Security Weekly Podcast Network (Video) podcast artwork

PODCAST · technology

Security Weekly Podcast Network (Video)

Welcome to the Security Weekly Podcast Network, your all-in-one source for the latest in cybersecurity! This feed features a diverse lineup of shows, including Application Security Weekly, Business Security Weekly, Paul's Security Weekly, Enterprise Security Weekly, and Security Weekly News. Whether you're a cybersecurity professional, business leader, or tech enthusiast, we cover all angles of the cybersecurity landscape.Tune in for in-depth panel discussions, expert guest interviews, and breaking news on the latest hacking techniques, vulnerabilities, and industry trends. Stay informed and secure with the most trusted voices in cybersecurity!

  1. 1000

    Borg, GitLost, ColdFusion, GodDamn, GhostApproval, OWA, Epaphroditus, Josh Marpet,.. - SWN #597

    Borg, GitLost, ColdFusion, GodDamn, GhostApproval, OWA, Epaphroditus, Locutus, Josh Marpet, and More on this episode of the Security Weekly News. Show Notes: https://securityweekly.com/swn-597

  2. 999

    AI Is Annoying & IoT Devices Still Get Hacked - PSW #934

    In the security news: Son of Anton strikes again! HalluSquatting and using Claude to defend itself CISA KEV's Revolving Door LLM's hallucinate and companies get sued Additionally - GitLost Yet even more Linux vulnerabilities Citrix just keeps bleeding Old hardware is new again A sneak peak into next week's tech segment Tenda hidden backdoors We're still talking about Mirai Today was not a good day for Roundcube Canada is hacking criminals AI safeguards are still annnoying All cars will spy on you The FatFs unpatched vulnerability in millions of embedded devices Windows OS market share drops below 60% (Paul uses Arch) 'We Cannot Choose to Become Idiots' - or can we? Show Notes: https://securityweekly.com/psw-934

  3. 998

    Why AI Just Broke Traditional IT Security as Leaders Clash Over AI's Value and Hiring - Matt Quinn - BSW #455

    The latest generation of AI models has collapsed the time from vulnerability discovery to weaponized exploit from weeks to minutes, and reactive, module-based tools built around static dashboards simply can't keep up. In this episode, Tanium COO Matt Quinn joins Business Security Weekly to discuss Tanium Atlas, the new autonomous operating system for IT and security. Matt explains why "good enough" operations are now a liability, how Atlas turns a single operator into the equivalent of an entire team, giving organizations the speed, scale, and efficiency to match the pace of today's threat environment. He also breaks down why nearly two decades of real-time endpoint telemetry across more than 36 million endpoints is the foundation no AI model can replicate on its own. This segment is sponsored by Tanium. Visit https://securityweekly.com/tanium to learn more about them! In the leadership and communications segment, CEOs, CIOs clash over AI's value, Aspiring Leaders, Don't Just Network Up, Your Talent Strategy Has to Keep Up with Your AI Transformation, and more! Show Notes: https://securityweekly.com/bsw-455

  4. 997

    Dune References, FAT, Claude, ZhiPu, PolinRider, RentaBot, Sony, Aaran Leyland & More - SWN #596

    Dune References, FAT, Claude, ZhiPu, PolinRider, RentaBot, Sony, Aaran Leyland, and More on the Security Weekly News. Show Notes: https://securityweekly.com/swn-596

  5. 996

    Defense-in-depth strategies for securing mobile applications - Ryan Lloyd - ASW #390

    Mobile applications have unique risks and threat models compared to server-side applications and infrastructure. Consequently, they need different strategies to ensure their business logic and workflows well secured. We'll dive into some of these defense-in-depth strategies and why they are important to mobile applications. Securing workflows goes beyond input validation and pattern matching suspicious payloads; it requires detailed attention to state machines, edge cases, and collecting signals to evaluate trust. Segment Resources: https://hubs.la/Q04jLKj70 https://mas.owasp.org/MASTG/0x04c-Tampering-and-Reverse-Engineering/ https://owasp.org/API-Security/editions/2023/en/0x00-header/ This segment is sponsored by Guardsquare. Visit https://securityweekly.com/guardsquare to learn more about them! Show Notes: https://securityweekly.com/asw-390

  6. 995

    Mastering agent permissions and Identiverse interviews - Amir Ofek, Howard Ting, Ajay Gupta, Sandy Bird - ESW #466

    Interview with Sandy Bird, co-founder of Sonrai Security In this week's interview, we kick off the conversation with how Sonrai's expertise in securing cloud identity permissions had the company well placed to address the explosion of AI agents and the clear risks they represented. On the surface, this looks like a cloud/hyperscaler permissions challenge, but it isn't that simple. As agents like Claude Code, Codex, and Hermes are connected to enterprise cloud agents, the risk spreads outside VPCs and onto endpoints. Check out the episode to learn more about some of the most common risks Sandy finds and how Sonrai goes about addressing them. This segment is sponsored by Sonrai Security. Visit https://securityweekly.com/sonrai to learn more about them! Segment Resources AWS Bedrock agent permissions: what you need to lock down before you go live Making Enterprise AI Agents Accountable with Amir Ofek, CEO and Co-Founder of aizome Organizations looking to unlock the power of Enterprise AI Agents, and in a controlled and safe way at the speed of AI. Identity is at the heart of it. However, NHI Governance Is Not Enough for Enterprise AI Agents. The identity industry has responded to the rise of AI agents the same way it responds to every new identity challenge: extend existing frameworks. Map agents to human owners. Enforce least privilege. Govern them like non-human identities. It is a reasonable instinct. It is also insufficient in ways that matter enormously. Non-human identity security was built for a deterministic world - service accounts, API keys, bots. These identities do what they are configured to do. Their behavior is predictable enough that static governance models work. Enterprise AI agents are categorically different. Not in degree - in kind. They don't execute fixed instructions. They reason, plan, and adapt in response to context. Their scope shifts with every task. Their behavior at runtime can diverge significantly from anything true at provisioning time. Unlike any identity that came before them, they frequently change their intent, at a pace no governance model built for human movers or machine credentials was designed to handle. Wrapping them in the same framework you use for a service account isn't wrong. It's just insufficient in precisely the places where risk accumulates. Download the SANS AI Security Maturity Model eBook This segment is sponsored by aizome. Visit https://securityweekly.com/aizomeidv to learn more about them! The Human Authorized. The Agent Acted. Who's Accountable? Interview with Howard Ting - CEO - Opal Security A self-driving car still has a license plate The accountability didn't change just because the driver did. The same has to be true for AI agents, but most environments can't trace an agent action back through the layers of delegation to the human who authorized it. Howard Ting, CEO of Opal Security, joins Security Weekly to discuss what the accountability model looks like when employees run swarms of agents, and what has to be in place before that accountability chain is tested. https://www.opal.dev/resource-center/identity-governance-report-2026-ai-access This segment is sponsored by Opal Security. Visit https://securityweekly.com/opalidv to learn more about them! Next Evolution of Identity Security: AI for Lower Cost, Efficiency & Governance with Ajay Gupta - President & CEO - SDG Organizations have invested heavily in identity platforms, but many still struggle to maximize security, efficiency, and governance outcomes. As AI transforms both cyber defense and cyber threats, Identity Security is emerging as a critical foundation for securing human and non-human identities alike. In this discussion, we explore how AI is helping organizations reduce costs, improve operations, defend against AI-powered attacks, and address the governance challenges created by AI agents—highlighting the convergence of Identity Security, AI Security, and AI Governance. This segment is sponsored by SDG. Visit https://securityweekly.com/sdgidv to learn more about them! Show Notes: https://securityweekly.com/esw-466

