Bishop Fox
Initial Access
Bishop Fox offensive security researchers, experts, and hackers take a real look at the latest cybersecurity news headlines and have a straight take on them. The goal is simple: do you actually need to care about this, or is it just another variation of the same fundamental security problems we've been dealing with for years?
Autor
Bishop Fox
Categoría
Web del podcast
Último episodio
6 de jul. de 2026
¿Dónde escuchar?
Podcasts en la app Replaio Radio Muy prontoLos podcasts llegarán muy pronto a la app. Instálala ahora y sé el primero en descubrir una forma totalmente nueva de vivir los podcasts
Episodios
Cisco Root Access, FortiBleed Credentials, Sparkplug Fuzzing, AI Arms Race 06.07.2026 48:09
This episode breaks down a Cisco flaw exploited within 24 hours of disclosure, a credential-harvesting campaign that hit 430,000+ FortiGate firewalls, and what Fable's restricted return and China's Tulongfeng mean for controlling offensive AI. Plus, a sit-down with Bishop Fox's Shad Malloy on building the first open-source Sparkplug B fuzzer for ICS environments. Security Headlines: In Less Than...
FIFA Takeover, FFMpeg RCE, Klue Breach, Hardware Hacking 29.06.2026 51:07
This episode breaks down a public FIFA signup form wired straight to World Cup broadcast controls, an FFmpeg RCE buried in half your media apps, a SaaS breach cascading through delegated OAuth, and home routers conscripted into proxy infrastructure, plus a sit-down with Bishop Fox's Marco Sanchez on hardware hacking. Security Headlines: I Could've Rickrolled the Entire FIFA World Cup. All I Neede...
Pokémon GO, ServiceNow Auth Flaw, and the Anthropic Model Pulldown 22.06.2026 55:07
This episode explores what happens when the systems people trust quietly extend into domains they never agreed to. A Pokémon GO AR dataset trained a Visual Positioning System now adjacent to military drone navigation. A ServiceNow authentication flaw handed attackers read access to the operational core of enterprise IT. And the US government pulled two frontier AI models off the market over a jail...
Linux NFTables Root Exploit, Gemini Prompt Injection, and Cisco SD-WAN Zero-Day 15.06.2026 35:31
This episode explores how the attack surface keeps expanding at every layer — from a single inverted kernel character enabling unauthenticated root, to AI assistants weaponized as system-wide IPC through notification injection, a Cisco SD-WAN zero-day giving attackers control of enterprise routing fabric, and the week's unavoidable elephant: whether Claude Fable V's guardrails actually hold.
Forged VPN Sessions, Autonomous AI Worm, and Hotel Reservation Hijacking 09.06.2026 48:41
This episode explores how attackers live in the gap between what a system can verify and what it settles for from forged GlobalProtect VPN sessions to an autonomous AI worm, a social-engineered Meta support bot, voice-phished Salesforce access, and hotel reservation hijacking.
Custom Payload Evasion, Chained Network-to-Physical Breach, and Satellite Hacking 01.06.2026 46:44
This episode goes inside the Bishop Fox Red Team — exploring how AI accelerates custom payload evasion and social engineering at scale, what a chained network-to-physical breach looks like in practice, and why satellites and gas pumps are reachable from the public internet right now.
VS Code Supply Chain Attack, Microsoft Exchange Zero-Day, and AI-Accelerated Vulnerability Discovery 26.05.2026 26:42
This episode explores how attackers exploit infrastructure that became load-bearing before anyone secured it from a malicious VS Code extension that compromised thousands of GitHub repositories and an actively exploited Exchange zero-day, to Cisco SD-WAN auth bypasses, AI chaining low-severity bugs into real attack paths, and AWS GovCloud credentials left exposed in a public repo.
AI Zero-Day Exploit, CI/CD Supply Chain Poisoning, and Vibe-Coded Data Exposure 18.05.2026 45:36
This episode explores how modern development's trust assumptions keep failing in attackers' favor, from the first confirmed AI-written zero-day to a coordinated supply chain attack poisoning 518 million download paths, developer credential harvesting via rootkit, AWS SES abuse for phishing at scale, and thousands of vibe-coded apps leaking sensitive data in the open web.
Linux Kernel Exploit, GitHub RCE, and Canvas Cyberattack 11.05.2026 48:21
This episode explores how every layer of the stack has become an attack surface — from a privilege-escalating Linux kernel flaw and a GitHub infrastructure RCE to a poisoned RubyGems supply chain, a trojanized vendor installer, and a ransomware hit on centralized education infrastructure.
cPanel Auth Bypass, Claude AI Code Risks, and Trigona Ransomware 05.05.2026 33:56
This episode explores how access is being created, scaled, and kept with less friction, from a critical cPanel authentication bypass to AI-generated vulnerable code, AI-assisted attacks, persistent footholds in trusted systems, and stealthier data exfiltration.
