Best CVE Program Podcasts (2025)

1
CVE Program under fire, NLRB whistleblower, Microsoft Zero-Day 30:25

29d ago30:25

30:25

Summary In this episode of the Blue Security Podcast, hosts Andy Jaw and Adam Brewer discuss critical updates in cybersecurity, focusing on the funding crisis of the CVE program, concerns over government efficiency and data security, and the recent Microsoft CLFS vulnerability that led to ransomware threats. They emphasize the importance of maintai…

1
The Take It Down Act walks a fine line. 35:13

14m ago35:13

35:13

President Trump signs the Take It Down Act into law. A UK grocer logistics firm gets hit by ransomware. Researchers discover trojanized versions of the KeePass password manager. Researchers from CISA and NIST promote a new metric to better predict actively exploited software flaws. A new campaign uses SEO poisoning to deliver Bumblebee malware. A s…

1
Microsoft Security Exposure Management 29:16

1h ago29:16

29:16

Summary In this episode of the Blue Security Podcast, hosts Andy and Adam delve into Microsoft's new feature, Security Exposure Management (XSPM). They discuss the evolution of vulnerability management, the importance of understanding exposure management, and the five phases of continuous threat exposure management. The conversation also covers lic…

1
Redacted realities: Inside the MoJ hack. 33:20

13m ago33:20

33:20

The UK’s Ministry of Justice suffers a major breach. Mozilla patches two critical JavaScript engine flaws in Firefox. Over 200,000 patients of a Georgia-based health clinic see their sensitive data exposed. Researchers track increased malicious targeting of iOS devices. A popular printer brand serves up malware. PupkinStealer targets Windows system…

1
CCTVs, the cloud, and crime – Genetec’s formula for safer streets, with Lee Shelford 33:25

11h ago33:25

33:25

In this episode of the Cyber Uncut podcast, host Liam Garman is joined by Lee Shelford, sales engineering manager and cloud lead at Genetec, to explore how the company uses cutting-edge technology to help law enforcement agencies combat crime and build safer communities. The conversation begins with Genetec’s recent success in completing its IRAP a…

1
Dave Bittner: From puppet shows to podcasts. [Media] [Career Notes] 10:47

1d ago10:47

10:47

Please enjoy this encore of Career Notes. Host of the CyberWire Podcast, Dave Bittner, wanted to work with the Muppets, so naturally he landed in cybersecurity. Dave and his Cookie Monster puppet spent much of his childhood putting on shows for his parents friends. During one of those performances, he was discovered and got his start at the local P…

1
Leveling up their credential phishing tactics. [Research Saturday] 20:46

2d ago20:46

20:46

This week, Dave speaks with Max Gannon of Cofense Intelligence to dive into his team's research on "The Rise of Precision-Validated Credential Theft: A New Challenge for Defenders." Threat actors continuously develop new tactics, techniques, and procedures (TTPs) to bypass existing defenses. When defenders identify these methods and implement count…

1
Preparing for the cyber battlespace. 40:21

3d ago40:21

40:21

NATO hosts the world’s largest cyber defense exercise. The DOJ charges a dozen people in a racketeering conspiracy involving the theft of over $230 million in cryptocurrency. Japan has enacted a new Active Cyberdefense Law. Lawmakers push to reauthorize the Cybersecurity Information Sharing Act. Two critical Ivanti Endpoint Manager Mobile vulnerabi…

1
Deepfakes in the courtroom, DragonForce makes a major ransomware play, and the CIA tries to recruit Chinese spies 42:59

5d ago42:59

42:59

In this episode of the Cyber Uncut podcast, David Hollingworth and Daniel Croft get into a deep ethical discussion after an AI-generated deepfake of a murder victim, untangle the deeply confusing saga of the DragonForce ransomware gang’s latest evolution, the Australian Human Rights Commission (AHRC) breaches itself, and the insane back and forth b…

1
Bypassing Bitlocker encryption. 39:08

4d ago39:08

39:08

Google issues an emergency patch for a high-severity Chrome browser flaw. Researchers bypass BitLocker encryption in minutes. A massive Chinese-language black market has shut down. The CFPB cancels plans to curb the sale of personal information by data brokers. A cyberespionage campaign called Operation RoundPress targets vulnerable webmail servers…