  7. 994

    Beyond the AI Hype, Cyber Readiness in the Age of AI - Gibb Witham - SWN #595

    I talk to Gibb Witham, President of Hack The Box, about cyber readiness, hands-on security training, Hack The Box, and AI in cybersecurity. Show Notes: https://securityweekly.com/swn-595

  8. 993

    Linux Tech Segment & Vulnerabilities Galore - PSW #933

    This week we have a technical segment based on the response to "Atomic Arch", an updated open-source tool to help you catch malicious packages. In the security news: Exploitarium A hot messy summer of vulnerabilities AI Squatting Linux LPE - no shortage of those Fingerprinting Favicons Windows 10 extended Can Clothes Make You Invisible to Facial Recognition? Fable and Mythos for All Do we care about Quantum? Execs have AI risk under control Biological warefare in Spyware The scripts in-scope for PCI We don't have privacy, but we may get age restrictions Show Notes: https://securityweekly.com/psw-933

  9. 992

    Performance Through People as Executives Struggle and Mentorship Matters - Greg Hoffman - BSW #454

    One of the biggest questions most executives ask is "Why does it still feel this hard when the talent is clearly there?" The answer, in almost every case, is not a people problem. It is an environment problem. And environment is something a leader can build. Greg Hoffman, President at Ascension Performance Group, joins Business Security Weekly to discuss his new book, Performance Through People, a leadership parable that shows a practical operating model for building the conditions where people perform at their highest level. It is written as a story, but it is built as a framework. Greg will discuss the core pillars of this framework, including: Leadership First Mindset Operational Clarity Capability Empowerment Impact Segment Resources: - https://a.co/d/053FuwYT - https://ascensionpg.com/articles/ In the leadership and communications segment, What the New Quantum Executive Orders Mean for Business Leaders, What I Learned About Burnout the Hard Way (and How to Actually Fix it, Mentorship Matters, and more! Show Notes: https://securityweekly.com/bsw-454

  10. 991

    AI Cocaine Recipes, Russian Hack, Scattered Spider, Cisco, Amazon Q – Aaran Leyland - SWN #594

    AI Cocaine Recipes, Green Shirt Jailbreak, JLR Russia Hack, Scattered Spider, Cisco Root, Amazon Q Pwned – Aaran Leyland – SWN #594 Show Notes: https://securityweekly.com/swn-594

  11. 990

    Reducing Attack Surface & Evaluating Efficiency in Agents - Itamar Apelblat, David Goldschlag - ASW #389

    SquidBleed reveals another vuln that's been lurking for decades, but its real lesson is in managing an attack surface. Regardless of whatever programming language you use, removing code is one of the best security steps you can take, followed by changing default configs to turn off uncommon features and ancient protocols. The Linux kernel's removal of strncpy is another example of managing attack surface by replacing a notoriously misused and ambiguous function with more specific versions that better match the developers intent. It was a six-year journey for the kernel, but one that should remove a class of vulns and, importantly, improve performance. Then it's on to agents with a discussion of the newly released OWASP AISVS and yet another example of evaluating LLMs as code reviewers. Agentic AI Has an Identity Problem AI agents are already running inside enterprise environments, operating on credentials, API tokens, and cloud roles that most security teams have never inventoried. When an agent acts autonomously across production systems, the security question is no longer just what it can do but who it is and whether that identity is governed at all. Itamar Apelblat, Co-Founder and CEO of Token Security, discusses why identity is the right lens for understanding agentic AI risk and what practical steps security teams can take now. Segment Resources: https://www.token.security/product https://www.token.security/lp/ai-agent-identity-security-buyers-guide-ebook https://www.token.security/enzo https://www.token.security/ai-agent-calculator This segment is sponsored by Token Security. To lean more, visit https://securityweekly.com/tokenidv Blended Identities and the challenge of IAM for AI AI agents aren't quite human and aren't traditional machines. So how do you secure workflows that involve humans using AI to access sensitive data, and do it at machine speed and scale? David breaks down the challenges and discusses actual implementations of IAM for AI to explain how to solve them. Segment Resources: https://aembit.io/case-study/a-300b-investment-firm-secures-claude-access-with-aembit/ https://aembit.io/blog/aembit-now-secures-microsoft-copilot-studio-agents/ https://www.youtube.com/watch?v=cSInzRUXvNc This segment is sponsored by Aembit. Get the cloud security alliance survey on AI Identities at https://securityweekly.com/aembitidv Show Notes: https://securityweekly.com/asw-389

  12. 989

    Fixing pentesting, Meta is destroying its engineering org, the weekly news - Adriel Desautels - ESW #465

