Security Weekly Podcast Network (Audio)

Interview with Tod Beardsley This interview is sponsored by runZero. Legacy vulnerability management (VM) hasn't innovated alongside of attackers, and it shows. Let's talk about the state of VM. Check out https://securityweekly.com/runzero to learn more! Topic Segment: NPM Incidents In this week’s topic segment, we’re discussing all the NPM supply chain attacks from the past 3 weeks. I recently published a roundup of these incidents over on my Substack. Weekly Enterprise News Finally, in the enterprise security news, funding and acquisitions are going crazy an exciting new canarytoken banks have a more sedate approach to agentic MCP security the future Subprime Code crash of 2028 is security worried about the wrong risks? botnets are back in the headlines some bs research journalists getting duped by AI Animal crossing villagers are organizing against Tom Nook All that and more, on this episode of Enterprise Security Weekly. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-425

In this episode of Security Weekly News, Joshua Marpet and Aaran Leyland discuss the latest trends in AI and cybersecurity, focusing on innovations from CrowdStrike, the implications of new cyber incident reporting rules, and the evolving landscape of ransomware. They explore the role of AI in enhancing security measures, the challenges posed by mandated reporting for critical infrastructure, and the cultural impact of cybercrime on youth. The conversation also touches on the advancements in AI technology, including its applications in healthcare and mainframe modernization, as well as the alarming rise in ransomware tactics and the use of AI by cybercriminals. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-513

This week's technical segment is all about the T-Lora Pager from Lilygo, and really cool Meshtastic device that can also be used for some hacking tasks! In the security news: Your safe is not safe Cisco ASA devices are under attack VMScape HybridPetya and UEFI attacks in the wild Eveything is a Linux terminal Hackers turns 30 Hosting websites on disposable vapes NPM worms and token stealing Attackers make mistakes too AI podcasts Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw-892

In the leadership and communications segment, Lack of board access: The No. 1 factor for CISO dissatisfaction, Pressure on CISOs to stay silent about security incidents growing, The Secret to Building a High-Performing Team, and more! Jackie McGuire sits down with Chuck Randolph, SVP of Strategic Intelligence & Security at 360 Privacy, for a gripping conversation about the evolution of executive protection in the digital age. With over 30 years of experience, Chuck shares how targeted violence has shifted from physical threats to online ideation—and why it now starts with a click. From PII abuse to unregulated data brokers, generative AI manipulation, and real-world convergence of cyber and physical risks—this is a must-watch for CISOs, CSOs, CEOs, and anyone navigating modern threat landscapes. Hear real-world examples, including shocking stories of doxxing, AI-fueled radicalization, and the hidden dangers of digital exhaust. Whether you're in cyber, physical security, or executive leadership, this interview lays out the urgent need for converged risk strategies, narrative control, and a new approach to duty of care in a remote-first world. Learn what every security leader needs to do now to protect key personnel, prevent exploitation, and build a unified, proactive risk posture. This segment is sponsored by 360 Privacy. Learn how to integrate privacy and protective intelligence to get ahead of the next threat vector at https://securityweekly.com/360privacybh! In this exclusive Black Hat 2025 interview, CyberRisk TV host Matt Alderman sits down with Tom Pore, AVP of Sales Engineering at Pentera, to dive into the rapidly evolving world of AI-driven cyberattacks. What’s happening? Attackers are already using AI and LLMs to launch thousands of attacks per second—targeting modern web apps, exploiting PII, and bypassing traditional testing methods. Tom explains how automated AI payload generation, context-aware red teaming, and language/system-aware attack modeling are reshaping the security landscape. The twist? Pentera flips the script by empowering security teams to think like an attacker—using continuous, AI-powered penetration testing to uncover hidden risks before threat actors do. This includes finding hardcoded credentials, leveraging leaked identities, and pivoting across systems just like real adversaries. To learn more about Pentera's proactive Ransomware testing please visit: https://securityweekly.com/penterabh Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw-413

AI Nuns, Steganography, You're fired, VoidProxy, C++, Carplay Apriso, Josh Marpet, and more on the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-512

This week, we chat with Scott Clinton, board member and co-chain of the OWASP GenAI Security Project. This project has become a massive organization within OWASP with hundreds of volunteers and thousands of contributors. This team has been cranking out new tools, reports and guidance for practitioners month after month for over a year now. We start off discussing how Scott and other leaders have managed to keep up with the crazy rate of change in the AI world. We pivot to discussing some of the specific projects the team is working on, and finally discuss some of the biggest AI security challenges before wrapping up the conversation. If you're neck-deep in AI like we are, I highly recommend checking out this conversation, and consider joining this OWASP project, sponsoring them, or just checking out what they have to offer (which is all free, of course). Segment Resources: Get started with the OWASP GenAI Security Project Register for the GenAI Application Security & Risk Summit on October 9th, 11am - 4pm EST This segment is sponsored by The OWASP GenAI Security Project. Visit https://securityweekly.com/owasp to learn more about them! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw-348

