PODCAST · technology
Security Weekly Podcast Network (Video)
by Security Weekly Productions
Welcome to the Security Weekly Podcast Network, your all-in-one source for the latest in cybersecurity! This feed features a diverse lineup of shows, including Application Security Weekly, Business Security Weekly, Paul's Security Weekly, Enterprise Security Weekly, and Security Weekly News. Whether you're a cybersecurity professional, business leader, or tech enthusiast, we cover all angles of the cybersecurity landscape.Tune in for in-depth panel discussions, expert guest interviews, and breaking news on the latest hacking techniques, vulnerabilities, and industry trends. Stay informed and secure with the most trusted voices in cybersecurity!
-
1000
Borg, GitLost, ColdFusion, GodDamn, GhostApproval, OWA, Epaphroditus, Josh Marpet,.. - SWN #597
Borg, GitLost, ColdFusion, GodDamn, GhostApproval, OWA, Epaphroditus, Locutus, Josh Marpet, and More on this episode of the Security Weekly News. Show Notes: https://securityweekly.com/swn-597
-
999
AI Is Annoying & IoT Devices Still Get Hacked - PSW #934
In the security news: Son of Anton strikes again! HalluSquatting and using Claude to defend itself CISA KEV's Revolving Door LLM's hallucinate and companies get sued Additionally - GitLost Yet even more Linux vulnerabilities Citrix just keeps bleeding Old hardware is new again A sneak peak into next week's tech segment Tenda hidden backdoors We're still talking about Mirai Today was not a good day for Roundcube Canada is hacking criminals AI safeguards are still annnoying All cars will spy on you The FatFs unpatched vulnerability in millions of embedded devices Windows OS market share drops below 60% (Paul uses Arch) 'We Cannot Choose to Become Idiots' - or can we? Show Notes: https://securityweekly.com/psw-934
-
998
Why AI Just Broke Traditional IT Security as Leaders Clash Over AI's Value and Hiring - Matt Quinn - BSW #455
The latest generation of AI models has collapsed the time from vulnerability discovery to weaponized exploit from weeks to minutes, and reactive, module-based tools built around static dashboards simply can't keep up. In this episode, Tanium COO Matt Quinn joins Business Security Weekly to discuss Tanium Atlas, the new autonomous operating system for IT and security. Matt explains why "good enough" operations are now a liability, how Atlas turns a single operator into the equivalent of an entire team, giving organizations the speed, scale, and efficiency to match the pace of today's threat environment. He also breaks down why nearly two decades of real-time endpoint telemetry across more than 36 million endpoints is the foundation no AI model can replicate on its own. This segment is sponsored by Tanium. Visit https://securityweekly.com/tanium to learn more about them! In the leadership and communications segment, CEOs, CIOs clash over AI's value, Aspiring Leaders, Don't Just Network Up, Your Talent Strategy Has to Keep Up with Your AI Transformation, and more! Show Notes: https://securityweekly.com/bsw-455
-
997
Dune References, FAT, Claude, ZhiPu, PolinRider, RentaBot, Sony, Aaran Leyland & More - SWN #596
Dune References, FAT, Claude, ZhiPu, PolinRider, RentaBot, Sony, Aaran Leyland, and More on the Security Weekly News. Show Notes: https://securityweekly.com/swn-596
-
996
Defense-in-depth strategies for securing mobile applications - Ryan Lloyd - ASW #390
Mobile applications have unique risks and threat models compared to server-side applications and infrastructure. Consequently, they need different strategies to ensure their business logic and workflows well secured. We'll dive into some of these defense-in-depth strategies and why they are important to mobile applications. Securing workflows goes beyond input validation and pattern matching suspicious payloads; it requires detailed attention to state machines, edge cases, and collecting signals to evaluate trust. Segment Resources: https://hubs.la/Q04jLKj70 https://mas.owasp.org/MASTG/0x04c-Tampering-and-Reverse-Engineering/ https://owasp.org/API-Security/editions/2023/en/0x00-header/ This segment is sponsored by Guardsquare. Visit https://securityweekly.com/guardsquare to learn more about them! Show Notes: https://securityweekly.com/asw-390
-
995
Mastering agent permissions and Identiverse interviews - Amir Ofek, Howard Ting, Ajay Gupta, Sandy Bird - ESW #466
Interview with Sandy Bird, co-founder of Sonrai Security In this week's interview, we kick off the conversation with how Sonrai's expertise in securing cloud identity permissions had the company well placed to address the explosion of AI agents and the clear risks they represented. On the surface, this looks like a cloud/hyperscaler permissions challenge, but it isn't that simple. As agents like Claude Code, Codex, and Hermes are connected to enterprise cloud agents, the risk spreads outside VPCs and onto endpoints. Check out the episode to learn more about some of the most common risks Sandy finds and how Sonrai goes about addressing them. This segment is sponsored by Sonrai Security. Visit https://securityweekly.com/sonrai to learn more about them! Segment Resources AWS Bedrock agent permissions: what you need to lock down before you go live Making Enterprise AI Agents Accountable with Amir Ofek, CEO and Co-Founder of aizome Organizations looking to unlock the power of Enterprise AI Agents, and in a controlled and safe way at the speed of AI. Identity is at the heart of it. However, NHI Governance Is Not Enough for Enterprise AI Agents. The identity industry has responded to the rise of AI agents the same way it responds to every new identity challenge: extend existing frameworks. Map agents to human owners. Enforce least privilege. Govern them like non-human identities. It is a reasonable instinct. It is also insufficient in ways that matter enormously. Non-human identity security was built for a deterministic world - service accounts, API keys, bots. These identities do what they are configured to do. Their behavior is predictable enough that static governance models work. Enterprise AI agents are categorically different. Not in degree - in kind. They don't execute fixed instructions. They reason, plan, and adapt in response to context. Their scope shifts with every task. Their behavior at runtime can diverge significantly from anything true at provisioning time. Unlike any identity that came before them, they frequently change their intent, at a pace no governance model built for human movers or machine credentials was designed to handle. Wrapping them in the same