Podcasts about Authentication

GitHub confirms a major supply chain breach after a malicious Visual Studio Code extension reportedly gave attackers linked to TeamPCP access to roughly 3,800 internal repositories. The bigger issue: developer workstations now hold some of the most sensitive secrets in modern software organizations. Also today: Microsoft begins phasing out SMS-based authentication for personal accounts, calling text-message authentication a growing fraud risk as it shifts toward phishing-resistant passkeys. Researchers also disclose a nine-year-old Linux privilege escalation flaw, CVE-2026-46333, nicknamed SSH-Keysign-Pwn, which can allow root-level access with local machine access. And Proton publicly threatens to leave Canada rather than comply with proposed surveillance legislation it says would undermine its no-logs privacy promise. Cybersecurity Today would like to thank Material Security for sponsoring this podcast. Material Security provides faster, more complete detection and response for email, identity, and data threats inside Google Workspace and Microsoft 365. You can contact them at material[dot]security. If cybersecurity, privacy, and digital infrastructure matter to your business, this is the daily briefing you need. Timestamps: 00:00 Top Stories Rundown 00:24 GitHub Supply Chain Breach 01:09 Developer Workstations at Risk 02:31 Microsoft Ditches SMS MFA 04:15 Linux Root Escalation Flaw 06:11 Proton vs Canada Surveillance Bill 08:03 Wrap Up and Sign Off #cybersecurity #github #microsoft #linux #protonvpn #privacy #databreach #supplychainattack #infosec #cybernews

Join us as we break down two of the most iconic case hits in the sports card hobby: Kaboom and Downtown. Whether you're a seasoned collector or just getting into high‑end inserts, this guide uncovers the key differences, market trends, and long‑term potential of these hobby favorites. Learn what sets each case hit apart, how rarity and design impact value, and which one might be the better chase for your collection or investment strategy. This is the ultimate breakdown every sports card collector needs.

Join us as Sports Card Investor's Tyler Nethercott sheds light on the controversial topic of aftermarket autographs in the sports card industry. Discover the facts, myths, and risks associated with aftermarket autographs and learn how to navigate this complex market with confidence. Don't miss this eye-opening discussion that every sports card collector and investor needs to hear!1:07 – Aftermarket autographs5:06 – Discussion about card grading9:15 – Card grading details11:23 – What it takes to match PSA19:30 – Topps card design discussion24:24 – Starting a sports card collection28:23 – Autograph story32:13 – What is Market Movers?34:04 – Wrapping up

Episode 422 is the debut of Decoded by Identity at the Center, a new sub-series hosted by Jeff Steadman and Sean O'Dell dedicated to unpacking the specifications and standards powering IAM. Joining them is Pieter Kasselman, VP of Open Standards at Defakto and chair of the WIMSE working group. The conversation covers why traditional non-human identity approaches break at agentic scale, how SPIFFE and SPIRE enable short-lived automated credential provisioning without long-lived secrets, and why treating agents as workloads unlocks a decade of existing standards. Pieter walks through critical OAuth specs including JWT authorization grant, token exchange, client ID metadata, and the emerging transaction tokens draft. Sean connects these to practical gateway architecture, continuous access evaluation, and policy-based authorization. The episode closes with real-world deployment examples and a clear takeaway: the tools to secure agentic identity are available today.Episode Links:Pieter Kasselman: https://www.linkedin.com/in/pieter-kasselman-0259862/AI Agent Authentication and Authorization: https://datatracker.ietf.org/doc/draft-klrc-aiagent-auth/Workload Identity in Multi-system environments (WIMSE): https://ietf-wg-wimse.github.io/OAuth SPIFFE Client Authentication: https://datatracker.ietf.org/doc/draft-ietf-oauth-spiffe-client-auth/Transaction Tokens: https://datatracker.ietf.org/doc/draft-ietf-oauth-transaction-tokens/08/Agentic Identity Control Framework. You Already Have the Pieces. Now Build It. by Sean O'Dell: https://www.linkedin.com/pulse/agentic-identity-control-framework-you-already-have-pieces-o-dell-61b5e/Timestamps:00:00 Introduction to Decoded by Identity at the Center00:13 The mission of the Decoded sub-series03:02 Guest intro: Pieter Kasselman, VP of Open Standards at Defakto06:21 Why agentic identity is urgent: scale, multi-platform, and shifting threat landscape10:42 The real cost of API keys and credential sprawl in agentic systems13:23 Agentic identity identifiers and how SPIFFE assigns unique workload IDs21:00 Credential types: X.509, JWTs, and workload identity tokens31:00 Connecting SPIFFE to OAuth and dynamic registration with client ID metadata38:18 SPIFFE SVIDs, multiple credentials per agent, and governance traceability41:44 Authentication versus authorization: delegation versus impersonation47:00 Transaction tokens: binding access to specific transactions to stop token theft51:21 Identity chaining and cross-domain authorization55:00 Shared Signals Framework and dynamic authorization57:00 Gateways, CAEP, and mid-flight token revocation for rogue agents59:31 What you can deploy today with SPIFFE, OAuth, and existing IDPs01:02:58 Policy-based access control and why instance-level governance cannot scale01:04:58 Workload identity federation: Anthropic and Google Agent ID updates01:07:13 Cross-platform federation and the law of agentic utility01:11:55 Elevator pitch: agents are workloads and 95% of the problem is solved now01:17:03 What is coming next: a transaction tokens deep diveKeywords:agentic identity, SPIFFE, SPIRE, OAuth, transaction tokens, Shared Signals Framework, WIMSE, workload identity, non-human identity, authorization delegation, JWT, CAEP, API gateway, IAM standards, AIMS, Jeff Steadman, Sean O'Dell, Pieter Kasselman, IDAC, Identity at the Center, Jim McDonald, Decoded by Identity at the CenterDecoded by Identity at the Center:Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/Sean O'Dell: https://www.linkedin.com/in/seanodentity/Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/Visit the show on the web at https://idacdecoded.com/

In our World Password Day Special, we're digging into credentials, identity, and authentication  — and where security is  heading next.

This episode is a follow-up to our 2024 discussion with Stripe and Entersekt on the use of 3-D Secure (3DS) in markets where strong customer authentication is not mandated, particularly the United States. That earlier conversation was grounded in Stripe's analysis of US 3DS transactions and explored a counterintuitive but important finding: when 3DS is deployed selectively in unregulated markets, its presence can become correlated with higher-risk transactions, limiting its effectiveness and in some cases negatively impacting authorization outcomes. Since that episode, several developments have occurred, including new analysis by Stripe examining 3DS usage and performance in markets where authentication is required by regulation, a substantial increase in the use of EMVCo "network" tokenization, and research and messaging developed by Entersekt regarding the continued use of authentication in conjunction with tokenization. Chris Uriarte is delighted to welcome back Amandeep Batra from Stripe and Dewald Nolte from Entersekt to address these developments and to explore how authentication and tokenization interact in practice across different regulatory environments.

Upper Deck President Jason Masherah joins the show to break down one of the biggest moments in hobby history, the $4.25M Michael Jordan card sale. We dive into what makes this card so iconic, why it continues to set records decades later, and what it says about the current market. Jason also pulls back the curtain on sports memorabilia authentication, including how to spot real from fake, why authentication matters more than ever, and the risks collectors are taking without even realizing it. Plus, we get into: The most undervalued areas of the hobby right now How Upper Deck approaches scarcity, pricing, and collectors Why some memorabilia may actually be a better value than cards today And what the future of the hobby could look like If you collect cards or memorabilia, this is a must-listen. Learn more about your ad choices. Visit megaphone.fm/adchoices

