The InfoSec Mission

The Hackle Box

The Hackle Box is a monthly cyber threat intel discussion where Oscar Minks and members of FRSecure's technical services team (Team Ambush) break down the latest trends in the information security industry involving hacking techniques, vulnerabilities, exploits, and more.

Author

The InfoSec Mission

Category

Technology

Podcast website

frsecure.com

Latest episode

May 8, 2026

Where to listen?

Podcasts in the app Replaio Radio Coming soon

Podcasts are coming to the app soon. Install now and be the first to see a whole new take on podcasts

Get it on Google Play Install for free Android 5M+ downloads · 4.8 rating iOS soon

Episodes

The Hackle Box April 2026: EvilTokens, Vuln Management for IoT, FBI Surveillance Breach 08.05.2026

We're BACK with another live Hackle Box episode to break down what's trending in cyber attacks and incident response. This month, the crew discussed: New Evil Tokens attack and its implications for cybersecurity The importance of comprehensive vulnerability management programs for IoT devices Insights into the FBI surveillance system breach and what it means for global cybersecurity The rise of ph...

The Hackle Box March 2026: .arpa, Cybersecurity Strategy for America, Seedworm & Iran, AI Red Team 12.03.2026

We're BACK with another live Hackle Box episode to break down what's trending in cyber attacks and incident response. This month, we're discussing: Hackers abusing .arpa domain to evade phishing detection President Trump's Cybersecurity Strategy for America Seedworm and Iranian APTs Armadin Series A Funding Tune in for insights on these topics, and the latest trends, tactics, lures, and fixes that...

The Hackle Box Feb. 2026: Notepad++, Microsoft Phishing, Solarwinds, & Ring 13.02.2026

2026 is off to quite the start! After a New Year's break, we're BACK with another Hackle Box episode to discuss what we've seen so far in the offensive services and incident response sides of the infosec industry!  This month, Oscar, Eric, and special guest Matt Findlay discussed: Notepad++ Vulnerabilities Phishing from legitimate Microsoft inboxes Solarwinds Remote Code Execution Ring's New Surve...

June 2025: Q&A Session, CISA Updates 10.06.2025

In this quarterly live Q&A session, the gang dives into the recent CISA budget cuts and hands it over to the audience for discussion. Tune in to get your updates, hear what folks are talking about, and a little on boats! To stay updated on all things The Hackle Box, sign up to receive our newsletters: https://frsecure.com/cyber-threat-intel-series/ Please like, subscribe, and follow us on soci...

Vibe Coding, Malicious AI Models, & More 13.05.2025

Join us for our May Hackle Box session! The crew explores the emerging concept of "vibe coding", also known as vulnerability as a service, and unpacks its implications for cybersecurity. The team discusses how large language models (LLMs) may unknowingly import malicious code, raising critical concerns about training data integrity and AI trustworthiness. Links: "AI-Hallucinated Code Dependencies...

AI-Driven Attack Platforms, Record-Breaking Ransoms, Neptune RAT, & More! 14.04.2025

In this month's edition of the Hackle Box, the guys are joined by Kevin Gunter, a penetration tester at FRSecure, to discuss "Xanthorox AI," a record-breaking $75M ransomware demand, a US Treasury breach going back to 2023, and Neptune RAT. Links: "Autonomous, GenAI-Driven Attacker Platform Enters the Chat" https://www.darkreading.com/threat-intelligence/autonomous-genai-attacker-platform-chat  "F...

March 2025: Q & A Open Call 18.03.2025

Approaching the end of Q1, this special-edition episode answers questions from the audience including the U.S. Cyber Command's suspended operations against Russia and some essential beard maintenance. Security Analyst Tim Boyer sits in for Pinky to fill the blue team perspective. Now happening quarterly, listeners can ask all things security to our expert crew! The next Q & A Session will be h...

DeepSeek, Ransomware Decline, New Exploited Vulnerabilities, & More 18.02.2025

Oscar, Pinky, and Eric dive into DeepSeek, the downward trend of Ransomware extortions, and new, actively exploited vulnerabilities. Links: "DeepSeek App Transmits Sensitive User and Device Data Without Encryption" https://thehackernews.com/2025/02/deepseek-app-transmits-sensitive-user.html "DeepSeek AI Database Exposed: Over 1 Million Log Lines, Secret Keys Leaked" https://thehackernews.com/2025/...