    Interview with Adriel Desautels - the pentest is broken Adriel joins us for a discussion on the state of penetration testing, why it hasn't done much to help security teams over the last 20 years, and why AI won't save it. Segment Resources: https://hbr.org/2026/04/boards-are-falling-short-on-cybersecurity https://www.scworld.com/perspective/how-to-build-a-breach-ready-security-posture-without-the-enterprise-price-tag https://netragard.com/blog/what-is-penetration-testing/ Topic: Why Meta is destroying its engineering organization The titular essay: https://newsletter.pragmaticengineer.com/p/why-is-meta-destroying-its-engineering A very interesting analysis of what's going on inside big tech companies as they try to dogfood their own AI hype and tokenmaxx themselves into oblivion. There have been a LOT of stories on this, but this is the most comprehensive and enlightening. A few more are linked below. This is relevant to security, because heavier AI use appears to be linked to a much higher occurrence of availability and security issues. 'Tell Him He's a Piece of Shit': Meta's New AI Unit Is a Total Mess The Newest Instagram "Exploit" is the Goofiest I've Seen Meta CTO Andrew Bosworth Admits the Company's AI Reorg Was 'Atrocious' Meta's months-old AI unit is a soul-crushing gulag, say the engineers stuck inside it The Weekly Enterprise News Finally, in the enterprise security news, an AI vibe check An AI SOC vendor shuts down Cybersecurity vendor layoffs funding & acquisitions cascading breaches digital estate management criminals don't trust AI either some devs won't code without AI, even if you pay them to Midjourney is now a healthcare company? All that and more, on this episode of Enterprise Security Weekly. Show Notes: https://securityweekly.com/esw-465

  13. 988

    AI Brain Harvest, Fortibleed, Win 10, Blacksite, Windchill, Cisco, BB-8, Josh Marpet - SWN #593

    AI Brain Harvest, Fortibleed, Win 10, Blacksite, Windchill, Cisco, BB-8 Sidewalk Bots, Josh Marpet, and More on this episode of the Security Weekly News. Show Notes: https://securityweekly.com/swn-593

  14. 987

    Cloud Visibility, Fortibleed, hacking things the easy way - Sandy Bird - PSW #932

    First up is Sandy Bird from Sonrai discussing how to protect our cloud infrastructure! This segment is sponsored by Sonrai Security. Visit https://securityweekly.com/sonrai to learn more about them! Next up in the security news: Help, I am Fortibleeding Cisco SD-WAN needs help The secret life of probe requests Help, I am Squidbleeding XSS to RCE and why CVSS isn't the full picture TVs spy on you Foundational security practices Cybersecurity costs money Happy "Its too late to update your KEK key" day You don't have security flaws if no one can report them Rickrolling FIFA Domain takeovers End of life, out of luck The key to Encryption... Show Notes: https://securityweekly.com/psw-932

  15. 986

    The Strategic Human Firewall as AI Impacts Regulations, Cyber Pros, and Employees - Robert Siciliano - BSW #453

    The 2026 Verizon DBIR has arrived and the results are in... Even with a substantial increase in Exploitation of Vulnerabilities, All Credential Abuse is still the top initial access vector for breaches, which means the human is still the weakest link. Why haven't security awareness training and phishing campaigns worked? Robert Siciliano, Architect of of The Strategic Human Firewall™ at ProtectNow, joins Business Security Weekly to explore why humans, not hackers, are the ultimate deciding factor in organizational security. The industry needs to shift from security awareness to security appreciation. Robert will discuss: How you can build a culture that actually protects your people, your data, and your operations in an era of AI deception. Why most companies are still performing 'Security Theater'—checking boxes and hoping for the best—instead of driving genuine behavior change. How Trust and Denial quietly fuel most disasters, why interactive training is the only way to make the lessons stick, and how leaders can scale this entire framework without needing a Hollywood budget. Segment Resources: https://protectnowllc.com/ai-cyber-security-keynote-speaker/ In the leadership and communications segment, Should CEOs Be Held Personally Accountable for Cyber Attacks?, Placing communication at the center of every leadership transition, AI isn't solving cybersecurity workforce woes, and more! Show Notes: https://securityweekly.com/bsw-453

  16. 985

    Turing, BODS, Struwwelpeter, EO-14409, VBScript, Pixemsmash, Cloudflare, Aaran Leylan - SWN #592

    Turing's Entscheidungsproblem, BODS, Struwwelpeter, EO-14409, VBScript, Pixemsmash, Cloudflare, Aaran Leyland, and More on the Security Weekly News. Show Notes: https://securityweekly.com/swn-592

  17. 984

    How AI Is Reshaping Identity Security at the Infrastructure Layer - Ev Kontsevoy, Neha Duggal, Amit Masand - ASW #388

    Appsec has seen machine identities from daemons and processes to services, microservices, and cloud accounts. And now we have agents. Ev Kontsevoy talks about what it means to have engineers and agents interacting in an environment, and why a focus on actions can be more effective than roles. One of the biggest challenges in securing agents along with all of the other identities that organizations manage is how fragmented that management has become. But a unified engineering view of identities is just a start. Once you're able to shift to a practice where access is granted based on attributes and limited durations, then your environment becomes more resilient to mistakes and unexpected actions, not to mention the security concerns that come with agents acting on their own. Who Is Responsible for an AI Agent's Actions? As AI agents gain the ability to access systems, invoke tools, and take action on behalf of users, organizations need clear frameworks that define responsibility for machine-driven decisions and outcomes. This segment examines how accountability, delegation, and attribution can be established across users, developers, security teams, and business stakeholders. Neha will explore how governance models support transparent, auditable agent-driven workflows while helping organizations manage risk and maintain trust. This segment is sponsored by P0 Security. Visit https://securityweekly.com/p0idv to learn more about them! The rapid rise of agentic AI and non-human identities is fundamentally reshaping the future of identity security, challenging traditional IAM and PAM models built around predictable human behavior. In this executive interview at Identiverse 2026, Amit Masand discusses how autonomous systems, AI agents, and machine identities are creating new operational and governance challenges for modern enterprises. Drawing from more than two decades of industry experience, the conversation explores the growing complexity of continuous governance in a world where identities increasingly operate at machine speed. Segment Resources: https://www.idmexpress.com/post/preventing-cybersecurity-incidents-through-managed-services https://www.idmexpress.com/post/cyberark-securing-aws https://www.idmexpress.com/post/turning-roadblocks-into-breakthroughs-a-custom-oracle-pam-integration-story Contact IDMEXPRESS! Secure Your Tomorrow, Today: https://securityweekly.com/idmidv Show Notes: https://securityweekly.com/asw-388

