A Live Stream From inside Lazarus Group – 2025-12-08

Join us LIVE on Mondays, 4:30pm EST.A weekly Podcast with BHIS and Friends. We discuss notable Infosec, and infosec-adjacent news stories gathered by our community news team.https://www.youtube.com/@BlackHillsInformationSecurityChat with us on Discord! - https://discord.gg/bhis🔴live-chat🔗 Register for FREE webcasts, summits, and workshops - https://poweredbybhis.comChapters(00:00) - PreShow Banter™ — testing testing (00:11) - Hot Take Predictions for Next Year – 2025-12-15 (02:10) - Story # 1: Russian kids revolt as Kremlin bans Roblox, other popular apps (10:21) - Story # 2: Google's killing off its dark web report because users didn't know what to do with it (20:05) - Story # 3: Coupang data breach traced to ex-employee who retained system access (31:13) - Story # 4: Roomba maker iRobot bought by Chinese supplier after filing for bankruptcy (34:18) - Story # 5: February report from researcher found Chinese KVM had an unclearly documented microphone and communicated with China-based servers, but many of the security issues are now addressed [Updated] (36:48) - Story # 6: When adversaries bring their own virtual machine for persistence (41:57) - Story # 7: Oh no! Hackers snuck malware inside uber-popular Windows app Notepad++ (44:20) - Hot Take Predictions for 2026 LinksStory # 1: Russian kids revolt as Kremlin bans Roblox, other popular appsStory # 2: Google’s killing off its dark web report because users didn’t know what to do with itStory # 3: Coupang data breach traced to ex-employee who retained system accessStory # 4: Roomba maker iRobot bought by Chinese supplier after filing for bankruptcyStory # 5: February report from researcher found Chinese KVM had an unclearly documented microphone and communicated with China-based servers, but many of the security issues are now addressed [Updated]Story # 6: When adversaries bring their own virtual machine for persistenceStory # 7: Oh no! Hackers snuck malware inside uber-popular Windows app Notepad++The team looks ahead to 2026 and shares practical, sometimes blunt predictions about where cybersecurity is heading. They discuss how AI will continue reshaping both offense and defense, with attackers using automation at scale while defenders struggle to operationalize AI beyond marketing hype. The conversation highlights growing risk from identity abuse, cloud misconfigurations, and insecure SaaS sprawl, noting that many breaches will still come down to basic failures rather than advanced exploits. They also predict continued burnout in security teams, more consolidation among security vendors, and increasing pressure to prove real ROI from security tools. On the positive side, the hosts see improved detection engineering, better security education, and more community-driven knowledge sharing. Overall, the message is clear: fundamentals still matter, hype won’t save you, and organizations that focus on people, process, and visibility will be better positioned for 2026.Brought to you by:Black Hills Information Security https://www.blackhillsinfosec.comAntisyphon Traininghttps://www.antisyphontraining.com/Active Countermeasureshttps://www.activecountermeasures.comWild West Hackin Festhttps://wildwesthackinfest.com

