Decipher Security Podcast

The security news was out of hand this week, so we had to pick our spots. We start with the nasty cPanel/WHM vulnerability that affects tens of millions of domains in shared hosting environments, then we discuss the Copy Fail Linux bug and its effects before seguing into the delightful history of branded bugs, logos, and parodies.

Links

Branded bugs and logos: https://io.netgarage.org/logo/

Ariana Mirian, cofounder of startup Beesafe, joins Dennis to talk about the mechanics of online romance and finance scams, how the scammers draw in victims over weeks or months, and why user awareness isn't the complete solution to the problem. LinksBeesafe AI: https://beesafe.ai/

This week we dig deep into the Vercel intrusion that emerged last weekend, how it happened, what the response was, and what the downstream effects may be for defenders. Then we talk about CISA's bizarre delayed response to the Axios npm compromise and what it signals about the agency's capabilities going forward.

It's been A WEEK. Security news never sleeps, and neither does AI, so Dennis and Lindsey dive into all of the storylines coming from the Claude Mythos and Project Glasswing announcements, how organizations will deal with the coming flood of CVEs and patches, NIST's decision to only enrich specific CVEs going forward, and what could possibly be next on the horizon.

The internet is dark and full of terrors, but thanks to folks such as Andrew Northern, a principal security researcher at internet-mapping pioneer Censys, it doesn't have to be, Andrew joins Dennis to talk about the cybercrime ecosystem, getting his start in security on a tiny team with huge responsibilities, and the value of a strong mentor.

It's been quite a week in security news, and Dennis and Lindsey dig into the continued effects of the axios supply chain attack, the incredibly fast adoption of AI tools for vulnerability research and what that means for software makers and defenders, and what the future holds for vulnerability research and exploit development.

Security Theater in Austin: https://material.security/theater-2026#theater-live-event

Fresh off the plane from RSA, Dennis fills Lindsey in on everything she missed (and didn't miss) at this year's conference (0:23), from the insanity of the expo floor (4:06) to the appearance of a line of synchronized robots or spacemen or something (8:18), to some very interesting conversations about the hyper speed of AI malware development and what's coming next for defenders (27:25).

With the RSA Conference on the horizon, Dennis and Lindsey are here with a preview of the conference's more interesting sessions and keynotes, a discussion of the recent and ancient history of the conference, and a quick game: Is this a security vendor or a prescription drug name?

Sure, space pirate is a cool title, but what about space hacker? Way cooler! With the imminent release of Project Hail Mary, Wendy Nather joins Dennis Fisher to dig into the nutrient-rich narrative soil that produced a modern classic that truly epitomizes the hacker ethos. We are the greatest podcasters on Mars!

The process of developing and deploying exploits is a complex and controversial one and it's often a black box to outside observers. To help shine a light on how this all works, Caitlin Condon of VulnCheck joins Dennis Fisher for a deep dive into the zero day exploit landscape, what goes into exploit development, and what actually qualifies as a functional exploit.

Every day is zero day, and this week we talked about the new Google Threat Intelligence Group report on the zero day exploit landscape in 2025 (2:22) and who's exploiting what, then we discuss Microsoft's disruption of the Tycoon 2FA cybercrime operation (9:51), and finally we talk about the KEVology report from runZero and our new podcast with Tod Beardsley (13:25).

Tod Beardsley, VP of security research at runZero and former KEV section chief at CISA, joins Dennis Fisher to talk about the evolution of the Known Exploited Vulnerabilities catalog, how much value defenders should place on a specific bug being in the KEV, and his new KEVology report that breaks down all of the data in the KEV and sifts through it for specific insights for defenders.

This week Lindsey rejoins Dennis to talk about the attacks targeting a zero day in Cisco's Catalyst SD-WAN Controller (2:17), Google's disruption of a China-linked cyber espionage campaign targeting telecom infrastructure (6:30), and the new cyber developments on everyone's favorite tech show, The Pitt (13:13)!

STAR WARS isn't just one of the more successful and iconic movies of all time and the basis for a worldwide sci-fi empire, it's also a true hacker story. Wade Baker and Rich Mogull, two Star Wars scholars, join Dennis Fisher to break down the Empire's pathetic perimeter defenses, R2D2's arc as a wily hacker, and how the movie hinges on a data breach.

Support the show