POPULARITY
Categories
This week's Department of Know is hosted by Rich Stroffolino, with guests Arif Hameed, CISO, C&R Software; Adam Palmer, CISO, First Hawaiian Bank; Jon Collins, Field CTO, GigaOm; and Jack Leidecker, EVP, CSO, Gainsight. Huge thanks to our sponsor, ThreatLocker Every security leader is being asked the same question right now: How do we enable innovation without creating unnecessary risk? That's the challenge behind cloud adoption. Behind AI. Behind automation. And behind every major technology decision. ThreatLocker helps organizations take a Zero Trust approach to that challenge—giving them greater control over what can execute, what can access their environment, and what users and applications are allowed to do. That's why ThreatLocker is proud to support Cyber Security Headlines. Because security works best when innovation and control move together.
Police clean ups SocGholish-infected sites tied to Evil Corp Klue OAuth breach linked to Icarus Salesforce data theft attacks Warner warns of CISA cuts, staffing gaps in letter to acting chief Get the show notes here: https://cisoseries.com/cybersecurity-news-police-clean-wordpress-sites-klue-oauth-breach-warners-cisa-warnings/ Huge thanks to our sponsor, ThreatLocker Every security leader is being asked the same question right now: How do we enable innovation without creating unnecessary risk? That's the challenge behind cloud adoption. Behind AI. Behind automation. And behind every major technology decision. ThreatLocker helps organizations take a Zero Trust approach to that challenge—giving them greater control over what can execute, what can access their environment, and what users and applications are allowed to do. That's why ThreatLocker is proud to support Cyber Security Headlines. Because security works best when innovation and control move together.
By Doug Green “Governance is absolutely necessary. It's no longer optional.” In this episode of the Technology Reseller News podcast, Doug Green speaks with Rajesh Kari, Senior Director of Products and Solutions at Versa Networks, about the emerging security challenges created as agentic AI moves into live network and security operations. Kari says Versa Networks is a leader in SASE, offering a unified platform that brings together networking, security and operations across enterprise infrastructure. As AI becomes more embedded in operations, Versa is focused on a new zero trust challenge: controlling not only users and devices, but also the hidden AI-driven sub-actions that can touch production systems. Kari explains that agentic AI is different from traditional AI because it can take action on behalf of users. Rather than simply answering a prompt or returning information, an agent may break a task into sub-queries, call APIs, use credentials, access systems and make changes inside the infrastructure. Those hidden sub-queries can create risk if organizations cannot see, validate and govern what the agent is doing. “People build agents. They know what the objective of the agents are,” Kari says. “But under the hood, what the agent actually deploys, which APIs it accesses, and what kinds of authorization and authentication it leverages can be unknown.” The podcast explores how this creates new exposure for enterprises, MSPs and channel partners. If an AI agent gains access to credentials or production systems, organizations need constant verification, validation and governance around each action. Kari says agentic AI can also hallucinate or generate unnecessary sub-queries, creating additional security and operational risk. Versa is addressing this through Versa Verbo and its Zero Trust MCP architecture. Verbo is designed to help network practitioners gain visibility, management and analytics through natural language interactions. Instead of searching through hundreds of alerts or dashboards, operators can ask questions about outages, performance issues, configuration changes, security incidents and branch health. The Zero Trust MCP architecture extends that capability by applying governance and access control to AI-driven actions. Kari says this enables AI models and agents to query Versa infrastructure securely, while maintaining controls around authentication, authorization, APIs and operational workflows. For MSPs and channel partners, Kari sees an important opportunity. Many organizations want to deploy AI quickly but do not have the internal capability to build governance infrastructure around it. Partners that develop practices around policy architecture, deployment, ongoing governance and human-in-the-loop approval can help customers adopt agentic AI more safely. Kari says AI operations copilots are becoming standard in SASE and network platforms. Network teams, infrastructure managers and executives increasingly want to use natural language to understand the health of their infrastructure instead of relying only on dashboards. But as those tools become more powerful, governance becomes the deciding factor in adoption. “If the agent has gained access into certain files or visuals which has violated any particular compliance standards, it becomes the responsibility of the organization to prove it,” Kari says. For Versa, the message is clear: agentic AI can simplify operations and accelerate decision-making, but it must be governed from the beginning. Zero trust principles need to be built into every AI agent connection. Learn more at www.versa-networks.com
Anthropic tells G7 to cooperate Fortinet VPN leak exposes credentials Crypto Clipper abuses reviews, narrators, and comments Get the show notes here: https://cisoseries.com/cybersecurity-news-anthropic-tells-g7-to-cooperate-fortinet-vpn-leak-exposes-credentials-crypto-clipper-abuses-reviews/ Huge thanks to our sponsor, ThreatLocker Every security leader is being asked the same question right now: How do we enable innovation without creating unnecessary risk? That's the challenge behind cloud adoption. Behind AI. Behind automation. And behind every major technology decision. ThreatLocker helps organizations take a Zero Trust approach to that challenge—giving them greater control over what can execute, what can access their environment, and what users and applications are allowed to do. That's why ThreatLocker is proud to support Cyber Security Headlines. Because security works best when innovation and control move together.
Learn more about your ad choices. Visit megaphone.fm/adchoices
Athena coalition looks to secure open source Estonia to quarantine Russian email domains Malicious package wave hits Arch Linux Get the show notes here: https://cisoseries.com/cybersecurity-news-athena-coalition-estonias-quarantine-arch-hit-with-malware/ Huge thanks to our sponsor, ThreatLocker Every security leader is being asked the same question right now: How do we enable innovation without creating unnecessary risk? That's the challenge behind cloud adoption. Behind AI. Behind automation. And behind every major technology decision. ThreatLocker helps organizations take a Zero Trust approach to that challenge—giving them greater control over what can execute, what can access their environment, and what users and applications are allowed to do. That's why ThreatLocker is proud to support Cyber Security Headlines. Because security works best when innovation and control move together.
For years, cybersecurity leaders have focused on identity as the new perimeter. MFA, Zero Trust, SSO, and identity protection became the center of modern security strategies.But while everyone was focused on identity, attackers never stopped targeting something much older: internet-facing infrastructure.VPNs. Firewalls. Remote access appliances.Recent attacks involving Check Point, Fortinet, Ivanti, SonicWall, and others show that the perimeter never really disappeared.In this episode, Tyler Moffitt discusses why edge devices remain prime ransomware targets, why patch windows matter more than ever, and why vulnerability management remains one of cybersecurity's most important fundamentals.As featured on Million Podcasts' Best 100 Cybersecurity Podcasts Top 50 Chief Information Security Officer CISO Podcasts Top 70 Security Hacking PodcastsThis list is the most comprehensive ranking of Cyber Security Podcasts online and we are honoured to feature amongst the best!Follow or subscribe to the show on your preferred podcast platform.Share the show with others in the cybersecurity world.Get in touch via reimaginingcyber@gmail.com
Cyber leaders defend Anthropic's banned models FBI disrupts massive phishing service 1Password acquires Apono Get the show notes here: https://cisoseries.com/cybersecurity-news-anthropic-models-defended-massive-phishing-service-shuttered-1password-acquires-apono/ Huge thanks to our sponsor, ThreatLocker Every security leader is being asked the same question right now: How do we enable innovation without creating unnecessary risk? That's the challenge behind cloud adoption. Behind AI. Behind automation. And behind every major technology decision. ThreatLocker helps organizations take a Zero Trust approach to that challenge—giving them greater control over what can execute, what can access their environment, and what users and applications are allowed to do. That's why ThreatLocker is proud to support Cyber Security Headlines. Because security works best when innovation and control move together.
