Artemis Astronaut's Bad Outlooks - 2026-04-06
This episode covers several major cybersecurity and tech news stories, including a sophisticated NPM supply chain attack that compromised the widely used Axios library through advanced social engineering, and the broader implications for software security. The hosts also discuss the accidental leak of Anthropic’s Claude codebase, what it reveals about AI development practices, and the risks of misconfigurations exposing sensitive systems. Additional conversation touches on AI reliability, “vibe-coded” software, and the growing role of AI in both development and attack techniques.
Join us LIVE on Mondays, 4:30pm EST.
A weekly Podcast with BHIS and Friends. We discuss notable Infosec, and infosec-adjacent news stories gathered by our community news team.
https://www.youtube.com/@BlackHillsInformationSecurity
Chat with us on Discord! -
https://discord.gg/bhis
🔴live-chat
Chapters
Links
The Absolute Truths of Cybersecurity with Doc Blackburn
Professionally Evil API Testing: AAA and Keys are Not Just for Cars
Story # 1: Post Mortem: axios npm supply chain compromise
Story # 2: Artemis II astronaut: ‘I have two Microsoft Outlooks, and neither one of those are working’
Story # 3: Microsoft Copilot Terms of Service Label Copilot is for Entertainment Purposes Only
Story # 4: Here’s what that Claude Code source leak reveals about Anthropic’s plans
Story # 4b: https://neuromatch.social/@jonny/116325123136895805
Story # 5: Meta freezes AI data work after breach puts training secrets at risk
Story # 6: Possible US Government iPhone Hacking Tool Leaked
Story # 7: FBI labels data breach ‘major incident,’ notifies Congress
Story # 8: vSphere and BRICKSTORM Malware: A Defender’s Guide
Story # 9: CBP Facility Codes Sure Seem to Have Leaked Via Online Flashcards
ChickenSec: Why did the chicken wear a reflective vest? To cross the road of course
Click here to watch this episode on YouTube.
🔗 Register for FREE Infosec Webcasts, Anti-casts & Summits
Join us LIVE on Mondays, 4:30pm EST.
A weekly Podcast with BHIS and Friends. We discuss notable Infosec, and infosec-adjacent news stories gathered by our community news team.
https://www.youtube.com/@BlackHillsInformationSecurity
Chat with us on Discord! -
https://discord.gg/bhis
🔴live-chat
Chapters
- (00:00) - PreShow Banter™ — Professional Sitters
- (04:36) - Artemis Astronaut's Bad Outlooks - 2026-04-06
- (07:12) - The Absolute Truths of Cybersecurity with Doc Blackburn
- (08:52) - Professionally Evil API Testing: AAA and Keys are Not Just for Cars
- (09:35) - Story # 1: Post Mortem: axios npm supply chain compromise
- (19:54) - Story # 2: Artemis II astronaut: 'I have two Microsoft Outlooks, and neither one of those are working'
- (26:02) - Story # 3: Microsoft Copilot Terms of Service Label Copilot is for Entertainment Purposes Only
- (30:13) - Story # 4: Here’s what that Claude Code source leak reveals about Anthropic’s plans
- (35:03) - Story # 4b: https://neuromatch.social/@jonny/116325123136895805
- (37:57) - Story # 5: Meta freezes AI data work after breach puts training secrets at risk
- (41:40) - Story # 6: Possible US Government iPhone Hacking Tool Leaked
- (44:32) - Story # 7: FBI labels data breach ‘major incident,’ notifies Congress
- (46:58) - Story # 8: vSphere and BRICKSTORM Malware: A Defender's Guide
- (52:12) - Story # 9: CBP Facility Codes Sure Seem to Have Leaked Via Online Flashcards
- (01:04:26) - ChickenSec: Why did the chicken wear a reflective vest? To cross the road of course
Links
The Absolute Truths of Cybersecurity with Doc Blackburn
Professionally Evil API Testing: AAA and Keys are Not Just for Cars
Story # 1: Post Mortem: axios npm supply chain compromise
Story # 2: Artemis II astronaut: ‘I have two Microsoft Outlooks, and neither one of those are working’
Story # 3: Microsoft Copilot Terms of Service Label Copilot is for Entertainment Purposes Only
Story # 4: Here’s what that Claude Code source leak reveals about Anthropic’s plans
Story # 4b: https://neuromatch.social/@jonny/116325123136895805
Story # 5: Meta freezes AI data work after breach puts training secrets at risk
Story # 6: Possible US Government iPhone Hacking Tool Leaked
Story # 7: FBI labels data breach ‘major incident,’ notifies Congress
Story # 8: vSphere and BRICKSTORM Malware: A Defender’s Guide
Story # 9: CBP Facility Codes Sure Seem to Have Leaked Via Online Flashcards
ChickenSec: Why did the chicken wear a reflective vest? To cross the road of course
Click here to watch this episode on YouTube.