🔗 Register for FREE Infosec Webcasts, Anti-casts & Summits – https://poweredbybhis.comJoin us LIVE on Mondays, 4:30pm EST.A weekly Podcast with BHIS and Friends. We discuss notable Infosec, and infosec-adjacent news stories gathered by our community news team.https://www.youtube.com/@BlackHillsInformationSecurityChat with us on Discord!https://discord.gg/bhis🔴live-chatA Live Stream From inside Lazarus Group – 2025-12-08This BHIS episode blends cybersecurity humor, hacker culture, and livestream chaos as the team jokes about nation-state threats, leaked webcams, OPSEC mishaps, and technical glitches. With unscripted banter and light industry insights, it’s a fun, energetic listen for fans of ethical hacking, infosec podcasts, and behind-the-scenes security chatter.Chapters00:00 - PreShow Banter™ — Industry Leaders02:34 - A Live Stream From inside Lazarus Group – 2025-12-0804:24 - Story # 1: React2Shell (CVE-2025-55182): Everything You Need to Know About the Critical React Vulnerability08:58 - Story # 2: A Live Stream from Inside Lazarus Group’s IT Workers Scheme20:37 - Story # 3: Contractors with hacking records accused of wiping 96 govt databases26:44 - Story # 4: Apple refuses to pre-install government app on iPhones in India37:42 - Story # 5: Russia blocks Apple's FaceTime in mounting push against foreign tech platforms44:55 - Story # 6: ‘End-to-end encrypted’ smart toilet camera is not actually end-to-end encrypted57:53 - Story # 7: Flock Uses Overseas Gig Workers to Build its Surveillance AIBrought to you by:Black Hills Information Security https://www.blackhillsinfosec.comAntisyphon Traininghttps://www.antisyphontraining.com/Active Countermeasureshttps://www.activecountermeasures.comWild West Hackin Festhttps://wildwesthackinfest.com (00:00) - 00:00 - PreShow Banter™ — Industry Leaders (02:34) - A Live Stream From inside Lazarus Group – 2025-12-08 (04:24) - Story # 1: React2Shell (CVE-2025-55182): Everything You Need to Know About the Critical React Vulnerability (08:57) - Story # 2: A Live Stream from Inside Lazarus Group’s IT Workers Scheme (20:37) - Story # 3: Contractors with hacking records accused of wiping 96 govt databases (26:44) - Story # 4: Apple refuses to pre-install government app on iPhones in India (37:41) - Story # 5: Russia blocks Apple's FaceTime in mounting push against foreign tech platforms (44:55) - Story # 6: ‘End-to-end encrypted’ smart toilet camera is not actually end-to-end encrypted (57:52) - Story # 7: Flock Uses Overseas Gig Workers to Build its Surveillance AI

Register for FREE Infosec Webcasts, Anti-casts & Summits –https://poweredbybhis.comChapters(00:00) - PreShow Banter™ — The Problem With Extensions (03:10) - Lawmakers Want to Ban VPNs – BHIS - Talkin' Bout [infosec] News 2025-12-01 (03:47) - Story # 1: Stop Putting Your Passwords Into Random Websites (Yes, Seriously, You Are The Problem) (12:05) - Story # 2: Lawmakers Want to Ban VPNs—And They Have No Idea What They're Doing (21:18) - Story # 3: Critical 7 Zip Vulnerability With Public Exploit Requires Manual Update (25:48) - Story # 4: 'Slop Evader' Lets You Surf the Web Like It’s 2022 (37:07) - Story # 5: China’s Espionage in Europe is Deepening and More Sophisticated than Acknowledged, Expert Says (39:10) - Story # 6: Apple Update Warning For All iPhone 17, 16 And 15 Users—Act Now (42:38) - Story # 7: Meta is earning a fortune on a deluge of fraudulent ads, documents show (50:22) - Story # 8: Meta had a 17-strike policy for sex trafficking, former safety leader claims (52:40) - Story # 9: Man behind in-flight Evil Twin WiFi attacks gets 7 years in prison News LinksStory # 1: Stop Putting Your Passwords Into Random Websites (Yes, Seriously, You Are The Problem)Story # 2: Lawmakers Want to Ban VPNs—And They Have No Idea What They're DoingStory # 3: