Talkin' Bout [Infosec] News

Listen Anywhere

Apple Podcasts Spotify Pocket Casts Amazon Music YouTube
Shai-Hulud malware leaks secrets on GitHub – 2025-11-24
S:E1

Shai-Hulud malware leaks secrets on GitHub – 2025-11-24

Register for FREE Infosec Webcasts, Anti-casts & Summits – https://poweredbybhis.com

Chapters
  • (00:00) - PreShow Banter™ — Stressed about lithium batteries
  • (04:59) - Shai-Hulud malware leaks secrets on GitHub – BHIS - Talkin' Bout [infosec] News 2025-11-24
  • (05:57) - Story # 1: Shai-Hulud malware infects 500 npm packages, leaks secrets on GitHub
  • (11:18) - Story # 2: CrowdStrike catches insider feeding information to hackers
  • (15:50) - Story # 3: Fidelity sues Broadcom over access to key software to avoid outages
  • (22:17) - Story # 4: NetApp sues former CTO for alleged data breach
  • (26:48) - Story # 5: CrowdStrike Research: Security Flaws in DeepSeek-Generated Code Linked to Political Triggers
  • (36:05) - Story # 6: A major Cloudflare outage took down large parts of the internet - X, ChatGPT and more were affected, but all recovered now
  • (37:11) - Story # 6b: Cloudflare outage on November 18, 2025
  • (41:43) - Story # 7: Iran-Linked Hackers Mapped Ship AIS Data Days Before Real-World Missile Strike Attempt
  • (46:34) - Story # 8: This Hacker Conference Installed a Literal Antivirus Monitoring System
  • (51:10) - Story # 9: Microsoft to integrate Sysmon directly into Windows 11, Server 2025
  • (56:40) - Story # 10: Crypto and Carcasses: Undercover Sting Recovers $700K in Bitcoin Miners, Foils $75K Frozen Turkey Heist

News Links
Story # 1: Shai-Hulud malware infects 500 npm packages, leaks secrets on GitHub
Story # 2: CrowdStrike catches insider feeding information to hackers
Story # 3: Fidelity sues Broadcom over access to key software to avoid outages
Story # 4: NetApp sues former CTO for alleged data breach
Story # 5: CrowdStrike Research: Security Flaws in DeepSeek-Generated Code Linked to Political Triggers
Story # 6: A major Cloudflare outage took down large parts of the internet - X, ChatGPT and more were affected, but all recovered now
Story # 6b: Cloudflare outage on November 18, 2025
Story # 7: Iran-Linked Hackers Mapped Ship AIS Data Days Before Real-World Missile Strike Attempt
Story # 8: This Hacker Conference Installed a Literal Antivirus Monitoring System
Story # 9: Microsoft to integrate Sysmon directly into Windows 11, Server 2025
Story # 10: Crypto and Carcasses: Undercover Sting Recovers $700K in Bitcoin Miners, Foils $75K Frozen Turkey Heist

Brought to you by:

Black Hills Information Security 

Episode Video

Creators and Guests

Bronwen Aker
Host
Bronwen Aker
Bronwen Aker is a BHIS Technical Editor who joined full-time in 2022 after years of contract work, bringing decades of web development and technical training experience to her roles in editing pentest reports, enhancing QA/QC processes, and improving public websites, and who enjoys sci-fi/fantasy, Animal Crossing, and dogs outside of work.
Website Link
Corey Ham
Host
Corey Ham
Corey Ham has been with Black Hills Information Security (BHIS) since 2021 delivering red teaming and OSINT services. Currently, Corey leads the ANTISOC team at BHIS, providing subscription-based continuous red teaming to BHIS clients. Outside of his time at BHIS, you can find him out in the woods or up on a mountain somewhere.
LinkedIn GitHub Website Link
Hayden Covington
Host
Hayden Covington
Hayden Covington joined Black Hills Information Security (BHIS) in the Summer of 2022 as a SOC Analyst. He chose BHIS after hearing many great things over the years and seeing the quality of work, as well as finding people who have the same passion for the field as he does. His favorite part of the job so far has been the community. Previously, Hayden worked in a SOC for a Naval contractor, where he also served as their SOAR project manager and SME, as well as insider threat lead. When he’s not working, Hayden can be found doing anything athletic (like triathlons!), as well as enjoying video gaming and Formula 1.
Website Link
Aisling nic Lynne
Guest
Aisling nic Lynne "siriciryel"
Aisling nic Lynne is a cybersecurity practitioner with strong interest in privacy and forensics, all the way back to setting up GPG inside her AOL IMs in college. Her broad technical background includes being a sysop for a top-20 supercomputer, high-energy particle physics experiments, and aero engine engineering. She is a second-generation ttrpg player, handyma'am, and would collect more Star Wars LEGO sets if only she had a place to put them. Some people want to see the world burn; she wants to see people's eyes alight with understanding.
LinkedIn
Andy Pettit
Guest
Andy Pettit "Nerf"
Andy Pettit is a cybersecurity practitioner and lifelong builder with a hacker’s mindset, driven by deep curiosity and a desire to understand how systems truly work. He began coding in C at age 12 building custom MUDs and has been pulling systems apart ever since, focusing on gaps between design and real-world behavior. Andy brings a whole-business perspective from over a decade as managing partner of Clown Shoe Motorsports, shaping his views on risk, reliability, cost, and people. He volunteers with Black Hills Information Security and Antisyphon Training as a Nerd Herder and is a top 5% MetaCTF competitor, endurance racer, and HPDE instructor with NASA Texas Region.
LinkedIn
MaryEllen
Guest
MaryEllen
MaryEllen Kennel has held numerous roles in CyberSecurity, and is currently ranked top 1% in MetaCTF. MaryEllen has spoken at several conferences, including Magnet Forensics, KringleCon, and most recently, Wild West Hackin’ Fest in Deadwood, SD. MaryEllen grew up Mennonite, and treasures spending time with family.
Website Link