Security Weekly Podcast Network (Audio)

Welcome to the Security Weekly Podcast Network, your all-in-one source for the latest in cybersecurity! This feed features a diverse lineup of shows, including Application Security Weekly, Business Security Weekly, Paul's Security Weekly, Enterprise Security Weekly, and Security Weekly News. Whether you're a cybersecurity professional, business leader, or tech enthusiast, we cover all angles of the cybersecurity landscape. Tune in for in-depth panel discussions, expert guest interviews, and breaking news on the latest hacking techniques, vulnerabilities, and industry trends. Stay informed and secure with the most trusted voices in cybersecurity!

Say Easy, Do Hard - Crypto-Agility - BSW #440 03/25/2026

Scam Baiting, AI, and the New Grift Economy, Part 1 - Rinoa Poison - SWN #566 03/24/2026

Why Proactive Security Is Far Better Than Patching - Erik Nost - ASW #375 03/24/2026

Can AI help critical infrastructure, the state of the cyber market, and weekly news - Mike Privette, Kara Sprague - ESW #451 03/23/2026

Can AI help critical infrastructure, the state of the cyber market, and weekly news - Mike Privette, Kara Sprague - ESW #451 Interview with Kara Sprague - The AI Fix for Infrastructure’s Oldest Security Risks. Critical infrastructure, often built on decades-old systems and legacy code, remains vulnerable to cyberattacks. From pipelines and energy grids to transportation networks, we break down where critical infrastructure is vulnerable and how AI could potentially help strengthen defenses. Interview with Mike Privette - The State of the Cybersecurity Market Here at ESW, we use Mike Privette's Security, Funded newsletter to prepare for every news segment. His covers the latest fundings, acquisitions, public market performance, layoffs, and other pertinent market details every week. We particularly enjoy the weekly Vibe Check. In this interview, he joins us for the third year in a row, to discuss the most interesting insights from his annual . Post recording Adrian here: Whooooo, so this conversation was SO good, I decided to punt the news segment in favor of a part 2 with Mike, so enjoy! Also, though I punted the news segment, I did collect these stories and annotated them, so I think there's still some value in leaving them in the show notes. Scroll down for the links and my comments on each of these! Weekly Enterprise News Finally, in the enterprise security news, funding announcements seem to be ramping up before RSA Should security architects be shifting right? How McKinsley’s AI platform got hacked… by AI Amazon is having a bad time with AI lately Europe announces a Google Workspace/Microsoft 365 replacement Robot dogs are apparently guarding datacenters now Some much needed security humor in our squirrel stories before we all fly to San Francisco and lose our minds for a week All that and more, on this episode of Enterprise Security Weekly. Visit for all the latest episodes! Show Notes: /episode/index/show/pauldotcom/id/40563765

Ahab and Peewee Herman, Zoom, Vibe Hacking, SharePoint, Meta, AgeID, Josh Marpet - SWN #565 03/20/2026

Hacking IP KVMs & Reversing with Radare2 - Sergi Àlvarez - PSW #918 03/19/2026

Language of the Board as CISO-Board Time Falls Short and CISOs Struggle with Risk - Ben Wilcox - BSW #439 03/18/2026

AI Spicy Mode, Steam, Glassworm, Samsung, Stryker, Waymo, Cole Porter, and More - SWN #564 03/17/2026

Creating Better Security Guidance and Code with LLMs - Mark Curphey - ASW #374 03/17/2026

AI Governance, new book (Code War) from Allie Mellen, and the weekly news! - Jeremy Snyder, Allie Mellen - ESW #450 03/16/2026

Exposed: Bank Leak, Copilot Zero-Click, AI Agent Hijacks, Stryker Wipe & Josh Marpet - SWN #563 03/13/2026

Vulnerability Mis-Management - PSW #917 03/12/2026

Being Exploitable While Your Risk Tolerance Changes and You Unblock Innovation - Myke Lyons - BSW #438 03/11/2026

Precious Bodily Fluids, InstallFix, CISA, Claude, Overtime, Sim Swaps, Aaran Leyland - SWN #562 03/10/2026

Making Medical Devices Secure - Tamil Mathi - ASW #373 03/10/2026

Breaking in with CrashFix, supply chain security, and CMMC phase 1 - David Zendzian, Anna Pham, Jacob Horne - ESW #449 03/09/2026

Breaking in with CrashFix, supply chain security, and CMMC phase 1 - David Zendzian, Anna Pham, Jacob Horne - ESW #449 Interview with Anna Pham Breaking in with ClickFix: Anatomy of a modern endpoint attack Cybersecurity company Huntress just published a report on a new ClickFix variant they’ve discovered, which they’ve dubbed CrashFix. This technique was developed by KongTuke to serve as the primary lure within a new custom malicious browser extension also created by the group. In short, the team observed the threat actors using KongTuke’s malicious browser extension to display a fake security warning, claiming the browser had “stopped abnormally” and prompting users to run a “scan” to remediate the threats. Upon “running the scan,” the user is presented with a fake “Security issues detected” alert and instructed to manually “fix” the issue by opening the Windows Run dialog, pasting from their clipboard, and pressing Enter. The malicious extension silently copies a PowerShell command to the clipboard, disguised as a legitimate repair command. From there, they execute the malicious command. Segment Resources: BLOG - Interview with David Zendzian Continuous compliance and real security lifecycle management Supply chain attacks are not just on the rise; attackers are learning from the past, making these attacks even more effective and dangerous than before. It was just over a month ago when the Shai-Hulud attack first impacted NPM packages, forcing enterprises around the world into lockdown. While only 187 packages were compromised in that initial incident, it served as a wake-up call for many: an accurate inventory of systems is good, but a clear, real-time Software Bill of Materials (SBOM) for applications is non-negotiable. In this world of manifest based infrastructure and container based applications with (real) "devsecops", the dream of continuous upgrades of OS/Runtime/Stack/App and App Dependencies is very mature and there are solid examples of companies and federal entities managing this at scale without thousands of teams and people. Segment Resources: BLOG - Interview with Jacob Horne CMMC Phase 1 Enforcement — What the November 10 Deadline Means for the Defense Supply Chain With the upcoming CMMC Phase 1 enforcement on November 10, cybersecurity teams across the defense and federal supply chain are facing new compliance requirements that directly affect contract eligibility and data-protection standards. Jacob Horne, Chief Cybersecurity Evangelist at Summit 7, can break down what this milestone means for enterprise security leaders, MSPs/MSSPs, and contractors preparing for audits. Visit for all the latest episodes! Show Notes: /episode/index/show/pauldotcom/id/40346080