1
Get to patching: Patch Tuesday updates. 38:15

5d ago38:15

38:15

A busy Patch Tuesday. Investigators discover undocumented communications devices inside Chinese-made power inverters. A newly discovered Branch Privilege Injection flaw affects Intel CPUs. A UK retailer may claim up to £100mn from its cyber insurers after a major cyberattack. A Kosovo national has been extradited to the U.S. for allegedly running a…

1
Jamming in a ban on state AI regulation. 32:51

6d ago32:51

32:51

House Republicans look to limit state regulation of AI. Spain investigates potential cybersecurity weak links in the April 28 power grid collapse. A major security flaw has been found in ASUS mainboards’ automatic update system. A new macOS info-stealing malware uses PyInstaller to evade detection. The U.S. charges 14 North Korean nationals in a re…

1
Administrator protection on Windows 11, Multi-tenancy in Unified SOC 28:29

6d ago28:29

28:29

Summary In this episode of the Blue Security Podcast, hosts Andy Jaw and Adam Brewer delve into the new security features of Windows 11, focusing on Administrator Protection and its implications for user privilege management. They also explore the advancements in Microsoft Sentinel, particularly the introduction of multi-tenancy and workspace manag…

1
No quick fix for a ClickFix attack. 32:26

7d ago32:26

32:26

A major student engagement platform falls victim to the ClickFix social engineering attack. Google settles privacy allegations with Texas for over one point three billion dollars. Stores across the UK face empty shelves due to an ongoing cyberattack. Ascension Health reports that over 437,000 patients were affected by a third-party data breach. A c…

1
CONTESTED GROUND: A sit down with Tim Knight, author of Gallipoli Soup 43:14

8d ago43:14

43:14

In this episode of the Contested Ground podcast, host Liam Garman is joined by Tim Knight, author of the recently released book Gallipoli Soup, to discuss the Gallipoli campaign and how Knight used narrative to bring to life the challenges faced by both Australian and Turkish soldiers in World War I. The pair begin the podcast unpacking Knight’s re…

1
Limor Kessem: Be an upstander. [Security Advisor] [Career Notes] 8:27

8d ago8:27

8:27

Enjoy this encore of Career Notes. Executive Security Advisor at IBM Security Limor Kessem says she started her cybersecurity career by pure chance. Limor made a change from her childhood dream of being a doctor and came into cybersecurity with her passion, investment, discipline, and perseverance. Limor talks about how we must tighten our core sec…

1
Beyond cyber: Securing the next horizon. [Special Edition] 1:03:13

9d ago1:03:13

1:03:13

Cybersecurity is no longer confined to the digital world or just a technical challenge, it’s a global imperative. The NightDragon Innovation Summit convened a group of industry leaders to discuss how public and private entities can work together to address emerging threats and harness the power of AI, cybersecurity, and innovation to strengthen nat…

1
Hijacking wallets with malicious patches. [Research Saturday] 20:09

10d ago20:09

20:09

This week, we are joined by Lucija Valentić, Software Threat Researcher from ReversingLabs, who is discussing "Atomic and Exodus crypto wallets targeted in malicious npm campaign." Threat actors have launched a malicious npm campaign targeting Atomic and Exodus crypto wallets by distributing a fake package called "pdf-to-office," which secretly pat…

1
Scrutinizing the security of messaging apps continues. 32:26

10d ago32:26

32:26

The messaging app used by CBP and the White House faces continued security scrutiny. Hacktivists breach the airline used for U.S. deportation flights. The FBI warns that threat actors are exploiting outdated, unsupported routers. Education giant Pearson confirms a cyberattack. Researchers report exploitation of Windows Remote Management (WinRM) for…

1
Meta fuels its new AI with Facebook content, UK retailers suffer ransomware spree, and LockBit gets hacked 34:02

11d ago34:02

34:02

In this episode of the Cyber Uncut podcast, David Hollingworth and Daniel Croft discuss Meta’s newly launched AI that will be powered by Facebook, DeepSeek is back in the news, a horror week of hacks for some massive UK retail chains, LockBit, and the wonderful day and night that was last week’s Australian Cyber Summit and Australian Cyber Awards. …

