))
Welcome to the Security Weekly Podcast Network, your all-in-one source for the latest in cybersecurity! This feed features a diverse lineup of shows, including Application Security Weekly, Business Security Weekly, Paul's Security Weekly, Enterprise Security Weekly, and Security Weekly News. Whether you're a cybersecurity professional, business leader, or tech enthusiast, we cover all angles of the cybersecurity landscape. Tune in for in-depth panel discussions, expert guest interviews, and ...
…
continue reading
About all things AppSec, DevOps, and DevSecOps. Hosted by Mike Shema and John Kinsella, the podcast focuses on helping its audience find and fix software flaws effectively.
…
continue reading
Automation, Generative AI, Shift Left - the world of application security is evolving fast! Security Journey introduces the newest go-to AppSec resource, The Security Champions Podcast, hosted by Director of Application Security Michael Burch.Gain exclusive insight from software development leaders and security experts – from recounting their security champion journey to diving into the latest headlines in the AppSec world. Learn how to build, maintain and scale a successful software securit ...
…
continue reading
Strange tales of hacking, tech, internet grifters, AI, and security with Jordan & Scott. Are internet hitmen really a thing? What does someone do with a crypto wallet full of millions and a lost password? Did a Minecraft scammer really hack the president? Hacked is a technology show about people hacking things together and apart, with your old pals Jordan Bloemen and Scott Francis Winder. Get at us via [email protected].
…
continue reading
A podcast about the world of Cybersecurity, Privacy, Compliance, and Regulatory issues that arise in today's workplace. Co-hosts Bryan Brake, Brian Boettcher, and Amanda Berlin teach concepts that aspiring Information Security professionals need to know, or refresh the memories of seasoned veterans.
…
continue reading
Deception, influence, and social engineering in the world of cyber crime.
…
continue reading
About all things AppSec, DevOps, and DevSecOps. Hosted by Mike Shema and John Kinsella, the podcast focuses on helping its audience find and fix software flaws effectively.
…
continue reading
Welcome to the Security Weekly Podcast Network, your all-in-one source for the latest in cybersecurity! This feed features a diverse lineup of shows, including Application Security Weekly, Business Security Weekly, Paul's Security Weekly, Enterprise Security Weekly, and Security Weekly News. Whether you're a cybersecurity professional, business leader, or tech enthusiast, we cover all angles of the cybersecurity landscape. Tune in for in-depth panel discussions, expert guest interviews, and ...
…
continue reading
If you know how attacks work, you’ll know exactly where to look—whether you’re breaking in as an ethical hacker or defending as a blue teamer. Hacked & Secured: Pentest Exploits & Mitigations breaks down real-world pentest findings, exposing how vulnerabilities were discovered, exploited, and mitigated. Each episode dives into practical security lessons, covering attack chains and creative exploitation techniques used by ethical hackers. Whether you're a pentester, security engineer, develop ...
…
continue reading
Shared Security is your premier cybersecurity and privacy podcast where we explore the bonds shared between people and technology. Join industry experts Tom Eston, Scott Wright, and Kevin Johnson as they deliver the latest news, actionable tips, expert guidance, and insightful interviews with top cybersecurity and privacy specialists. Stay informed and take control of your online security and privacy in today’s interconnected world. Tune in every week to discover invaluable insights, strateg ...
…
continue reading
Code to Cloud is the podcast for builders—founders, engineers, and tech leaders—shipping the future of cloud, faster. From MVP to hyperscale, we dive into what really matters: cloud-native infrastructure, DevSecOps, AI integration, adaptive strategies, and modern app development. Hosted by Kevin Evans, a 25-year tech veteran, Senior Technologist at Microsoft, and fractional CTO at Code to Cloud, each episode delivers tactical conversations with engineering leaders, startup operators, and clo ...
…
continue reading
The mnemonic security podcast is a place where IT Security professionals can go to obtain insight into what their peers are working with and thinking about.
…
continue reading
Cybersecurity is complex. Its user experience doesn’t have to be. Heidi Trost interviews information security experts about how we can make it easier for people—and their organizations—to stay secure.
…
continue reading
Error Code is a biweekly narrative podcast that provides you both context and conversation with some of the best minds working today toward code resilience and dependability. Work that can lead to autonomous vehicles and smart cities. It’s your window in the research solving tomorrow’s code problems today.