Every big nation state has a cyber army: China, Russia, the US, Europe. But what about Iran? Meet Boggy Serpens, a group tied to Iran's civilian intelligence service whose entire business is breaking in and staying in, then handing the keys to whoever strikes next. Their playbook, Operation OLALAMPO, needs just one booby-trapped Word document to plant three separate backdoors on your network.A Telegram-bot command channel that hides inside everyday encrypted chat traffic, a Rust “Ghost” backdoor built to defeat analysis, and a legitimate AnyDesk install quietly turned against you.The layered defense for every stage: email and file controls, behavioral EDR, egress policy, threat intel, and Zero Trust segmentation.The twist: why this operation mostly failed, plus the tells that the malware was partly written with AI.Filmed live at the ON2IT SOC, host Lieuwe Jan Koning runs a red team vs blue team session with analysts Yuri Wit, the “proxy Iranian” attacker, and Rob Maas on defense. Watch the full episode to see each move, and the exact control that stops it.
Feds require Anthropic to ban 'foreign national' access to Fable, Mythos Maine disables data breach notification portal after fake disclosures ShinyHunters extorts universities through exploiting an unpatched Oracle flaw Get the show notes here: Huge thanks to our sponsor, ThreatLocker Every security leader is being asked the same question right now: How do we enable innovation without creating unnecessary risk? That's the challenge behind cloud adoption. Behind AI. Behind automation. And behind every major technology decision. ThreatLocker helps organizations take a Zero Trust approach to that challenge—giving them greater control over what can execute, what can access their environment, and what users and applications are allowed to do. That's why ThreatLocker is proud to support Cyber Security Headlines. Because security works best when innovation and control move together.
As AI agents become more capable and autonomous, they also introduce new security challenges. In this 'Fully Connected' episode, Dan and Chris unpack Anthropic's Zero Trust for AI Agents security framework and what it means for organizations deploying agentic systems. They examine the key security risks facing agentic systems and discuss how organizations can apply Zero Trust principles to deploy AI agents safely. Along the way, they break down practical security controls and discuss how traditional cybersecurity principles must evolve for the age of AI agents.Featuring:Chris Benson – Website, LinkedIn, Bluesky, GitHub, XDaniel Whitenack – Website, GitHub, XLinks: Zero Trust for AI AgentsOWASP GenAI Project Sponsors:Prediction Guard: A self-hosted AI control plane for running agents in high impact environments. predictionguard.com/practicalaiUpcoming Events: Register for upcoming webinars here!Midwest AI Summit 2026
In Episode 106 of the Cybersecurity Readiness Podcast Series, Dr. Dave Chatterjee is joined by Holger Hügel, Chief Technology Officer of SecurityBridge and a global authority on SAP cybersecurity with over 26 years of experience — to address a governance blind spot that exists inside the security perimeters of even the most mature enterprise organizations: the SAP environment.Opening with the August 2024 ransomware attack on Stoli Group USA — where attackers went straight for the company's SAP enterprise resource planning (ERP) system, disrupting financial operations and contributing directly to a bankruptcy filing within three months — Dr. Chatterjee frames the episode's central challenge: organizations can have zero trust architecture, network segmentation, and identity governance fully deployed across their IT landscape, and still be critically exposed, because most CISOs have never formally claimed accountability for SAP security, and most SAP teams do not think of themselves as part of the security function.Hügel explains the structural gap at the heart of this problem. SAP systems are simultaneously the most business-critical and the least security-governed assets in most large organizations. The C-suite depends on them for financial operations, payroll, procurement, and supply chain continuity, yet SAP teams and security teams speak different languages, operate under different budgets, and rarely collaborate. SAP departments typically define "security" as managing user authorizations and privileges — a narrow interpretation that leaves configuration drift, patch backlogs, and monitoring gaps entirely unaddressed.Analyzed through Dr. Chatterjee's Commitment–Preparedness–Discipline (CPD) framework, the conversation translates SAP cybersecurity from a technical niche into a governance imperative. The Medtronic case study demonstrates what good looks like: a CISO who crossed the organizational divide, sponsored SAP hardening from the cybersecurity budget, built a continuous patch management process, and created the governance structure that allowed the team to respond to an out-of-band vulnerability within hours rather than weeks.The episode's central message is neither technical nor abstract: the organizations that will survive the next ERP-targeted ransomware attack are not those with the most sophisticated tools — they are the ones that have claimed ownership of the problem, built the processes to address it continuously, and created the cross-functional governance structures that SAP and cybersecurity teams cannot build on their own.To access and download the entire podcast summary with discussion highlights - https://www.dchatte.com/episode-106-the-invisible-attack-surface-zero-trust-for-sap-and-erp-environments/Connect with Host Dr. Dave ChatterjeeLinkedIn: https://www.linkedin.com/in/dchatte/ Website: https://dchatte.com/Books PublishedThe DeepFake ConspiracyCybersecurity Readiness: A Holistic and High-Performance ApproachArticles & Cases PublishedChatterjee, D. (2026). Root: Automating the Remediation Gap, Ivey Publishing, Jan 7, 2026.Ramasastry, C. and Chatterjee, D. (2025). Trusona: Recruiting For The Hacker Mindset, Ivey Publishing, Oct 3, 2025.Chatterjee, D. and Leslie, A. (2024). “Ignorance is not bliss: A human-centered whole-of-enterprise approach to cybersecurity preparedness,” Business Horizons, Accepted on Oct 29, 2024.Isik, O., Chatterjee, D., and Lourenco, D.A. (2024). “Getting Cybersecurity Right,” California Management Review — Insights, Accepted for Publication, July 8, 2024. Chatterjee, D. (2023). “Mission critical – How American Cancer Society successfully and securely migrated to the cloud amid the pandemic,” I by IMD, March 13, 2023.Chatterjee, D. (2022). “Preventing security breaches must start at the top,” I by IMD, September 28, 2022, Institute for Management Development, Lausanne, SwitzerlandChatterjee, D. (2022). “Making Cybersecurity Readiness Mainstream,” Executive Blog Post, NETSPI, March 1, 2022Benz, M. and Chatterjee, D. (2020). “Calculated Risk? A Cybersecurity Evaluation Tool for SMEs,” Business Horizons, available online from May 4, 2020Chatterjee, D. (2019). “Should Executives Go To Jail Over Cyber Attacks,” Journal of Organizational Computing and Electronic Commerce, Vol 29, Issue 1, pp. 1-3.Abraham, C., Chatterjee, D., and Sims, R. (2019). “Muddling through cybersecurity: Insights from the U.S. healthcare industry,” Business Horizons, July 2019.