1
Targeting schools is not cool. 36:31

11d ago36:31

36:31

The LockBit ransomware gang has been hacked. Google researchers identify a new infostealer called Lostkeys. SonicWall is urging customers to patch three critical device vulnerabilities. Apple patches a critical remote code execution flaw. Cisco patches 35 vulnerabilities across multiple products. Iranian hackers cloned a German modeling agency’s we…

1
AWS in Orbit: Empowering exploration on the Moon, Mars, and more. 26:37

11d ago26:37

26:37

From the N2K CyberWire network T-Minus team, please enjoy this podcast episode recorded at Space Symposium 2025. Find out how AWS for Aerospace and Satellite is empowering exploration on the Moon, Mars, and beyond with Lunar Outpost. You can learn more about AWS in Orbit at space.n2k.com/aws. Our guests on this episode are AJ Gemer, CTO at Lunar O…

1
When spyware backfires. 33:40

12d ago33:40

33:40

A jury orders NSO Group to pay $167 millions dollars to Meta over spyware allegations. CISA warns of hacktivists targeting U.S. ICS and SCADA systems. Researcher Micah Lee documents serious privacy risks in the TM SGNL app used by high level Trump officials. The NSA plans significant workforce cuts. Nations look for alternatives to U.S. cloud provi…

1
No hocus pocus—MagicINFO flaw is the real threat. 37:01

13d ago37:01

37:01

A critical flaw in a Samsung’s CMS is being actively exploited. President Trump’s proposed 2026 budget aims to slash funding for CISA. “ClickFix” malware targets both Windows and Linux systems through advanced social engineering. CISA warns of a critical Langflow vulnerability actively exploited in the wild. A new supply-chain attack targets Linux …

1
Microsoft's Secure by Design journey - One year of success 44:15

13d ago44:15

44:15

Summary In this episode of the Blue Security Podcast, hosts Andy Jaw and Adam Brewer discuss Microsoft's Secure Future Initiative (SFI), which aims to enhance security standards across its products and services. They delve into the implementation of mandatory multi-factor authentication, the transition to passwordless accounts, and the adoption of …

1
Hardcoded credentials and hard lessons. 29:46

14d ago29:46

29:46

Researchers uncover serious vulnerabilities in the Signal fork reportedly used by top government officials. CISA adds a second Commvault flaw to its Known Exploited Vulnerabilities catalog. xAI exposed a private API key on GitHub for nearly two months. FortiGuard uncovers a cyber-espionage campaign targeting critical national infrastructure in the …

1
Joe Bradley: A bit of a winding road. [Chief Scientist] [Career Notes] 7:29

15d ago7:29

7:29

Please enjoy this encore of Career Notes. Chief Scientist at LivePerson Joe Bradley takes us down his circuitous career journey that led him back to math. Joe had many ambitions from opera singer to middle school teacher, spent some time at two national labs and went back to his first love of math and physics. He notes that many of the most mathema…

1
When AI gets a to-do list. [Research Saturday] 24:22

16d ago24:22

24:22

This week, we are joined by ⁠Shaked Reiner⁠, Security Principal Security Researcher at ⁠CyberArk⁠, who is discussing their research on"Agents Under Attack: Threat Modeling Agentic AI." Agentic AI empowers LLMs to take autonomous actions, like browsing the web or executing code, making them more useful—but also more dangerous. Threats like prompt in…

1
Wired, but not fired. 35:46

17d ago35:46

35:46

RSAC 2025 comes to an end. Canadian power company hit by cyberattack. Ascension Health discloses another breach. UK luxury department store Harrods discloses attempted cyberattack. Microsoft fixes bug flagging Gmail as spam. An unofficial version of the Signal app shared in photo. EU fines TikTok for violating GDPR with China data transfer. US Trea…

1
How to identify the cyber skills your team really needs, with Lumify’s Louis Cremen and Jeremy Daly 45:29

17d ago45:29

45:29

In this episode of the Cyber Uncut podcast, host Liam Garman is joined by Lumify lead cyber security instructor Louis Cremen and cyber security lead Jeremy Daly. Together, they unpack the essential cyber security skill sets different organisations need – and how businesses can ensure their teams stay ahead of evolving threats. The discussion kicks …

