The Hackle Box

Hosted by The InfoSec Mission

TechnologyInterviews guests

Website RSS feed

Episodes

Latest episode

May 2026

Language

About the show

The Hackle Box is a monthly cyber threat intel discussion where Oscar Minks and members of FRSecure's technical services team (Team Ambush) break down the latest trends in the information security industry involving hacking techniques, vulnerabilities, exploits, and more.

Listen to episodes

45 recent

May 8, 202657 min

The Hackle Box April 2026: EvilTokens, Vuln Management for IoT, FBI Surveillance Breach

We're BACK with another live Hackle Box episode to break down what's trending in cyber attacks and incident response. This month, the crew discussed:New Evil Tokens attack and its implications for cybersecurityThe importance of comprehensive vulnerability management programs for IoT devicesInsights into the FBI surveillance system breach and what it means for global cybersecurityThe rise of phishing-as-a-service and how attackers are evolvingA special shout-out to Matthew Owens for discovering a CVE in IDrive for WindowsTune in for insights on these topics, and the latest trends, tactics, lures, and fixes that our expert cybersecurity team is seeing in real-world exploits and incidents.The Catch of the MonthThe Phishing ReportLive Q&AGuest SpeakersAnd more!If you've got burning questions or feedback, we'd be happy to hear from you: https://www.surveymonkey.com/r/hackleboxTo stay updated on all things The Hackle Box, sign up to receive our newsletters: https://frsecure.com/cyber-threat-int...Please like, subscribe, and follow us on social!LinkedIn: https://www.linkedin.com/company/frsecure/Instagram: https://www.instagram.com/frsecureofficial/Facebook: https://www.facebook.com/frsecure/BlueSky: https://bsky.app/profile/frsecure.bsky.socialAbout FRSecure:https://frsecure.com/FRSecure is a mission-driven information security consultancy headquartered in Minneapolis, MN. Our team of experts is constantly developing solutions and training to assist clients in improving the measurable fundamentals of their information security programs. These fundamentals are lacking in our industry, and while progress is being made, we can’t do it alone. Whether you’re wondering where to start, or looking for a team of experts to collaborate with you, we are ready to serve.

March 12, 202657 min

The Hackle Box March 2026: .arpa, Cybersecurity Strategy for America, Seedworm & Iran, AI Red Team

We're BACK with another live Hackle Box episode to break down what's trending in cyber attacks and incident response.This month, we're discussing:Hackers abusing .arpa domain to evade phishing detectionPresident Trump's Cybersecurity Strategy for AmericaSeedworm and Iranian APTsArmadin Series A FundingTune in for insights on these topics, and the latest trends, tactics, lures, and fixes that our expert cybersecurity team is seeing in real-world exploits and incidents.The Catch of the MonthThe Phishing ReportLive Q&AGuest SpeakersAnd more!If you've got burning questions or feedback, we'd be happy to hear from you: https://www.surveymonkey.com/r/hackleboxTo stay updated on all things The Hackle Box, sign up to receive our newsletters: https://frsecure.com/cyber-threat-intel-series/Please like, subscribe, and follow us on social!LinkedIn: https://www.linkedin.com/company/frsecure/Instagram: https://www.instagram.com/frsecureofficial/Facebook: https://www.facebook.com/frsecure/BlueSky: https://bsky.app/profile/frsecure.bsky.socialAbout FRSecure:https://frsecure.com/FRSecure is a mission-driven information security consultancy headquartered in Minneapolis, MN. Our team of experts is constantly developing solutions and training to assist clients in improving the measurable fundamentals of their information security programs. These fundamentals are lacking in our industry, and while progress is being made, we can’t do it alone. Whether you’re wondering where to start, or looking for a team of experts to collaborate with you, we are ready to serve.

