Contacts
Info
The Hackle Box is a monthly cyber threat intel discussion where Oscar Minks and members of FRSecure's technical services team (Team Ambush) break down the latest trends in the information...
show more
The Hackle Box is a monthly cyber threat intel discussion where Oscar Minks and members of FRSecure's technical services team (Team Ambush) break down the latest trends in the information security industry involving hacking techniques, vulnerabilities, exploits, and more.
show less
Episodes & Posts
Episodes
Posts
14 APR 2025 · In this month's edition of the Hackle Box, the guys are joined by Kevin Gunter, a penetration tester at FRSecure, to discuss "Xanthorox AI," a record-breaking $75M ransomware demand, a US Treasury breach going back to 2023, and Neptune RAT.
Links:
- "Autonomous, GenAI-Driven Attacker Platform Enters the Chat"
- https://www.darkreading.com/threat-intelligence/autonomous-genai-attacker-platform-chatÂ
- "Fortune 50 Co. Pays Record-Breaking $75M Ransomware Demand"
- https://www.darkreading.com/threat-intelligence/fortune-50-company-pays-record-breaking-75m-ransomware-demand
- "Hackers lurked in Treasury OCC’s systems since June 2023 breach"
- https://www.bleepingcomputer.com/news/security/hackers-lurked-in-treasury-occs-systems-since-june-2023-breach/
- "NEPTUNE RAT : An advanced Windows RAT with System Destruction Capabilities and Password Exfiltration from 270+ Applications"
- https://www.cyfirma.com/research/neptune-rat-an-advanced-windows-rat-with-system-destruction-capabilities-and-password-exfiltration-from-270-applications/
To stay updated on all things The Hackle Box, sign up to receive our newsletters: https://frsecure.com/cyber-threat-intel-series/
Please like, subscribe, and follow us on social!
LinkedIn: https://www.linkedin.com/company/frsecure/
Instagram: https://www.instagram.com/frsecureofficial/
Facebook: https://www.facebook.com/frsecure/
BlueSky: https://bsky.app/profile/frsecure.bsky.social
About FRSecure:
https://frsecure.com/
FRSecure is a mission-driven information security consultancy headquartered in Minneapolis, MN. Our team of experts is constantly developing solutions and training to assist clients in improving the measurable fundamentals of their information security programs. These fundamentals are lacking in our industry, and while progress is being made, we can’t do it alone. Whether you’re wondering where to start, or looking for a team of experts to collaborate with you, we are ready to serve.
18 MAR 2025 · Approaching the end of Q1, this special-edition episode answers questions from the audience including the U.S. Cyber Command's suspended operations against Russia and some essential beard maintenance. Security Analyst Tim Boyer sits in for Pinky to fill the blue team perspective.
Now happening quarterly, listeners can ask all things security to our expert crew! The next Q & A Session will be held June 13th. Submit questions to our survey here: https://www.surveymonkey.com/r/thehacklebox
To stay updated on all things The Hackle Box, sign up to receive our newsletters: https://frsecure.com/cyber-threat-intel-series/
Please like, subscribe, and follow us on social!Â
LinkedIn: https://www.facebook.com/frsecure/
Instagram:https://www.instagram.com/frsecureofficial/
Facebook: https://www.facebook.com/frsecure/
BlueSky: https://bsky.app/profile/frsecure.bsky.social
About FRSecure:
https://frsecure.com/Â
FRSecure is a mission-driven information security consultancy headquartered in Minneapolis, MN. Our team of experts is constantly developing solutions and training to assist clients in improving the measurable fundamentals of their information security programs. These fundamentals are lacking in our industry, and while progress is being made, we can’t do it alone. Whether you’re wondering where to start, or looking for a team of experts to collaborate with you, we are ready to serve.
18 FEB 2025 · Oscar, Pinky, and Eric dive into DeepSeek, the downward trend of Ransomware extortions, and new, actively exploited vulnerabilities.