  18. 983

    Navigating Shadow AI in the Enterprise, Verizon's SECOND 2026 report, and the news - Ankita Gupta - ESW #464

    Interview with Ankita Gupta, CEO of Akto How to Navigate Shadow AI Risk in the enterprise This week, we discuss AI governance in the enterprise, starting with the nuts and bolts of how to discover and understand shadow AI. Following that, we dive into what security and tech leaders should do next with this information: apply guardrails? Limit vendor options? Ankita has a wealth of experience and anecdotes to share here, from years of working with customers and seeing all the unexpected things that happen with AI in today's workplace. Segment Resources: Website: https://www.akto.io Book a Free Demo: https://www.akto.io/agentic-security-demo LinkedIn: https://www.linkedin.com/company/akto-io YouTube: https://www.youtube.com/@aktodotio This segment is sponsored by Akto. Visit https://securityweekly.com/akto to secure your AI agents before attackers do. Topic Segment: Verizon's Breach Impact Study The same team that delivers the DBIR every year gave us a bonus, based on over 70,000 insurance claims! Some of my favorite insights: Cost of breaches, broken out by SMB, mid-sized enterprise, and large The claim amount as a percentage of the company's revenue Losses broken down by loss TYPE This data validates something I think everyone in cyber needs to understand: cyber events are rarely business-ending events. Every cybersecurity professional and vendor, frustrated by companies "not taking security seriously enough" now have data explaining why: breaches don't hurt as much as you thought they did. Maybe you think they should hurt more? Push for regulation/fines/etc. With that said, the report also shows breach costs increasing significantly over the past 6 years and the quantity of incidents shooting up. Specifically, the median impact has almost doubled. Security failures aren't getting any cheaper. Weekly Enterprise News Finally, in the enterprise security news, A $100M seed round! Accenture acquires 3 security vendors Some thoughts on the government takedown of Fable and Mythos One of the craziest security mistakes I've ever seen, in the software FIFA uses to manage World Cup streams! A Critical Copilot vulnerability 75,000 Fortinet Firewalls get compromised Remediation is broken Using guardrails to evade detection All that and more, on this episode of Enterprise Security Weekly. Show Notes: https://securityweekly.com/esw-464

  19. 982

    LLMS, Identity, EDR, JiGong, QiLin, Warlock, with Rob Allen from Threatlocker... - Rob Allen - SWN #591

    Doug and Rob Allen talk about Identity, EDR, Your Great Aunt Ida Meets some hot firefighters, and more. Segment Resources: Qilin and Warlock Ransomware Use Vulnerable Drivers to Disable 300+ EDR Tools: https://thehackernews.com/2026/04/qilin-and-warlock-ransomware-use.html This segment is sponsored by ThreatLocker. Visit https://securityweekly.com/threatlocker to learn more about them! Show Notes: https://securityweekly.com/swn-591

  20. 981

    GPS, PCI, ARCH, OH MY! - PSW #931

    In the security news this week: GPS spoofing and satellite jamming are getting way too accessible Rekeying satellites in orbit sounds terrifying Cyber extortion and whether criminals still have ethics AI helping cybersecurity research... and drug discovery Data centers eating regional power grids Nuclear, solar, natural gas, and the future of AI infrastructure What happens when GPS stops being trustworthy? Satellite constellations as the next critical infrastructure target AI guardrails and why sci-fi warned us first Cyber ranges that don't simulate reality anymore The weird morality line between hackers, scammers, and criminals Future satellite warfare without calling it warfare Security standards for infrastructure nobody thought would be online Historical cybersecurity stories that suddenly feel very current Why AI changes both offense and defense simultaneously And how much of modern cyber defense is just educated guessing Show Notes: https://securityweekly.com/psw-931

  21. 980

    Enterprise Browers in the Age of AI as CISO Role Changes and Leaders Harness Stress - Arunesh Chandra - BSW #452

    The browser has become the primary gateway to work, data, and AI. In this episode, Arunesh Chandra, Head of Product, Microsoft Edge for Business at Microsoft Edges for Business, will discuss why security and IT teams are rethinking the role of the browser and what sets Edge for Business apart as a secure, enterprise-ready solution. Arunesh cover how built-in security, native integration with existing IT tools, and centralized management can simplify operations, reduce risk, and support modern work across managed devices, BYOD, and contractors. A must listen for IT pros and security experts navigating browser sprawl and AI adoption. This segment is sponsored by Microsoft Edge for Business. Visit https://securityweekly.com/edgeforbusiness to learn more about them! In the leadership and communications segment, CISO role changes as cyber-risk appetites in the C-suite grow, AI is exposing the biggest weakness in cybersecurity: We never built a health model. Until now!, 6 Ways Leaders Harness Stress, and more! Show Notes: https://securityweekly.com/bsw-452

  22. 979

    TSME, ARCH, Maine, Fable, PANOS, Doug's Grandma, Vienna Sausages, Aaran Leyland - SWN #590

    TSME, ARCH, Maine, Fable, PANOS, Doug's Grandma, Vienna Sausages, Aaran Leyland, and More on the Security Weekly News. Show Notes: https://securityweekly.com/swn-590

  23. 978

    Why Does It Matter Who or What Created the Code? - Matias Madou - ASW #387

    Agents and LLMs are creating and reviewing code. They're a new tool to help developers write software and they're a new abstraction layer for expressing what code should do. But if we're focused on determining whether code is secure, where do we focus our attention on ensuring a secure outcome? Matias Madou talks about the challenges of finding metrics to help answer these questions. We walk through many of the questions we'd like to see answered and our desire to see appsec (finally?) shift out of a find-and-fix mode into a future of secure design. Show Notes: https://securityweekly.com/asw-387

  24. 977

    Safe AI at scale, what happens after initial access, and the weekly enterprise news - Albert Estevez Polo, Shiva Pillay - ESW #463

