft%20Access%20VBA/33012 An Example of Stack String in High Level Language https://isc.sans.edu/diary/An%20Example%20of%20Stack%20String%20in%20High%20Level%20Language/33008 Cross-Platform NPM Stealer https://isc.sans.edu/diary/Cross-Platform%20NPM%20Stealer/33006 Laravel Lang Compromised with RCE Backdoor Across https://socket.dev/blog/laravel-lang-compromise Google API keys keep working after you delete them https://www.aikido.dev/blog/google-api-keys-deletion

PODCAST EPISODE | An Analog Brain In A Digital Age With Marco Ciappelli Geoff White goes where organized crime and technology cross, and he comes back with stories. In this one he announces his newest BBC series — the rise and fall of the Conti ransomware gang — and we get into the thing underneath all of it: how you make a crime nobody can see feel real to people who will never see it.

Selective HTTP Proxying in Linux https://isc.sans.edu/diary/Selective%20HTTP%20Proxying%20in%20Linux/33002 Megalodon: Mass GitHub Repo Backdooring via CI Workflows https://safedep.io/megalodon-mass-github-repo-backdooring-ci-workflows/ MSFT Patches Recent Windows Defender Flaws CVE-2026-41091, CVE-2026-45498, CVE-2026-45584 https://x.com/fabian_bader/status/2057198207243804881 Cisco Secure Workload Unauthorized API Access Vulnerability CVE-2026-20223 https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-csw-pnbsa-g8WEnuy

This episode covers Mythos uncovering a vulnerability in cURL, a recent Google Threat Intelligence report on a zero-day exploit, and the growing impact of AI on capture-the-flag competitions and bug bounty programs. The hosts also discuss the economics of AI platforms like OpenAI, security research trends, and broader concerns around software vulnerabilities, automation, and defensive tooling.Join us LIVE on Mondays, 4:30pm EST.A weekly Podcast with BHIS and Friends. We discuss notable Infosec, and infosec-adjacent news stories gathered by our community news team.https://www.youtube.com/@BlackHillsInformationSecurityChat with us on Discord! - https://discord.gg/bhis

GitHub Breach https://x.com/github/status/2056949168208552080 Agentic Threat Intelligence Feed - VS Code Extensions https://agentmesh.knostic.ai/extensions More NGINX Vulnerabilities https://x.com/nebusecurity/status/2057071579876753643 https://my.f5.com/manage/s/article/K000161307 Microsoft Publishes YellowKey Mitigation CVE-2026-45585 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45585 Incomplete Sonicwall Patch CVE-2024-12802 https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0001

TeamPCP Supply Chain Campaign: Activity Through 2026-05-17 https://isc.sans.edu/diary/TeamPCP%20Supply%20Chain%20Campaign%3A%20Activity%20Through%202026-05-17/32994 https://slsa.dev/spec/v0.1/levels Github Action Compromise https://www.stepsecurity.io/blog/actions-cool-issues-helper-github-action-compromised-all-tags-point-to-imposter-commit-that-exfiltrates-ci-cd-credentials How Storm-2949 turned a compromised identity into a cloud-wide breach https://www.microsoft.com/en-us/security/blog/2026/05/18/storm-2949-turned-compromised-identity-into-cloud-wide-breach/

New Malware Libraries means New Signatures https://isc.sans.edu/diary/%5BGuest%20Diary%5D%20%20New%20Malware%20Libraries%20means%20New%20Signatures/32986 Addressing Exchange Server May 2026 vulnerability CVE-2026-42897 https://techcommunity.microsoft.com/blog/exchange/addressing-exchange-server-may-2026-vulnerability-cve-2026-42897/4518498 Microsoft Authenticator Update CVE-2026-41615 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-41615 ssh-keysign-pwn (CVE-2026-46333) Patches Released https://almalinux.org/blog/2026-05-15-ssh-keysign-pwn-cve-2026-46333/

This episode of the InfoSec Beat podcast focuses on the cybersecurity ecosystem. Accenture CISO Kris Burkhardt talks with Rex Thexton, the chief technology officer for Accenture Cybersecurity. In his role, Rex oversees Accenture's relationships with cybersecurity vendors. Hear his in-the-trenches perspective on big trends in the space including consolidation, AI as a forcing function and tool fatigue. Don't miss Rex's advice on how to make ecosystem partner decisions and measure if a partner is truly making an impact or just adding complexity.