AI Unraveled: Latest AI News & Trends, Master GPT, Gemini, Generative AI, LLMs, Prompting, GPT Store
This episode features Geoffrey Mattson, CEO of SecureAuth, joined by co-host Sarah Cicchetti, Director of Product Management at Semperis.Geoffrey has spent decades building and leading companies at the intersection of AI and cybersecurity, including MistNet.ai, an AI-native threat detection platform acquired by LogRhythm, and Xage Security, where he drove zero trust adoption across the U.S. military, global energy firms, and Fortune 500 enterprises. At SecureAuth, he leads a platform built around continuous, real-time identity authority across workforces, APIs, and AI agents.In this episode, Geoffrey argues that agents combine the speed of automation with the unpredictability of humans, making real-time per-action authorization the only viable control model. He discusses why “friendly fire” from well-meaning employees is the biggest threat vector right now, how MCP vendors are ignoring their own OAuth spec, and what a practical agent rollout with real guardrails actually looks like.This episode reframes authorization as the problem the identity industry has been deferring for years and can no longer avoid.Guest Bio Geoffrey Mattson is a serial entrepreneur and globally recognized cybersecurity and AI executive with decades of experience building market-defining companies and technologies that protect the world's most critical systems.He is currently CEO of SecureAuth, a leader in AI-driven identity and access management with its Continuous Authority, ensuring ongoing verification across workforces, customers, APIs, and AI agents. This is enabled through its Private Authority Platform, which puts authentication and authorization under your control through any deployment model (cloud, on prem, hybrid, air-gapped).Prior to SecureAuth, Mattson served as CEO of Xage Security, where he led the company in Zero Trust for critical environments from energy to agentic AI. Under his leadership, Xage achieved rapid adoption across the U.S. military, global energy firms, and Fortune 500 enterprises.Previously, Geoffrey Mattson was co-founder and CEO of MistNet.ai, an AI-native threat detection platform acquired by LogRhythm. He pioneered decentralized analytics and machine learning approaches for real-time cyber defense, and later served as SVP of Product at LogRhythm, driving global expansion and shaping the next generation of SIEM/SOAR solutions.Earlier, he held senior executive roles at Juniper Networks, overseeing a $2B product portfolio and leading major M&A efforts, and at Huawei Technologies as SVP and CTO for networking and data center platforms. His engineering leadership at Corona Networks, Caspian, and Bay Networks helped build foundational technologies in network and security architecture.Guest Quote “With agents, you have the power and the speed of an automated process with the unpredictability of a human. And in fact, we are seeing their behavior and their psychology makes them even perhaps less predictable than a human.”Time stamps 01:45 Meet Geoffrey Mattson: Serial Entrepreneur and Cybersecurity Executive 02:40 Why Identity Is Having a Moment 08:40 Defining Agent Identity 12:15 Behavioral Guardrails for Agents 14:37 Agent Identity Lifecycle 17:36 Just-in-Time vs. Standing Privilege 18:02 C-Suite Pressure and Friendly Fires 21:00 When Agents Live Off the Land 26:12 MCP, OAuth, and Token Pitfalls 28:04 Threat Models and Rollout Strategy 30:13 LLMs and Policy Authoring 31:23 Conclusion and Final ThoughtsSponsor The HIP Podcast is brought to you by Semperis, the leader in identity-driven cyber resilience for the hybrid enterprise. Trusted by the world's leading businesses, Semperis protects critical Active Directory and Entra ID environments from cyberattacks, ensuring rapid recovery and business continuity when every second counts. Visit semperis.com to learn more.LinksConnect with Geoffrey on LinkedInConnect with Sarah on LinkedInConnect with Sean on LinkedInDon't miss future episodesLearn more about Semperis
An astronomical amount of money is being poured into AI and data centers as tech giants fight for dominance, but is this fueling the next big tech bubble or just the price of staying in the game? Get the panel's opinions on wild IPO valuations, global power grabs, Build 2026, NVIDIA GTC Taipei, and even successful YouTuber movies! SpaceX IPO to Be Largest Ever at $135 Share Price Utah residents sue officials over Kevin O'Leary data center plan When AI builds itself NVIDIA announces RTX Spark as 'the most efficient PC chip ever built' Major Homebuilder To Test Placing Mini Data Centers in Suburban Backyards Microsoft Build 2026: The 7 biggest announcements What to Expect at Apple's WWDC 2026: iOS 27, New Siri and AI Meta Silently Added Face-Recognition Code for Its Smart Glasses to Millions of Phones Trump Signs Executive Order Seeking Oversight of A.I. Models Trump: U.S. stake in AI giants "could be a beautiful thing" Cable lobby warns of chaos if FCC doesn't relax ban on foreign routers Google ordered to put clearer links in AI search and let UK publishers opt out AT&T and Verizon lose Supreme Court case over fines for selling location data YouTubers Win the Box Office, Goodbye Gatekeepers, The YouTube Bar YouTube overtakes Netflix in average daily viewing around the world Host: Leo Laporte Guests: Joey de Villa, Jeff Jarvis, and Fr. Robert Ballecer, SJ Download or subscribe to This Week in Tech at https://twit.tv/shows/this-week-in-tech Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free audio and video feeds, a members-only Discord, and exclusive content. Join today: https://twit.tv/clubtwit Sponsors: expressvpn.com/twit ZipRecruiter.com/twit canary.tools/twit - use code: TWIT Melissa.com/twit helixsleep.com/twit
An astronomical amount of money is being poured into AI and data centers as tech giants fight for dominance, but is this fueling the next big tech bubble or just the price of staying in the game? Get the panel's opinions on wild IPO valuations, global power grabs, Build 2026, NVIDIA GTC Taipei, and even successful YouTuber movies! SpaceX IPO to Be Largest Ever at $135 Share Price Utah residents sue officials over Kevin O'Leary data center plan When AI builds itself NVIDIA announces RTX Spark as 'the most efficient PC chip ever built' Major Homebuilder To Test Placing Mini Data Centers in Suburban Backyards Microsoft Build 2026: The 7 biggest announcements What to Expect at Apple's WWDC 2026: iOS 27, New Siri and AI Meta Silently Added Face-Recognition Code for Its Smart Glasses to Millions of Phones Trump Signs Executive Order Seeking Oversight of A.I. Models Trump: U.S. stake in AI giants "could be a beautiful thing" Cable lobby warns of chaos if FCC doesn't relax ban on foreign routers Google ordered to put clearer links in AI search and let UK publishers opt out AT&T and Verizon lose Supreme Court case over fines for selling location data YouTubers Win the Box Office, Goodbye Gatekeepers, The YouTube Bar YouTube overtakes Netflix in average daily viewing around the world Host: Leo Laporte Guests: Joey de Villa, Jeff Jarvis, and Fr. Robert Ballecer, SJ Download or subscribe to This Week in Tech at https://twit.tv/shows/this-week-in-tech Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free audio and video feeds, a members-only Discord, and exclusive content. Join today: https://twit.tv/clubtwit Sponsors: expressvpn.com/twit ZipRecruiter.com/twit canary.tools/twit - use code: TWIT Melissa.com/twit helixsleep.com/twit