Links:
"DeepSeek App Transmits Sensitive User and Device Data Without Encryption" https://thehackernews.com/2025/02/deepseek-app-transmits-sensitive-user.html
"DeepSeek AI Database Exposed: Over 1 Million Log Lines, Secret Keys Leaked" https://thehackernews.com/2025/01/deepseek-ai-database-exposed-over-1.html
"Ransomware Extortion Drops to $813.5M in 2024, Down from $1.25B in 2023" https://thehackernews.com/2025/02/ransomware-extortion-drops-to-8135m-in.html
"CISA Adds Four Actively Exploited Vulnerabilities to KEV Catalog, Urges Fixes by Feb 25" https://thehackernews.com/2025/02/cisa-adds-four-actively-exploited.html
"Palo Alto Networks Patches Authentication Bypass Exploit in PAN-OS Software" https://thehackernews.com/2025/02/palo-alto-networks-patches.html
Please like, subscribe, and follow us on social!Â
- Facebook: https://www.facebook.com/frsecure/
- Twitter: https://twitter.com/frsecure/
- Instagram: https://www.instagram.com/frsecureofficial/
- LinkedIn: https://www.linkedin.com/company/frsecure/
About FRSecure:
https://frsecure.com/Â
FRSecure is a mission-driven information security consultancy headquartered in Minneapolis, MN. Our team of experts is constantly developing solutions and training to assist clients in improving the measurable fundamentals of their information security programs. These fundamentals are lacking in our industry, and while progress is being made, we can’t do it alone. Whether you’re wondering where to start, or looking for a team of experts to collaborate with you, we are ready to serve.
26 DEC 2024 · The guys are back for another episode of the Hackle Box—a monthly conversation between information security experts about new and noteworthy exploits. This special holiday episode, Pinky shares a reading of "The Night Before Breachmas", the gang talks encrypted texting, Microsoft's MFA flaw - aka "AuthQuake", and hackers bypassing AntiVirus protections with BYOVD.
Links:
"FBI Warns iPhone And Android Users—Stop Sending Texts" https://www.forbes.com/sites/zakdoffman/2024/12/06/fbi-warns-iphone-and-android-users-stop-sending-texts/Â
"Microsoft MFA AuthQuake Flaw Enabled Unlimited Brute-Force Attempts Without Alerts" https://thehackernews.com/2024/12/microsoft-mfa-authquake-flaw-enabled.html?m=1
"Researchers Uncover Malware Using BYOVD to Bypass Antivirus Protections" https://thehackernews.com/2024/11/researchers-uncover-malware-using-byovd.html?m=1
Please like, subscribe, and follow us on social!Â
Facebook: https://www.facebook.com/frsecure/Â
Twitter: https://twitter.com/frsecure/Â
Instagram: https://www.instagram.com/frsecureofficial/ Â
LinkedIn: https://www.linkedin.com/company/frsecure/Â
About FRSecure:
https://frsecure.com/Â
FRSecure is a mission-driven information security consultancy headquartered in Minneapolis, MN. Our team of experts is constantly developing solutions and training to assist clients in improving the measurable fundamentals of their information security programs.Â
These fundamentals are lacking in our industry, and while progress is being made, we can’t do it alone. Whether you’re wondering where to start, or looking for a team of experts to collaborate with you, we are ready to serve.
13 NOV 2024 · The guys are back for another episode of the Hackle Box—a monthly conversation between information security experts about new and noteworthy exploits.Â
This month, Oscar and the crew focus on SolarWinds cyber attack and the resulting charges from the SEC, guidance from OWASP on AI Security, and CISCO's security patch.
