Security Weekly Podcast Network (Audio)
Welcome to the Security Weekly Podcast Network, your all-in-one source for the latest in cybersecurity! This feed features a diverse lineup of shows, including Application Security Weekly, Business Security Weekly, Paul's Security Weekly, Enterprise Security Weekly, and Security Weekly News. Whether you're a cybersecurity professional, business leader, or tech enthusiast, we cover all angles of the cybersecurity landscape. Tune in for in-depth panel discussions, expert guest interviews, and breaking news on the latest hacking techniques, vulnerabilities, and industry trends. Stay informed and secure with the most trusted voices in cybersecurity!
info_outline
The Illusion of Control: Shadow IT, SSO Shortcomings, and the True Path to Security - Dave Lewis - ESW #413
06/30/2025
The Illusion of Control: Shadow IT, SSO Shortcomings, and the True Path to Security - Dave Lewis - ESW #413
Interview with Dave Lewis Organizations believe they have a firm grip on security with SSO and corporate IT policies, but in reality, shadow IT lurks in the background—expanding attack surfaces and exposing sensitive data. Employees bypass security controls for the sake of convenience, while SSO fails to provide the comprehensive security net organizations expect. Talk about the critical weaknesses in traditional SSO implementations, how shadow IT thrives under the radar, and why enterprises continue to experience data breaches despite security investments. Can cover real-world examples of security failures, highlight the role of human behavior in risk, and provide actionable strategies to regain control over enterprise security. This segment is sponsored by 1Password. Visit to learn more about them! Topic Segment: Is AI taking our jerbs or not? I listened to most of a over whether generative AI will be good enough to replace a lot of jobs (Daniel's take), or so bad that it won't take any (Marcus's take). I got frustrated though, because I feel like some foundational assumptions were ignored, and not enough examples were shared or prepared. Assumption #1: Jobs exist because work needs to be done. This is a false assumption. Check out a book called "Bullshit Jobs" to go down this particular rabbit hole. Assumption #2: The primary task of a job is the job. This is rarely the case, unless you work in the service industry. How much of a developer's job is writing code? A lot less than you think. Employees spend a massive amount of time communicating with other employees, via meetings, emails, Slack chats - can AI replace this? Maybe all that communication is wasteful and inefficient? Could be, but for every job AI supposedly replaces, it becomes someone else's job to manage that AI agent. Does all of middle management become expert prompt engineers, or do they also disappear with no employees to manage? Assumption #3: Jobs aren't already being replaced. They are, they're just not terribly visible jobs. That contractor your marketing team was using to build blog/SEO content? He's probably gone. The in-house or contract graphic designer? Probably gone. There's a whole swath of jobs out there, where quality isn't very important, but work needs to be produced, and those jobs are being actively replaced with generative AI. With that said, I don't see any full time jobs that require quality work and a lot of communication with other employees getting replaced. Yet? Ever? That's the question. The Enterprise News In this week's enterprise security news, Not much interesting funding to discuss Securonix acquires ThreatQuotient Cellebrite acquires Corellium (that sounds a lot like a rock bought a stone or a gem or something) Yet another free vulnerability database ChatGPT can now clandestinely record meetings Threat detection resources a VERY expensive Zoom call (for the victim) Should we stop using SOC2s? Should we give up on least privilege? How much did it cost to change HBO to HBO Max, then to Max, then back to HBO Max? Visit for all the latest episodes! Show Notes:
/episode/index/show/pauldotcom/id/37218160
info_outline
Broadcom, Direct Send, N0auth, UNFI, Cisco, Oneclik, Russ Beauchemin, and more... - SWN #489
06/27/2025
Broadcom, Direct Send, N0auth, UNFI, Cisco, Oneclik, Russ Beauchemin, and more... - SWN #489
Broadcom is coming for you, Direct Send, N0auth, UNFI, Cisco, Oneclik, Russ Beauchemin, and More on this episode of the Security Weekly News. Visit for all the latest episodes! Show Notes:
/episode/index/show/pauldotcom/id/37197875
info_outline
Is Vuln Management Dead? - HD Moore - PSW #880
06/26/2025
Is Vuln Management Dead? - HD Moore - PSW #880
