Podcast Summary
Talkin' Bout [Infosec] News — Hot Take Predictions for Next Year
Hosts: John Strand & the BHIS Team
Release Date: December 18, 2025
Main Theme:
The last episode of 2025 assembles the Black Hills Information Security (BHIS) crew for some spicy infosec news and hot-take predictions for 2026, interspersed with their signature banter. They dive into everything from Russia banning Roblox to Google’s Dark Web report shutdown, South Korea’s Coupang breach, smart device and IoT security woes, and then spend the last portion dropping bold predictions for cyber threats and trends in 2026.
Episode Overview
Purpose:
Wrap the year with discussion on top infosec stories and deliver hot take predictions for cybersecurity in 2026. No year-in-review nostalgia, just current events, industry insight, and foresight.
Key Discussion Points & Insights
1. Roblox Ban in Russia & Government Censorship
- Banter about Roblox and Social Platforms:
- Recent bans of Roblox in Russia (and social media bans in Australia) are discussed as part of a growing fragmentation trend—governments breaking up big tech platforms to reduce cross-border societal influence.
- John on Audience Pushback: "They did. I think they banned it officially last week. Now this is just the fallout article being like—I mean, the quote in the article is pretty funny because the person literally said they have gotten a message from literally every child in Russia." (03:32)
- Security Angle:
- Concerns about security teams being called to validate user ages and new regulatory burdens.
- Commentary on how bans rarely eliminate behavior but serve to "fragment and reduce" usage, not "reduce to zero."
- Reference to the Arab Spring: central, uncontrolled platforms are scary for governments.
- Notable Quote:
- "Money is better than morals." — D (05:26)
- "If you take away Roblox, you may be creating the next generation of programmers and open-source people." — A (06:47)
2. Google Discontinues Dark Web Reports
- Summary:
- Google drops its "Dark Web report" service, which was provided to some end users via Google One.
- Key Insights:
- Panel agrees: the report wasn't widely known and not actionable for most users, leading to customer confusion and 'shoot the messenger' reactions.
- Deep Dive:
- End users tend to blame providers (Google, Yahoo) rather than understand credential exposure basics.
- Red/Blue teamers describe the practical headaches when informing users or clients of exposed credentials—awkwardness, misplaced blame, suspicion.
- Notable Quotes:
- "Classic Google killing off another service." — C (11:48)
- "No one's... there's no validation of this data." — D (16:35)
- "There's definitely a shoot the messenger aspect to this." — B (15:46)
3. Coupang (South Korea) Data Breach & International Incident Response
- Incident:
- Largest South Korean e-commerce provider hacked—approx. 33 million users impacted (~50% of SK’s population).
- Key Discussion Points:
- South Korean authorities raided Coupang despite company cooperation; this is highly unusual compared to US breach response.
- Strong executive accountability in South Korea (CEO resigned); US companies rarely see such top-level fallout from breaches.
- Massive liability possible: up to two years jail and hefty fines if proper controls weren’t implemented as required by their version of GDPR.
- Attack vector: ex-employee (Chinese national) retained access for over a year post-employment.
- Conversation about recurring pen test findings, the variance in security firm quality, and the problem of "intern-level" reports.
- Notable Quotes:
- "I love the fact that South Korea, like, they actually have shame in their executive ranks. Like, the CEO resigned." — B (22:19)
- "Apparently executives can be held up to two years and fined. So this could have actual jail time associated with it." — D (28:09)
- "There's no unifying body for the industry." — C (30:19)
- Timestamps:
- Coupang breach news & response: [20:05]–[28:45]
4. IoT Takeover: iRobot Bankruptcy & Chinese Robotics
- Headline:
- iRobot (Roomba) files Chapter 11; immediately bought by the Chinese company that manufactured its vacuums.
- Security Worries:
- Foreign ownership and cheap manufacturing lead to a large, poorly secured device population in homes—concerns about update mechanisms, wireless bridging, and microphone/camera access.
- Noted trend of Chinese firms dominating consumer robotics, from vacuums to lawnmowers.
- Parallels to KVM and baby monitor security: both suffered from poor design and suspect firmware 'beaconing' data to China.
- Notable Quote:
- "Those vacuums are mapping your house too." — E (33:31)
- "We need to do like some contact where we take one of these robot vacuums … and use it for like get remote access to it..." — B (32:50)
5. Threat Actor Tactics: 'Bring Your Own VM' for Persistence
- Article:
- Red Canary report on adversaries deploying tiny QEMU (Windows 7) VMs for persistence, evading EDR.
- Reaction:
- Panel admits to having used similar virtualization tricks for years ("the EDR thorn in our side"); but the implementation described was clumsy and comical (e.g., running a Windows 7 virtual machine for C2).
- Highlights the risk of old, unpatched ("Windows 7, really?!") systems even in companies with expensive modern defense layers.
- Debate over the logic: "If all you want is a network proxy, you don't need to freaking download a qemu."
