Security Weekly Podcast Network (Audio)

MongoBleed and a recent OWASP CRS bypass show how parsing problems remain a source of security flaws regardless of programming language. We talk with Kalyani Pawar about how these problems rank against the Top 25 CWEs for 2025 and what it means for relying on LLMs to generate code. Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw-366

Segment 1 with Beck Norris - Making vulnerability management actually work Vulnerability management is often treated as a tooling or patching problem, yet many organizations struggle to reduce real cyber risk despite heavy investment. In this episode, Beck Norris explains why effective vulnerability management starts with governance and risk context, depends on multiple interconnected security disciplines, and ultimately succeeds or fails based on accountability, metrics, and operational maturity. Drawing from the aviation industry—one of the most regulated and safety-critical environments—Beck translates lessons that apply broadly across regulated and large-scale enterprises, including healthcare, financial services, and critical infrastructure. Segment 2 with Ryan Fried and Jose Toledo - Making incident response actually work Organizations statistically have decent to excellent spending on cybersecurity: they have what should be sufficient staff and some good tools. When they get hit with an attack, however, the response is often an unorganized, poorly communicated mess! What’s going on here, why does this happen??? Not to worry. Ryan and José join us in this segment to offer some insight into why this happens and how to ensure it never happens again! Segment Resources: [Mandiant - Best practices for incident response planning] (https://services.google.com/fh/files/misc/mandiantincidentresponsebestpractices_2025.pdf?linkId=19287933) Beyond Cyberattacks: Evolution of Incident Response in 2026 Segment 3 - Weekly Enterprise News Finally, in the enterprise security news, Almost no funding… Oops, all acquisitions! Changes in how the US handles financial crimes and international hacking Mass scans looking for exposed LLMs The state of Prompt injection be careful with Chrome extensions and home electronics from unknown brands Is China done with the West? All that and more, on this episode of Enterprise Security Weekly. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-442

Miss Cleo, Whisperpair, Fortisiem, REDVDS, Google, Spying, Rob Allen from Threatlocker, and More on this episode of the Security Weekly News. Segment Resources: https://www.cybersecuritydive.com/news/telecom-ransomware-spike-cyble/809224/ This segment is sponsored by ThreatLocker. Visit https://securityweekly.com/threatlocker to learn more about them! Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-547

In the security news: KVMs are a hacker's dream Hacking an e-scooter Flipper Zero alternatives The best authentication bypass Pwning Claude Code ForiSIEM, vulnerabilities, and exploits Microsoft patches and Secure Boot fun Making Windows great, again? Breaching the Breach Forum Congressional Emails unsolicited Instagram password reset requests - Is Meta doing enough to secure the platform? LLMs are HIPAA compliant? Threat actors target LLM honeypots Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw-909

The three proactive security principles of visibility, prioritization, and remediation have always been the foundation of vulnerability management teams. But these teams face continuous challenges. How do you address these challenges? Erik Nost, Senior Analyst at Forrester, joins Business Security Weekly to break down the six questions that need to be answered for each proactive security principle: who, what, when, where, why, and how. The introduction of generative AI (genAI) into proactive security promises to provide a broader and speedier ability to answer these questions, providing further opportunities for the proactive security market to grow. In the leadership and communications segment, What the CEO and C-Suite Must Ask Before Building an AI Enabled Enterprise, Don’t Underestimate the Value of Professional Friendships, What Kevin Bacon Can Teach You About Cybersecurity Career, and more! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw-430

Are you dead? AI Hellscape, Copilot Uninstalled?, Blue Delta, 2026 predictions, Quishing, Confer, Aaran Leyland, and More on the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-546

Not all infosec advice is helpful. Bad advice wastes time, makes people less secure, and takes focus away from making software more secure. Bob Lord talks about his efforts to tamp down hacklore -- the security myths and mistakes that crop up in news stories and advice to users. He talks about how these myths come about, why they're harmful, and how they're related to the necessity of building software that's secure by design. Segment Resources: https://www.hacklore.org/ https://medium.com/@boblord/lets-stop-hacklore-d5c86a0fdad8 https://www.cisa.gov/securebydesign https://medium.com/@boblord/recurring-classes-of-software-weaknesses-2007-vs-2025-c2cd56125e1a https://www.ncsc.gov.uk/report/a-method-to-assess-forgivable-vs-unforgivable-vulnerabilities https://99percentinvisible.org/episode/nut-behind-wheel/ https://timharford.com/2022/05/cautionary-tales-short-a-screw-loose-at-17000ft/ Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw-365

First Topic - Podcast Content Plans for 2026 Every year, I like to sit down and consider what the podcast should be focusing on. Not doing so ensures every single episode will be about AI and nobody wants that. Least of all, me. If I have one more all-AI episode, my head is going to explode. With that said, most of what we talk about in this segment is AI (picard face palm.png). I think 2026 will be THE defining year for GenAI. Three years after the release of ChatGPT, I think we've hit peak GenAI hype and folks are ready for it to put up or shut up. We'll see winners grow and get acquired and losers pivot to something else. More than anything, I want to interview folks who have actually seen it work at scale, rather than just in a cool demo in a vendor sandbox. Also on the agenda for this year: The battle against infostealers and session hijacking: we didn't have a good answer in 2025. When is it coming? Will it include Macs, despite them not having a traditional TPM? The state of trust in outsourcing and third party use (Cloud, MSSPs, SaaS, contractors): 2025 was not a good year for third parties. Lots of them got breached and caused their customers a lot of pain. Also, there's the state of balkanization between the US and... the rest of the entire world. Everyone outside the US seems to be trying to derisk their companies and systems from the Cloud Act right now. Vulnerability management market disruption: there are half a dozen startups already plotting to disrupt the market, likely to come out of stealth in 2026 Future of the SOC: if it's not AI, what is it? What else??? What am I missing? What would you like to see us discuss? Please drop me a line and let me know: adrian.sanabria@cyberriskalliance.com Topic 2: The state of cybersecurity hiring This topic has been in the works for a while! Ayman had a whole podcast and book focused on all the paths people take to get into security. Jackie worked with WiSys on outlining pathways into a cybersecurity career. Whether you're already in cyber or looking for a way in, this segment crams a lot of great advice into just 15-20 minutes. Segment resources: Ayman's personal guide for getting into security https://www.wicys.org/wp-content/uploads/2025/10/WiCyS-Pathways-in-Cyber-PDF-9.24.25.pdf News Finally, in the enterprise security news, Fundings and acquisitions still strong in 2026! Santa might be done delivering gifts, but not protecting Macs! ClickFix attacks Weaponized Raspberry Pis MongoDB incidents for Christmas Top 10 Cyber attacks of 2025 US gets tough on nation state hackers? Brute force attacks on Banks An AI Vending Machine All that and more, on this episode of Enterprise Security Weekly. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-441

Grok Nudification, Spying, Ni8mare, Cisco, Chat-GPT, Chrome, SaaS, CES, Josh Marpet, and More on this episode of the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-545

This week in the security news: Supply chain attacks and XSS PS5 leaked keys Claude tips for security pros No Flipper Zeros allowed, or Raspberry PIs for that matter Kimwolf and your local network Linux is good now Removing unremovable apps without root Detecting lag catches infiltrators Defending your KVM Fixing some of the oldest code Deleting websites live on stage in costume It was a honeypot FCC is letting telecoms off easy Don't buy a Haribo power bank Ransomeware scum Fortinet vulns CISA warns about NVRs Patching MongoDB Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw-908