Podcasts about cves

Russell Kaplan, co-founder of Cognition — the company behind Devin — and previously at Scale AI and Tesla, joins the podcast to discuss what “software abundance” could mean for government. Our conversation covers… Why government software is so broken — Despite spending over $100B annually on IT, critical systems at agencies like the Social Security Administration and U.S. Department of the Treasury still run on decades-old code that few engineers know how to modify. How two-year software projects become three-week ones — why AI agents are particularly good at the painful migration and modernization work engineers tend to avoid. What “software abundance” actually means — AI agents can handle the tedious work of switching systems 24/7, collapsing the switching costs, and forcing software vendors to compete on value rather than locking customers into outdated systems. AI for cybersecurity — From triaging massive vulnerability backlogs to automatically fixing CVEs, AI will be essential for defending critical infrastructure as attackers gain the same tools. The coming “post-coding” world — As models converge in capability, the key bottleneck shifts from writing code to understanding problems, reviewing systems, and deciding what should be built in the first place. Plus, the future of procurement in an AI world, fraud detection in government datasets, the DMV as a software problem, and why Kaplan thinks the real skill of the future is knowing which problems matter. Thanks so much to Cognition for sponsoring this episode. Learn more about your ad choices. Visit megaphone.fm/adchoices

Russell Kaplan, co-founder of Cognition — the company behind Devin — and previously at Scale AI and Tesla, joins the podcast to discuss what “software abundance” could mean for government. Our conversation covers… Why government software is so broken — Despite spending over $100B annually on IT, critical systems at agencies like the Social Security Administration and U.S. Department of the Treasury still run on decades-old code that few engineers know how to modify. How two-year software projects become three-week ones — why AI agents are particularly good at the painful migration and modernization work engineers tend to avoid. What “software abundance” actually means — AI agents can handle the tedious work of switching systems 24/7, collapsing the switching costs, and forcing software vendors to compete on value rather than locking customers into outdated systems. AI for cybersecurity — From triaging massive vulnerability backlogs to automatically fixing CVEs, AI will be essential for defending critical infrastructure as attackers gain the same tools. The coming “post-coding” world — As models converge in capability, the key bottleneck shifts from writing code to understanding problems, reviewing systems, and deciding what should be built in the first place. Plus, the future of procurement in an AI world, fraud detection in government datasets, the DMV as a software problem, and why Kaplan thinks the real skill of the future is knowing which problems matter. Thanks so much to Cognition for sponsoring this episode. Learn more about your ad choices. Visit megaphone.fm/adchoices

Container base images (like Official Docker Hub images) are often updated without new tag versions. I call this Silent Rebuilds. There's no way to know this happens without image digest-checking automation like Dependabot and Renovate with specific settings. Failure to keep up-to-date is a prime source of vulnerabilities that can lead to serious security breaches. Automate the updates!Check out the video podcast version here: https://youtu.be/z_ahbsSc4Fo

In this episode of Resilient Cyber, we will be sat down with Ari Marzuk, the researcher who published "IDEsaster", A Novel Vulnerability Class in AI IDE's.We will be discussing the rise of AI-driven development and modern AI coding assistants, tools and agents, and how Ari discovered 30+ vulnerabilities impacting some of the most widely used AI coding tools and the broader risks around AI coding.Ari's background in offensive security — Ari has spent the past decade in offensive security, including time with Israeli military intelligence, NSO Group, Salesforce, and currently Microsoft, with a focus on AI security for the last two to three years.IDEsaster: a new vulnerability class — Ari's research uncovered 30+ vulnerabilities and 24 CVEs across AI-powered IDEs, revealing not just individual bugs but an entirely new vulnerability class rooted in the shared base IDE layer that tools like Cursor, Copilot, and others are built on."Secure for AI" as a design principle — Ari argues that legacy IDEs were never built with autonomous AI agents in mind, and that the same gap likely exists across CI/CD pipelines, cloud environments, and collaboration tools as organizations race to bolt on AI capabilities.Low barrier to exploitation — The vulnerabilities Ari found don't require nation-state sophistication to exploit; techniques like remote JSON schema exfiltration can be carried out with relatively simple prompt engineering and publicly known attack vectors.Human-in-the-loop is losing its effectiveness — Even with diff preview and approval controls enabled, exfiltration attacks still triggered in Ari's testing, and approval fatigue from hundreds of agent-generated actions is pushing developers toward YOLO mode.Least privilege and the capability vs. security trade-off — The same unrestricted access that makes AI coding agents so productive is what makes them vulnerable, and history suggests organizations will continue to optimize for utility over security without strong guardrails.Top defensive recommendations — Ari emphasized isolation (containers, VMs) as the single most important control, followed by enforcing secure defaults that can't be easily overridden, and applying enterprise-level monitoring and governance to AI agent usage.What's next — Ari is turning his attention to newer AI tools and attack surfaces but isn't naming targets yet. You can follow his work on LinkedIn, X, and his blog at makarita.com.

Cams, Gelbwurst, Chrome, SCCM, CVES, SSHStalker, RAM, TikTok, Josh Marpet, and More on this episode of the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-555

