![Artemis Astronaut's Bad Outlooks - 2026-04-06 - Talkin' Bout [Infosec] News cover](/_next/image?url=https%3A%2F%2Fimg.transistorcdn.com%2FLVqOgJKPYVPHsAA8hEK6BZU0us6rcBBFt5P_aarUd40%2Frs%3Afill%3A0%3A0%3A1%2Fw%3A1400%2Fh%3A1400%2Fq%3A60%2Fmb%3A500000%2FaHR0cHM6Ly9pbWct%2FdXBsb2FkLXByb2R1%2FY3Rpb24udHJhbnNp%2Fc3Rvci5mbS8xNzU2%2FMTQ5YzFhYmI0NjI3%2FM2RjODRlMmI0NzA4%2FYzI4ZC5qcGc.jpg&w=3840&q=75)
Talkin' Bout [Infosec] News – April 9, 2026
Episode Title: Artemis Astronaut's Bad Outlooks – 2026-04-06
Host: Corey Ham (Black Hills Information Security)
Panelists: Ralph, Jennifer, Wade, Doc, Bronwyn
Episode Overview
This lively roundtable of infosec professionals and friends kicks off with lighthearted banter about office chairs and hacker aesthetics, then transitions into deep dives on the latest significant information security news stories. The team discusses recent supply chain attacks (notably the NPM/Axios compromise), NASA's Artemis mission tech woes (including astronauts coping with Outlook malfunctions), fresh breaches in AI ecosystems, mobile hacking tools, major FBI and government agency incidents, the continuing fallout from leaked LLM source code and AI training data, and the lighter side of the news—chickens in reflective vests.
Key Discussions and Insights
1. NPM/Axios Supply Chain Attack
Timestamps: 09:23–18:58
- Attack Recap:
Axios—a critical JavaScript HTTP client—was compromised in a sophisticated supply chain attack. The attacker socially engineered a developer into joining a fake Slack and updating meeting software, resulting in credential theft and a malicious Axios release. - Detection and Damage:
The malicious code went undetected for ~3 hours before remediation, limiting broad compromise, but ~160 developer systems were affected. - Takeaways:
- The escalation from social engineering to supply chain, and the potential risk to the entire dependency ecosystem.
- Attribution: Likely North Korea, per consensus, though evidence is circumstantial.
- Quote:
“The social engineering part, like having a complete Slack already put together... before AI, I would think this was more impressive. But nowadays I'm like, all right, you just tell AI to spit you up a Slack server.” –Wade (13:39)
- Developers need better controls—e.g., releases require at least one approval.
- Broader risk: NPM is by far the most ubiquitous JS package system; attacks have outsized blast radius.
- Catastrophic Potential:
“What C2 handles 2.7 billion systems?” –Corey Ham (12:04) “My C2, dude.” –Ralph (12:08)
2. Artemis Astronauts and “Bad Outlooks”
Timestamps: 20:06–25:46
- Background:
NASA's Artemis astronauts were caught on a live stream expressing frustration that both variants of Microsoft Outlook ("Classic" and "New") were nonfunctional in space. - Community Reaction:
“I have two Microsoft Outlooks and neither one of those are working. Which is a statement we've all said at some point.” –Ralph (20:56)
- Tech Details:
- Artemis II uses a laser-based communication system (250 Mbps down, 20 Mbps up), and iPhones 17 (camera-only, networking disabled).
- Tech quirks such as multi-second pings, live streams, and the first onboard toilet spark humor and geek-out moments.
- Relatability:
“The only reason I would want to leave Earth is to leave Outlook behind. If I have to take Outlook with me, I’m not leaving Earth.” –Ralph (23:46)
- Memorable Light Moment:
“If anybody was going to run a toilet off of Windows, it would be the government.” –Jennifer (24:22)
3. AI Leaks and the State of Open Source in LLMs
Timestamps: 30:03–39:41
a. Claude Code Leak (Anthropic)
- Incident:
The Claude desktop app’s source code was leaked due to an accidental commit of a developer file that linked to downloadable source contents. - Hot Takes:
- “Why isn’t this open source already?”
- GitHub’s cleanup effort overreached, deleting unrelated repos.
- Design Oddities:
- "Vibe coding,” wild spaghetti code, and unusual features like “Auto Dream” (periodic cleanup of memory).
- Recursive code validation (outputting valid JSON by running in a loop against the schema).
- Quote:
“You're saying make your own caveman library?” –Ralph (37:30)
b. Mercor Breach: Training Data Exposed
- Overview:
Mercor—a company central to AI training data—suffered a breach exposing how major LLMs (Meta, OpenAI, Anthropic, Google) source and structure their training sets. - Implication:
Highly proprietary, competitive data is now potentially in the wild. - Thoughts:
“You are being open sourced. Stop resisting.” –Bronwyn (40:32) “They produce training data for these AI models. This exposes how the sausage is made.” –Corey (41:06)
4. Mobile Hacking Tools & Old Vulnerabilities
Timestamps: 42:11–44:47
- Schneier on Security/Google Threat Intel:
- Karuna, a mobile spyware targeting iOS 13–17, presumably of US government origin, exploits JavaScript engine flaws.
