About this episode
? SOC Summit 2026https://www.antisyphontraining.com/event/soc-summit/Register for FREE Infosec Webcasts, Anti-casts & Summits – https://poweredbybhis.com00:00 - PreShow Banter™ — Unnatural European Fridges03:34 - The Entra ID Cross-Tenant Vulnerability Discovery – BHIS - Talkin’ Bout [infosec] News 2025-09-2204:14 - Story # 1: One Token to rule them all - obtaining Global Admin in every Entra ID tenant via Actor tokens21:32 - Story # 2: Shai-Hulud: Self-Replicating Worm Compromises 500+ NPM Packages40:50 - OSSPREY – NPM Package @Ctrl/Tinycolor Compromised: Shai Hulud Malware Targets Secrets and Persistence51:41 - Story # 3: Verified Steam game steals streamer’s cancer treatment donations57:16 - Story # 4: Heathrow warns of second day of disruption after cyber-attack
(00:00) - PreShow Banter™ — Unnatural European Fridges
(03:30) - The Entra ID Cross-Tenant Vulnerability Discovery – BHIS - Talkin' Bout [infosec] News 2025-09-22
(04:08) - Story # 1: One Token to rule them all - obtaining Global Admin in every Entra ID tenant via Actor tokens
(20:32) - Story # 2: Shai-Hulud: Self-Replicating Worm Compromises 500+ NPM Packages
(39:14) - OSSPREY – NPM Package @Ctrl/Tinycolor Compromised: Shai Hulud Malware Targets Secrets and Persistence
(49:51) - Story # 3: Verified Steam game steals streamer's cancer treatment donations
(55:14) - Story # 4: Heathrow warns of second day of disruption after cyber-attack
