Security Weekly Podcast Network (Audio)

Heraclitus Unbound, AI LLMs, SSO, TTP, NetLogon, PAN-OS, AI Cost, Aaran Leyland, and More on the Security Weekly News.
Visit https://www.securityweekly.com/swn for all the latest episodes!
Show Notes: https://securityweekly.com/swn-586

We dedicate an episode to catching up on appsec news with Kalyani Pawar. We see parsing problems that led to the BadHost vuln, which exposed lots of LLMs, MCPs, and agents to potential compromise. We wonder where to look for security education and practice as the camaraderie of the CTF community becomes infiltrated by LLMs. We talk about the tradeoffs in trust between using public packages vs. having agents write replacements from scratch. And we examine some of the appsec details that the Verizon DBIR reveals about how orgs are being attacked -- and how orgs might use that information to protect themselves.
Visit https://www.securityweekly.com/asw for all the latest episodes!
Show Notes: https://securityweekly.com/asw-385

Interview with Evan Powell - Generative and agentic AI are improving cyberattacks faster than they're improving cyber defenses.
Offensive folks have been having the most luck with AI so far, which is further eroding any advantage defenders might have had. Evan Powell joins us to share some ideas on how defenders can get some benefits from AI as well, and why open source is important with this approach.
Topic
For this week’s topic segment, we’ve got two very interesting data sources.
The first is Anthropic’s first update on Project Glasswing, where they’re absolutely tearing through codebases with ultra premium Mythos tokens, but then hitting a human-shaped bottleneck as they attempt to validate all the findings.
The second is the first report from Root Evidence, the latest startup from Jeremiah Grossman and Robert Hansen (aka RSnake), which aims to help organizations filter out all the vulnerabilities that don’t matter.
Where these two reports meet in the middle is my concern that the use of AI to scour every last bug out of code is going to be the most Sisyphean task the cybersecurity industry has ever come up with (and we have some deep experience here).
The Weekly Enterprise News
Finally, in the enterprise security news,
Less funding, more acquisition
the AI SOC startup space is CROWDED
your CEO is suffering from AI psychosis
Some CISOs are done with the job, IT can have it
detecting and removing dangerous secrets from dev workstations
230,000 security advisories roll up to 6 attacker behaviors
The FBI’s 2025 IC3 report is out
When tech billionaires make predictions, they’re actually sales pitches
All that and more, on this episode of Enterprise Security Weekly.
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw-461

Sidhe, GreyVibe, Claude, Lightwell, Eclipse, Kimsuky, Obscure Belief Systems, Josh Marpet, and More on this episode of the Security Weekly News.
Visit https://www.securityweekly.com/swn for all the latest episodes!
Show Notes: https://securityweekly.com/swn-585

This week we have a technical segment focused on Linux! Paul released a script that helps you get a handle on Linux supply chain security, and new features allow you to assess the state of Secure Boot on your Linux systems (that also use MS certificates, ironically). The script is in his Git repo: https://github.com/pasadoorian/Linux_Hacks.
In the security news:
The CVE chase
The new security basics
Enterprises are lacking more than AI
Detections are falling behind
Why DOOM!?!
Chromium vulnerability
The ambitious Flipper One
I'm still curious who was behind these leaks
Mitre moves Caldera to Apache foundation
Wind cybersecurity
PQC updates
YellowKey Bitlocker Bypass updates
The software supply chain is in deep trouble
Visit https://www.securityweekly.com/psw for all the latest episodes!
Show Notes: https://securityweekly.com/psw-928