Decipher Security Podcast

It's a light news week, but we have some fun content for you! This week, we talk about our latest hacker movie episode--STAR WARS--which is up on the site and all of our feeds now (0:25), then we dig into a nasty hard-coded. credential bug in Dell RecoverPoint for Virtual Machines that Chinese threat actors are exploiting (4:20), and then we move on to an active campaign targeting two vulnerabilities in Ivanti EPMM that is hitting organizations across the U.S., Canada, and other countries (08:33). Finally, we talk a little about an interesting cybersecurity plot line on HBO's show The Pitt (12:15). Spoiler warning: If you're not caught up on this show, there's a minor spoiler, but nothing you haven't really seen in the previews. Support the show

STAR WARS isn't just one of the more successful and iconic movies of all time and the basis for a worldwide sci-fi empire, it's also a true hacker story. Wade Baker and Rich Mogull, two Star Wars scholars, join Dennis Fisher to break down the Empire's pathetic perimeter defenses, R2D2's arc as a wily hacker, and how the movie hinges on a data breach.Support the show

This week was a cornucopia of zero days. We talk about the six (!) actively exploited vulnerabilities that Microsoft patched this week in its February update (2:46), then we discuss the one that Apple fixed in iOS 26.3, a vulnerability that has been used in what the company calls an "extremely sophisticated attack" against a few individuals (7:24). That's a clear indication that the vulnerability has likely been used in operations involving commercial spyware vendors. Finally, we give a little love to the long lost TV show CSI: Cyber, which starred James Van Der Beek, and the cameo that two famous hackers had on one episode (12:40). The old Threatpost CSI: Cyber running chat discussionSupport the show

Attackers are moving faster and faster every day, and the challenge of keeping pace is a daunting one. But it's not impossible. watchTowr's Ryan Dewhurst joins Dennis Fisher to talk about how the "magic" of computers first captured his imagination when he was young, how defenders can learn  from attackers' tactics and adapt, and how the AI revolution is accelerating vulnerability disclosure and exploitation.Support the show

This week we talk about the new CISA Binding Operational Directive that sets a deadline for removing end of support edge security devices from federal government networks (1:15), then we discuss the new research from Silent Push on the new variant of the SystemBC botnet (6:45), and finally we have a movie recommendation for you: Joybubbles, the fascinating new documentary about phone phreaker Joe Engressia Jr.Support the show

It was a busy week in the cybers! Today we start with the targeted exploitation of another Fortinet vulnerability (CVE-2026-24858) that enables simple authentication bypass (1:15), then we discuss Google's disruption of a large residential proxy network called IPIDEA that has been abused by hundreds of threat actors (5:40), then we talk about the continued attacks on an older WinRAR bug by both cybercrime and APT groups (10:11). Finally, we shout out some of our favorite fellow creators in security community: the Three Buddy Problem podcast, John Hammond, and Matt Johansen. Support the show

This week, we talk about how Microsoft disrupted a long-running, large-scale cybercrime-as-a-service platform called RedVDS that has been active since 2019 and was used in high-volume phishing and BEC scams (1:00), then we discuss the research from Cisco Talos on another (!) Chinese APT called UAT-8837 that is targeting critical infrastructure organizations in North America (6:06), and finally there's the clever new StackWarp vulnerability in AMD processors that was disclosed this week (9:44).RedVDS takedownCisco Talos reportStackWarpSupport the show

Jeremiah Grossman and Robert Hansen, two of the more influential and accomplished leaders and entrepreneurs in the cybersecurity community, have seen and done it all in their careers. From their roles as the driving forces behind pioneering web appsec firm WhiteHat Security to building out enterprise security programs to breaking large portions of the web (on purpose), Jeremiah and Robert have unique viewpoints on what works and what doesn't. Now, they're building something new, Root Evidence, a vulnerability management platform backed by data from actual breaches and designed to help security teams prioritize fixing the bugs that actually matter.Support the show

