Videos

Tom Uren and Amberleigh Jack talk about the State Department taking to X to counter foreign propaganda. US Secretary of State Marco Rubio dismantled the State Department’s counter-propaganda office when he took charge, but it turns out that giving adversary states free reign online is a bad idea.

They also discuss how America’s lawful intercept systems are high value targets for Chinese hackers. It’s a big deal that part of the FBI’s lawful intercept system has been breached and it is high time that the security of these systems was reviewed.

In this edition of the Snake Oilers podcast three vendors stop by to pitch the audience on their products:

• Burp AI and DAST: The founder of PortSwigger and creator of legendary security software Burp Suite, Dafydd Stuttard, drops by to pitch listeners on Burp AI and Burp Suite DAST.

https://portswigger.net/

• Sondera: Josh Devon talks about Sondera, a technology designed to intervene when AI models start doing the wrong thing by statefully tracking their trajectories. This isn’t a permissions suite for AI agents, it’s a way to stick agents in a harness and make sure they adhere to hard policy boundaries….

On this week’s show, Patrick Gray, Adam Boileau and James Wilson discuss the week’s cybersecurity news. They cover:

• Anthropic’s new Mythos model hunts bugs and chains exploits together so well that… you cant have it…
• …Unless you’re one of their Project Glasswing partners
• The world isn’t short on bugs, though. F5, Fortinet, Progress ShareFile, and TrueConf are all getting rekt by humans
• GPU Rowhammering goes in the GPU, past the IOMMU and back into the host-side Nvidia driver
• North Korea is spending serious time and money on its crypto hacking
• Just when the US needs CISA most, they slash its budget some more!…

In this edition of Between Two Nerds Tom Uren and The Grugq discuss how Iran’s cyber forces have been used during the ongoing war so far.

Tom Uren and Amberleigh Jack talk about how incredibly good AI models have gotten at finding and exploiting vulnerabilities. That will upend the cyber security industry and it has implications for state cyber organisations such as NSA and Cyber Command.

They also discuss how broadband wireless communications links are critical in the war in Ukraine. After losing access to Starlink, Russian forces are doubling down on using equipment from American company Ubiquiti.

On this week’s show, Patrick Gray, Adam Boileau and James Wilson discuss the week’s cybersecurity news. They cover:

• Those pesky North Koreans shim a backdoor into a 100M-downloads-a-week npm package
• TeamPCP appear to have ransacked Cisco’s source and cloud environments
• AI is getting legitimately good at being told to “just go find some 0day in this”
• Kaspersky says Coruna and Triangulation do share code lineage
• Iranian hackers dump Kash Patel’s gmail spool
• Oh, and of course there’s a Citrix Netscaler memory leak being exploited in the wild

This week’s episode is sponsored by Dropzone AI, who make automated AI SOC analysts. Head honcho Ed Wu explains how they’ve built pre-canned ‘hunt packs’ to lead the AI off into your environment to find weird, interesting and security relevant things. …

In this edition of Between Two Nerds Tom Uren and The Grugq talk about hacking and scams. While hacking is disappearing as a threat for most people, it is a new golden age for scammers. Even Tom has been scammed!

In this sponsored Soap Box edition of the show, Patrick Gray and James Wilson talk about red teaming AI systems with Russel Van Tuyl, Vice President of Services at elite penetration testing firm SpecterOps.

SpecterOps is the company behind attack path enumeration tool Bloodhound and Bloodhound Enterprise, but they’re also a pentest and red teaming shop with world class expertise in popping shells on all sorts of interesting systems in all sorts of interesting places.

Tom Uren and Amberleigh Jack talk about FBI Director Kash Patel admitting to Congress that the Bureau is buying American’s location data and using it to generate valuable intelligence. That’s concerning, because commercially available information can be used in tremendously invasive ways and the FBI can buy it without needing a warrant.

They also discuss the FCC’s surprising move to ban foreign-made consumer routers. It’s not about security, it is just about reshoring manufacturing.

And finally they discuss the Trump administration’s plan for unleashing the private sector.

On this week’s show, Patrick Gray, Adam Boileau and James WIlson discuss the week’s cybersecurity news. They talk through:

• TeamPCP’s supply chain attack on Github, and they threw in an anti-Iran wiper, because why not?!
• Anthropic hooks up its models to just… use your whole computer
• After Stryker’s Very Bad Day, CISA says maybe add some more controls around your Intune?
• Another iOS exploit kit shows up in the cyber bargain-bin
• The FTC decides to ban… all new home routers?! U wot m8?!
• Supermicro founder was personally sanction-busting Nvidia GPUs into China?!

This week’s episode is sponsored by enterprise browser maker, Island. Chief Customer Officer Bradon Rogers joins Pat to explain how its customers are using Island to control the use of personal AI services in regulated industries. …