Security Weekly Podcast Network (Audio)

It’s the holidays, your defenses are down, your inbox is lying to you, and yes—you’re gonna click the link. In Part 1 of our holiday special, Doug White and a panel of very smart people explain why social engineering still works decades later, why training alone won’t save you, and why the real job is surviving after the click. From phishing and smishing to click-fix attacks, access control disasters, and stories that prove humans ...

Using OWASP SAMM to assess and improve compliance with the Cyber Resilience Act (CRA) is an excellent strategy, as SAMM provides a framework for secure development practices such as secure by design principles and handling vulns.

Segment Resources:

• https://owaspsamm.org/
• https://cybersecuritycoalition.be/resource/a-strategic-approach-to-product-security-with-owasp-samm/

As genAI becomes a more popular tool in software e...

Interview with Frank Vukovits: Focusing inward: there lie threats also

External threats get discussed more than internal threats. There’s a bit of a streetlight effect here: external threats are more visible, easier to track, and sharing external threat intelligence doesn’t infringe on any individual organization’s privacy. That’s why we hear the industry discuss external threats more, though internally-triggered incidents...

This week in the security news:

• Linux process injection
• Threat actors need training too
• A Linux device "capable of practically anything"
• The Internet of webcams
• Hacking cheap devices
• Automating exploitation with local AI models
• Lame C2
• Smallest SSH backdoor
• Your RDP is on the Internet
• These are not the high severity bugs you were looking for
• Low hanging fruit
• Your TV is spying on you, again
• no such thing as "offensive security...

Business Security Weekly is well aware of the cybersecurity hiring challenges. From hiring CISOs to finding the right skills to developing your employees, we cover it weekly in the leadership and communications segment. But this week, our guest interview digs into the global cybersecurity hiring trends.

Jim McCoy, CEO at Atlas, joins Business Security Weekly to share his expertise on the global workforce needs in the 160 countries ...

Open source projects benefit from support that takes many shapes. Kat Cosgrove shares her experience across the Kubernetes project and the different ways people can make meaningful contributions to it. One of the underlying themes is that code is written for other people. That means PRs need to be understandable, discussions need to be enlightening, documentation needs to be clear, and collaboration needs to cross all sorts of boun...

Interview Segment: Tony Kelly

Illuminating Data Blind Spots

As data sprawls across clouds and collaboration tools, shadow data and fragmented controls have become some of the biggest blind spots in enterprise security. In this segment, we’ll unpack how Data Security Posture Management (DSPM) helps organizations regain visibility and control over their most sensitive assets.

Our guest will break down how DSPM differs from a...

This week in our technical segment, you will learn how to build a MITM proxy device using Kali Linux, some custom scripts, and a Raspberry PI! In the security news:

• Hacking Smart BBQ Probes
• China uses us as a proxy
• LOLPROX and living off the Hypervisor
• Are we overreating to React4Shell?
• Prolific Spyware vendors
• EDR evaluations and tin foil hats
• Compiling to Bash!
• How e-waste became a conference badge
• Overflows via underflows a...

Organizations rely heavily on Salesforce to manage vasts amounts of sensitive data, but hidden security risks lurk beneath the surface. Misconfigurations, excessive user permissions, and unmonitored third party integrations can expose this data to attackers. How do I secure this data?

Justin Hazard, Principal Security Architect at AutoRABIT, joins Business Security Weekly to discuss the security challenges of Salesforce. Justin wil...

The MCP standard gave rise to dreams of interconnected agents and nightmares of what those interconnected agents would do with unfettered access to APIs, data, and local systems. Aaron Parecki explains how OAuth's new Client ID Metadata Documents spec provides more security for MCPs and the reasons why the behavior and design of MCPs required a new spec like this.

Segment resources:

• https://aaronparecki.com/2025/11/25/1/mcp-a...

Interview with Danny Jenkins: How badly configured are your endpoints?

Misconfigurations are one of the most overlooked areas in terms of security program quick wins. Everyone freaks out about vulnerabilities, patching, and exploits.

Meanwhile, security tools are misconfigured. Thousands of unused software packages increase remediation effort and attack surface. The most basic misconfigurations lead to breaches. Threatlock...

This week we welcome Ed Skoudis to talk about the holiday hack challenge (https://sans.org/HolidayHack). In the security news:

• Oh Asus
• Dashcam botnets
• Weird CVEs being issued
• CodeRED, but not the worm
• Free IP checking
• Internet space junk and IoT
• Decade old Linux kernel vulnerabilities
• Breaking out of Claude code
• Malicious LLMs
• Hacker on a plan gets 7 years
• Putting passwords into random websites
• NPM supply chains strike again
• L...

While many businesses rely on Microsoft 365, Salesforce and Google Workspace security features, critical blind spots remain—the recent series of high profile SaaS breaches demonstrate this. So what should you do?

Mike Puglia, General Manager of Kaseya Labs, joins Business Security Weekly to discuss the risks in SaaS applications. In this segment, Mike will explore how bad actors are focusing their attacks on SaaS applications, hija...