Security Weekly Podcast Network (Audio)

Open source software is a massive contribution that provides everything from foundational frameworks to tiny single-purpose libraries. We walk through the dimensions of trust and provenance in the software supply chain with Janet Worthington. And we discuss how even with new code generated by LLMs and new terms like slopsquatting, a lot of the most effective solutions are old techniques. Resources https://www.forrester.com/blogs/make-no-mistake-software-is-a-supply-chain-and-its-under-attack/ https://www.forrester.com/report/the-future-of-software-supply-chain-security/RES184050 Show Notes: https://securityweekly.com/asw-343

Topic Segment - What's new at Black Hat? We're coming live from hacker summer camp 2025, so it seemed appropriate to share what we've seen and heard so far at this year's event. Adrian's on vacation, so this episode is featuring Jackie McGuire and Ayman Elsawah! News Segment Then, in the enterprise security news, Tons of funding! SentinelOne picks up an AI security company weeks after Palo Alto closes the Protect AI deal Vendors shove AI agents into everything they’ve got Why SOC analysts ignore your playbooks NVIDA pinkie swears to China: no back doors! ChatGPT was allowing shared chat sessions to be indexed and crawled by search engines like Google Who is gonna secure all this vibe code? Who is gonna triage all these hallucinated bug reports? Perplexity and Cloudflare duke it out When you try to scrub your shady past off the Internet, it might just make things worse. All that and more, on this episode of Enterprise Security Weekly. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-419

This week we have, SonicWall, Confidential Informants Exposed, Cisco Vishing, Perplexity vs robots.txt, Microsoft’s Project Ire, Meta–Flo Jury Verdict, GPT‑5 Lands, TeaOnHer Data Leak, Josh Marpet, and more on the Security Weekly News.. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-501

Why should hate AI When firmware attacks The 300 second breach Old ways still work, AI might help And so begins the crawler wars Turn off your SonicWall VPN Your Pie may be wrapped in PII Attackers will find a way Signed kernel drivers D-Link on the KEV Rasperry PIs attack Stealthy LoRa LLM's don't commit code, people do Jame's Bond style rescue with drones SRAM has no chill In the full view of the public... Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw-886

Recent findings of AI ecosystem insecurities and attacks show the importance of needing AI governance in the supply chain. And this supply chain is rapidly expanding to include not only open-source software but also collaborative platforms where custom models, agents, prompts, and other AI resources are used. And with this expansion of third-party AI component and services use comes an expanded security threat often not included in traditional supply chain management processes. It's time to update our supply chain management process to include AI governance. Easier said than done. In this Say Easy, Do Hard segment, we invite three CISOs to discuss the challenges of AI and the supply chain, including: Data privacy concerns Flaws and malicious code in AI dependencies Lack of security tools to test for AI Vibe coding risks and more. But we also do the hard part, by discussing the changes needed to your supply chain management process to address these concerns. Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw-407

MFA Bypass, SonicWall, BIOS Shade, Sex Toys, FBI Warnings, Claude vs GPT-5, Josh Marpet, and more on the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-500

Maintaining code is a lot more than keeping dependencies up to date. It involved everything from keeping old code running to changing frameworks to even changing implementation languages. Jonathan Schneider talks about the engineering considerations of refactoring and rewriting code, why code maintenance is important to appsec, and how to build confidence that adding automation to a migration results in code that has the same workflows as before. Resources https://docs.openrewrite.org https://github.com/openrewrite Then, instead of our usual news segment, we do a deep dive on some recent vulns NVIDIA's Triton Inference Server disclosed by Trail of Bits' Will Vandevanter. Will talks about the thought process and tools that go into identify potential vulns, the analysis in determining whether they're exploitable, and the disclosure process with vendors. He makes the important point that even if something doesn't turn out to be a vuln, there's still benefit to the learning process and gaining experience in seeing the different ways that devs design software. Of course, it's also more fun when you find an exploitable vuln -- which Will did here! Resources https://nvidia.custhelp.com/app/answers/detail/a_id/5687 https://github.com/triton-inference-server/server https://blog.trailofbits.com/2025/07/31/hijacking-multi-agent-systems-in-your-pajamas/ https://blog.trailofbits.com/2025/07/28/we-built-the-security-layer-mcp-always-needed/ Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw-342

The Weekly Enterprise News (segments 1 and 2) This week, we’ve had to make some last minute adjustments, so we’re going to do the news first, split into two segments. This week, we’re discussing: Some interesting funding Two acquisitions - one picked up for $250M, the other slightly larger, at $25 BILLION Interesting new companies! On the 1 year anniversary of that thing that happened, Crowdstrike would like to assure you that they’re REALLY making sure that thing never happens again Flipping the script How researchers rooted Copilot, but not really talks to check out at Hacker Summer Camp detection engineering tips the Cloud Security Alliance has a new AI Controls Matrix sending in the National Guard to handle a breach! and how to read an AI press release Interview: Guillaume Ross on Building Security from Scratch Guillaume shares his experiences building security from scratch at Canadian FinTech, Finaptic. Imagine the situation: you're CISO, and literally NOTHING is in place yet. No policies, no controls, no GRC processes. Where do you start? What do you do first? Are there things you can get away with that would be impossible in older, well-established financial firms? Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-418

Pipes, Thorium, Excel, Weird Ports, ATM Hillbilly Cannibal Attack, Lambdas, National Guard, AIs, Aaran Leyland, and More on this episode of the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-499

In the security news: Hacking washing machines, good clean fun! Hacking cars via Bluetooth More Bluetooth hacking with Breaktooth Making old vulnerabilities great again: exploiting abandoned hardware Clorox and Cognizant point fingers AI generated Linux malware Attacking Russian airports When user verification data leaks Turns out you CAN steal cars with a Flipper Zero, so we're told The UEFI vulnerabilities - the hits keep coming Hijacking Discord invites The Raspberry PI laptop The new Hack RF One Pro Security appliances still fail to be secure Person Re-Identification via Wi-Fi Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw-885