Security Weekly Podcast Network

CyberRiskTV Live Coverage from Zero Trust World 2026 - Day 2 x.com/i/broadcasts/1…

What if your laundry card could be hacked in under an hour? A student with no NFC experience used a Flipper Zero and AI tools to reverse engineer their laundry card—and discovered a flaw that makes charges reversible. Sometimes, small systems have big security gaps. If this can happen with a laundry card, where else might similar flaws exist? #Cybersecurity #Hacking #FlipperZero

Downloading from official app stores doesn’t guarantee safety. Even trusted apps can include vulnerable third-party libraries, request excessive permissions, or run on insecure devices that never get updates. Security doesn’t stop at installation. If you trust the app store completely, what risks are you missing? #Cybersecurity #MobileSecurity #AppSec

Security teams usually focus on cyber risk. But there’s another risk most companies forget: innovation risk. Move too slowly and competitors win. In this clip, the discussion explores how leaders must balance security controls with the pressure to move fast. SaaS platforms remove some infrastructure burden, but the responsibility to protect the business never disappears. So how cautious is too cautious when innovation is on the line? #cybersecurity #infosec #businessrisk

Cybersecurity responsibility is moving—but not everyone is ready. A growing shift is pushing more responsibility from the federal level down to state and local governments. That means new laws, new expectations, and new risks if coordination breaks down. What happens when responsibility moves faster than capability? #Cybersecurity #PublicPolicy #Infosec

What if AI isn’t objective at all? This clip shows how AI can latch onto your wording and reinforce it—turning casual opinions into “facts.” Even something simple like coding preferences can spiral into confident but questionable guidance. It’s not just about being wrong. It’s about sounding right while being wrong. How much of what AI tells you is actually shaped by you? #AI #MachineLearning #CyberSecurity

Everyone wants an AI leader. But should one person really own AI? This clip challenges the idea of a Chief AI Officer. Instead of ownership, AI may be about decision-making spread across security, tech, and business teams. If a CAIO just coordinates decisions… is that a real C-level role—or unnecessary overhead? Are companies structuring AI leadership the wrong way? #AILeadership #CIO #CyberStrategy

Business impact analysis used to be standard practice. Now it’s quietly fading. As companies deploy new systems faster than ever, fewer teams are stepping back to ask a critical question: what happens if this breaks? Post-COVID priorities and constant busyness may be pushing resilience out of focus. Are organizations overlooking the very thing that keeps them running? #CyberRisk #CISO #SecurityLeadership

Malware on Steam? That’s not supposed to happen. Gamers trust platforms like Steam because they feel safe and familiar. But multiple infected games slipped through, and now the FBI is investigating. This isn’t a shady download from the early internet. It’s a trusted ecosystem. If even Steam can be a delivery vector… what are users supposed to trust? #CyberSecurity #Malware #Steam

Sometimes vulnerabilities aren’t just in old legacy code—they can be introduced by new development. SQL injection or XSS flaws in freshly written code point to gaps in the security process. Mike and John Kinsella discuss why new code failures feel more serious and what that means for development teams. How do you ensure your new code doesn’t introduce hidden risks? #AppSec #SecureCoding #SQLInjection

Mark Curphey found that a popular OWASP project for Go had flawed and outdated security advice. This is risky because developers and AI tools relying on it may produce insecure code. The problem highlights the challenge of maintaining open-source security resources. Mark shares why it’s critical to update and improve these tools for safer software development. What steps can the community take to prevent security guidance from becoming stale? #OWASP #softwaresecurity #securecoding

As companies deploy AI and autonomous agents, the perimeter isn’t just digital—it’s unpredictable. Non-human identities and smart agents introduce new risks, creating a security environment more like a “Burning Man camp” than a structured enterprise. Are organizations ready for autonomous agents making goal-oriented decisions on their behalf? #AIsecurity #autonomousagents #enterprisecybersecurity

Security teams don’t want to own AI reliability. But they may end up responsible anyway. As organizations deploy AI models, security teams often run automated red-team tools to test for vulnerabilities. Those same tools also detect hallucinations and reasoning failures. That means security teams frequently become the first people who see when an AI model might give unreliable answers. The challenge? Knowing the risk is one thing. Getting developers to act on it is another. Who should actually own AI reliability inside an organization? #cybersecurity #ai #infosec

Cyber attacks are often blamed on countries like China or Russia. But attribution is rarely simple. In this clip, Allie Mellen explains why the U.S. can also be analyzed as a cyber threat actor—and why proving attribution in cyberspace is incredibly difficult. Between overlapping research communities, covert operations, and geopolitical trust issues, even sophisticated investigations can struggle to determine who was really behind an attack. When nations accuse each other of cyber attacks, how much certainty actually exists? #cybersecurity #cyberwar #infosec

Threat intelligence platforms are changing. They’re no longer just collecting cyber threat intelligence (CTI). Vendors are starting to merge exposure management, digital risk protection, and compromised credential monitoring into a single platform. That means organizations can detect leaked credentials on the open web or dark web and respond automatically through identity tools. But platform convergence also raises questions about how security teams structure their defenses. Are unified platforms the future of cyber defense? #CyberSecurity #ThreatIntelligence #IdentitySecurity

Windows LNK files and archive behavior are often overlooked as attack vectors. This clip explains why defenders need to treat these as serious risks—not just normal user actions. Missing this could let threat groups like China’s Nexus collection hide in plain sight. What changes should your security team make to catch these stealthy attacks? #cybersecurity #windowssecurity #infosec

Anthropic reportedly refused a request from the United States Department of Defense to use its AI model Claude AI for certain military and surveillance purposes. Soon after, the company was excluded from a $200 million contract and labeled a supply chain risk. But there’s a twist: the same technology could still be used in the defense supply chain during a transition period. When AI companies set limits on how their models are used, what happens when governments push back? #anthropic #ai #nationalsecurity

Why do zero-day exploits seem more common lately? One theory: AI may be speeding up vulnerability research. The hosts discuss how attackers aren’t simply asking AI to generate exploits—but using it as a tool to accelerate analysis, reverse engineering, and vulnerability discovery. If security researchers and attackers can analyze software faster than ever, it could explain the shift toward more zero-day attacks. Is AI quietly accelerating the vulnerability discovery arms race? #cybersecurity #zeroday #ai

A vulnerability in HP Aruba switches could allow attackers to reset the admin password with only network access. That means no user interaction and no prior credentials required. The hosts break down why authentication bypass vulnerabilities are especially dangerous in networking gear—and how attackers often chain them with additional CVEs to dig deeper into the system. If someone can reset the admin password on a network switch, how much of the network could they control? #cybersecurity #networksecurity #infosec

Security operations may be entering the agentic AI era. Instead of analysts manually handling every task, multi-agent systems could automate parts of security operations—powered by real cyber threat intelligence. At the same time, organizations are increasingly sharing intelligence through industry groups like Information Sharing and Analysis Centers to stay ahead of attackers. Automation plus shared intelligence could reshape how security teams operate. But how much of security operations should really be automated? #CyberSecurity #ThreatIntelligence #AIAutomation

The cyber industry never sleeps, and neither does its creativity — the #ZTW26 After Party was proof of that. From elaborate costumes to top tier entertainment, we spent the night celebrating our guests and community that make this industry great.