Podcasts

Law enforcement dismantles two more malware operations, Japan’s army used infected USB drives, Anthropic accuses Alibaba of distillation attacks, and Australia finds “digital dynamite” on critical networks.

Tom Uren and James Wilson talk about the Five Eyes cyber security agencies warning about the arrival of AI-enabled cyber threats. The call-to-action is driven by the recognition that it is no longer possible to limit AI’s offensive cyber security capabilities to benign actors. The genie is out of the bottle, regardless of export controls on frontier models.

They also discuss the progress of Operation Endgame, the multinational joint operation that has been disrupting the cybercriminal ecosystem. It’s been a great success, but criminal enterprises bounce back. Keeping a lid on cybercrime will require continuous disruption programs.

This episode is also available on YouTube.

The FortiBleed hacks are worse than a credentials leak, a new White House executive order sets out a hard 2031 post quantum cryptography deadline, Meta leaks employee keystroke data, and a third of Samsung and LG TVs act as proxies.

On this week’s show special guest co-host Rob Joyce joins Patrick Gray and James Wilson to discuss the week’s cybersecurity news. Rob served as an advisor to Donald Trump during his first term as president and also served at NSA for 34 years. While at the agency, Joyce led Tailored Access Operations (TAO), and later became NSA’s Director of Cybersecurity.

They cover:

• The surprisingly well done Fortibleed campaign
• Stolen Klue OAuth tokens lead to Salesforce data theft
• OpenAI wants to patch the planet
• runZero gets acquired by Accenture, congrats HD Moore!
• Much, much more!

This episode is also available on YouTube.

In this podcast Patrick Gray and James Wilson chat with Decibel Partners founder and Managing Partner Jon Sokoda to talk about pitching cybersecurity startups to VC firms in the AI age.

Coding agents and large language models have made it easier than ever to create software products, but despite this, the bar for what interests an investor is still largely the same. Everyone can run the marathon, but it’s usually the same few folks who finish first.

So tune in to hear Jon share with us his wisdom on when to start the conversation with investors, how to leverage the experience of the founder community, and what founders should watch out for.

This episode is also available on YouTube

In this sponsored interview James Wilson chats with Trail of Bits founder and CEO Dan Guido about its newly announced partnership with OpenAI. Together, they’ve started a new initiative called “Patch the Planet” to support open source maintainers.

Being an open source maintainer is more difficult than ever. Just using frontier models to keep up with all the bug reports isn’t enough. Trail of Bits wants to help maintainers by combining its deep cybersecurity expertise with OpenAI’s GPT 5.5 Cyber.

As Dan points out in this interview, this isn’t just about helping maintainers find and fix bugs. They’re spending just as much time on SDLC improvements, architecture changes, and the foundations needed to make open source sustainable in the AI era.

In this edition of Between Two Nerds Tom Uren and The Grugq discuss the idea that the People’s Republic of China has mobilised its influence operations against the construction of US data centres and its build out of AI capacity.

This episode is also available on YouTube.

A data breach at business analytics platform Klue spreads to security firms, a hacker breaches Brazil’s national alert system, North Koreans are behind the Mastra supply chain attack, and a new, unfixable vulnerability has been found in Apple’s A12 and A13 chips.

In this podcast episode James Wilson and Brad Arkin talk about how to safely use open weight large language models in the enterprise. The cost of frontier models was already driving interest in freely available open weight models like DeepSeek, Kimi and Qwen. But now the US government is forcing Anthropic to pull its Fable and Mythors models from the market, the argument for having greater control over your own AI stack is stronger than ever.

But as you’ll hear in this episode, the model itself is just one component of the complex tech stack you’ll need to spin up if you want local inference. There’s a lot of moving parts, each of which comes with its own supply chain risks.

So whether you’re hosting these models on your own hardware or via a SaaS provider, there’s a lot to ponder!

A LOT of Fortinet creds have leaked online, Canada’s spy agency allowed to remove a botnet from Canadian devices, a supply chain attack hits the Mastra AI framework, and Europol disrupts SocGolish.