framework you use for a service account isn't wrong. It's just insufficient in precisely the places where risk accumulates. Download the SANS AI Security Maturity Model eBook This segment is sponsored by aizome. Visit https://securityweekly.com/aizomeidv to learn more about them! The Human Authorized. The Agent Acted. Who's Accountable? Interview with Howard Ting - CEO - Opal Security A self-driving car still has a license plate The accountability didn't change just because the driver did. The same has to be true for AI agents, but most environments can't trace an agent action back through the layers of delegation to the human who authorized it. Howard Ting, CEO of Opal Security, joins Security Weekly to discuss what the accountability model looks like when employees run swarms of agents, and what has to be in place before that accountability chain is tested. https://www.opal.dev/resource-center/identity-governance-report-2026-ai-access This segment is sponsored by Opal Security. Visit https://securityweekly.com/opalidv to learn more about them! Next Evolution of Identity Security: AI for Lower Cost, Efficiency & Governance with Ajay Gupta - President & CEO - SDG Organizations have invested heavily in identity platforms, but many still struggle to maximize security, efficiency, and governance outcomes. As AI transforms both cyber defense and cyber threats, Identity Security is emerging as a critical foundation for securing human and non-human identities alike. In this discussion, we explore how AI is helping organizations reduce costs, improve operations, defend against AI-powered attacks, and address the governance challenges created by AI agents—highlighting the convergence of Identity Security, AI Security, and AI Governance. This segment is sponsored by SDG. Visit https://securityweekly.com/sdgidv to learn more about them! Show Notes: https://securityweekly.com/esw-466
-
994
Beyond the AI Hype, Cyber Readiness in the Age of AI - Gibb Witham - SWN #595
I talk to Gibb Witham, President of Hack The Box, about cyber readiness, hands-on security training, Hack The Box, and AI in cybersecurity. Show Notes: https://securityweekly.com/swn-595
-
993
Linux Tech Segment & Vulnerabilities Galore - PSW #933
This week we have a technical segment based on the response to "Atomic Arch", an updated open-source tool to help you catch malicious packages. In the security news: Exploitarium A hot messy summer of vulnerabilities AI Squatting Linux LPE - no shortage of those Fingerprinting Favicons Windows 10 extended Can Clothes Make You Invisible to Facial Recognition? Fable and Mythos for All Do we care about Quantum? Execs have AI risk under control Biological warefare in Spyware The scripts in-scope for PCI We don't have privacy, but we may get age restrictions Show Notes: https://securityweekly.com/psw-933
-
992
Performance Through People as Executives Struggle and Mentorship Matters - Greg Hoffman - BSW #454
One of the biggest questions most executives ask is "Why does it still feel this hard when the talent is clearly there?" The answer, in almost every case, is not a people problem. It is an environment problem. And environment is something a leader can build. Greg Hoffman, President at Ascension Performance Group, joins Business Security Weekly to discuss his new book, Performance Through People, a leadership parable that shows a practical operating model for building the conditions where people perform at their highest level. It is written as a story, but it is built as a framework. Greg will discuss the core pillars of this framework, including: Leadership First Mindset Operational Clarity Capability Empowerment Impact Segment Resources: - https://a.co/d/053FuwYT - https://ascensionpg.com/articles/ In the leadership and communications segment, What the New Quantum Executive Orders Mean for Business Leaders, What I Learned About Burnout the Hard Way (and How to Actually Fix it, Mentorship Matters, and more! Show Notes: https://securityweekly.com/bsw-454
-
991
AI Cocaine Recipes, Russian Hack, Scattered Spider, Cisco, Amazon Q – Aaran Leyland - SWN #594
AI Cocaine Recipes, Green Shirt Jailbreak, JLR Russia Hack, Scattered Spider, Cisco Root, Amazon Q Pwned – Aaran Leyland – SWN #594 Show Notes: https://securityweekly.com/swn-594
-
990
Reducing Attack Surface & Evaluating Efficiency in Agents - Itamar Apelblat, David Goldschlag - ASW #389
SquidBleed reveals another vuln that's been lurking for decades, but its real lesson is in managing an attack surface. Regardless of whatever programming language you use, removing code is one of the best security steps you can take, followed by changing default configs to turn off uncommon features and ancient protocols. The Linux kernel's removal of strncpy is another example of managing attack surface by replacing a notoriously misused and ambiguous function with more specific versions that better match the developers intent. It was a six-year journey for the kernel, but one that should remove a class of vulns and, importantly, improve performance. Then it's on to agents with a discussion of the newly released OWASP AISVS and yet another example of evaluating LLMs as code reviewers. Agentic AI Has an Identity Problem AI agents are already running inside enterprise environments, operating on credentials, API tokens, and cloud roles that most security teams have never inventoried. When an agent acts autonomously across production systems, the security question is no longer just what it can do but who it is and whether that identity is governed at all. Itamar Apelblat, Co-Founder and CEO of Token Security, discusses why identity is the right lens for understanding agentic AI risk and what practical steps security teams can take now. Segment Resources: https://www.token.security/product https://www.token.security/lp/ai-agent-identity-security-buyers-guide-ebook https://www.token.security/enzo https://www.token.security/ai-agent-calculator This segment is sponsored by Token Security. To lean more, visit https://securityweekly.com/tokenidv Blended Identities and the challenge of IAM for AI AI agents aren't quite human and aren't traditional machines. So how do you secure workflows that involve humans using AI to access sensitive data, and do it at machine speed and scale? David breaks down the challenges and discusses actual implementations of IAM for AI to explain how to solve them. Segment Resources: https://aembit.io/case-study/a-300b-investment-firm-secures-claude-access-with-aembit/ https://aembit.io/blog/aembit-now-secures-microsoft-copilot-studio-agents/ https://www.youtube.com/watch?v=cSInzRUXvNc This segment is sponsored by Aembit. Get the cloud security alliance survey on AI Identities at https://securityweekly.com/aembitidv Show Notes: https://securityweekly.com/asw-389