This conversation explores the intersection of cybersecurity and emerging technologies, focusing on innovative hacking techniques, the evolution of vulnerability management, and the critical importance of asset discovery. The discussion also delves into the implications of cyber warfare, the persistent threat of default passwords, and the integration of open source tools in enhancing security measures. The conversation delves into various aspects of cybersecurity, focusing on aircraft tracking, data filtering, the evolution of vulnerability management, and the role of AI in enhancing security measures. The speakers discuss the challenges posed by default credentials and the shared responsibility model in cloud infrastructure. They also explore the limitations of AI in cybersecurity and the potential for future advancements, particularly in localized LLMs. The conversation delves into the intersection of technology, cybersecurity, and privacy, exploring the implications of AI on energy demands, vulnerabilities in telecom infrastructure, the complexities of network maintenance, and the challenges of ransomware negotiations. The discussion also touches on privacy concerns related to data tracking by major tech companies like Meta and Apple, as well as the evolving landscape of legal implications in the face of cyber threats. This segment is sponsored by runZero. Get complete visibility across your total attack surface in literally minutes - no agents, no authentication required. Start a free trial or access the free Community Edition at . HD Moore joins us to discuss finding all the things and how vulnerability management has changed. In the security news: Hacking from a light bulb Reverse engineering, the easy ways Detecting Jitter FCC probes into Cyber Trust Mark Bluetooth Jamming New Wifi Apple features: What could go wrong? Just turn off the Internet for the entire country Meta's Localhost tracking Hacking printers, for realz this time Are we not patching 2023 CVEs? Cleaning up legacy drivers One of the Best Hackers in the Country is an AI Bot Visit for all the latest episodes! Show Notes:
/episode/index/show/pauldotcom/id/37169015
info_outline
Thriving Through Volatility: Insights for CISOs - Jeff Pollard, Pejman (Pej) Roshan, Deepen Desai - BSW #401
06/25/2025
Thriving Through Volatility: Insights for CISOs - Jeff Pollard, Pejman (Pej) Roshan, Deepen Desai - BSW #401
In this episode, Mandy Logan, Summer Craze Fowler, Jason Albuquerque, and Jeff Pollard of Forrester discuss the challenges and strategies for CISOs in navigating volatility in the security landscape. They emphasize the importance of building relationships within the organization, particularly with the CFO, to manage budgets effectively. The conversation also covers the significance of communicating security needs in terms of compliance and customer requirements, maximizing budget through flex spending, and the role of automation and AI in enhancing security operations. Additionally, they highlight the need for effective data management to reduce costs and improve efficiency. In pre-recorded interviews from RSAC, learn the following! With the power of zero trust and AI, Zscaler help organizations strengthen and automate IT and security, reduce costs, and minimize complexity. Zscaler helps reduce the attack surface, block threats via full TLS inspection, and eliminate lateral threat movement. This segment is sponsored by Zscaler. Visit to learn more about them! The modern workspace, increasingly reliant on cloud-based applications, browser-first access, and AI integration, faces significant security challenges that outpace the capabilities of traditional tools. Legacy solutions, including VPNs and even early ZTNA implementations, are proving vulnerable to sophisticated attacks leading to data breaches and operational disruptions. The fundamental shift in how we work demands a new approach, one that closes the gaps left by the platform approach. We need the ability to 'trust nothing and click on anything with zero risk.' We need to take zero trust beyond the network that we operate and control. Future of Browser Security Webinar with Google: Browser security report: Global Cyber Gangs report: Everywhere Access White Paper: This segment is sponsored by Menlo Security. Visit to learn more about them! Visit for all the latest episodes! Show Notes:
/episode/index/show/pauldotcom/id/37137520
info_outline
The Rise of Malware: Salt Typhoon and Spark Kitty - SWN #488
06/24/2025
The Rise of Malware: Salt Typhoon and Spark Kitty - SWN #488
In this episode of Security Weekly News, Doug White discusses various cybersecurity threats, including the Salt Typhoon and Spark Kitty malware, the implications of Microsoft's decision to drop support for old hardware drivers, and the potential increase in cyber threats from Iran. The conversation also covers the alarming 16 billion password leak and the evolving landscape of password security, including the rise of passkeys and the challenges posed by AI in misinformation and social engineering. Visit for all the latest episodes! Show Notes:
/episode/index/show/pauldotcom/id/37138825
info_outline
How Fuzzing Barcodes Raises the Bar for Secure Code - Artur Cygan - ASW #336
06/24/2025
How Fuzzing Barcodes Raises the Bar for Secure Code - Artur Cygan - ASW #336
Fuzzing has been one of the most successful ways to improve software quality. And it demonstrates how improving software quality improves security. Artur Cygan shares his experience in building and applying fuzzers to barcode scanners, smart contracts, and just about any code you can imagine. We go through the useful relationship between unit tests and fuzzing coverage, nudging fuzzers into deeper code paths, and how LLMs can help guide a fuzzer into using better inputs for its testing. Resources Visit for all the latest episodes! Show Notes:
/episode/index/show/pauldotcom/id/37126610
info_outline
Rethinking Identity: IAM, PAM & Passwordless Trends from Identiverse - David Lee, Amit Masand, Chip Hughes, Ashley Stevenson, John Pritchard, Matt Caulfield - ESW #412
06/23/2025