An astronomical amount of money is being poured into AI and data centers as tech giants fight for dominance, but is this fueling the next big tech bubble or just the price of staying in the game? Get the panel's opinions on wild IPO valuations, global power grabs, Build 2026, NVIDIA GTC Taipei, and even successful YouTuber movies! SpaceX IPO to Be Largest Ever at $135 Share Price Utah residents sue officials over Kevin O'Leary data center plan When AI builds itself NVIDIA announces RTX Spark as 'the most efficient PC chip ever built' Major Homebuilder To Test Placing Mini Data Centers in Suburban Backyards Microsoft Build 2026: The 7 biggest announcements What to Expect at Apple's WWDC 2026: iOS 27, New Siri and AI Meta Silently Added Face-Recognition Code for Its Smart Glasses to Millions of Phones Trump Signs Executive Order Seeking Oversight of A.I. Models Trump: U.S. stake in AI giants "could be a beautiful thing" Cable lobby warns of chaos if FCC doesn't relax ban on foreign routers Google ordered to put clearer links in AI search and let UK publishers opt out AT&T and Verizon lose Supreme Court case over fines for selling location data YouTubers Win the Box Office, Goodbye Gatekeepers, The YouTube Bar YouTube overtakes Netflix in average daily viewing around the world Host: Leo Laporte Guests: Joey de Villa, Jeff Jarvis, and Fr. Robert Ballecer, SJ Download or subscribe to This Week in Tech at https://twit.tv/shows/this-week-in-tech Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free audio and video feeds, a members-only Discord, and exclusive content. Join today: https://twit.tv/clubtwit Sponsors: expressvpn.com/twit ZipRecruiter.com/twit canary.tools/twit - use code: TWIT Melissa.com/twit helixsleep.com/twit
Interview with Filip Stojkovski on the State of AI in SecOps Filip joins us to talk through the 2+ year rollercoaster that Security Operations tooling has been on since AI entered the chat. We discuss the AI SecOps market, which Filip closely tracks through his SecOps Unpacked project. We also discuss how most of the market has traditionally been focused on the "middle" of the process, which is effectively alert management. Where the conversation really gets interesting is shifting left to discuss building better quality detections. Segment Resources: Be sure to check out SecOps Unpacked - it has more than just vendor information: there are articles, frameworks, podcast episodes, research, and articles/thought leadership Topic: The Unintended Consequences of Vulnmaxxing We discuss my latest blog post where I share a theory that perhaps Project Glasswing is a clever exclusive freemium tier, where Anthropic is hoping to ensnare the world's largest producers of software into using its most expensive model to fix their code for the foreseeable future, creating a much needed new revenue stream for the AI giant with a Trillion dollar valuation. There are some potential unintended consequences that come along with an expensive vulnerability discovery/remediation process that threatens to raise the security poverty line and leave less wealthy companies behind. The Weekly Enterprise News Finally, in the enterprise security news, If you were starting a cybersecurity company today, which category would you pick? layoffs funding the White House AI executive order OpenAI's frontier governance framework Anthropic's Zero Trust for AI agents guide IBM's vulnmaxxing efforts RICO as a service for job seekers Instagram had possibly the most embarrassing hack ever All that and more, on this episode of Enterprise Security Weekly. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-462
An astronomical amount of money is being poured into AI and data centers as tech giants fight for dominance, but is this fueling the next big tech bubble or just the price of staying in the game? Get the panel's opinions on wild IPO valuations, global power grabs, Build 2026, NVIDIA GTC Taipei, and even successful YouTuber movies! SpaceX IPO to Be Largest Ever at $135 Share Price Utah residents sue officials over Kevin O'Leary data center plan When AI builds itself NVIDIA announces RTX Spark as 'the most efficient PC chip ever built' Major Homebuilder To Test Placing Mini Data Centers in Suburban Backyards Microsoft Build 2026: The 7 biggest announcements What to Expect at Apple's WWDC 2026: iOS 27, New Siri and AI Meta Silently Added Face-Recognition Code for Its Smart Glasses to Millions of Phones Trump Signs Executive Order Seeking Oversight of A.I. Models Trump: U.S. stake in AI giants "could be a beautiful thing" Cable lobby warns of chaos if FCC doesn't relax ban on foreign routers Google ordered to put clearer links in AI search and let UK publishers opt out AT&T and Verizon lose Supreme Court case over fines for selling location data YouTubers Win the Box Office, Goodbye Gatekeepers, The YouTube Bar YouTube overtakes Netflix in average daily viewing around the world Host: Leo Laporte Guests: Joey de Villa, Jeff Jarvis, and Fr. Robert Ballecer, SJ Download or subscribe to This Week in Tech at https://twit.tv/shows/this-week-in-tech Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free audio and video feeds, a members-only Discord, and exclusive content. Join today: https://twit.tv/clubtwit Sponsors: expressvpn.com/twit ZipRecruiter.com/twit canary.tools/twit - use code: TWIT Melissa.com/twit helixsleep.com/twit
Interview with Filip Stojkovski on the State of AI in SecOps Filip joins us to talk through the 2+ year rollercoaster that Security Operations tooling has been on since AI entered the chat. We discuss the AI SecOps market, which Filip closely tracks through his SecOps Unpacked project. We also discuss how most of the market has traditionally been focused on the "middle" of the process, which is effectively alert management. Where the conversation really gets interesting is shifting left to discuss building better quality detections. Segment Resources: Be sure to check out SecOps Unpacked - it has more than just vendor information: there are articles, frameworks, podcast episodes, research, and articles/thought leadership Topic: The Unintended Consequences of Vulnmaxxing We discuss my latest blog post where I share a theory that perhaps Project Glasswing is a clever exclusive freemium tier, where Anthropic is hoping to ensnare the world's largest producers of software into using its most expensive model to fix their code for the foreseeable future, creating a much needed new revenue stream for the AI giant with a Trillion dollar valuation. There are some potential unintended consequences that come along with an expensive vulnerability discovery/remediation process that threatens to raise the security poverty line and leave less wealthy companies behind. The Weekly Enterprise News Finally, in the enterprise security news, If you were starting a cybersecurity company today, which category would you pick? layoffs funding the White House AI executive order OpenAI's frontier governance framework Anthropic's Zero Trust for AI agents guide IBM's vulnmaxxing efforts RICO as a service for job seekers Instagram had possibly the most embarrassing hack ever All that and more, on this episode of Enterprise Security Weekly. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-462
Interview with Filip Stojkovski on the State of AI in SecOps Filip joins us to talk through the 2+ year rollercoaster that Security Operations tooling has been on since AI entered the chat. We discuss the AI SecOps market, which Filip closely tracks through his SecOps Unpacked project. We also discuss how most of the market has traditionally been focused on the "middle" of the process, which is effectively alert management. Where the conversation really gets interesting is shifting left to discuss building better quality detections. Segment Resources: Be sure to check out SecOps Unpacked - it has more than just vendor information: there are articles, frameworks, podcast episodes, research, and articles/thought leadership Topic: The Unintended Consequences of Vulnmaxxing We discuss my latest blog post where I share a theory that perhaps Project Glasswing is a clever exclusive freemium tier, where Anthropic is hoping to ensnare the world's largest producers of software into using its most expensive model to fix their code for the foreseeable future, creating a much needed new revenue stream for the AI giant with a Trillion dollar valuation. There are some potential unintended consequences that come along with an expensive vulnerability discovery/remediation process that threatens to raise the security poverty line and leave less wealthy companies behind. The Weekly Enterprise News Finally, in the enterprise security news, If you were starting a cybersecurity company today, which category would you pick? layoffs funding the White House AI executive order OpenAI's frontier governance framework Anthropic's Zero Trust for AI agents guide IBM's vulnmaxxing efforts RICO as a service for job seekers Instagram had possibly the most embarrassing hack ever All that and more, on this episode of Enterprise Security Weekly. Show Notes: https://securityweekly.com/esw-462
