Decipher Security Podcast
Every week, Dennis Fisher and Lindsey O'Donnell-Welch, the editors of Decipher, bring you exclusive, in-depth conversations with security researchers, CISOs, founders, and security experts to hellp you understand the threat landscape and better protect your organizations.
Episodes
Alex Pinto, one of the lead authors of the Verizon Data Breach Investigations Report, joins Dennis to talk about his organization's newest publication, the Breach Impact Study, which digs into the real world cost of breaches, both in dollars and in organizational impact. Spoiler: Breaches are expensive.
Verizon BIS: https://www.verizon.com/business/resources/reports/2026-breach-impact-study-dbir.pdf
This week was blessedly free of any major supply chain compromises, so we start by talking about new research from Anthropic on the shrinking window between bug disclosure and exploitation, then we discuss the changing patch schedule for Cisco and how all of this is changing the prioritization process for security teams, and finally we discuss some upcoming episodes and our latest hacker movie podcast on The Conversation.
Links
Anthr...
Perhaps no film captures the paranoia and anxiety of the 1970s better than The Conversation, Francis Ford Copolla's masterpiece about reclusive surveillance expert Harry Caul, a man who it's safe to say has some demons. Decades before we all agreed to carry tracking and recording devices in our pockets, The Conversation shows us just how invasive and damaging technology can be.
We regret to inform you that there are more npm supply chain attacks this week, and a new variant of the Shai Hulud worm is involved. We also talk about the new analysis from Anthropic on a year of data relating to how attackers are using AI in their operations, and the continuing adventures of Microsoft's relationship with security researchers.
The recent Nightmare-Eclipse zero day drop and attendant drama has stirred up all kinds of trouble and unfortunately spurred Microsoft to publish a post scolding security researchers for not using the "proper channels" to disclose bugs, threatening legal action, and generally dredging up every hobby horse from the threadbare disclosure debate.
Links
MSRC post: https://www.microsoft.com/en-us/msrc/blog/2026/05/a-shared-responsibility...
After being caught in one of the more notorious battles in modern American history, Matt Eversmann's military career has become the stuff of legend. The Battle of Mogadishu, immortalized in the book and movie Black Hawk Down, was a pivotal event in U.S. history and in the lives of Matt and his fellow soldiers. Now retired from the army and focusing on training the next generation of leaders, Matt joins Dennis Fisher to talk about h...
In the spring, a young attacker's fancy turns to supply chain compromises, and this season's crop includes the GitHub breach and the Grafana intrusion, which are connected and trace back to the TanStack supply chain attack and...TeamPCP.
Links
Grafana attack: https://decipher.sc/2026/05/17/grafana-investigating-token-compromise-and-extortion-attempt/
GitHub breach: https://decipher.sc/2026/05/20/github-confirms-internal-breach/
Finding a huge pile of bugs with Claude Mythos is great, but the logical next step is figuring out how many of those vulnerabilities are likely to be exploited in the near future. Jay Jacobs and Michael Roytman of Empirical Security join Dennis to talk about how the Exploit Prediction Scoring System can help teams make informed decisions and prioritize patching the most important vulnerabilities. Jay and Michael are pioneers in the...
Unlike a lot of founders in the industry, Sravish Sridhar hasn't spent his career in the security world. He comes from a background in distributed computing and advanced math, and is a successful entrepreneur who's now bringing that experience to bear at TrustCloud, where he's helping CISOs automate and streamline their compliance programs.
Few people (if any) have spent more time thinking about and working on the hard problems in security and software than Gary McGraw, and he also happens to have a PhD in cognitive science and computer science and has been studying neural nets and AI systems for 30+ years. Gary joins Dennis to talk about his team's new research into AI security benchmarks, measurement, and bringing a software security approach to LLMs and AI systems....
Ari Redbord, Global Head of Policy at TRM Labs, talks about the insane background behind the $285 million Drift Protocol crypto heist, how law enforcement agencies are investigating ransomware-linked cryptocurrency wallets, and how effective sanctions are on cybercrime.
If we needed any more evidence that the internet was a mistake, this week provided it. We kick things off with a discussion of the Canvas breach that has affected thousands of schools worldwide, then we dig into the disclosure of two new vulnerabilities in Ivanti and Palo Alto Networks products that are actively exploited, and then we talk about a new branded Linux bug called Dirty Frag. Finally, we wrap up with some comic relief f...