Carlos da Silva, Chief Product Officer of Unibeam, discusses SIM-based authentication technology with Don Witt from Channel Daily News a TR Publication. Carlos explained Unibeam’s SIM-based authentication technology, which uses information stored in SIM cards to provide enhanced security against account takeover and fraud, particularly addressing the limitations of traditional SMS OTP authentication methods. He discussed how their solution works through cellular networks rather than the internet, making it more secure while maintaining ease of use for users. Carlos DaSilva Mr. Carlos da Silva also shared some insight on the following topics: The top cybersecurity threats facing customers of mobile operators today Why passwords, traditional MFA, and other authentication methods are no longer effective in this threat landscape. SIM-based authentication, and how is it making a difference. Additional insight about Unibeam. SIM-based authentication is being adopted in a few markets For more information, go to: https://unibeam.com/

https://itayverchik.co.il/codex-ai/היום, ללקוחות שלכם כבר לא מספיק לראות אתר תדמית רגיל שרק מציג מידע. הם מחפשים חוויה טכנולוגית, שקיפות, ומקום מרוכז שבו הם יכולים להתחבר, לראות את הנתונים שלהם, לעקוב אחרי פרויקטים ולתקשר איתכם ישירות. בעבר, פיתוח פלטפורמה כזו דרש צוות מתכנתים שלם. היום, הבינה המלאכותית משנה את כללי המשחק.בסרטון הזה אני לוקח אתכם שלב אחר שלב בתוך תהליך הפיתוח שעשיתי בעזרת Codex AI. נלמד איך הקמתי אתר תדמית בעל עיצוב נקי ומודרני, ואיך חיברתי אליו מערכת פנימית (פורטל אישי) שמאפשרת ללקוחות הסוכנות להתחבר בצורה מאובטחת ולצפות במידע שרלוונטי אך ורק להם.מה נראה במדריך?בניית החזית (Frontend): איך להשתמש ב-Codex AI כדי לייצר אתר תדמית מהיר, רספונסיבי ובעל נראות עדכנית שמשדרת סמכות.פיתוח המערכת הפנימית (Backend): יצירת סביבה סגורה ללקוחות, הכוללת מסד נתונים מאובטח לניהול המידע של כל לקוח ולקוח.מנגנון התחברות (Authentication): איך להגדיר הרשמות, התחברויות (Login) וניהול הרשאות כך שכל משתמש רואה רק את הדשבורד האישי שלו.חיבור התהליכים העסקיים: הדרך שבה המערכת מדברת עם כלי האוטומציה והניהול השוטף של הסוכנות כדי לחסוך עבודה ידנית.המדריך הזה יעזור לכם לעשות קפיצת מדרגה טכנולוגית ולהציע ללקוחות שלכם שירות הרבה יותר יוקרתי, יעיל ומתקדם.המדריך נתן לכם רעיונות למערכת שתוכלו לבנות לעסק שלכם?אל תשכחו לעשות לייק לסרטון, להירשם לערוץ וללחוץ על הפעמון כדי לקבל עדכונים על עוד מדריכי פיתוח בבינה מלאכותית, שיווק דיגיטלי ואוטומציה.

Most enterprise authentication today is still built on passwords or one-time codes -- and neither is phishing-resistant. Alexander Summerer explains that fraud remains the core challenge: attackers intercept credentials in the online channel, and users are burdened with complex password policies that slow them down without making them safer. Swissbit's answer is the iShield Key, a FIDO2-based hardware security key that is plug and play. No passwords to remember, no codes to intercept, and no chance for a phishing attack to succeed. What sets Swissbit apart at RSAC Conference 2026 is convergence. The same iShield Key that authenticates a user at their workstation can also open a door. Tap it on an HID reader in a healthcare facility, a university, or a manufacturing plant, and access is granted -- physical and digital, in one device. Swissbit is the only vendor on the market today offering this combination, with HID Seos support now available and a global partner network ready to deploy at scale. The forward story is post-quantum cryptography. Alexander Summerer notes that quantum computing poses a real and coming threat to standard authentication algorithms. Swissbit is already previewing a PQC evaluation platform at booth 6565 -- a device that runs a post-quantum chip alongside the traditional chip. Organizations can upgrade to PQC-protected authentication with the same hardware, keeping legacy use cases running without disruption. This is a Brand Highlight. A Brand Highlight is a ~5 minute introductory conversation designed to put a spotlight on the guest and their company. Learn more: https://www.studioc60.com/creation#highlight GUEST Alexander Summerer, Head of Authentication, Swissbit LinkedIn: https://www.linkedin.com/in/alexander-summerer RESOURCES Swissbit: https://www.swissbit.com iShield Key product page: https://www.swissbit.com/en/products/security-products/ishield-key/ Are you interested in telling your story? ▶︎ Full Length Brand Story: https://www.studioc60.com/content-creation#full ▶︎ Brand Spotlight Story: https://www.studioc60.com/content-creation#spotlight ▶︎ Brand Highlight Story: https://www.studioc60.com/content-creation#highlight KEYWORDS Alexander Summerer, Swissbit, Sean Martin, RSAC Conference 2026, hardware security key, FIDO2, phishing-resistant authentication, passwordless authentication, physical access control, post-quantum cryptography, PQC, iShield Key, HID Seos, enterprise authentication, zero trust, brand story, brand marketing, marketing podcast, brand highlight Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

I bought a card...and then it fell apart. Or did it?Perhaps telling this story can improve the process?

Fresh out of the studio, Ken Exner, Chief Product Officer at Elastic, joins us to explore how Elastic evolved from the world's most popular open-source search engine into the context layer powering modern AI applications and agent systems. He shares his career journey from database programming to over 16 years at Amazon building AWS resilience practices, and now leading product strategy where search, observability, and security converge into a unified AI platform. Ken explains why context engineering is the defining discipline of the AI age, where developers become managers of agents, and how Elastic's 15-year enterprise head start positions it as the foundational retrieval layer between enterprise data and LLMs."I like to think of the future of software development is—developers will be managers of agents. They're no longer going to be ICs [Individual Contributors], they're going to be managers. Every developer is going to be a manager of agents and they're going to be doing context engineering. They're going to be figuring out how to pass context and data to an LLM or an agent. And they're going to be goal setting. They're going to have their team of agents, and they're going to give them goals, and they're going to review the output." - Ken Exner Episode Highlights: [00:00] Quote of the Day by Ken Exner from Elastic[00:51] Ken's origin story: database programmer to Amazon[02:07] What attracted Ken to Elastic[02:51] Lessons from building resilient systems at AWS[04:34] How Elastic evolved from search to AI infrastructure[07:06] Elastic today: context engineering, observability, security[09:42] Why observability will be fundamentally transformed by AI[10:48] How early vector search prepared Elastic for GenAI[12:53] Context engineering: ingestion, retrieval, evaluation[15:39] The 10-year head start over purpose-built competitors[20:57] A developer's day is now all context engineering[24:16] Elastic as the bridge between enterprise data and LLMs[26:13] Agent Builder capabilities for customers[28:09] Data, tools, and context in the Elastic framework[29:39] Elastic on battleships and a Mars rover[31:00] The disorienting acceleration of AI coding models[32:07] Developers will be managers of agents[34:00] Authentication and identity for autonomous agents[35:30] Great in five years: the foundational AI layer[36:14] Disrupting observability and security from within[36:36] ClosingProfile: Ken Exner, Chief Product Officer, ElasticLinkedIn: https://www.linkedin.com/in/ken-exner-b914542/Podcast Information: Bernard Leong hosts and produces the show. The proper credits for the intro and end music are "Energetic Sports Drive." G. Thomas Craig mixed and edited the episode in both video and audio format.