    Interview with Shiva Pillay from Veeam Safe AI at Scale AI investment is exploding, yet nearly 90% of enterprise initiatives fail because the data powering AI cannot be trusted. That's the uncomfortable truth the industry is facing right now. Safe AI at scale requires more than just great models—it demands trusted, governed, and recoverable data. This segment is sponsored by Veeam. Visit https://securityweekly.com/veeam to learn more about them! Segment resources: Veeam Launches New Data and AI Trust Maturity Model to Help Organizations Benchmark AI Readiness Topic: Sure, we know how initial access works, but what about lateral movement? A special topic segment where we're joined by Albert Estevez Polo, field CTO for Zero Networks (a community guest, not a podcast sponsor). Zero Networks just released some very interesting data on what attackers are doing after they gain access to victim's environments and how they're doing it. Segment Resources: Link to report page Weekly Enterprise Security News Finally, in the enterprise security news, Funding and acquisitions Good news, Mythos isn't dangerous anymore! An excellent breach analysis Cyber insurance rates are dropping, but there's a catch CISA updates vulnerability remediation guidance Zoom calls are worse than you think, and maybe not for the reasons you think Remember when it was illegal to rip DVDs? All that and more, on this episode of Enterprise Security Weekly. Show Notes: https://securityweekly.com/esw-463

  25. 976

    Phones, Sarlaccs, Maine, Chinese Sites, Ivanti, Bitlocker, Peoplesoft, and More - SWN #589

    Bad Phones, Sarlaccs, Maine, Chinese Sites, Ivanti, GreatXML, Bitlocker, Peoplesoft, Josh Marpet, and More on this episode of the Security Weekly News. Show Notes: https://securityweekly.com/swn-589

  26. 975

    Trolling Microsoft With Vulnerabilities - PSW #930

    In the security news: Trolling Microsoft With Vulnerabilities Fable 5 loves guardrails Binwalk vulnerability EMBA and local models EDRChoker AI worms Interesting Arista vulnerability added to KEV BOD 26-04 and stakeholder specific vulnerability categorization Bring your own execution environment Homelab tips MikroTik routers as interceptors Ivanti Sentry and irony Smart TV botnets Privacy laws Solarwinds Serv-U lives on More Cisco SD-WAN fun! Russia can jam GPS No nudes for you says UK Government "Why would someone want to learn code when AI does it better and faster?" Show Notes: https://securityweekly.com/psw-930

  27. 974

    Innovation Without Data Security Risk as AI Unlocks Budgets and Identity Challenges - Tony Kelly - BSW #451

    AI is reshaping innovation as businesses embed it into core operations and move more processes online. This transformation is often seen as a tradeoff between innovation and data risk, but that assumption is wrong. Businesses can innovate and scale in the AI era while maintaining strong data security, ensuring protection, compliance, and control remain intact. Segment Resources: Check out these assets from Fortra for more information around Data Security for AI. Learn more about our Data Security suite: https://www.fortra.com/solutions/data-protection Get the ungated guide: Secure AI Innovation > https://www.fortra.com/resources/guides/secure-ai-innovation Read the blog: Staying Compliant While Using AI: What CISOs Need to Know https://www.fortra.com/blog/staying-compliant-while-using-ai-what-cisos-need-know This segment is sponsored by Fortra. Visit https://securityweekly.com/fortra to learn more about them! In the leadership and communications segment, Lost in translation: Cybersecurity board reporting for CISOs, AI may finally unlock the cyber budgets CISOs have wanted for years, How People Actually Get to the C-Suite in S&P 500 Companies, and more! Show Notes: https://securityweekly.com/bsw-451

  28. 973

    Geinbot, SolarWinds, Brave, UNK_Deaddrop, durabletask, Insta, Aaran Leyland... - SWN #588

    Geinbot, SolarWinds, Brave, UNK_Deaddrop, durabletask, Insta, Aaran Leyland, and More on the Security Weekly News. Show Notes: https://securityweekly.com/swn-588

  29. 972

    Scanner Results Are a Starting Point. Here's What Comes Next. - Federico Kirschbaum - ASW #386

    Most AppSec teams are working through more findings than their teams can validate. SAST surfaces thousands of potential issues. DAST generates alert volume that outpaces triage capacity. Somewhere in that output are the vulnerabilities that matter, the ones that are actually exploitable in production. This conversation explores why automated testing often stops short of the hardest part of the job: proving what is real. We dig into how business logic flaws and authorization vulnerabilities get missed by tools that scan without reasoning, what exploit validation looks like at runtime, and how security engineers are shifting toward findings that developers will actually act on. The segment is sponsored by XBOW. Visit https://securityweekly.com/xbow to see how autonomous AI pentesting delivers expert-quality findings in hours with real exploit validation your team can actually act on. Show Notes: https://securityweekly.com/asw-386

  30. 971

    The State of AI in SecOps, the Unintended Consequences of Vulnmaxxing, and the News - Filip Stojkovski - ESW #462

    Interview with Filip Stojkovski on the State of AI in SecOps Filip joins us to talk through the 2+ year rollercoaster that Security Operations tooling has been on since AI entered the chat. We discuss the AI SecOps market, which Filip closely tracks through his SecOps Unpacked project. We also discuss how most of the market has traditionally been focused on the "middle" of the process, which is effectively alert management. Where the conversation really gets interesting is shifting left to discuss building better quality detections. Segment Resources: Be sure to check out SecOps Unpacked - it has more than just vendor information: there are articles, frameworks, podcast episodes, research, and articles/thought leadership Topic: The Unintended Consequences of Vulnmaxxing We discuss my latest blog post where I share a theory that perhaps Project Glasswing is a clever exclusive freemium tier, where Anthropic is hoping to ensnare the world's largest producers of software into using its most expensive model to fix their code for the foreseeable future, creating a much needed new revenue stream for the AI giant with a Trillion dollar valuation. There are some potential unintended consequences that come along with an expensive vulnerability discovery/remediation process that threatens to raise the security poverty line and leave less wealthy companies behind. The Weekly Enterprise News Finally, in the enterprise security news, If you were starting a cybersecurity company today, which category would you pick? layoffs funding the White House AI executive order OpenAI's frontier governance framework Anthropic's Zero Trust for AI agents guide IBM's vulnmaxxing efforts RICO as a service for job seekers Instagram had possibly the most embarrassing hack ever All that and more, on this episode of Enterprise Security Weekly. Show Notes: https://securityweekly.com/esw-462

  31. 970

    Local AI, Salesforce, Fluttershell, Aspose, http/2, Cisco, Used Tech, Josh Marpet - SWN #587