…
continue reading
Security Ledger is an independent security news website that explores the intersection of cyber security with business, commerce, politics and everyday life. Security Ledger provides well-reported and context-rich news and opinion about computer security topics that matter in our IP-enabled homes, workplaces and daily lives.
…
continue reading
Daily cybersecurity news for practitioners. Vulnerabilities, defenses, threats, network security insight, research and more to make you sound smarter as you get to the office in the morning. New each weekday.
…
continue reading
The OWASP Podcast Series is a recorded series of discussions with thought leaders and practitioners who are working on securing the future for coming generations.
…
continue reading
Updates on the latest cybersecurity threats to businesses, data breach disclosures, and how you can secure your firm in an increasingly risky time.
…
continue reading
A podcast focusing on the intersection between cybersecurity, national security, and geopolitics
…
continue reading
Felix takes a weekly look at Internet of Things (IoT) cyber security. Perfect for IoT project managers, developers, and those learning about penetration testing in this niche area. Email Felix using [email protected] Find You Gotta Hack That on Twitter @gotta_hack yougottahackthat.com
…
continue reading
Main AI by CodeRabbit is a podcast that brings you deep conversations with legendary developers who've shaped the tools we use every day. We explore how artificial intelligence is transforming software development while celebrating the creators and tools that built our foundation. Each episode features intimate discussions about building developer tools, maintaining open source projects, and navigating the evolution of technology.
…
continue reading
discussions on topics connected with software development; privacy, security, management, tools, techniques, skills, training, business, soft skills, health
…
continue reading
Join host Chris Lindsey as he digs into the world of Application Security with experts from leading enterprises. Each episode is theme based, so it's more conversational and topic based instead of the general interview style. Our focus is growing your knowledge, providing useful tips and advice. With Chris' development background of 35 years, 15+ years of secure coding and 3+ years running an application security program for large enterprise, the conversations will be deep and provide a lot ...
…
continue reading
Shared Security is your premier cybersecurity and privacy podcast where we explore the bonds shared between people and technology. Join industry experts Tom Eston, Scott Wright, and Kevin Johnson as they deliver the latest news, actionable tips, expert guidance, and insightful interviews with top cybersecurity and privacy specialists. Stay informed and take control of your online security and privacy in today's interconnected world. Tune in every week to discover invaluable insights, strateg ...
…
continue reading
Technology and Security (TS) explores the intersections of emerging technologies and security. It is hosted by Dr Miah Hammond-Errey. Each month, experts in technology and security join Miah to discuss pressing issues, policy debates, international developments, and share leadership and career advice. https://miahhe.com/about-ts | https://stratfutures.com
…
continue reading
The law affects our lives and our society in many unique and profound ways. Reasonably Speaking, produced by The American Law Institute, features interviews with legal experts on some of the most important legal topics of our time. Each episode takes you through the law in action, beyond courtrooms and casebooks. Whether you are a legal scholar or a concerned citizen, this examination of the relationship between our laws and our society will leave you with a better understanding of how we go ...
…
continue reading
The world of application development moves quickly. New tools, new processes, and new threats are always popping up. Through enlightening interviews with industry leaders, From Code to the Cloud helps you stay on top of new developments in Low Code and Salesforce DevOps.
…
continue reading
Join us for interesting conversations about technology and the business of IT.
…
continue reading
A weekly podcast of all things application security related. Hosted by Ken Johnson and Seth Law.
…
continue reading
DevOps was always meant to include security, but in reality, the cultures didn’t align—leaving many organizations without a mature DevSecOps strategy. So how do you complete the DevSecOps journey? Join Techstrong and Checkmarx for DevSecOps: Cracking the Code, a new webinar series packed with expert insights and actionable advice to help you successfully evolve from DevOps to DevSecOps.
…
continue reading
Cyber Security News, Analysis and Opinion
…
continue reading
Welcome to For a Cloudy Day, the podcast where we talk about the cloud technology industry with insights from experts. Hosted by Co-native, the home of cloud specialists.
