OnlyFans Models Are Accidental Blue Team Defenders - 2026-07-13
This week, the team unpacks a wide range of cybersecurity news, including a fraudulent offensive security startup tied to cybercriminals, how leaked OnlyFans content is inadvertently helping defenders identify compromised government websites, and new vishing attacks targeting Microsoft Entra passkey enrollment. They also examine AI prompt injection risks in GitHub workflows, malware campaigns abusing hundreds of GitHub repositories and Go packages, Microsoft's latest identity security developments, and the growing push for online age verification through government-issued IDs and selfies.
Join us LIVE on Mondays, 4:30pm EST.
A weekly Podcast with BHIS and Friends. We discuss notable Infosec, and infosec-adjacent news stories gathered by our community news team.
https://www.youtube.com/@BlackHillsInformationSecurity
Chat with us on Discord! -
https://discord.gg/bhis
🔴live-event-chat
Chapters
Links
Story #1 - Felons, Fraudsters Flog Offensive Cybersecurity Startup
Story #2 - OnlyFans Models Are Accidentally Making Hacked Government Websites Disappear
Story #3 - Vishing actors target Entra passkey enrollment
Story #4 - GitLost: How We Tricked GitHub’s AI Agent into Leaking Private Repos
Story #5 - Network of 200 GitHub Repositories Used for Malware Infection
Story #6 - Microsoft admits Windows 11 has a GDID tracker with no off switch, first documented publicly in an FBI hacker complaint
Story #7 - EU Reddit Users Must Verify Age With Government ID or Selfie
Story #8 - Risky Bulletin: All new cars to include a camera aimed at the driver’s face
Click here to watch this episode on YouTube.
🔗 Register for FREE Infosec Webcasts, Anti-casts & Summits
Join us LIVE on Mondays, 4:30pm EST.
A weekly Podcast with BHIS and Friends. We discuss notable Infosec, and infosec-adjacent news stories gathered by our community news team.
https://www.youtube.com/@BlackHillsInformationSecurity
Chat with us on Discord! -
https://discord.gg/bhis
🔴live-event-chat
Chapters
- (00:00) - PreShow Banter™ — The New Mainframes
- (05:24) - OnlyFans Models are Accidental Blue Team Defenders - 2026-07-13
- (06:23) - Story #1 - Felons, Fraudsters Flog Offensive Cybersecurity Startup
- (15:37) - Story #2 - OnlyFans Models Are Accidentally Making Hacked Government Websites Disappear
- (20:37) - Story #3 - Vishing actors target Entra passkey enrollment
- (32:44) - Story #4 - GitLost: How We Tricked GitHub’s AI Agent into Leaking Private Repos
- (46:32) - Story #5 - Network of 200 GitHub Repositories Used for Malware Infection
- (48:13) - Story #6 - Microsoft admits Windows 11 has a GDID tracker with no off switch, first documented publicly in an FBI hacker complaint
- (53:53) - Story #7 - EU Reddit Users Must Verify Age With Government ID or Selfie
- (59:39) - Story #8 - Risky Bulletin: All new cars to include a camera aimed at the driver's face
Links
Story #1 - Felons, Fraudsters Flog Offensive Cybersecurity Startup
Story #2 - OnlyFans Models Are Accidentally Making Hacked Government Websites Disappear
Story #3 - Vishing actors target Entra passkey enrollment
Story #4 - GitLost: How We Tricked GitHub’s AI Agent into Leaking Private Repos
Story #5 - Network of 200 GitHub Repositories Used for Malware Infection
Story #6 - Microsoft admits Windows 11 has a GDID tracker with no off switch, first documented publicly in an FBI hacker complaint
Story #7 - EU Reddit Users Must Verify Age With Government ID or Selfie
Story #8 - Risky Bulletin: All new cars to include a camera aimed at the driver’s face
Click here to watch this episode on YouTube.
🔗 Register for FREE Infosec Webcasts, Anti-casts & Summits
Brought to you by:
Black Hills Information Security
☯️ Introducing BHIS Fusion Penetration Testing
https://www.blackhillsinfosec.com/fusion-penetration-testing/
Antisyphon Training
Active Countermeasures
Wild West Hackin Fest
Episode Video
Creators and Guests
Host
Bronwen Aker
Bronwen Aker is a BHIS Technical Editor who joined full-time in 2022 after years of contract work, bringing decades of web development and technical training experience to her roles in editing pentest reports, enhancing QA/QC processes, and improving public websites, and who enjoys sci-fi/fantasy, Animal Crossing, and dogs outside of work.
Host
John Strand
John Strand has both consulted and taught hundreds of organizations in the areas of security, regulatory compliance, and penetration testing. He is a coveted speaker and much loved SANS teacher. John is a contributor to the industry-shaping Penetration Testing Execution Standard and 20 Critical Controls frameworks.
Host
Ralph May
Ralph is a U.S. Army veteran and former DoD contractor who supported the United States Special Operations Command (USSOCOM) with information security challenges and threat actor simulations. Over the past decade, he has provided offensive security services at Optiv Security and Black Hills Information Security (BHIS) across various industries. His expertise spans network, physical, and wireless penetration testing, social engineering, and advanced adversarial emulation through red and purple team assessments. Ralph has developed several tools, including Bitor (set to release in January 2025) and Warhorse, which enhance efficiency in penetration testing infrastructure and operations. He has spoken at numerous conferences, including DEF CON, Black Hat, Hack Miami, B-Sides Tampa, and Hack Space Con.
Host
Wade Wells
Wade Wells has been working in cybersecurity for a decade, focusing on detection engineering, threat intelligence, and defensive operations. Wade currently works as a Lead Detection Engineer at 1Password, where he helps build and mature scalable detection programs. Outside of his day-to-day work, Wade is deeply involved in the security community through teaching, mentoring, podcasting, and running local events
Guest
Doc Blackburn
Doc Blackburn is a seasoned (old) cybersecurity instructor with decades of experience in IT, security, and compliance. Over his career, he has worked in many areas of IT, including systems administration, programming, network design, cloud services, web development, and risk management, bringing a broad technical foundation to his teaching. For more than 13 years, Doc has trained students and professionals to understand, implement, and maintain effective security practices, drawing on real-world consulting experience in compliance frameworks such as NIST SP 800-171, CIS Critical Controls, and MITRE ATT&CK. Known for making complex concepts accessible to all audiences, he blends technical depth with practical insights, preparing learners to address today’s evolving cyber threats.
Guest
Jake Hildreth
Jake Hildreth is a Principal Security Consultant at Semperis, Microsoft MVP, and longtime builder of tools that make identity security suck a little less. With nearly 25 years in IT (and the battle scars to prove it), he specializes in helping orgs secure Active Directory and survive the baroque disaster that is Active Directory Certificate Services. He’s the creator of Locksmith, BlueTuxedo, and PowerPUG!, open-source tools built to make life easier for overworked identity admins. When he’s not untangling Kerberos or wrangling DNS, he’s usually hanging out with his favorite people and most grounding reality check: his wife and daughter.
Guest
Mishaal Khan
Mishaal is a highly respected figure in cybersecurity, with expertise in ethical hacking, Open Source Intelligence (OSINT), social engineering, and privacy. Mishaal’s engaging approach involves live demos, making cybersecurity accessible and enjoyable, while his strength lies in rapidly enhancing organizations’ security posture, saving time and budget.