Claim OwnershipDecipher Security Podcast
Subscribed: 42Played: 1,000
Subscribe
© Decipher
Description
Every week, Dennis Fisher and Lindsey O'Donnell-Welch, the editors of Decipher, bring you exclusive, in-depth conversations with security researchers, CISOs, founders, and security experts to hellp you understand the threat landscape and better protect your organizations.
342 Episodes
Reverse
Dennis sits down with Tom Ptacek of Fly.io, a veteran security researcher, founder, and observer of the vulnerability landscape, to talk about the recent wave of AI-assisted vulnerability discovery and exploit development, specifically from the use of frontier models such as Claude Mythos. Tom has strong opinions on what's coming and how human researchers and defenders need to respond. Tom's post: https://sockpuppet.org/blog/2026/03/30/vulnerability-research-is-cooked/
The internet is dark and full of terrors, but thanks to folks such as Andrew Northern, a principal security researcher at internet-mapping pioneer Censys, it doesn't have to be, Andrew joins Dennis to talk about the cybercrime ecosystem, getting his start in security on a tiny team with huge responsibilities, and the value of a strong mentor.
It's been quite a week in security news, and Dennis and Lindsey dig into the continued effects of the axios supply chain attack, the incredibly fast adoption of AI tools for vulnerability research and what that means for software makers and defenders, and what the future holds for vulnerability research and exploit development.Security Theater in Austin: https://material.security/theater-2026#theater-live-event
Dennis and Lindsey dig into what we know do far about the supply chain attack on the axios NPM package, including how the attacker gained access to the maintainer's account, the window of exposure for the malicious packages, the behavior of the RAT that's installed on victims' machines, and what the downstream effects may be. LinksHuntress post: https://www.huntress.com/blog/supply-chain-compromise-axios-npm-packageSocket analysis: https://socket.dev/blog/axios-npm-package-compromised
Fresh off the plane from RSA, Dennis fills Lindsey in on everything she missed (and didn't miss) at this year's conference (0:23), from the insanity of the expo floor (4:06) to the appearance of a line of synchronized robots or spacemen or something (8:18), to some very interesting conversations about the hyper speed of AI malware development and what's coming next for defenders (27:25).
With the RSA Conference on the horizon, Dennis and Lindsey are here with a preview of the conference's more interesting sessions and keynotes, a discussion of the recent and ancient history of the conference, and a quick game: Is this a security vendor or a prescription drug name?
Sure, space pirate is a cool title, but what about space hacker? Way cooler! With the imminent release of Project Hail Mary, Wendy Nather joins Dennis Fisher to dig into the nutrient-rich narrative soil that produced a modern classic that truly epitomizes the hacker ethos. We are the greatest podcasters on Mars!
This week's news includes a reappearance by an old favorite, APT28, aka Fancy Bear, which is back with some nasty new implants and tools it is deploying against targets in Ukraine (2:10), and we also have another law enforcement disruption of a residential proxy network, this one known as SocksEscort, which had victims all over the globe (7:45). Lastly, we talk about some of the upcoming episodes, including a new hacker movie podcast and our RSA preview that's coming next week. LinksAPT28 reappears: https://decipher.sc/2026/03/10/apt28-reemerges-with-modern-espionage-arsenal-code-tied-to-2010s-operations/SocksEscort takedown: https://decipher.sc/2026/03/12/us-europol-crack-down-on-socksescort-residential-proxy-network/
The process of developing and deploying exploits is a complex and controversial one and it's often a black box to outside observers. To help shine a light on how this all works, Caitlin Condon of VulnCheck joins Dennis Fisher for a deep dive into the zero day exploit landscape, what goes into exploit development, and what actually qualifies as a functional exploit.
Every day is zero day, and this week we talked about the new Google Threat Intelligence Group report on the zero day exploit landscape in 2025 (2:22) and who's exploiting what, then we discuss Microsoft's disruption of the Tycoon 2FA cybercrime operation (9:51), and finally we talk about the KEVology report from runZero and our new podcast with Tod Beardsley (13:25).
Tod Beardsley, VP of security research at runZero and former KEV section chief at CISA, joins Dennis Fisher to talk about the evolution of the Known Exploited Vulnerabilities catalog, how much value defenders should place on a specific bug being in the KEV, and his new KEVology report that breaks down all of the data in the KEV and sifts through it for specific insights for defenders.