🔗 Register for FREE Infosec Webcasts, Anti-casts & Summits
Brought to you by:
Black Hills Information Security
Antisyphon Training
Active Countermeasures
Wild West Hackin Fest
Episode Video
Creators and Guests
Host
Bronwen Aker
Bronwen Aker is a BHIS Technical Editor who joined full-time in 2022 after years of contract work, bringing decades of web development and technical training experience to her roles in editing pentest reports, enhancing QA/QC processes, and improving public websites, and who enjoys sci-fi/fantasy, Animal Crossing, and dogs outside of work.
Host
Corey Ham
Corey Ham has been with Black Hills Information Security (BHIS) since 2021 delivering red teaming and OSINT services. Currently, Corey leads the ANTISOC team at BHIS, providing subscription-based continuous red teaming to BHIS clients. Outside of his time at BHIS, you can find him out in the woods or up on a mountain somewhere.
Host
Ralph May
Ralph is a U.S. Army veteran and former DoD contractor who supported the United States Special Operations Command (USSOCOM) with information security challenges and threat actor simulations. Over the past decade, he has provided offensive security services at Optiv Security and Black Hills Information Security (BHIS) across various industries. His expertise spans network, physical, and wireless penetration testing, social engineering, and advanced adversarial emulation through red and purple team assessments. Ralph has developed several tools, including Bitor (set to release in January 2025) and Warhorse, which enhance efficiency in penetration testing infrastructure and operations. He has spoken at numerous conferences, including DEF CON, Black Hat, Hack Miami, B-Sides Tampa, and Hack Space Con.
Host
Wade Wells
Wade Wells has been working in cybersecurity for a decade, focusing on detection engineering, threat intelligence, and defensive operations. Wade currently works as a Lead Detection Engineer at 1Password, where he helps build and mature scalable detection programs. Outside of his day-to-day work, Wade is deeply involved in the security community through teaching, mentoring, podcasting, and running local events
Guest
Doc Blackburn
Doc Blackburn is a seasoned (old) cybersecurity instructor with decades of experience in IT, security, and compliance. Over his career, he has worked in many areas of IT, including systems administration, programming, network design, cloud services, web development, and risk management, bringing a broad technical foundation to his teaching. For more than 13 years, Doc has trained students and professionals to understand, implement, and maintain effective security practices, drawing on real-world consulting experience in compliance frameworks such as NIST SP 800-171, CIS Critical Controls, and MITRE ATT&CK. Known for making complex concepts accessible to all audiences, he blends technical depth with practical insights, preparing learners to address today’s evolving cyber threats.
Guest
Jennifer Shannon
Jennifer is a Senior Security Consultant with Secure Ideas with a background in malware analysis, penetration testing, and teaching. She graduated with honors from Florida State College at Jacksonville’s networking program. An avid computer geek for most of her life, she began her journey in cybersecurity as a SOC Analyst where she showed an aptitude for both penetration testing and malware analysis. She was quickly promoted into a role that capitalized on her abilities.
Producer
Ryan Poirier
Ryan Poirier began his time at Black Hills Information Security (BHIS) as the Video Producer and Editor in August 2020. Ryan polishes and perfects every webcast, podcast, and workshop on the BHIS, ACM, and WWHF YouTube Channels. Prior to Ryan’s time at BHIS, he worked for one of the largest public schools in the United States, conducting their video production and live broadcasting. He joined the BHIS team because he felt like it would be a great group of people to work with, and he couldn’t pass up the perfect next step in his career. Outside of his time with BHIS, Ryan does freelance photography, attends Cars & Coffee events, and expands his knowledge of audio and videos.