1
AI on the offensive. 33:08

18d ago33:08

33:08

Updates from RSAC 2025. Former NSA cyber chief Rob Joyce warns that AI is rapidly approaching the ability to develop high-level software exploits. An FBI official warns that China is the top threat to U.S. critical infrastructure. Mandiant and Google raise alarms over widespread infiltration of global companies by North Korean IT workers. France ac…

1
How do you gain “experience” in cyber without a job in cyber? [CISO Persepctives] 41:47

18d ago41:47

41:47

We're sharing a episode from another N2K show we thought you might like. It's the third episode of the new season of the show CISO Perspectives with Kim Jones. Enjoy! Show Notes: While the cybersecurity industry has expanded and grown in recent years, newcomers still struggle to gain relevant "experience" before officially beginning their cyber car…

1
Less CISA, more private sector power? 36:06

19d ago36:06

36:06

DHS Secretary Kristi Noem justifies budget cuts in her RSAC keynote. The EFF pens an open letter to Trump backing Chris Krebs. Scattered Spider is credited with the Marks & Spencer cyberattack. Researchers discover a critical flaw in Apple’s AirPlay protocol. The latest CISA advisories. On our Industry Voices segment, we are joined by Neil Gad, Chi…

1
Trends shaping the future at RSAC. 33:18

20d ago33:18

33:18

RSAC 2025 is well under way, and Kevin the Intern files his first report. Authorities say Spain and Portugal’s massive power outage was not a cyberattack. Concerns are raised over DOGE access to classified nuclear networks. The FS-ISAC launches the Cyberfraud Prevention Framework. Real-time deepfake fraud is here to stay. On today’s Threat Vector, …

1
Quick Recovery, Hotpatch, Copilot Podcast 35:38

21d ago35:38

35:38

Summary In this episode of the Blue Security Podcast, hosts Andy Jaw and Adam Brewer discuss the new Quick Recovery feature in Windows 11, which automates device remediation during critical failures. They explore its implications for cybersecurity, the Windows Resiliency Initiative, and the importance of user feedback in feature development. The co…

1
Lights out, lines down. 30:38

21d ago30:38

30:38

A massive power outage strikes the Iberian Peninsula. Iran says it repelled a “widespread and complex” cyberattack targeting national infrastructure. Researchers find hundreds of SAP NetWeaver systems vulnerable to a critical zero-day. A British retailer tells warehouse workers to stay home following a cyberattack. VeriSource Services discloses a b…

1
CONTESTED GROUND: Cyber war, global politics and the power of truth: Unpacking conflict in the Information Age 31:28

22d ago31:28

31:28

In this episode of the Contested Ground podcast, hosts Major General (Ret’d) Dr Marcus Thompson, Phil Tarrant and Liam Garman discuss the application of cyber and information in the modern threat environment, and how the White House is changing voting behaviours across the West. They begin the podcast by unpacking Thomas Rid's Cyber War Will Not Ta…

1
Natali Tshuva: Impacting critical industries. [CEO] [Career Notes] 8:04

22d ago8:04

8:04

Please enjoy this encore episode of Career Notes. CEO and co-founder of Sternum, Natali Tshuva shares how she took her interest in science and technology and made a career and company out of it. Beginning her computer science undergraduate degree at age 14 through a special program in Israel, Natali says it opened up a new world for her. Her requir…

1
Microsoft for Startups: The benefits of the cyber startup ecosystem. [Special Edition] 1:15:15

23d ago1:15:15

1:15:15

Welcome to the Microsoft for Startups Spotlight, brought to you by N2K CyberWire and Microsoft. In this episode, we are shining a light on innovation, ambition, and the tech trailblazers building the future right from the startup trenches. This episode is part of our exclusive RSAC series where we dive into the real world impact of the Microsoft fo…

1
China’s new cyber arsenal revealed. [Research Saturday] 25:33

23d ago25:33

25:33

Today we are joined by Crystal Morin, Cybersecurity Strategist from Sysdig, as she is sharing their work on "UNC5174’s evolution in China’s ongoing cyber warfare: From SNOWLIGHT to VShell." UNC5174, a Chinese state-sponsored threat actor, has resurfaced with a stealthy cyber campaign using a new arsenal of customized and open-source tools, includin…