The new year is here! And so are the attacks. The first full week of 2026 brought us new research from Cisco Talos on a China-nexus APT group called UAT-7290 that is expanding its targeting and serving as an initial access group as well as a cyber espionage team (3:02). There is also some great data from GreyNoise on the attack volume from actors trying to exploit the React2Shell vulnerability from December (8:26). The volume is holding steady at more than 300,000 sessions per day, which is...high.Talos report: https://blog.talosintelligence.com/uat-7290/GreyNoise report: https://www.greynoise.io/blog/cve-2025-55182-react2shell-opportunistic-exploitation-in-the-wild-what-the-greynoise-observation-grid-is-seeing-so-farSupport the show

There may not be any computers in Home Alone, but few movie characters embody the old-school hacker ethos like Kevin McCallister does. Resourceful, clever, determined, and creative, Kevin uses all of the tools and talents at his disposal to repel a pair of relentless adversaries. Merry Christmas ya filthy animals!Support the show

As we ease into the holidays, the security news doesn't stop coming. This week we discuss the research from AWS threat intelligence on Russian adversaries targeting a variety of network edge devices for opportunistic exploitation, then we break down attacks by a Chinese threat actor that target a new zero day in Cisco's AsyncOS, and finally we discuss the continued exploitation of the React2Shell vulnerability. Support the show

Pete Baker and Zoe Lindsey join Dennis Fisher on the roof of Nakatomi Plaza to discuss one of the great action classics* and a beloved movie in the hacker community: Die Hard. Yippee ki-yay! *NOT a Christmas movieSupport the show

This week gave us the gift of some more React Server Components vulnerabilities  and further exploitation of the previously disclosed bugs by a variety of threat groups. There were also a long list of vulnerabilities disclosed by Microsoft, Adobe, and others, which we discuss in the context of how difficult vulnerability management is right now. Finally, we discuss CISA's warning about continued Russian targeting of US critical infrastructure.GreyNoise report: https://info.greynoise.io/hubfs/At-The-Edge/Weekly-Intelligence-Brief-120825.pdf?_ga=2.212724369.466870115.1765553789-1325891860.1765553788Support the show

Coming from a military family, Erin Whitmore was prepared for a career of service. But her path took her not into the military, but the intelligence community, first in the private sector supporting the DIA and NGA, and later as a cybersecurty program manager in the Office of the Director of National Intelligence. She eventually joined CIA as an operations officer and served in locations around the world before moving back to the private sector where she now focuses on executive risk and strategic intelligence at CYPFER. Erin joins Dennis Fisher to talk about her unique path and how it's prepared her for today's threats and the nascent AI revolution.Support the show

Dennis and Lindsey react (!) to the React2Shell vulnerability disclosure and the quick exploitation of it by Chinese threat actors, then discuss the continues intrusions into critical infrastructure by the Salt Typhoon actors and this week's congressional hearing on telecom network security. Finally, we talk about some upcoming hacker movie episodes, including Die Hard and maybe Home Alone!Support the show

Jeff Gothelf, a renowned author and product strategist and co-founder of Sense and Respond Learning, joins Dennis to discuss the need to design products with users in mind, how critical thinking can help teams succeed, and what the AI revolution means for security teams and other groups.Support the show

It's an acronym-filled, government-only bonanza this week! We discuss the DoJ sanctioning Russian bulletproof hosting provider Media Land (0:53), the SEC dropping its enforcement action against SolarWinds and its CISO (13:25), and the FCC reversing course on a longstanding security rule for telecom providers (26:00).Support the show

Dennis is joined by Rich Mogull, chief analyst at the Cloud Security Alliance, cloud security trainer, and all around good guy to talk about the Cloudflare outage, why the internet is now just six companies, and what, if anything, organizations can do to improve their resilience in the current environment. Support the show

