Security Weekly Podcast Network (Audio)

Aaron Leyland, cybersecurity commentator known for technical threat analysis, unpacks active threats and attacker playbooks. He discusses install-fix scams delivering info-stealers. He outlines CLUNK-1068 tradecraft like web shells, credential theft, and Python DLL sideloading. He also highlights detection tactics for web servers, tunneling, and suspicious process behavior.

Tamil Mathi, a product security engineer focused on medical and IoT device safety, discusses why medical gear often must prioritize availability and even fail open. He breaks down threat modeling across hardware, firmware, OS, and apps. Tamil also covers practical ways to get started safely with hardware hacking and reviewing firmware.

Interview with Anna Pham Breaking in with ClickFix: Anatomy of a modern endpoint attack Cybersecurity company Huntress just published a report on a new ClickFix variant they’ve discovered, which they’ve dubbed CrashFix. This technique was developed by KongTuke to serve as the primary lure within a new custom malicious browser extension also created by the group. In short, the team observed the threat actors using KongTuke’s malicious browser extension to display a fake security warning, claiming the browser had “stopped abnormally” and prompting users to run a “scan” to remediate the threats. Upon “running the scan,” the user is presented with a fake “Security issues detected” alert and instructed to manually “fix” the issue by opening the Windows Run dialog, pasting from their clipboard, and pressing Enter. The malicious extension silently copies a PowerShell command to the clipboard, disguised as a legitimate repair command. From there, they execute the malicious command. Segment Resources: BLOG - Dissecting CrashFix: KongTuke's New Toy Interview with David Zendzian Continuous compliance and real security lifecycle management Supply chain attacks are not just on the rise; attackers are learning from the past, making these attacks even more effective and dangerous than before. It was just over a month ago when the Shai-Hulud attack first impacted NPM packages, forcing enterprises around the world into lockdown. While only 187 packages were compromised in that initial incident, it served as a wake-up call for many: an accurate inventory of systems is good, but a clear, real-time Software Bill of Materials (SBOM) for applications is non-negotiable. In this world of manifest based infrastructure and container based applications with (real) "devsecops", the dream of continuous upgrades of OS/Runtime/Stack/App and App Dependencies is very mature and there are solid examples of companies and federal entities managing this at scale without thousands of teams and people. Segment Resources: BLOG - Supply Chain Security: How accurate SBOMs can deliver proactive threat mitigation Interview with Jacob Horne CMMC Phase 1 Enforcement — What the November 10 Deadline Means for the Defense Supply Chain With the upcoming CMMC Phase 1 enforcement on November 10, cybersecurity teams across the defense and federal supply chain are facing new compliance requirements that directly affect contract eligibility and data-protection standards. Jacob Horne, Chief Cybersecurity Evangelist at Summit 7, can break down what this milestone means for enterprise security leaders, MSPs/MSSPs, and contractors preparing for audits. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-449

Coverage of Iran scanning IP cameras and how cyber activity ties to kinetic events. Discussion of camera vulnerabilities, supply-chain spillover, and UK warnings. Breakdown of large-scale phishing-as-a-service takedown and MFA-bypass phishing techniques. Examination of APT41 activity using Cobalt Strike and Google Drive for C2. Reports on firmware backdoors and a multi-exploit iOS kit targeting wallets.

A deep dive into AirSnitch attacks that bypass Wi‑Fi client isolation and how SSID/VLAN tricks make it possible. Discussion of vulnerable consumer networking gear, Linux on edge devices, and long‑running Cisco SD‑WAN exploits. Coverage of using AI to accelerate hardware/driver research and a Claude‑assisted BLE tracker detector. Privacy risks from TPMS tracking and insecure solar inverter firmware are highlighted.

Tim Morris, a financial services strategist at Tanium and former Wells Fargo cybersecurity leader, shares lessons from large-scale deployments. He discusses why trust in automation has lagged and how to build autonomous capabilities slowly. Conversation covers human-in-the-loop approaches, asset intelligence as the foundation, AI’s role in triage and threat hunting, and governance to prevent shadow AI.

Coverage of North Korea's USB air-gap tactics and an MSHTML exploit used to escape browser context. A deep dive into developer supply chain attacks and exposed API keys. Discussion of OpenClaw agent flaws and a major third-party data exposure. Debate over Anthropic's risk designation and new EU ICT supply chain guidance.

James Wickett, CEO of Dry Run Security and AppSec practitioner who builds AI-powered security agents. He discusses how LLMs introduce new vulnerability types and speed up code creation. He explains multi-agent AI code review, cross-file and cross-repo analysis, and why AppSec teams must adopt AI and stronger fundamentals to keep up.

Interview - Ben Worthy from Airbus Protect The current state of OT security and business resilience In this episode of Enterprise Security Weekly, we sit down with Ben Worthy, OT Security Specialist at Airbus Protect, to explore the evolving landscape of business resilience in safety-critical sectors. With over 25 years of experience across aerospace, nuclear, water, oil & gas, and other industries, Ben shares insights on how organizations are adapting to the surge in disruptive cyberattacks—from ransomware targeting operational technology to GPS spoofing and supply chain incidents. We discuss major cases including the Boeing/LockBit ransom demand, the Jaguar Land Rover production shutdown, and the SITA passenger data breach, examining how aviation and other critical infrastructure sectors are separating safety risk from business continuity risk. Ben also breaks down the regulatory changes reshaping the industry, including EASA's October 2025 and February 2026 deadlines that tie cyber assurance directly to safety oversight, and what ENISA's latest numbers reveal about hacktivism and ransomware trends. Whether you're in aviation, nuclear, or any safety-critical sector, this conversation offers practical lessons on building resilience that keeps operations moving while addressing threats in real time. This segment is sponsored by Airbus Protect. Visit https://securityweekly.com/airbusprotect to learn more about them! Topic: Where are the business incentives to build secure products and software? "It's the right thing to do," so of course businesses will make their products secure, right? Well, it turns out that breaches and vulnerabilities don't traditionally hurt financial performance all that much. Stocks recover, insurance covers the bulks of the losses, fines are paid, and lawsuits are settled. Most businesses can comfortably absorb the impact, so the threat of reputational harm or financial losses just aren't slowing them down. In the case of Ivanti, where the reputational harm was extreme, the company's companies continue to get hacked as critical vulnerabilities keep getting discovered in their products. https://www.bloomberg.com/news/features/2026-02-19/vpn-used-by-us-government-failed-to-stop-china-state-sponsored-hackers In this topic segment, we don't aim to provide solutions to this problem, just the awareness that ethics, doing the right thing, and even signing the Secure by Design pledge don't seem to be enough to change vendor behavior when it comes to securing products. The Weekly Enterprise Security News Finally, in the enterprise security news, RSA Innovation Sandbox hot takes Did AI solve cyber? fundings and acquisitions a free app to warn you about smart glasses deep thoughts about OpenClaw replacing US tech with EU equivalents is hard should you turn off dependabot? accidentally taking over 7000 robot vacuums the director of AI Safety at Meta loses her email somehow should you go back to using a blackberry? All that and more, on this episode of Enterprise Security Weekly. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-448

Coverage of a major SonicWall breach and related lawsuit. A critical Junos OS remote code flaw and rising open source vulnerabilities are discussed. Reports on AI tools used for employee monitoring and vulnerability scanning appear. A disruption of a Chinese-linked espionage group and historical spy trade parallels are explored. Neural electrode research and debates on AI futures round out the conversation.