Rethinking Identity: IAM, PAM & Passwordless Trends from Identiverse - David Lee, Amit Masand, Chip Hughes, Ashley Stevenson, John Pritchard, Matt Caulfield - ESW #412
In fast-paced, shared device environments like healthcare, manufacturing, and other critical industries, traditional access management approaches are falling short, quietly eroding both security and productivity. This episode explores how outdated methods, like shared credentials and clunky logins, create friction, increase risk, and undermine compliance. We’ll discuss what a modern, strategic access management approach looks like and how passwordless authentication solutions are closing the gap between security and usability. To learn more about passwordless authentication in healthcare and other critical industries, check out our whitepapers on the topic: This segment is sponsored by Imprivata. Visit to learn more about them! As digital identities multiply and certificate lifespans shrink, enterprises face growing challenges in securing trust across users, devices, and systems. This session explores why unifying PKI and IAM is essential to closing identity-related trust gaps and how platforms like DigiCert ONE—integrating PKI, DNS, and automation—help eliminate outages, streamline security operations, and future-proof organizations. This segment is sponsored by DigiCert. Visit to learn more about them! Identity-related attacks are now the dominant threat vector in cybersecurity, yet most organizations remain hindered by fragmented tools, siloed data, and disconnected teams. “Multiplayer AI” offers a new model for identity security, emphasizing interoperability between human experts and AI agents to create a unified, real-time system of systems. By fostering collaboration through open standards and shared intelligence, enterprises can close security gaps, reduce attacker dwell time, and respond faster—transforming identity security from isolated defense into coordinated resilience. This segment is sponsored by Radiant Logic. Visit to learn more about them! In this era of technological advancements where businesses are going digital and more cloud based while preferring remote work environment, cyber threats are surprising growing at the rate never seen before. This makes Identity and Access Management (IAM) and Privileged Access Management (PAM) no more an optional thing but a core crucial requirement. These are not just IT tools anymore- they are important for the security of people, data, and operations. More and more organizations from different industries are now turning to IAM and PAM as managed services to handle the growing complexity of access control and cybersecurity. Why? Because managing identity internally is becoming harder, more expensive, and riskier. With a trusted managed service partner, businesses gain expert support, 24/7 monitoring, scalability, and peace of mind—all while staying compliant and secure. This segment will explore how IAM and PAM managed services are helping companies reduce risk, simplify operations, and stay ahead of evolving security challenges. Whether you're an IT leader, security professional, or business decision-maker, you’ll learn why outsourcing identity and access management is quickly becoming a smart, strategic move for the modern enterprise This segment is sponsored by IDMEXPRESS. Visit to implement and manage IAM and PAM solutions tailored to your business needs. Duo's biggest announcement since push-MFA. Duo is defining the future of Identity by unveiling a solution that attackers will hate and users will love. This segment is sponsored by Cisco Duo. Visit to learn more about them! In this interview, we will explore the power of data-driven identity leadership and how organizations can leverage analytics to enhance their identity security strategies. Hear insights on aligning data with business goals, improving decision-making, and proactively managing risk. Learn how analytics can transform your identity program from reactive to strategic, driving measurable success. This segment is sponsored by Saviynt. Visit to learn more about them or get a free demo! Visit for all the latest episodes! Show Notes:
/episode/index/show/pauldotcom/id/37095410
info_outline
Donut Holes, clickfix, rapperbots, bad devs, war, Doug Rants about Backups, and More. - SWN #487
06/20/2025
Donut Holes, clickfix, rapperbots, bad devs, war, Doug Rants about Backups, and More. - SWN #487
Donut Holes, clickfix, rapperbots, bad devs, war, Doug Rants about Backups, and More on this episode of the Security Weekly News. Visit for all the latest episodes! Show Notes:
/episode/index/show/pauldotcom/id/37093600
info_outline
Hacking Drivers - PSW #879
06/19/2025
Hacking Drivers - PSW #879
This week: * The true details around Salt Typhoon are still unknown * The search for a portable pen testing device * Directories named "hacker2" are suspicious * Can a $24 cable compete with a $180 cable? * Hacking Tesla wall chargers * Old Zyxel exploits are new again * Hacking Asus drivers * Stealing KIAs - but not like you may think * Fake articles * Just give everything to LLMs, like Nmap * Retiring Floppy disks * An intern leaked secrets * Discord link hijacking * Cray vs. Raspberry PI * More car hacking with BMW Visit for all the latest episodes! Show Notes:
/episode/index/show/pauldotcom/id/37079590
info_outline
CISO Cyber Insurance Empowerment - Morey Haber, Peter Hedberg, Stephan Jou - BSW #400