-
989
Fixing pentesting, Meta is destroying its engineering org, the weekly news - Adriel Desautels - ESW #465
Interview with Adriel Desautels - the pentest is broken Adriel joins us for a discussion on the state of penetration testing, why it hasn't done much to help security teams over the last 20 years, and why AI won't save it. Segment Resources: https://hbr.org/2026/04/boards-are-falling-short-on-cybersecurity https://www.scworld.com/perspective/how-to-build-a-breach-ready-security-posture-without-the-enterprise-price-tag https://netragard.com/blog/what-is-penetration-testing/ Topic: Why Meta is destroying its engineering organization The titular essay: https://newsletter.pragmaticengineer.com/p/why-is-meta-destroying-its-engineering A very interesting analysis of what's going on inside big tech companies as they try to dogfood their own AI hype and tokenmaxx themselves into oblivion. There have been a LOT of stories on this, but this is the most comprehensive and enlightening. A few more are linked below. This is relevant to security, because heavier AI use appears to be linked to a much higher occurrence of availability and security issues. 'Tell Him He's a Piece of Shit': Meta's New AI Unit Is a Total Mess The Newest Instagram "Exploit" is the Goofiest I've Seen Meta CTO Andrew Bosworth Admits the Company's AI Reorg Was 'Atrocious' Meta's months-old AI unit is a soul-crushing gulag, say the engineers stuck inside it The Weekly Enterprise News Finally, in the enterprise security news, an AI vibe check An AI SOC vendor shuts down Cybersecurity vendor layoffs funding & acquisitions cascading breaches digital estate management criminals don't trust AI either some devs won't code without AI, even if you pay them to Midjourney is now a healthcare company? All that and more, on this episode of Enterprise Security Weekly. Show Notes: https://securityweekly.com/esw-465
-
988
AI Brain Harvest, Fortibleed, Win 10, Blacksite, Windchill, Cisco, BB-8, Josh Marpet - SWN #593
AI Brain Harvest, Fortibleed, Win 10, Blacksite, Windchill, Cisco, BB-8 Sidewalk Bots, Josh Marpet, and More on this episode of the Security Weekly News. Show Notes: https://securityweekly.com/swn-593
-
987
Cloud Visibility, Fortibleed, hacking things the easy way - Sandy Bird - PSW #932
First up is Sandy Bird from Sonrai discussing how to protect our cloud infrastructure! This segment is sponsored by Sonrai Security. Visit https://securityweekly.com/sonrai to learn more about them! Next up in the security news: Help, I am Fortibleeding Cisco SD-WAN needs help The secret life of probe requests Help, I am Squidbleeding XSS to RCE and why CVSS isn't the full picture TVs spy on you Foundational security practices Cybersecurity costs money Happy "Its too late to update your KEK key" day You don't have security flaws if no one can report them Rickrolling FIFA Domain takeovers End of life, out of luck The key to Encryption... Show Notes: https://securityweekly.com/psw-932
-
986
The Strategic Human Firewall as AI Impacts Regulations, Cyber Pros, and Employees - Robert Siciliano - BSW #453
The 2026 Verizon DBIR has arrived and the results are in... Even with a substantial increase in Exploitation of Vulnerabilities, All Credential Abuse is still the top initial access vector for breaches, which means the human is still the weakest link. Why haven't security awareness training and phishing campaigns worked? Robert Siciliano, Architect of of The Strategic Human Firewall™ at ProtectNow, joins Business Security Weekly to explore why humans, not hackers, are the ultimate deciding factor in organizational security. The industry needs to shift from security awareness to security appreciation. Robert will discuss: How you can build a culture that actually protects your people, your data, and your operations in an era of AI deception. Why most companies are still performing 'Security Theater'—checking boxes and hoping for the best—instead of driving genuine behavior change. How Trust and Denial quietly fuel most disasters, why interactive training is the only way to make the lessons stick, and how leaders can scale this entire framework without needing a Hollywood budget. Segment Resources: https://protectnowllc.com/ai-cyber-security-keynote-speaker/ In the leadership and communications segment, Should CEOs Be Held Personally Accountable for Cyber Attacks?, Placing communication at the center of every leadership transition, AI isn't solving cybersecurity workforce woes, and more! Show Notes: https://securityweekly.com/bsw-453
-
985
Turing, BODS, Struwwelpeter, EO-14409, VBScript, Pixemsmash, Cloudflare, Aaran Leylan - SWN #592
Turing's Entscheidungsproblem, BODS, Struwwelpeter, EO-14409, VBScript, Pixemsmash, Cloudflare, Aaran Leyland, and More on the Security Weekly News. Show Notes: https://securityweekly.com/swn-592
-
984
How AI Is Reshaping Identity Security at the Infrastructure Layer - Ev Kontsevoy, Neha Duggal, Amit Masand - ASW #388
Appsec has seen machine identities from daemons and processes to services, microservices, and cloud accounts. And now we have agents. Ev Kontsevoy talks about what it means to have engineers and agents interacting in an environment, and why a focus on actions can be more effective than roles. One of the biggest challenges in securing agents along with all of the other identities that organizations manage is how fragmented that management has become. But a unified engineering view of identities is just a start. Once you're able to shift to a practice where access is granted based on attributes and limited durations, then your environment becomes more resilient to mistakes and unexpected actions, not to mention the security concerns that come with agents acting on their own. Who Is Responsible for an AI Agent's Actions? As AI agents gain the ability to access systems, invoke tools, and take action on behalf of users, organizations need clear frameworks that define responsibility for machine-driven decisions and outcomes. This segment examines how accountability, delegation, and attribution can be established across users, developers, security teams, and business stakeholders. Neha will explore how governance models support transparent, auditable agent-driven workflows while helping organizations manage risk and maintain trust. This segment is sponsored by P0 Security. Visit