February 13, 202648 min

The Hackle Box Feb. 2026: Notepad++, Microsoft Phishing, Solarwinds, & Ring

2026 is off to quite the start! After a New Year's break, we're BACK with another Hackle Box episode to discuss what we've seen so far in the offensive services and incident response sides of the infosec industry! This month, Oscar, Eric, and special guest Matt Findlay discussed:Notepad++ VulnerabilitiesPhishing from legitimate Microsoft inboxesSolarwinds Remote Code ExecutionRing's New Surveillance FeatureTune in every month for insights on similar topics and the latest trends, tactics, lures, and fixes that our expert cybersecurity team is seeing in the real-world:The Catch of the MonthThe Phishing ReportLive Q&AGuest SpeakersAnd more!If you've got burning questions or feedback, we'd be happy to hear from you: https://www.surveymonkey.com/r/hackleboxTo stay updated on all things The Hackle Box, sign up to receive our newsletters: https://frsecure.com/cyber-threat-intel-series/Please like, subscribe, and follow FRSecure on social!

June 10, 202548 min

June 2025: Q&A Session, CISA Updates

In this quarterly live Q&A session, the gang dives into the recent CISA budget cuts and hands it over to the audience for discussion. Tune in to get your updates, hear what folks are talking about, and a little on boats! To stay updated on all things The Hackle Box, sign up to receive our newsletters: https://frsecure.com/cyber-threat-intel-series/ Please like, subscribe, and follow us on social! LinkedIn: https://www.linkedin.com/company/frsecure/ Instagram: https://www.instagram.com/frsecureofficial/ Facebook: https://www.facebook.com/frsecure/ BlueSky: https://bsky.app/profile/frsecure.bsky.social About FRSecure: https://frsecure.com/ FRSecure is a mission-driven information security consultancy headquartered in Minneapolis, MN. Our team of experts is constantly developing solutions and training to assist clients in improving the measurable fundamentals of their information security programs. These fundamentals are lacking in our industry, and while progress is being made, we can’t do it alone. Whether you’re wondering where to start, or looking for a team of experts to collaborate with you, we are ready to serve.

May 13, 20251 hr 0 min

Vibe Coding, Malicious AI Models, & More

Join us for our May Hackle Box session! The crew explores the emerging concept of "vibe coding", also known as vulnerability as a service, and unpacks its implications for cybersecurity. The team discusses how large language models (LLMs) may unknowingly import malicious code, raising critical concerns about training data integrity and AI trustworthiness. Links:"AI-Hallucinated Code Dependencies Become New Supply Chain Risk" "Vehicles Face 45% More Attacks, 4 Times More Hackers" https://www.darkreading.com/vulnerabilities-threats/vehicles-45-more-attacks-4-times-more-hackers "'Venom Spider' Targets Hiring Managers in Phishing Scheme" https://www.darkreading.com/cyber-risk/venom-spider-phishing-scheme "CISA Warns 2 SonicWall Vulnerabilities Under Active Exploitation" https://www.darkreading.com/threat-intelligence/two-sonicwall-vulnerabilities-under-exploitation "Commvault Confirms Hackers Exploited CVE-2025-3928 as Zero-Day in Azure Breach" https://thehackernews.com/2025/05/commvault-confirms-hackers-exploited.html Be sure to submit your questions for our quarterly Q&A Episodes! Ask Our Security Experts Anything!To stay updated on all things The Hackle Box, sign up to receive our newsletters: https://frsecure.com/cyber-threat-intel-series/ Please like, subscribe, and follow us on social! LinkedIn: frsecure Instagram: @frsecureofficialFacebook: frsecureBlueSky: @frsecureAbout FRSecure: https://frsecure.com/FRSecure is a mission-driven information security consultancy headquartered in Minneapolis, MN. Our team of experts is constantly developing solutions and training to assist clients in improving the measurable fundamentals of their information security programs. These fundamentals are lacking in our industry, and while progress is being made, we can’t do it alone. Whether you’re wondering where to start, or looking for a team of experts to collaborate with you, we are ready to serve.

April 14, 202557 min

AI-Driven Attack Platforms, Record-Breaking Ransoms, Neptune RAT, & More!

