Security Weekly Podcast Network (Audio)

First up is a technical segment called "Paul's Linux Hacks". I finally got around to releasing a bunch of scripts and tutorials for Linux that I've created over the years. We'll go over scripts that can give you a supply chain security report and help you update your Arch-based Linux systems and the tutorial for using Linux KVM/Qemu/Libvirt. Repo is here: https://github.com/pasadoorian/Linux_Hacks Next up is the security news: Controlling 7,000 robot vacuums Curl finds not all AI is bad Palo Alto says "These are not the ties to China you were looking for" Bloomberg writes an article that sheds light on Ivanti Looking for BLE is a trend Don't use AI to generate you passwords New research on hacking Samsung TVs Its not all about gadgets Ring's new bug bounty Paul will be voted in as Prime Minister of Denmark? Hacking AI, AI does some hacking, and hackers are talking about AI Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw-915

Most organizations view security as a cost center, a "check-the-box" expense rather than a strategic investment. This mindset leads to chronic underfunding, reactive, panic-driven decision-making, and high staff turnover. It also hampers innovation, strategic initiatives, and customer trust. What if security was viewed as a business enabler, not a cost center? Elyse Gunn, CISO at Nasuni, joins Business Security Weekly to discuss how to make security a business enabler, turning security from a cost center into a profit center. Elyse discusses why aligning security initiatives to business drivers is the key to addressing trust, both internally and externally, and how it solves the biggest security priorities for organizations, including: Data Privacy AI Security, and Nth Party Risk In the leadership and communications segment, With CISOs stretched thin, re-envisioning enterprise risk may be the only fix, To Lead Through Uncertainty, Unlearn Your Assumptions, Leaders, Consider Pausing Before Acting on Employee Feedback, and more! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw-436

Infinite AI Monkeys, Ploutus, Serv-U, Fortinet, Cyberwar, COBOL, NIST, Dr. Strangelove, Aaran Leyland, and More on the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-558

Journalists put a lot of effort into collecting information and protecting their sources, but everyone can benefit from having a digital environment that's more secure and more privacy protecting. Runa Sandvik shares her experience working with journalists and targeted groups to craft plans for how they use their devices and manage their information. And she also makes the point that the burden of security should not be just for users -- platforms and software providers should be evaluating secure defaults and secure designs that improve protections for everyone. Resources https://techcrunch.com/2025/03/13/apples-lockdown-mode-is-good-for-security-but-its-notifications-are-baffling/ https://www.glitchcat.xyz/p/lessons-learned-from-the-2021-arrest https://gijn.org/resource/introduction-investigative-journalism-digital-security/ https://cpj.org/ Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw-371

Segment 1 - Interview with Tim Morris Bringing intelligence to assets You’ve been through 6 CMDB projects in the last decade. None of them came close to the original goals, the CMDB was already out-of-date long before the project had any hopes of completing. Is building an asset inventory just too ambitious a project for most organizations, or is there a better way? Tim Morris shares a different approach with us today. It might require some convincing and some courage, but it seems much more likely to succeed than any of your past CMDB efforts… Segment Resources Trusted automation: Building autonomous IT with confidence This segment is sponsored by Tanium. Visit https://securityweekly.com/tanium to learn more about them! Segment 2 - Topic: the new White House cybersecurity strategy In this segment, we explore some early details about the White House's new, but yet unreleased cybersecurity strategy. It appears that drafts have been shared (or leaked) to the press, so there's plenty to discuss here! Segment 3 - News Finally, in the enterprise security news, Massive amounts of funding and acquisitions as we get close to RSA Open source registries need help Microsoft Copilot reads email marked as DO NOT READ Don’t use an LLM to generate passwords is prompt injection a vulnerability defining risks AI changes the build versus buy equation the scammer’s perspective All that and more, on this episode of Enterprise Security Weekly. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-447

Ancient law meets modern cybercrime and password hygiene. Deep dives on a stealthy MimicRat click‑fraud campaign and rebranded malware‑as‑a‑service. AI gets examined for self‑learning flaws, statistical mistakes, and disinformation risks. Discussion of identity control failures, mass exploitation of mobile management flaws, and the cyber equity gap facing small vendors.

AI says that this is the show where we turn coffee into threat intelligence and cigar smoke into packet captures. This week: a firmware backdoor living its best life inside Android tablets a fresh BeyondTrust RCE that already has scanners circling like seagulls over a french fry. Lenovo Vantage reminds us that “preinstalled convenience” is just another way to spell “attack surface.” Texas is taking a swing at TP-Link supercomputers with a 20-year-old Munge bug that still has teeth. Your AI coding assistant might be quietly squirreling away secrets macOS gets a visit from an infostealer delivered as helpful add-ons Chrome extensions allegedly spy on millions open source maintainers drowning in AI-generated nonsense Windows flirting with smartphone-style permission prompts. Put your passwords in a vault, not in a repo, and stay tuned for Paul's Security Weekly! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw-914

A deep dive into why the Security Weekly 25 and the NASDAQ are moving apart. Rebalancing moves like Netskope replacing Verint after acquisitions get explained. Funding trends show big AI raises while smaller security firms turn to debt or direct offerings. Discussion covers platform vs pure-play pressure, ecosystem acquisitions, fewer IPOs, and market rotation among cyber stocks.

Aaron Leyland, a security practitioner focusing on AI, OT/ICS, and critical infrastructure. He discusses AI risks to national infrastructure and real-world OT attacks. The conversation covers DNS-based malware, password manager server compromises, credential-harvesting campaigns, and worries about AI companions and data exfiltration.

John Kinsella, security pro who blends technical and philosophical appsec views. Adrian Sanabria, AppSec and open source maintainer focused on practical tooling. They debate LLMs finding code flaws, noisy AI reports vs curated workflows, validating AI findings, costs of human-in-the-loop verification, open source maintenance pressure, and practical CI and economic tradeoffs.