An astronomical amount of money is being poured into AI and data centers as tech giants fight for dominance, but is this fueling the next big tech bubble or just the price of staying in the game? Get the panel's opinions on wild IPO valuations, global power grabs, Build 2026, NVIDIA GTC Taipei, and even successful YouTuber movies! SpaceX IPO to Be Largest Ever at $135 Share Price Utah residents sue officials over Kevin O'Leary data center plan When AI builds itself NVIDIA announces RTX Spark as 'the most efficient PC chip ever built' Major Homebuilder To Test Placing Mini Data Centers in Suburban Backyards Microsoft Build 2026: The 7 biggest announcements What to Expect at Apple's WWDC 2026: iOS 27, New Siri and AI Meta Silently Added Face-Recognition Code for Its Smart Glasses to Millions of Phones Trump Signs Executive Order Seeking Oversight of A.I. Models Trump: U.S. stake in AI giants "could be a beautiful thing" Cable lobby warns of chaos if FCC doesn't relax ban on foreign routers Google ordered to put clearer links in AI search and let UK publishers opt out AT&T and Verizon lose Supreme Court case over fines for selling location data YouTubers Win the Box Office, Goodbye Gatekeepers, The YouTube Bar YouTube overtakes Netflix in average daily viewing around the world Host: Leo Laporte Guests: Joey de Villa, Jeff Jarvis, and Fr. Robert Ballecer, SJ Download or subscribe to This Week in Tech at https://twit.tv/shows/this-week-in-tech Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free audio and video feeds, a members-only Discord, and exclusive content. Join today: https://twit.tv/clubtwit Sponsors: expressvpn.com/twit ZipRecruiter.com/twit canary.tools/twit - use code: TWIT Melissa.com/twit helixsleep.com/twit
Interview with Filip Stojkovski on the State of AI in SecOps Filip joins us to talk through the 2+ year rollercoaster that Security Operations tooling has been on since AI entered the chat. We discuss the AI SecOps market, which Filip closely tracks through his SecOps Unpacked project. We also discuss how most of the market has traditionally been focused on the "middle" of the process, which is effectively alert management. Where the conversation really gets interesting is shifting left to discuss building better quality detections. Segment Resources: Be sure to check out SecOps Unpacked - it has more than just vendor information: there are articles, frameworks, podcast episodes, research, and articles/thought leadership Topic: The Unintended Consequences of Vulnmaxxing We discuss my latest blog post where I share a theory that perhaps Project Glasswing is a clever exclusive freemium tier, where Anthropic is hoping to ensnare the world's largest producers of software into using its most expensive model to fix their code for the foreseeable future, creating a much needed new revenue stream for the AI giant with a Trillion dollar valuation. There are some potential unintended consequences that come along with an expensive vulnerability discovery/remediation process that threatens to raise the security poverty line and leave less wealthy companies behind. The Weekly Enterprise News Finally, in the enterprise security news, If you were starting a cybersecurity company today, which category would you pick? layoffs funding the White House AI executive order OpenAI's frontier governance framework Anthropic's Zero Trust for AI agents guide IBM's vulnmaxxing efforts RICO as a service for job seekers Instagram had possibly the most embarrassing hack ever All that and more, on this episode of Enterprise Security Weekly. Show Notes: https://securityweekly.com/esw-462
An astronomical amount of money is being poured into AI and data centers as tech giants fight for dominance, but is this fueling the next big tech bubble or just the price of staying in the game? Get the panel's opinions on wild IPO valuations, global power grabs, Build 2026, NVIDIA GTC Taipei, and even successful YouTuber movies! SpaceX IPO to Be Largest Ever at $135 Share Price Utah residents sue officials over Kevin O'Leary data center plan When AI builds itself NVIDIA announces RTX Spark as 'the most efficient PC chip ever built' Major Homebuilder To Test Placing Mini Data Centers in Suburban Backyards Microsoft Build 2026: The 7 biggest announcements What to Expect at Apple's WWDC 2026: iOS 27, New Siri and AI Meta Silently Added Face-Recognition Code for Its Smart Glasses to Millions of Phones Trump Signs Executive Order Seeking Oversight of A.I. Models Trump: U.S. stake in AI giants "could be a beautiful thing" Cable lobby warns of chaos if FCC doesn't relax ban on foreign routers Google ordered to put clearer links in AI search and let UK publishers opt out AT&T and Verizon lose Supreme Court case over fines for selling location data YouTubers Win the Box Office, Goodbye Gatekeepers, The YouTube Bar YouTube overtakes Netflix in average daily viewing around the world Host: Leo Laporte Guests: Joey de Villa, Jeff Jarvis, and Fr. Robert Ballecer, SJ Download or subscribe to This Week in Tech at https://twit.tv/shows/this-week-in-tech Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free audio and video feeds, a members-only Discord, and exclusive content. Join today: https://twit.tv/clubtwit Sponsors: expressvpn.com/twit ZipRecruiter.com/twit canary.tools/twit - use code: TWIT Melissa.com/twit helixsleep.com/twit
Podcast: Industrial Cybersecurity InsiderEpisode: Five Federal Agencies. One Zero-Trust OT Briefing. Most Haven't Read it.Pub date: 2026-06-03Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationThe joint CISA, FBI, Department of War, Department of Energy, and Department of State briefing on adapting Zero Trust to operational technology landed on April 29. Has OT leadership read it?In this episode, Craig and Dino address how the European Cyber Resilience Act is quietly forcing US plants into failed audits, why IT teams still see less than a third of OT assets, how EDR tools are taking down $100K-an-hour packaging lines, and why only a handful of integrators in North America have a real OT cybersecurity practice. They walk through what zero trust and micro-segmentation actually look like inside a 20-year-old plant with flat layer-two networks, DLR rings, jump boxes, and Cradlepoint workarounds, and lay out the first concrete move every CISO and CIO should make to start closing the IT/OT gap.Chapters:(00:00:00) - Cold Open: How the European CRA Is Failing US Plants(00:01:30) - The April 29 CISA/FBI Zero Trust in OT Briefing Nobody Read(00:05:00) - Compliance Without Teeth: Why US Regulations Aren't Moving the Needle(00:07:30) - When CrowdStrike Shuts Down a $100K-an-Hour Packaging Line(00:10:30) - The Visibility Gap: IT Sees Less Than a Third of OT Assets(00:15:30) - OEM Resistance: The Million-Dollar, Six-Month Cybersecurity Tax(00:18:30) - The Cradlepoint Workaround: How Plant Managers Bypass IT(00:21:30) - Layering Zero Trust onto a 20-Year-Old Plant Without Rip-and-Replace(00:25:30) - Why Only 5–10 of 1,000 Integrators Have a Real OT Cyber Practice(00:31:30) - Where CISOs Should Actually Be Looking (Hint: Not RSA or Black Hat)Links And Resources:Want to Sponsor an episode or be a Guest? Reach out here.Industrial Cybersecurity Insider on LinkedInCybersecurity & Digital Safety on LinkedInBW Design Group CybersecurityDino Busalachi on LinkedInCraig Duckworth on LinkedInThanks so much for joining us this week. Want to subscribe to Industrial Cybersecurity Insider? Have some feedback you'd like to share? Connect with us on Spotify, Apple Podcasts, and YouTube to leave us a review!The podcast and artwork embedded on this page are from Industrial Cybersecurity Insider, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.