The CISA Known Exploited Vulnerabilities (KEV) catalog is one of the most referenced resources in vulnerability management, but how well do security teams actually understand what it tells them? In this Brand Highlight, Tod Beardsley, Vice President of Security Research at runZero and former CISA section chief who helped manage the KEV on a daily basis, breaks down what the catalog is designed to do and, just as importantly, what it is not.What is the KEV catalog and who is it really for? The KEV is mandated by Binding Operational Directive 22-01 (BOD 22-01), which tasks CISA with identifying vulnerabilities that are known to be exploited and have an available fix. Its primary audience is federal civilian executive branch agencies, but because the catalog is public, organizations everywhere use it as a prioritization signal. Beardsley notes that inclusion on the KEV requires a CVE ID, evidence of active exploitation, a patch or mitigation, and relevance to federal interests, meaning zero-day vulnerabilities and end-of-life systems without CVEs never appear.How should organizations think about KEV entries that are not equally dangerous? Beardsley explains that only about a third of KEV-listed vulnerabilities represent straight-shot remote code execution with no user interaction and no authentication required. The rest span a wide spectrum of severity. EPSS data reveals an inverse bell curve: many KEV entries have extremely low probabilities of exploitation in the next 30 days, while others cluster at the high end with commodity exploits widely available. This means treating every KEV entry as equally critical leads to wasted effort and alert fatigue.That gap between the catalog and real-world decision-making is exactly what KEVology addresses. The research, produced by Beardsley at runZero, enriches KEV data with CVSS metrics, EPSS scores, exploit tooling indicators, and ATT&CK mappings to help security teams filter and prioritize vulnerabilities based on what actually matters to their environment. Rather than prescribing a single priority list, KEVology treats the KEV as data to be analyzed, not doctrine to be followed blindly.To make this analysis accessible and interactive, runZero built KEV Collider, a free, daily-updated web application at runzero.com/kev-collider. The tool lets defenders sort, filter, and layer multiple risk signals across the entire KEV catalog. Because every filter combination is encoded in URL parameters, teams can bookmark and share custom views with colleagues instantly. Beardsley describes KEV Collider as an evergreen companion to the research, updating automatically as new vulnerabilities are added to the catalog each week.This is a Brand Highlight. A Brand Highlight is a ~5 minute introductory conversation designed to put a spotlight on the guest and their company. Learn more: https://www.studioc60.com/creation#highlightGUESTTod Beardsley, Vice President of Security Research at runZeroOn LinkedIn: https://www.linkedin.com/in/todb/RESOURCESLearn more about runZero: https://www.runzero.comKEVology research report: https://www.runzero.com/resources/kevology/KEV Collider: https://www.runzero.com/kev-collider/Are you interested in telling your story?▶︎ Full Length Brand Story: https://www.studioc60.com/content-creation#full▶︎ Brand Spotlight Story: https://www.studioc60.com/content-creation#spotlight▶︎ Brand Highlight Story: https://www.studioc60.com/content-creation#highlightKEYWORDSTod Beardsley, runZero, Sean Martin, brand story, brand marketing, marketing podcast, brand highlight, KEVology, KEV Collider, CISA KEV, vulnerability management, exploit scoring, EPSS, CVSS, vulnerability prioritization, exposure management, BOD 22-01, known exploited vulnerabilities, cybersecurity risk, patch management Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Cams, Gelbwurst, Chrome, SCCM, CVES, SSHStalker, RAM, TikTok, Josh Marpet, and More on this episode of the Security Weekly News. Show Notes: https://securityweekly.com/swn-555

Cams, Gelbwurst, Chrome, SCCM, CVES, SSHStalker, RAM, TikTok, Josh Marpet, and More on this episode of the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-555

Cams, Gelbwurst, Chrome, SCCM, CVES, SSHStalker, RAM, TikTok, Josh Marpet, and More on this episode of the Security Weekly News. Show Notes: https://securityweekly.com/swn-555

The CISA Known Exploited Vulnerabilities (KEV) catalog is one of the most referenced resources in vulnerability management, but how well do security teams actually understand what it tells them? In this Brand Highlight, Tod Beardsley, Vice President of Security Research at runZero and former CISA section chief who helped manage the KEV on a daily basis, breaks down what the catalog is designed to do and, just as importantly, what it is not.What is the KEV catalog and who is it really for? The KEV is mandated by Binding Operational Directive 22-01 (BOD 22-01), which tasks CISA with identifying vulnerabilities that are known to be exploited and have an available fix. Its primary audience is federal civilian executive branch agencies, but because the catalog is public, organizations everywhere use it as a prioritization signal. Beardsley notes that inclusion on the KEV requires a CVE ID, evidence of active exploitation, a patch or mitigation, and relevance to federal interests, meaning zero-day vulnerabilities and end-of-life systems without CVEs never appear.How should organizations think about KEV entries that are not equally dangerous? Beardsley explains that only about a third of KEV-listed vulnerabilities represent straight-shot remote code execution with no user interaction and no authentication required. The rest span a wide spectrum of severity. EPSS data reveals an inverse bell curve: many KEV entries have extremely low probabilities of exploitation in the next 30 days, while others cluster at the high end with commodity exploits widely available. This means treating every KEV entry as equally critical leads to wasted effort and alert fatigue.That gap between the catalog and real-world decision-making is exactly what KEVology addresses. The research, produced by Beardsley at runZero, enriches KEV data with CVSS metrics, EPSS scores, exploit tooling indicators, and ATT&CK mappings to help security teams filter and prioritize vulnerabilities based on what actually matters to their environment. Rather than prescribing a single priority list, KEVology treats the KEV as data to be analyzed, not doctrine to be followed blindly.To make this analysis accessible and interactive, runZero built KEV Collider, a free, daily-updated web application at runzero.com/kev-collider. The tool lets defenders sort, filter, and layer multiple risk signals across the entire KEV catalog. Because every filter combination is encoded in URL parameters, teams can bookmark and share custom views with colleagues instantly. Beardsley describes KEV Collider as an evergreen companion to the research, updating automatically as new vulnerabilities are added to the catalog each week.This is a Brand Highlight. A Brand Highlight is a ~5 minute introductory conversation designed to put a spotlight on the guest and their company. Learn more: https://www.studioc60.com/creation#highlightGUESTTod Beardsley, Vice President of Security Research at runZeroOn LinkedIn: https://www.linkedin.com/in/todb/RESOURCESLearn more about runZero: https://www.runzero.comKEVology research report: https://www.runzero.com/resources/kevology/KEV Collider: https://www.runzero.com/kev-collider/Are you interested in telling your story?▶︎ Full Length Brand Story: https://www.studioc60.com/content-creation#full▶︎ Brand Spotlight Story: https://www.studioc60.com/content-creation#spotlight▶︎ Brand Highlight Story: https://www.studioc60.com/content-creation#highlightKEYWORDSTod Beardsley, runZero, Sean Martin, brand story, brand marketing, marketing podcast, brand highlight, KEVology, KEV Collider, CISA KEV, vulnerability management, exploit scoring, EPSS, CVSS, vulnerability prioritization, exposure management, BOD 22-01, known exploited vulnerabilities, cybersecurity risk, patch management Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Join Ryan Wallner and Bhavin Shah for season 6 of the Kubernetes Bytes podcast. In this episode Bhavin talks to Adrian Mouat, Dev Rel at Chainguard about all things Kubernetes Security. They discuss CVEs, the different vulnerability databases, and how platform engineers can use Chainguard images to protect against CVEs. Links: https://www.chainguard.dev/ https://www.linkedin.com/in/adrianmouat/ https://slsa.dev/

Got a question or comment? Message us here!This week's #SOCBrief covers a dangerous double-hit: a Microsoft Office security bypass and a Fortinet FortiCloud authentication flaw, both exploited in the wild. Andrew walks through what the CVEs mean, how attackers are abusing trusted tools, and the patching and hunting steps SOC teams should take immediately.Support the showWatch full episodes at youtube.com/@aliascybersecurity.Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.