…
continue reading
Redefining CyberSecurity Podcast Hosted by Sean Martin, CISSP Have you ever thought that we are selling cybersecurity insincerely, buying it indiscriminately, and deploying it ineffectively? For cybersecurity to be genuinely effective, we must make it consumable and usable. We must also bring transparency and honesty to the conversations surrounding the methods, services, and technologies upon which businesses rely. If we are going to protect what matters and bring value to our companies, ou ...
…
continue reading
An IFPOD production for IFPO the very first security podcast called Security Circle. IFPO is the International Foundation for Protection Officers, and is an international security membership body that supports front line security professionals with learning and development, mental Health and wellbeing initiatives.
…
continue reading
A weekly podcast about web design and development with a little zest from Amy Dutton and Brad Garropy
…
continue reading
Larry and Kerry talk about parenting issues during Covid-19 isolation period
…
continue reading
Breaking the Internet is a podcast about tech for tech - but we’re not like other girls. Serena (@shenetworks) and Ali (@endingwithali) take to the mic to talk about the industry, trends, history and more.
…
continue reading
Software's best weekly news brief, deep technical interviews & talk show.
…
continue reading
Join us for Simply Defensive, a podcast dedicated to exploring the world of defensive cybersecurity through the lens of real-world experts. In each episode, we'll interview leading professionals from the cybersecurity industry, delving into their experiences, challenges, and innovative solutions. Whether you're a seasoned cybersecurity veteran or just starting to learn about the field, Simply Defensive offers valuable insights and practical advice to help you stay ahead of the curve. Tune in ...
…
continue reading
Talk Python to Me is a weekly podcast hosted by developer and entrepreneur Michael Kennedy. We dive deep into the popular packages and software developers, data scientists, and incredible hobbyists doing amazing things with Python. If you're new to Python, you'll quickly learn the ins and outs of the community by hearing from the leaders. And if you've been Pythoning for years, you'll learn about your favorite packages and the hot new ones coming out of open source.
…
continue reading
1
Software Engineering Institute (SEI) Podcast Series
Members of Technical Staff at the Software Engineering Institute
51
411
The SEI Podcast Series presents conversations in software engineering, cybersecurity, and future technologies.
…
continue reading
A short summary of the latest cyber security news and trends, from the perspective of business leaders and owners. Hosts Trish and Tom provide plain English explanations along with practical advice to keep your business safe and secure from cyber crime and disruption. For cyber security help and advice, speak to Cool Waters Cyber: www.cool-waters.co.uk
…
continue reading
Daily Security Review, the premier source for news and information on security threats, Ransomware and vulnerabilities
…
continue reading
1
Malware-as-Code: The Rise of DaaS on GitHub and the Collapse of Open-Source Trust
39:46
39:46
Play later
Play later
Lists
Like
Liked
39:46
In this episode, we dissect one of the most sophisticated ongoing cybercrime trends—malware campaigns weaponizing GitHub repositories to compromise developers, gamers, and even rival hackers. By abusing GitHub’s search functionality and reputation signals, threat actors are pushing backdoored code under the guise of popular tools, game cheats, and …
…
continue reading
1
AI in AppSec: Agentic Tools, Vibe Coding Risks & Securing Non-Human Identities - Mo Aboul-Magd, Shahar Man, Brian Fox, Mark Lambert - ASW #332
1:04:35
1:04:35
Play later
Play later
Lists
Like
Liked
1:04:35
ArmorCode unveils Anya—the first agentic AI virtual security champion designed specifically for AppSec and product security teams. Anya brings together conversation and context to help AppSec, developers and security teams cut through the noise, prioritize risks, and make faster, smarter decisions across code, cloud, and infrastructure. Built into …
…
continue reading
1
AI in AppSec: Agentic Tools, Vibe Coding Risks & Securing Non-Human Identities - Mo Aboul-Magd, Brian Fox, Mark Lambert, Shahar Man - ASW #332