- Widely patched now, but underscores the risks of lagging on updates.
- “Upgrade or die.”
5. FBI Breach and Cyber Supply Chain Risks
Timestamps: 44:33–45:49
- Summary:
FBI labels a breach of its unclassified network a "major incident," likely exposing surveillance tools and sensitive PII to Chinese actors.
Relates to persistent attacks via supply chain and social engineering. - Best Practice (Joke):
“The key is to just not use email.” –Ralph (45:50)
6. VMware vSphere Brickstorm Malware
Timestamps: 47:07–51:15
- Threat Details:
“Brickstorm” malware targets VMware vSphere, exploiting the lack of EDR on such infrastructure with advanced persistence (ghost VMs, webshells, Go reverse proxies).- Mandiant released a hardening script for admins (with the usual “run at your own risk” caveats).
- Bigger Trend:
Attackers pivoting to “least monitored” platforms, e.g., ESXi/vSphere, as soft targets.- Quote:
“You're just going for the least protected asset, even if that requires more effort in the beginning. Because once you develop that tool, then it feels like shooting fish in a barrel.” –Corey Ham (51:45)
- Quote:
7. U.S. Border Patrol Data Leaks via Quizlet
Timestamps: 52:16–54:18
- Revelation:
Facility door codes and passwords appeared on Quizlet (a flashcard site), reportedly used by Border Patrol staff for convenience.- “They put the codes for the doors on Quizlet?” –Corey (53:36)
- Risks: Potentially streamlines real-world physical breaches.
- “War Thunder” Reference:
- Recurring military data leaks on War Thunder forums get honored as a perennial podcast favorite.
8. Other Notable Moments & Themes
AI, Agency, and “Entertainment Purposes Only”
Timestamps: 26:02–30:00
- Copilot’s TOS claims it’s “for entertainment only.”
Laughter over the juxtaposition of productivity claims and CYA legalese. - The panel riffs on “Roko’s Basilisk,” AI’s rise, and the etiquette of thanking your robot overlords.
“My son says thank you to any robot that does anything.” –Wade (29:35)
“I always say please and thank you to my AIs.” –Jennifer (29:27)
Chicken Articles & Closing Banter
Timestamps: 64:33–65:44
– Article about Scottish chickens wearing reflective vests for road safety closes out the episode.
“Don’t let the chicken cross the road without a reflective safety vest.” –Ralph (65:31)
Notable Quotes & Timestamps
| Time | Speaker | Quote | |----------|-------------|----------| | 13:39 | Wade | "The social engineering part...having a complete Slack already put together...before AI, I would think this was more impressive. But nowadays I'm like, all right, you just tell AI to spit you up a Slack server..." | | 20:56 | Ralph | “I have two Microsoft Outlooks and neither one of those are working. Which is a statement we've all said at some point.” | | 23:46 | Ralph | “The only reason I would want to leave Earth is to leave Outlook behind. If I have to take Outlook with me, I’m not leaving Earth.” | | 24:22 | Jennifer | "If anybody was going to run a toilet off of Windows, it would be the government." | | 29:35 | Wade | "My son says thank you to any robot that does anything." | | 29:27 | Jennifer | "I always say please and thank you to my AIs." | | 37:30 | Ralph | “You're saying make your own caveman library?” | | 40:32 | Bronwyn | "Stop resisting. You are being open sourced." | | 51:45 | Corey Ham | "You're just going for the least protected asset, even if that requires more effort in the beginning. Because once you develop that tool, then it feels like shooting fish in a barrel..." | | 53:36 | Corey Ham | "Are you telling me that they put the codes for the doors on Quizlet?" | | 65:31 | Ralph | “Don’t let the chicken cross the road without a reflective safety vest.” |
Bonus: Panelist Plugs and Community Vibes
Doc: Upcoming “Anticast” on “The 14 Absolute Truths of Cybersecurity”—with the punchline: “Security isn’t even what we do.”
Jennifer: API testing class coming soon (April 14).
Running Jokes:
- “JavaScript” drinking game leaves Doc “drunk AF.”
- Heated home bidets as a security lifestyle choice.
- “War Thunder leaks” – meme status.
Endnote:
This episode is a great mix of technical insight, professional perspective and community camaraderie, with a good dose of hacker humor.
Listen for:
- Practical reactions to real-time infosec incidents
- Commentary on the blurring lines between AI, open source, and corporate secrecy
- The importance of solid controls, both in code and at the (literal) front door
- Why you should always say please and thank you to your AIs
- Why chickens in safety vests may be the real winners in security this week