RCS, AuthQuake, & "The Night before Breachmas" 26.12.2024

The guys are back for another episode of the Hackle Box—a monthly conversation between information security experts about new and noteworthy exploits.  This special holiday episode, Pinky shares a reading of "The Night Before Breachmas", the gang talks encrypted texting, Microsoft's MFA flaw - aka "AuthQuake", and hackers bypassing AntiVirus protections with BYOVD. Links: "FBI Warns iPhone And And...

SolarWinds Attack Disclosures, OWASP's AI Security Guidance, & More 13.11.2024

The guys are back for another episode of the Hackle Box—a monthly conversation between information security experts about new and noteworthy exploits.  This month, Oscar and the crew focus on SolarWinds cyber attack and the resulting charges from the SEC, guidance from OWASP on AI Security, and CISCO's security patch. Links: "Google Cloud to Enforce Multi-Factor Authentication by 2025 for All User...

Internet Archive Hacked, New CISA Warnings, Zero Day Alert 28.10.2024

The guys are back for another episode of the Hackle Box—a monthly conversation between information security experts about new and noteworthy exploits.  This month, the hosts talk about personal preparation for emergency events like natural disasters, the DDOS attacks of Internet Archive, newest CISA warnings, and Zero Day Alert for Ivanti exploitation. They also open up to the live audience for qu...

Worm-Driven USB Attacks, Microsoft Zero-Days, Scattered Spider Vishing & Smishing 16.09.2024

The guys are back for another episode of the Hackle Box—a monthly conversation between information security experts about new and noteworthy exploits. With Oscar out traveling, Pinky and Eric lead the discussion this month. Together, they discuss: A worm-driven USB attack strategy, Microsoft's disclosure of four zero-days in their September update, and the Scattered Spider ransomware group's sophi...

TeamViewer APT29 Attack, Zero-Click Outlook RCE Vulnerability, CISA Takedown of Ivanti Systems 16.07.2024

The guys are back for another episode of the Hackle Box—a monthly conversation between information security experts about new and noteworthy exploits.  This time, they discuss Midnight Blizzard, a zero-click Outlook vulnerability, and CISA's takedown of Ivanti Systems. Links:  Network Segmentation Saved TeamViewer From APT29 Attack https://www.darkreading.com/cyberattacks-data-breaches/teamviewer-...

Police Troll LockBit, Microsoft Holds Execs Accountable for Security 13.05.2024

The guys are back for another episode of the Hackle Box—a monthly conversation between information security experts about new and noteworthy exploits.  This time, they discuss critical Citrix flaws, fake journalists stealing data, Microsoft holding execs accountable for security, police trolling a ransomware gang, and more. Links:  Citrix Addresses High-Severity Flaw in NetScaler ADC and Gateway h...

AI-Written Malware, XZ Utils, Attackers Target Hospital Help Desks 16.04.2024

The guys are back for another episode of the Hackle Box—a monthly conversation between information security experts about new and noteworthy exploits. This time, they discuss AI-written malware, XZ Utils, and attackers targeting hospital IT help desks. Links: XZ Utils scare  https://www.darkreading.com/application-security/xz-utils-scare-exposes-hard-truths-in-software-security Change Healthcare h...

Gemini AI Vulnerability, ChatGPT Plugins, Typosquatting, Vishing 19.03.2024

The guys are back for another episode of the Hackle Box—a monthly conversation between information security experts about new and noteworthy exploits. This time, they discuss security risks in ChatGPT plugins, a major flaw in Google's Gemini AI, typosquatting, and a worldwide vishing epidemic. Links: ChatGPT Plugin Security https://www.infosecurity-magazine.com/news/security-risks-chatgpt-plugins/...