https://securityweekly.com/p0idv to learn more about them! The rapid rise of agentic AI and non-human identities is fundamentally reshaping the future of identity security, challenging traditional IAM and PAM models built around predictable human behavior. In this executive interview at Identiverse 2026, Amit Masand discusses how autonomous systems, AI agents, and machine identities are creating new operational and governance challenges for modern enterprises. Drawing from more than two decades of industry experience, the conversation explores the growing complexity of continuous governance in a world where identities increasingly operate at machine speed. Segment Resources: https://www.idmexpress.com/post/preventing-cybersecurity-incidents-through-managed-services https://www.idmexpress.com/post/cyberark-securing-aws https://www.idmexpress.com/post/turning-roadblocks-into-breakthroughs-a-custom-oracle-pam-integration-story Contact IDMEXPRESS! Secure Your Tomorrow, Today: https://securityweekly.com/idmidv Show Notes: https://securityweekly.com/asw-388
-
983
Navigating Shadow AI in the Enterprise, Verizon's SECOND 2026 report, and the news - Ankita Gupta - ESW #464
Interview with Ankita Gupta, CEO of Akto How to Navigate Shadow AI Risk in the enterprise This week, we discuss AI governance in the enterprise, starting with the nuts and bolts of how to discover and understand shadow AI. Following that, we dive into what security and tech leaders should do next with this information: apply guardrails? Limit vendor options? Ankita has a wealth of experience and anecdotes to share here, from years of working with customers and seeing all the unexpected things that happen with AI in today's workplace. Segment Resources: Website: https://www.akto.io Book a Free Demo: https://www.akto.io/agentic-security-demo LinkedIn: https://www.linkedin.com/company/akto-io YouTube: https://www.youtube.com/@aktodotio This segment is sponsored by Akto. Visit https://securityweekly.com/akto to secure your AI agents before attackers do. Topic Segment: Verizon's Breach Impact Study The same team that delivers the DBIR every year gave us a bonus, based on over 70,000 insurance claims! Some of my favorite insights: Cost of breaches, broken out by SMB, mid-sized enterprise, and large The claim amount as a percentage of the company's revenue Losses broken down by loss TYPE This data validates something I think everyone in cyber needs to understand: cyber events are rarely business-ending events. Every cybersecurity professional and vendor, frustrated by companies "not taking security seriously enough" now have data explaining why: breaches don't hurt as much as you thought they did. Maybe you think they should hurt more? Push for regulation/fines/etc. With that said, the report also shows breach costs increasing significantly over the past 6 years and the quantity of incidents shooting up. Specifically, the median impact has almost doubled. Security failures aren't getting any cheaper. Weekly Enterprise News Finally, in the enterprise security news, A $100M seed round! Accenture acquires 3 security vendors Some thoughts on the government takedown of Fable and Mythos One of the craziest security mistakes I've ever seen, in the software FIFA uses to manage World Cup streams! A Critical Copilot vulnerability 75,000 Fortinet Firewalls get compromised Remediation is broken Using guardrails to evade detection All that and more, on this episode of Enterprise Security Weekly. Show Notes: https://securityweekly.com/esw-464
-
982
LLMS, Identity, EDR, JiGong, QiLin, Warlock, with Rob Allen from Threatlocker... - Rob Allen - SWN #591
Doug and Rob Allen talk about Identity, EDR, Your Great Aunt Ida Meets some hot firefighters, and more. Segment Resources: Qilin and Warlock Ransomware Use Vulnerable Drivers to Disable 300+ EDR Tools: https://thehackernews.com/2026/04/qilin-and-warlock-ransomware-use.html This segment is sponsored by ThreatLocker. Visit https://securityweekly.com/threatlocker to learn more about them! Show Notes: https://securityweekly.com/swn-591
-
981
GPS, PCI, ARCH, OH MY! - PSW #931
In the security news this week: GPS spoofing and satellite jamming are getting way too accessible Rekeying satellites in orbit sounds terrifying Cyber extortion and whether criminals still have ethics AI helping cybersecurity research... and drug discovery Data centers eating regional power grids Nuclear, solar, natural gas, and the future of AI infrastructure What happens when GPS stops being trustworthy? Satellite constellations as the next critical infrastructure target AI guardrails and why sci-fi warned us first Cyber ranges that don't simulate reality anymore The weird morality line between hackers, scammers, and criminals Future satellite warfare without calling it warfare Security standards for infrastructure nobody thought would be online Historical cybersecurity stories that suddenly feel very current Why AI changes both offense and defense simultaneously And how much of modern cyber defense is just educated guessing Show Notes: https://securityweekly.com/psw-931
-
980
Enterprise Browers in the Age of AI as CISO Role Changes and Leaders Harness Stress - Arunesh Chandra - BSW #452
The browser has become the primary gateway to work, data, and AI. In this episode, Arunesh Chandra, Head of Product, Microsoft Edge for Business at Microsoft Edges for Business, will discuss why security and IT teams are rethinking the role of the browser and what sets Edge for Business apart as a secure, enterprise-ready solution. Arunesh cover how built-in security, native integration with existing IT tools, and centralized management can simplify operations, reduce risk, and support modern work across managed devices, BYOD, and contractors. A must listen for IT pros and security experts navigating browser sprawl and AI adoption. This segment is sponsored by Microsoft Edge for Business. Visit https://securityweekly.com/edgeforbusiness to learn more about them! In the leadership and communications segment, CISO role changes as cyber-risk appetites in the C-suite grow, AI is exposing the biggest weakness in cybersecurity: We never built a health model. Until now!, 6 Ways Leaders Harness Stress, and more! Show Notes: https://securityweekly.com/bsw-452
-
979
TSME, ARCH, Maine, Fable, PANOS, Doug's Grandma, Vienna Sausages, Aaran Leyland - SWN #590
TSME, ARCH, Maine, Fable, PANOS, Doug's Grandma, Vienna Sausages, Aaran Leyland, and More on the Security Weekly News. Show Notes: https://securityweekly.com/swn-590
-
978
Why Does It Matter Who or What Created the Code? - Matias Madou - ASW #387