If you think Tailscale is just a VPN for the home lab, think again. On today's sponsored episode Ethan and Drew are joined by Tailscale CEO Avery Pennarun. Avery explains how the company has evolved into an enterprise-grade connectivity and security platform. He also dives into Tailscale Aperture, their new AI gateway designed to bring... Read more »
If you think Tailscale is just a VPN for the home lab, think again. On today's sponsored episode Ethan and Drew are joined by Tailscale CEO Avery Pennarun. Avery explains how the company has evolved into an enterprise-grade connectivity and security platform. He also dives into Tailscale Aperture, their new AI gateway designed to bring... Read more »
If you think Tailscale is just a VPN for the home lab, think again. On today's sponsored episode Ethan and Drew are joined by Tailscale CEO Avery Pennarun. Avery explains how the company has evolved into an enterprise-grade connectivity and security platform. He also dives into Tailscale Aperture, their new AI gateway designed to bring... Read more »
On this week's Compliance Unfiltered, discover why identity is the new perimeter in cybersecurity. This episode reveals how zero trust principles can protect your systems by continuously verifying user identity and behavior. Learn about the risks of traditional defenses, the evolution of compliance standards, and practical tactics for implementing context-aware verification. Perfect for IT leaders and security professionals ready to strengthen defenses and build a trustworthy digital environment. Listen now to stay ahead of threats.
Could a single weak password put your TRS benefit and other accounts at risk? Bad actors and cybercriminals target individuals every day.In this episode of Your Retirement in Focus, host Everett Crockett speaks with Tom McMurry, TRS Chief Information Officer, to break down the real-world risks of scams and how they can impact your identity, credit, and your Teachers Retirement System benefit. Learn about the Zero Trust model and what you can do to protect your money. From creating strong, unique passwords to enabling multi-factor authentication (MFA) and using password managers, this episode delivers the steps to enhance your digital safety.Tom will discuss:Data breaches and the increasing threat of online scams How fraudsters use texts, emails, and spoofed calls to steal informationWhat MFA is and how to use a password managerWhy credit freezes and account alerts are critical for fraud preventionHow to recognize AI scams and deepfakesJoin the conversation to protect your TRS benefit, avoid scams, and strengthen your financial digital security.If you haven't had the chance to meet with us one-on-one in a virtual or in-person format, and are within 2 years of retirement eligibility, be sure to log in to your TRS account online and register for a session today! Are you new to TRS or in the middle of your career? Be sure to designate your beneficiaries as soon as possible in your TRS online account. We want to hear from our members! Please email the show for topic inquiries, questions, and comments! Contact us at podcast@trsga.com. Host: Everett Crockett Guest: Tom McMurry, TRS Chief Information OfficerFor more information visit: www.trsga.com Facebook: https://www.facebook.com/trsgeorgia YouTube: https://www.youtube.com/@trsgeorgia Instagram: www.instagram.com/trsgeorgia#YourRetirementInFocus #FraudProtection #RetirementPodcast This podcast is for information purposes only and should not be considered financial, legal, or tax advice. The views and opinions expressed are those of the speakers and may not reflect the views of the Teachers Retirement System of Georgia.
It started with a fake car listing on eBay.What looked like a simple online scam quietly grew, over more than a decade, into one of the most sophisticated cybercrime operations the FBI had ever traced. Custom malware. Opsec off the charts. Fleets of infected computers mining cryptocurrency for someone else. Millions of dollars siphoned from victims who had no idea.This is the story of Bayrob and the three men from Romanian who were behind it. And the long, strange road that led American investigators to their door.SponsorsSupport for this show comes from ThreatLocker®. ThreatLocker® is a Zero Trust Endpoint Protection Platform that strengthens your infrastructure from the ground up. With ThreatLocker® Allowlisting and Ringfencing™, you gain a more secure approach to blocking exploits of known and unknown vulnerabilities. ThreatLocker® provides Zero Trust control at the kernel level that enables you to allow everything you need and block everything else, including ransomware! Learn more at www.threatlocker.com.This show is sponsored by Meter, the company building networks from the ground up. Meter delivers a complete networking stack - wired, wireless, and cellular - in one solution that's built for performance and scale. Alongside their partners, Meter designs the hardware, writes the firmware, builds the software, manages deployments, and runs support. Learn more at meter.com.This show is sponsored by Maze. Maze uses AI agents to triage and remediate cloud vulnerabilities by figuring out what's actually exploitable, not just what's theoretically risky. They remove the noise, prioritize vulns that matter, and manage remediation, so your team stops wasting time on meaningless vulns. Visit MazeHQ.com/darknet for more information.Support for this episode comes from NetSuite. NetSuite gives you visibility and control of your financials, planning, budgeting, and of course - inventory - so you can manage risk, get reliable forecasts, and improve margins. NetSuite helps you identify rising costs, automate your manual business processes, and see where to save money. KNOW your numbers. KNOW your business. And get to KNOW how NetSuite can be the source of truth for your entire company. Visit www.netsuite.com/darknet to learn more.This episode is sponsored by Chainguard. Chainguard builds container images the right way — minimal, hardened, and built from source every single day. We're talking images with zero known CVEs, designed from the ground up for production. No bloat. No mystery packages. No 2 a.m. patching marathons because some transitive dependency lit up your dashboard. Stop patching images that are insecure. Start shipping clean. Head to chainguard.dev to see how secure your software supply chain can really be.
(10) Francis Rose explores the security risks of electronic health records, explaining how nation-states like China seek bulk data for espionage and how the government utilizes "zero trust" technology to deter sophisticated machine-speed hacks.1913 GETTYSBURG
#236: How Nevada Recovered from a Statewide Cyber Attack in 28 Days (And What Every CIO & CISO Should Do Before It Happens to Them)SummaryNevada woke up to a ransomware attack that took 60+ state agencies offline. No ransom paid. Full recovery in 28 days.State CIO Timothy Galluzi and Info-Tech's Mark Hellbusch break down the largest ransomware attack in Nevada state history - how the network came back in 48 hours, how they kept citizen trust through radical transparency, and what every state CIO, CISO, and public sector IT leader needs to know about incident response, Zero Trust Architecture, and building the partnerships that actually show up when it matters.FeaturingTimothy Galluzi, CIO State of NevadaMark Hellbusch, Director, AI Security & Privacy, Info-Tech Research GroupTimestamps(00:00) Every 39 seconds - ransomware by the numbers(01:00) The call Tim never wanted to get(05:50) 18-20 hour days and kicking people out of the office(08:00) Managing public comms with an active adversary watching(14:30) NASCIO community: peer intel sharing in a crisis(16:00) When Info-Tech showed up vs. the cold call vendors(17:30) "28 days of success" - building the after action report(24:00) Assembly Bill One: unanimous vote, statewide SOC(30:00) Trusted partner vs. vendor - the real difference(34:00) Zero Trust: 80% risk reduction and $1.5M ROIListen now: YouTube x Apple x SpotifyWhenever you're ready, there are 3 ways you can connect with TechTables:1.
