Are you walking around with a phone in your hand? Probably, are ready for the day when it gets grabbed and disappears. Aaran, Doug, and Josh talk about phone strategies on this episode of the Security Weekly News.
Show Notes: https://securityweekly.com/swn-533
Tune in for some hands-on tips on how to use Claude code to create some amazing and not-so-amazing software. Paul will walk you through what worked and what didn't as he 100% vibe-coded a Python Flask application. The discussion continues with the crew discussing the future of vibe coding and how AI may better help in creating and securing software.
Show Notes: https://securityweekly.com/psw-902
The Security Weekly 25 index is back near all time highs as the NASDAQ hits another record high. Funding and acquisitions have shifted to AI as the security industry continues to evolve. We also had a new IPO, Netskope. They will replace CyberArk once the Palo Alto Networks acquisition closes, allowing the index to survive another public company acquisition.
In the leadership and communications segment, Boards Seeking AI Specialists, A CISO’s Guide to Navigating the Urgent AI Security Storm, How to Write AI Prompts That Get Results (& Don’t Suck), and more!
Show Notes: https://securityweekly.com/bsw-423
Doug talks about AI with Cybersecurity Expert Dr. Shakour Abuzneid from Roger Williams University.
Show Notes: https://securityweekly.com/swn-532
What are your favorite resources for secure code? Co-hosts John Kinsella and Kalyani Pawar talk about the reality of bringing security into a business. We talk about the role of the OWASP Top 10 and the OWASP ASVS in crafting security programs. And balance that with a discussion in what's the best use of everyone's time -- developers and appsec folks alike -- in crafting code that's secure by design rather than just secure from scanner results.
Show Notes: https://securityweekly.com/asw-358
Ravid will discuss why security and engineering misalignment is the biggest barrier to fast, effective remediation, using data from Seemplicity’s 2025 Remediation Operations Report. This is costing some teams days of unnecessary exposure, which can lead to major security implications for organizations.
Segment Resources:
https://seemplicity.io/papers/the-2025-remediation-operations-report/
https://seemplicity.io/blog/2025-remediation-operations-report-organizations-still-struggle/
Ex-SC Media journalist Derek Johnson did a great job writing this one up over at Cyberscoop: China’s ‘autonomous’ AI-powered hacking campaign still required a ton of human work
There are a number of interesting questions that have been raised here. Some want more technical details and question the report's conclusions. How automated was it, really?
I found it odd that Anthropic's CEO was on 60 minutes the same week, talking about how dangerous AI is (which is his company's primary and only product).
I think one of the more interesting things to discuss is how Anthropic has based its identity and brand on AI safety. While so many other SaaS companies appear to be doing the bare minimum to stop attacks against their customers, Anthropic is putting significant resources into testing for future threats and discovering active attacks.
Finally, in the enterprise security news,
All that and more, on this episode of Enterprise Security Weekly.
Show Notes: https://securityweekly.com/esw-434
Emoticons, Sonicwall, Global Protect, Pop-ups, WhatsApp, 7Zip, Roblox, Josh Marpet, and More on the Security Weekly News.
Show Notes: https://securityweekly.com/swn-531
In the security news:
Then, high school junior Bryce Owen joins us to discuss how he created the "Space Badge"!
Show Notes: https://securityweekly.com/psw-901
It's a topic we discuss often on Business Security Weekly: CISO Burnout. It's real, but how should you manage it?
Dr. Yonesy Núñez, Global Cybersecurity Executive at Chain Bridge Bank and former Managing Director, Chief Cybersecurity Risk Officer, and Chief Information Security Officer at The Depository Trust & Clearing Corporation (DTCC), joins Business Security Weekly to share his personal insights. An advocate of CISO Health and Wellness, Yonesy will discuss how we can "Optimize the Operator" by creating harmony with mind and spirit.
Segment Resources: https://councils.forbes.com/profile/Yonesy-Nunez-Global-Cybersecurity-Executive-Chain-Bridge-Bank/e79e72a5-4b18-48b1-b5ab-8a0afd47d782
In the leadership and communications segment, CISOs are cracking under pressure, How BISOs enable CISOs to scale security across the business, Great Leaders Empower Strategic Decision-Making Across the Organization, and more!