Agents and LLMs are creating and reviewing code. They're a new tool to help developers write software and they're a new abstraction layer for expressing what code should do. But if we're focused on determining whether code is secure, where do we focus our attention on ensuring a secure outcome? Matias Madou talks about the challenges of finding metrics to help answer these questions. We walk through many of the questions we'd like to see answered and our desire to see appsec (finally?) shift out of a find-and-fix mode into a future of secure design. Show Notes: https://securityweekly.com/asw-387
-
977
Safe AI at scale, what happens after initial access, and the weekly enterprise news - Albert Estevez Polo, Shiva Pillay - ESW #463
Interview with Shiva Pillay from Veeam Safe AI at Scale AI investment is exploding, yet nearly 90% of enterprise initiatives fail because the data powering AI cannot be trusted. That's the uncomfortable truth the industry is facing right now. Safe AI at scale requires more than just great models—it demands trusted, governed, and recoverable data. This segment is sponsored by Veeam. Visit https://securityweekly.com/veeam to learn more about them! Segment resources: Veeam Launches New Data and AI Trust Maturity Model to Help Organizations Benchmark AI Readiness Topic: Sure, we know how initial access works, but what about lateral movement? A special topic segment where we're joined by Albert Estevez Polo, field CTO for Zero Networks (a community guest, not a podcast sponsor). Zero Networks just released some very interesting data on what attackers are doing after they gain access to victim's environments and how they're doing it. Segment Resources: Link to report page Weekly Enterprise Security News Finally, in the enterprise security news, Funding and acquisitions Good news, Mythos isn't dangerous anymore! An excellent breach analysis Cyber insurance rates are dropping, but there's a catch CISA updates vulnerability remediation guidance Zoom calls are worse than you think, and maybe not for the reasons you think Remember when it was illegal to rip DVDs? All that and more, on this episode of Enterprise Security Weekly. Show Notes: https://securityweekly.com/esw-463
-
976
Phones, Sarlaccs, Maine, Chinese Sites, Ivanti, Bitlocker, Peoplesoft, and More - SWN #589
Bad Phones, Sarlaccs, Maine, Chinese Sites, Ivanti, GreatXML, Bitlocker, Peoplesoft, Josh Marpet, and More on this episode of the Security Weekly News. Show Notes: https://securityweekly.com/swn-589
-
975
Trolling Microsoft With Vulnerabilities - PSW #930
In the security news: Trolling Microsoft With Vulnerabilities Fable 5 loves guardrails Binwalk vulnerability EMBA and local models EDRChoker AI worms Interesting Arista vulnerability added to KEV BOD 26-04 and stakeholder specific vulnerability categorization Bring your own execution environment Homelab tips MikroTik routers as interceptors Ivanti Sentry and irony Smart TV botnets Privacy laws Solarwinds Serv-U lives on More Cisco SD-WAN fun! Russia can jam GPS No nudes for you says UK Government "Why would someone want to learn code when AI does it better and faster?" Show Notes: https://securityweekly.com/psw-930
-
974
Innovation Without Data Security Risk as AI Unlocks Budgets and Identity Challenges - Tony Kelly - BSW #451
AI is reshaping innovation as businesses embed it into core operations and move more processes online. This transformation is often seen as a tradeoff between innovation and data risk, but that assumption is wrong. Businesses can innovate and scale in the AI era while maintaining strong data security, ensuring protection, compliance, and control remain intact. Segment Resources: Check out these assets from Fortra for more information around Data Security for AI. Learn more about our Data Security suite: https://www.fortra.com/solutions/data-protection Get the ungated guide: Secure AI Innovation > https://www.fortra.com/resources/guides/secure-ai-innovation Read the blog: Staying Compliant While Using AI: What CISOs Need to Know https://www.fortra.com/blog/staying-compliant-while-using-ai-what-cisos-need-know This segment is sponsored by Fortra. Visit https://securityweekly.com/fortra to learn more about them! In the leadership and communications segment, Lost in translation: Cybersecurity board reporting for CISOs, AI may finally unlock the cyber budgets CISOs have wanted for years, How People Actually Get to the C-Suite in S&P 500 Companies, and more! Show Notes: https://securityweekly.com/bsw-451
-
973
Geinbot, SolarWinds, Brave, UNK_Deaddrop, durabletask, Insta, Aaran Leyland... - SWN #588
Geinbot, SolarWinds, Brave, UNK_Deaddrop, durabletask, Insta, Aaran Leyland, and More on the Security Weekly News. Show Notes: https://securityweekly.com/swn-588
-
972
Scanner Results Are a Starting Point. Here's What Comes Next. - Federico Kirschbaum - ASW #386
Most AppSec teams are working through more findings than their teams can validate. SAST surfaces thousands of potential issues. DAST generates alert volume that outpaces triage capacity. Somewhere in that output are the vulnerabilities that matter, the ones that are actually exploitable in production. This conversation explores why automated testing often stops short of the hardest part of the job: proving what is real. We dig into how business logic flaws and authorization vulnerabilities get missed by tools that scan without reasoning, what exploit validation looks like at runtime, and how security engineers are shifting toward findings that developers will actually act on. The segment is sponsored by XBOW. Visit https://securityweekly.com/xbow to see how autonomous AI pentesting delivers expert-quality findings in hours with real exploit validation your team can actually act on. Show Notes: https://securityweekly.com/asw-386
-
971
The State of AI in SecOps, the Unintended Consequences of Vulnmaxxing, and the News - Filip Stojkovski - ESW #462