Tearing apart website fraud to see how it works. (@sans_edu) https://isc.sans.edu/diary/%5BGUEST%20DIARY%5D%20Tearing%20apart%20website%20fraud%20to%20see%20how%20it%20works./32958 Simple bypass of the link preview function in Outlook Junk folder https://isc.sans.edu/diary/Simple%20bypass%20of%20the%20link%20preview%20function%20in%20Outlook%20Junk%20folder/32990 NGINX Vulnerability https://depthfirst.com/nginx-rift Cisco SDWan 0-Day https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-rpa2-v69WY2SW

Proxying the Unproxyable? Sending EXE traffic to a Proxy https://isc.sans.edu/diary/Proxying%20the%20Unproxyable%3F%20Sending%20EXE%20traffic%20to%20a%20Proxy/32982 New Nightmare Eclipse Vulnerabilities Disclosed https://github.com/Nightmare-Eclipse/YellowKey https://github.com/Nightmare-Eclipse/GreenPlasma Adobe Patches https://helpx.adobe.com/security.html

Microsoft Patch Tuesday https://isc.sans.edu/diary/32980 Tanstack npm and others compromised https://socket.dev/blog/tanstack-npm-packages-compromised-mini-shai-hulud-supply-chain-attack Ruby Gems Attack https://x.com/maciejmensfeld/status/2054164602577940619

Apple Patches Everything https://isc.sans.edu/diary/Apple%20Patches%20Everything/32976 End-to-End Encrypted RCS Messages https://www.apple.com/newsroom/2026/05/end-to-end-encrypted-rcs-messaging-begins-rolling-out-today-in-beta/ Why we use CAPTCHAs https://isc.sans.edu/diary/Why%20we%20use%20CAPTCHAs/32974 Checkmarx Jenkins AST plugin compromise https://checkmarx.com/blog/ongoing-security-updates/

Join us LIVE on Mondays, 4:30pm EST.A weekly Podcast with BHIS and Friends. We discuss notable Infosec, and infosec-adjacent news stories gathered by our community news team.https://www.youtube.com/@BlackHillsInformationSecurityChat with us on Discord! - https://discord.gg/bhis

Another Universal Linux Local Privilege Escalation (LPE) Vulnerability: Dirty Frag https://isc.sans.edu/diary/Another%20Universal%20Linux%20Local%20Privilege%20Escalation%20%28LPE%29%20Vulnerability%3A%20Dirty%20Frag/32968 PAM Backdoors Steel Passwords https://flare.io/learn/resources/blog/pamdoora-new-linux-pam-based-backdoor-sale-dark-web CPanel Updates https://support.cpanel.net/hc/en-us/sections/360007088193-Security Let s Encrypt Briefly Halts Certificate Issuance https://letsencrypt.status.io

Join us LIVE on Mondays, 4:30pm EST.A weekly Podcast with BHIS and Friends. We discuss notable Infosec, and infosec-adjacent news stories gathered by our community news team.https://www.youtube.com/@BlackHillsInformationSecurityChat with us on Discord! - https://discord.gg/bhis

An Adaptive Cyber Analytics UI for Web Honeypot Logs https://isc.sans.edu/diary/An%20Adaptive%20Cyber%20Analytics%20UI%20for%20Web%20Honeypot%20Logs%20%5BGuest%20Diary%5D/32962 Ivanti May Patchday https://hub.ivanti.com/s/article/May-2026-Security-Advisory-Ivanti-Endpoint-Manager-Mobile-EPMM-Multiple-CVEs Redis Security advisory: [CVE 2026 23479] [CVE 2026 25243] [CVE-2026-25588] [CVE 2026 25589] [CVE-2026-23631] https://redis.io/blog/security-advisory-cve202623479-cve202625243-cve-2026-25588-cve202625589-cve-2026-23631/ @sans_edu research paper: Marcio Enriquez [link will be added once the paper has been published]

Technical issue with .de domains https://blog.denic.de/en/technical-issue-with-de-domains-resolved/ CVE-2026-0300 PAN-OS: Unauthenticated user initiated Buffer Overflow Vulnerability in User-ID Authentication Portal https://security.paloaltonetworks.com/CVE-2026-0300 Android Security Bulletin May 2026 CVE-2026-0073 https://source.android.com/docs/security/bulletin/2026/2026-05-01

Cleartext Passwords in MS Edge? In 2026? https://isc.sans.edu/diary/Cleartext%20Passwords%20in%20MS%20Edge%3F%20In%202026%3F/32954 SSL.com rotates its root certificate today https://isc.sans.edu/diary/SSL.com%20rotates%20their%20root%20certificate%20today/32956 DEAMONTOOLS Compromise https://securelist.com/tr/daemon-tools-backdoor/119654/

DShield Honeypot Update https://isc.sans.edu/diary/DShield%20Honeypot%20Update/32948 MOVEit Automation Critical Security Alert Bulletin April 2026 (CVE-2026-4670, CVE-2026-5174) https://community.progress.com/s/article/MOVEit-Automation-Critical-Security-Alert-Bulletin-April-2026-CVE-2026-4670-CVE-2026-5174 Apache httpd http2 vulnerability https://seclists.org/oss-sec/2026/q2/387