Links: "Google Cloud to Enforce Multi-Factor Authentication by 2025 for All Users" https://www.youtube.com/redirect?event=video_description&redir_token=QUFFLUhqbGdlRjFMYldRVnFJV1pmUUl2ZU1LVnBZaFNHUXxBQ3Jtc0ttMWJRdk5WUERGYk52Ui1qMTJPUjVwYnJreGh4YlZtRVg2WmN4emlUZHNjOXc5YkVIOE1ZNHB1czl0U1d0aHlmQklqZG1PTkRXdVUtT3FuSG1pVTcwU3pNdWdTdW90bE1kQzNTM1hrMU4xd3R1M0YyZw&q=https%3A%2F%2Fthehackernews.com%2F2024%2F11%2Fgoogle-cloud-to-enforce-multi-factor.html&v=CMpMdSqN2qg
"SEC Charges 4 Companies Over Misleading SolarWinds Cyber Attack Disclosures" https://www.youtube.com/redirect?event=video_description&redir_token=QUFFLUhqa0NNSXZVb0c5TnpIXzZ6SWN1c3VZVmY2LUItZ3xBQ3Jtc0ttY2NuaHRlNTdRNFM5QVdJZWE1cUtzR3h5V2lLMWlLTlNKa1hVLVZFa1ZwaUNLTTk4T3lKRVJQRXVVeGcyMWwxTkJmMDYwRUp1TWUzd1JSX2wxRXZJYkx4Y3ZLMjFCd0YzMDM1ZWtUeWZrVjA4bmk1bw&q=https%3A%2F%2Fthehackernews.com%2F2024%2F10%2Fsec-charges-4-companies-over-misleading.html%3Fm%3D1&v=CMpMdSqN2qg
"OWASP Releases AI Security Guidance" https://www.youtube.com/redirect?event=video_description&redir_token=QUFFLUhqa3ZoV1oxN2x3RWs2a1Z2eFBYaTNjTkFkblhRZ3xBQ3Jtc0tteVBBQ3dEX1RZTFlHdlNwcVlibTBVaHlmcS1LSV96SzN2LUIyUTRFaDlIT3F0TmxmanlmdXVQa096OHB5Q01URERwSjRSNHBHS0FYZmZtR2hJVVJFMld0YXJkcXRJVEZRMkFrVnh0SXlRZWpQalEwZw&q=https%3A%2F%2Fwww.darkreading.com%2Fapplication-security%2Fowasp-releases-ai-security-guidance&v=CMpMdSqN2qg
"Cisco Releases Patch for Critical URWB Vulnerability in Industrial Wireless Systems" https://www.youtube.com/redirect?event=video_description&redir_token=QUFFLUhqa1hWQl9SdGdoejJGU2pWUVk2VXN5QXR0QnE0UXxBQ3Jtc0tsOGtNN2FwREhEaEpmdUdIZVB5MnNrcktuMGNJbnhJcTZ2SXlZdG5WYzdMS3VvUWJIcGd1blVadExIcGtyR21fcWEyWkFHMHJ5eEVFVzJfLTRvZEhZSVVuM1g4WW54UWVLT0hYZ3NCTmgwTUdVTnpURQ&q=https%3A%2F%2Fthehackernews.com%2F2024%2F11%2Fcisco-releases-patch-for-critical-urwb.html&v=CMpMdSqN2qg
Please like, subscribe, and follow us on social!Â
Facebook: https://www.facebook.com/frsecure/events/?_rdr
Twitter: https://x.com/FRSecure?ref_src=twsrc%5Egoogle%7Ctwcamp%5Eserp%7Ctwgr%5Eauthor
Instagram: https://www.instagram.com/frsecureofficial/
LinkedIn: https://www.linkedin.com/company/frsecure
About FRSecure: https://www.youtube.com/redirect?event=video_description&redir_token=QUFFLUhqbHBxdzdTTXhLWHRMUHJRSVBvc2xrUHBHRFFvd3xBQ3Jtc0ttZUFmbFdKVk9MZnBqQlI5eHVQZ2ZYVXVtWC1aSENkX09GajJuYUcweEtoOGVRVkJTZ0VKQjRtOTRJMi02MmxUMG5NU1BqQTJ5SG0tYi1GWDBuaHFyU1VGY0h6Nk1penhuUjYxRnlXTXpBRWRiZERYQQ&q=https%3A%2F%2Ffrsecure.com%2F%C2%A0&v=CMpMdSqN2qg
FRSecure is a mission-driven information security consultancy headquartered in Minneapolis, MN. Our team of experts is constantly developing solutions and training to assist clients in improving the measurable fundamentals of their information security programs. These fundamentals are lacking in our industry, and while progress is being made, we can’t do it alone. Whether you’re wondering where to start, or looking for a team of experts to collaborate with you, we are ready to serve.
28 OCT 2024 · The guys are back for another episode of the Hackle Box—a monthly conversation between information security experts about new and noteworthy exploits.Â
This month, the hosts talk about personal preparation for emergency events like natural disasters, the DDOS attacks of Internet Archive, newest CISA warnings, and Zero Day Alert for Ivanti exploitation. They also open up to the live audience for questions!