In this episode: Martin creates a automated audio engineer. Jivetalking - Professional podcast audio preprocessing - broadcast-quality results with zero audio engineering knowledge required

This is a partial follow-up to AISLE discovered three new OpenSSL vulnerabilities from October 2025. TL;DR: OpenSSL is among the most scrutinized and audited cryptographic libraries on the planet, underpinning encryption for most of the internet. They just announced 12 new zero-day vulnerabilities (meaning previously unknown to maintainers at time of disclosure). We at AISLE discovered all 12 using our AI system. This is a historically unusual count and the first real-world demonstration of AI-based cybersecurity at this scale. Meanwhile, curl just cancelled its bug bounty program due to a flood of AI-generated spam, even as we reported 5 genuine CVEs to them. AI is simultaneously collapsing the median ("slop") and raising the ceiling (real zero-days in critical infrastructure). Background We at AISLE have been building an automated AI system for deep cybersecurity discovery and remediation, sometimes operating in bug bounties under the pseudonym Giant Anteater. Our goal was to turn what used to be an elite, artisanal hacker craft into a repeatable industrial process. We do this to secure the software infrastructure of human civilization before strong AI systems become ubiquitous. Prosaically, we want to make sure we don't get hacked into oblivion the moment they come online. [...] ---Outline:(01:05) Background(02:56) Fall 2025: Our first OpenSSL results(05:59) January 2026: 12 out of 12 new vulnerabilities(07:28) HIGH severity (1):(08:01) MODERATE severity (1):(08:24) LOW severity (10):(13:10) Broader impact: curl(17:06) The era of AI cybersecurity is here for good(18:40) Future outlook --- First published: January 27th, 2026 Source: https://www.lesswrong.com/posts/7aJwgbMEiKq5egQbd/ai-found-12-of-12-openssl-zero-days-while-curl-cancelled-its --- Narrated by TYPE III AUDIO.

O Decreto nº12.573 oficializa a Estratégia Nacional de Cibersegurança. Entenda os pilares da E-Ciber, seus impactos para serviços essenciais e os desafios que ainda permanecem abertos.Conheça o Quor, um catálogo seguro de imagens de container prontas para produção: https://quor.dev/#Podcast #Getup #Quor #Kubicast #Kubernetes #DevOps #DevSecOps #Containers #CVEs #ZeroCVEO Kubicast é uma produção da Getup, empresa especialista em Kubernetes e projetos open source para Kubernetes. Os episódios do podcast estão nas principais plataformas de áudio digital e no YouTube.com/@getupcloud.

Patch Tuesday fallout, China sidelines Western security vendors, and a critical flaw puts industrial switches at risk of remote takeover. A ransomware attack disrupts a Belgian hospital, crypto scams hit investment clients, and Eurail discloses a data breach. Analysts press Congress to go on offense in cyberspace, and Sean Plankey gets another shot at leading CISA. In our Threat Vector segment, David Moulton sits down with Ian Swanson, AI Security Leader at Palo Alto Networks about supply chain security. And, an AI risk assessment cites a football match that never happened. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. Threat Vector Segment AI security is no longer optional, it's urgent. In this segment of Threat Vector, David Moulton sits down with Ian Swanson, former CEO of Protect AI and now the AI Security Leader at Palo Alto Networks. Ian shares how securing the AI supply chain has become the next frontier in cybersecurity and why every enterprise building or integrating AI needs to treat it like any other software pipeline—rife with dependencies, blind spots, and adversaries ready to exploit them. You can catch the full conversation here and listen to new episodes of Threat Vector every Thursday on your favorite podcast app. Selected Reading Patch Tuesday, January 2026 Edition (Krebs on Security) Adobe Patches Critical Apache Tika Bug in ColdFusion (SecurityWeek) Chrome 144, Firefox 147 Patch High-Severity Vulnerabilities (SecurityWeek) Fortinet Patches Critical Vulnerabilities in FortiFone, FortiSIEM (SecurityWeek) Exclusive: Beijing tells Chinese firms to stop using US and Israeli cybersecurity software, sources say (Reuters) Critical OpenSSH flaw exposes Moxa industrial switches to remote takeover (Beyond Machines) Cyberattack forces Belgian hospital to transfer critical care patients (The Record) Betterment confirms data breach after wave of crypto scam emails (Bleeping Computer) Passports, bank details compromised in Eurail data breach (The Register) Lawmakers Urged to Let US Take on 'Offensive' Cyber Role (Bank InfoSecurity) Sean Plankey re-nominated to lead CISA (CyberScoop) Police chief admits misleading MPs after AI used in justification for banning Maccabi Tel Aviv fans (BBC News) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

In this episode of the HTML All The Things Podcast, Matt and Mike look back at the biggest web development trends of 2025 before making predictions for what's coming in 2026. From the explosion of AI-assisted tooling and supply-chain security incidents to framework fatigue, React Server Component controversies, and Svelte 5's momentum, the landscape is shifting fast. They also discuss why design engineering roles are rising, why exploits and CVEs may accelerate, and how AI will continue to reshape developer workflows in the year ahead. Show Notes: https://www.htmlallthethings.com/podcast/web-development-predictions-for-2026 Powered by CodeRabbit - AI Code Reviews: https://coderabbit.link/htmlallthethings Use our Scrimba affiliate link (https://scrimba.com/?via=htmlallthethings) for a 20% discount!! Full details in show notes.

In this holiday episode, we celebrate reaching over 300 paying subscribers and 1,500 monthly active users. We also discuss recent backend infrastructure optimizations, critical bug fixes, and future plans, including a new pro plan with expanded features like higher private podcast limits and custom audio uploads.Chapters:[00:00] Introduction[00:47] Business updates[04:55] Recent projects: cost optimizations, bug fixes, CVEs[12:36] Future plans[15:59] RecommendationsDownload the Metacast podcast app for free:iOS: https://apps.apple.com/app/metacast/id6462012536Android: https://play.google.com/store/apps/details?id=app.metacast.podcast.player

This Christmas, strap in for three hours of vulnerabilities, patches, and the occasional existential crisis about holiday skeleton crews. This megacut compiles every 2025 episode of Patch [FIX] Tuesday, featuring Automox security engineers Ryan Braunstein, Henry Smith, Seth Hoyt, Mat Lee, and Tom Bowyer breaking down the year's most critical security updates.What's inside:All 12 Patch [FIX] Tuesday episodes from January through December 2025macOS and Apple security updatesZero-days, CVEs, and actively exploited vulnerabilitiesCandid discussions on Hyper-V escapes, SSH hijacking chains, React RCE, and moreWhether you're catching up on a year of patches or need something smarter than carols for a long holiday drive or late-night remediation – this compilation has you covered.