This week was a bit of a throwback to olden times, with the disclosure by Amazon threat intelligence of  zero days in Cisco and Citrix products that were exploited by an unnamed APT, and Google using legal action to disrupt the Lighthouse phishing service operation. We dig into those two stories, plus we discuss the challenge of trying to quantify the financial and other effects of a major cyber attack. Related stories:https://decipher.sc/2025/11/12/apt-targets-cisco-and-citrix-zero-days/https://decipher.sc/2025/11/14/marks-and-spencers-profit-drop-the-financial-toll-of-cyberattacks/https://decipher.sc/2025/11/12/google-wants-to-snuff-out-lighthouse-phishing-kit/https://censys.com/blog/highway-robbery-2-0Support the show

"You know, you really don't need a forensics team to get to the bottom of this. If you guys were the inventors of Facebook, you'd have invented Facebook." Melanie Ensign joins Dennis Fisher and Lindsey O'Donnell-Welch to discuss David Fincher's massively successful 2010 film, The Social Network, a movie that opens a window into the dark side of Silicon Valley and the lengths that some people will go to in order to win.Support the show

Yahoo CISO and Chief Paranoid Sean Zadig returns to the podcast for a discussion with Dennis Fisher  about how to go about getting kids interested in technology and teaching them about hacking (in the broad, classical sense) safely (9:10). Then they talk about how rapidly the cybersecurity industry is changing and what effects AI is and is not having on offense, defense, and the job market (45:00).Support the show

We don't do holiday themed episodes in this house, so no tricks, but we have some treats for you. First we discuss the problem of shadow AI (1:00) and how it seems like we're just repeating the mistakes of previous tech waves in ignoring security until it's too late. Then we dig into a new report from Kaspersky about a crazy exploit they discovered for a Chrome sandbox escape that led them to identify the new version of Hacking Team's spyware called Dante (23:00). Finally, we provide some important updates on our respective wildlife encounters (33:00).Kaspersky report: https://securelist.com/forumtroll-apt-hacking-team-dante-spyware/117851/ Support the show

This week saw a blessed lack of major vulnerabilities, but there was plenty of other news to dig into. We discuss the fallout from the AWS outage (0:36), the conclusions from the latest Cyberspace Solarium Commission report (4:37), and the effects of CISA's shakeup on the private sector (14:07), and the continued effects of the F5 incident (21:21). Finally, we have some extremely important updates on whether Dennis has a dog yet and a WILD story about woodland creatures in Lindsey's house that can not be missed! (32:50)

Mitch, there's something you need to know. Compared to you, most people have the IQ of a carrot. Real Genius has it all: '80s movie icon Val Kilmer at his coolest, a brilliant hacker named Laszlo living in a closet, a giant space laser, and the absolute embodiment of the hacker ethos. Join us as we dig into this classic with our pal Wendy Nather. It's a moral imperative.Slate article on the inspiration for Jordan: https://slate.com/technology/2015/08/real-genius-30th-anniversary-how-i-helped-inspire-the-lead-female-character.html

In the wake of the disclosure of a serious intrusion at F5 that reportedly lasted about a year, we talk about the details of the disclosure, the potential link to Chinese state actors, the fallout from the attackers' access to source code and bug reports, and what this could mean in the long term. 

Have you heard about this AI thing? It's wild. Turns out, attackers are using it for all kinds of things we'd rather not have them doing. Dennis Fisher is joined by two experts from CrowdStrike--Adam Meyers, head of counter adversary operations, and Elia Zaitsev, CTO--to talk about how both defenders and attackers are leveraging AI and where things might be going in the next few years. 

This week brings some new insights into the origins and length of the Cl0p extortion attacks tied to the Oracle E-Business Suite vulnerability, big surges in scanning for Cisco ASA, Palo Alto, and Fortinet devices, and a huge upgrade to Apple bug bounty payouts.  Plus: Does Dennis have a dog yet?https://security.apple.com/blog/apple-security-bounty-evolved/https://decipher.sc/2025/10/08/data-connects-scanning-surges-for-cisco-fortinet-pan-devices/https://decipher.sc/2025/10/09/oracle-clop-data-theft-campaign-started-months-ago/

What you see on these screens up here is a fantasy; a computer-enhanced hallucination. WarGames may be 42 years old (!) but its prescience about our current technocracy and race to take humans out of the loop is as clear as ever. Dennis Fisher, Lindsey O-Donnell-Welch, Zoe Lindsey, and Pete Baker sit down in front of an IMSAI 8080 with some raw corn on the cob and a can of Tab to talk about this brilliant hacker movie classic. 

