Security Weekly Podcast Network (Video)

Radioactive Twinkies, Cthullu, BlueHammer, North Korea, CUPs, Axios, Fortinet, Cognitive Surrender, Aaran Leyland, and More on the Security Weekly News.
Show Notes: https://securityweekly.com/swn-570

Security problems aren't changing very much even though security teams are. We catch up on the implications of the Claude Code source leak, the very human lessons from the axios NPM compromise, and what secure design looks like when it involves agents, humans, or both.
AppSec has always celebrated interesting and impactful vulns. And LLMs are now a favored tool for finding flaws. We shouldn't forget the success and effectiveness of fuzzers like OSS-Fuzz, which has improved security for over 1,000 projects and found over 50,000 bugs. But we can't ignore the ease of prompting an agent to go find -- and exploit -- a vuln when the UX and overhead of doing so is hardly more than writing some markdown.
The SDLC Blind Spot: Why Breaches Start with Identity, Not Code
Developers have access to source code, CI/CD pipelines, and cloud infrastructure — and attackers know it. Target lost 860GB of source code through a single compromised credential. Recruitment fraud campaigns have pivoted from a compromised developer to cloud admin in under 10 minutes. As agents join human developers, contractors, and service accounts in the SDLC, the attack surface is expanding faster than static security tools can track. Security teams need real-time visibility beyond code and into who has access and what they're actually doing.
This segment is sponsored by Apiiro. To lean more, visit https://securityweekly.com/apiirorsac.
How AI-Driven Development is Reshaping the Application Risk Landscape
Agent coding assistants are accelerating software development, generating more code and more change than security teams were built to handle. In this interview, Idan Plotnik discusses how AI-driven development is reshaping the application risk landscape and why traditional vulnerability management models can't keep up.
Make sure to schedule a free SDLC Risk Assessment with BlueFlag Security - 30 minutes to deploy. 48 hours to results. Please visit https://securityweekly.com/blueflagrsac.
Show Notes: https://securityweekly.com/asw-377

Interview with Brian Oh from FIS Global
Merchant-Specific Tokenization: Making Embedded Finance More Fraud-Resistant
Payment fraud has not gone away. It has evolved into a largely social engineering-driven problem that increasingly lands on security leaders' desks. In this episode, Brian Oh from FIS Global explains how merchant-specific tokenization and virtual cards work, why embedded finance raises the stakes, and how approaches like behavioral biometrics and tokenized payments can reduce fraud while keeping checkout experiences fast and seamless.
Segment Resources:
FIS Global - The Future of Embedded Finance
PYMNTS Article - FDIC Support Clears a Path for Tokenized Deposits to Scale
FIS Global Blog - How behavioral biometrics are leading the way in secure banking and fraud defense for Digital One™ Flex clients
FIS Global Blog - Inside Flex's Advanced Fraud Defense: What Tech Leaders Need to Know
Interviews with Mickey Bresman from Semperis and Ashish Jain from OneSpan
The Making of Midnight in the War Room
Semperis is producing Midnight in the War Room, a full length feature film on cyberwar and CISO heroism and their work defending their companies against the onslaught of cyberattacks. Midnight in the War Room puts a human face on the front lines of cyber defense and will reveal the weight carried by defenders every day and why resilience must be built not only into systems, but into people and institutions.
This segment is sponsored by Semperis! Visit https://securityweekly.com/semperisrsac to learn more.
Why Passkeys Are Ready for Prime Time in Modern Banking
Authentication has long required an uneasy tradeoff between strong security and smooth user experience. This interview segment explores why passkeys are ready now for even the highest risk banking use cases, why banks should be moving quickly to adopt them, and how OneSpan delivers the most complete, secure, and enterprise ready passkey solution on the market.
This segment is sponsored by OneSpan. Visit https://securityweekly.com/onespanrsac to learn more about them!
Interviews with Jimmy White from F5 and Thyaga Vasudevan from SkyHigh Security
Securing AI Agents: Managing Runtime Risk in Enterprise AI Systems
As organizations deploy AI agents and automated workflows, security challenges are increasingly emerging once these systems interact with APIs, enterprise data, and business processes in production.
For more information about F5, please visit https://securityweekly.com/f5rsac.
AI's Security Inflection Point: Hybrid, Browser Security, and Data Compliance
The rapid adoption of AI applications is reshaping enterprise security architectures. As organizations integrate AI copilots, agentic workflows, and cloud-native platforms, traditional network-centric security models are proving insufficient.
This segment is sponsored by Skyhigh Security. Visit https://securityweekly.com/skyhighrsac to learn more about them!
Show Notes: https://securityweekly.com/esw-453

DexterBot, Darksword, Eviltokens, Tubular Bells, Claude, Drift, Gmail, the back seat of a Buick Electra, Josh Marpet, and More on this episode of the Security Weekly News.
Show Notes: https://securityweekly.com/swn-569

In the Security News:
Claude leaks source code and new models
Two really smart people say AI is finding vulnerabilities better than ever
Windows is using your internet to send updates to strangers
BIG-IP APM vulnerability - all you need to know
Linux KVM for the win
The bus factor and open source
Axios supply chain breach
Trimming Grub
Depotting and hacking e-Motorcycles
Trivy and Cisco source code leaks
The FCC ban and What is a router?
Show Notes: https://securityweekly.com/psw-920