In this repeat episode, Jack Herrington sits down with Tanner Linsley to talk about the evolution of TanStack and where it's headed next. They explore how early projects like React Query and React Table influenced the headless philosophy behind TanStack Router, why virtualized lists matter at scale, and what makes forms in React so challenging. Tanner breaks down TanStack Start and its client-first approach to SSR, routing, and data loading, and shares his perspective on React Server Components, modern authentication tradeoffs, and composable tooling. The episode wraps with a look at TanStack's roadmap and what it takes to sustainably maintain open source at scale. We want to hear from you! How did you find us? Did you see us on Twitter? In a newsletter? Or maybe we were recommended by a friend? Fill out our listener survey! https://t.co/oKVAEXipxu Let us know by sending an email to our producer, Elizabeth, at elizabeth.becz@logrocket.com, or tweet at us at PodRocketPod. Check out our newsletter! https://blog.logrocket.com/the-replay-newsletter/ Follow us. Get free stickers. Follow us on Apple Podcasts, fill out this form, and we'll send you free PodRocket stickers! What does LogRocket do? LogRocket provides AI-first session replay and analytics that surfaces the UX and technical issues impacting user experiences. Start understanding where your users are struggling by trying it for free at LogRocket.com. Try LogRocket for free today. Chapters 01:00 – What is TanStack? Contributors, projects, and mission 02:05 – React Query vs React Table: TanStack's origins 03:10 – TanStack principles: headless, cross-platform, type safety 03:45 – TanStack Virtual and large list performance 05:00 – Forms, abandoned libraries, and lessons learned 06:00 – Why TanStack avoids building auth 07:30 – Auth complexity, SSO, and enterprise realities 08:45 – Partnerships with WorkOS, Clerk, Netlify, and Cloudflare 09:30 – Introducing TanStack Start 10:20 – Client-first architecture and React Router DNA 11:00 – Pages Router nostalgia and migration paths 12:00 – Loaders, data-only routes, and seamless navigation 13:20 – Why data-only mode is a hidden superpower 14:00 – Built-in SWR-style caching and perceived speed 15:20 – Loader footguns and server function boundaries 16:40 – Isomorphic execution model explained 18:00 – Gradual adoption: router → file routing → Start 19:10 – Learning from Remix, Next.js, and past frameworks 20:30 – Full-stack React before modern meta-frameworks 22:00 – Server functions, HTTP methods, and caching 23:30 – Simpler mental models vs server components 25:00 – Donut holes, cognitive load, and developer experience 26:30 – Staying pragmatic and close to real users 28:00 – When not to use TanStack (Shopify, WordPress, etc.) 29:30 – Marketing sites, CMS pain, and team evolution 31:30 – Scaling realities and backend tradeoffs 33:00 – Static vs dynamic apps and framework fit 35:00 – Astro + TanStack Start hybrid architectures 36:20 – Composability with Hono, tRPC, and Nitro 37:20 – Why TanStack Start is a request handler, not a platform 38:50 – TanStack AI announcement and roadmap 40:00 – TanStack DB explained 41:30 – Start 1.0 status and real-world adoption 42:40 – Devtools, Pacer, and upcoming libraries 43:50 – Sustainability, sponsorships, and supporting maintainers 45:30 – How companies and individuals can support TanStackSpecial Guests: Jack Herrington and Tanner Linsley.

SUMMARY: Morgan Foster talks about the Kagenti project, which enables an AI Agent agnostic framework for security, authentication, identity and zero-trust.SHOW: 1011SHOW TRANSCRIPT: The Reasoning Show #1011 TranscriptSHOW VIDEO: https://youtu.be/djFZruLEDiwSHOW NOTES:Kagenti (homepage)Kagenti (use-cases)“Old Things that look like Agents”“What makes Agents different?”CNV - What Makes Agents Different?“Handing your phone to a stranger, why Agents need their own identity”Topic 1 - Welcome to the show. Tell us a little bit about your background and areas you focus on today. Topic 2 - Tell us a bit about the Kagenti project and the types of challenges it's trying to solve for Agentic AI deployments. Topic 3 - How much commonality exists between different Agentic frameworks that a common, agnostic agentic orchestration approach can work? And how much difference still exists and would drive companies to silo'd deployments? Topic 4 - How far should an Agentic Orchestration framework go, and what types of things do you expect will still be Agentic framework dependent? Is Kagenti more of a control-plane element, or more of a data-plane element? Topic 5 - As Kagenti evolves, what are some of the adjacent things that people should be keeping an eye on that might be a dependency, or could shift the direction of the project?FEEDBACK?Email: show @ reasoning dot showBluesky: @reasoningshow.bsky.socialTwitter/X: @ReasoningShowInstagram: @reasoningshowTikTok: @reasoningshow

Generative AI is making identity fraud and social engineering easier, cheaper  and more scalable — especially through deepfakes, synthetic identities and other emerging AI-agent risks — so traditional ID verification is increasingly unreliable. Discussing these challenges for banks on this episode of the ABA Fraudcast with Paul Benda of the American Bankers Association are Jeremy Grant of the Better Identity Coalition and John Carlson, senior vice president for cybersecurity regulation and resilience at the American Bankers Association.  Two recent papers are referenced in this episode: Mitigating AI-Powered Attacks Against Identity and Authentication, intended for financial institutions, cybersecurity and fraud professionals, AI service providers, telecommunications companies and policymakers at regulatory agencies and in legislative bodies who are responsible for safeguarding identity systems and mitigating the risks posed by Gen AI; and Recommendations for Policymakers: Mitigating AI-Powered Attacks Against Identity and Authentication, both authored by Financial Services Sector Coordinating Council's Artificial Intelligence and Identity and Authentication Workstream (AI-IA), which was co-chaired by the American Bankers Association and Better Identity Coalition. For ABA's fraud prevention resources go to aba.com/protectyourmoney. ABA's scam prevention campaigns #BanksNeverAskThat and #PracticeSafeChecks are newly updated as well. The ABA Foundation's Protecting Older Americans page includes useful resources to assist the fight against elder financial exploitation and additional increasing threats.  ABA Fraudcast host is Paul Benda, EVP, risk, fraud and cybersecurity at American Bankers Association.

Send a textHow do we protect ourselves in a digital world where attackers face almost no real consequences?In this episode of Joey Pinz Discipline Conversations, Joey Pinz sits down with cybersecurity founder and inventor Mike Siers for a thought-provoking conversation that challenges everything we assume about online security, identity, and trust.Mike's journey begins in the Florida National Guard and a deployment to Afghanistan, where life-altering experiences shaped how he sees service, responsibility, and problem-solving. That same mindset later led him into healthcare innovation—and eventually into cybersecurity—after realizing that the internet lacks one critical element found in the physical world: real risk for bad actors.Inspired by military strategy and an MIT thesis on cyber power projection, Mike explains a radical idea: what if unauthorized access attempts cost money? Instead of defenders absorbing endless attacks, attackers would inherit the risk before they even try.This conversation explores how empathy fuels innovation, why most cybersecurity models are reactive by design, and how shifting incentives could dramatically change online behavior. It's a powerful look at leadership, responsibility, and building solutions not just for today—but for the next generation. ⭐ Top 3 Highlights

We're preparing a new update for the Semaphore MCP server that will make it easier for developers to connect AI agents and developer tools.The focus of this update is authentication.Today, connecting an agent to the MCP server typically requires using a long-lived API token. While this works well, it also means developers need to generate credentials, store them in configuration files, and manage them manually.In our next release, coming next week, we're introducing OAuth authentication support for the MCP server.This will make connecting agents and developer tools significantly simpler.Instead of generating and storing API tokens, developers will be able to authenticate through a familiar OAuth flow. When configuring an agent, a browser window opens, you log in, and approve access to the MCP server. Once approved, the connection is established automatically.This approach removes the need to manage long-lived credentials and makes integrations easier to set up.It also improves compatibility with modern agentic development tools. Some tools have limitations when working with static API tokens, and OAuth removes those barriers.Read more on our blog.Pete MiloravacThe Semaphore Teamhttps://semaphore.io This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit semaphoreio.substack.com

What's on your mind? Let CX Passport know...Gloria Gupta leads CX transformation at the American Medical Association.Not a small lift. Not a short-term initiative.A 200-year-old institution.450 million in revenue.Physicians as customers.Patients as the ultimate impact.In this episode, Gloria shares what it really takes to unify service, build enterprise CX, and make customer experience a measurable attribute of brand and culture.5 Key Insights• The AMA's primary customer is the physician … but the physician's customer is the patient• CX transformation began by unifying service into one omnichannel team serving 98% of AMA service interactions• More than 900 improvements have been implemented across the enterprise, many of them significant• 400 employees are directly involved in CX … one in four across the organization• The shared mission: identify and remove customer frictionCHAPTERS00:00 Intro and Rick's personal AMA connection02:00 Who is the AMA customer?04:00 Why CX matters at a 200-year-old institution08:00 Healthcare evolution … EHRs, COVID, telehealth, and AI13:30 Unifying service across the enterprise17:00 Authentication friction and enterprise CX launch20:00 Building trust through measurable wins22:30 First Class Lounge26:50 900 improvements and aftercare strategy30:30 AI, policy, and the future of healthcare CX33:00 Real data, real outcomes, real collaborationConnect with GloriaLinkedIn: https://www.linkedin.com/in/gloria-gupta-rdh-ms-fcxp-4760939/Listen: https://www.cxpassport.comWatch: https://www.youtube.com/@cxpassportNewsletter: https://cxpassport.kit.com/signupI'm Rick Denton and I believe the best meals are served outside and require a passport.Disclaimer: This podcast is for informational and entertainment purposes only. The views and opinions expressed are those of the hosts and guests and should not be taken as legal, financial, or professional advice. Always consult with a qualified attorney, financial advisor, or other professional regarding your specific situation. The opinions expressed by guests are solely theirs and do not necessarily represent the views or positions of the host(s).