06/18/2025
CISO Cyber Insurance Empowerment - Morey Haber, Peter Hedberg, Stephan Jou - BSW #400
In this episode of Business Security Weekly, Mandy Logan, along with guests Peter Hedberg, Summer Craze Fowler, and Ben Carr, delve into the complexities of cyber insurance and the empowerment of Chief Information Security Officers (CISOs). The discussion covers the evolving landscape of cyber insurance, the critical role of underwriting, and the importance of collaboration between CISOs and insurers. The guests share insights on risk assessment, the significance of incident response planning, and the need for CISOs to be recognized as key players in the boardroom. The conversation emphasizes the necessity of building strong relationships with insurers and leveraging data to enhance security measures. This month BeyondTrust released it's 12th annual edition of the Microsoft Vulnerabilities Report. The report reveals a record-breaking year for Microsoft vulnerabilities, and helps organizations understand, identify, and address the risks within their Microsoft ecosystems. Segment Resources: Insights Security Assessment Tool: For a copy of the Microsoft Vulnerabilities Threat Report: Blog re: Report: Stephan will discuss OpenText Core Threat Detection and Response, a new AI-powered solution designed to quickly spot and neutralize threats across an organization’s attack surface without the need to overhaul existing security stacks. He will also provide insights into the most dangerous threats facing enterprises today along with practical steps to mitigate them. This segment is sponsored by OpenText. Visit to learn more about them! This segment is sponsored by BeyondTrust. Visit to for a copy of the Microsoft Vulnerabilities Threat Report! Visit for all the latest episodes! Show Notes:
/episode/index/show/pauldotcom/id/37042550
info_outline
AI Zombie Lawyer, Scattered Spider, ASUS, Mainframes, GrayAlpha, Backups, Josh Marpet - SWN #486
06/17/2025
AI Zombie Lawyer, Scattered Spider, ASUS, Mainframes, GrayAlpha, Backups, Josh Marpet - SWN #486
AI Zombie Lawyers, Scattered Spider, ASUS, Mainframes, GrayAlpha, Backups, Josh Marpet, and more on the Security Weekly News. Visit for all the latest episodes! Show Notes:
/episode/index/show/pauldotcom/id/37046830
info_outline
Threat Modeling With Good Questions and Without Checklists - Farshad Abasi - ASW #335
06/17/2025
Threat Modeling With Good Questions and Without Checklists - Farshad Abasi - ASW #335
What makes a threat modeling process effective? Do you need a long list of threat actors? Do you need a long list of terms? What about a short list like STRIDE? Has an effective process ever come out of a list? Farshad Abasi joins our discussion as we explain why the answer to most of those questions is No and describe the kinds of approaches that are more conducive to useful threat models. Resources: In the news, learning from outage postmortems, an EchoLeak image speaks a 1,000 words from Microsoft 365 Copilot, TokenBreak attack targets tokenizing techniques, Google's layered strategy against prompt injection looks like a lot like defending against XSS, learning about code security from CodeAuditor CTF, and more! Visit for all the latest episodes! Show Notes:
/episode/index/show/pauldotcom/id/37031910
info_outline
Insider threats, migrating away from cloud, RSAC interviews with Cyera and Blumira - Rob Allen, Matthew Warner, Yotam Segev - ESW #411
06/16/2025
Insider threats, migrating away from cloud, RSAC interviews with Cyera and Blumira - Rob Allen, Matthew Warner, Yotam Segev - ESW #411
Segment 1 - Interview with Rob Allen from ThreatLocker This segment is sponsored by ThreatLocker. Visit to learn more about them! Segment 2 - Topic: Growing Trend - Edge Computing and Hybrid Cloud Segment 3 - Interviews from RSAC 2025 Cyera Cyera is the fastest-growing data security company in history, empowering companies to classify, secure, and manage their data, wherever it is, and leverage the power of the industry’s first AI native,unified Data Security Platform. Yotam Segev, Cyera’s CEO sits down with CyberRisk TV at RSAC Conference 2025 to discuss Cyera’s skyrocketing growth, its founding story and why an increasing number of Fortune500 companies are partnering with Cyera, and the company’s latest product release: Adaptive DLP, a new AI data loss prevention solution. Recent Cyera News: This segment is sponsored by Cyera. Visit to learn more about them! Blumira In the evolving world of cybersecurity, the shift from a purely threat-centric mindset to a focus on operational excellence is no longer just a trend—it’s a necessity. Matthew Warner, CEO and co-founder of Blumira, argues that this shift is particularly crucial for small and mid-sized businesses (SMBs) and the managed service providers (MSPs) that support them. Matthew believes that traditional SIEM and detection solutions have historically fallen short for these organizations, often due to their complexity, high cost, and steep learning curves. As a result, many SMBs have struggled to keep up with the sophistication of modern threats. Blumira was founded to change that. Matthew’s vision is rooted in democratizing security—making powerful, automated detection and response tools simple, affordable, and accessible for everyone, especially those who need them most. By designing platforms that prioritize operational excellence—efficiency, usability, and actionable intelligence—Blumira enables organizations to be proactive rather than reactive. During the conversation, Matthew will share insights into the latest technologies and trends transforming the cybersecurity space, and offer actionable guidance for IT decision-makers. He'll explore how shifting strategy from chasing every alert to building a solid, efficient operational foundation can lead to better outcomes and stronger protection in the long run. Security should be accessible to everyone. At Blumira, we’re building the future of detection and response — simple, smart, and built to empower the teams who need it most. Check out and take control of your security today. Visit for all the latest episodes! Show Notes:
/episode/index/show/pauldotcom/id/37002560
info_outline
$200,000 Zoom Call, Microsoft, Zero-Click, China & HD With $649 million of Bitcoin - SWN #485
06/13/2025
$200,000 Zoom Call, Microsoft, Zero-Click, China & HD With $649 million of Bitcoin - SWN #485
This week we have, $200,000 Zoom Call, Microsoft Teams, INTERPOL, Zero-Click, Junk Food, China & Hard Drive With $649 million of Bitcoin. Visit for all the latest episodes! Show Notes:
/episode/index/show/pauldotcom/id/37001405
info_outline
UEFI Vulnerabilities Galore - PSW #878
06/12/2025
UEFI Vulnerabilities Galore - PSW #878
This week: You got a Bad box, again Cameras are expose to the Internet EU and connected devices Hydrophobia NVRAM variables Have you heard about IGEL Linux? SSH and more NVRAM AI skeptics are nuts, and AI doesn't make you more efficient Trump Cybersecurity orders I think I can root my Pixel 6 Decentralized Wordpres plugin manager Threat actor naming conventions I have the phone number linked to your Google account Fortinet flaws exploited in ransomeware attacks (and how lack of information sharing is killing us) retiring floppy disks fault injection for the masses there is no defender AI blackmails Visit for all the latest episodes! Show Notes:
/episode/index/show/pauldotcom/id/36971205
info_outline
Security Money: The Index is Up, CISOs Need to Get Out, and Are You Burning Out? - BSW #399
06/11/2025
Security Money: The Index is Up, CISOs Need to Get Out, and Are You Burning Out? - BSW #399
This week, it’s time for security money. The index is up, but the previous quarterly results were brutal. In the leadership and communications segment, Get out of the audit committee: Why CISOs need dedicated board time, Quietly Burning Out? What To Do When Your Leadership Starts Lacking, How to rethink leadership to energize disengaged employees, and more! Visit for all the latest episodes! Show Notes:
/episode/index/show/pauldotcom/id/36937870
info_outline
Vixen Panda, NPM, Roundcube, IoT, 4Chan, Josh Marpet, and more... - SWN #484
06/10/2025
Vixen Panda, NPM, Roundcube, IoT, 4Chan, Josh Marpet, and more... - SWN #484
Vixen Panda, NPM, Roundcube, IoT, 4Chan, Josh Marpet, and more on the Security Weekly News. Visit for all the latest episodes! Show Notes:
/episode/index/show/pauldotcom/id/36941105
info_outline
Bringing CISA's Secure by Design Principles to OT Systems - Matthew Rogers - ASW #334
06/10/2025
Bringing CISA's Secure by Design Principles to OT Systems - Matthew Rogers - ASW #334
CISA has been championing Secure by Design principles. Many of the principles are universal, like adopting MFA and having opinionated defaults that reduce the need for hardening guides. Matthew Rogers talks about how the approach to Secure by Design has to be tailored for Operational Technology (OT) systems. These systems have strict requirements on safety and many of them rely on protocols that are four (or more!) decades old. He explains how the considerations in this space go far beyond just memory safety concerns. Segment Resources: Visit for all the latest episodes! Show Notes:
/episode/index/show/pauldotcom/id/36929255
info_outline
The enterprise security news, more secure by removing credentials, & RSAC interviews - Marty Momdjian, Amit Saha, Dr. Tina Srivastava - ESW #410
06/09/2025
The enterprise security news, more secure by removing credentials, & RSAC interviews - Marty Momdjian, Amit Saha, Dr. Tina Srivastava - ESW #410
Segment 1 - Enterprise Security News, Live at IDV This week, in the enterprise security news, Acquisitions potential IPOs Terminator Salvation in real life First $1B one-employee business? Mikko puts in his notice Pitch Black in real life, and more! Segment 2 - Interview with Dr. Tina Srivastava The #1 cause of data breaches is stolen credentials. What if we didn’t store credentials anymore? We explore Badge’s innovative approach—which enables users to generate a private key on the fly instead of storing credentials—to enhance security, solve key use cases such as shared devices, and deliver measurable ROI. Additionally, we'll uncover the unavoidable recovery flow challenges, where users must rely on a pre-enrolled recovery device or fallback passwords, and discuss what this means for enterprise security and cost savings. By shifting the paradigm toward ephemeral key generation, Badge eliminates stored credentials, optimizes enterprise cost savings, and future-proofs authentication. Segment Resources: Segment 3 - Interviews from RSAC 2025 Executive Interview with Saviynt Evolving compliance needs, overflowing tech stacks, and the ever-increasing number of types of enterprise identities — not