Critical 7 Zip Vulnerability With Public Exploit Requires Manual UpdateStory # 4: 'Slop Evader' Lets You Surf the Web Like It’s 2022Story # 5: China’s Espionage in Europe is Deepening and More Sophisticated than Acknowledged, Expert SaysStory # 6: Apple Update Warning For All iPhone 17, 16 And 15 Users—Act NowStory # 7: Meta is earning a fortune on a deluge of fraudulent ads, documents showStory # 8: Meta had a 17-strike policy for sex trafficking, former safety leader claimsStory # 9: Man behind in-flight Evil Twin WiFi attacks gets 7 years in prisonBrought to you by: Black Hills Information Security https://www.blackhillsinfosec.comAntisyphon Traininghttps://www.antisyphontraining.com/Active Countermeasureshttps://www.activecountermeasures.comWild West Hackin Festhttps://wildwesthackinfest.com

Register for FREE Infosec Webcasts, Anti-casts & Summits – https://poweredbybhis.comChapters(00:00) - PreShow Banter™ — Stressed about lithium batteries (04:59) - Shai-Hulud malware leaks secrets on GitHub – BHIS - Talkin' Bout [infosec] News 2025-11-24 (05:57) - Story # 1: Shai-Hulud malware infects 500 npm packages, leaks secrets on GitHub (11:18) - Story # 2: CrowdStrike catches insider feeding information to hackers (15:50) - Story # 3: Fidelity sues Broadcom over access to key software to avoid outages (22:17) - Story # 4: NetApp sues former CTO for alleged data breach (26:48) - Story # 5: CrowdStrike Research: Security Flaws in DeepSeek-Generated Code Linked to Political Triggers (36:05) - Story # 6: A major Cloudflare outage took down large parts of the internet - X, ChatGPT and more were affected, but all recovered now (37:11) - Story # 6b: Cloudflare outage on November 18, 2025 (41:43) - Story # 7: Iran-Linked Hackers Mapped Ship AIS Data Days Before Real-World Missile Strike Attempt (46:34) - Story # 8: This Hacker Conference Installed a Literal Antivirus Monitoring System (51:10) - Story # 9: Microsoft to integrate Sysmon directly into Windows 11, Server 2025 (56:40) - Story # 10: Crypto and Carcasses: Undercover Sting Recovers $700K in Bitcoin Miners, Foils $75K Frozen Turkey Heist News LinksStory # 1: Shai-Hulud malware infects 500 npm packages, leaks secrets on GitHubStory # 2: CrowdStrike catches insider feeding information to hackersStory # 3: Fidelity sues Broadcom over access to key software to avoid outagesStory # 4: NetApp sues former CTO for alleged data breachStory # 5: CrowdStrike Research: Security Flaws in DeepSeek-Generated Code Linked to Political TriggersStory # 6: A major Cloudflare outage took down large parts of the internet - X, ChatGPT and more were affected, but all recovered nowStory # 6b: Cloudflare outage on November 18, 2025Story # 7: Iran-Linked Hackers Mapped Ship AIS Data Days Before Real-World Missile Strike AttemptStory # 8: This Hacker Conference Installed a Literal Antivirus Monitoring SystemStory # 9: Microsoft to integrate Sysmon directly into Windows 11, Server 2025Story # 10: Crypto and Carcasses: Undercover Sting Recovers $700K in Bitcoin Miners, Foils $75K Frozen Turkey HeistBrought to you by:Black Hills Information Security https://www.blackhillsinfosec.comAntisyphon Traininghttps://www.antisyphontraining.com/