Show Notes: https://securityweekly.com/bsw-422
Cloudflare, Gh0stRAT, npm, North Korean Employees, Arch Linux Steam Machine, Documentaries, Aaran Leyland, and more on the Security Weekly News.
Show Notes: https://securityweekly.com/swn-530
Secure code should be grounded more in concepts like secure by default and secure by design than by "spot the vuln" thinking. Matias Madou shares his experience in secure coding training and the importance of teaching critical thinking. He also discusses why critical thinking is so closely related to threat modeling and how LLMs can be a tool for helping developers get beyond the superficial advice of, "Think like an attacker."
Show Notes: https://securityweekly.com/asw-357
It’s the Year of the (Clandestine) Linux Desktop!
As if EDR evasions weren’t enough, attackers are now employing yet another method to hide their presence on enterprise systems: deploying tiny Linux VMs. Attackers are using Hyper-V and/or WSL to deploy tiny (120MB disk space and 256MB memory) Linux VMs to host a custom reverse shell and reverse proxy.
In this segment, we’ll discuss strategies and mitigations to battle this novel technique with Rob Allen from Threatlocker.
Segment Resources:
This segment is sponsored by ThreatLocker. Visit https://securityweekly.com/threatlocker to learn more about them!
We're entering the age of human-shaped robots, so it seems like a good time to talk about the fact that they ALREADY HAVE CVEs assigned to them. I guess this isn't a terrible thing - John Connor might have had an easier time if he could simply hack the terminators from a distance...
Resources
Finally, in the enterprise security news,
All that and more, on this episode of Enterprise Security Weekly.
Show Notes: https://securityweekly.com/esw-433
Augustus De Morgan, Doordash, Fortiweb, Typosquatting, Vista, Ransomware, AI, Josh, Rob, Aaran, Jason, Dr. Scott, Rocky, Uh., and More on this edition of the Security Weekly News.
Show Notes: https://securityweekly.com/swn-529
This week:
Show Notes: https://securityweekly.com/psw-900
As AI revolutionizes how we work, it has created a new attack surface with new technologies. One of those new technologies is Model Context Protocol (MCP). MCP has emerged as the standard for connecting AI to external tools, but its flexibility has created security challenges. How do we secure MCP?
Rahul Parwani, Head of Product, Security Solutions at Airia, joins Business Security Weekly to discuss the challenges of MCP and how to secure this new protocol. Rahul will cover how Aria's solutions help you secure your AI development by:
This segment is sponsored by Airia. Visit https://securityweekly.com/airia to learn more about them!
In the leadership and communications segment, CISO Burnout – Epidemic, Endemic, or Simply Inevitable?, If Trust Is So Important, Why Aren’t We Measuring It?, Over one-third of companies plan to replace entry roles with AI, survey says, and more!
Show Notes: https://securityweekly.com/bsw-421
Miles Davis, Jimmy Buffet, 10/8 time, Lost Phones, Phishing, Whisper Leak, Quantum Route Redirect, AI Galore, Rob Allen, and more on the Security Weekly News.
Segment Resources: https://www.bleepingcomputer.com/news/security/how-a-ransomware-gang-encrypted-nevada-governments-systems/
This segment is sponsored by ThreatLocker. Visit https://securityweekly.com/threatlocker to learn more about them!
Show Notes: https://securityweekly.com/swn-528
Just how bad can things get if someone clicks on a link? Rob Allen joins us again to talk about ransomware, why putting too much attention on clicking links misses the larger picture of effective defenses, and what orgs can do to prepare for an influx of holiday-infused ransomware targeting.
Segment resources
This segment is sponsored by ThreatLocker. Visit https://securityweekly.com/threatlocker to learn more about them!
Show Notes: https://securityweekly.com/asw-356
OT/ICS/SCADA systems are often off limits to cybersecurity folks, and exempt from many controls. Attackers don’t care how fragile these systems are, however. For attackers aiming to disrupt operations, fragile but critical systems fit criminals’ plans nicely.
In this interview, we discuss the challenge of securing OT systems with Todd Peterson and Joshua Hay from Junto Security.