to mention the complications resulting from business use of AI — means traditional identity platforms can't keep up with the needs of today's enterprises. Organizations need something smarter: converged, cloud-native and future-ready identity security that scales with enterprises as they grow, addressing their cybersecurity challenges today and in the future. Join us in this episode as we break down the shortcomings of legacy IAM and uncover how an intelligent, identity-centric approach sets enterprises on the path to success. Segment Resources: Learn more about Identity Cloud This segment is sponsored by Saviynt! To learn more or get a free demo, please visit Executive Interview with Ready1 Semperis has launched Ready1, a first-of-its-kind enterprise resilience platform designed to bring structure, speed, and coordination to cyber crisis management. The release of Ready1 coincides with Semperis’ new global study, The State of Enterprise Cyber Crisis Readiness, which highlights a dangerous gap between perceived readiness and real-world response capabilities. This segment is sponsored by Ready1, powered by Semperis. Visit to learn more about them! Visit for all the latest episodes! Show Notes:
/episode/index/show/pauldotcom/id/36897295
info_outline
Elsa, Redline, ChaosRat, iMessage, Bladed Feline , Aaran Leyland, and More... - SWN #483
06/06/2025
Elsa, Redline, ChaosRat, iMessage, Bladed Feline , Aaran Leyland, and More... - SWN #483
Elsa, Redline, ChaosRat, iMessage, Bladed Feline , Aaran Leyland, and More on this episode of the Security Weekly News. Visit for all the latest episodes! Show Notes:
/episode/index/show/pauldotcom/id/36895980
info_outline
Updating & Protecting Linux Systems - PSW #877
06/05/2025
Updating & Protecting Linux Systems - PSW #877
Two parts to this episode: Tech Segment: Updating Linux Systems - Beyond apt-get upgrade * Custom scripts for ensuring your Linux systems are up-to-date * topgrade - tutorial for using topgrade to update Linux systems on various Linux distributions Discussion Topic: Anti-Malware and/or EDR on Linux Platforms * PCI calls for scanning Linux systems * What tools exist for analyzing Linux systems? (AIDE, uac, chkrootkit) * Best Anti-Malware for Linux - Commercial tools, open-source, both, none? * ClamAV - fa-notify and the dangers Visit for all the latest episodes! Show Notes:
/episode/index/show/pauldotcom/id/36871120
info_outline
Regain Control of Business Risks, Your Leadership Habits, and Being Present - Alla Valente - BSW #398
06/04/2025
Regain Control of Business Risks, Your Leadership Habits, and Being Present - Alla Valente - BSW #398
During times of volatility, business leaders often don’t know what they are able to change or even what they should change. At precisely these times, business leaders become risk leaders and need to quickly learn how to identify what is within their control and what isn’t — to not only survive but thrive. Alla Valente, Principal Analyst at Forrester Research, joins Business Security Weekly to discuss how to Regain Control Over Business Risk With The Three E’s Framework, a report that provides a framework for identifying what is controllable and how to be smart when dealing with volatility. In the leadership and communications section, Cybersecurity for Mergers and Acquisitions – A CISO’s Guide, Your Employees Aren’t the Problem. Your Leadership Habits Are, When the Best Leadership Skill Is Just Being Present, and more! Visit for all the latest episodes! Show Notes:
/episode/index/show/pauldotcom/id/36838465
info_outline
Bovril, Deranged, Crocodilus, Cartier, Jinx, Conti, Scattered Spider, Josh Marpet... - SWN #482
06/03/2025
Bovril, Deranged, Crocodilus, Cartier, Jinx, Conti, Scattered Spider, Josh Marpet... - SWN #482
Bovril, Deranged Hookworm, Crocodilus, Cartier, Jinx, Conti, Scattered Spider, Josh Marpet, and more on the Security Weekly News. Visit for all the latest episodes! Show Notes:
/episode/index/show/pauldotcom/id/36839180
info_outline
AIs, MCPs, and the Acutal Work that LLMs Are Generating - ASW #333
06/03/2025
AIs, MCPs, and the Acutal Work that LLMs Are Generating - ASW #333
The recent popularity of MCPs is surpassed only by the recent examples deficiencies of their secure design. The most obvious challenge is how MCPs, and many more general LLM use cases, have erased two decades of security principles behind separating code and data. We take a look at how developers are using LLMs to generate code and continue our search for where LLMs are providing value to appsec. We also consider what indicators we'd look for as signs of success. For example, are LLMs driving useful commits to overburdened open source developers? Are LLMs climbing the ranks of bug bounty platforms? In the news, more examples of prompt injection techniques against LLM features in GitLab and GitHub, the value (and tradeoffs) in rewriting code, secure design lessons from a history of iOS exploitation, checking for all the ways to root, and NIST's approach to (maybe) measuring likely exploited vulns. Visit for all the latest episodes! Show Notes:
/episode/index/show/pauldotcom/id/36824035
info_outline
Building Cyber Resilience: AI Threats, Mid-Market Risks & Ransomware Trends - Karl Van den Bergh, Tony Anscombe, Eyal Benishti, Nick Carroll, Chad Alessi, Chris Peluso - ESW #409
06/02/2025