Dennis and Lindsey dissect a busy week in security news, starting with the Cl0p group's extortion campaign against Oracle customers (3:24), then moving into the Crimson Collective's claimed breach of some of Red Hat GitLab's repos (12:41), and finally the consequences of the expiration of th CISA legislation and de-funding of the MS-ISAC (22:46). PLUS! An exciting announcement about our partnership with Material Security for their Security Theater event in NYC! 

The world isn't run by weapons anymore, or energy, or money. It's run by little ones and zeroes, little bits of data. It's all just electrons. Daniel Cuthbert joins Dennis Fisher to dive into an all-tiime, undisputed hacker movie classic, the 1992 masterpiece, Sneakers. We dissect the movie's genesis, its technical accuracy and prescience, and discuss its lasting influence on the hacker community more than 30 years after its release. 

Adam Bateman, co-founder and CEO of Push Security, joins Dennis Fisher to talk about a new, highly targeted phishing campaign the company uncovered that uses compromised LinkedIn accounts in order to harvest victims' Google or Microsoft credentials through a fake investment, then discuss trends in browser-based attacks and defensive challenges.

Dennis and Lindsey discuss the targeted compromises of NPM packages (1:00) and the pointed letter that Sen. Ron Wyden sent to the FTC chairman asking for Microsoft to be held liable for the Ascension ransomware attack last year (11:45) before finally touching on Apple's new memory safety technology for new iPhones (20:43).NPM compromise: https://decipher.sc/2025/09/08/targeted-attack-compromises-popular-npm-packages/Wyden and Microsoft: https://decipher.sc/2025/09/10/senator-flags-microsofts-role-in-the-ascension-ransomware-hack/Apple memory safety: https://security.apple.com/blog/memory-integrity-enforcement/

Dennis and Lindsey talk through the continuing fallout of the Salesloft Drift incident (2:05) in light of the disclosure of several new companies that are involved, including Cloudflare, which published an excellent post-mortem on the intrusion. Then they discuss the new Shared Vision of SBOM for Cybersecurity published by CISA, NSA, and many foreign government cybersecurity agencies, and talk about why  this is coming out now (17:54).

We are so back! After a bit of a hiatus, we're very excited to be back with new Decipher content for you in all of the old familiar places. And also some new ones. Join Decipher editors Dennis Fisher and Lindsey O'Donnell-Welch as we start our new, independent phase, talk about what we've been up to, and discuss our plans for what fun stuff we have in store. Decipher website: https://decipher.sc/YouTube: https://www.youtube.com/@DecipherSecBluesky: https://bsky.app/profile/deciphersec.bsky.socialX: https://x.com/DecipherSec

The Sony Pictures hack in 2014 by the North Korean Lazarus Group was a seminal event both in Hollywood and in the security community, bringing to light the capabilities and ambitions of North Korean attackers and showing the damage a leak of sensitive data can be. Brian Raftery joins Dennis Fisher to discuss his new Ringer podcast, The Hollywood Hack, that digs deep into the incident, its repercussions in Hollywood, and how it helped set the tone for how companies handle public data leaks.

The focus was on Iranian APTs this week, both from private threat intelligence teams and CISA, exposing new operations from UNC757 and other groups targeting government, higher education, and private industry. We also check in on a new report from Google's Threat Analysis Group on APTs using the same exploits for zero days that were developed by private commercial surveillance vendors NSO Group and Intellexa.

Reddit's head of application security Matt Johansen joins Dennis Fisher to talk about the highlights of Black Hat USA, the challenges of sorting security priorities in a large enterprise, and how he's learned to take care of his mental health after many years in the security industry. 