Podcast: Exploited: The Cyber Truth Episode: Smarter Vulnerability Management in OT Systems: Building ResiliencePub date: 2025-11-20Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationAs OT environments face rising geopolitical tensions, ransomware threats, and aging infrastructure, vulnerability management has never been more complex. In this episode of Exploited: The Cyber Truth, host Paul Ducklin is joined by RunSafe Security CEO Joe Saunders and Stuxnet expert Ralph Langner, Founder and CEO of Langner, Inc. Ralph shares from his decades of firsthand experience defending industrial control systems and explains why traditional CVE-focused vulnerability management falls short in OT. He breaks down the three major categories of OT vulnerabilities—design flaws, feature abuse, and configuration errors—and reveals why competent attackers often ignore CVEs entirely. Joe highlights how memory-based vulnerabilities continue to threaten critical systems and why eliminating entire vulnerability classes can create an asymmetric advantage for defenders. Together, Ralph and Joe explore: Why most OT equipment remains insecure by design and why replacement will take decadesHow features, not bugs, often become the real attack vectorThe growing role of ransomware and IT-side weaknesses in OT compromisesPractical steps OT defenders can take today to incrementally improve resilienceThe value of class-level protections, better architectures, and secure development processes Whether you secure energy infrastructure, manufacturing systems, or mixed IT/OT networks, this episode delivers experience-driven guidance for strengthening cyber-physical resilience.The podcast and artwork embedded on this page are from RunSafe Security, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

What happens when a holiday “thankful” theme clashes with cutting-edge technology, bold policies, and some notable missteps? We begin with Dubai's high-profile plan to introduce flying taxis and ask tough questions: can eVTOLs truly reduce travel time after accounting for boarding, airspace management, and vertiport capacity—or will they just be expensive toys hovering above gridlocked cities?Next, we discuss Australia's eye-catching ban on social media for users under 16. We openly address the issues it aims to solve—cyberbullying, grooming, and addictive content—and consider the potential loss of social and educational benefits for teens, along with the challenges of age verification, VPN use, and platform switching.Our guest, cybersecurity expert Nick Espinoza, highlights the CVE database, which quietly supports global vulnerability management. When defenders respond swiftly, it's because CVE provides a shared map. This connects to real-world enforcement—like the arrest of a suspected Russian hacker in Thailand through international cooperation—and the rapidly evolving frontline where AI counters AI. Modern defenses depend on machine learning and deep learning that analyze CVEs, detect indicators of compromise, and respond faster than humans, narrowing the gap from cyberattackers who automate their tactics.We also examine Nike's provocative concept of “e-bikes for your feet,” discussing when robotic assistance improves mobility and recovery—and when it might serve as a shortcut that sacrifices effort for convenience. Additionally, we highlight a notable failure: AI toys that used a loosely constrained model to deliver inappropriate and unsafe content to children before being removed. This underscores that safety measures are essential in consumer AI. We conclude with practical insights: a whiskey worth tasting, worthwhile laptop deals, and advice to delay TV purchases until the Super Bowl.If this blend of skeptical analysis, useful tips, and cybersecurity insights appeals to you, follow the show, share with a friend, and leave a quick review—what story made you nod, and which one made you say “humm”?Support the show

Got a question or comment? Message us here!A new zero-day. 63 flaws. Endless patching chaos. This week's #SOCBrief breaks down Microsoft's November Patch Tuesday and what it means for your SOC. We'll cover the top critical CVEs, patching priorities, and how to keep your systems resilient before attackers strike.Support the showWatch full episodes at youtube.com/@aliascybersecurity.Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.

Valve is going to attempt the Linux trifecta, Firefox is adding more AI and people aren't happy, and the kernel is refining its own AI guidelines. FFmpeg is tired of AI generated CVEs, no matter how good they are! Rust isn't always more secure, your Ubuntu desktop can last for 15 years now, and OpenSUSE Tumbleweed has some surprises. For Tips, we cover Webmin, btrfs-rescue, a function to center-print text in the terminal, and go down the rabbit-hole of detecting dual server PSUs. You can find the show notes at https://bit.ly/4pbm35E and see you next time! Host: Jonathan Bennett Co-Hosts: Jeff Massie, Rob Campbell, and Ken McDonald Download or subscribe to Untitled Linux Show at https://twit.tv/shows/untitled-linux-show Want access to the ad-free video and exclusive features? Become a member of Club TWiT today! https://twit.tv/clubtwit Club TWiT members can discuss this episode and leave feedback in the Club TWiT Discord.

Valve is going to attempt the Linux trifecta, Firefox is adding more AI and people aren't happy, and the kernel is refining its own AI guidelines. FFmpeg is tired of AI generated CVEs, no matter how good they are! Rust isn't always more secure, your Ubuntu desktop can last for 15 years now, and OpenSUSE Tumbleweed has some surprises. For Tips, we cover Webmin, btrfs-rescue, a function to center-print text in the terminal, and go down the rabbit-hole of detecting dual server PSUs. You can find the show notes at https://bit.ly/4pbm35E and see you next time! Host: Jonathan Bennett Co-Hosts: Jeff Massie, Rob Campbell, and Ken McDonald Download or subscribe to Untitled Linux Show at https://twit.tv/shows/untitled-linux-show Want access to the ad-free video and exclusive features? Become a member of Club TWiT today! https://twit.tv/clubtwit Club TWiT members can discuss this episode and leave feedback in the Club TWiT Discord.

AI agents are exploding in power and reach, simultaneously automating code security (OpenAI Aardvark), bypassing paywalls, and triggering corporate warfare (Amazon vs. Perplexity). Yet automated surveillance is failing citizens: a Colorado woman was falsely accused of theft byFlock cameras, only cleared by her Rivian's own footage. Norway disabled internet on 850 Chinese buses after finding hidden remote-shutdown features, while Xi Jinping joked about “backdoors” when gifting Xiaomi phones to South Korea's president—amid live U.S.-China trade tensions.1. AI Agents & Browsers • Atlas (OpenAI) collects every click to train models; users are the product. • Comet (Perplexity) bypasses paywalls, slashing publisher referrals 96%; Amazon calls it fraud for undisclosed AI purchases. • AI browsers remain clunky and vulnerable to prompt-injection attacks.2. Autonomous Cyber Defense • Aardvark (GPT-5) scans repos, validates exploits in sandboxes, and auto-patches; 92% detection, 10+ CVEs found. • Edge & Chrome use on-device AI to block scareware pop-ups—no cloud, no privacy leak. • GitHub Octoverse 2026 Forecast: AI writes >30% of code; TypeScript + Python >50% of new repos; India overtakes U.S. as #1 contributor.3. Geopolitical Tech Risks • Norway: 850 Chinese e-buses lose web access after remote-disable code discovered in diagnostics. • Xi-Lee Summit: Xiaomi phone gift → “Check for backdoors” quip → laughter, but U.S. espionage fears linger.4. Surveillance Backfire • Colorado: Flock ALPR logs Rivian passing → police issue summons without checking timestamps. • Rivian's 360° cameras prove owner never stopped; charges dropped. • Lesson: automated data treated as fact, not evidence, until countered by personal tech.Bottom LineAI is now infrastructure—writing code, reading paywalls, and defending systems—yet it amplifies surveillance errors and geopolitical fault lines. Tools built for control can misidentify citizens or disable cities. The same camera that accuses can exonerate; the same agent that shops can defraud. Human oversight remains the final firewall.

