Security Weekly Podcast Network (Video)

Doombuds, Office 1.0, Telnetd, Chrome, Vishing, Cursed Ralph, PeckBirdy, The Boss, Aaran Leyland, and More on the Security Weekly News.
Show Notes: https://securityweekly.com/swn-550

Supply chain security remains one of the biggest time sinks for appsec teams and developers, even making it onto the latest iteration of the OWASP Top 10 list. Paul Davis joins us to talk about strategies to proactively defend your environment from the different types of attacks that target supply chains and package dependencies. We also discuss how to gain some of the time back by being smarter about how to manage packages and even where the responsibility for managing the security of packages should be.
Show Notes: https://securityweekly.com/asw-367

Segment 1: Interview with Thyaga Vasudevan
Hybrid by Design: Zero Trust, AI, and the Future of Data Control
AI is reshaping how work gets done, accelerating decision-making and introducing new ways for data to be created, accessed, and shared. As a result, organizations must evolve Zero Trust beyond an access-only model into an inline data governance approach that continuously protects sensitive information wherever it moves. Securing access alone is no longer enough in an AI-driven world.
In this episode, we'll unpack why real-time visibility and control over data usage are now essential for safe AI adoption, accurate outcomes, and regulatory compliance. From preventing data leakage to governing how data is used by AI systems, security teams need controls that operate in the moment - across cloud, browser, SaaS, and on-prem environments - without slowing the business.
We'll also explore how growing data sovereignty and regulatory pressures are driving renewed interest in hybrid architectures. By combining cloud agility with local control, organizations can keep sensitive data protected, governed, and compliant, regardless of where it resides or how AI is applied.
This segment is sponsored by Skyhigh Security. Visit https://securityweekly.com/skyhighsecurity to learn more about them!
Segment 2: Why detection fails
Caleb Sima put together a nice roundup of the issues around detection engineering struggles that I thought worth discussing. Amélie Koran also shared some interesting thoughts and experiences.
Segment 3: Weekly Enterprise News
Finally, in the enterprise security news,
Fundings and acquisitions are going strong
can cyber insurance be profitable?
some new free tools shared by the community
RSAC gets a new CEO
Large-scale enterprise AI initiatives aren't going well
LLM impacts on exploit development
AI vulnerabilities
global risk reports
floppies are still used daily, but not for long?
All that and more, on this episode of Enterprise Security Weekly.
Show Notes: https://securityweekly.com/esw-443

AI Cage Match, Fortinet, Cisco, DVWA, Polonium, Small Town AIs, LastPass, Josh Marpet, and More on this episode of the Security Weekly News.
Show Notes: https://securityweekly.com/swn-549

In the security news:
Rainbow tables for everyone
Lilygo releases a new T-Display that looks awesome
AI generated malware for real
Detecting BadUSB when its not a dongle
A telnetd vulnerability
Google Fast Pair and how I took control of your headset
Should we make CVE noise?
Exploiting the Fortinet patch
DIY data diode
Bambu NFC reader for your Flipper
Payloads in PNG files
Don't leave the lab door open - amazing research and new tool release
Fixing your breadboards
Finding vulnerabilities in AI using AI
Then, Rob Allen from ThreatLocker joins us to discuss default allow, and why that is still a really bad idea.
This segment is sponsored by ThreatLocker. Visit https://securityweekly.com/threatlocker to learn more about them!
Show Notes: https://securityweekly.com/psw-910