Register for FREE Infosec Webcasts, Anti-casts & Summits – https://poweredbybhis.com00:00:00 - PreShow Banter™ — The Way the Community Rumbles00:08:21 - A.I. Transcription Startup Was Just A Guy Taking Notes - BHIS - Talkin’ Bout [infosec] News 2025-11-1700:09:01 - Story # 1: New data shows companies are rehiring former employees as AI falls short of expectations00:18:06 - Eric & Whitney’s “Podcast” [webcast] on training your own LLM00:22:12 - Story # 2: Founder Admits His “AI Transcription” Startup Was Just Him Joining People’s Meetings and Taking Notes by Hand00:26:20 - Story # 3: Five Plead Guilty in U.S. for Helping North Korean IT Workers Infiltrate 136 Companies00:37:35 - Story # 4: Google is easing up on Android’s new sideloading restrictions!00:43:44 - Story # 5: Google is collecting troves of data from downgraded Nest thermostats00:44:58 - Story # 5b: Hackers are saving Google’s abandoned Nest thermostats with open-source firmware00:51:34 - Story # 6: FFmpeg to Google: Fund Us or Stop Sending Bugs01:00:40 - Story # 7: Teens are Hacking School Systems. Let’s Teach Them to Protect Communities Instead01:05:55 - Story # 8: Disrupting the first reported AI-orchestrated cyber espionage campaign01:14:58 - Discord CTF Winners (00:00) - PreShow Banter™ — The Way the Community Rumbles (08:21) - A.I. Transcription Starup Was Just A Guy Taking Notes - BHIS - Talkin' Bout [infosec] News 2025-11-17 (09:01) - Story # 1: New data shows companies are rehiring former employees as AI falls short of expectations (18:05) - Eric & Whitney's "Podcast" [webcast] on training your own LLM (22:12) - Story # 2: Founder Admits His “AI Transcription” Startup Was Just Him Joining People’s Meetings and Taking Notes by Hand (26:20) - Story # 3: Five Plead Guilty in U.S. for Helping North Korean IT Workers Infiltrate 136 Companies (37:34) - Story # 4: Google is easing up on Android's new sideloading restrictions! (43:43) - Story # 5: Google is collecting troves of data from downgraded Nest thermostats (44:58) - Story # 5b: Hackers are saving Google's abandoned Nest thermostats with open-source firmware (51:33) - Story # 6: FFmpeg to Google: Fund Us or Stop Sending Bugs (01:00:39) - Story # 7: Teens are Hacking School Systems. Let’s Teach Them to Protect Communities Instead (01:05:55) - Story # 8: Disrupting the first reported AI-orchestrated cyber espionage campaign (01:14:58) - Discord CTF Winners

Register for FREE Infosec Webcasts, Anti-casts & Summits – https://poweredbybhis.com Chapters00:00 - PreShow Banter™ — Humans are Done03:04 - Louvre’s video security password was ‘Louvre’ – BHIS - Talkin’ Bout [infosec] News 2025-11-1005:11 - Story # 1: I Tried the Robot That’s Coming to Live With You. It’s Still Part Human.15:14 - Story # 2: How to trade your $214,000 cybersecurity job for a jail cell25:14 - Story # 3: The Louvre’s video security password was reportedly ‘Louvre’29:04 - Story # 4: Dangerous runC flaws could allow hackers to escape Docker containers32:58 - Story # 5: List of AI Tools Promoted by Threat Actors in Underground Forums and Their Capabilities40:00 - Story # 5b: GTIG AI Threat Tracker: Advances in Threat Actor Usage of AI Tools56:37 - BHIS Webcast – X-Typhoon - Not your Father’s China with John Strand (00:00) - PreShow Banter™ — Humans are Done (03:03) - Louvre’s video security password was ‘Louvre’ – BHIS - Talkin' Bout [infosec] News 2025-11-10 (05:10) - Story # 1: I Tried the Robot That’s Coming to Live With You. It’s Still Part Human. (15:14) - Story # 2: How to trade your $214,000 cybersecurity job for a jail cell (25:13) - Story # 3: The Louvre’s video security password was reportedly ‘Louvre’ (29:03) - Story # 4: Dangerous runC flaws could allow hackers to escape Docker containers (32:58) - Story # 5: List of AI Tools Promoted by Threat Actors in Underground Forums and Their Capabilities (40:00) - Story # 5b: GTIG AI Threat Tracker: Advances in Threat Actor Usage of AI Tools (56:37) - BHIS Webcast – X-Typhoon - Not your Father's China with John Strand