    Local AI, Salesforce, Fluttershell, Aspose, http/2 bomb, Passwords, Cisco, Used Tech, Josh Marpet, and More on this episode of the Security Weekly News Show Notes: https://securityweekly.com/swn-587

  32. 969

    Security Researchers Are Threat Actors - PSW #929

    This week in the security news: Security Researchers Are Threat Actors according to Microsoft Hands-free malicious firmware If you've ever typed "ls" in Windows, this is for you Cisco makes more patches, wants you to pay Ambiguous Secure Boot bypass Threat actors love network edge devices, and I have the chat logs and leaks to prove it The downside of chip sanctions Your VoIP phone is hacked Vulnerability disclosure and incentives Claude reccovers Bitcoin wallet an Instagram "Exploit" Turn the plane around The worms will continue PAN-OS global protect vulnerability The 1-Click Github token stealer Data-nuking prompt injection Turning Buses into spies SymJack NIST NVD mistakes, and how CNAs need to up their game Show Notes: https://securityweekly.com/psw-929

  33. 968

    Scaling to $100M as the Security Weekly Index Hits an All Time High - Joshua Gould - BSW #450

    The ultimate goal, scale a company to $100M and go IPO. Easier said than done. We've seen some make it and others that get stuck. What's he difference? Joshua Gould, CEO at thebigword, joins Business Security Weekly to discuss how to scale to $100M. From startup to platform, Joshua helps us understand the challenges and how to address them. If you're a founder looking to scale, this is an interview you can't miss. Segment Resources: https://en-gb.thebigword.com/ http://www.youtube.com/@Exec_Craft https://www.linkedin.com/in/joshuadgould/ In the Security Money segment, the Security Weekly Index and NASDAQ set new records. After CyberArk's acquisition, the Security Weekly Index is now comprised of the following 24 companies: SAIL Sailpoint Inc PANW Palo Alto Networks Inc CHKP Check Point Software Technologies Ltd RBRK Rubrik Inc GEN Gen Digital Inc FTNT Fortinet Inc AKAM Akamai Technologies Inc FFIV F5 Inc ZS Zscaler Inc OSPN Onespan Inc LDOS Leidos Holdings Inc QLYS Qualys Inc NTSK Netskope Inc TENB Tenable Holdings Inc OKTA Okta Inc S SentinelOne Inc NET Cloudflare Inc CRWD Crowdstrike Holdings Inc NTCT NetScout Systems Inc VRNS Varonis Systems Inc RPD Rapid7 Inc FSLY Fastly Inc RDWR Radware Ltd ATEN A10 Networks Inc Show Notes: https://securityweekly.com/bsw-450

  34. 967

    Heraclitus, AI LLMs, SSO, TTP, NetLogon, PAN-OS, AI Cost, Aaran Leyland... - SWN #586

    Heraclitus Unbound, AI LLMs, SSO, TTP, NetLogon, PAN-OS, AI Cost, Aaran Leyland, and More on the Security Weekly News. Show Notes: https://securityweekly.com/swn-586

  35. 966

    BadHost, Dead CTFs, Exploding NPMs, and the Verizon DBIR - ASW #385

    We dedicate an episode to catching up on appsec news with Kalyani Pawar. We see parsing problems that led to the BadHost vuln, which exposed lots of LLMs, MCPs, and agents to potential compromise. We wonder where to look for security education and practice as the camaraderie of the CTF community becomes infiltrated by LLMs. We talk about the tradeoffs in trust between using public packages vs. having agents write replacements from scratch. And we examine some of the appsec details that the Verizon DBIR reveals about how orgs are being attacked -- and how orgs might use that information to protect themselves. Show Notes: https://securityweekly.com/asw-385

  36. 965

    Helping defense's use of AI catch up with offense, cost of the vulnpocalypse, news - Evan Powell - ESW #461

    Interview with Evan Powell - Generative and agentic AI are improving cyberattacks faster than they're improving cyber defenses. Offensive folks have been having the most luck with AI so far, which is further eroding any advantage defenders might have had. Evan Powell joins us to share some ideas on how defenders can get some benefits from AI as well, and why open source is important with this approach. Topic For this week's topic segment, we've got two very interesting data sources. The first is Anthropic's first update on Project Glasswing, where they're absolutely tearing through codebases with ultra premium Mythos tokens, but then hitting a human-shaped bottleneck as they attempt to validate all the findings. The second is the first report from Root Evidence, the latest startup from Jeremiah Grossman and Robert Hansen (aka RSnake), which aims to help organizations filter out all the vulnerabilities that don't matter. Where these two reports meet in the middle is my concern that the use of AI to scour every last bug out of code is going to be the most Sisyphean task the cybersecurity industry has ever come up with (and we have some deep experience here). The Weekly Enterprise News Finally, in the enterprise security news, Less funding, more acquisition the AI SOC startup space is CROWDED your CEO is suffering from AI psychosis Some CISOs are done with the job, IT can have it detecting and removing dangerous secrets from dev workstations 230,000 security advisories roll up to 6 attacker behaviors The FBI's 2025 IC3 report is out When tech billionaires make predictions, they're actually sales pitches All that and more, on this episode of Enterprise Security Weekly. Show Notes: https://securityweekly.com/esw-461

  37. 964

    Sidhe, GreyVibe, Claude, Lightwell, Eclipse, Kimsuky, Obscure Beliefs, Josh Marpet - SWN #585

    Sidhe, GreyVibe, Claude, Lightwell, Eclipse, Kimsuky, Obscure Belief Systems, Josh Marpet, and More on this episode of the Security Weekly News. Show Notes: https://securityweekly.com/swn-585

  38. 963

    Linux Supply Chain How-To - PSW #928

    This week we have a technical segment focused on Linux! Paul released a script that helps you get a handle on Linux supply chain security, and new features allow you to assess the state of Secure Boot on your Linux systems (that also use MS certificates, ironically). The script is in his Git repo: https://github.com/pasadoorian/Linux_Hacks. In the security news: The CVE chase The new security basics Enterprises are lacking more than AI Detections are falling behind Why DOOM!?! Chromium vulnerability The ambitious Flipper One I'm still curious who was behind these leaks Mitre moves Caldera to Apache foundation Wind cybersecurity PQC updates YellowKey Bitlocker Bypass updates The software supply chain is in deep trouble Show Notes: https://securityweekly.com/psw-928