** AWS re:Invent 2025 Dec 1-5, Las Vegas - Register Here! **Trellix's Director of Strategy Zak Krider reveals how they automated tedious security tasks like event parsing and threat detection using Amazon Bedrock's multi-model approach, achieving 100% accuracy while eliminating bottlenecks in their development lifecycle.Topics Include:Trellix merged FireEye and McAfee Enterprise, combining two decades of cybersecurity AI expertiseProcessing thousands of daily security events revealed traditional ML's weakness: overwhelming false positivesTwo years ago, they integrated generative AI to automate threat investigation workflowsAmazon Bedrock's multi-model access enabled rapid testing and "fail fast, learn fast" methodologyBuilt custom cybersecurity testing framework since public benchmarks don't reflect domain-specific needsAgentic AI now autonomously investigates threats across dark web, CVEs, and telemetry dataAWS NOVA builds investigation plans while Claude executes detailed threat research analysisLaunched "Sidekick" internal tool with agents mimicking human developer onboarding processesChose prompt engineering over fine-tuning for flexibility, cost-effectiveness, and faster iterationAutomated security rule generation across multiple languages that typically require unicorn developersAchieved 100% accuracy in automated event parsing, eliminating tedious manual SOC workKey lesson: don't default to one model; test and mix for optimal resultsParticipants:Zak Krider - Director of Strategy & AI, TrellixSee how Amazon Web Services gives you the freedom to migrate, innovate, and scale your software company at https://aws.amazon.com/isv/

CVEs, or Common Vulnerabilities and Exposures, are such a routine aspect of tech that most IT pros probably take them for granted. But like many things we take for granted, the CVE process takes some serious organizational infrastructure to function. On today's Packet Protector, sponsored by Cisco, we talk about the organizations and processes that... Read more »

CVEs, or Common Vulnerabilities and Exposures, are such a routine aspect of tech that most IT pros probably take them for granted. But like many things we take for granted, the CVE process takes some serious organizational infrastructure to function. On today's Packet Protector, sponsored by Cisco, we talk about the organizations and processes that... Read more »

In this episode of The Other Side of the Firewall podcast, Ryan Williams Sr. and Shannon Tynes host a discussion with, Cyber Coffee Hour's, Dr. Joseph Burt-Miller Jr. and Alfredo Nash about the current state of cybersecurity, focusing on the rise of Common Vulnerabilities and Exposures (CVEs), the challenges faced by cyber insurers, and the implications of AI vulnerabilities, particularly with Google's Gemini. The conversation emphasizes the importance of responsible AI usage, data sharing concerns, and the need for proactive measures in cybersecurity. Article: Despite More CVEs, Cyber Insurers Aren't Altering Policies https://www.darkreading.com/cyber-risk/more-cves-cyber-insurers-arent-altering-policies?fbclid=IwZXh0bgNhZW0CMTAAYnJpZBExajN5amZVMWpibElPY2V4eQEec7YqnFZKChC13sYroUwfPniTctt7fmHUuFDWCO8NT5qxZimY92rqX6FBcsw_aem_GG7xSAOwsjq1f7PKHtPJ2w 'Trifecta' of Google Gemini Flaws Turn AI Into Attack Vehicle https://www.darkreading.com/vulnerabilities-threats/trifecta-google-gemini-flaws-ai-attack-vehicle Buy the guide: https://www.theothersideofthefirewall.com/ Please LISTEN

Happy Patch Tuesday! In this October episode, security specialists Ryan Braunstein and Mat Lee break down some of the month's most critical vulnerabilities — and why this batch of CVEs might just be the spookiest yet.The duo dives deep into:A Unity Engine remote code execution flaw that impacts games, VR apps, and even training toolsThe Windows Hello bypass vulnerability that lets attackers inject their own biometric data to access local accountsA Microsoft Exchange Server privilege escalation that could expose entire inboxesWith expert insights, real-world context, and a touch of humor, Ryan and Mat unpack what these vulnerabilities mean for IT and security pros — and what steps you should take right now to stay protected

What is a CVE – and why does it matter to your patching process? Landon Miles breaks down CVEs, CVSS scores, and CNAs – covering how they work together, what to prioritize, and how to respond. Learn how to assess risk, spot active exploits, and streamline remediation with clear, actionable steps.

Dealing with vulns tends to be a discussion about prioritization. After all, there a tons of CVEs and dependencies with known vulns. It's important to figure out how to present developers with useful vuln info that doesn't overwhelm them. Francesco Cipollone shares how to redirect that discussion to focus on remediation and how to incorporate LLMs into this process without losing your focus or losing your budget. In the news, supply chain security in Ruby and Rust, protecting package repositories, refining CodeQL queries for security, refactoring and Rust, an OWASP survey, and more! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw-350

Dealing with vulns tends to be a discussion about prioritization. After all, there a tons of CVEs and dependencies with known vulns. It's important to figure out how to present developers with useful vuln info that doesn't overwhelm them. Francesco Cipollone shares how to redirect that discussion to focus on remediation and how to incorporate LLMs into this process without losing your focus or losing your budget. In the news, supply chain security in Ruby and Rust, protecting package repositories, refining CodeQL queries for security, refactoring and Rust, an OWASP survey, and more! Show Notes: https://securityweekly.com/asw-350

Dealing with vulns tends to be a discussion about prioritization. After all, there a tons of CVEs and dependencies with known vulns. It's important to figure out how to present developers with useful vuln info that doesn't overwhelm them. Francesco Cipollone shares how to redirect that discussion to focus on remediation and how to incorporate LLMs into this process without losing your focus or losing your budget. In the news, supply chain security in Ruby and Rust, protecting package repositories, refining CodeQL queries for security, refactoring and Rust, an OWASP survey, and more! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw-350

Join us for a conversation with Foxboron (Morten Linderud) and Anthraxx (Levente Polyak), members of the Arch Linux security team. We talk about the difficulties of maintaining a Linux distribution, the challenges of handling CVEs, and the dedication of volunteers who keep the open-source community working (and how overworked those volunteers are). We explain what makes Arch a little different, how they approach their security process, and what sort of help they would love to see in the future. The show notes and blog post for this episode can be found at https://opensourcesecurity.io/2025/2025-09-arch-foxboron-anthraxx/

Please use the Contact Form on this blog or our twitter feed to send us your questions, or to suggest future episode topics you would like us to cover.

