Security Weekly Podcast Network (Video)

As brands grow more digital, the threats grow more personal. Attackers impersonate executives, spin up fake websites, and leak sensitive data — hurting business reputations and breaking customer trust. How do you defend your organization's reputation and customers' trust? Santosh Nair, Co-Founder and CTO at Styx Intelligence, joins Business Security Weekly to discuss how to defend trust and reputation in the age of AI. Santosh will cover both the company and executive challenges of defending against the latest AI attacks, including: Impersonations and Deepfakes Employee Scams Financial Fraud Segment Resources: - https://styxintel.com/blog/what-is-brand-protection/ - https://styxintel.com/blog/brand-impersonation-hurts-business/ - https://styxintel.com/blog/social-engineering-tactics/ In the leadership and communications section, Mind the overconfidence gap: CISOs and staff don’t see eye to eye on security posture, Your AI Strategy Needs More Than a Single Leader, Avoid These Communication Breakdowns When Launching Strategic Initiatives, and more! Show Notes: https://securityweekly.com/bsw-408

300 Baud, Buddy Hackett Nudes, Dell, badUSB, Exchange, Erlang/OTP, Josh Marpet, and more on the Security Weekly News. Show Notes: https://securityweekly.com/swn-502

Open source software is a massive contribution that provides everything from foundational frameworks to tiny single-purpose libraries. We walk through the dimensions of trust and provenance in the software supply chain with Janet Worthington. And we discuss how even with new code generated by LLMs and new terms like slopsquatting, a lot of the most effective solutions are old techniques. Resources https://www.forrester.com/blogs/make-no-mistake-software-is-a-supply-chain-and-its-under-attack/ https://www.forrester.com/report/the-future-of-software-supply-chain-security/RES184050 Show Notes: https://securityweekly.com/asw-343

Topic Segment - What's new at Black Hat? We're coming live from hacker summer camp 2025, so it seemed appropriate to share what we've seen and heard so far at this year's event. Adrian's on vacation, so this episode is featuring Jackie McGuire and Ayman Elsawah! News Segment Then, in the enterprise security news, Tons of funding! SentinelOne picks up an AI security company weeks after Palo Alto closes the Protect AI deal Vendors shove AI agents into everything they’ve got Why SOC analysts ignore your playbooks NVIDA pinkie swears to China: no back doors! ChatGPT was allowing shared chat sessions to be indexed and crawled by search engines like Google Who is gonna secure all this vibe code? Who is gonna triage all these hallucinated bug reports? Perplexity and Cloudflare duke it out When you try to scrub your shady past off the Internet, it might just make things worse. All that and more, on this episode of Enterprise Security Weekly. Show Notes: https://securityweekly.com/esw-419

Hello and welcome to security weekly news, episode 501, on Aug 8, 2025. This week we have, SonicWall, Confidential Informants Exposed, Cisco Vishing, Perplexity vs robots.txt, Microsoft’s Project Ire, Meta–Flo Jury Verdict, GPT‑5 Lands, TeaOnHer Data Leak, Josh Marpet, and more on the Security Weekly News.. Show Notes: https://securityweekly.com/swn-501

Explore the intriguing world of cybersecurity challenges, from AI vulnerabilities to firmware attacks. Learn about the resurgence of traditional security methods facing modern threats like the Akira ransomware. Discover the role of nostalgia in new hacking tools and the innovative hacking hardware evolving over two decades. Delve into the ethical implications of AI and social engineering incidents, all while highlighting the complexities of managing kids' technology access today. This discussion paints a vivid picture of the ever-changing landscape of security.

Recent findings of AI ecosystem insecurities and attacks show the importance of needing AI governance in the supply chain. And this supply chain is rapidly expanding to include not only open-source software but also collaborative platforms where custom models, agents, prompts, and other AI resources are used. And with this expansion of third-party AI component and services use comes an expanded security threat often not included in traditional supply chain management processes. It's time to update our supply chain management process to include AI governance. Easier said than done. In this Say Easy, Do Hard segment, we invite three CISOs to discuss the challenges of AI and the supply chain, including: Data privacy concerns Flaws and malicious code in AI dependencies Lack of security tools to test for AI Vibe coding risks and more. But we also do the hard part, by discussing the changes needed to your supply chain management process to address these concerns. Show Notes: https://securityweekly.com/bsw-407

MFA Bypass, SonicWall, BIOS Shade, Sex Toys, FBI Warnings, Claude vs GPT-5, Josh Marpet, and more on the Security Weekly News. Show Notes: https://securityweekly.com/swn-500

Maintaining code is a lot more than keeping dependencies up to date. It involved everything from keeping old code running to changing frameworks to even changing implementation languages. Jonathan Schneider talks about the engineering considerations of refactoring and rewriting code, why code maintenance is important to appsec, and how to build confidence that adding automation to a migration results in code that has the same workflows as before. Resources https://docs.openrewrite.org https://github.com/openrewrite Then, instead of our usual news segment, we do a deep dive on some recent vulns NVIDIA's Triton Inference Server disclosed by Trail of Bits' Will Vandevanter. Will talks about the thought process and tools that go into identify potential vulns, the analysis in determining whether they're exploitable, and the disclosure process with vendors. He makes the important point that even if something doesn't turn out to be a vuln, there's still benefit to the learning process and gaining experience in seeing the different ways that devs design software. Of course, it's also more fun when you find an exploitable vuln -- which Will did here! Resources https://nvidia.custhelp.com/app/answers/detail/a_id/5687 https://github.com/triton-inference-server/server https://blog.trailofbits.com/2025/07/31/hijacking-multi-agent-systems-in-your-pajamas/ https://blog.trailofbits.com/2025/07/28/we-built-the-security-layer-mcp-always-needed/ Show Notes: https://securityweekly.com/asw-342

The Weekly Enterprise News (segments 1 and 2) This week, we’ve had to make some last minute adjustments, so we’re going to do the news first, split into two segments. This week, we’re discussing: Some interesting funding Two acquisitions - one picked up for $250M, the other slightly larger, at $25 BILLION Interesting new companies! On the 1 year anniversary of that thing that happened, Crowdstrike would like to assure you that they’re REALLY making sure that thing never happens again Flipping the script How researchers rooted Copilot, but not really talks to check out at Hacker Summer Camp detection engineering tips the Cloud Security Alliance has a new AI Controls Matrix sending in the National Guard to handle a breach! and how to read an AI press release Interview: Guillaume Ross on Building Security from Scratch Guillaume shares his experiences building security from scratch at Canadian FinTech, Finaptic. Imagine the situation: you're CISO, and literally NOTHING is in place yet. No policies, no controls, no GRC processes. Where do you start? What do you do first? Are there things you can get away with that would be impossible in older, well-established financial firms? Show Notes: https://securityweekly.com/esw-418