Building Cyber Resilience: AI Threats, Mid-Market Risks & Ransomware Trends - Karl Van den Bergh, Tony Anscombe, Eyal Benishti, Nick Carroll, Chad Alessi, Chris Peluso - ESW #409
Segment 1 CTG Interview Middle market companies face unique challenges in the ever-evolving cyber environment. Developing a comprehensive cybersecurity approach is a business imperative for middle market companies, and Chad Alessi will discuss the threat landscape, what’s keeping IT decision-makers awkward at night, and the best approach to creating a proactive security measure. This segment is sponsored by CTG. Visit to learn more about them! Nightwing Interview Nightwing divested from Raytheon in April 2024 and is entering another year of redefining national security. Amid emerging threats and shifting industry regulations and compliance frameworks, traditional security measures are no longer cutting it. As Cyber Incident Response Manager at Nightwing, Nick Carroll discusses how organizations can continue to build cyber resiliency and stay one step ahead in today’s threat landscape. This segment is sponsored by Nightwing. Visit to learn more about them! Segment 2 Libraesva Interview Generative AI is having a transformative effect across almost every industry, but arguably the area it has had the most significant impact is cybercrime. Discriminative AI can now learn to recognize what constitutes normal communication patterns, so anything out of the ordinary can be flagged. AI is also enabling human security analysts to automate the triage of reported emails, to rapidly identify false positives and keep up with emerging cybercriminal tactics. Finally, specialized Small Language Models (SLMs) using neural networks are able to analyze and comprehend the semantic intent of the message. This segment is sponsored by Libraesva. Visit to learn more about them! IRONSCALES Interview Phishing has evolved—fast. What started as basic email scams has transformed into AI-powered cyber deception. Phishing 1.0: Early phishing relied on spam emails, fake banking alerts, and malware links to trick users into clicking Phishing 2.0: Attackers got smarter—instead of mass emails, they started impersonating real people Phishing 3.0: Now, cybercriminals are using AI to generate fake but highly convincing voices, videos, and images IRONSCALES discusses the current gaps in SEG technology and will showcase industry-first innovations for protection against deepfakes. This segment is sponsored by IRONSCALES. Visit to learn more about them! Segment 3 Illumio Interview In the post-breach world, speed and clarity are essential for effective cybersecurity. Security teams are inundated with vast amounts of data, much of which is not actionable. To combat cyber threats—and level the playing field—defenders need precise intelligence to identify attacks, dynamically quarantine threats, and prevent cyber disasters, highlighting the power of the security graph. Segment Resources: More information about This segment is sponsored by Illumio. Visit for information on Illumio Insights or to sign up for a private preview! ESET Interview The ransomware landscape is rapidly changing. ESET global research team has been closely following ransomware gang disruptions, new players and how the RaaS business model continues to evolve. In this segment, Tony Anscombe will take a look into recent research, hacks and attacks, and explore how the industry and businesses are responding to combat financial risk and mitigate threats. Segment Resources: This segment is sponsored by ESET. Visit to learn more about them! Visit for all the latest episodes! Show Notes:
/episode/index/show/pauldotcom/id/36791700
info_outline
Edge, Safari, CISO Pay and Loathing, Fake AI, ASUS, OneDrive, Manus, Aaran Leyland... - SWN #481
05/30/2025
Edge, Safari, CISO Pay and Loathing, Fake AI, ASUS, OneDrive, Manus, Aaran Leyland... - SWN #481
Edge, Safari, CISO Pay and Loathing, Fake AI, ASUS, OneDrive, Manus, Aaran Leyland, and More on this episode of the Security Weekly News. Visit for all the latest episodes! Show Notes:
/episode/index/show/pauldotcom/id/36794685
info_outline
It's A Trap! - PSW #876
05/29/2025
It's A Trap! - PSW #876
In the security news: Vicious Trap - The malware hiding in your router Hacking your car WSL is open-source, but why? Using AI to find vulnerabilities - a case study Why you should not build your own password manager The inside scoop behind Lumma Infostealer Hacking a smart grill Hardcoded credentials on end of life routers and "Alphanetworks" SIM swapping is still happening LoRa for C2 Russian drones use Telegram Flipper Zero mod for the LOLZ Signal blocks Recall CISA loses more people Visit for all the latest episodes! Show Notes:
/episode/index/show/pauldotcom/id/36774415
info_outline
Quantum Readiness & Zero Trust: Strategies to Strengthen Digital Resilience - Jordan Avnaim, Chris Hickman, Amit Sinha, Albert Estevez Polo - BSW #397
05/28/2025
Quantum Readiness & Zero Trust: Strategies to Strengthen Digital Resilience - Jordan Avnaim, Chris Hickman, Amit Sinha, Albert Estevez Polo - BSW #397