This week Lindsey rejoins Dennis to talk about the attacks targeting a zero day in Cisco's Catalyst SD-WAN Controller (2:17), Google's disruption of a China-linked cyber espionage campaign targeting telecom infrastructure (6:30), and the new cyber developments on everyone's favorite tech show, The Pitt (13:13)!
It's a light news week, but we have some fun content for you! This week, we talk about our latest hacker movie episode--STAR WARS--which is up on the site and all of our feeds now (0:25), then we dig into a nasty hard-coded. credential bug in Dell RecoverPoint for Virtual Machines that Chinese threat actors are exploiting (4:20), and then we move on to an active campaign targeting two vulnerabilities in Ivanti EPMM that is hitting organizations across the U.S., Canada, and other countries (08:33). Finally, we talk a little about an interesting cybersecurity plot line on HBO's show The Pitt (12:15). Spoiler warning: If you're not caught up on this show, there's a minor spoiler, but nothing you haven't really seen in the previews. Support the show
STAR WARS isn't just one of the more successful and iconic movies of all time and the basis for a worldwide sci-fi empire, it's also a true hacker story. Wade Baker and Rich Mogull, two Star Wars scholars, join Dennis Fisher to break down the Empire's pathetic perimeter defenses, R2D2's arc as a wily hacker, and how the movie hinges on a data breach.Support the show
This week was a cornucopia of zero days. We talk about the six (!) actively exploited vulnerabilities that Microsoft patched this week in its February update (2:46), then we discuss the one that Apple fixed in iOS 26.3, a vulnerability that has been used in what the company calls an "extremely sophisticated attack" against a few individuals (7:24). That's a clear indication that the vulnerability has likely been used in operations involving commercial spyware vendors. Finally, we give a little love to the long lost TV show CSI: Cyber, which starred James Van Der Beek, and the cameo that two famous hackers had on one episode (12:40). The old Threatpost CSI: Cyber running chat discussionSupport the show
Attackers are moving faster and faster every day, and the challenge of keeping pace is a daunting one. But it's not impossible. watchTowr's Ryan Dewhurst joins Dennis Fisher to talk about how the "magic" of computers first captured his imagination when he was young, how defenders can learn from attackers' tactics and adapt, and how the AI revolution is accelerating vulnerability disclosure and exploitation.Support the show
This week we talk about the new CISA Binding Operational Directive that sets a deadline for removing end of support edge security devices from federal government networks (1:15), then we discuss the new research from Silent Push on the new variant of the SystemBC botnet (6:45), and finally we have a movie recommendation for you: Joybubbles, the fascinating new documentary about phone phreaker Joe Engressia Jr.Support the show
It was a busy week in the cybers! Today we start with the targeted exploitation of another Fortinet vulnerability (CVE-2026-24858) that enables simple authentication bypass (1:15), then we discuss Google's disruption of a large residential proxy network called IPIDEA that has been abused by hundreds of threat actors (5:40), then we talk about the continued attacks on an older WinRAR bug by both cybercrime and APT groups (10:11). Finally, we shout out some of our favorite fellow creators in security community: the Three Buddy Problem podcast, John Hammond, and Matt Johansen. Support the show
This week, we talk about how Microsoft disrupted a long-running, large-scale cybercrime-as-a-service platform called RedVDS that has been active since 2019 and was used in high-volume phishing and BEC scams (1:00), then we discuss the research from Cisco Talos on another (!) Chinese APT called UAT-8837 that is targeting critical infrastructure organizations in North America (6:06), and finally there's the clever new StackWarp vulnerability in AMD processors that was disclosed this week (9:44).RedVDS takedownCisco Talos reportStackWarpSupport the show
Jeremiah Grossman and Robert Hansen, two of the more influential and accomplished leaders and entrepreneurs in the cybersecurity community, have seen and done it all in their careers. From their roles as the driving forces behind pioneering web appsec firm WhiteHat Security to building out enterprise security programs to breaking large portions of the web (on purpose), Jeremiah and Robert have unique viewpoints on what works and what doesn't. Now, they're building something new, Root Evidence, a vulnerability management platform backed by data from actual breaches and designed to help security teams prioritize fixing the bugs that actually matter.Support the show
Comments
Download from Google Play
Download from App Store
United States