Decipher Security Podcast

Jun 26, 202631m

It's a non-AI podcast! This week we dig into the new Gaslight macOS implant that tries to trick security researchers with some anti-forensics techniques, then we discuss the Operation Endgame takedown of some malware inf

Jun 16, 202641m

Alex Pinto, one of the lead authors of the Verizon Data Breach Investigations Report, joins Dennis to talk about his organization's newest publication, the Breach Impact Study, which digs into the real world cost of brea

Jun 12, 202632m

This week was blessedly free of any major supply chain compromises, so we start by talking about new research from Anthropic on the shrinking window between bug disclosure and exploitation, then we discuss the changing p

Jun 8, 202658m

Perhaps no film captures the paranoia and anxiety of the 1970s better than The Conversation, Francis Ford Copolla's masterpiece about reclusive surveillance expert Harry Caul, a man who it's safe to say has some demons.

Jun 5, 202636m

We regret to inform you that there are more npm supply chain attacks this week, and a new variant of the Shai Hulud worm is involved. We also talk about the new analysis from Anthropic on a year of data relating to how a

May 29, 202645m

The recent Nightmare-Eclipse zero day drop and attendant drama has stirred up all kinds of trouble and unfortunately spurred Microsoft to publish a post scolding security researchers for not using the "proper channels" t

May 25, 20261h 18m

After being caught in one of the more notorious battles in modern American history, Matt Eversmann's military career has become the stuff of legend. The Battle of Mogadishu, immortalized in the book and movie Black Hawk

May 22, 202622m

In the spring, a young attacker's fancy turns to supply chain compromises, and this season's crop includes the GitHub breach and the Grafana intrusion, which are connected and trace back to the TanStack supply chain atta

May 19, 202643m

Finding a huge pile of bugs with Claude Mythos is great, but the logical next step is figuring out how many of those vulnerabilities are likely to be exploited in the near future. Jay Jacobs and Michael Roytman of Empiri

May 15, 202653m

Unlike a lot of founders in the industry, Sravish Sridhar hasn't spent his career in the security world. He comes from a background in distributed computing and advanced math, and is a successful entrepreneur who's now b

May 13, 202638m

Few people (if any) have spent more time thinking about and working on the hard problems in security and software than Gary McGraw, and he also happens to have a PhD in cognitive science and computer science and has been

May 11, 202634m

Ari Redbord, Global Head of Policy at TRM Labs, talks about the insane background behind the $285 million Drift Protocol crypto heist, how law enforcement agencies are investigating ransomware-linked cryptocurrency walle

May 8, 202641m

If we needed any more evidence that the internet was a mistake, this week provided it. We kick things off with a discussion of the Canvas breach that has affected thousands of schools worldwide, then we dig into the disc

May 6, 202644m

Will Dixon has seen the evolution of cybercrime as both a GCHQ intelligence officer and a private sector executive and analyst, and has seen the way these groups operate up close. He joins Dennis to talk about the ongoin

May 4, 20261h 8m

JAGS joins Dennis Fisher to unpack the complex history of fast16, a highly targeted cyber espionage platform that goes back as far as 2005, many years before Stuxnet, and was deployed against targets in Iran. JAGS has be

May 1, 202642m

The security news was out of hand this week, so we had to pick our spots. We start with the nasty cPanel/WHM vulnerability that affects tens of millions of domains in shared hosting environments, then we discuss the C op

Apr 28, 202650m

Ariana Mirian, cofounder of startup Beesafe, joins Dennis to talk about the mechanics of online romance and finance scams, how the scammers draw in victims over weeks or months, and why user awareness isn't the complete

Apr 24, 202639m

This week we dig deep into the Vercel intrusion that emerged last weekend, how it happened, what the response was, and what the downstream effects may be for defenders. Then we talk about CISA's bizarre delayed response

Apr 17, 202632m

It's been A WEEK. Security news never sleeps, and neither does AI, so Dennis and Lindsey dive into all of the storylines coming from the Claude Mythos and Project Glasswing announcements, how organizations will deal with

Apr 13, 202655m

Dennis sits down with Tom Ptacek of Fly.io, a veteran security researcher, founder, and observer of the vulnerability landscape, to talk about the recent wave of AI-assisted vulnerability discovery and exploit developmen

Apr 7, 202633m

The internet is dark and full of terrors, but thanks to folks such as Andrew Northern, a principal security researcher at internet-mapping pioneer Censys, it doesn't have to be, Andrew joins Dennis to talk about the cybe

Apr 3, 202651m

It's been quite a week in security news, and Dennis and Lindsey dig into the continued effects of the axios supply chain attack, the incredibly fast adoption of AI tools for vulnerability research and what that means for

Mar 31, 202625m

Dennis and Lindsey dig into what we know do far about the supply chain attack on the axios NPM package, including how the attacker gained access to the maintainer's account, the window of exposure for the malicious packa

Mar 27, 202651m

Fresh off the plane from RSA, Dennis fills Lindsey in on everything she missed (and didn't miss) at this year's conference (0:23), from the insanity of the expo floor (4:06) to the appearance of a line of synchronized ro

Mar 20, 202643m

With the RSA Conference on the horizon, Dennis and Lindsey are here with a preview of the conference's more interesting sessions and keynotes, a discussion of the recent and ancient history of the conference, and a quick