AnyDesk, Resumes Stolen From Compromised Job Boards, Industry News 12.02.2024

The guys are back for another episode of the Hackle Box—a monthly conversation between information security experts about new and noteworthy exploits. This time, they discuss compromised job boards where millions of resumes were stolen, AnyDesk's actions post-hack, an exploited SSRF flaw in Ivanti, and more. Links: Millions of resumes stolen via exploited job boards https://thehackernews.com/2024/...

Cybersecurity Funding Reduced 40% in 2023, Vulnerability/Patch News 19.01.2024

The guys are back for another episode of the Hackle Box—a monthly conversation between information security experts about new and noteworthy exploits. This time, they discuss the reduced cybersecurity funding observed in 2023 as well as new vulnerabilities, patches, and more. Links: Cybersecurity Funding Reduced https://www.securityweek.com/cybersecurity-funding-dropped-40-in-2023-analysis/ Critic...

Breachmas & Common Social Engineering Attacks 12.12.2023

The guys are back for another episode of the Hackle Box—a monthly conversation between information security experts about new and noteworthy exploits. This time, they discuss common social engineering attacks carried out around the holidays when key team members are out of the office or organizations are shut down for seasonal breaks. Links Social Engineering https://thehackernews.com/2023/12/hack...

Recent Vulnerabilities in Confluence and Apache ActiveMQ 15.11.2023

The guys are back for another episode of the Hackle Box—a monthly conversation between information security experts about new and noteworthy exploits. This time around, they discuss recent vulnerabilities in Confluence and Apache ActiveMQ. Follow us on social! Facebook: https://www.facebook.com/frsecure/ Twitter: https://twitter.com/frsecure/ Instagram: https://www.instagram.com/frsecureofficial/...

Incident Response Horror Stories 16.10.2023

The guys are back for a special, Friday the 13th episode of the Hackle Box—a monthly conversation between information security experts about new and noteworthy exploits. This time around, we're getting in the spooky spirit and telling scary stories from real-life IR cases. 🎃 Please like, subscribe, and follow us on social! Facebook: https://www.facebook.com/frsecure/ Twitter: https://twitter.com/...

Scattered Spider - The MGM Hackers, InfoSec News 18.09.2023

Oscar and Pinky are back for this month's session of the Hackle Box—a monthly conversation between the information security experts about new and noteworthy exploits. DISCUSSED THIS MONTH: Scattered Spider (MGM attack) https://hackdojo.io/articles/E59P05LKQ/-scattered-spider-behind-mgm-cyberattack-targets-casinos Caesers confirms ransomware https://hackdojo.io/articles/73WL5VP9N/caesars-confirms-r...

DEFCON 31, EvilProxy, QR Code Credential Theft, AI Stealing Passwords 22.08.2023

Eric and Pinky are back with another session of the Hackle Box—a monthly conversation between the information security experts about new and noteworthy exploits. Discussed this month DEFCON Recap EvilProxy campaign https://www.techrepublic.com/article/evilproxy-phishing-attack/ QR Codes used for credential theft https://www.darkreading.com/attacks-breaches/qr-code-phishing-campaign-targets-top-u-s...

Hacklebox/Unsecurity Crossover: MOVEit, Microsoft Patch Tuesday, and Fortinet Infinity 18.07.2023

This month, we're doing a crossover episode with the Unsecurity Podcast! For those who are not yet aware, Unsecurity is another FRSecure podcast focused on the business impact of current events and happenings within the security industry. It's hosted several times a month by Oscar and Brad Nigh, FRSecure's Principal Information Security Consultant. Discussed this month: MOVEit Attacks Microsoft Pa...

Dragos Incident, Do's and Don'ts of SIEM Implementation 15.05.2023

Oscar, Eric, and Pinky are back with another session of the Hackle Box—a monthly conversation between the information security experts about new and noteworthy exploits. Discussed this month Do's and don'ts of SIEM implementation The recent Dragos incident https://www.bleepingcomputer.com/news/security/cybersecurity-firm-dragos-discloses-cybersecurity-incident-extortion-attempt/ Please follow us o...

Listen to the The Hackle Box podcast in Replaio

Radio and podcasts in one app - free, with no sign-up. Install today and do not miss the launch

Get it on Google Play

Replaio is not a podcast publisher; show names, artwork and audio belong to their authors and are distributed through public RSS feeds.