In this episode, we discuss a recent significant cyber attack where Palo Alto Networks experienced a data breach through their Salesforce environment due to a compromised SalesLoft drift integration. Throughout the discussion, we highlight why Salesforce, a crucial CRM platform for many businesses, is becoming a prime target for supply chain attackers. We’ll discuss how the breach happened, its implications, and what organizations can do to protect themselves from similar threats. Lastly, we provide insights into Salesforce's security posture, the role of third-party integrations, and the importance of data retention policies in mitigating risks.

In this episode, we discuss if the convenience of modern technology compromises our privacy. Inspired by a thought-provoking Reddit post, we explore how everyday actions like saving passwords, enabling location tracking, and using cloud backups put our personal data at risk. Learn about the trade-offs between convenience and privacy, and get tips on using privacy-focused tools and making informed choices. Join the conversation in the comments or on Bluesky (@sharedsecurity).

Public Wi-Fi has a bad reputation — but in 2025, the “you’ll get hacked instantly” fear is largely outdated. In this episode, Tom and Kevin dig into real research and modern protections that make most public Wi-Fi connections reasonably safe. We’ll explore why HTTPS, device security, and updated standards have drastically reduced the risks, what threats still exist, and when you might actually want to use a VPN.

In this episode we're discussing the alarming breach of the Tea app, a platform intended for women to share dating experiences. The hack resulted in the exposure of over 13,000 government ID photos, 72,000 user images, and over a million private messages due to poor security practices. We'll discuss the role of sloppy coding, an exposed database, and the lack of security discipline that led to this massive leak. Join us as we explore insights from a cybersecurity researcher who disassembled the app's source code, the ensuing legal and privacy repercussions, and the broader implications for app security.

In this episode, we discuss a rising scam involving random smishing text messages. Learn how these messages work, why they're effective, and what you can do to protect yourself. Discover the dangers of replying to vague text messages from unknown numbers and get practical tips on how to block and report spam texts. Stay safe by not engaging with these scams and using built-in filters and reporting options on your mobile device.

This week we explore the recent Microsoft SharePoint vulnerability that has led to widespread exploitation by ransomware gangs and Chinese State-sponsored hackers. We also cover the confirmed compromise of multiple US agencies, including the Department of Homeland Security, in a large-scale cyber espionage campaign. Kevin Johnson joins to discuss the implications of these events, the underlying issues with patching systems, and the complexities of protecting applications like SharePoint. Stay informed on the latest cybersecurity developments and get insights on what might have gone wrong. Plus, get a peek at what’s happening at Black Hat and DEF CON in Vegas.

In this episode, we examine Amazon's Ring doorbell camera amid rising privacy concerns and policy changes. The Electronic Frontier Foundation's recent report criticizes Ring's AI-first approach and the rollback of prior privacy reforms, describing it as 'techno authoritarianism.' We also discuss a recent scare among Ring users on May 28, related to an unexplained series of logins, said by Amazon to be a UI glitch. Join hosts Tom Eston, Scott Wright, and Kevin Johnson as they explore these issues, share personal anecdotes about their experiences with tech, and discuss broader implications for privacy and civic freedoms.

In this episode, join hosts Tom Eston, Scott Wright, and Kevin Johnson as they discuss the controversial topic of seniors writing down passwords. They discuss how threat modeling differs for the elderly, the practicality of using password managers, two-factor authentication, and future solutions like passkeys. The conversation includes humorous anecdotes and touches on broader cybersecurity issues such as risk assessment and the importance of tailoring security solutions to individual needs. Tune in for insights on making security accessible and effective for an often overlooked group.

In this episode, we discuss the often overlooked security issues within Google Workspace. Rajan Kapoor, Field CISO at Material Security, joins us to talk about how Material Security is redefining the protection of documents, email accounts, and data in Google Workspace. We explore the unique challenges Workspace presents compared to traditional tools, and how Material Security provides comprehensive solutions. Rajan shares his professional journey, insights into Google's APIs, and how their service stands out. Tune in to understand why legacy tools may leave critical gaps in your organization's security.

Thanks to Material Security for sponsoring this episode! Protect your Google Workspace with [Material Security](https://material.security/)—the only detection and response platform purpose-built to secure your emails, data, and accounts before, during, and after an attack. Visit [material.security](https://material.security/) to learn more!

In this episode, we explore the revolutionary concept of autonomous penetration testing with a discussion into Cybersecurity startup XBOW’s recent breakthrough. XBOW claims to have topped HackerOne's leaderboard using a fully autonomous AI agent, raising significant questions about the future of offensive security. Hosts discuss the potential of AI in pen testing, the implications for pen testers, bug bounty hunters, and security teams, and whether this represents a genuine advancement or just more AI hype.

