Cams, Gelbwurst, Chrome, SCCM, CVES, SSHStalker, RAM, TikTok, Josh Marpet... - SWN #555
Security Weekly Podcast Network (Video)
Cams, Gelbwurst, Chrome, SCCM, CVES, SSHStalker, RAM, TikTok, Josh Marpet, and More on this episode of the Security Weekly News. Show Notes:
info_outline
AI Vulnerability Hunting - PSW #913
Security Weekly Podcast Network (Video)
In the security news: Viral AI prompts Things to do in your home security lab I can open your garage door They call me DKnife Beyondtrust RCE Cool AI device Robots need your body Meta is just full of scams, phishing, and malware Claude Opus 4.6 found more than 500 high-severity vulnerabilities Arista next gen firewalls and command injection Secure Boot updates The RCE AMD won't fix and why the article went away End of support means get it off the network Accidentally giving away $44 billion of Bitcoin Show Notes:
info_outline
Preparing For Q-Day as CISOs Face Quantum Disruption and Cyber Resilience Pressures - Sandy Carielli - BSW #434
Security Weekly Podcast Network (Video)
Quantum security has gone from being a theoretical idea filed away for some unknown future date to an urgent requirement driven by quantum computing advances and government and industry guidance. The thought of nation-state adversaries with a quantum computer that can conduct harvest-now-decrypt later attacks and forge digital signatures makes the threat more real than ever to executives, who have started to ask security leaders, “Are we quantum safe?” With Q-day estimates now within 10 years and moving ever closer — and with NIST deprecating existing asymmetric algorithm support in 2030...
info_outline
Idoru, Singapore, Gambling, Smartertools, Ivanti, ZeroDayRat, Twiki, Aaran Leyland... - SWN #554
Security Weekly Podcast Network (Video)
Idoru, Singapore, Gambling, Smartertools, Ivanti, ZeroDayRat, Twiki, Aaran Leyland, and More on the Security Weekly News. Show Notes:
info_outline
Bringing Strong Authentication and Granular Authorization for GenAI - Dan Moore - ASW #369
Security Weekly Podcast Network (Video)
When it comes to agents and MCPs, the interesting security discussion isn't that they need strong authentication and authorization, but what that authn/z story should look like, where does it get implemented, and who implements it. Dan Moore shares the useful parallels in securing APIs that should be brought into the world of MCPs -- especially because so many are still interacting with APIs. Resources Show Notes:
info_outline
Clickfixed, Zero Trust World, and OpenClaw is out of control - but that's the point - Rob Allen - ESW #445
Security Weekly Podcast Network (Video)
Interview Segment - Rob Allen - Clickfix "Clickfix" attacks aren't new, but they're certainly more common these days. Rob Allen joins us to help us understand what they are, why they work on your employees, and how to stop them! We tie it into infostealers and ransomware actors. Plenty of practical recommendations for how to spot and prevent these attacks in your environment, don't miss it! This segment is sponsored by ThreatLocker. Visit to learn more about them! Interview Segment - Rob Allen - Zero Trust World Threatlocker's 6th annual Zero Trust World event is happening next month! This...
info_outline
The smell of victory, Bongo Fury, Sysmon, Looker, Openclaw, Kimwolf, Josh Marpet - SWN #553
Security Weekly Podcast Network (Video)
The smell of victory, Bongo Fury, Sysmon, Antiques, Looker, Openclaw, Kimwolf, Josh Marpet, and More on this episode of the Security Weekly News. Show Notes:
info_outline
AI: No One Is Safe - PSW #912
Security Weekly Podcast Network (Video)
In the security news this week: Residential proxy abuse is everywhere this week: from Google’s takedown of IPIDEA to massive Citrix NetScaler scanning and the Badbox 2.0 botnet Supply chain fun time: Notepad++ updates were hijacked Attackers set their sights on: Ivanti EPMM, Dell Unity storage, Fortinet VPNs/firewalls, and ASUSTOR NAS devices Russian state hackers went after Poland’s grid Is ICE on a surveillance shopping spree and into hacking anti-ICE apps? Ukraine’s war-time Starlink problem is turning into a policy and controls experiment The AI security theme is alive and well with...
info_outline
Unexamined Leadership Behaviors as CEOs and CISOs Balance Cybersecurity Investments - Hacia Atherton - BSW #433
Security Weekly Podcast Network (Video)
For decades, leadership was judged by outputs such as profit, speed, and results. But the real competitive advantage now lies beneath the surface of your P&L: Your culture, trust, and psychology driving every decision, including cybersecurity. Hacia Atherton, the author of The Billion Dollar Blind$pot, joins Business Security Weekly to discuss the invisible human costs — fear, burnout, disengagement — quietly draining performance. She will discuss the silent costs of outdated leadership and gives you a playbook to fix them for good, including: Self Leadership Psychological Success...
info_outline
DBII, Notepad++, Covenant, Fancy Bear, CTFs, Firefox, AI Slop, Josh Marpet, and More - SWN #552
Security Weekly Podcast Network (Video)
DBII, Notepad++, Covenant, Fancy Bear, CTFs, Firefox, AI Slop, Josh Marpet, and More on the Security Weekly News. Show Notes:
info_outlineFirst Topic - Podcast Content Plans for 2026
Every year, I like to sit down and consider what the podcast should be focusing on. Not doing so ensures every single episode will be about AI and nobody wants that. Least of all, me. If I have one more all-AI episode, my head is going to explode.
With that said, most of what we talk about in this segment is AI (picard face palm.png). I think 2026 will be THE defining year for GenAI. Three years after the release of ChatGPT, I think we've hit peak GenAI hype and folks are ready for it to put up or shut up. We'll see winners grow and get acquired and losers pivot to something else. More than anything, I want to interview folks who have actually seen it work at scale, rather than just in a cool demo in a vendor sandbox.
Also on the agenda for this year:
- The battle against infostealers and session hijacking: we didn't have a good answer in 2025. When is it coming? Will it include Macs, despite them not having a traditional TPM?
- The state of trust in outsourcing and third party use (Cloud, MSSPs, SaaS, contractors): 2025 was not a good year for third parties. Lots of them got breached and caused their customers a lot of pain. Also, there's the state of balkanization between the US and... the rest of the entire world. Everyone outside the US seems to be trying to derisk their companies and systems from the Cloud Act right now.
- Vulnerability management market disruption: there are half a dozen startups already plotting to disrupt the market, likely to come out of stealth in 2026
- Future of the SOC: if it's not AI, what is it?
- What else???
What am I missing? What would you like to see us discuss? Please drop me a line and let me know: adrian.sanabria@cyberriskalliance.com
Topic 2: The state of cybersecurity hiring
This topic has been in the works for a while! Ayman had a whole podcast and book focused on all the paths people take to get into security. Jackie worked with WiSys on outlining pathways into a cybersecurity career.
Whether you're already in cyber or looking for a way in, this segment crams a lot of great advice into just 15-20 minutes.
Segment resources:
- Ayman's personal guide for getting into security
- https://www.wicys.org/wp-content/uploads/2025/10/WiCyS-Pathways-in-Cyber-PDF-9.24.25.pdf
News
Finally, in the enterprise security news,
- Fundings and acquisitions still strong in 2026!
- Santa might be done delivering gifts, but not protecting Macs!
- ClickFix attacks
- Weaponized Raspberry Pis
- MongoDB incidents for Christmas
- Top 10 Cyber attacks of 2025
- US gets tough on nation state hackers?
- Brute force attacks on Banks
- An AI Vending Machine
All that and more, on this episode of Enterprise Security Weekly.
Show Notes: https://securityweekly.com/esw-441