Links: "Internet Archive Hacked, Data Breach Impacts 31 Million Users" https://www.bleepingcomputer.com/news/security/internet-archive-hacked-data-breach-impacts-31-million-users/
"CISA Warns of Critical Fortinet Flaw as Palo Alto and Cisco Issue Urgent Security Patches" https://thehackernews.com/2024/10/cisa-warns-of-critical-fortinet-flaw-as.html
"Zero-Day Alert: Three Critical Ivanti CSA Vulnerabilities Actively Exploited" https://thehackernews.com/2024/10/zero-day-alert-three-critical-ivanti.html
"N. Korean Hackers Use Fake Interviews to Infect Developers with Cross-Platform Malware" https://thehackernews.com/2024/10/n-korean-hackers-use-fake-interviews-to.html
Please like, subscribe, and follow us on social!Â
Facebook: https://www.facebook.com/frsecure/Â
Twitter: https://twitter.com/frsecure/Â
Instagram: https://www.instagram.com/frsecureofficial/ Â
LinkedIn: https://www.linkedin.com/company/frsecure/Â
About FRSecure:Â https://frsecure.com/Â
FRSecure is a mission-driven information security consultancy headquartered in Minneapolis, MN. Our team of experts is constantly developing solutions and training to assist clients in improving the measurable fundamentals of their information security programs. These fundamentals are lacking in our industry, and while progress is being made, we can’t do it alone. Whether you’re wondering where to start, or looking for a team of experts to collaborate with you, we are ready to serve.
16 SEP 2024 · The guys are back for another episode of the Hackle Box—a monthly conversation between information security experts about new and noteworthy exploits.
With Oscar out traveling, Pinky and Eric lead the discussion this month. Together, they discuss: A worm-driven USB attack strategy, Microsoft's disclosure of four zero-days in their September update, and the Scattered Spider ransomware group's sophisticated smishing and vishing campaigns on cloud services. They also open up to the live audience for questions!
Links:Â
Mustang Panda Feeds Worm-Driven USB Attack Strategy
https://www.darkreading.com/cyberattacks-data-breaches/mustang-panda-worm-driven-usb-attack
Microsoft Discloses 4 Zero-Days in September Update
https://www.darkreading.com/application-security/microsoft-discloses-4-zero-days-in-september-update
Socially Savvy Scattered Spider Traps Cloud Admins in Web
https://www.darkreading.com/cloud-security/socially-savvy-scattered-spider-traps-cloud-admins-in-web
Please like, subscribe, and follow us on social!
About FRSecure
https://www.youtube.com/redirect?event=video_description&redir_token=QUFFLUhqa1hmeGY2UnRZb1hmdUl5YTdjMmRybm1YbzhOQXxBQ3Jtc0trR3JlbEZvR1B0R2IyRmFBYzJvVUl0Sk1jMUxWLTZ3ellOREIyTHJDaGJ2UkhaZzZ1c3hEdzlvUFRkRnlEemd6Qld1dWhEVV9BSUFrMTJkM2hGR0FoLVkzellJa0F6M3hvZ0UxeXNDbHhjc3VCOEJFQQ&q=https%3A%2F%2Ffrsecure.com%2F%C2%A0&v=dbmw0R2dQZQ
FRSecure is a mission-driven information security consultancy headquartered in Minneapolis, MN. Our team of experts is constantly developing solutions and training to assist clients in improving the measurable fundamentals of their information security programs. These fundamentals are lacking in our industry, and while progress is being made, we can’t do it alone. Whether you’re wondering where to start, or looking for a team of experts to collaborate with you, we are ready to serve.
16 JUL 2024 · The guys are back for another episode of the Hackle Box—a monthly conversation between information security experts about new and noteworthy exploits.Â
This time, they discuss Midnight Blizzard, a zero-click Outlook vulnerability, and CISA's takedown of Ivanti Systems.
Links:Â
Network Segmentation Saved TeamViewer From APT29 Attack https://www.darkreading.com/cyberattacks-data-breaches/teamviewer-network-segmentation-apt29-attack
Zero-Click Outlook RCE Vulnerability - Project Hyphae
https://projecthyphae.com/threat/zero-click-outlook-rce-vulnerability/Â
CISA Takedown of Ivanti Systems Is a Wake-up Call
https://www.darkreading.com/vulnerabilities-threats/cisa-takedown-ivanti-systems-is-wake-up-call
Please like, subscribe, and follow us on social!Â
Facebook: https://www.facebook.com/frsecure/Â
Twitter: https://twitter.com/frsecure/Â
Instagram: https://www.instagram.com/frsecureofficial/ Â
LinkedIn: https://www.linkedin.com/company/frsecure/Â
About FRSecure
https://frsecure.com/Â
FRSecure is a mission-driven information security consultancy headquartered in Minneapolis, MN. Our team of experts is constantly developing solutions and training to assist clients in improving the measurable fundamentals of their information security programs. These fundamentals are lacking in our industry, and while progress is being made, we can’t do it alone. Whether you’re wondering where to start, or looking for a team of experts to collaborate with you, we are ready to serve.