This segment explores how automated microsegmentation addresses critical Zero Trust gaps overlooked by traditional access controls and legacy segmentation solutions. We'll examine the limitations of perimeter-based defenses in today's dynamic threat landscape and reveal how automated microsegmentation enhances network security beyond conventional firewalls. From cutting-edge innovations to expert insights, discover what security leaders should prioritize to stay ahead of evolving threats. This segment is sponsored by Zero Networks. Visit to learn more about them! In this segment, Keyfactor CSO Chris Hickman takes stock of industry progress towards quantum-resistant cryptography. Using recent guidance from NIST and his company’s data on which certificates and keys pose the largest threats to organization now, Chris unpacks what it means to be risk intelligent and quantum safe. Segment Resources: • Command Risk Intelligence press release: • Recent blog post on the transition to PQC: To learn more about the road to being quantum ready, stop by Keyfactor’s booth at the conference, number #748, or visit: As cyber threats become increasingly difficult to detect and the technology to combat them continues to evolve, organizations must be prepared to move faster than ever. Looking ahead, the rise of post-quantum computing will bring both new opportunities and challenges, further reshaping the cybersecurity landscape. With the launch of Entrust’s Cryptographic Security Platform (announcement coming April 16th) as a backdrop, Jordan can discuss why all organizations – large and small – must prioritize post-quantum preparedness before it’s too late. He can also address emerging fraud technologies (e.g., deepfakes, GenAI) and fraud attacks (account takeovers, synthetic identities, impersonation), which are drawing more attention to the need for cyber-resilient methods, such as post-quantum cryptography, to protect against new fraud risks in the digital future. This segment is sponsored by Entrust. Visit to learn more about them! As quantum computing advances, the security foundations of our digital world face unprecedented challenges. This session explores how integrating Public Key Infrastructure (PKI) and Domain Name System (DNS) technologies can fortify digital trust in the quantum era. We'll delve into strategies for transitioning to post-quantum cryptography, ensuring interoperability, and maintaining the integrity of digital communications. Join us to understand the roadmap for achieving quantum resilience and safeguarding the future of digital trust. Segment Resources: This segment is sponsored by DigiCert. Visit to learn more about them! Visit for all the latest episodes! Show Notes:
/episode/index/show/pauldotcom/id/36732765
info_outline
AP Tests, Hyper-V, Notepad, Google, Nova Scotia, NHI, Bond, Josh Marpet, and more... - SWN #480
05/27/2025
AP Tests, Hyper-V, Notepad, Google, Nova Scotia, NHI, Bond, Josh Marpet, and more... - SWN #480
AP Tests, Hyper-V, Notepad, Google, Nova Scotia, NHI, Bond, Josh Marpet, and more on the Security Weekly News. Visit for all the latest episodes! Show Notes:
/episode/index/show/pauldotcom/id/36737260
info_outline
AI in AppSec: Agentic Tools, Vibe Coding Risks & Securing Non-Human Identities - Mo Aboul-Magd, Shahar Man, Brian Fox, Mark Lambert - ASW #332
05/27/2025
AI in AppSec: Agentic Tools, Vibe Coding Risks & Securing Non-Human Identities - Mo Aboul-Magd, Shahar Man, Brian Fox, Mark Lambert - ASW #332
ArmorCode unveils Anya—the first agentic AI virtual security champion designed specifically for AppSec and product security teams. Anya brings together conversation and context to help AppSec, developers and security teams cut through the noise, prioritize risks, and make faster, smarter decisions across code, cloud, and infrastructure. Built into the ArmorCode ASPM Platform and backed by 25B findings, 285+ integrations, natural language intelligence, and role-aware insights, Anya turns complexity into clarity, helping teams scale securely and close the security skills gap. Anya is now generally available and included as part of the ArmorCode ASPM Platform. Visit to request a demo! As 'vibe coding", the practice of using AI tools with specialized coding LLMs to develop software, is making waves, what are the implications for security teams? How can this new way of developing applications be made secure? Or have the horses already left the stable? Segment Resources: This segment is sponsored by Backslash. Visit to learn more about them! The rise of AI has largely mirrored the early days of open source software. With rapid adoption amongst developers who are trying to do more with less time, unmanaged open source AI presents serious risks to organizations. Brian Fox, CTO & Co-founder of Sonatype, will dive into the risks associated with open source AI and best practices to secure it. Segment Resources: This segment is sponsored by Sonatype. Visit to learn more about Sonatype's AI SCA solutions! The surge in AI agents is creating a vast new cyber attack surface with Non-Human Identities (NHIs) becoming a prime target. This segment will explore how SandboxAQ's AQtive Guard Discover platform addresses this challenge by providing real-time vulnerability detection and mitigation for NHIs and cryptographic assets. We'll discuss the platform's AI-driven approach to inventory, threat detection, and automated remediation, and its crucial role in helping enterprises secure their AI-driven future. To take control of your NHI security and proactively address the escalating threats posed by AI agents, visit to schedule an early deployment and risk assessment. Visit for all the latest episodes! Show Notes:
/episode/index/show/pauldotcom/id/36694250