Security Weekly Podcast Network (Audio)

This episode is all about trust getting abused at scale.
We start with Chinese-nexus operators pivoting fast onto Qatar using conflict lures and familiar tradecraft.
Then we hit banking, because they deserve it: Lloyds, Halifax, and Bank of Scotland customers seeing other people’s transactions in-app, a straight confidentiality failure, not “someone hacked my phone”.
From there it’s the Middle East conflict exposing what “cloud resilience” really means when the problem isn’t cyber, it’s physical disruption and dependency chains. Then Meta’s takedown of 150,000 scam-linked accounts shows the fraud supply chain is still running hot, and the platforms are now part of the battleground whether they like it or not.
The Microsoft story is the one to watch: a critical Excel bug that turns Copilot Agent into a zero-click data leak path. And the AI agent theme keeps going with Context7: attackers slipping instructions into “helpful” context and getting agents to do dumb, destructive things on their behalf.
We finish with Stryker having the worst day with a major outage, disputed claims, and a reminder that if your management plane gets hit, you can lose the whole estate fast. Look at Intune.
No hype. Just the stuff that actually breaks systems, me talking too fast, which to be honest 'slow' is why I turn most podcasts off.
Visit https://www.securityweekly.com/swn for all the latest episodes!
Show Notes: https://securityweekly.com/swn-563

In the security news this week:
The XZ backdoor documentary
Zero days - the clock isn't ticking
Vulnerability Mis-Management
Reversing traffic light controllers
Reversing with Claude
Don't curl to bash!
Reading CVEs makes my head hurt
Dumping browser secrets
I open-sourced a new(ish) tool
D-LINK exploits
There is no password
I control the building
When old vulnerabilities become new
Tile is for stalkers
Hacking AI
Iran War: What cybersecurity needs to know
National cyber strategy
Coruna
I got phished and I want a refund
Visit https://www.securityweekly.com/psw for all the latest episodes!
Show Notes: https://securityweekly.com/psw-917

AI has created a dilemma for security teams. Attackers are using AI to develop exploits to newly disclosed vulnerabilities faster than security teams can patch them. Security teams have not fully leveraged the capabilities of AI to autonomously prevent these attacks. Without a radical change in approach, organizations will be exposed to an exponentially increasing attack surface. How long can your organization tolerate being exploitable?
Myke Lyons, CISO at Cribl, joins Business Security Weekly to discuss why organizations need to embrace AI to understand the behavior of attacks to effectively prevent them. For decades, we've focused on the Indicators of Compromise (IoCs) and have played whack-a-mole to try and patch them. Instead, we should focus on the Tactics, Techniques, and Procedures (TTPs) and leverage LLMs to understand the behavior of the attack. Once we understand the behaviors, we can implement preventative controls to minimize exposure. And yes, AI can also help us automate patching, when we're ready to trust it.
In the leadership and communications segment, Your Risk Tolerance Has Changed. Does Your Leadership Team Know That? , The New Leadership Structures that Unblock Innovation, How CISOs can build a resilient workforce, and more!
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Show Notes: https://securityweekly.com/bsw-438

Precious Bodily Fluids, InstallFix, CISA, Claude, Overtime, Sim Swaps, Tube Stations, Aaran Leyland, and More on the Security Weekly News.
Visit https://www.securityweekly.com/swn for all the latest episodes!
Show Notes: https://securityweekly.com/swn-562

Medical devices are a special segment of the IoT world where availability and patient safety are paramount. Tamil Mathi explains why many devices need to fail open -- the opposite of what traditional appsec approaches might initially think -- and what makes threat modeling these devices interesting and unique. He also covers how to get started in this space, from where to learn hardware hacking basics to reviewing firmware and moving up the stack to the application layer.
Segment Resources:
https://www.defconbiohackingvillage.org
https://medium.com/@tamilmathimaddytamilthurai/securing-the-future-of-iot-with-trusted-execution-environments-tees-a-secure-scalable-and-1376f94e755c
Visit https://www.securityweekly.com/asw for all the latest episodes!
Show Notes: https://securityweekly.com/asw-373