Rebekah Brown and John Scott-Railton of the Citizen Lab join Dennis Fisher to dive into their group's new report on highly targeted spear phishing campaigns by the Russian threat actor COLDRIVER and then discuss the emergence of a new, possibly related group called COLDWASTREL. 

Dennis Fisher and Lindsey O'Donnell-Welch reflect on their week in Las Vegas at Black Hat and discuss the talks they liked, including Moxie Marlinspike's keynote and the Google Project Zero retrospective, and the other topics they found interesting, including vulnerability exploitation versus social engineering and the AI ecosystem.

At Black Hat USA this year, Josh Harguess and Chris Ward, with Cranium AI, talk about the security challenges that organizations are experiencing while implementing AI in their environments, what AI red teaming consists of and the backstory of how MITRE Labs' AI Red Team came to be.

AI and machine learning security expert Gary McGraw joins Dennis Fisher to discuss the concept of data feudalism in LLM foundation models, what the security implications of it are, and whether narrowly focused models may help address these issues. 

Decipher editors Dennis Fisher and Lindsey O"Donnell-Welch are joined by Brian Donohue to dissect the Black Hat talks they're looking forward to, including sessions with H D Moore, Sherrod DeGrippo, and Moxie Marlinspike, and some talks they can't quite figure out from the titles.

The fallout from the CrowdStrike outage continues more than a week after the faulty update, so Huntress security researcher John Hammond joins Dennis Fisher to talk about the lessons learned from the incident, our fragile software ecosystem, and what cybersecurity practitioners can do differently next time.

Tyler Healy, CISO of Digital Ocean, joins Dennis Fisher to discuss the unique challenges of defending a huge platform, how AI is changing things for defenders, and what new challenges AI might bring in the near future. 

CrowdStrike said a problem with an update the company pushed to Falcon sensors on Windows hosts on July 18 caused a blue screen of death, an issue that coincided with a Microsoft Azure outage and widespread outages across airlines, banks, hospitals, and other services.Our story on this incident: https://duo.com/decipher/crowdstrike-windows-update-linked-to-global-outagesThe Windows monoculture paper: https://www.schneier.com/essays/archives/2003/09/cyberinsecurity_the.html

FIN7 is a highly active and capable cybercrime group also known as Carbanak that has been evolving and using its own tools such as AVNeutralizer for many years. SentinelOne researchers Antonio Cocomazzi helps us dig into the group's tactics and tools.Read Antonio's new research here: https://www.sentinelone.com/labs/fin7-reboot-cybercrime-gang-enhances-ops-with-new-edr-bypasses-and-automated-attacks/

Former NSA Deputy Director George Barnes joins Dennis Fisher to talk about his 35-year career at the agency, how he came to be intrigued by the cybersecurity world, the emergence of Cyber Command as a force inside the government, and what he sees as the priorities for defenders now.

Chris Hughes, co-founder of Aquia and a Cyber Innovation Fellow at the Cybersecurity and Infrastructure Security Agency, joins Dennis Fisher to talk about the challenges of supply chain security, working with the government to address systemic issues, and the importance of collaboration. 

Dennis Fisher and Lindsey O'Donnell-Welch dig into the news of the TeamViewer corporate breach, attributed to APT29/Midnight Blizzard, and news of more victims from the Microsoft intrusion by the same group earlier this year.

Multi-factor authentication (MFA) is a critical form of defense for organizations, and threat actors are recognizing that: According to the latest Cisco Talos Incident Response Quarterly Trends report, instances related to MFA were involved in some capacity in half of all security incidents that the Talos team responded to in the first quarter of 2024.Hazel Burton with Cisco Talos talks about how threat actors are using targeted social engineering techniques to try to skirt by MFA, how phishing kits are increasingly incorporating MFA bypass tactics, and what businesses can do.

Metin Kortak, CISO with Rhymetec, talks about how organizations are approaching data privacy and security compliance, and thinking about risk management policies, when it comes to generative AI in the workplace.