Interview with Filip Stojkovski on the State of AI in SecOps Filip joins us to talk through the 2+ year rollercoaster that Security Operations tooling has been on since AI entered the chat. We discuss the AI SecOps market, which Filip closely tracks through his SecOps Unpacked project. We also discuss how most of the market has traditionally been focused on the "middle" of the process, which is effectively alert management. Where the conversation really gets interesting is shifting left to discuss building better quality detections. Segment Resources: Be sure to check out SecOps Unpacked - it has more than just vendor information: there are articles, frameworks, podcast episodes, research, and articles/thought leadership Topic: The Unintended Consequences of Vulnmaxxing We discuss my latest blog post where I share a theory that perhaps Project Glasswing is a clever exclusive freemium tier, where Anthropic is hoping to ensnare the world's largest producers of software into using its most expensive model to fix their code for the foreseeable future, creating a much needed new revenue stream for the AI giant with a Trillion dollar valuation. There are some potential unintended consequences that come along with an expensive vulnerability discovery/remediation process that threatens to raise the security poverty line and leave less wealthy companies behind. The Weekly Enterprise News Finally, in the enterprise security news, If you were starting a cybersecurity company today, which category would you pick? layoffs funding the White House AI executive order OpenAI's frontier governance framework Anthropic's Zero Trust for AI agents guide IBM's vulnmaxxing efforts RICO as a service for job seekers Instagram had possibly the most embarrassing hack ever All that and more, on this episode of Enterprise Security Weekly. Show Notes: https://securityweekly.com/esw-462
-
970
Local AI, Salesforce, Fluttershell, Aspose, http/2, Cisco, Used Tech, Josh Marpet - SWN #587
Local AI, Salesforce, Fluttershell, Aspose, http/2 bomb, Passwords, Cisco, Used Tech, Josh Marpet, and More on this episode of the Security Weekly News Show Notes: https://securityweekly.com/swn-587
-
969
Security Researchers Are Threat Actors - PSW #929
This week in the security news: Security Researchers Are Threat Actors according to Microsoft Hands-free malicious firmware If you've ever typed "ls" in Windows, this is for you Cisco makes more patches, wants you to pay Ambiguous Secure Boot bypass Threat actors love network edge devices, and I have the chat logs and leaks to prove it The downside of chip sanctions Your VoIP phone is hacked Vulnerability disclosure and incentives Claude reccovers Bitcoin wallet an Instagram "Exploit" Turn the plane around The worms will continue PAN-OS global protect vulnerability The 1-Click Github token stealer Data-nuking prompt injection Turning Buses into spies SymJack NIST NVD mistakes, and how CNAs need to up their game Show Notes: https://securityweekly.com/psw-929
-
968
Scaling to $100M as the Security Weekly Index Hits an All Time High - Joshua Gould - BSW #450
The ultimate goal, scale a company to $100M and go IPO. Easier said than done. We've seen some make it and others that get stuck. What's he difference? Joshua Gould, CEO at thebigword, joins Business Security Weekly to discuss how to scale to $100M. From startup to platform, Joshua helps us understand the challenges and how to address them. If you're a founder looking to scale, this is an interview you can't miss. Segment Resources: https://en-gb.thebigword.com/ http://www.youtube.com/@Exec_Craft https://www.linkedin.com/in/joshuadgould/ In the Security Money segment, the Security Weekly Index and NASDAQ set new records. After CyberArk's acquisition, the Security Weekly Index is now comprised of the following 24 companies: SAIL Sailpoint Inc PANW Palo Alto Networks Inc CHKP Check Point Software Technologies Ltd RBRK Rubrik Inc GEN Gen Digital Inc FTNT Fortinet Inc AKAM Akamai Technologies Inc FFIV F5 Inc ZS Zscaler Inc OSPN Onespan Inc LDOS Leidos Holdings Inc QLYS Qualys Inc NTSK Netskope Inc TENB Tenable Holdings Inc OKTA Okta Inc S SentinelOne Inc NET Cloudflare Inc CRWD Crowdstrike Holdings Inc NTCT NetScout Systems Inc VRNS Varonis Systems Inc RPD Rapid7 Inc FSLY Fastly Inc RDWR Radware Ltd ATEN A10 Networks Inc Show Notes: https://securityweekly.com/bsw-450
-
967
Heraclitus, AI LLMs, SSO, TTP, NetLogon, PAN-OS, AI Cost, Aaran Leyland... - SWN #586
Heraclitus Unbound, AI LLMs, SSO, TTP, NetLogon, PAN-OS, AI Cost, Aaran Leyland, and More on the Security Weekly News. Show Notes: https://securityweekly.com/swn-586
-
966
BadHost, Dead CTFs, Exploding NPMs, and the Verizon DBIR - ASW #385
We dedicate an episode to catching up on appsec news with Kalyani Pawar. We see parsing problems that led to the BadHost vuln, which exposed lots of LLMs, MCPs, and agents to potential compromise. We wonder where to look for security education and practice as the camaraderie of the CTF community becomes infiltrated by LLMs. We talk about the tradeoffs in trust between using public packages vs. having agents write replacements from scratch. And we examine some of the appsec details that the Verizon DBIR reveals about how orgs are being attacked -- and how orgs might use that information to protect themselves. Show Notes: https://securityweekly.com/asw-385
-
965
Helping defense's use of AI catch up with offense, cost of the vulnpocalypse, news - Evan Powell - ESW #461
Interview with Evan Powell - Generative and agentic AI are improving cyberattacks faster than they're improving cyber defenses. Offensive folks have been having the most luck with AI so far, which is further eroding any advantage defenders might have had. Evan Powell joins us to share some ideas on how defenders can get some benefits from AI as well, and why open source is important with this approach. Topic For this week's topic segment, we've got two very interesting data sources. The first is Anthropic's first update on Project Glasswing, where they're absolutely tearing through codebases with ultra premium Mythos tokens, but then hitting a human-shaped bottleneck as they attempt to validate all the findings. The second is the first report from Root Evidence, the latest startup from Jeremiah Grossman and Robert Hansen (aka RSnake), which aims to help organizations filter out all the vulnerabilities that don't matter. Where these two reports meet in the middle is my concern that the use of AI to scour every last bug out of code is going to be the most Sisyphean task the cybersecurity industry has ever come up with (and we have some deep experience here). The Weekly Enterprise News Finally, in the enterprise security news, Less funding, more acquisition the AI SOC startup space is CROWDED your CEO is suffering from AI psychosis Some CISOs are done with the job, IT can have it detecting and removing dangerous secrets from dev workstations 230,000 security advisories roll up to 6 attacker behaviors The FBI's 2025 IC3 report is out When tech billionaires make predictions, they're actually sales pitches All that and more, on this episode of Enterprise Security Weekly. Show Notes: https://securityweekly.com/esw-461