Anthropic Tool Access, EU App Bypasses, and Active Zero-Days 28.04.2026 31:48
This episode explores how access control is breaking down across AI systems, consumer apps, and vulnerability management, from leaked AI tooling and bypassed EU verification apps to actively exploited Windows zero-days and growing strain on the NVD.
Trusted Tools, Hijacked Sessions & Cheap Paths to Big Access 20.04.2026 31:55
In this Initial Access episode, we look at how attackers are reusing trust that is already in place, from hijacked sessions and malicious browser extensions to overlooked industrial systems infrastructure and tightly controlled AI capabilities.
Project Glasswing: AI Vulnerability Discovery & Exploit 13.04.2026 22:37
In this special episode, we break down Anthropic’s Project Glasswing announcement and what it signals for the future of cybersecurity. At its core, Glasswing is a defensive initiative built around a new class of AI capability: models that can identify, exploit, and help remediate software vulnerabilities. The conversation goes beyond the announcement to unpack what this actually means in practice:...
GitHub Malware, DNS Hijacking, Ransomware Speed & AI Exploits 13.04.2026 41:02
In this Initial Access podcast episode, we examine how trust, speed, and automation are reshaping initial access across software supply chains, network infrastructure, and AI systems.
Inherited Access, AI Permissions, Supply Chain Attacks & Edge Exposure 07.04.2026 27:36
In this Initial Access podcast episode, we examine how attackers are inheriting access through trusted systems, default permissions, and unpatchable infrastructure.
Malvertising, Trusted Tools, Real-Time Attacks & Shrinking Windows 31.03.2026 30:01
In this Initial Access podcast episode, we examine how attackers are turning normal workflows and trusted systems into reliable paths for initial access as exploitation timelines continue to shrink.
Speed, Trust, and the Compromised Workbench 25.03.2026 36:04
In this Initial Access podcast episode, the team looks at several recent examples of that compression in action, from a supply chain compromise that led to AWS admin access, to malware spreading through GitHub, npm, and VS Code, to ClickFix lures that convince technical users to run malicious commands themselves.
Social Engineering, Phishing, Edge Device Exploits & AI-Assisted Attacks 15.03.2026 37:20
In this Initial Access episode, we examine how attackers are gaining initial access through social engineering, identity abuse, and vulnerable edge infrastructure. The team also discusses the rise of phishing-as-a-service platforms, leaked mobile exploit chains entering the criminal ecosystem, and how AI is accelerating reconnaissance and offensive tooling for both attackers and defenders.
AI Coding Agents, FortiGate Attacks, Surveillance & Identity Hacks 15.03.2026 27:54
In this Initial Access podcast episode, we cover AI coding agents operating inside developer environments, automated attack platforms accelerating exploitation cycles, long-lived connected devices exposing unexpected telemetry risks, and why identity systems remain the primary entry point for attackers.
Autonomous AI, Broken Guardrails, and Geopolitics 15.03.2026 19:53
In this Initial Access podcast episode, we cover autonomous vulnerability discovery, AI agents that ignore instructions, and why models are becoming strategic national assets.
SSO Phishing, Patching Failures, Exposed APIs 15.03.2026 21:59
In this Initial Access podcast episode, we cover SSO phishing, patching failures, exposed APIs, and zombie infrastructure remind us that basic security hygiene still decides the outcome.
Deepfakes, Spyware Skits & LLMs for Hire 15.03.2026 15:49
In this Initial Access podcast episode, we cover prompt injection, a hijacked Outlook add-in, commoditized mobile spyware, AI executive deepfake scams, IT-to-OT pivoting, and nation-state use of commercial LLMs to accelerate exploitation.
Software Policy Rollbacks, Insider Access Abuse, and AI Automation Risk 15.03.2026 15:29
In this Initial Access podcast episode, we cover the rollback of federal software security guidance, insider-driven access risks, ongoing state-sponsored espionage, and the security implications of giving AI tools deep control over infrastructure.
Prompt Injection, Session Hijacking & Why AI Isn't Writing the Attack Plans Yet 15.03.2026 19:59
In this Initial Access podcast episode, we cover AI prompt injection risks, continued social engineering via LinkedIn and QR codes, credential theft and session hijacking, patch reliability and appliance security, and how AI is being used to accelerate malware development, distinguishing meaningful risk from overhyped claims.
Podcasts similares
Replaio no es editor de podcasts; los nombres de los programas, las portadas y el audio pertenecen a sus autores y se distribuyen a través de canales RSS públicos