  39. 962

    What Security Leaders Should Expect from RSAC - Joseph Blankenship - BSW #449

    RSA Conference (RSAC) 2026, the 35th annual flagship event for cybersecurity, drew over 43,500 attendees, featuring more than 600 exhibitors, 570+ sessions, and 700+ speakers from 104 countries. It generated 370 million social media impressions. With this size and reach, what should security leaders expect when they attend? Joseph Blankenship, Vice President, Research Director at Forrester Research, and Adrian Sanabria, host of Enterprise Security Weekly, join Business Security Weekly for a special recording from RSAC 2026. This pre-recorded session was filmed live from the conference on March 24, 2026. We discuss what security leaders will see, what they should expect from attending, and a few predictions for the future. If you didn't attend the conference, don't worry, this is a great way to get an inside view. And maybe it helps you decide to attend next year. Show Notes: https://securityweekly.com/bsw-449

  40. 961

    Listening, Drupal, TTE, KEV, Mythos, Megalodon, Badanov, MFA, Pope Leo, Aaran Leyland - SWN #584

    They're Listening, Drupal, TTE, KEV, Mythos, Megalodon, Boris and Natasha, MFA, Pope Leo, Aaran Leyland, and More on the Security Weekly News. Show Notes: https://securityweekly.com/swn-584

  41. 960

    AppSec Conversations on Agents, LLMs, and OWASP from RSAC - Scott Clinton, Janet Worthington, Merritt Maxim - ASW #384

    We showcase recordings from this year's RSAC. At RSAC Conference 2026, Scott Clinton, Co-Chair and co-founder of the OWASP GenAI Security Project, shares insights from the project's latest research, including new landscape guides and evolving approaches to securing generative and agentic AI systems. The conversation explores critical gaps in GenAI data security, the rise of AI-assisted development, and the immense growth of the OWASP community and sponsor ecosystem. Looking ahead, he outlines the most urgent risks and priorities shaping AI and agentic security in 2026. Then Merritt Maxim discusses how AI is affecting Identity and Access Management. Expect to hear this topic a lot throughout 2026, especially as the industry tries to figure out what's different or special about securing agent identities. We close with a chat with Janet Worthington about the impact of agents on the SDLC and how orgs are updating their controls to deal with code generated by humans and LLMs alike. Segment Resources: https://genai.owasp.org https://genai.owasp.org/resources/ https://www.scworld.com/podcast-episode/3905-keeping-up-with-the-owasp-genai-project-scott-clinton-asw-381 This segment is sponsored by The OWASP GenAI Security Project. Visit https://securityweekly.com/owasp to learn more about them! Show Notes: https://securityweekly.com/asw-384

  42. 959

    Visibility with EDR/MDR is still important, 'the basics' are impossible, and the news - Rob Allen - ESW #460

    Interview with Rob Allen from Threatlocker This week, Rob Allen from Threatlocker is with us to discuss the importance of EDR and MDR visibility. We discuss some real world attacks and anecdotes where EDR was able to save the day when threats were missed by other controls. Topic: Do the basics, they said. Easier said than done. Guillaume and Adrian discuss the futility of attempting to do all the foundational work standards, best practices, and regulations expect of organizations. Adrian has given up. Fortunately, Guillaume has some excellent advice and hope to share on this front. The weekly enterprise news Finally, in the enterprise security news, a really interesting vibe check funding acquisitions the verizon DBIR we give a tutorial on how to leak AWS keys on github OH NEVERMIND, SOMEONE AT CISA ALREADY MADE THE TUTORIAL agents versus agents exploitbench the vulnpocalypse robot dogs are SO EASY to take out, we don't need to be too scared of them yet All that and more, on this episode of Enterprise Security Weekly. Show Notes: https://securityweekly.com/esw-460

  43. 958

    TVs, Old York, Flipper One, Ubiquity, Underminr, CISOs, GitHub, Josh Marpet... - SWN #583

    TVs, Old York, Flipper One, Ubiquity, Underminr, CISOs, GitHub, Josh Marpet, and More on this episode of the Security Weekly News. Show Notes: https://securityweekly.com/swn-583

  44. 957

    FCC, Github, MiniShai-hulud, Stated of Supply Chain, Itron, CRA, NIS2, and more!! - PSW #927

    In the security news this week: FCC router bans and the hidden firmware update problem Why extending support timelines actually improves security Github supply chain concerns and the evolving SBOM ecosystem CRA and NIS2 compliance deadlines are getting very real The EU Cyber Resilience Act's 24-hour vulnerability disclosure requirement Security regulation: vertical vs horizontal compliance models Vehicle-to-load EV systems powering homes during outages Solar, batteries, AI farms, and the future economics of electricity Data centers consuming regional power grids BitLocker "Yellow Key" fallout and large-scale remediation challenges AI-generated PowerShell fixes and the rise of vibe scripting Linux kernel exploits, module jail, and default deny strategies Medical biometric data theft and why fingerprints are terrible passwords Interpol cybercrime operations across the MENA region OT security, connected vehicles, and accepting real-world risk The crew also discusses threat intelligence obligations under the CRA, the operational realities of patching at enterprise scale, the economics of secure-by-default systems, and why making security cheaper than insecurity might finally move the industry forward. Show Notes: https://securityweekly.com/psw-927

  45. 956

    Shift to Prevention and Enforcement as We Repeat Security Mistakes With AI - Rob Allen - BSW #448

    Over the last decade, cybersecurity heavily invested in EDR, XDR, SIEM, telemetry, and SOC-driven operations. We stopped asking how to stop attacks and started asking how fast we could detect them. However, Mythos and frontier models have changed that paradigm. How do you detect a -7 day vulnerability? Detection and response cannot keep, so what's the answer? Rob Allen, Chief Product Officer at ThreatLocker, joins Business Security Weekly to discuss why cybersecurity is shifting from detection and response to prevention and enforcement. As attackers accelerate through automation and AI, organizations are revisiting prevention-focused controls. Rob will discuss why organizations need to adopt application allowlisting, Zero Trust, Ringfencing, and policy enforcement to reduce attacker freedom before execution occurs. Prevention-first security is the only way to decrease the AI attack surface. This segment is sponsored by ThreatLocker. Visit https://securityweekly.com/threatlocker to learn more about them! In the leadership and communications segment, What CISOs need to land a board role, The Security Mistakes Being Repeated With AI, When Senior Leaders Lack People Skills, Transformations Fail, and more! Show Notes: https://securityweekly.com/bsw-448