Topics covered in this episode: * pandas is getting pd.col expressions* * Cline, At-Cost Agentic IDE Tooling* * uv cheatsheet* Ducky Network UI Extras Joke Watch on YouTube About the show Sponsored by us! Support our work through: Our courses at Talk Python Training The Complete pytest Course Patreon Supporters Connect with the hosts Michael: @mkennedy@fosstodon.org / @mkennedy.codes (bsky) Brian: @brianokken@fosstodon.org / @brianokken.bsky.social Show: @pythonbytes@fosstodon.org / @pythonbytes.fm (bsky) Join us on YouTube at pythonbytes.fm/live to be part of the audience. Usually Monday at 10am PT. Older video versions available there too. Finally, if you want an artisanal, hand-crafted digest of every week of the show notes in email form? Add your name and email to our friends of the show list, we'll never share it. Brian #1: pandas is getting pd.col expressions Marco Gorelli Next release of Pandas will have pd.col(), inspired by some of the other frameworks I'm guessing Pandas 2.3.3? or 2.4.0? or 3.0.0? (depending on which version they bump?) “The output of pd.col is called an expression. You can think of it as a delayed column - it only produces a result once it's evaluated inside a dataframe context.” It replaces many contexts where lambda expressions were used Michael #2: Cline, At-Cost Agentic IDE Tooling Free and open-source Probably supports your IDE (if your IDE isn't a terminal) VS Code VS Code Insiders Cursor Windsurf JetBrains IDEs (including PyCharm) You pick plan or act (very important) It shows you the price as the AI works, per request, right in the UI Brian #3: uv cheatsheet Rodgrigo at mathspp.com Nice compact cheat sheet of commands for Creating projects Managing dependencies Lifecycle stuff like build, publish, bumping version uv tool (uvx) commands working with scripts Installing and updating Python versions plus venv, pip, format, help and update Michael #4: Ducky Network UI Ducky is a powerful, open-source, all-in-one desktop application built with Python and PySide6. It is designed to be the perfect companion for network engineers, students, and tech enthusiasts, combining several essential utilities into a single, intuitive graphical interface. Features Multi-Protocol Terminal: Connect via SSH, Telnet, and Serial (COM) in a modern, tabbed interface. SNMP Topology Mapper: Automatically discover your network with a ping and SNMP sweep. See a graphical map of your devices, color-coded by type, and click to view detailed information. Network Diagnostics: A full suite of tools including a Subnet Calculator, Network Monitor (Ping, Traceroute), and a multi-threaded Port Scanner. Security Toolkit: Look up CVEs from the NIST database, check password strength, and calculate file hashes (MD5, SHA1, SHA256, SHA512). Rich-Text Notepad: Keep notes and reminders in a dockable widget with formatting tools and auto-save. Customizable UI: Switch between a sleek dark theme and a clean light theme. Customize terminal colors and fonts to your liking. Extras Brian: Where are the cool kids hosting static sites these days? Moving from Netlify to Cloudflare Pages - Will Vincent from Feb 2024 Traffic is a concern now for even low-ish traffic sites since so many bots are out there Netlify free plan is less than 30 GB/mo allowed (grandfathered plans are 100 GB/mo) GH Pages have a soft limit of 100 GB/mo Cloudflare pages says unlimited Michael: PyCon Brazil needs some help with reduced funding from the PSF Get a ticket to donate for a student to attend (at the button of the buy ticket checkout dialog) I upgraded to macOS Tahoe Loving it so far. Only issue I've seen so far has been with alt-tab for macOS Joke: Hiring in 2025 vs 2021 2021: “Do you have an in-house kombucha sommelier?” “Let's talk about pets, are you donkey-friendly?”, “Oh you think this is a joke?” 2025: “Round 8/7” “Out of 12,000 resumes, the AI picked yours” “Binary tree? Build me a foundational model!” “Healthcare? What, you want to live forever?”

Stay ahead of September 2025 Patch Tuesday. Automox experts Ryan Braunstein, Henry Smith, and Seth Hoyt break down three high-impact items you need to act on now: Hyper-V privilege escalation, XAML/Phone Link elevation paths, and an NTFS remote code execution.You'll get:Clear patch priorities and timing.Likely attack paths and real-world detection tips.Hardening moves: WDAC/AppLocker, least privilege, Phone Link controls, and removing Hyper-V where it's not needed.How to use the Automox console to group at-risk devices, push updates, disable features, and verify compliance.Subscribe, share with your team, and tighten your local attack surface today.

Send us a textIn this no-punches-pulled return from hiatus, Ken and Mike dig deep into the messy middle of vulnerability management, SLA fatigue, and the illusion of compliance. Are we building secure systems or just passing audits? From legacy cruft to exploitable CVEs, this episode unpacks the real-world pressures of SOC 2, the auditor dance, and whether fixing every “critical” is even feasible.Perfect for practitioners trying to balance the checkbox culture with actual risk reduction, this one's got stories, strategies, and spicy takes. Bonus: tips on managing auditors without losing your mind—or your security posture.

A smaller attack surface should lead to a smaller list of CVEs to track, which in turn should lead to a smaller set of vulns that you should care about. But in practice, keeping something like a container image small has a lot of challenges in terms of what should be considered minimal. Neil Carpenter shares advice and anecdotes on what it takes to refine a container image and to change an org's expectations that every CVE needs to be fixed. Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw-344

A smaller attack surface should lead to a smaller list of CVEs to track, which in turn should lead to a smaller set of vulns that you should care about. But in practice, keeping something like a container image small has a lot of challenges in terms of what should be considered minimal. Neil Carpenter shares advice and anecdotes on what it takes to refine a container image and to change an org's expectations that every CVE needs to be fixed. Show Notes: https://securityweekly.com/asw-344

A smaller attack surface should lead to a smaller list of CVEs to track, which in turn should lead to a smaller set of vulns that you should care about. But in practice, keeping something like a container image small has a lot of challenges in terms of what should be considered minimal. Neil Carpenter shares advice and anecdotes on what it takes to refine a container image and to change an org's expectations that every CVE needs to be fixed. Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw-344