Most enterprises have some kind of zero trust strategy, but a lot of them could be better described as good intentions rather than active programs being implemented. Making good on a zero trust strategy and achieving an actual zero trust architecture requires tools that embody the core precept of zero trust thinking: deny access by... Read more »
Most enterprises have some kind of zero trust strategy, but a lot of them could be better described as good intentions rather than active programs being implemented. Making good on a zero trust strategy and achieving an actual zero trust architecture requires tools that embody the core precept of zero trust thinking: deny access by... Read more »
We talk a lot about “Zero Trust” in AV. But is the industry actually building systems worthy of that trust… or just throwing cybersecurity buzzwords around? And with Android devices heading toward end of life, what happens when meeting room technology is expected to outlive the software underneath it?Host Tim Albright and his industry expert guests bring you another must-watch AVWeek episode exploring Zero Trust in AV, cybersecurity accountability, Android end-of-life, MDEP, and what it all means for the future of meeting room technology.See Privacy Policy at https://art19.com/privacy and California Privacy Notice at https://art19.com/privacy#do-not-sell-my-info.
Breakfast Leadership Show – AI, Cybersecurity & Why Your Board Should Care In this episode of the Breakfast Leadership Show, I sit down with cybersecurity veteran Scott Alldridge to unpack the real risks organizations face as they rush into AI adoption without governance, guardrails, or leadership oversight. With 30 years in IT and cybersecurity—and over 300,000 copies sold of the Visible Ops Handbook—Scott shares why AI security isn't just an IT issue… it's a board-level responsibility. We talk about the hidden dangers of uploading confidential information into AI tools, the human errors behind major breaches like the MGM Resorts International cyberattack, and why companies must stop treating cybersecurity as a cost center. Instead, it needs to be seen for what it truly is: revenue assurance and business survival. If you think your organization is “too small” to be targeted, you'll want to press play on this one.
This week's Department of Know is hosted by Rich Stroffolino, with guests Kathleen Mullin, former CISO, MyCareGorithm, and Nick Espinosa, host, Deep Dive Radio Show. Missed the live show? Check it out on YouTube. The Department of Know is live every Friday at 4:00 p.m. ET. Join us each week by registering for the open discussion at CISOSeries.com. Huge thanks to our sponsor, ThreatLocker ThreatLocker is extending Zero Trust beyond endpoint control. With their recent release of Zero Trust Network Access and Zero Trust Cloud Access, access isn't based on credentials alone, it requires the right user, the right device, and the right conditions. Because as we've seen in recent large-scale CRM breaches, stolen credentials and misconfigurations can expose massive amounts of data. With ThreatLocker, nothing is exposed, and access is limited to exactly what's needed. Learn more and start your free trial today at ThreatLocker.com/CISO.
Cisco issues 10.0 Secure Workload admin flaw warning Spammers abuse internal Microsoftonline account Google's surge in Chrome vulnerability announcements Get the show notes here: https://cisoseries.com/cybersecurity-news-ciscos-10-0-vulnerability-microsoft-email-spammed-chrome-vulnerability-surge/ Thanks to our episode sponsor, ThreatLocker ThreatLocker is extending Zero Trust beyond endpoint control. With their recent release of Zero Trust Network Access and Zero Trust Cloud Access, access isn't based on credentials alone, it requires the right user, the right device, and the right conditions. Because as we've seen in recent large-scale CRM breaches, stolen credentials and misconfigurations can expose massive amounts of data. With ThreatLocker, nothing is exposed, and access is limited to exactly what's needed. Learn more and start your free trial today at ThreatLocker.com/CISO.
GitHub breach via VS Code extension Shai-Hulud wave compromises 600 npm packages Huawei attack behind Luxembourg telecom crash Get the show notes here: https://cisoseries.com/cybersecurity-news-github-vs-code-extension-breach-shai-hulud-npm-package-compromise-huawei-luxembourg-telecom-link/ Thanks to our episode sponsor, ThreatLocker ThreatLocker is extending Zero Trust beyond endpoint control. With their recent release of Zero Trust Network Access and Zero Trust Cloud Access, access isn't based on credentials alone, it requires the right user, the right device, and the right conditions. Because as we've seen in recent large-scale CRM breaches, stolen credentials and misconfigurations can expose massive amounts of data. With ThreatLocker, nothing is exposed, and access is limited to exactly what's needed. Learn more and start your free trial today at ThreatLocker.com/CISO.
Over the last decade, cybersecurity heavily invested in EDR, XDR, SIEM, telemetry, and SOC-driven operations. We stopped asking how to stop attacks and started asking how fast we could detect them. However, Mythos and frontier models have changed that paradigm. How do you detect a -7 day vulnerability? Detection and response cannot keep, so what's the answer? Rob Allen, Chief Product Officer at ThreatLocker, joins Business Security Weekly to discuss why cybersecurity is shifting from detection and response to prevention and enforcement. As attackers accelerate through automation and AI, organizations are revisiting prevention-focused controls. Rob will discuss why organizations need to adopt application allowlisting, Zero Trust, Ringfencing, and policy enforcement to reduce attacker freedom before execution occurs. Prevention-first security is the only way to decrease the AI attack surface. This segment is sponsored by ThreatLocker. Visit https://securityweekly.com/threatlocker to learn more about them! In the leadership and communications segment, What CISOs need to land a board role, The Security Mistakes Being Repeated With AI, When Senior Leaders Lack People Skills, Transformations Fail, and more! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw-448
Microsoft disrupts malware-signing-as-a-service Critical flaw found in industrial robot OS CISA admin leaks keys Get the show notes here: https://cisoseries.com/cybersecurity-news-microsoft-hits-fox-tempest-robotics-os-flaw-cisa-admins-leaks-keys/ Thanks to our episode sponsor, ThreatLocker ThreatLocker is extending Zero Trust beyond endpoint control. With their recent release of Zero Trust Network Access and Zero Trust Cloud Access, access isn't based on credentials alone, it requires the right user, the right device, and the right conditions. Because as we've seen in recent large-scale CRM breaches, stolen credentials and misconfigurations can expose massive amounts of data. With ThreatLocker, nothing is exposed, and access is limited to exactly what's needed. Learn more and start your free trial today at ThreatLocker.com/CISO.