Iran vs Everyone: 2FA-Bypass Phish, APT41 Drive, iOS 0days, Josh Marpet, and More - SWN #561 03/06/2026

Airsnitch, Claude, Hacking Firewalls - PSW #916 03/05/2026

Building Trusted Automation as Leaders Struggle with AI Adoption and CISOs Hire - Tim Morris - BSW #437 03/04/2026

North Korea, DOJ, APT 28, Anthropic, OpenClaw, Supply Chain, Josh Marpet, and More - SWN #560 03/03/2026

Modern AppSec that keeps pace with AI development - James Wickett - ASW #372 03/03/2026

OT Security/business resilience, lack of incentives for securing software & the news - Ben Worthy - ESW #448 03/02/2026

OT Security/business resilience, lack of incentives for securing software & the news - Ben Worthy - ESW #448 Interview - Ben Worthy from Airbus Protect The current state of OT security and business resilience In this episode of Enterprise Security Weekly, we sit down with Ben Worthy, OT Security Specialist at Airbus Protect, to explore the evolving landscape of business resilience in safety-critical sectors. With over 25 years of experience across aerospace, nuclear, water, oil & gas, and other industries, Ben shares insights on how organizations are adapting to the surge in disruptive cyberattacks—from ransomware targeting operational technology to GPS spoofing and supply chain incidents. We discuss major cases including the Boeing/LockBit ransom demand, the Jaguar Land Rover production shutdown, and the SITA passenger data breach, examining how aviation and other critical infrastructure sectors are separating safety risk from business continuity risk. Ben also breaks down the regulatory changes reshaping the industry, including EASA's October 2025 and February 2026 deadlines that tie cyber assurance directly to safety oversight, and what ENISA's latest numbers reveal about hacktivism and ransomware trends. Whether you're in aviation, nuclear, or any safety-critical sector, this conversation offers practical lessons on building resilience that keeps operations moving while addressing threats in real time. This segment is sponsored by Airbus Protect. Visit to learn more about them! Topic: Where are the business incentives to build secure products and software? "It's the right thing to do," so of course businesses will make their products secure, right? Well, it turns out that breaches and vulnerabilities don't traditionally hurt financial performance all that much. Stocks recover, insurance covers the bulks of the losses, fines are paid, and lawsuits are settled. Most businesses can comfortably absorb the impact, so the threat of reputational harm or financial losses just aren't slowing them down. In the case of Ivanti, where the reputational harm was extreme, the company's companies continue to get hacked as critical vulnerabilities keep getting discovered in their products. In this topic segment, we don't aim to provide solutions to this problem, just the awareness that ethics, doing the right thing, and even signing the Secure by Design pledge don't seem to be enough to change vendor behavior when it comes to securing products. The Weekly Enterprise Security News Finally, in the enterprise security news, RSA Innovation Sandbox hot takes Did AI solve cyber? fundings and acquisitions a free app to warn you about smart glasses deep thoughts about OpenClaw replacing US tech with EU equivalents is hard should you turn off dependabot? accidentally taking over 7000 robot vacuums the director of AI Safety at Meta loses her email somehow should you go back to using a blackberry? All that and more, on this episode of Enterprise Security Weekly. Visit for all the latest episodes! Show Notes: /episode/index/show/pauldotcom/id/40259930

Brainstorm, SonicWall, Junos, Glienicke Brücke, Burger King, Claude, Josh Marpet... - SWN #559 02/27/2026

AI Is Taking Over Cybersecurity - PSW #915 02/26/2026

Security as a Business Enabler by Re-envisioning Risk and Leading through Uncertainty - Elyse Gunn - BSW #436 02/25/2026

Infinite AI Monkeys, Ploutus, Serv-U, Fortinet, Cyberwar, COBOL, NIST, Aaran Leyland - SWN #558 02/24/2026

Helping Users with Practical Advice to Protect their Digital Devices - Runa Sandvik - ASW #371 02/24/2026

Bringing intelligence to assets, new White House cybersecurity strategy, and the news - Tim Morris - ESW #447 02/23/2026

Code of Hammurabi, RockYou, MimicRat, Trustconnect, Introsort, AI, Josh Marpet... - SWN #557 02/20/2026

Firmware Backdoors Be Spying On You - PSW #914 02/19/2026

Security Weekly Podcast Network (Audio)

TOPICS