Will Dixon has seen the evolution of cybercrime as both a GCHQ intelligence officer and a private sector executive and analyst, and has seen the way these groups operate up close. He joins Dennis to talk about the ongoing threat from ransomware gangs, how organizations are managing their responses, and what he expects to come next.
JAGS joins Dennis Fisher to unpack the complex history of fast16, a highly targeted cyber espionage platform that goes back as far as 2005, many years before Stuxnet, and was deployed against targets in Iran. JAGS has been in the APT hunting game for a long time, and brings his historical perspective and context around the Shadow Brokers leak, Stuxnet ties, and how this discovery changes what we know about the use of these tools.
The security news was out of hand this week, so we had to pick our spots. We start with the nasty cPanel/WHM vulnerability that affects tens of millions of domains in shared hosting environments, then we discuss the Copy Fail Linux bug and its effects before seguing into the delightful history of branded bugs, logos, and parodies.
Links
Branded bugs and logos: https://io.netgarage.org/logo/
Ariana Mirian, cofounder of startup Beesafe, joins Dennis to talk about the mechanics of online romance and finance scams, how the scammers draw in victims over weeks or months, and why user awareness isn't the complete solution to the problem. LinksBeesafe AI: https://beesafe.ai/
This week we dig deep into the Vercel intrusion that emerged last weekend, how it happened, what the response was, and what the downstream effects may be for defenders. Then we talk about CISA's bizarre delayed response to the Axios npm compromise and what it signals about the agency's capabilities going forward.
It's been A WEEK. Security news never sleeps, and neither does AI, so Dennis and Lindsey dive into all of the storylines coming from the Claude Mythos and Project Glasswing announcements, how organizations will deal with the coming flood of CVEs and patches, NIST's decision to only enrich specific CVEs going forward, and what could possibly be next on the horizon.
Dennis sits down with Tom Ptacek of Fly.io, a veteran security researcher, founder, and observer of the vulnerability landscape, to talk about the recent wave of AI-assisted vulnerability discovery and exploit development, specifically from the use of frontier models such as Claude Mythos. Tom has strong opinions on what's coming and how human researchers and defenders need to respond.
Tom's post: https://sockpuppet.org/blog/2026/0...
The internet is dark and full of terrors, but thanks to folks such as Andrew Northern, a principal security researcher at internet-mapping pioneer Censys, it doesn't have to be, Andrew joins Dennis to talk about the cybercrime ecosystem, getting his start in security on a tiny team with huge responsibilities, and the value of a strong mentor.
Popular Podcasts
If you've ever wanted to know about champagne, satanism, the Stonewall Uprising, chaos theory, LSD, El Nino, true crime and Rosa Parks, then look no further. Josh and Chuck have you covered.
Hey Jonas! The official Jonas Brothers podcast. Hosted by Kevin, Joe, and Nick Jonas. It’s the Jonas Brothers you know... musicians, actors, and well, yes, brothers. Now, they’re sharing another side of themselves in the playful, intimate, and irreverent way only they can. Spend time with the Jonas Brothers here and stay a little bit longer for deep conversations like never before.
Does hearing about a true crime case always leave you scouring the internet for the truth behind the story? Dive into your next mystery with Crime Junkie. Every Monday, join your host Ashley Flowers as she unravels all the details of infamous and underreported true crime cases with her best friend Brit Prawat. From cold cases to missing persons and heroes in our community who seek justice, Crime Junkie is your destination for theories and stories you won’t hear anywhere else. Whether you're a seasoned true crime enthusiast or new to the genre, you'll find yourself on the edge of your seat awaiting a new episode every Monday. If you can never get enough true crime... Congratulations, you’ve found your people. Follow to join a community of Crime Junkies! Crime Junkie is presented by Audiochuck Media Company.
Building on the belief that a deeper understanding of the natural world enriches all of our lives, host Steven Rinella brings an in-depth and relevant look at all outdoor topics including hunting, fishing, nature, conservation, and wild foods. Filled with humor, irreverence, and things that will surprise the hell out of you, each episode welcomes a diverse group of guests who add their own expertise to the vast world of the outdoors. Part of The MeatEater Podcast Network.
Where the world and America meet, with episodes each weekday. The world is changing. Decisions made in the US and by the second Trump administration are accelerating that change. But they are also a symptom of it. With Asma Khalid in DC, Tristan Redman in London, and the backing of the BBC’s international newsroom, The Global Story brings clarity to politics, business and foreign policy in a time of connection and disruption. Come and join us our live event. You can register for Castfest tickets here: https://www.bbc.co.uk/showsandtours/shows/castfest-2026