In this month's edition of the Hackle Box, the guys are joined by Kevin Gunter, a penetration tester at FRSecure, to discuss "Xanthorox AI," a record-breaking $75M ransomware demand, a US Treasury breach going back to 2023, and Neptune RAT.Links:"Autonomous, GenAI-Driven Attacker Platform Enters the Chat"https://www.darkreading.com/threat-intelligence/autonomous-genai-attacker-platform-chat "Fortune 50 Co. Pays Record-Breaking $75M Ransomware Demand"https://www.darkreading.com/threat-intelligence/fortune-50-company-pays-record-breaking-75m-ransomware-demand"Hackers lurked in Treasury OCC’s systems since June 2023 breach"https://www.bleepingcomputer.com/news/security/hackers-lurked-in-treasury-occs-systems-since-june-2023-breach/"NEPTUNE RAT : An advanced Windows RAT with System Destruction Capabilities and Password Exfiltration from 270+ Applications"https://www.cyfirma.com/research/neptune-rat-an-advanced-windows-rat-with-system-destruction-capabilities-and-password-exfiltration-from-270-applications/To stay updated on all things The Hackle Box, sign up to receive our newsletters: https://frsecure.com/cyber-threat-intel-series/Please like, subscribe, and follow us on social!LinkedIn: https://www.linkedin.com/company/frsecure/Instagram: https://www.instagram.com/frsecureofficial/Facebook: https://www.facebook.com/frsecure/BlueSky: https://bsky.app/profile/frsecure.bsky.socialAbout FRSecure:https://frsecure.com/FRSecure is a mission-driven information security consultancy headquartered in Minneapolis, MN. Our team of experts is constantly developing solutions and training to assist clients in improving the measurable fundamentals of their information security programs. These fundamentals are lacking in our industry, and while progress is being made, we can’t do it alone. Whether you’re wondering where to start, or looking for a team of experts to collaborate with you, we are ready to serve.

March 18, 202554 min

March 2025: Q & A Open Call

Approaching the end of Q1, this special-edition episode answers questions from the audience including the U.S. Cyber Command's suspended operations against Russia and some essential beard maintenance. Security Analyst Tim Boyer sits in for Pinky to fill the blue team perspective. Now happening quarterly, listeners can ask all things security to our expert crew! The next Q & A Session will be held June 13th. Submit questions to our survey here: https://www.surveymonkey.com/r/thehacklebox To stay updated on all things The Hackle Box, sign up to receive our newsletters: https://frsecure.com/cyber-threat-intel-series/ Please like, subscribe, and follow us on social! LinkedIn: https://www.facebook.com/frsecure/ Instagram: https://www.instagram.com/frsecureofficial/ Facebook: https://www.facebook.com/frsecure/ BlueSky: https://bsky.app/profile/frsecure.bsky.social About FRSecure: https://frsecure.com/ FRSecure is a mission-driven information security consultancy headquartered in Minneapolis, MN. Our team of experts is constantly developing solutions and training to assist clients in improving the measurable fundamentals of their information security programs. These fundamentals are lacking in our industry, and while progress is being made, we can’t do it alone. Whether you’re wondering where to start, or looking for a team of experts to collaborate with you, we are ready to serve.