1:04:35
1:04:35
Play later
Play later
Lists
Like
Liked
1:04:35
ArmorCode unveils Anya—the first agentic AI virtual security champion designed specifically for AppSec and product security teams. Anya brings together conversation and context to help AppSec, developers and security teams cut through the noise, prioritize risks, and make faster, smarter decisions across code, cloud, and infrastructure. Built into …
…
continue reading
1
SANS Stormcast Thursday, May 22nd 2025: Crypto Confidence Scams; Extension Mayhem for VS Code and Chrome
6:21
6:21
Play later
Play later
Lists
Like
Liked
6:21
New Variant of Crypto Confidence Scam Scammers are offering login credentials for what appears to be high value crypto coin accounts. However, the goal is to trick users into paying for expensive VIP memberships to withdraw the money. https://isc.sans.edu/diary/New%20Variant%20of%20Crypto%20Confidence%20Scam/31968 Malicious Chrome Extensions Malici…
…
continue reading
1
EP 62: Defending the Unknown in OT Security
31:38
31:38
Play later
Play later
Lists
Like
Liked
31:38
ROI is always a tricky subject in cybersecurity. If you’re paying millions of dollars in securing your OT networks, you’d want to be able to show that it was worth it. Andrew Hural of UnderDefense talks about the need for continuous vigilance, risk management, and proactive defense, acknowledging both the human and technological elements in cyberse…
…
continue reading
1
Secure Code Reviews, LLM Coding Assistants, and Trusting Code - Rey Bango, Karim Toubba, Gal Elbaz - ASW #330
1:09:38
1:09:38
Play later
Play later
Lists
Like
Liked
1:09:38
Developers are relying on LLMs as coding assistants, so where are the LLM assistants for appsec? The principles behind secure code reviews don't really change based on who write the code, whether human or AI. But more code means more reasons for appsec to scale its practices and figure out how to establish trust in code, packages, and designs. Rey …
…
continue reading
1
From code to command. AI, human judgement and security with Dr Zena Aassad
42:06
42:06
Play later
Play later
Lists
Like
Liked
42:06
In this episode of Technology & Security, Dr. Miah Hammond-Errey is joined by Dr Zena Assaad to explore the technical, human, ethical, and geopolitical dimensions of artificial intelligence. From workforce disruption to military application, this episode unpacks the complex ways AI is reshaping leadership, war, jobs and global power structures. Dr …
…
continue reading
Connect with us! 🔒 Ctrl + Alt + Secure – Where Cyber Meets the Boardroom In this episode, Kevin Evans and Dom Vogel break down the realities of cybersecurity in today’s world—from the fundamentals to the strategies that help businesses stay ahead. We dive into why cyber has become mainstream for organizations and why now is the time to get on board…
…
continue reading
1
Cybersecurity Month in Review: Uncovering Digital and Physical Threats
48:37
48:37
Play later
Play later
Lists
Like
Liked
48:37
In this episode of the 'Cybersecurity Today: The Month in Review' show, host Jim welcomes regular guests Laura Payne and David Shipley, along with newcomer Anton Levaja. The trio dives deep into various cybersecurity stories, analyzing trends, threats, and recent incidents. Topics include the intriguing Mystery Leaker exposing cyber criminals, the …
…
continue reading
1
Elsa, Redline, ChaosRat, iMessage, Bladed Feline , Aaran Leyland, and More... - SWN #483
34:00
34:00
Play later
Play later
Lists
Like
Liked
34:00
Elsa, Redline, ChaosRat, iMessage, Bladed Feline , Aaran Leyland, and More on this episode of the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-483
…
continue reading
1
Adventures in babysitting coding agents (Friends)
1:33:58
1:33:58
Play later
Play later
Lists
Like
Liked
1:33:58
The ever-provocative Steve Yegge joins us fresh off a vibe coding bender so productive, he wrote a book on the topic alongside award-winning author Gene Kim. Steve tells us why he believes the IDE is dead, why babysitting AI agents is more fun than coding, when vibe coding might take over the enterprise, how software devs should approach coding age…
…
continue reading
1
#508: Program Your Own Computer with Python
1:11:56
1:11:56
Play later
Play later
Lists
Like
Liked
1:11:56