  46. 955

    My Mother the Car, AI Slop, Nginx, Polyscope, Drupal, , GitHub, Aaran Leyland... - SWN #582

    My Mother the Car, AI Slop, Nginx, Polyscope, Drupal, GitHub, Aaran Leyland, and More on the Security Weekly News. Show Notes: https://securityweekly.com/swn-582

  47. 954

    The State of AI & AppSec - Keith Hoodlet - ASW #383

    This year has been a dichotomy of established secure design fundamentals and burgeoning chaos of LLM-driven vuln discovery. Keith Hoodlet returns to share his latest observations on what the recent news about Mythos, models, and harnesses means for appsec. He walks through the problems of misalignment, the potential development doom that looms behind a volume of vulns, and what modern code creation looks like. Along the way we touch on the economics of tokens and the principles behind secure software. Keith gave a preview of his upcoming presentation (May 22nd) on these topics. Check out https://securing.dev/about/ for the slides and more of his writing on appsec. Show Notes: https://securityweekly.com/asw-383

  48. 953

    AI Has a data problem, cascading breaches, and the weekly news - Dimitri Sirota - ESW #459

    Interview with Dimitri Sirota from BigID Most organizations think AI risk lives in the model – or the identity. It doesn't. It lives in the data. In this episode, BigID's CEO reframes the conversation: why legacy access controls are breaking down, why visibility into sensitive data is the missing foundation, and what it takes to govern humans and machines under a single, accountable framework. Segment Resources: BigID's Agent Access Management Guide BigID's podcast, CTRL + ALT + AI This Week's Topic: Cascading Breaches We're seeing more and more 3rd and 4th party attacks that chain through multiple layers of compromised tools and services. In this topic segment, we discuss the two main aspects of this trend: How we can stop the chain of breaches from a third party library, vendor, or service provider How this might get handled at the legal, contractual, and organizational levels We discuss two big recent examples: Sonicwall's 2025 breach of their cloud firewall configuration backup service The compromise of Aqua Security's widely used Trivy open source tool The Weekly Enterprise News Finally, in the enterprise security news, Funding and M&A courtesy of the Security, Funded newsletter We have evidence that attackers are leveraging AI now (this sounds like old news, but there was little to no evidence before, when people were claiming this) The Angry admin problem emerges again Vulnerability information is getting crazy to keep up with Breach information is getting crazy to keep up with You can give your Agents an allowance now - don't spend it all in one place Are vulnerabilities sparse or dense? Mythos, as a model, isn't all that special Deploy your own deception sensors! Japan made something weird. Again. All that and more, on this episode of Enterprise Security Weekly. This segment is sponsored by BigID. Visit https://securityweekly.com/bigid to learn more about them! Show Notes: https://securityweekly.com/esw-459

  49. 952

    Cisco, Canvas, Microsoft, Exchange 0-Days, NPM Backdoors, GPT-5.5 and more... - SWN #581

    Cisco Catalyst, Canvas, Exchange 0-Days, BitLocker Bypass, Mini Shai Hulud, Node IPC, Patch Tuesday, GPT-5.5, Supply Chain Attacks, and More on the Security Weekly News Show Notes: https://securityweekly.com/swn-581

  50. 951

    You're not going to patch your way out of this - PSW #926

    This week: New Yellowkey bitlocker bypass and what it means for you Hackers can run you over with a robot lawnmower FCC says new things about routers, again Glitching with AI almost no false positives AI thought it was evil DirtyFrag and the sad state of Linux LPEs You can buy better tools, perfect security, and other lies The Canvas breach Hackers can still take over trains Baby monitors, on the Internet! dnsmasq flaws I am now paying attention to Swordfish A neat vulnerability for ransomware Mythos, Curl, and how to do secure software Various ways to use AI to find bugs, spoiler, you don't need Mythos Show Notes: https://securityweekly.com/psw-926

Type above to search every episode's transcript for a word or phrase. Matches are scoped to this podcast.

Searching…

We're indexing this podcast's transcripts for the first time — this can take a minute or two. We'll show results as soon as they're ready.

No matches for "" in this podcast's transcripts.

Showing of matches

No topics indexed yet for this podcast.

Loading reviews...

ABOUT THIS SHOW

Welcome to the Security Weekly Podcast Network, your all-in-one source for the latest in cybersecurity! This feed features a diverse lineup of shows, including Application Security Weekly, Business Security Weekly, Paul's Security Weekly, Enterprise Security Weekly, and Security Weekly News. Whether you're a cybersecurity professional, business leader, or tech enthusiast, we cover all angles of the cybersecurity landscape.Tune in for in-depth panel discussions, expert guest interviews, and breaking news on the latest hacking techniques, vulnerabilities, and industry trends. Stay informed and secure with the most trusted voices in cybersecurity!

HOSTED BY

Security Weekly Productions

CATEGORIES

Frequently Asked Questions

How many episodes does Security Weekly Podcast Network (Video) have?

Security Weekly Podcast Network (Video) currently has 50 episodes available on PodParley. New episodes are automatically indexed when they're published to the podcast feed.

What is Security Weekly Podcast Network (Video) about?

Welcome to the Security Weekly Podcast Network, your all-in-one source for the latest in cybersecurity! This feed features a diverse lineup of shows, including Application Security Weekly, Business Security Weekly, Paul's Security Weekly, Enterprise Security Weekly, and Security Weekly News....

How often does Security Weekly Podcast Network (Video) release new episodes?

Security Weekly Podcast Network (Video) has 50 episodes. Check the episode list to see recent publication dates and frequency.

Where can I listen to Security Weekly Podcast Network (Video)?

You can listen to Security Weekly Podcast Network (Video) on PodParley by clicking any episode. We provide an embedded audio player for direct listening, and you can also subscribe via your preferred podcast app using the RSS feed.

Who hosts Security Weekly Podcast Network (Video)?

Security Weekly Podcast Network (Video) is created and hosted by Security Weekly Productions.
URL copied to clipboard!