February 18, 202554 min

DeepSeek, Ransomware Decline, New Exploited Vulnerabilities, & More

Oscar, Pinky, and Eric dive into DeepSeek, the downward trend of Ransomware extortions, and new, actively exploited vulnerabilities.Links:"DeepSeek App Transmits Sensitive User and Device Data Without Encryption" https://thehackernews.com/2025/02/deepseek-app-transmits-sensitive-user.html "DeepSeek AI Database Exposed: Over 1 Million Log Lines, Secret Keys Leaked" https://thehackernews.com/2025/01/deepseek-ai-database-exposed-over-1.html "Ransomware Extortion Drops to $813.5M in 2024, Down from $1.25B in 2023" https://thehackernews.com/2025/02/ransomware-extortion-drops-to-8135m-in.html "CISA Adds Four Actively Exploited Vulnerabilities to KEV Catalog, Urges Fixes by Feb 25" https://thehackernews.com/2025/02/cisa-adds-four-actively-exploited.html "Palo Alto Networks Patches Authentication Bypass Exploit in PAN-OS Software" https://thehackernews.com/2025/02/palo-alto-networks-patches.html Please like, subscribe, and follow us on social! Facebook: https://www.facebook.com/frsecure/ Twitter: https://twitter.com/frsecure/ Instagram: https://www.instagram.com/frsecureofficial/ LinkedIn: https://www.linkedin.com/company/frsecure/ About FRSecure: https://frsecure.com/ FRSecure is a mission-driven information security consultancy headquartered in Minneapolis, MN. Our team of experts is constantly developing solutions and training to assist clients in improving the measurable fundamentals of their information security programs. These fundamentals are lacking in our industry, and while progress is being made, we can’t do it alone. Whether you’re wondering where to start, or looking for a team of experts to collaborate with you, we are ready to serve.

December 26, 202459 min

RCS, AuthQuake, & "The Night before Breachmas"

The guys are back for another episode of the Hackle Box—a monthly conversation between information security experts about new and noteworthy exploits. This special holiday episode, Pinky shares a reading of "The Night Before Breachmas", the gang talks encrypted texting, Microsoft's MFA flaw - aka "AuthQuake", and hackers bypassing AntiVirus protections with BYOVD. Links:"FBI Warns iPhone And Android Users—Stop Sending Texts" https://www.forbes.com/sites/zakdoffman/2024/12/06/fbi-warns-iphone-and-android-users-stop-sending-texts/ "Microsoft MFA AuthQuake Flaw Enabled Unlimited Brute-Force Attempts Without Alerts" https://thehackernews.com/2024/12/microsoft-mfa-authquake-flaw-enabled.html?m=1 "Researchers Uncover Malware Using BYOVD to Bypass Antivirus Protections" https://thehackernews.com/2024/11/researchers-uncover-malware-using-byovd.html?m=1 Please like, subscribe, and follow us on social! Facebook: https://www.facebook.com/frsecure/ Twitter: https://twitter.com/frsecure/ Instagram: https://www.instagram.com/frsecureofficial/ LinkedIn: https://www.linkedin.com/company/frsecure/ About FRSecure: https://frsecure.com/ FRSecure is a mission-driven information security consultancy headquartered in Minneapolis, MN. Our team of experts is constantly developing solutions and training to assist clients in improving the measurable fundamentals of their information security programs. These fundamentals are lacking in our industry, and while progress is being made, we can’t do it alone. Whether you’re wondering where to start, or looking for a team of experts to collaborate with you, we are ready to serve.

November 13, 2024Episode 3657 min

SolarWinds Attack Disclosures, OWASP's AI Security Guidance, & More

The guys are back for another episode of the Hackle Box—a monthly conversation between information security experts about new and noteworthy exploits. This month, Oscar and the crew focus on SolarWinds cyber attack and the resulting charges from the SEC, guidance from OWASP on AI Security, and CISCO's security patch.Links: "Google Cloud to Enforce Multi-Factor Authentication by 2025 for All Users" https://thehackernews.com/2024/11/goo..."SEC Charges 4 Companies Over Misleading SolarWinds Cyber Attack Disclosures" https://thehackernews.com/2024/10/sec..."OWASP Releases AI Security Guidance" https://www.darkreading.com/applicati..."Cisco Releases Patch for Critical URWB Vulnerability in Industrial Wireless Systems" https://thehackernews.com/2024/11/cis...Please like, subscribe, and follow us on social! Facebook: FRSecure LLCTwitter: @FRSecureInstagram: @FRSecureofficialLinkedIn: FRSecureAbout FRSecure: https://frsecure.com/ FRSecure is a mission-driven information security consultancy headquartered in Minneapolis, MN. Our team of experts is constantly developing solutions and training to assist clients in improving the measurable fundamentals of their information security programs. These fundamentals are lacking in our industry, and while progress is being made, we can’t do it alone. Whether you’re wondering where to start, or looking for a team of experts to collaborate with you, we are ready to serve.