Security Weekly Podcast Network (Audio)

A fast rundown of AI-assisted scams and music-streaming fraud that fooled platforms and regulators. Coverage of a fake Zoom call that installs malicious software and a patched SharePoint RCE now on CISA's list. Discussion of vibe hacking tactics, legacy Telnet vulnerabilities, and the risks of AgeID facial‑recognition plans and privacy leaks.

Sergi Àlvarez (Pancake), creator and community leader behind the Radare2 reverse engineering framework, shares his origins in security and why Radare2 became a modular, plugin-first toolkit. He discusses AI-assisted decompilation, defending the project with fuzzing and scans, and upcoming plugins for Unity, Flutter, and React Native. The conversation also covers discovering nine vulnerabilities in low-cost IP KVMs and real-world hardware hacking stories.

Security metrics often fail because they measure activity rather than actual risk, often failing to connect with business impact, making them difficult to explain to boards and executives. How do you build efffective metrics that are actionable, contextual, and valuable? Ben Wilcox, CTO & CISO at ProArch, joins Business Security Weekly to help us speak the language of the board. Ben will cover how to develop measurable, strategic, and AI-ready security metrics. In the leadership and communications segment, Only 30 minutes per quarter on cyber risk: Why CISO-board conversations are falling short, When the Team Gets the Recognition, Your Leadership Is Working, The communication lesson that changed my career, and more! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw-439

Reports on malware delivered through Steam updates and a malware strain targeting developers to enable supply-chain attacks. Coverage of a wipe incident using compromised Intune admin access. Discussion of email obfuscation tricks that defeat NLP defenses and a Samsung app causing drive access errors. Stories about Waymo vandalism and debates over a new adult 'spicy' AI mode.

Mark Curphey, security engineer and entrepreneur who helped found OWASP and SourceClear, talks about using LLMs and agents to update secure coding guidance and build tooling. He demos an agentic SCA prototype, discusses where authoritative security knowledge should live, and explains why clear prompts and human oversight matter when LLMs write or fix code.

Allie Mellen, Forrester analyst and author of Code War, discusses nation-state cyber operations and geopolitics. Jeremy Snyder, FireTail CEO, tackles AI governance, shadow IT, and API observability. They cover AI visibility, model risks, wipers and wartime cyber patterns, and practical approaches to monitoring and protecting enterprise AI.

Rapid espionage campaigns exploiting conflict lures and commodity implants. UK banking apps accidentally exposing other customers' transaction feeds. Physical damage to cloud regions and why multi‑AZ is not true disaster recovery. Microsoft Excel bug that lets AI copilots leak data with no clicks. Poisoned libraries tricking developer AI agents into exfiltration. Large-scale platform takedowns and a major medical vendor management-plane outage.

In the security news this week: The XZ backdoor documentary Zero days - the clock isn't ticking Vulnerability Mis-Management Reversing traffic light controllers Reversing with Claude Don't curl to bash! Reading CVEs makes my head hurt Dumping browser secrets I open-sourced a new(ish) tool D-LINK exploits There is no password I control the building When old vulnerabilities become new Tile is for stalkers Hacking AI Iran War: What cybersecurity needs to know National cyber strategy Coruna I got phished and I want a refund Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw-917

Myke Lyons, CISO at Cribl with 20+ years leading security strategy, discusses AI-driven exploitability and why attacks are outpacing patch cycles. He talks about shifting from IoC hunting to TTP and behavior-focused defenses. Conversation covers rich telemetry, AI-assisted patch cohorting, standard schemas, and leadership changes needed to reduce organizational exposure.

Aaron Leyland, cybersecurity commentator known for technical threat analysis, unpacks active threats and attacker playbooks. He discusses install-fix scams delivering info-stealers. He outlines CLUNK-1068 tradecraft like web shells, credential theft, and Python DLL sideloading. He also highlights detection tactics for web servers, tunneling, and suspicious process behavior.