-
964
Sidhe, GreyVibe, Claude, Lightwell, Eclipse, Kimsuky, Obscure Beliefs, Josh Marpet - SWN #585
Sidhe, GreyVibe, Claude, Lightwell, Eclipse, Kimsuky, Obscure Belief Systems, Josh Marpet, and More on this episode of the Security Weekly News. Show Notes: https://securityweekly.com/swn-585
-
963
Linux Supply Chain How-To - PSW #928
This week we have a technical segment focused on Linux! Paul released a script that helps you get a handle on Linux supply chain security, and new features allow you to assess the state of Secure Boot on your Linux systems (that also use MS certificates, ironically). The script is in his Git repo: https://github.com/pasadoorian/Linux_Hacks. In the security news: The CVE chase The new security basics Enterprises are lacking more than AI Detections are falling behind Why DOOM!?! Chromium vulnerability The ambitious Flipper One I'm still curious who was behind these leaks Mitre moves Caldera to Apache foundation Wind cybersecurity PQC updates YellowKey Bitlocker Bypass updates The software supply chain is in deep trouble Show Notes: https://securityweekly.com/psw-928
-
962
What Security Leaders Should Expect from RSAC - Joseph Blankenship - BSW #449
RSA Conference (RSAC) 2026, the 35th annual flagship event for cybersecurity, drew over 43,500 attendees, featuring more than 600 exhibitors, 570+ sessions, and 700+ speakers from 104 countries. It generated 370 million social media impressions. With this size and reach, what should security leaders expect when they attend? Joseph Blankenship, Vice President, Research Director at Forrester Research, and Adrian Sanabria, host of Enterprise Security Weekly, join Business Security Weekly for a special recording from RSAC 2026. This pre-recorded session was filmed live from the conference on March 24, 2026. We discuss what security leaders will see, what they should expect from attending, and a few predictions for the future. If you didn't attend the conference, don't worry, this is a great way to get an inside view. And maybe it helps you decide to attend next year. Show Notes: https://securityweekly.com/bsw-449
-
961
Listening, Drupal, TTE, KEV, Mythos, Megalodon, Badanov, MFA, Pope Leo, Aaran Leyland - SWN #584
They're Listening, Drupal, TTE, KEV, Mythos, Megalodon, Boris and Natasha, MFA, Pope Leo, Aaran Leyland, and More on the Security Weekly News. Show Notes: https://securityweekly.com/swn-584
-
960
AppSec Conversations on Agents, LLMs, and OWASP from RSAC - Scott Clinton, Janet Worthington, Merritt Maxim - ASW #384
We showcase recordings from this year's RSAC. At RSAC Conference 2026, Scott Clinton, Co-Chair and co-founder of the OWASP GenAI Security Project, shares insights from the project's latest research, including new landscape guides and evolving approaches to securing generative and agentic AI systems. The conversation explores critical gaps in GenAI data security, the rise of AI-assisted development, and the immense growth of the OWASP community and sponsor ecosystem. Looking ahead, he outlines the most urgent risks and priorities shaping AI and agentic security in 2026. Then Merritt Maxim discusses how AI is affecting Identity and Access Management. Expect to hear this topic a lot throughout 2026, especially as the industry tries to figure out what's different or special about securing agent identities. We close with a chat with Janet Worthington about the impact of agents on the SDLC and how orgs are updating their controls to deal with code generated by humans and LLMs alike. Segment Resources: https://genai.owasp.org https://genai.owasp.org/resources/ https://www.scworld.com/podcast-episode/3905-keeping-up-with-the-owasp-genai-project-scott-clinton-asw-381 This segment is sponsored by The OWASP GenAI Security Project. Visit https://securityweekly.com/owasp to learn more about them! Show Notes: https://securityweekly.com/asw-384
-
959
Visibility with EDR/MDR is still important, 'the basics' are impossible, and the news - Rob Allen - ESW #460
Interview with Rob Allen from Threatlocker This week, Rob Allen from Threatlocker is with us to discuss the importance of EDR and MDR visibility. We discuss some real world attacks and anecdotes where EDR was able to save the day when threats were missed by other controls. Topic: Do the basics, they said. Easier said than done. Guillaume and Adrian discuss the futility of attempting to do all the foundational work standards, best practices, and regulations expect of organizations. Adrian has given up. Fortunately, Guillaume has some excellent advice and hope to share on this front. The weekly enterprise news Finally, in the enterprise security news, a really interesting vibe check funding acquisitions the verizon DBIR we give a tutorial on how to leak AWS keys on github OH NEVERMIND, SOMEONE AT CISA ALREADY MADE THE TUTORIAL agents versus agents exploitbench the vulnpocalypse robot dogs are SO EASY to take out, we don't need to be too scared of them yet All that and more, on this episode of Enterprise Security Weekly. Show Notes: https://securityweekly.com/esw-460
-
958
TVs, Old York, Flipper One, Ubiquity, Underminr, CISOs, GitHub, Josh Marpet... - SWN #583
TVs, Old York, Flipper One, Ubiquity, Underminr, CISOs, GitHub, Josh Marpet, and More on this episode of the Security Weekly News. Show Notes: https://securityweekly.com/swn-583
-
957
FCC, Github, MiniShai-hulud, Stated of Supply Chain, Itron, CRA, NIS2, and more!! - PSW #927
In the security news this week: FCC router bans and the hidden firmware update problem Why extending support timelines actually improves security Github supply chain concerns and the evolving SBOM ecosystem CRA and NIS2 compliance deadlines are getting very real The EU Cyber Resilience Act's 24-hour vulnerability disclosure requirement Security regulation: vertical vs horizontal compliance models Vehicle-to-load EV systems powering homes during outages Solar, batteries, AI farms, and the future economics of electricity Data centers consuming regional power grids BitLocker "Yellow Key" fallout and large-scale remediation challenges AI-generated PowerShell fixes and the rise of vibe scripting Linux kernel exploits, module jail, and default deny strategies Medical biometric data theft and why fingerprints are terrible passwords Interpol cybercrime operations across the MENA region OT security, connected vehicles, and accepting real-world risk The crew also discusses threat intelligence obligations under the CRA, the operational realities of patching at enterprise scale, the economics of secure-by-default systems, and why making security cheaper than insecurity might finally move the industry forward. Show Notes: https://securityweekly.com/psw-927