Register for FREE Infosec Webcasts, Anti-casts & Summits – https://poweredbybhis.com00:00 - PreShow Banter™ — Musical Views of the Universe04:05 - – BHIS - Talkin’ Bout [infosec] News 2025-11-0304:39 - Story # 1: Ransomware profits drop as victims stop paying hackers06:22 - Chart since 201916:06 - Story # 2: More than a million people every week show suicidal intent when chatting with ChatGPT, OpenAI estimates33:02 - Story # 3: 10M people watched a YouTuber shim a lock; the lock company sued him. Bad idea.41:18 - Story # 4: ‘Dangerous’ YouTube videos struck down for bypassing Windows 11 account setup [Update: Restored]47:13 - Story # 5: Chicago firm that resolves ransomware attacks had rogue workers carrying out their own hacks, FBI says51:08 - Story # 6: Microsoft: DNS outage impacts Azure and Microsoft 365 services54:33 - Story # 7: EY Data Leak – Massive 4TB SQL Server Backup Exposed Publicly on Microsoft Azure55:22 - Stordy # 8: Black Hat Europe 2025 Arsenal: 8 AI Security Tools Transforming Cybersecurity (00:00) - PreShow Banter™ — Musical Views of the Universe (04:04) - Ransomware Victims Stop Paying Hackers – BHIS - Talkin' Bout [infosec] News 2025-11-03 (04:38) - Story # 1: Ransomware profits drop as victims stop paying hackers (06:22) - Chart since 2019 (thumbnail) (16:06) - Story # 2: More than a million people every week show suicidal intent when chatting with ChatGPT, OpenAI estimates (33:02) - Story # 3: 10M people watched a YouTuber shim a lock; the lock company sued him. Bad idea. (41:18) - Story # 4: ‘Dangerous’ YouTube videos struck down for bypassing Windows 11 account setup [Update: Restored] (47:12) - Story # 5: Chicago firm that resolves ransomware attacks had rogue workers carrying out their own hacks, FBI says (51:07) - Story # 6: Microsoft: DNS outage impacts Azure and Microsoft 365 services (54:33) - Story # 7: EY Data Leak – Massive 4TB SQL Server Backup Exposed Publicly on Microsoft Azure (55:22) - Story # 8: Black Hat Europe 2025 Arsenal: 8 AI Security Tools Transforming Cybersecurity

Register for FREE Infosec Webcasts, Anti-casts & Summits – https://poweredbybhis.comThe BHIS crew breaks down the latest cybersecurity stories making waves — from data breaches and malware campaigns to privacy issues, exploit trends, and tech policy shake-ups. Join our panel of security pros for expert analysis, sharp humor, and practical insights you can actually use. Whether it’s social engineering, AI-powered attacks, or bizarre security headlines, we dig into what matters most for defenders and curious minds alike. Stay informed, entertained, and one step ahead in the ever-changing world of infosec.00:00:00 - PreShow Banter™ — The Cost of War.xyz00:03:42 - The AI Browser Wars - BHIS - Talkin’ Bout [infosec] News 2025-10-2700:04:04 - Story # 1: Smart bed owners experience AWS outage nightmare as they’re left sweating and stuck in upright position00:10:49 - Story # 2: Robots May Replace 600,000 Human Employees at Amazon00:14:40 - Story # 3: Meet Mico, Microsoft’s AI version of Clippy00:20:59 - Story # 4: Exploitation of Windows Server Update Services Remote Code Execution Vulnerability00:26:31 - Story # 5: Ex-L3Harris executive accused of selling trade secrets to Russia00:31:29 - Story # 6: Introducing ChatGPT Atlas00:43:34 - Story # 7: ‘Phased Out’—Google Confirms Bad News For 3 Billion Chrome Users00:52:26 - Story # 