- Notable Quotes:
- "They used Windows 7. The target host was Windows 7?... You can afford Red Canary, but you're still running Windows 7?" — B, D, C (39:27–39:56)
- Timestamps:
- BYOVM discussion: [37:00]–[41:10]
6. Software Supply Chain & Notepad++
- Brief mention of yet another supply chain malware / update attack, this time against Notepad++.
- Panel’s playful argument over best editors (VSCode vs. Notepad++), regex use, and how legacy tools linger due to personal workflow needs.
2026 Hot Take Predictions (Time: [44:20]–[60:00])
Panelists’ Bold Forecasts:
- Salesforce Breaches — "More Salesforce application breaches." (44:32)
- Security Job Market Bounceback: — Expect hiring to rebound in late summer 2026 as AI fails to deliver on automated security dreams. "I think... come summer of 2026, it's going to bounce back, and we're going to see a lot more hiring." — B (45:16)
- Major AI-Caused Outage: — "There's going to be a mass Internet outage in 2026 related to something that AI did and also related to cybersecurity." — D (46:43)
- Prompt Injection Catastrophe: — "We're going to see a massive breach due to AI walls falling down from prompt injection due to asking nicely... at least a SolarWinds scale." — H (47:24)
- AI-Induced Universal Vulnerability: — Mass code generation via AI is introducing a new, widespread class of vulnerabilities nobody is fully tracking yet.
- CTF Market Collapse: — Prediction that at least one major capture-the-flag (CTF) platform will go under in 2026 (due to VC over-funding and commoditization).
- AI Bubble Will Pop:
- VC will realize returns aren’t materializing; massive vulnerabilities will push a reckoning; organizations will realize they have code written by AI that can’t be maintained.
- SOC Automation 'Overcorrection':
- Automation will advance from Tier 1 SOC to higher levels, but without proper oversight, errors will multiply—companies will regret deep job cuts.
- AI as a Force Multiplier (But Not a Fix for Inexperience):
- "A force multiplier only works if you have a force to multiply." (53:19)
- "AI can make a good analyst great, but it can't make a bad analyst good." (57:42)
Memorable Quotes & Moments (Selected with Timestamps)
- “Money is better than morals.” — D ([05:26])
- On data breach accountability:
“I love the fact that South Korea, like, they actually have shame in their executive ranks. Like, the CEO resigned.” — B ([22:19]) - On automation in the SOC:
“A force multiplier only works if you have a force to multiply.” — F ([53:19]) “AI can make a good analyst great, but it can't make a bad analyst good.” — F ([57:42]) - On AI and the hiring landscape:
“We just want to be able to do more and be more effective in what we are doing.” — B ([52:24]) - On new generation’s relationship with AI:
“I hate to tell you, but I think it's about 70% of the industry, especially the younger generation, has came up and they've been using AI to generate papers... they continue to trust implicitly this service that they have.” — B ([55:50]) - On reputation-based trust:
“We're starting to become closer to a Star Trek order environment... where your reputation is your currency.” — E ([60:10]) - Discord Winner Shout-Out:
Ninja Cat & QNS win CTF prizes (one year access to AntiSiphon training & a free class).
Tone & Style
- Irreverent, candid, and both technically proficient and approachable.
- Lots of self-deprecation, inside jokes, and “stream of consciousness” analogies.
- Panel does not shy from calling out industry shortcomings or their own failures.
Segment Timestamps
| Segment | Start | End | |-------------------------------------------------|-----------|-----------| | Open/Banter/Roblox & Gov’t Censorship | 00:44 | 09:00 | | Google Kills Dark Web Reports | 10:22 | 19:17 | | Coupang Breach (SK), Executive Fallout | 20:05 | 30:09 | | IoT Takeover, iRobot Sale, Smart Device Risks | 31:12 | 36:48 | | BYOVM: Red Canary / Virtual Machine Attacks | 37:00 | 41:10 | | Notepad++ & Editor Brawls, Supply Chain Attacks | 42:07 | 44:20 | | Hot Take Predictions for 2026 | 44:20 | 60:00 |
For Listeners Who Missed It
- Expect more app and cloud breaches, especially targeting platforms like Salesforce.
- The “AI will solve security” hype will not deliver—expect a security job market rebound and high-profile incidents caused by AI, especially through prompt injection and poorly tested code.
- IoT security is a systemic weakness—cheap, mass-produced devices (esp. from China) in US/EU homes are a growing vector.
- Regulations and executive accountability (as seen in South Korea) could spread, including jail time for negligent handling of consumer data.
- SOC automation could become a double-edged sword—true expertise (not AI alone) will remain critical.
Final Take
The team skips the nostalgia to work through current headlines and eccentric (but informed) takes about the next year in infosec. While the tone is playful, the warning is serious: be ready for an AI-induced vulnerability mess, keep an eye on app supply chain issues, and don’t write off the human factor in defense and detection, regardless of what shiny automation is promised for 2026.