If you've heard the phrase "Automate the boring things" for Python, this episode starts with that idea and takes it to another level. We have Glyph back on the podcast to talk about "Programming YOUR computer with Python." We dive into a bunch of tools and frameworks and especially spend some time on integrating with existing platform APIs (e.g. ma…
…
continue reading
1
Cyber Extortion, Ukraine's Cyber Offensive, and Chrome Trust Shake-up
12:19
12:19
Play later
Play later
Lists
Like
Liked
12:19
Cybersecurity Today, hosted by Jim Love, delves into the latest in cyber threats. Cyber criminals have breached 20 organizations via convincing fake IT support calls, targeting Salesforce data for extortion. Ukraine's intelligence claims a significant cyber operation against Russia's aircraft manufacturer, stealing sensitive data and highlighting U…
…
continue reading
1
SANS Stormcast Friday, June 6th, 2025: Fake Zoom Clients; Python tarfile vulnerability; HPE Insight Remote Support Patch
5:01
5:01
Play later
Play later
Lists
Like
Liked
5:01
Be Careful With Fake Zoom Client Downloads Miscreants are tricking victims into downloading fake Zoom clients (and likely other meeting software) by first sending them fake meeting invites that direct victims to a page that offers malware for download as an update to the Zoom client. https://isc.sans.edu/diary/Be%20Careful%20With%20Fake%20Zoom%20Cl…
…
continue reading
1
ClickFix: How Fake Browser Errors Became the Internet’s Most Dangerous Trap
47:15
47:15
Play later
Play later
Lists
Like
Liked
47:15
In this episode, we dive deep into ClickFix, also tracked as ClearFix or ClearFake—a highly effective and deceptive malware delivery tactic that emerged in early 2024. ClickFix exploits the human tendency to trust browser prompts by using fake error messages, CAPTCHA pages, and verification requests to convince users to execute malicious PowerShell…
…
continue reading
1
Updating & Protecting Linux Systems - PSW #877
1:05:23
1:05:23
Play later
Play later
Lists
Like
Liked
1:05:23
Two parts to this episode: Tech Segment: Updating Linux Systems - Beyond apt-get upgrade * Custom scripts for ensuring your Linux systems are up-to-date * topgrade - tutorial for using topgrade to update Linux systems on various Linux distributions Discussion Topic: Anti-Malware and/or EDR on Linux Platforms * PCI calls for scanning Linux systems *…
…
continue reading
1
Exposed and Extorted: The ViLE Hackers and the Legal Gaps Enabling Doxing
47:31
47:31
Play later
Play later
Lists
Like
Liked
47:31
Cybercrime is rapidly evolving—and so are its tactics. In this episode, we dissect the findings of SoSafe’s Cybercrime Trends 2025 report and explore the six key trends reshaping the global threat landscape, including AI as an attack surface, multichannel intrusions, and the rising exploitation of personal identities. But we don’t stop at theory. W…
…
continue reading
We’re on location at Microsoft Build 2025 with Amanda Silver, Corporate Vice President of Microsoft’s Developer Division. Amanda leads product, design, user research, and engineering systems for some of the tools you use every day. We discuss the latest AI announcements from Microsoft at Build 2025, how AI is reshaping development tools, what’s nex…
…
continue reading
This week, our hosts Joe Carrigan, and Maria Varmazis (also host of the T-Minus Space Daily show) are sharing the latest in social engineering scams, phishing schemes, and criminal exploits that are making headlines. We start with some follow-up from a listener on class action settlements: they’re a class action attorney …
…
continue reading
1
SANS Stormcast Thursday, June 5th, 2025: Phishing Comment Trick; AWS default logging mode change; Cisco Backdoor Fixed; Infoblox Vulnerability Details Released
5:26
5:26
Play later
Play later
Lists
Like
Liked
5:26
Phishing e-mail that hides malicious links from Outlook users Jan found a phishing email that hides the malicious link from Outlook users. The email uses specific HTML comment clauses Outlook interprets to render or not render specific parts of the email s HTML code. Jan suggests that the phishing email is intented to not expose users of https://is…
…
continue reading
1
Chrome Under Fire: Three Zero-Days, One Month, and Nation-State Exploits
28:23
28:23
Play later
Play later
Lists
Like
Liked
28:23
