エピソード

  • Old Backdoors, Ghost Phishing, and Borrowed AI
    2026/07/13

    This episode breaks down a Tenda router backdoor that turns out to be three years old, a phishing kit called EvilTokens that hides until a victim's browser builds it, and CISA turning Anthropic's Mythos model on the government's own code, plus a sit-down with IoT researcher Matt Evans on why Tenda keeps getting away with it.

    Security Headlines:

    · CERT/CC Warns of Hidden Admin Backdoor in Tenda Router Firmware, The Hacker News

    · New Ghost Phishing Wave Is Breaking Traditional Email Security, The Hacker News

    · CISA Reportedly Using Anthropic’s Mythos to Scan Government Software for Flaws, Security Week

    Also mentioned:

    · Blog: Matt ‘uturn’ Evans

    · Event: Boston Security Meetup 2026

    · Workshop: Social Engineering: How to Build Pressure-Proof Pretexts

    · Virtual Session: The Prioritization Problem: Why More Findings Don’t Mean Less Risk

    Join the conversation in the Bishop Fox Discord server and in the new Bishop Fox subreddit.

    続きを読む 一部表示
    38 分
  • Cisco Root Access, FortiBleed Credentials, Sparkplug Fuzzing, AI Arms Race
    2026/07/06

    This episode breaks down a Cisco flaw exploited within 24 hours of disclosure, a credential-harvesting campaign that hit 430,000+ FortiGate firewalls, and what Fable's restricted return and China's Tulongfeng mean for controlling offensive AI. Plus, a sit-down with Bishop Fox's Shad Malloy on building the first open-source Sparkplug B fuzzer for ICS environments.

    Security Headlines:

    • In Less Than 24 Hours, Attackers Weaponize Cisco CUCM Flaw, Dark Reading
    • FortiBleed campaign steals 110M credentials from FortiGate targets, SC Media
    • Buckle Up: The Bad Guys Now Have A Model As Powerful As Mythos, Forbes

    Also Mentioned:

    • Research: On Favicons: From Browser Icons to Attack Surface Intelligence
    • Event: Summercon 2026
    • Event: San Diego Comic-Con 2026

    Join the conversation in the Bishop Fox Discord Server.

    続きを読む 一部表示
    48 分
  • FIFA Takeover, FFMpeg RCE, Klue Breach, Hardware Hacking
    2026/06/29

    This episode breaks down a public FIFA signup form wired straight to World Cup broadcast controls, an FFmpeg RCE buried in half your media apps, a SaaS breach cascading through delegated OAuth, and home routers conscripted into proxy infrastructure, plus a sit-down with Bishop Fox's Marco Sanchez on hardware hacking.

    Security Headlines:

    • I Could've Rickrolled the Entire FIFA World Cup. All I Needed Was My ID, BobDaHacker
    • FFmpeg fixes PixelSmash flaw in widely used video decoder, BleepingComputer
    • Klue hack results in data breach at several cybersecurity firms, TechCrunch
    • How Hackers Found a Back Door Into the American Living Room, The Wall Street Journal

    Also Mentioned:

    • Workshop: Debug to Root: A Friendly Introduction to Hardware Hacking (available in English and Spanish)
    • Virtual Session: Beyond the Hype: What Mythos Actually Means for Security Teams
    • Event: SummerCon 2026
    • XKCD Comic: Dependency

    Join the conversation in the Bishop Fox Discord Server.

    続きを読む 一部表示
    51 分
  • Pokémon GO, ServiceNow Auth Flaw, and the Anthropic Model Pulldown
    2026/06/22

    This episode explores what happens when the systems people trust quietly extend into domains they never agreed to. A Pokémon GO AR dataset trained a Visual Positioning System now adjacent to military drone navigation. A ServiceNow authentication flaw handed attackers read access to the operational core of enterprise IT. And the US government pulled two frontier AI models off the market over a jailbreak, with no established framework to bring them back.

    続きを読む 一部表示
    55 分
  • Linux NFTables Root Exploit, Gemini Prompt Injection, and Cisco SD-WAN Zero-Day
    2026/06/15

    This episode explores how the attack surface keeps expanding at every layer — from a single inverted kernel character enabling unauthenticated root, to AI assistants weaponized as system-wide IPC through notification injection, a Cisco SD-WAN zero-day giving attackers control of enterprise routing fabric, and the week's unavoidable elephant: whether Claude Fable V's guardrails actually hold.

    続きを読む 一部表示
    36 分
  • Forged VPN Sessions, Autonomous AI Worm, and Hotel Reservation Hijacking
    2026/06/09

    This episode explores how attackers live in the gap between what a system can verify and what it settles for from forged GlobalProtect VPN sessions to an autonomous AI worm, a social-engineered Meta support bot, voice-phished Salesforce access, and hotel reservation hijacking.

    続きを読む 一部表示
    49 分
  • Custom Payload Evasion, Chained Network-to-Physical Breach, and Satellite Hacking
    2026/06/01

    This episode goes inside the Bishop Fox Red Team — exploring how AI accelerates custom payload evasion and social engineering at scale, what a chained network-to-physical breach looks like in practice, and why satellites and gas pumps are reachable from the public internet right now.

    続きを読む 一部表示
    47 分
  • VS Code Supply Chain Attack, Microsoft Exchange Zero-Day, and AI-Accelerated Vulnerability Discovery
    2026/05/26

    This episode explores how attackers exploit infrastructure that became load-bearing before anyone secured it from a malicious VS Code extension that compromised thousands of GitHub repositories and an actively exploited Exchange zero-day, to Cisco SD-WAN auth bypasses, AI chaining low-severity bugs into real attack paths, and AWS GovCloud credentials left exposed in a public repo.

    続きを読む 一部表示
    27 分