Bob Rudis, VP Data Science from GreyNoise, is sharing some insights into their work on "Early Warning Signals: When Attacker Behavior Precedes New Vulnerabilities." New research reveals a striking trend: in 80% of cases, spikes in malicious activity against enterprise edge technologies like VPNs and firewalls occurred weeks before related CVEs were disclosed. The report breaks down this “6-week critical window,” highlighting which vendors show the strongest early-warning patterns and offering tactical steps defenders can take when suspicious spikes emerge. These findings reveal how early attacker activity can be transformed into actionable intelligence, enabling defenders to anticipate and neutralize threats before vulnerabilities are publicly disclosed. Complete our annual ⁠⁠⁠audience survey⁠⁠⁠ before August 31. The research can be found here: Early Warning Signals: When Attacker Behavior Precedes New Vulnerabilities Learn more about your ad choices. Visit megaphone.fm/adchoices

Bob Rudis, VP Data Science from GreyNoise, is sharing some insights into their work on "Early Warning Signals: When Attacker Behavior Precedes New Vulnerabilities." New research reveals a striking trend: in 80% of cases, spikes in malicious activity against enterprise edge technologies like VPNs and firewalls occurred weeks before related CVEs were disclosed. The report breaks down this “6-week critical window,” highlighting which vendors show the strongest early-warning patterns and offering tactical steps defenders can take when suspicious spikes emerge. These findings reveal how early attacker activity can be transformed into actionable intelligence, enabling defenders to anticipate and neutralize threats before vulnerabilities are publicly disclosed. Complete our annual ⁠⁠⁠audience survey⁠⁠⁠ before August 31. The research can be found here: Early Warning Signals: When Attacker Behavior Precedes New Vulnerabilities Learn more about your ad choices. Visit megaphone.fm/adchoices

Three Buddy Problem - Episode 55: A SharePoint zero-day exploit chain from Pwn2Own Berlin becomes a full-blown security crisis with Chinese nation-state actors exploiting vulnerabilities that Microsoft struggled to patch properly, leading to trivial bypasses and a cascade of new CVEs. The timeline is messy, the patches are faulty, and ransomware groups are lining up to join the party. We also revisit the ProPublica bombshell about Microsoft's "digital escorts" and U.S. government data exposure to Chinese adversaries and the company's "oops, we will stop" response. Plus, trusting Google's Big Sleep AI claims and a cautionary tale about AI agents gone rogue that wiped out a production database. Cast: Juan Andres Guerrero-Saade (https://twitter.com/juanandres_gs), Ryan Naraine (https://twitter.com/ryanaraine) and Costin Raiu (https://twitter.com/craiu).

PhoneBoy plays an excerpt from our SharePoint CVEs Deep Dive, 3 Features You Should Start Using, different DNS servers per domain, using dnsmasq prior to R82, interpreting fwaccel stat output, ordered versus inline layers, and a SmartConsole cheat cheat.

This week we're talking security, with a pair of CVEs getting fixed in sudo. Then there's new Raspberry Pi hardware to cover, but you can't run Linux on it. It's still exciting! There's Bash and Perl updates, PipeWire news, and Fedora opting to be a little less radical. For tips we have Pulse for monitoring Proxmox, a slick grep tip for seeing context, and then Contact for reliving the IRG glory years with Meshtastic. You can find the show notes at https://bit.ly/3I725sS and have a great week! Host: Jonathan Bennett Co-Hosts: Ken McDonald and Rob Campbell Download or subscribe to Untitled Linux Show at https://twit.tv/shows/untitled-linux-show Want access to the ad-free video and exclusive features? Become a member of Club TWiT today! https://twit.tv/clubtwit Club TWiT members can discuss this episode and leave feedback in the Club TWiT Discord.

This conversation explores the intersection of cybersecurity and emerging technologies, focusing on innovative hacking techniques, the evolution of vulnerability management, and the critical importance of asset discovery. The discussion also delves into the implications of cyber warfare, the persistent threat of default passwords, and the integration of open source tools in enhancing security measures. The conversation delves into various aspects of cybersecurity, focusing on aircraft tracking, data filtering, the evolution of vulnerability management, and the role of AI in enhancing security measures. The speakers discuss the challenges posed by default credentials and the shared responsibility model in cloud infrastructure. They also explore the limitations of AI in cybersecurity and the potential for future advancements, particularly in localized LLMs. The conversation delves into the intersection of technology, cybersecurity, and privacy, exploring the implications of AI on energy demands, vulnerabilities in telecom infrastructure, the complexities of network maintenance, and the challenges of ransomware negotiations. The discussion also touches on privacy concerns related to data tracking by major tech companies like Meta and Apple, as well as the evolving landscape of legal implications in the face of cyber threats. This segment is sponsored by runZero. Get complete visibility across your total attack surface in literally minutes - no agents, no authentication required. Start a free trial or access the free Community Edition at https://securityweekly.com/runzero. HD Moore joins us to discuss finding all the things and how vulnerability management has changed. In the security news: Hacking from a light bulb Reverse engineering, the easy ways Detecting Jitter FCC probes into Cyber Trust Mark Bluetooth Jamming New Wifi Apple features: What could go wrong? Just turn off the Internet for the entire country Meta's Localhost tracking Hacking printers, for realz this time Are we not patching 2023 CVEs? Cleaning up legacy drivers One of the Best Hackers in the Country is an AI Bot Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw-880