1
Pentagon hits fast-forward on software certs. 32:44

24d ago32:44

32:44

The Defense Department is launching a new fast-track software approval process. A popular employee monitoring tool exposes over 21 million real-time screenshots. The U.S. opens a criminal antitrust investigation into router maker TP-Link. A pair of health data breaches affect over six million people. South Korea’s SK Telecom confirms a cyberattack.…

1
Government backdoors into the world’s social media giants and setting ethical standards online 24:41

25d ago24:41

24:41

In this episode of the Cyber Uncut podcast, Daniel Croft and Liam Garman sit down to unpack whether the federal government’s social media age restrictions really address the risks young Australians face online and how governments are looking to create backdoors into social media and tech giants. They begin the podcast by discussing Meta’s AI-enable…

1
Lessons from the latest breach reports. 28:57

25d ago28:57

28:57

Verizon and Mandiant call for layered defenses against evolving threats. Cisco Talos describes ToyMaker and Cactus threat actors. Researchers discover a major Linux security flaw which allows rootkits to bypass traditional detection methods. Ransomware groups are experimenting with new business models. Deputy Assistant Director Cynthia Kaiser from …

1
Are we a trade or a profession? [CISO Perspectives] 47:03

25d ago47:03

47:03

We're sharing a episode from another N2K show we thought you might like. It's the second episode of the new season of the show CISO Perspectives with Kim Jones. Enjoy! Show Notes: Cybersecurity has an identity problem where the industry as a whole is struggling to determine whether it is a trade or a profession. In this episode of CISO Perspectives…

1
States struggle with cyber shift. 34:49

26d ago34:49

34:49

The White House’s shift of cybersecurity responsibilities to the states is met with skepticism. Baltimore City Public Schools suffer a ransomware attack. Russian state-backed hackers target Dutch critical infrastructure. Microsoft resolves multiple Remote Desktop issues. A new malware campaign is targeting Docker environments for cryptojacking. A n…

1
Proton66’s malware highway. 42:36

27d ago42:36

42:36

The Russian Proton66 is tied to cybercriminal bulletproof hosting services. A new Rust-based botnet hijacks vulnerable routers. CISA budget cuts limit the use of popular analysis tools. A pair of healthcare providers confirm ransomware attacks. Researchers uncover the Scallywag ad fraud network. The UN warns of cyber-enabled fraud in Southeast Asia…

1
When fake fixes hide real attacks. 31:36

28d ago31:36

31:36

Adversary nations are using ClickFix in cyber espionage campaigns. Japan’s Financial Services Agency issues an urgent warning after hundreds of millions in unauthorized trades. The critical Erlang/OTP’s SSH vulnerability now has public exploits. A flawed rollout of a new Microsoft Entra app triggers widespread account lockouts. The alleged operator…

1
CONTESTED GROUND: How to develop a culture of security in your business 26:47

29d ago26:47

26:47

In this episode of the Contested Ground podcast, hosts Phil Tarrant and Major General (Ret'd) Dr Marcus Thompson discuss how businesses can build a culture of security in the modern work environment, protecting critical business IP. They begin the podcast with a short book review of Stephen Gapps' Uprising: War in the colony of New South Wales, unp…

1
Rich Hale: Understanding the data. [CTO] [Career Notes] 7:49

30d ago7:49

7:49

Please enjoy this encore episode of Career Notes. Chief Technology Officer of ActiveNav Rich Hale takes us through his career aspirations of board game designer (one he has yet to realize), through his experience with the Royal Air Force to the commercial sector where his firm works to secure dark data. During his time in the Air Force, Rich was fo…

1
Crafting malware with modern metals. [Research Saturday] 20:03

1M ago20:03

20:03

This week, we are joined by Nick Cerne, Security Consultant from Bishop Fox, to discuss "Rust for Malware Development." In pursuit of simulating real adversarial tactics, this blog explores the use of Rust for malware development, contrasting it with C in terms of binary complexity, detection evasion, and reverse engineering challenges. The author …

Podcasts Worth a Listen

CVE Program Podcasts

Podcasts Worth a Listen