Over the last decade, cybersecurity heavily invested in EDR, XDR, SIEM, telemetry, and SOC-driven operations. We stopped asking how to stop attacks and started asking how fast we could detect them. However, Mythos and frontier models have changed that paradigm. How do you detect a -7 day vulnerability? Detection and response cannot keep, so what's the answer? Rob Allen, Chief Product Officer at ThreatLocker, joins Business Security Weekly to discuss why cybersecurity is shifting from detection and response to prevention and enforcement. As attackers accelerate through automation and AI, organizations are revisiting prevention-focused controls. Rob will discuss why organizations need to adopt application allowlisting, Zero Trust, Ringfencing, and policy enforcement to reduce attacker freedom before execution occurs. Prevention-first security is the only way to decrease the AI attack surface. This segment is sponsored by ThreatLocker. Visit https://securityweekly.com/threatlocker to learn more about them! In the leadership and communications segment, What CISOs need to land a board role, The Security Mistakes Being Repeated With AI, When Senior Leaders Lack People Skills, Transformations Fail, and more! Show Notes: https://securityweekly.com/bsw-448
Linus Torvalds not into AI bug hunters 7-Eleven hit with ransom demand MENA runs new cybercrime op Get the show notes here: https://cisoseries.com/cybersecurity-news-linus-torvalds-talks-ai-bug-hunters-7-eleven-ransom-demand-menas-new-cybercrime-op/ Thanks to our episode sponsor, ThreatLocker ThreatLocker is extending Zero Trust beyond endpoint control. With their recent release of Zero Trust Network Access and Zero Trust Cloud Access, access isn't based on credentials alone, it requires the right user, the right device, and the right conditions. Because as we've seen in recent large-scale CRM breaches, stolen credentials and misconfigurations can expose massive amounts of data. With ThreatLocker, nothing is exposed, and access is limited to exactly what's needed. Learn more and start your free trial today at ThreatLocker.com/CISO.
ThreatLocker takes an opinionated approach to Zero Trust. The company, our sponsor for today’s episode, starts with application control. It uses endpoint software that runs on PCs and servers to allow or deny applications to run. It can also monitor and control the behavior of allowed applications. ThreatLocker has extended its platform to include network... Read more »
All links and images can be found on CISO Series This week's episode is hosted by David Spark, producer of CISO Series and Mike Johnson, CISO, Rivian. Joining is Jean-Paul Calabio, vp and CISO, Grainger. In this episode: Scanning the map isn't securing the territory CFOs don't fund faith What your AI inherits Nobody owns the gap Thanks to Jonathan Waldrop, CISO, Acoustic for providing our "What's Worse" scenario. A huge thanks to our sponsor, ThreatLocker ThreatLocker makes Zero Trust practical. With Default Deny, Ringfencing, and Elevation Control, CISOs get real control that's easy to manage and built to scale. Stop threats before they execute and reduce operational noise without adding complexity. See how simple prevention can be at ThreatLocker.com/CISO.
ThreatLocker takes an opinionated approach to Zero Trust. The company, our sponsor for today’s episode, starts with application control. It uses endpoint software that runs on PCs and servers to allow or deny applications to run. It can also monitor and control the behavior of allowed applications. ThreatLocker has extended its platform to include network... Read more »
The Weekly Enterprise News This week, in the enterprise security news, Copy Fail The hits keep coming for CVE, NIST and NVD Cyber attacks on breathalyzers insurance carriers pulling support for AI Florida Man pleads guilty ignore the humanities at your own peril offense and defense don't scale the same is it okay to be left behind? scientists gave cocaine to salmon Mind the Gap: Confidence, AI, and the Future of Exposure Management Former ethical hacker, now founder and CEO of Intruder, Chris Wallis explores whether AI can bridge the divide between finding vulnerabilities and understanding real-world attack context as exploit windows continue to shrink. This conversation dives into the structural "confidence gap" uncovered in Intruder's 2026 Security Middle Child Report, where executive risk appetite is increasingly decoupled from front-line operational reality. Check out Intruder's Security Middle Child Report at https://securityweekly.com/intruderrsac. Modern Phishing Attacks Are Under Multi-Channel Siege Recently, there has been a shift in cybercriminals' behavior, marked by a surge in total phishing attack volume. These attacks are fueled by high-scale automation and a coordinated multi-channel siege targeting corporate collaboration tools. Trusted platforms such as email, Teams, calendars and others are in the cross-hairs, bypassing traditional phishing methods that have worked in the past. This segment is sponsored by KnowBe4. Visit https://securityweekly.com/knowbe4rsac to learn more about them! AI is Now Default Enterprise Accelerator The Zscaler ThreatLabz 2026 AI Security Report reveals that enterprise AI adoption has surged by up to 93% year-over-year, yet 100% of tested AI environments remain vulnerable to breaches that can occur in as little as 16 minutes. It highlights a dangerous shift toward "machine-speed" threats, where attackers use generative AI to automate data exfiltration and create sophisticated deepfakes. To combat these risks, the report urges organizations to move beyond simple blocking and instead implement a Zero Trust architecture for safe, AI-native data protection. This segment is sponsored by Zscaler. Visit https://securityweekly.com/zscalerrsac to learn more about them! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-458
For six years, Sophos fought a secret cyber war against a state-backed hacking group targeting its firewalls. This forced Sophos to drastically change tactics to properly secure their firewalls.Was it ethical? Was it effective? They disrupted nine zero-day attacks, exposed who was hacking them, and forced the hackers to change tactics. But at what cost?You have to listen to one of the most audacious corporate cyber defenses ever conducted.SponsorsSupport for this show comes from ThreatLocker®. ThreatLocker® is a Zero Trust Endpoint Protection Platform that strengthens your infrastructure from the ground up. With ThreatLocker® Allowlisting and Ringfencing™, you gain a more secure approach to blocking exploits of known and unknown vulnerabilities. ThreatLocker® provides Zero Trust control at the kernel level that enables you to allow everything you need and block everything else, including ransomware! Learn more at www.threatlocker.com.This show is sponsored by Meter, the company building networks from the ground up. Meter delivers a complete networking stack - wired, wireless, and cellular - in one solution that's built for performance and scale. Alongside their partners, Meter designs the hardware, writes the firmware, builds the software, manages deployments, and runs support. Learn more at meter.com.Support for this show comes from Drata. Drata is the trust management platform that uses AI-driven automation to modernize governance, risk, and compliance, helping thousands of businesses stay audit-ready and scale securely. Learn more at drata.com/darknetdiaries.Sources https://news.sophos.com/en-us/2024/10/31/pacific-rim-timeline/ https://www.justice.gov/archives/opa/pr/seven-hackers-associated-chinese-government-charged-computer-intrusions-targeting-perceived https://www.fbi.gov/wanted/cyber/guan-tianfeng
In the streets of the Dominican Republic, a new economy thrives in the shadows. It's built not on tourism or sugar, but on stolen data. They call them tarjeteros. And they are making a lot of money from stolen credit cards. This is a story about one group of tarjeteros who came to the US, and let loose on New York city.SponsorsSupport for this show comes from ThreatLocker®. ThreatLocker® is a Zero Trust Endpoint Protection Platform that strengthens your infrastructure from the ground up. With ThreatLocker® Allowlisting and Ringfencing™, you gain a more secure approach to blocking exploits of known and unknown vulnerabilities. ThreatLocker® provides Zero Trust control at the kernel level that enables you to allow everything you need and block everything else, including ransomware! Learn more at www.threatlocker.com.This show is sponsored by Maze. Maze uses AI agents to triage and remediate cloud vulnerabilities by figuring out what's actually exploitable, not just what's theoretically risky. They remove the noise, prioritize vulns that matter, and manage remediation, so your team stops wasting time on meaningless vulns. Visit MazeHQ.com/darknet for more information.Support for this show comes from Privacy.com. Privacy allows you to create anonymous debit cards instantly to use for online shopping. Visit privacy.com/darknet to get a special offer.