Cisco SD-WAN Bug Actively Exploited, MCP Azure Takeover Demo, CarGurus Data Leak, and Secret Service Scam Recovery Host Jim Love covers four cybersecurity stories: CSA warns a critical Cisco Catalyst SD-WAN controller vulnerability (CVE-2026-20127) has been exploited since 2023, enabling authentication bypass and rogue peering sessions, and orders U.S. federal agencies to inventory systems, collect logs and forensic artifacts, hunt for compromise, and apply Cisco's fixes by 5:00 PM ET on February 27, 2026, with no workarounds. At RSA, researchers show how flaws in Model Context Protocol (MCP)—a key integration layer for agentic AI—could lead to remote code execution and even Azure tenant takeover, highlighting rising enterprise risk. ShinyHunters reportedly published 12.4 million stolen CarGurus records, raising phishing and fraud concerns tied to vehicle shopping and financing context. Finally, an Ontario tech support scam victim recovers funds through coordinated work by Ontario Provincial Police and the U.S. Secret Service, which traced and froze the money in time. Cybersecurity Today  would like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking stack, wired, wireless and cellular in one integrated solution that's built for performance and scale.  You can find them at Meter.com/cst LINKS Cisco Advisory Cisco Security Advisory – CVE-2026-20127 Authentication bypass vulnerability in Cisco Catalyst SD-WAN https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-rpa-EHchtZk CISA Supplemental Hunt and Hardening Guidance (Cisco SD-WAN Systems) https://www.cisa.gov/news-events/directives/supplemental-direction-ed-26-03-hunt-and-hardening-guidance-cisco-sd-wan-systems Threat Hunt Guide (Technical PDF) Cisco SD-WAN Threat Hunt Guide (jointly referenced in federal guidance) https://media.defense.gov/2026/Feb/25/2003880299/-1/-1/0/CISCO_SD-WAN_THREAT_HUNT_GUIDE.PDF 00:00 Sponsor Message 00:19 Cisco SD-WAN Under Attack 02:48 MCP Azure Takeover Demo 05:28 CarGurus Data Dump 07:16 Secret Service Scam Recovery 09:24 Closing Sponsor Thanks

One of the key highlights of the Defense Department's recent memo on multi-factor authentication for unclassified and secret networks is the clarification that DoD Public Key Infrastructure — not the common access card itself — is the department's primary authenticator. Previous policies would often go back and forth between describing the CAC or PKI as DoD's primary credential, creating confusion. Plus, the memo finally introduces passwordless authentication methods designed to give service members faster, more flexible access to systems. For more, Federal News Network's Anastasia Obis spoke with Alex Antrim and Adam Oliver, senior solutions engineers at Yubico..See Privacy Policy at https://art19.com/privacy and California Privacy Notice at https://art19.com/privacy#do-not-sell-my-info.

The bois discuss Face/Off, Sovereign, Grease, Dogman, and more!Join our Patreon for bonus episodes, supplements, Discord access, and more: https://www.patreon.com/therearetoomanymoviesMerch: https://www.toomanymovies.com/shopInstagram:https://www.instagram.com/therearetoomanymovies/TikTok:https://www.tiktok.com/@therearetoomanymoviesListen on Spotify:https://open.spotify.com/show/7lwOlPvIGdlmr6XjnLIAkG?si=4e3d882515824466Subscribe on iTunes:https://podcasts.apple.com/us/podcast/there-are-too-many-movies/id1455789421Twitch:https://www.twitch.tv/therearetoomanymoviesTwitter:http://www.twitter.com/tatmmpod00:00:00 Cold Open00:00:34 Intro00:05:53 3:10 To Yuma00:08:01 Sovereign00:11:00 The Big Hit00:14:07 The Alamo00:22:03 Grease00:24:03 How To Marry A Millionaire00:25:16 The Aristocats00:27:06 Schitt's Creek00:29:26 In My Skin00:31:40 Dogman00:34:12 Portrait Of A Lady On Fire00:35:21 Strange Harvest00:37:43 Face/Off01:08:57 Is It Cinema?01:11:07 DMT (Dumb Movie Title)01:12:28 Guess The Budget01:13:44 Actor Game01:16:18 Outro

Forget the built-in Windows tools—Paul shares why third-party password managers are the secret to making passkeys smarter, more powerful, and truly universal across all your devices. Host: Paul Thurrott Download or subscribe to Hands-On Windows at https://twit.tv/shows/hands-on-windows Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free audio and video feeds, a members-only Discord, and exclusive content. Join today: https://twit.tv/clubtwit Club TWiT members can discuss this episode and leave feedback in the Club TWiT Discord. Sponsor: canary.tools/twit - use code: TWIT

Forget the built-in Windows tools—Paul shares why third-party password managers are the secret to making passkeys smarter, more powerful, and truly universal across all your devices. Host: Paul Thurrott Download or subscribe to Hands-On Windows at https://twit.tv/shows/hands-on-windows Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free audio and video feeds, a members-only Discord, and exclusive content. Join today: https://twit.tv/clubtwit Club TWiT members can discuss this episode and leave feedback in the Club TWiT Discord. Sponsor: canary.tools/twit - use code: TWIT

When it comes to agents and MCPs, the interesting security discussion isn't that they need strong authentication and authorization, but what that authn/z story should look like, where does it get implemented, and who implements it. Dan Moore shares the useful parallels in securing APIs that should be brought into the world of MCPs -- especially because so many are still interacting with APIs. Resources https://stackoverflow.blog/2026/01/21/is-that-allowed-authentication-and-authorization-in-model-context-protocol/ https://fusionauth.io/articles/identity-basics/authorization-models Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw-369

When it comes to agents and MCPs, the interesting security discussion isn't that they need strong authentication and authorization, but what that authn/z story should look like, where does it get implemented, and who implements it. Dan Moore shares the useful parallels in securing APIs that should be brought into the world of MCPs -- especially because so many are still interacting with APIs. Resources https://stackoverflow.blog/2026/01/21/is-that-allowed-authentication-and-authorization-in-model-context-protocol/ https://fusionauth.io/articles/identity-basics/authorization-models Show Notes: https://securityweekly.com/asw-369

When it comes to agents and MCPs, the interesting security discussion isn't that they need strong authentication and authorization, but what that authn/z story should look like, where does it get implemented, and who implements it. Dan Moore shares the useful parallels in securing APIs that should be brought into the world of MCPs -- especially because so many are still interacting with APIs. Resources https://stackoverflow.blog/2026/01/21/is-that-allowed-authentication-and-authorization-in-model-context-protocol/ https://fusionauth.io/articles/identity-basics/authorization-models Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw-369

When it comes to agents and MCPs, the interesting security discussion isn't that they need strong authentication and authorization, but what that authn/z story should look like, where does it get implemented, and who implements it. Dan Moore shares the useful parallels in securing APIs that should be brought into the world of MCPs -- especially because so many are still interacting with APIs. Resources https://stackoverflow.blog/2026/01/21/is-that-allowed-authentication-and-authorization-in-model-context-protocol/ https://fusionauth.io/articles/identity-basics/authorization-models Show Notes: https://securityweekly.com/asw-369

Authorization is changing, moving from static roles and provisioning to dynamic, real-time, policy-based decisions. But without standardization, modern authorization quickly becomes fragmented and unmanageable. In this episode of the Analyst Chat, Matthias Reinwarth is joined by David Brossard, contributor and co-chair of the OpenID AuthZEN Working Group, and Phillip Messerschmidt, Lead Advisor at KuppingerCole, to discuss how authorization is evolving — and why AuthZEN is a critical missing standard. You’ll learn:✅ Why RBAC is still relevant, but no longer sufficient on its own✅ How ABAC and PBAC address scalability, context, and dynamic access✅ Why role explosion and authorization silos limit visibility and governance✅ How runtime, continuous authorization supports Zero Trust architectures✅ What AuthZEN standardizes — and what it deliberately does not✅ How externalized authorization improves auditability and compliance✅ Why CISOs and architects should start asking vendors for AuthZEN support✅ How AuthZEN fits into the Identity Fabric and Road to EIC vision Authentication has been standardized for years — authorization is finally catching up. Watch now to understand how AuthZEN enables scalable, future-proof authorization for modern applications, APIs, and identity fabrics.

