Polymarket's Bad Bet with Third-Party Vendors - 2026-06-29
S6:E26

Polymarket's Bad Bet with Third-Party Vendors - 2026-06-29

This week on BHIS - Talkin' Bout [infosec] News, the team discusses the Polymarket supply chain compromise that led to the theft of millions from a small number of high-value accounts, emerging phishing campaigns abusing OpenAI invitations and Microsoft 365 device code authentication, and recent Oracle security updates. They also cover convictions tied to the Transport for London and U.S. healthcare intrusions, Google's Android earthquake warning system, concerns over MITRE ATT&CK evaluation methodology, and the ongoing debate surrounding threat intelligence researchers interacting with cybercriminals.

Join us LIVE on Mondays, 4:30pm EST.
A weekly Podcast with BHIS and Friends. We discuss notable Infosec, and infosec-adjacent news stories gathered by our community news team.
https://www.youtube.com/@BlackHillsInformationSecurity

Chat with us on Discord! -
https://discord.gg/bhis
🔴live-chat


Chapters
  • (00:00) - PreShow Banterâ„¢ — The Next Webcast Thing
  • (00:14) - Polymarket's Bad Bet with Third-Party Vendors - 2026-06-29
  • (03:56) - Story #1 - It's looking like a hot, messy summer for security teams as AI finds countless previously hidden vulns
  • (07:49) - Story #2 - FBI issues urgent Kali365 security warning for Teams, Outlook, OneDrive users
  • (08:55) - Story #3 - heavener: This is what happens when you can't afford EDR licenses
  • (18:50) - Story #4 - Ex-Huntress analyst claims company insider fed info to a ransomware crim. Social media drama ensues
  • (31:59) - Story #5 - I Could've Rickrolled the Entire FIFA World Cup. All I Needed Was My ID.
  • (36:14) - Story #6 - CISA Adds Four Known Exploited Vulnerabilities to Catalog
  • (37:09) - Story #7 - Victory! 702 has Expired!
  • (37:43) - Story #8 - Scattered Spider Hackers Plead Guilty on Day 1 of Trial
  • (40:52) - Story #9 - Polymarket customers lose $3 million in supply-chain attack
  • (44:56) - Story #10 - Bad cybersecurity by Secret Service agents put US officials at risk, inspector general says
  • (49:31) - Story #11 - How Android Earthquake Alerts System Works
  • (53:47) - Story #12 - Cybersecurity firms targeted by fraudulent OpenAI organization invites
  • (59:34) - Story #13a - The Trojan horse of cybercrime: Weaponizing SaaS notification pipelines
  • (59:59) - Story #13b - Order-tracking app Shop abused to push callback phishing attacks
  • (01:04:29) - Chinese AI vs. Anthropic Mythos | BHIS [In Focus]

Links
Story #1 - It’s looking like a hot, messy summer for security teams as AI finds countless previously hidden vulns
Story #2 - FBI issues urgent Kali365 security warning for Teams, Outlook, OneDrive users
Story #3 - heavener: This is what happens when you can’t afford EDR licenses
Story #4 - Ex-Huntress analyst claims company insider fed info to a ransomware crim. Social media drama ensues
Story #5 - I Could’ve Rickrolled the Entire FIFA World Cup. All I Needed Was My ID.
Story #6 - CISA Adds Four Known Exploited Vulnerabilities to Catalog
Story #7 - Victory! 702 has Expired!
Story #8 - Scattered Spider Hackers Plead Guilty on Day 1 of Trial
Story #9 - Polymarket customers lose $3 million in supply-chain attack
Story #10 - Bad cybersecurity by Secret Service agents put US officials at risk, inspector general says
Story #11 - How Android Earthquake Alerts System Works
Story #12 - Cybersecurity firms targeted by fraudulent OpenAI organization invites
Story #13a - The Trojan horse of cybercrime: Weaponizing SaaS notification pipelines
Story #13b - Order-tracking app Shop abused to push callback phishing attacks
Chinese AI vs. Anthropic Mythos | BHIS [In Focus]

Click here to watch this episode on YouTube.




🔗 Register for FREE Infosec Webcasts, Anti-casts & Summits 

Brought to you by:
Black Hills Information Security 

Antisyphon Training

Active Countermeasures

Wild West Hackin Fest

Episode Video

Creators and Guests

Bronwen Aker
Host
Bronwen Aker
Bronwen Aker is a BHIS Technical Editor who joined full-time in 2022 after years of contract work, bringing decades of web development and technical training experience to her roles in editing pentest reports, enhancing QA/QC processes, and improving public websites, and who enjoys sci-fi/fantasy, Animal Crossing, and dogs outside of work.
Corey Ham
Host
Corey Ham
Corey Ham has been with Black Hills Information Security (BHIS) since 2021 delivering red teaming and OSINT services. Currently, Corey leads the ANTISOC team at BHIS, providing subscription-based continuous red teaming to BHIS clients. Outside of his time at BHIS, you can find him out in the woods or up on a mountain somewhere.
Hayden Covington
Host
Hayden Covington
Hayden Covington joined Black Hills Information Security (BHIS) in the Summer of 2022 as a SOC Analyst. He chose BHIS after hearing many great things over the years and seeing the quality of work, as well as finding people who have the same passion for the field as he does. His favorite part of the job so far has been the community. Previously, Hayden worked in a SOC for a Naval contractor, where he also served as their SOAR project manager and SME, as well as insider threat lead. When he’s not working, Hayden can be found doing anything athletic (like triathlons!), as well as enjoying video gaming and Formula 1.
John Strand
Host
John Strand
John Strand has both consulted and taught hundreds of organizations in the areas of security, regulatory compliance, and penetration testing. He is a coveted speaker and much loved SANS teacher. John is a contributor to the industry-shaping Penetration Testing Execution Standard and 20 Critical Controls frameworks.
Ralph May
Host
Ralph May
Ralph is a U.S. Army veteran and former DoD contractor who supported the United States Special Operations Command (USSOCOM) with information security challenges and threat actor simulations. Over the past decade, he has provided offensive security services at Optiv Security and Black Hills Information Security (BHIS) across various industries. His expertise spans network, physical, and wireless penetration testing, social engineering, and advanced adversarial emulation through red and purple team assessments. Ralph has developed several tools, including Bitor (set to release in January 2025) and Warhorse, which enhance efficiency in penetration testing infrastructure and operations. He has spoken at numerous conferences, including DEF CON, Black Hat, Hack Miami, B-Sides Tampa, and Hack Space Con.
Wade Wells
Host
Wade Wells
Wade Wells has been working in cybersecurity for a decade, focusing on detection engineering, threat intelligence, and defensive operations. Wade currently works as a Lead Detection Engineer at 1Password, where he helps build and mature scalable detection programs. Outside of his day-to-day work, Wade is deeply involved in the security community through teaching, mentoring, podcasting, and running local events