Is there really a cybersecurity talent shortage, or are we just looking in all the wrong places? This week on the Shared Security Podcast, we tackle the buzz around the so-called cybersecurity skills gap. Host Tom Eston welcomes Katie Soper, Senior Consultant at Avetix Cyber and co-founder of the CyberVault Podcast, to discuss the challenges and misconceptions in the industry. They explore whether the shortage is a myth, a mismatch, or something else entirely and what companies and professionals can do about it. With insights into hiring practices, skill shortages, and the importance of networking, this episode is a must-listen for anyone in or entering the field of cybersecurity.

Thanks to Material Security for sponsoring this episode! Protect your Google Workspace with [Material Security](https://material.security/)—the only detection and response platform purpose-built to secure your emails, data, and accounts before, during, and after an attack. Visit [material.security](https://material.security/) to learn more!

In this episode, we explore the Kids Online Safety Act (KOSA), a controversial bill aimed at protecting children online. Joined by co-host Scott Wright, we discuss the potential implications of KOSA, including concerns about censorship, mass surveillance, and the impact on free expression and online privacy. We also touch on the broad support for the bill from both political parties and the involvement of social media giants like X. Additionally, we examine the balance between government regulation and parental responsibility in ensuring online safety for children.

Join us as we explore the concept of smart cities—municipalities enhanced by connected technology like sensors, cameras, and automated systems to improve services and infrastructure. We discuss the inherent vulnerabilities that come with these advancements, including cybersecurity threats and real-life incidents such as hacked crosswalk signals featuring voices of tech moguls. Our discussion covers how easily these systems can be compromised, the inadequate security measures currently in place, and the broader implications for critical infrastructure.

Thanks to Material Security for sponsoring this episode! Protect your Google Workspace with Material Security—the only detection and response platform purpose-built to secure your emails, data, and accounts before, during, and after an attack. Visit material.security to learn more!

Join us as we discuss the long-awaited implementation of the REAL ID Act in the U.S. We cover the essentials you need to fly, the potential benefits of using your passport, and how new mobile IDs fit into the TSA's plans. We also discuss the broader implications for identity surveillance and who truly benefits from these security upgrades. We also discuss the problems faced by individuals with name changes and the challenges they face with REAL IDs. Plus, we explore the political and social ramifications of such security measures and why this might all just be 'security theater.'

Ever worried about hidden cameras in Airbnb rentals? You're not alone! In this episode, we explore the unsettling rise of hidden cameras in personal spaces, the inadequacy of current laws, and practical tips to detect surveillance devices. Join hosts Tom Eston, Scott Wright, and Kevin Johnson as they share insights and discuss the implications of voyeurism technology, law enforcement challenges, and personal safety strategies.

In this episode, we explore an incident where Anthropic’s AI, Claude, didn't just resist shutdown but allegedly blackmailed its engineers. Is this a glitch or the beginning of an AI uprising? Along with co-host Kevin Johnson, we reminisce about past episodes, discuss AI safety and ethics, and examine the implications of AI mimicking human behaviors like blackmail. Join us for an in-depth conversation on the future of AI and its potential risks.

In this episode, we explore Mark Zuckerberg's bold claim that AI friends will replace human friendships, and discuss the potential implications of a world where technology mediates our connections. We also update listeners on the recent developments in the 23andMe bankruptcy case and what it means for former customers. Joining the conversation is co-host Scott Wright, who shares his insights on AI, social media, privacy, and a thought-provoking book on the potential for a future US civil war. We touch on the eerie predictions of AI companionship and what this might entail for societal norms. Tune in for a stimulating discussion on technology, privacy, and the shifting landscape of human interaction.

Join hosts Tom Eston, Scott Wright, and Kevin Johnson in a special best-of episode of the Shared Security Podcast. Travel back to 2009 with the second-ever episode featuring discussions on early Facebook bugs, cross-site scripting vulnerabilities, and a pivotal Canadian privacy ruling involving Facebook. Gain insights into social media security from the past and see how much has (or hasn't) changed. Don't miss out on this informative episode on web application security, user privacy, and the efforts to keep social media safe.

Join us as we explore the transformative changes in software development and cybersecurity due to AI. We discuss new terminology like 'vibe coding' — a novel, behavior-focused development approach, and 'MCP' (Model Context Protocol) — an open standard for AI interfaces. We also address the concept of 'slopsquatting,' a new type of threat involving AI-generated package names. Our co-hosts Scott Wright and Kevin Johnson discuss these topics, share personal insights, and ponder the future of coding in the AI era. Additionally, we draw some intriguing parallels between AI advancements and past practices, highlighting the need for oversight and security in this evolving landscape.

What would happen if the US government halted funding for the CVE program? In this episode, we explore the controversies surrounding the funding of the CVE program, the role of CVEs in the cybersecurity industry, and the recent launch of the CVE Foundation. We also discuss the Trump Administration's executive order that revoked the security clearance of former CISA Director Chris Krebs, following his declaration that the 2020 election was the most secure in history. Join us as we unpack the impact of these events on the cybersecurity landscape and what it means for the future.