News includes the first CVE released under EEF's new CNA program for an Erlang zip traversal vulnerability, Phoenix MacroComponents being delayed for greater potential, Supabase announcing Multigres - a Vitess-like proxy for scaling Postgres to petabyte scale, a surge of new MCP server implementations for Phoenix and Plug including Phantom, HermesMCP, ExMCP, Vancouver, and Excom, a fun blog post revealing that Erlang was the only language that didn't crash under extreme load testing against 6 other languages, LiveDebugger v0.3.0 being teased with Firefox extension support and enhanced debugging capabilities, and more! Show Notes online - http://podcast.thinkingelixir.com/258 (http://podcast.thinkingelixir.com/258) Elixir Community News https://www.honeybadger.io/ (https://www.honeybadger.io/utm_source=thinkingelixir&utm_medium=podcast) – Honeybadger.io is sponsoring today's show! Keep your apps healthy and your customers happy with Honeybadger! It's free to get started, and setup takes less than five minutes. https://cna.erlef.org/cves/cve-2025-4748.html (https://cna.erlef.org/cves/cve-2025-4748.html?utm_source=thinkingelixir&utm_medium=shownotes) – New CVE for Erlang regarding zip traversal - 4.8 severity (medium) with workaround available or update to latest patched OTP versions First CVE released under the EEF's new CNA (CVE Numbering Authority) program - a successful process milestone https://bsky.app/profile/steffend.me/post/3lrlhd5etkc2p (https://bsky.app/profile/steffend.me/post/3lrlhd5etkc2p?utm_source=thinkingelixir&utm_medium=shownotes) – Phoenix MacroComponents is being delayed in search of greater potential https://github.com/phoenixframework/phoenixliveview/pull/3846 (https://github.com/phoenixframework/phoenix_live_view/pull/3846?utm_source=thinkingelixir&utm_medium=shownotes) – Draft PR for Phoenix MacroComponents development https://x.com/supabase/status/1933627932972376097 (https://x.com/supabase/status/1933627932972376097?utm_source=thinkingelixir&utm_medium=shownotes) – Supabase announcement of Multigres project https://supabase.com/blog/multigres-vitess-for-postgres (https://supabase.com/blog/multigres-vitess-for-postgres?utm_source=thinkingelixir&utm_medium=shownotes) – Multigres - Vitess for Postgres, announcement of a new proxy for scaling Postgres databases to petabyte scale https://github.com/multigres/multigres (https://github.com/multigres/multigres?utm_source=thinkingelixir&utm_medium=shownotes) – Multigres GitHub repository Sugu, co-creator of Vitess, has joined Supabase to build Multigres https://hex.pm/packages/phantom_mcp (https://hex.pm/packages/phantom_mcp?utm_source=thinkingelixir&utm_medium=shownotes) – Phantom MCP server - comprehensive implementation supporting Streamable HTTP with Phoenix/Plug integration https://hex.pm/packages/hermes_mcp (https://hex.pm/packages/hermes_mcp?utm_source=thinkingelixir&utm_medium=shownotes) – HermesMCP - comprehensive MCP server with client, stdio and Plug adapters https://hex.pm/packages/ex_mcp (https://hex.pm/packages/ex_mcp?utm_source=thinkingelixir&utm_medium=shownotes) – ExMCP - comprehensive MCP implementation with client, server, stdio and Plug adapters, uses Horde for distribution https://hex.pm/packages/vancouver (https://hex.pm/packages/vancouver?utm_source=thinkingelixir&utm_medium=shownotes) – Vancouver MCP server - simple implementation supporting only tools https://hex.pm/packages/excom (https://hex.pm/packages/excom?utm_source=thinkingelixir&utm_medium=shownotes) – Excom MCP server - simple implementation supporting only tools https://www.youtube.com/watch?v=4dzZ44-xVds (https://www.youtube.com/watch?v=4dzZ44-xVds?utm_source=thinkingelixir&utm_medium=shownotes) – AshAI video demo showing incredible introspection capabilities for MCP frameworks https://freedium.cfd/https:/medium.com/@codeperfect/we-tested-7-languages-under-extreme-load-and-only-one-didnt-crash-it-wasn-t-what-we-expected-67f84c79dc34 (https://freedium.cfd/https:/medium.com/@codeperfect/we-tested-7-languages-under-extreme-load-and-only-one-didnt-crash-it-wasn-t-what-we-expected-67f84c79dc34?utm_source=thinkingelixir&utm_medium=shownotes) – Blog post comparing 7 languages under extreme load - Erlang was the only one that didn't crash https://github.com/software-mansion/live-debugger (https://github.com/software-mansion/live-debugger?utm_source=thinkingelixir&utm_medium=shownotes) – LiveDebugger v0.3.0 release being teased with new features https://bsky.app/profile/membrane-swmansion.bsky.social/post/3lrb4kpmmw227 (https://bsky.app/profile/membrane-swmansion.bsky.social/post/3lrb4kpmmw227?utm_source=thinkingelixir&utm_medium=shownotes) – Software Mansion preview of LiveDebugger v0.3.0 features including Firefox extension and enhanced debugging capabilities https://smartlogic.io/podcast/elixir-wizards/s14-e03-langchain-llm-integration-elixir/ (https://smartlogic.io/podcast/elixir-wizards/s14-e03-langchain-llm-integration-elixir/?utm_source=thinkingelixir&utm_medium=shownotes) – Elixir Wizards podcast episode featuring discussion with Mark Ericksen on the Elixir LangChain project for LLM integration Do you have some Elixir news to share? Tell us at @ThinkingElixir (https://twitter.com/ThinkingElixir) or email at show@thinkingelixir.com (mailto:show@thinkingelixir.com) Find us online - Message the show - Bluesky (https://bsky.app/profile/thinkingelixir.com) - Message the show - X (https://x.com/ThinkingElixir) - Message the show on Fediverse - @ThinkingElixir@genserver.social (https://genserver.social/ThinkingElixir) - Email the show - show@thinkingelixir.com (mailto:show@thinkingelixir.com) - Mark Ericksen on X - @brainlid (https://x.com/brainlid) - Mark Ericksen on Bluesky - @brainlid.bsky.social (https://bsky.app/profile/brainlid.bsky.social) - Mark Ericksen on Fediverse - @brainlid@genserver.social (https://genserver.social/brainlid) - David Bernheisel on Bluesky - @david.bernheisel.com (https://bsky.app/profile/david.bernheisel.com) - David Bernheisel on Fediverse - @dbern@genserver.social (https://genserver.social/dbern)

The dark web is full of mystery. Some of it's just made up though. Chris Monteiro wanted to see what was real and fake and discovered a hitman for hire site which took him on an unbelievable journey.Chris Monteiro Twitter: x.com/Deku_shrub, Website: https://pirate.london/Carl Miller Twitter: https://x.com/carljackmiller.Kill List podcast: https://wondery.com/shows/kill-list/SponsorsSupport for this show comes from ThreatLocker®. ThreatLocker® is a Zero Trust Endpoint Protection Platform that strengthens your infrastructure from the ground up. With ThreatLocker® Allowlisting and Ringfencing™, you gain a more secure approach to blocking exploits of known and unknown vulnerabilities. ThreatLocker® provides Zero Trust control at the kernel level that enables you to allow everything you need and block everything else, including ransomware! Learn more at www.threatlocker.com.This episode is sponsored by ProjectDiscovery. Tired of false positives and falling behind on new CVEs? Upgrade to Nuclei and ProjectDiscovery, the go-to tools for hackers and pentesters. With 10,000 detection templates, Nuclei helps you scan for exploitable vulnerabilities fast, while ProjectDiscovery lets you map your company's perimeter, detect trending exploits, and triage results in seconds. Get automation, accuracy, and peace of mind. First-time users get one month FREE of ProjectDiscovery Pro with code DARKNET at projectdiscovery.io/darknet.This episode is sponsored by Kinsta. Running an online business comes with enough headaches—your WordPress hosting shouldn't be one of them. Kinsta's managed hosting takes care of speed, security, and reliability so you can focus on what matters. With enterprise-level security, a modern dashboard that's actually intuitive, and 24/7 support from real WordPress experts (not chatbots), Kinsta makes hosting stress-free. Need to move your site? They'll migrate it for free. Plus, get your first month free when you sign up at kinsta.com/DARKNET.