In this episode, we dive deep into three actively exploited zero-day vulnerabilities discovered in Google Chrome in 2025, each of which was patched in rapid succession following targeted attacks. At the center is CVE-2025-5419, a high-severity out-of-bounds read/write flaw in the V8 JavaScript engine that allows attackers to exploit heap corruption…
…
continue reading
1
Australia Forces Transparency: The World’s First Mandatory Ransomware Payment Reporting Law
1:02:01
1:02:01
Play later
Play later
Lists
Like
Liked
1:02:01
Australia just made cyber history. On May 30, 2025, the nation became the first in the world to enforce mandatory ransomware payment reporting under the newly enacted Cyber Security Act 2024. In this episode, we dissect what this means for businesses, law enforcement, and the global cybersecurity landscape. We break down the key aspects of the legi…
…
continue reading
1
$25M for AI Email Security: Trustifi’s Big Bet on the MSP Market
32:00
32:00
Play later
Play later
Lists
Like
Liked
32:00
In this episode, we dive into Trustifi’s recent $25 million Series A funding round, led by growth equity firm Camber Partners. Specializing in AI-powered email security, Trustifi has now raised a total of $29 million to accelerate its product development, go-to-market strategy, and global marketing initiatives—especially in the MSP space. We unpack…
…
continue reading
1
Making Process Respectable Again: Advancing DevSecOps in the DoD Mission Space
44:26
44:26
Play later
Play later
Lists
Like
Liked
44:26
Warfighters in the Department of Defense (DoD) operate in high-stakes environments where security, efficiency, and speed are critical. In such environments DevSecOps has become crucial in the drive toward modernization and overall mission success. A recent study led by researchers at the Carnegie Mellon University Software Engineering Institute (SE…
…
continue reading
1
Regain Control of Business Risks, Your Leadership Habits, and Being Present - Alla Valente - BSW #398
1:18:17
1:18:17
Play later
Play later
Lists
Like
Liked
1:18:17
During times of volatility, business leaders often don’t know what they are able to change or even what they should change. At precisely these times, business leaders become risk leaders and need to quickly learn how to identify what is within their control and what isn’t — to not only survive but thrive. Alla Valente, Principal Analyst at Forreste…
…
continue reading
1
David Kosorok - Mastering Application Security
1:02:58
1:02:58
Play later
Play later
Lists
Like
Liked
1:02:58
David Kosorok, the Director of Information Security Programs at Toast, Inc., has over 25 years of experience in software and security testing - including more than 16 years dedicated to security. He’s led and scaled product security programs across organizations of all sizes, making him a trusted voice in the appsec space. In this episode of The Se…
…
continue reading
1
Emergency Patches, Ransomware Exposes, and Rising QR Code Scams
10:51
10:51
Play later
Play later
Lists
Like
Liked
10:51
In this episode of Cybersecurity Today, host Jim Love discusses the latest urgent security updates and cyber threats. Google has released an emergency Chrome patch to fix a high-severity zero-day vulnerability, while Microsoft issued an emergency patch to resolve Windows 11 boot failures caused by their May 2025 update. A mysterious whistleblower k…
…
continue reading
1
SANS Stormcast Wednesday, June 4th, 2025: vBulletin Exploited; Chrome 0-Day Patch; Roundcube RCE Patch; Multiple HP StoreOnce Vulns Patched
7:25
7:25
Play later
Play later
Lists
Like
Liked
7:25
vBulletin Exploits CVE-2025-48827, CVE-2025-48828 We do see exploit attempts for the vBulletin flaw disclosed about a week ago. The flaw is only exploitable if vBulltin is run on PHP 8.1, and was patched over a year ago. However, vBulltin never disclosed the type of vulnerability that was patched. https://isc.sans.edu/diary/vBulletin%20Exploits%20%…
…
continue reading
1
Bovril, Deranged, Crocodilus, Cartier, Jinx, Conti, Scattered Spider, Josh Marpet... - SWN #482
37:10
37:10
Play later
Play later
Lists
Like
Liked
37:10
Bovril, Deranged Hookworm, Crocodilus, Cartier, Jinx, Conti, Scattered Spider, Josh Marpet, and more on the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-482
…
continue reading
1
Google Chrome vs. Failing CAs: The Policy Behind the Distrust
55:25
55:25