-
956
Shift to Prevention and Enforcement as We Repeat Security Mistakes With AI - Rob Allen - BSW #448
Over the last decade, cybersecurity heavily invested in EDR, XDR, SIEM, telemetry, and SOC-driven operations. We stopped asking how to stop attacks and started asking how fast we could detect them. However, Mythos and frontier models have changed that paradigm. How do you detect a -7 day vulnerability? Detection and response cannot keep, so what's the answer? Rob Allen, Chief Product Officer at ThreatLocker, joins Business Security Weekly to discuss why cybersecurity is shifting from detection and response to prevention and enforcement. As attackers accelerate through automation and AI, organizations are revisiting prevention-focused controls. Rob will discuss why organizations need to adopt application allowlisting, Zero Trust, Ringfencing, and policy enforcement to reduce attacker freedom before execution occurs. Prevention-first security is the only way to decrease the AI attack surface. This segment is sponsored by ThreatLocker. Visit https://securityweekly.com/threatlocker to learn more about them! In the leadership and communications segment, What CISOs need to land a board role, The Security Mistakes Being Repeated With AI, When Senior Leaders Lack People Skills, Transformations Fail, and more! Show Notes: https://securityweekly.com/bsw-448
-
955
My Mother the Car, AI Slop, Nginx, Polyscope, Drupal, , GitHub, Aaran Leyland... - SWN #582
My Mother the Car, AI Slop, Nginx, Polyscope, Drupal, GitHub, Aaran Leyland, and More on the Security Weekly News. Show Notes: https://securityweekly.com/swn-582
-
954
The State of AI & AppSec - Keith Hoodlet - ASW #383
This year has been a dichotomy of established secure design fundamentals and burgeoning chaos of LLM-driven vuln discovery. Keith Hoodlet returns to share his latest observations on what the recent news about Mythos, models, and harnesses means for appsec. He walks through the problems of misalignment, the potential development doom that looms behind a volume of vulns, and what modern code creation looks like. Along the way we touch on the economics of tokens and the principles behind secure software. Keith gave a preview of his upcoming presentation (May 22nd) on these topics. Check out https://securing.dev/about/ for the slides and more of his writing on appsec. Show Notes: https://securityweekly.com/asw-383
-
953
AI Has a data problem, cascading breaches, and the weekly news - Dimitri Sirota - ESW #459
Interview with Dimitri Sirota from BigID Most organizations think AI risk lives in the model – or the identity. It doesn't. It lives in the data. In this episode, BigID's CEO reframes the conversation: why legacy access controls are breaking down, why visibility into sensitive data is the missing foundation, and what it takes to govern humans and machines under a single, accountable framework. Segment Resources: BigID's Agent Access Management Guide BigID's podcast, CTRL + ALT + AI This Week's Topic: Cascading Breaches We're seeing more and more 3rd and 4th party attacks that chain through multiple layers of compromised tools and services. In this topic segment, we discuss the two main aspects of this trend: How we can stop the chain of breaches from a third party library, vendor, or service provider How this might get handled at the legal, contractual, and organizational levels We discuss two big recent examples: Sonicwall's 2025 breach of their cloud firewall configuration backup service The compromise of Aqua Security's widely used Trivy open source tool The Weekly Enterprise News Finally, in the enterprise security news, Funding and M&A courtesy of the Security, Funded newsletter We have evidence that attackers are leveraging AI now (this sounds like old news, but there was little to no evidence before, when people were claiming this) The Angry admin problem emerges again Vulnerability information is getting crazy to keep up with Breach information is getting crazy to keep up with You can give your Agents an allowance now - don't spend it all in one place Are vulnerabilities sparse or dense? Mythos, as a model, isn't all that special Deploy your own deception sensors! Japan made something weird. Again. All that and more, on this episode of Enterprise Security Weekly. This segment is sponsored by BigID. Visit https://securityweekly.com/bigid to learn more about them! Show Notes: https://securityweekly.com/esw-459
-
952
Cisco, Canvas, Microsoft, Exchange 0-Days, NPM Backdoors, GPT-5.5 and more... - SWN #581
Cisco Catalyst, Canvas, Exchange 0-Days, BitLocker Bypass, Mini Shai Hulud, Node IPC, Patch Tuesday, GPT-5.5, Supply Chain Attacks, and More on the Security Weekly News Show Notes: https://securityweekly.com/swn-581
-
951
You're not going to patch your way out of this - PSW #926
This week: New Yellowkey bitlocker bypass and what it means for you Hackers can run you over with a robot lawnmower FCC says new things about routers, again Glitching with AI almost no false positives AI thought it was evil DirtyFrag and the sad state of Linux LPEs You can buy better tools, perfect security, and other lies The Canvas breach Hackers can still take over trains Baby monitors, on the Internet! dnsmasq flaws I am now paying attention to Swordfish A neat vulnerability for ransomware Mythos, Curl, and how to do secure software Various ways to use AI to find bugs, spoiler, you don't need Mythos Show Notes: https://securityweekly.com/psw-926
We're indexing this podcast's transcripts for the first time — this can take a minute or two. We'll show results as soon as they're ready.
No matches for "" in this podcast's transcripts.
No topics indexed yet for this podcast.
Loading reviews...
ABOUT THIS SHOW
Welcome to the Security Weekly Podcast Network, your all-in-one source for the latest in cybersecurity! This feed features a diverse lineup of shows, including Application Security Weekly, Business Security Weekly, Paul's Security Weekly, Enterprise Security Weekly, and Security Weekly News. Whether you're a cybersecurity professional, business leader, or tech enthusiast, we cover all angles of the cybersecurity landscape.Tune in for in-depth panel discussions, expert guest interviews, and breaking news on the latest hacking techniques, vulnerabilities, and industry trends. Stay informed and secure with the most trusted voices in cybersecurity!
HOSTED BY
Security Weekly Productions
CATEGORIES
Loading similar podcasts...