13 MAY 2024 · The guys are back for another episode of the Hackle Box—a monthly conversation between information security experts about new and noteworthy exploits.Â
This time, they discuss critical Citrix flaws, fake journalists stealing data, Microsoft holding execs accountable for security, police trolling a ransomware gang, and more.
Links:Â
Citrix Addresses High-Severity Flaw in NetScaler ADC and Gateway
https://thehackernews.com/2023/10/critical-citrix-netscaler-flaw.html
Apt42 Pose As Journalists, Harvest Credentials, Access Cloud Data
https://attackfeed.com/apt42-hackers-pose-as-journalists-to-harvest-credentials-and-access-cloud-data-infothehackernews-com-the-hacker-news/
Microsoft Will Hold Execs Accountable for Cybersecurity
https://www.darkreading.com/cloud-security/feds-microsoft-clean-up-cloud-security-act
Burnout Is Pushing Workers to Use AI—Even If Their Boss Doesn’t Know
https://www.wired.com/story/ai-workers-burnout-microsoft-linkedin/
Police Resurrect LockBit's Site and Troll the Ransomware Gang | TechCrunch
https://techcrunch.com/2024/05/06/police-resurrect-lockbits-site-and-troll-the-ransomware-gang/
US Indicts LockBit Ransomware Ringleader, Offers $10 Million Reward
https://www.theverge.com/2024/5/7/24151493/us-lockbit-ransomware-ringleader-indictment-reward
Please like, subscribe, and follow us on social!Â
Facebook: https://www.facebook.com/frsecure/Â
Twitter: https://twitter.com/frsecure/Â
Instagram: https://www.instagram.com/frsecureofficial/ Â
LinkedIn: https://www.linkedin.com/company/frsecure/Â
About FRSecure https://frsecure.com/Â
FRSecure is a mission-driven information security consultancy headquartered in Minneapolis, MN. Our team of experts is constantly developing solutions and training to assist clients in improving the measurable fundamentals of their information security programs.Â
These fundamentals are lacking in our industry, and while progress is being made, we can’t do it alone. Whether you’re wondering where to start, or looking for a team of experts to collaborate with you, we are ready to serve.
16 APR 2024 · The guys are back for another episode of the Hackle Box—a monthly conversation between information security experts about new and noteworthy exploits.
This time, they discuss AI-written malware, XZ Utils, and attackers targeting hospital IT help desks.
Links:
XZ Utils scareÂ
https://www.darkreading.com/application-security/xz-utils-scare-exposes-hard-truths-in-software-security
Change Healthcare hit with cyber extortion (again)
https://www.infosecurity-magazine.com/news/change-healthcare-double-cyber/
Health Department warns attackers targeting IT help desks https://www.bleepingcomputer.com/news/security/us-health-dept-warns-hospitals-of-hackers-targeting-it-help-desks/
Malicious PowerShell script appears to be AI-writtenÂ
https://www.bleepingcomputer.com/news/security/malicious-powershell-script-pushing-malware-looks-ai-written/
Please follow us on social!
Facebook: https://www.facebook.com/frsecure/
Twitter: https://twitter.com/frsecure/
Instagram: https://www.instagram.com/frsecureofficial/
LinkedIn: https://www.linkedin.com/company/frsecure/Â
About FRSecure https://frsecure.com/
FRSecure is a mission-driven information security consultancy headquartered in Minneapolis, MN. Our team of experts is constantly developing solutions and training to assist clients in improving the measurable fundamentals of their information security programs.
These fundamentals are lacking in our industry, and while progress is being made, we can’t do it alone. Whether you’re wondering where to start, or looking for a team of experts to collaborate with you, we are ready to serve.
The Hackle Box is a monthly cyber threat intel discussion where Oscar Minks and members of FRSecure's technical services team (Team Ambush) break down the latest trends in the information...
show more
The Hackle Box is a monthly cyber threat intel discussion where Oscar Minks and members of FRSecure's technical services team (Team Ambush) break down the latest trends in the information security industry involving hacking techniques, vulnerabilities, exploits, and more.
show less
Information
| Author | The InfoSec Mission |
| Organization | InfoSec Missionaries |
| Categories | Technology |
| Website | frsecure.com |
| hacklebox@frsecure.com |
Copyright 2025 - Spreaker Inc. an iHeartMedia Company