Send us a textA surprising number of security leaders admit they're flying blind on hardware and firmware. We start by exposing how shared BIOS passwords, slow maintenance cycles, and careless e‑waste practices create avoidable risk, then lay out the fixes: privileged vaulting, disciplined asset disposition, and practical ways to repurpose gear without leaking data. That real-world foundation sets the stage for a focused tour through CISSP Domain 5—Identity and Access Management—built for practitioners who want clarity over jargon.We break down least privilege in plain terms and show how to reduce the initial friction with cleanly defined roles and entitlement catalogs. From there, we compare RBAC and ABAC: when baseline roles are enough, and when context-aware attributes like device, location, and data sensitivity should drive policy. Authentication gets the same treatment. Multi-factor authentication, biometrics, and phishing-resistant methods raise the bar, while single sign-on and identity federation streamline access across cloud apps using standards like OAuth, OpenID Connect, and SAML. In modern cloud environments, token-based models win for scalability and security, and we explain why.Governance ties it all together. We walk through identity proofing for solid onboarding, separation of duties to curb fraud, and IGA workflows that make approvals, recertifications, and audits far less painful. Regular access reviews emerge as the unsung hero that prevents privilege creep before it becomes an incident. If you're prepping for the CISSP—or just tightening your IAM program—this episode gives you the why behind the what, with steps you can apply today.Enjoyed the conversation and want more deep dives? Subscribe, share with a teammate who needs a quick IAM refresher, and leave a review to help others find the show.Gain exclusive access to 360 FREE CISSP Practice Questions at FreeCISSPQuestions.com and have them delivered directly to your inbox! Don't miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

The U.S. government wants the rest of the world to adopt its artificial intelligence cybersecurity standards, a top official with the Office of the National Cyber Director said Thursday. As part of an effort to advance American AI, the administration will be “undertaking diplomacy efforts to promote American AI cybersecurity standards and norms, establishing industry best practices for secure AI deployment and harnessing the full potential of AI tools,” said Alexandra Seymour, principal deputy assistant national cyber director for policy. Seymour's comments at the 2026 Identity, Authentication, and the Road Ahead Policy Forum in Washington, D.C. partially reflect the Trump administration's AI Action Plan released last summer, which said the departments of Commerce and State would “vigorously advocate for international AI governance approaches that promote innovation, reflect American values, and counter authoritarian influence,” but doesn't explicitly mention international promotion of cybersecurity standards. Some of that effort has already materialized, with internationally oriented guides released in both May and December. The United States also isn't the only one looking to influence international standards for AI security. AI also figures into the yet-to-be-released national cybersecurity strategy that Seymour's office has been developing. And it dovetails with a pillar of the strategy focused on defending federal networks. Seymour said: “While AI is already helping industries enhance security and address the challenge of escalating cyberattacks, this administration will promote the rapid implementation of AI-enabled cyber defensive tools to detect, divert and deceive threat actors who continue targeting our vital systems and sectors on our federal systems. We must get our house in order. They need rapid modernization, and we're working on policies to harden our networks, update our technologies and ensure we're prepared for a post-quantum future.”

Welcome to the Fraudian Slip, the Identity Theft Resource Center's (ITRC's) podcast, where we talk about all things identity theft, fraud and scams that impact people and businesses. Last week, we published our 2025 Annual Data Breach Report by ITRC. ITRC President James E. Lee presented the findings at the Identity, Authentication and the Road Ahead Identity Policy Forum, hosted by the Better Identity Coalition, the FIDO Alliance and the ITRC. The 2025 Annual Data Breach Report by ITRC looks at the number of data compromises, the root cause of the compromises, the types of data compromised, trends, solutions and much more.   Follow on LinkedIn: www.linkedin.com/company/idtheftcenter/ Follow on Twitter: twitter.com/IDTheftCenter

Quantum computing isn’t just a future threat to encryption, it’s a direct risk to identity and authentication. In this week's episode, Matthias is joined by Jonathan Care to explore why identity is the quantum bullseye and what organizations must do now to prepare for a post-quantum world. You’ll learn: ✅ Why authentication protocols depend entirely on cryptography✅ How “harvest now, decrypt later” (HNDL) already puts identity data at risk✅ Why identity, not data encryption, is the weakest point in a quantum future✅ What post-quantum cryptography standards (FIPS 203, 204, 205) change — and what they don’t✅ How Passkeys and FIDO2 are quietly becoming post-quantum ready✅ Why PKI, certificates, federation, and non-human identities face massive scale challenges✅ What crypto agility really means for IAM and Zero Trust✅ A practical 4-phase roadmap for CISOs to start preparing today The biggest risk isn’t a future quantum computer — it’s the long-lived certificates and identity data issued today.

Bonus "In which:" In which Two Factor Authentication would be a great title for this episode if any of us said that phraseArticlesThe Accounts of JingkangDragostea din tei Martha's Vineyard Sign LanguageJabberwock (magazine)Follow us on the social medias! - The show: https://bsky.app/profile/podofwonder.bsky.social - Danny: https://bsky.app/profile/dannyplaysrpgs.bsky.social & http://dannymakesrpgs.itch.io - Morgan: http://instagram.com/morganthefae & https://bsky.app/profile/m0rgan.bsky.social - Matt: https://bsky.app/profile/mattprovance.bsky.social

God transforms us from insecurity and false identity into people divinely authenticated by Him, just as Jacob became Israel. 하나님께서는 야곱이 이스라엘로 변화된 것처럼, 우리의 불안과 거짓된 정체성을 거두시고 하나님께서 친히 확증하신 존재로 변화시키십니다.

Building on the web is like working with the perfect clay. It's malleable and can become almost anything. But too often, frameworks try to hide the web's best parts away from us. Today, we're looking at PyView, a project that brings the real-time power of Phoenix LiveView directly into the Python world. I'm joined by Larry Ogrodnek to dive into PyView. Episode sponsors Talk Python Courses Python in Production Links from the show Guest Larry Ogrodnek: hachyderm.io pyview.rocks: pyview.rocks Phoenix LiveView: github.com this section: pyview.rocks Core Concepts: pyview.rocks Socket and Context: pyview.rocks Event Handling: pyview.rocks LiveComponents: pyview.rocks Routing: pyview.rocks Templating: pyview.rocks HTML Templates: pyview.rocks T-String Templates: pyview.rocks File Uploads: pyview.rocks Streams: pyview.rocks Sessions & Authentication: pyview.rocks Single-File Apps: pyview.rocks starlette: starlette.dev wsproto: github.com apscheduler: github.com t-dom project: github.com Watch this episode on YouTube: youtube.com Episode #535 deep-dive: talkpython.fm/535 Episode transcripts: talkpython.fm Theme Song: Developer Rap

Rob Hughes — CISO at RSA and Champion of a Passwordless FutureNo Password Required Season 7:  Episode 1 - Rob HughesRob Hughes, the CISO at RSA, has more than 25 years of experience leading security and cloud infrastructure teams. In this episode, he reflects on his unconventional career path, from co-founding the original Geek.com and serving as its Chief Technologist during the early days of the internet, to leading security and systems design at Philips Home Monitoring.Jack Clabby of Carlton Fields, P.A. and Kayley Melton welcome Rob for a wide-ranging conversation on identity, leadership, and the realities of modern cybersecurity. Rob currently leads RSA's Security and Risk Office, overseeing cybersecurity, information security governance, and risk across both RSA's products and corporate environment.Rob explains his dream for a passwordless future. He unpacks why passwords remain one of the largest sources of cyber risk, how real-world incidents and password-spraying attacks have accelerated change, and why phishing-resistant technologies like passkeys may finally be reaching a tipping point.  The episode wraps with the Lifestyle Polygraph, where Rob lightens the conversation with stories about gaming with his kids, underrated horror films, and classic cars.Follow Rob on LinkedIn: https://www.linkedin.com/in/robert-hughes-816067a4/Chapters: 00:00 Introduction to No Password Required01:43 Meet Rob Hughes, CISO at RSA02:05 The Role of a CISO in a Security Company05:09 Transitioning to the CISO Role08:00 The Early Days of Geek.com12:14 Launching a Startup During the Dot Com Boom14:30 The Push for a Passwordless Future18:21 Tipping Point for Passwordless Adoption20:20 Ongoing Learning in Cybersecurity26:09 Managing Stress in High-Pressure Environments33:46 The Lifestyle Polygraph Begins34:15 Career Insights in Cybersecurity36:08 Dream Cars and Personal Preferences39:58 Underrated Horror Films41:19 Creating a Cybersecurity Monster