Malicious Ad for Homebrew Leads to MacSync Stealer https://isc.sans.edu/diary/Malicious%20Ad%20for%20Homebrew%20Leads%20to%20MacSync%20Stealer/32942 Wireshark Update https://www.wireshark.org/docs/relnotes/wireshark-4.6.5.html Digicert Microsoft Defender False Positive https://www.reddit.com/r/cybersecurity/comments/1t2hfsh/mde_flagging_digi_cert_certificate_as_malicious/ https://bugzilla.mozilla.org/show_bug.cgi?id=2033170 cPanel Exploited https://support.cpanel.net/hc/en-us/articles/40073787579671-Security-CVE-2026-41940-cPanel-WHM-WP2-Security-Update-04-28-2026

Danger of Libredtail https://isc.sans.edu/diary/Danger%20of%20Libredtail%20%5BGuest%20Diary%5D/32936 FreeBSD dhclient vulnerability https://www.freebsd.org/security/advisories/FreeBSD-SA-26:12.dhclient.asc Linux Copy-Fail Vulnerability CVE-2026-31431 https://copy.fail Bryan Nice Research Paper https://www.linkedin.com/in/bryannice/ https://www.sans.edu/cyber-research/detecting-ai-pickling

Today's Odd Web Requests https://isc.sans.edu/diary/Today%27s%20Odd%20Web%20Requests/32934 Incomplete Patch of APT28's Zero-Day Leads to CVE-2026-32202 https://www.akamai.com/blog/security-research/2026/apr/incomplete-patch-apt28s-zero-day-cve-2026-32202 Assess Secure Boot status with Microsoft Defender https://techcommunity.microsoft.com/blog/MicrosoftDefenderATPBlog/assess-secure-boot-status-with-microsoft-defender/4510356 Deprecating Legacy TLS and Endpoints for POP and IMAP in Exchange Online https://techcommunity.microsoft.com/blog/exchange/deprecating-legacy-tls-and-endpoints-for-pop-and-imap-in-exchange-online/4515201 SAP Related npm Packages Compromised https://www.stepsecurity.io/blog/a-mini-shai-hulud-has-appeared

HTTP Requests with X-Vercel-Set-Bypass-Cookie Header https://isc.sans.edu/diary/HTTP%20Requests%20with%20X-Vercel-Set-Bypass-Cookie%20Header/32930 GitHub Vulnerability CVE-2026-3854 https://www.wiz.io/blog/github-rce-vulnerability-cve-2026-3854 Microsoft RDP Notification Bug https://support.microsoft.com/en-us/topic/april-14-2026-kb5083768-os-build-28000-1836-839e4a25-d979-4158-b70c-182333045883

TeamPCP Update https://isc.sans.edu/diary/TeamPCP%20Supply%20Chain%20Campaign%3A%20Update%20008%20-%2026-Day%20Pause%20Ends%20with%20Three%20Concurrent%20Compromises%20%28Checkmarx%20KICS%2C%20Bitwarden%20CLI%20Cascade%2C%20xinference%20PyPI%29%2C%20CanisterSprawl%20npm%20Worm%20Identified%2C%20and%20Tier%201%20Coverage%20Returns/32926 https://socket.dev/blog/73-open-vsx-sleeper-extensions-glassworm https://checkmarx.com/blog/checkmarx-security-update-april-26/ 89 vulnerabilities in XAPI / Citrix XenServer https://shittrix.moksha.dk/#rationale Phantom RPC https://securelist.com/phantomrpc-rpc-vulnerability/119428/ Pi-Hole Vulnerability CVE-2026-41489 https://github.com/pi-hole/pi-hole/security/advisories/GHSA-6w8x-p785-6pm4 Linux Kernel Problem CVE-2026-41651 https://nvd.nist.gov/vuln/detail/CVE-2026-41651

Apple Patches Exploited Notification Flaw https://isc.sans.edu/diary/Apple%20Patches%20Exploited%20Notification%20Flaw/32922 Bitwarden CLI Compromised https://socket.dev/blog/bitwarden-cli-compromised https://community.bitwarden.com/t/bitwarden-statement-on-checkmarx-supply-chain-incident/96127 Microsoft Security Advisory CVE-2026-40372 ASP.NET Core Elevation of Privilege https://github.com/dotnet/announcements/issues/395

Beyond Cryptojacking: Telegram tdata as a Credential Harvesting Vector, Lessons from a Honeypot Incident https://isc.sans.edu/diary/%5BGuest%20Diary%5D%20Beyond%20Cryptojacking%3A%20Telegram%20tdata%20as%20a%20Credential%20Harvesting%20Vector%2C%20Lessons%20from%20a%20Honeypot%20Incident/32888 Checkmarx Compromise https://socket.dev/blog/checkmarx-supply-chain-compromise Oracle Quarterly Critical Patch Update https://www.oracle.com/security-alerts/cpuapr2026.html Firefox 150 - Mythos AI https://blog.mozilla.org/en/privacy-security/ai-security-zero-day-vulnerabilities/