Play later
Play later
Lists
Like
Liked
55:25
In this episode, we dissect Google's recent and upcoming decisions to distrust several Certificate Authorities (CAs) within the Chrome Root Store, including Entrust, Chunghwa Telecom, and Netlock. These high-impact moves are rooted in Chrome's strict enforcement of compliance, transparency, and security standards for public trust. We explore the ro…
…
continue reading
1
CVE-2025-48827 & 48828: How vBulletin’s API and Template Engine Got Weaponized
1:35:55
1:35:55
Play later
Play later
Lists
Like
Liked
1:35:55
Two critical, actively exploited vulnerabilities in vBulletin forum software—CVE-2025-48827 and CVE-2025-48828—have put thousands of websites at immediate risk of full system compromise. In this episode, we dissect how these flaws, triggered by insecure usage of PHP’s Reflection API and abuse of vBulletin’s template engine, allow unauthenticated at…
…
continue reading
1
Ep 13: Andrew Amaro, Former CSIS Ops Lead
32:14
32:14
Play later
Play later
Lists
Like
Liked
32:14
What do spies, skateboarders, and startups have in common? Security. In this episode of Code and Country, former CSIS technical ops lead Andrew Amaro shares how his background in physical infiltration and cyber operations shaped his approach to enterprise security. We cover why insider threats remain the most overlooked risk, how physical access is…
…
continue reading
1
2025 UK Cyber Breaches Survey: What need to know - What you need to do
20:07
20:07
Play later
Play later
Lists
Like
Liked
20:07
Business Leaders Cyber Briefing - Episode 12: Key Takeaways What You'll Learn from This Episode Trish and Tom from Cool Waters Cyber break down the 2025 Cyber Security Breaches Survey findings to help UK financial services leaders understand their current risk landscape and improve their cyber defenses. Critical Insights for Business Leaders Your R…
…
continue reading
1
JINX-0132: How Cryptojackers Hijacked DevOps Infrastructure via Nomad and Docker
1:07:22
1:07:22
Play later
Play later
Lists
Like
Liked
1:07:22
In this episode, we dissect the JINX-0132 cryptojacking campaign — a real-world example of how threat actors are exploiting cloud and DevOps environments to mine cryptocurrency at scale. We unpack how cybercriminals targeted misconfigured Docker APIs, publicly exposed HashiCorp Nomad and Consul servers, and vulnerable Gitea instances — turning ente…
…
continue reading
1
AIs, MCPs, and the Acutal Work that LLMs Are Generating - ASW #333
39:06
39:06
Play later
Play later
Lists
Like
Liked
39:06
The recent popularity of MCPs is surpassed only by the recent examples deficiencies of their secure design. The most obvious challenge is how MCPs, and many more general LLM use cases, have erased two decades of security principles behind separating code and data. We take a look at how developers are using LLMs to generate code and continue our sea…
…
continue reading
1
AIs, MCPs, and the Acutal Work that LLMs Are Generating - ASW #333
39:06
39:06
Play later
Play later
Lists
Like
Liked
39:06
The recent popularity of MCPs is surpassed only by the recent examples deficiencies of their secure design. The most obvious challenge is how MCPs, and many more general LLM use cases, have erased two decades of security principles behind separating code and data. We take a look at how developers are using LLMs to generate code and continue our sea…
…
continue reading
1
AIs, MCPs, and the Acutal Work that LLMs Are Generating - ASW #333
39:06
39:06
Play later
Play later
Lists
Like
Liked
39:06
The recent popularity of MCPs is surpassed only by the recent examples deficiencies of their secure design. The most obvious challenge is how MCPs, and many more general LLM use cases, have erased two decades of security principles behind separating code and data. We take a look at how developers are using LLMs to generate code and continue our sea…
…
continue reading
1
OWASP server-side request forgery (noun) [Word Notes]
7:38
7:38
Play later
Play later
Lists
Like
Liked
7:38
Please enjoy this encore of Word Notes. An attack technique that leverages an unprotected web server as a proxy for attackers to send commands through to other computers.By N2K Networks
…
continue reading