professorjrod@gmail.comWhat if the scariest hacks of 2025 never looked like hacks at all? We break down five real-world scenarios where attackers didn't smash locks—they used the keys we handed them. From an AI-cloned voice that sailed through a wire transfer to a building's HVAC console that quietly held elevators and doors hostage, the common thread is hard to ignore: trust. Trusted voices, trusted vendors, trusted “boring” systems, trusted sessions, and trusted APIs became the most valuable attack surface of the year.We start with a “boring” phone call that proves how caller ID and confidence can defeat policy when culture doesn't empower people to challenge authority. Then we step into the mechanical room: cloud dashboards for HVAC and badge readers, vendor-shared credentials, and thin network segmentation made physical denial of service as simple as logging in. The pivot continues somewhere few teams watch—libraries—where an unpatched management system bridged city HR, school portals, and public access with zero alarms, because nothing looked broken.Authentication takes a hit next. MFA worked, yet attackers won by stealing active LMS session tokens from a neglected component and riding valid access for weeks. No failed logins, no brute force—just continuation that our tools rarely question. Finally, we open the mobile app and watch the traffic. Clean, well-formed API calls mapped pricing rules, loyalty balances, and inventory signals at scale. Not a single malformed request, but plenty of business logic abuse that finance noticed before security did.If you care about cybersecurity, IT operations, or the CompTIA mindset, the takeaways are clear: shorten trust windows, verify context continuously, rotate and scope vendor access, segment OT from IT, treat libraries and civic tech as real attack surface, bind tokens to devices, and put rate limits and behavior analytics at the heart of your API strategy. Ready to rethink where your defenses are blind? Listen now, share with your team, and tell us which assumption you'll challenge first. And if this helped, subscribe, leave a review, and pass it on to someone who needs a wake-up call.Support the showArt By Sarah/DesmondMusic by Joakim KarudLittle chacha ProductionsJuan Rodriguez can be reached atTikTok @ProfessorJrodProfessorJRod@gmail.com@Prof_JRodInstagram ProfessorJRod

Matter of Ghanbari, 29 I&N Dec. 376 (BIA 2025)·       bond; mandatory detention; material support to a terrorist organization; propaganda; non-violent conductRamos-Hernandez v. Bondi, No. 25-1038 (1st Cir. Dec. 22, 2025)·       asylum; withholding of removal; Guatemala; particular social group; family-based; business ownership; persecution; isolated eventsCampuzano v. Bondi, No. 24-60575 (5th Cir. Dec. 22, 2025)·       authentication of criminal records; INA § 240(c)(3)(C); crime of child abuse; INA § 237(a)(2)(E)(i); categorical approach; modified categorical approachRuiz v. Bondi, No. 23-1095 (9th Cir. Dec. 22, 2025)·       jurisdiction; extraordinary circumstances; INA § 208(a)(2)(D); one-year filing deadline; 8 U.S.C. § 1252(a)(2)(D); mixed questions; discretion; asylum; withholding of removal; administrative closureKurzban Kurzban Tetzeli and Pratt P.A.Immigration, serious injury, and business lawyers serving clients in Florida, California, and all over the world for over 40 years. Eimmigration "Simplifies immigration casework. Legal professionals use it to advance cases faster, delight clients, and grow their practices."Special Link! Gonzales & Gonzales Immigration BondsP: (833) 409-9200immigrationbond.com  EB-5 Support"EB-5 Support is an ongoing mentorship and resource platform created specifically for immigration attorneys."Contact: info@eb-5support.comWebsite: https://eb-5support.com/Stafi"Remote staffing solutions for businesses of all sizes"Click me!Want to become a patron?Click here to check out our Patreon Page!CONTACT INFORMATION:Email: kgregg@kktplaw.comFacebook: @immigrationreviewInstagram: @immigrationreviewTwitter: @immreviewAbout your hostCase notesRecent criminal-immigration article (p.18)Featured in San Diego VoyagerSupport the show

The Tech talk to have with family over the holidays. We dive into why tracking passwords and setting up two-step authentication safely is a must—especially for seniors and elderly users. Plus we have hunting news of a rare pheasant. Join radio hosts Rebecca Wanner aka ‘BEC' and Jeff ‘Tigger' Erhardt (Tigger & BEC) with the latest in Outdoors & Western Lifestyle News! Rare White Pheasant Harvested in North Dakota According to KFYR TV, a Minot, North Dakota hunter harvested a rare white Pheasant south of the city on December 7, 2025. 37-year-old Eric Henke of Minot first saw the bird a few years ago on his family farm. A couple weeks ago, he and six others, plus four dogs, went out for a pheasant hunt. The group flushed the bird, and it flew into some brush. It was flushed again about 10 yards from Henke. With a pull of the trigger from his Benelli Super Black Eagle II 12 gauge, the bird dropped and ran, thankful to have one of the dogs retrieve it for him. Henke is now having the bird mounted by Dakota Taxidermy in Bismarck, North Dakota. In addition to being a rare white pheasant, it also had magnificent tail feathers that measured to about 22.5 inches long. Congrats Eric Henke! The Importance of Tracking Passwords and Two-Step Authentication for Seniors and Families Why Password Management Is More Important Than Ever In today's digital world, almost every essential service requires a password—banking, medical portals, email, social security accounts, utilities, and even prescription refills. For elderly and older adults, managing multiple passwords can quickly become overwhelming. Forgotten passwords, locked accounts, and inaccessible phones can lead to stress, financial risk, and complete loss of access to critical services. Common Problems Seniors Face: Forgotten passwords or PINs Locked accounts due to failed login attempts Smartphones breaking, updating, or resetting Two-step authentication codes sent to unavailable devices Difficulty remembering complex security rules Without a proper system in place, a simple phone update can become a major crisis. What Is Two-Step Authentication (2FA) — and Why It Can Be Risky Without Backup Two-step authentication (also called 2FA or multi-factor authentication) adds an extra layer of security by requiring: Something you know (password) Something you have (phone, text message, authentication app) While 2FA improves security, it can lock users out permanently if: The phone is lost or broken The phone number changes The device updates or resets The authentication app is deleted This is especially dangerous for seniors who rely on one single smartphone. How to Set Up Two-Step Authentication the Right Way (Senior-Friendly) To avoid lockouts, seniors and families should always set up backup access options. Best Practices: Save backup recovery codes on paper and digitally Add a trusted family member's email or phone number Use authentication apps that allow device recovery Avoid using only SMS codes when possible Tip: Print recovery codes and store them in a safe, labeled folder at home. Final Checklist for Seniors and Caregivers Track all passwords in one secure place Set up 2FA with backup recovery options Share access with trusted family members Store printed recovery information safely Review passwords yearly or after major updates Final Thought - A broken phone or forgotten password should never mean losing access to your life. OUTDOORS FIELD REPORTS & COMMENTS We want to hear from you! If you have any questions, comments, or stories to share about bighorn sheep, outdoor adventures, or wildlife conservation, don't hesitate to reach out. Call or text us at 305-900-BEND (305-900-2363), or send an email to BendRadioShow@gmail.com. Stay connected by following us on social media at Facebook/Instagram @thebendshow or by subscribing to The Bend Show on YouTube. Visit our website at TheBendShow.com for more exciting content and updates! https://thebendshow.com/ https://www.facebook.com/thebendshow WESTERN LIFESTYLE & THE OUTDOORS Jeff ‘Tigger' Erhardt & Rebecca ‘BEC' Wanner are passionate news broadcasters who represent the working ranch world, rodeo, and the Western way of life. They are also staunch advocates for the outdoors and wildlife conservation. As outdoorsmen themselves, Tigger and BEC provide valuable insight and education to hunters, adventurers, ranchers, and anyone interested in agriculture and conservation. With a shared love for the outdoors, Tigger & BEC are committed to bringing high-quality beef and wild game from the field to your table. They understand the importance of sharing meals with family, cooking the fruits of your labor, and making memories in the great outdoors. Through their work, they aim to educate and inspire those who appreciate God's Country and life on the land. United by a common mission, Tigger & BEC offer a glimpse into the life beyond the beaten path and down dirt roads. They're here to share knowledge, answer your questions, and join you in your own success story. Adventure awaits around the bend. With The Outdoors, the Western Heritage, Rural America, and Wildlife Conservation at the forefront, Tigger and BEC live this lifestyle every day. To learn more about Tigger & BEC's journey and their passion for the outdoors, visit TiggerandBEC.com. https://tiggerandbec.com/