This segment is sponsored by Junto Security. Visit https://securityweekly.com/junto to learn more!
This week's topic segment is all about tuning your 'spidey sense' to spot myths and misconceptions online so we can avoid amplifying AI slop, scams, and other forms of Internet bunk. It was inspired by this LinkedIn post, but we've got a cybersecurity story in the news that we could have easily used for this as well (the report from MIT).
Finally, in the enterprise security news,
All that and more, on this episode of Enterprise Security Weekly.
Show Notes: https://securityweekly.com/esw-432
This week we have AI-Obfuscating Malware, China Influence Ops, and Meta’s Fraud Fortune, Jason Wood, and more on the Security Weekly News.
Show Notes: https://securityweekly.com/swn-527
This week:
Show Notes: https://securityweekly.com/psw-899
What's the biggest attack vector for breaches besides all of the human related ones (i.e., social engineering, phishing, compromised credentials, etc.)? You might think vulnerabilities, but it's actually misconfiguration. The top breach attack vectors are stolen or compromised credentials, phishing, and misconfigurations, which often work together. So why is it so hard to properly configure your systems?
Rob Allen, Chief Product Officer at ThreatLocker, joins Business Security Weekly to discuss Defense Against Configurations and how ThreatLocker can automatically identify misconfigurations and map them to your environment’s compliance and security requirements. Rob will discuss how ThreatLocker Defense Against Configurations dashboard can:
Receive clear, actionable remediation guidance
and more!
This segment is sponsored by ThreatLocker. Visit https://securityweekly.com/threatlocker to learn more about them!
In the leadership and communications segment, Cybersecurity management for boards: Metrics that matter, The Emotional Architecture of Leadership: Why Energy, Not Strategy, Builds Great Teams, Your Transformation Can’t Succeed Without a Talent Strategy, and more!
Show Notes: https://securityweekly.com/bsw-420
Rogue Negotiators, Gemini Pulled, Apple’s AI Shift, Disappearing CAPTCHAs, and Aaran Leyland on the Security Weekly News.
Show Notes: https://securityweekly.com/swn-526
Pull requests are a core part of collaboration, whether in open or closed source. GitHub has documented some of the security consequences of misconfiguring how PRs can trigger actions. But what happens when repo owners don't read the docs? Bar Kaduri and Roi Nisimi walk through their experience in reading docs, finding vulns, demonstrating exploits, and working with repo owners to improve their security. Their work highlights the challenges in maintaining good security guidance, figuring out secure defaults, and how so many orgs still struggle with triaging external security reports -- something that's becoming even more challenging when orgs are being flooded with low-quality reports from LLMs.
Segment Resources:
Show Notes: https://securityweekly.com/asw-355
Frontline workers can’t afford to be slowed down by manual, repetitive logins, especially in mission-critical industries where both security and productivity are crucial. This segment will explore how inefficient login methods erode productivity, while workarounds like shared credentials increase risk, highlighting why passwordless authentication is emerging as a game-changer for frontline access to shared devices. Joel Burleson-Davis, Chief Technology Officer of Imprivata, will share how organizations can adopt frictionless and secure access management to improve both security and frontline efficiency at scale.
Segment Resources:
This segment is sponsored by Imprivata. Visit https://securityweekly.com/imprivata to learn more about them!
Vendors are finding, after integrating agents into their processes, that agentic AI can get expensive very quickly. Of course, this isn't surprising when your goal is "review all my third party contracts and fill out questionnaires for me" and the pricing is X DOLLARS for 1M TOKENS blah blah context window, max model thinking model blah blah. No one knows what the conversion is from "review my contracts" to millions of tokens, so everyone is left to just test it out and see what the bill is at the end of the month.
As we saw with Cloud when adoption started increasing in the early 2010s, we are naturally entering the era of AI cost optimization. In this segment, we'll discuss what that means, how it affects the market, and how it affects the use of AI in cybersecurity.
Jackie mentions this story from Wired in the segment: https://www.wired.com/story/ai-bubble-will-burst/
Finally, in the enterprise security news,
All that and more, on this episode of Enterprise Security Weekly.
Show Notes: https://securityweekly.com/esw-431