Security Weekly Podcast Network (Video)

TVs, Old York, Flipper One, Ubiquity, Underminr, CISOs, GitHub, Josh Marpet, and More on this episode of the Security Weekly News.
Show Notes: https://securityweekly.com/swn-583

In the security news this week:
FCC router bans and the hidden firmware update problem
Why extending support timelines actually improves security
Github supply chain concerns and the evolving SBOM ecosystem
CRA and NIS2 compliance deadlines are getting very real
The EU Cyber Resilience Act's 24-hour vulnerability disclosure requirement
Security regulation: vertical vs horizontal compliance models
Vehicle-to-load EV systems powering homes during outages
Solar, batteries, AI farms, and the future economics of electricity
Data centers consuming regional power grids
BitLocker "Yellow Key" fallout and large-scale remediation challenges
AI-generated PowerShell fixes and the rise of vibe scripting
Linux kernel exploits, module jail, and default deny strategies
Medical biometric data theft and why fingerprints are terrible passwords
Interpol cybercrime operations across the MENA region
OT security, connected vehicles, and accepting real-world risk
The crew also discusses threat intelligence obligations under the CRA, the operational realities of patching at enterprise scale, the economics of secure-by-default systems, and why making security cheaper than insecurity might finally move the industry forward.
Show Notes: https://securityweekly.com/psw-927

Over the last decade, cybersecurity heavily invested in EDR, XDR, SIEM, telemetry, and SOC-driven operations. We stopped asking how to stop attacks and started asking how fast we could detect them. However, Mythos and frontier models have changed that paradigm. How do you detect a -7 day vulnerability? Detection and response cannot keep, so what's the answer?
Rob Allen, Chief Product Officer at ThreatLocker, joins Business Security Weekly to discuss why cybersecurity is shifting from detection and response to prevention and enforcement. As attackers accelerate through automation and AI, organizations are revisiting prevention-focused controls. Rob will discuss why organizations need to adopt application allowlisting, Zero Trust, Ringfencing, and policy enforcement to reduce attacker freedom before execution occurs. Prevention-first security is the only way to decrease the AI attack surface.
This segment is sponsored by ThreatLocker. Visit https://securityweekly.com/threatlocker to learn more about them!
In the leadership and communications segment, What CISOs need to land a board role, The Security Mistakes Being Repeated With AI, When Senior Leaders Lack People Skills, Transformations Fail, and more!
Show Notes: https://securityweekly.com/bsw-448

My Mother the Car, AI Slop, Nginx, Polyscope, Drupal, GitHub, Aaran Leyland, and More on the Security Weekly News.
Show Notes: https://securityweekly.com/swn-582

This year has been a dichotomy of established secure design fundamentals and burgeoning chaos of LLM-driven vuln discovery. Keith Hoodlet returns to share his latest observations on what the recent news about Mythos, models, and harnesses means for appsec. He walks through the problems of misalignment, the potential development doom that looms behind a volume of vulns, and what modern code creation looks like. Along the way we touch on the economics of tokens and the principles behind secure software.
Keith gave a preview of his upcoming presentation (May 22nd) on these topics. Check out https://securing.dev/about/ for the slides and more of his writing on appsec.
Show Notes: https://securityweekly.com/asw-383