8: The Y2K38 Bug Is a Vulnerability, Not Just a Date Problem, Researchers Warn01:00:16 - Story # 9: KFC Venezuela Alleged Data Breach – 1 Million Customer Records Exposed (00:00) - PreShow Banter™ — The Cost of War.xyz (03:42) - The AI Browser Wars - BHIS - Talkin' Bout [infosec] News 2025-10-27 (04:04) - Story # 1: Smart bed owners experience AWS outage nightmare as they're left sweating and stuck in upright position (10:48) - Story # 2: Robots May Replace 600,000 Human Employees at Amazon (14:40) - Story # 3: Meet Mico, Microsoft’s AI version of Clippy (20:58) - Story # 4: Exploitation of Windows Server Update Services Remote Code Execution Vulnerability (26:30) - Story # 5: Ex-L3Harris executive accused of selling trade secrets to Russia (31:28) - Story # 6: Introducing ChatGPT Atlas (43:34) - Story # 7: ‘Phased Out’—Google Confirms Bad News For 3 Billion Chrome Users (52:25) - Story # 8: The Y2K38 Bug Is a Vulnerability, Not Just a Date Problem, Researchers Warn (01:00:15) - Story # 9: KFC Venezuela Alleged Data Breach – 1 Million Customer Records Exposed

Register for FREE Infosec Webcasts, Anti-casts & Summits – https://poweredbybhis.com00:00:00 - PreShow Banter™ — AWS Snow Day Party00:11:31 - Online Book Store Takes Down Half of the Internet - BHIS - Talkin’ Bout [infosec] News 2025-10-2000:12:12 - Story # 1: F5 says hackers stole undisclosed BIG-IP flaws, source code00:35:11 - Story # 2: Newsom signs age verification law, siding with tech giants over Hollywood00:48:39 - Story # 3: Researchers find a startlingly cheap way to steal your secrets from space00:55:04 - Story # 4: Jeff Bezos Has a Plan to Curb AI’s Carbon Footprint: Send Data Centers to Space01:02:22 - Story # 5: SolarWinds Security Chief reflects on the Russian hack that exposed US government agencies (00:00) - PreShow Banter™ — AWS Snow Day Party (11:30) - Online Book Store Takes Down Half of the Internet - BHIS - Talkin' Bout [infosec] News 2025-10-20 (12:12) - Story # 1: F5 says hackers stole undisclosed BIG-IP flaws, source code (35:10) - Story # 2: Newsom signs age verification law, siding with tech giants over Hollywood (48:39) - Story # 3: Researchers find a startlingly cheap way to steal your secrets from space (55:03) - Story # 4: Jeff Bezos Has a Plan to Curb AI’s Carbon Footprint: Send Data Centers to Space (01:02:21) - Story # 5: SolarWinds Security Chief reflects on the Russian hack that exposed US government agencies

Register for FREE Infosec Webcasts, Anti-casts & Summits – https://poweredbybhis.com00:00 - PreShow Banter™ — A Real Podcast03:15 - Hackers claim Discord breach exposed data of 5.5 million users – BHIS - Talkin' Bout [infosec] News 2025-10-1305:44 - Story # 1: CamoLeak: Critical GitHub Copilot Vulnerability Leaks Private Source Code24:27 - Story # 2: Hackers claim Discord breach exposed data of 5.5 million users36:52 - Story # 3: Velociraptor leveraged in ransomware attacks46:47 - Story # 4: Huntress Threat Advisory: Widespread SonicWall SSLVPN Compromise54:48 - CTF Challenge (00:00) - PreShow Banter™ — A Real Podcast (03:14) - Hackers claim Discord breach exposed data of 5.5 million users – BHIS - Talkin' Bout [infosec] News 2025-10-13 (05:43) - Story # 1: CamoLeak: Critical GitHub Copilot Vulnerability Leaks Private Source Code (24:26) - Story # 2: Hackers claim Discord breach exposed data of 5.5 million users (36:52) - Story # 3: Velociraptor leveraged in ransomware attacks (46:46) - Story # 4: Huntress Threat Advisory: Widespread SonicWall SSLVPN Compromise (54:48) - CTF Challenge