Jack Harrington sits down with Tanner Linsley to talk about the evolution of TanStack and where it's headed next. They explore how early projects like React Query and React Table influenced the headless philosophy behind TanStack Router, why virtualized lists matter at scale, and what makes forms in React so challenging. Tanner breaks down TanStack Start and its client-first approach to SSR, routing, and data loading, and shares his perspective on React Server Components, modern authentication tradeoffs, and composable tooling. The episode wraps with a look at TanStack's roadmap and what it takes to sustainably maintain open source at scale. We want to hear from you! How did you find us? Did you see us on Twitter? In a newsletter? Or maybe we were recommended by a friend? Fill out our listener survey (https://t.co/oKVAEXipxu)! https://t.co/oKVAEXipxu Let us know by sending an email to our producer, Elizabeth, at elizabeth.becz@logrocket.com (mailto:elizabeth.becz@logrocket.com), or tweet at us at PodRocketPod (https://twitter.com/PodRocketpod). Check out our newsletter (https://blog.logrocket.com/the-replay-newsletter/)! https://blog.logrocket.com/the-replay-newsletter/ Follow us. Get free stickers. Follow us on Apple Podcasts, fill out this form (https://podrocket.logrocket.com/get-podrocket-stickers), and we'll send you free PodRocket stickers! What does LogRocket do? LogRocket provides AI-first session replay and analytics that surfaces the UX and technical issues impacting user experiences. Start understanding where your users are struggling by trying it for free at LogRocket.com. Try LogRocket for free today. (https://logrocket.com/signup/?pdr) Chapters 01:00 – What is TanStack? Contributors, projects, and mission 02:05 – React Query vs React Table: TanStack's origins 03:10 – TanStack principles: headless, cross-platform, type safety 03:45 – TanStack Virtual and large list performance 05:00 – Forms, abandoned libraries, and lessons learned 06:00 – Why TanStack avoids building auth 07:30 – Auth complexity, SSO, and enterprise realities 08:45 – Partnerships with WorkOS, Clerk, Netlify, and Cloudflare 09:30 – Introducing TanStack Start 10:20 – Client-first architecture and React Router DNA 11:00 – Pages Router nostalgia and migration paths 12:00 – Loaders, data-only routes, and seamless navigation 13:20 – Why data-only mode is a hidden superpower 14:00 – Built-in SWR-style caching and perceived speed 15:20 – Loader footguns and server function boundaries 16:40 – Isomorphic execution model explained 18:00 – Gradual adoption: router → file routing → Start 19:10 – Learning from Remix, Next.js, and past frameworks 20:30 – Full-stack React before modern meta-frameworks 22:00 – Server functions, HTTP methods, and caching 23:30 – Simpler mental models vs server components 25:00 – Donut holes, cognitive load, and developer experience 26:30 – Staying pragmatic and close to real users 28:00 – When not to use TanStack (Shopify, WordPress, etc.) 29:30 – Marketing sites, CMS pain, and team evolution 31:30 – Scaling realities and backend tradeoffs 33:00 – Static vs dynamic apps and framework fit 35:00 – Astro + TanStack Start hybrid architectures 36:20 – Composability with Hono, tRPC, and Nitro 37:20 – Why TanStack Start is a request handler, not a platform 38:50 – TanStack AI announcement and roadmap 40:00 – TanStack DB explained 41:30 – Start 1.0 status and real-world adoption 42:40 – Devtools, Pacer, and upcoming libraries 43:50 – Sustainability, sponsorships, and supporting maintainers 45:30 – How companies and individuals can support TanStack Special Guest: Tanner Linsley.

How is zero-trust security evolving? Michele Leroux Bustamante discusses the challenges CISOs face today in controlling access to infrastructure, authenticating and authorizing users, and managing the ongoing evolution of an organization's dependencies. The conversation digs into the variety of stacks available to address various elements of an organization's security requirements. Michele also talks about the NIST Cybersecurity Framework as a starting point for understanding the security elements your organization needs to focus on and improve—security is a continuum, not a destination!LinksAzure EntraAuth0DuendeKeyCloakNIST Cybersecurity FrameworkOpen Policy AgentPolicy ServerDefender for CloudAzure API ManagementAzure Front DoorRecorded October 29, 2025

In this episode of Security Matters, host David Puner welcomes back David Higgins, senior director in CyberArk's Field Technology Office, for a timely conversation about the evolving cyber threat landscape. Higgins explains why today's attackers aren't breaking in—they're logging in—using stolen credentials, AI-powered social engineering, and deepfakes to bypass traditional defenses and exploit trust.The discussion explores how the rise of AI is eroding critical thinking, making it easier for even seasoned professionals to fall for convincing scams. Higgins and Puner break down the dangers of instant answers, the importance of “never trust, always verify,” and why zero standing privilege is essential for defending against insider threats. They also tackle the risks of shadow AI, the growing challenge of misinformation, and how organizations can build a culture of vigilance without creating a climate of mistrust.Whether you're a security leader, IT professional, or just curious about the future of digital trust, this episode delivers actionable insights on identity security, cyber hygiene, and the basics that matter more than ever in 2026 and beyond.

What Security Congress Reveals About the State of CybersecurityThis discussion focuses on what ISC2 Security Congress represents for practitioners, leaders, and organizations navigating constant technological change. Jon France, Chief Information Security Officer at ISC2, shares how the event brings together thousands of cybersecurity practitioners, certification holders, chapter leaders, and future professionals to exchange ideas on the issues shaping the field today.  Themes That Stand OutAI remains a central point of attention. France notes that organizations are grappling not only with adoption but with the shift in speed it introduces. Sessions highlight how analysts are beginning to work alongside automated systems that sift through massive data sets and surface early indicators of compromise. Rather than replacing entry-level roles, AI changes how they operate and accelerates the decision-making path. Quantum computing receives a growing share of focus as well. Attendees hear about timelines, standards emerging from NIST, and what preparedness looks like as cryptographic models shift.  Identity-based attacks and authorization failures also surface throughout the program. With machine-driven compromises becoming easier to scale, the community explores new defenses, stronger controls, and the practical realities of machine-to-machine trust. Operational technology, zero trust, and machine-speed threats create additional urgency around modernizing security operations centers and rethinking human-to-machine workflows.  A Place for Every Stage of the CareerFrance describes Security Congress as a cross-section of the profession: entry-level newcomers, certification candidates, hands-on practitioners, and CISOs who attend for leadership development. Workshops explore communication, business alignment, and critical thinking skills that help professionals grow beyond technical execution and into more strategic responsibilities.  Looking Ahead to the Next CongressThe next ISC2 Security Congress will be held in October in the Denver/Aurora area. France expects AI and quantum to remain key themes, along with contributions shaped by the call-for-papers process. What keeps the event relevant each year is the mix of education, networking, community stories, and real-world problem-solving that attendees bring with them.The ISC2 Security Congress 2025 is a hybrid event taking place from October 28 to 30, 2025 Coverage provided by ITSPmagazineGUEST:Jon France, Chief Information Security Officer at ISC2 | On LinkedIn: https://www.linkedin.com/in/jonfrance/HOST:Sean Martin, Co-Founder, ITSPmagazine and Studio C60 | Website: https://www.seanmartin.comFollow our ISC2 Security Congress coverage: https://www.itspmagazine.com/cybersecurity-technology-society-events/isc2-security-congress-2025Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageISC2 Security Congress: https://www.isc2.orgNIST Post-Quantum Cryptography Standards: https://csrc.nist.gov/projects/post-quantum-cryptographyISC2 Chapters: https://www.isc2.org/chaptersWant to share an Event Briefing as part of our event coverage? Learn More