Welcome in! You’ve entered, Only Malware in the Building. Join us each month to sip tea and solve mysteries about today’s most interesting threats. Your host is Selena Larson, Proofpoint intelligence analyst and host of their podcast DISCARDED. Inspired by the residents of a building in New York’s exclusive upper west side, Selena is jo…
…
continue reading
1
SANS Stormcast Tuesday, June 3rd, 2025: Windows SSH C2; Google Removes CAs from trusted list; MSFT issues Emergency Patch to fix Crash issue; Qualcom Adreno GPU 0-day
6:06
6:06
Play later
Play later
Lists
Like
Liked
6:06
Simple SSH Backdoor Xavier came across a simple SSH backdoor taking advantage of the ssh client preinstalled on recent Windows systems. The backdoor is implemented via an SSH configuration file that instructs the SSH client to connect to a remote system and forward a shell on a random port. This will make the shell accessible to anybody able to con…
…
continue reading
1
The 'developer replacement' hype cycle (News)
8:02
8:02
Play later
Play later
Lists
Like
Liked
8:02
We’re doing a live show in Denver this July, Danilo Alonso has seen the ‘developer replacement’ hype cycle many times, Dan Sinker says we’re in the Who Cares Era, Cap looks like a solid alternative to typical CAPTCHA solutions, Michael Flarup on the return of texture, depth, and expressiveness in UI & Kan is an open source alternative to Trello. Vi…
…
continue reading
1
Password Hashes Leaked via Linux Crash Handlers: The Truth Behind CVE-2025-5054 & 4598
16:11
16:11
Play later
Play later
Lists
Like
Liked
16:11
In this episode, we unpack two newly disclosed Linux vulnerabilities—CVE-2025-5054 and CVE-2025-4598—discovered by the Qualys Threat Research Unit (TRU). These race condition flaws impact Ubuntu’s apport and Red Hat/Fedora’s systemd-coredump, exposing a little-known but critical attack vector: core dumps from crashed SUID programs. We dive into how…
…
continue reading
1
Scaling SaaS Product Development and Engineering for Successful GROWTH!
1:01:42
1:01:42
Play later
Play later
Lists
Like
Liked
1:01:42
In this podcast Botond Seres and Dave Erickson examine techniques to grow SaaS product development and engineering with Drew Harris - Fractional Chief Technology & Product Officer of The1DrewHarris.com As a former SaaS CEO and seasoned technology leader, Drew has built, scaled, and optimized SaaS products that have powered businesses from startup t…
…
continue reading
1
Multi-Stage Phishing Attacks Now Use Google Infrastructure—Here’s How
13:51
13:51
Play later
Play later
Lists
Like
Liked
13:51
Recent phishing campaigns have entered a new phase—one where trust is weaponized. In this episode, we break down how cybercriminals are exploiting legitimate services like Google Apps Script and Google Firebase Storage to host phishing pages, evade detection, and steal credentials. Using cleverly crafted lures such as fake DocuSign notifications, i…
…
continue reading
1
S3 E8: Innovations in Cybersecurity: A Conversation with Threat Locker's John Liliston
27:21
27:21
Play later
Play later
Lists
Like
Liked
27:21
In the final episode of Season 3 on Simply Defensive, hosts Josh Mason and Wade Wells welcome John Liliston, the Product Director at ThreatLocker. John shares his journey into cybersecurity, his role at ThreatLocker, and his thoughts on the evolution of security solutions. He discusses ThreatLocker's approach to zero trust, the impact of AI on cybe…
…
continue reading
1
Inside the AVCheck Takedown: How Law Enforcement Disrupted a Key Cybercrime Tool
17:34
17:34
Play later
Play later
Lists
Like
Liked
17:34
In this episode, we unpack the international takedown of AVCheck, one of the largest counter antivirus (CAV) services used by cybercriminals to test and fine-tune malware before deployment. Led by Dutch authorities and supported by agencies from the U.S., Germany, France, and others, this operation marks a major win in Operation Endgame—a sweeping …
…
continue reading
1
SANS Stormcast Monday, June 2nd, 2025: PNG with RAT; Cisco IOS XE WLC Exploit; vBulletin Exploit
5:42
5:42
Play later
Play later
Lists
Like
Liked
5:42
A PNG Image With an Embedded Gift Xavier shows how Python code attached to a PNG image can be used to implement a command and control channel or a complete remote admin kit. https://isc.sans.edu/diary/A+PNG+Image+With+an+Embedded+Gift/31998 Cisco IOS XE WLC Arbitrary File Upload Vulnerability (CVE-2025-20188) Analysis Horizon3 analyzed a recently p…
…
continue reading