Segment 1 - Interview with Jeff Pollard Introducing Forrester’s AEGIS Framework: Agentic AI Enterprise Guardrails For Information Security For this episode’s interview, we’re talking to Forrester analyst Jeff Pollard. I’m pulling this segment’s description directly from the report’s executive summary, which I think says it best: As AI agents and agentic AI are introduced to the enterprise, they present new challenges for CISOs. Traditional cybersecurity architectures were designed for organizations built around people. Agentic AI destroys that notion. In the near future, organizations will build for goal-oriented, ephemeral, scalable, dynamic agents where unpredictable emergent behaviors are incentivized to accomplish objectives. This change won’t be as simple or as straightforward as mobile and cloud — and that’s bad news for security leaders who in some cases still find themselves challenged by cloud security. Segment 2 - Weekly News Then, in the enterprise security news, there’s funding and acquisitions, but we’re not going to talk about them AI’s gonna call the cops on you and everyone’s losing money on it and Anthropic agreed to pay for all the copyright infringement they did when training models and Otter.ai got sued for recording millions of conversations without consent Burger King got embarrassed and their lawyers didn’t like it NPM package mayhem certificate authority hijinks AI darwin awards All that and more, on this episode of Enterprise Security Weekly. Segment 3 - Executive Interviews from Black Hat 2025 Interview with Rohit Dhamankar from Fortra Live from Black Hat 2025 in Las Vegas, Matt Alderman sits down with Rohit Dhamankar, VP of Product Strategy at Fortra, to dive deep into the evolving world of offensive security. From red teaming and pen testing to the rise of AI-powered threat simulation and continuous penetration testing, this conversation is a must-watch for CISOs, security architects, and compliance pros navigating today's dynamic threat landscape. Learn why regulatory bodies worldwide are now embedding offensive security requirements into frameworks like PCI DSS 4.0, and how organizations can adopt scalable strategies—even with limited red team resources. Rohit breaks down the nuances of purple teaming, AI-assisted red teaming, and the role of BAS platforms in enhancing defense postures. Whether you’re building in-house capabilities or leveraging external partners, this interview reveals key insights on security maturity, strategic outsourcing, and the future of cyber offense and defense convergence. This segment is sponsored by Fortra. Visit https://securityweekly.com/fortrabh to learn more! Interview with Michael Leland from Island At BlackHat 2025 in Las Vegas, Matt Alderman sits down with Michael Leland, VP Field CTO at Island, to tackle one of cybersecurity’s most urgent realities: compromised credentials aren’t a possibility — they’re a guarantee. From deepfakes to phishing and malicious browser plug-ins, attackers aren’t “breaking in” anymore… they’re logging in. Michael reveals how organizations can protect stolen credentials from being used, why the browser is now the second weakest link in enterprise security, and how Island’s enterprise browser can enforce multi-factor authentication at critical moments, block unsanctioned logins in real time, and control risky extensions with live risk scoring of 230,000+ Chrome plug-ins. Key takeaways: Why credential compromise is inevitable — and how to stop credential use How presentation layer DLP prevents data leaks inside and outside apps Real-time blocking of phishing logins and unsanctioned SaaS access Plug-in risk scoring, version pinning, and selective extension control Enabling BYOD securely — even after a catastrophic laptop loss Why many users never go back to Chrome, Edge, or Safari after switching Segment Resources: https://www.island.io/blog/how-the-enterprise-browser-neutralizes-the-risks-of-compromised-credentials This segment is sponsored by Island. Visit https://securityweekly.com/islandbh to learn more! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-424

Diella, Texas, Movie Rip Offs, WAF, AdaptixC2, Nano11, and More, on this edition of the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-511

This week: Americans Can't Hack It Copy and paste to get malware Pixel 5 web servers - because you can How they got in and why security is hard Vulnerability management is failing - is it dead yet? Exploiting hacker tools Bluetooth spending spree! How to defend your car IoT security solutions and other such lies Exploiting IBM i (formerly AS/400) Vibe coding vulnerabilities Plex is hacked again Bill's emoji ICE spies on phones Hackers be hackin' FreePBX Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw-891

Jess Burn, Principal Analyst at Forrester, lends her expertise on budgeting for security professionals, unveiling insights from the 2026 Budget Planning Guide. She emphasizes strategic spending amidst volatility and the integration of emerging technologies. Danny Jenkins, CEO of ThreatLocker, shares real-world challenges of FedRAMP compliance and reveals critical lessons in managing secure configurations. The conversation highlights the shift toward zero trust architectures, while tackling risks from misconfigurations and the complexities of adapting to evolving cybersecurity landscapes.