This episode is sponsored by Aembit. Visit aembit.io/idac to learn more.Jeff and Jim welcome David Goldschlag, CEO and Co-founder of Aembit, to discuss the rapidly evolving world of non-human access and workload identity. With the rise of AI agents in the enterprise, organizations face a critical challenge: how to secure software-to-software connections without relying on static, shared credentials.David shares his unique background, ranging from working on The Onion Router (Tor) at the Naval Research Lab to the DIVX rental system, and explains how those experiences inform his approach to identity today. The conversation covers the distinction between human and non-human access, the risks of using user credentials for AI agents, and why we must shift from managing secrets to managing access policies.This episode explores real-world use cases for AI agents in financial services and retail, the concept of hybrid versus autonomous agents, and practical advice for identity practitioners looking to get ahead of the agentic AI wave.Visit Aembit: https://aembit.io/idacConnect with David: https://www.linkedin.com/in/davidgoldschlagConnect with us on LinkedIn:Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/Visit the show on the web at idacpodcast.comTimestamps00:00 - Intro00:51 - Pronunciation of Aembit and the extra 'E'01:56 - David's background: From NSA to Enterprise Security04:58 - The meaning behind the name Aembit06:00 - David's history with The Onion Router (Tor)10:00 - Differentiating Non-Human Access from Workforce IAM11:39 - The security risks of AI Agents using human credentials14:15 - Manage Access, Not Secrets16:00 - Use Cases: Financial Analysts and Retail24:00 - Hybrid Agents vs. Autonomous Agents30:38 - Will we have agentic versions of ourselves?36:45 - How Identity Practitioners can handle the AI wave38:33 - Measuring success and ROI for workload identity43:20 - A blast from the past: DIVX and Circuit City52:15 - ClosingKeywordsIDAC, Identity at the Center, Jeff Steadman, Jim McDonald, Aembit, David Goldschlag, Non-human access, Workload Identity, AI Agents, Machine Identity, Cybersecurity, IAM, InfoSec, Tor, DIVX, Zero Trust, Secrets Management, Authentication, Authorization

See more: https://thinkfuture.substack.comConnect with Bojan: https://www.linkedin.com/in/bojansimic---Passwords were supposed to die 20 years ago—so why are we still using them?In this episode of thinkfuture, host Chris Kalaboukis talks with Bojan Simic, co-founder and CEO of HYPR, a cybersecurity company on a mission to finally eliminate passwords for good.Bojan shares how a personal hacking experience early in his career sparked his obsession with fixing identity security. That moment eventually led to the creation of HYPR, a platform that uses biometrics, tokenization, and passwordless authentication to secure users while simplifying the login process.We discuss:- Why the password problem has persisted for decades- How HYPR's technology replaces passwords with biometrics and cryptographic keys- The challenges of mass adoption across enterprises and consumers- How HYPR is expanding into full identity verification—protecting the entire identity lifecycle- Why “passwordless” isn't just about convenience, but trust and security- What the future of authentication might look like in 2035- The role AI could play in identity assurance and fraud detectionBojan's vision is clear: the internet of the future won't rely on secrets—it'll rely on proof.If you're interested in cybersecurity, authentication, biometrics, or the future of digital identity, this episode is a must-listen.

Conflicts between URL mapping and URL based access control. Mapping different URLs to the same script, and relying on URL based authentication at the same time, may lead to dangerous authentication and access control gaps. https://isc.sans.edu/diary/Conflicts%20between%20URL%20mapping%20and%20URL%20based%20access%20control./32518 Sha1-Hulud, The Second Coming A new, destructive variant of the Shai-Hulud worm is currently spreading through NPM/Github repos. https://www.koi.ai/incident/live-updates-sha1-hulud-the-second-coming-hundred-npm-packages-compromised Hacklore: Cleaning up Outdated Security Advice A new website, hacklore.org, has published an open letter from former CISOs and other security leaders aimed at addressing some outdated security advice that is often repeated. https://www.hacklore.org

On this week's episode, Kyle welcomes back Steve (@showley2003) to help wrap up the audio era of the Wax Museum Podcast. They talk mail days, Authentication nightmares, goofy eBay history, and a major Paul George patch pickup — plus what comes next as the show moves to YouTube.

This episode focuses on a security incident that prompts an honest discussion about transparency, preparedness, and the importance of strong processes. Sean Martin speaks with Viktor Petersson, Founder and CEO of Screenly, who shares how his team approaches digital signage security and how a recent alert from their bug bounty program helped validate the strength of their culture and workflows.Screenly provides a secure digital signage platform used by organizations that care deeply about device integrity, uptime, and lifecycle management. Healthcare facilities, financial services, and even NASA rely on these displays, which makes the security posture supporting them a priority. Viktor outlines why security functions best when embedded into culture rather than treated as a compliance checkbox. His team actively invests in continuous testing, including a structured bug bounty program that generates a steady flow of findings.The conversation centers on a real event: a report claiming that more than a thousand user accounts appeared in a public leak repository. Instead of assuming the worst or dismissing the claim, the team mobilized within hours. They validated the dataset, built correlation tooling, analyzed how many records were legitimate, and immediately reset affected accounts. Once they ruled out a breach of their systems, they traced the issue to compromised end user devices associated with previously known credential harvesting incidents.This scenario demonstrates how a strong internal process helps guide the team through verification, containment, and communication. Viktor emphasizes that optional security features only work when customers use them, which is why Screenly is moving to passwordless authentication using magic links. Removing passwords eliminates the attack vector entirely, improving security for customers without adding friction.For listeners, this episode offers a clear look at what rapid response discipline looks like, how bug bounty reports can add meaningful value, and why passwordless authentication is becoming a practical way forward for SaaS platforms. It is a timely reminder that transparency builds trust, and security culture determines how confidently a team can navigate unexpected events.Learn more about Screenly: https://itspm.ag/screenly1oNote: This story contains promotional content. Learn more.GUESTViktor Petersson, Co-founder of Screenly | On LinkedIn: https://www.linkedin.com/in/vpetersson/RESOURCESLearn more and catch more stories from Screenly: https://www.itspmagazine.com/directory/screenlyLinkedIn Post: https://www.linkedin.com/posts/vpetersson_screenly-security-incident-response-how-activity-7393741638918971392-otkkBlog: Security Incident Response: How We Investigated a Data Leak and What We're Doing Next: https://www.screenly.io/blog/2025/11/10/security-incident-response-magic-links/Are you interested in telling your story?▶︎ Full Length Brand Story: https://www.studioc60.com/content-creation#full▶︎ Spotlight Brand Story: https://www.studioc60.com/content-creation#spotlightKeywords: sean martin, marco ciappelli, viktor petersson, security, authentication, bugbounty, signage, incidentresponse, breaches, cybersecurity, brand story, brand marketing, marketing podcast, brand story podcast, brand spotlight Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

In this episode of Builders Wanted, we're joined by Filip Verley, Chief Innovation Officer at Liminal. Filip sheds light on the challenges companies face with increasing fraud due to advances in generative AI and deepfakes, and the importance of balancing security with customer experience. The conversation covers practical strategies for unifying data across teams, leveraging behavioral signals, and investing in converged identity platforms.-------------------Key Takeaways: Digital fraud is rapidly evolving due to generative AI and deepfakes, making it harder for companies to distinguish between real and fake interactions.Unifying data and aligning company goals around trust and security is essential for effective fraud prevention.Balancing customer experience with security requires smart, context-aware friction and continuous monitoring.-------------------“ The best teams or organizations don't think in an either-or, it's the balance. They always are able to balance and they design these systems to adapt to what they need.  It's not just about reducing the fraud, it's making sure that users are protected without slowing them down. Smart friction.” – Filip Verley-------------------Episode Timestamps:‍*(01:52) - How generative AI and deepfakes are making fraud detection harder ‍*(04:07) - Insights from Liminal's Seminal Report‍*(16:19) - Why behavioral intent is a game changer for fraud detection‍*(22:54) - The 4 layers of defense every company needs ‍*(25:52) - Where companies are investing for the biggest impact‍*(35:13) - Quick hits-------------------Links:Connect with Filip on LinkedInRead Liminal's Seminal ReportConnect with Kailey on LinkedInLearn more about Caspian Studios-------------------SponsorBuilders Wanted is brought to you by Twilio – the Customer Engagement Platform that helps builders turn real-time data into meaningful customer experiences. More than 320,000 businesses trust Twilio to transform signals into connections—and connections into revenue. Ready to build what's next? Learn more at twilio.com.  Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Galatians 6:11 Thanks to everyone who supports TMBH at patreon.com/thetmbhpodcast You're the reason we can all do this together! Discuss the episode here Music by Jeff Foote