In this episode, we discuss the newly released OWASP Top 10 for 2025. Join hosts Tom Eston, Scott Wright, and Kevin Johnson as they explore the changes, the continuity, and the significance of the update for application security. Learn about the importance of getting involved with the release candidate to provide feedback and suggestions. The conversation touches on the history of the OWASP Top 10, its release cycle, the evolution from specific vulnerabilities to broader categories, and the impact on vulnerability assessment and compliance.

The future of home robotics is here — and it’s a little awkward. Meet the NEO 1X humanoid robot, designed to help with chores but raising huge cybersecurity and privacy questions. We discuss what it can actually do, the risks of having an always-connected humanoid in your home, and why it’s definitely not the “Robot Rosie” we were promised.

In this episode, we explore OpenAI's groundbreaking release GPT Atlas, the AI-powered browser that remembers your activities and acts on your behalf. Discover its features, implications for enterprise security, and the risks it poses to privacy. Join hosts Tom Eston and Scott Wright as they discuss everything from the browser's memory function to vulnerabilities like indirect prompt injection. Stay informed on how AI browsers could reshape web browsing and cybersecurity.

In this episode 404 (no pun intended!), we discuss the recurring issue of DNS outages, the recent Amazon AWS disruption, and what this reveals about our dependency on cloud services. The conversation touches on the need for tested business continuity plans, the implications of DNS failures, and the misconceptions around cloud infrastructure's automatic failover capabilities.

OpenAI’s Sora 2 is here — and it’s not just another AI toy. This episode explores how Sora 2 works, how users can insert real people into generated content, and why that’s raising alarms about privacy, identity, and copyright. We walk you through the initial opt-out copyright controversy, the backlash from studios and creators, and how OpenAI is scrambling to offer more control. Tune in to understand what rights you might lose — or want to protect — in this new media era.

In this episode, we discuss the surge of age verification laws spreading across the US, including the recent implementation in Ohio. These laws intend to shield children but come at a significant cost to privacy and cybersecurity. We'll explore how third-party ID verification companies operate, the risks associated with these systems, and the broader definition of adult content beyond pornography. We also question the effectiveness and security of these measures as we share insights into the ease of bypassing verification systems. Are we protecting kids, or building a privacy nightmare?

Phishing simulations have been a cornerstone of security awareness training for years. But do they actually change user behavior, or are they just creating frustration and fatigue? In this episode, Tom Eston and Scott Wright (CEO of ClickArmor) debate whether simulated phishing attacks are still valuable in 2025. We cover the benefits, challenges, and how phishing programs might evolve — or even be replaced — in the future.

Episode 400! In this special milestone edition of the Shared Security Podcast, we look back at 16 years of conversations on security, privacy, and technology. From our very first episodes in 2009 to today’s AI-driven threats, we cover the topics that defined each era, the surprises along the way, and the lessons that still matter. Plus, we share listener favorites, memorable moments, and predictions for the future of security and privacy. Thank you for being part of our journey!

Join the Shared Security Podcast for a critical discussion about situational awareness with special guest, Andy Murphy, host of the Secure Family Podcast. In a world where mass shootings and violence in public places are alarming realities, staying alert to your surroundings has never been more important. Andy shares his expertise on personal and family safety, providing practical tips for recognizing unusual behavior, planning for emergencies, and teaching kids safety skills. The conversation also touches upon digital security and how situational awareness applies online. Learn how to own your safety and protect your loved ones in this essential episode.

In this “best of” episode of the Shared Security Podcast, we revisit a discussion from September 2020 that’s just as relevant today as it was then. First, we cover how ransomware attacks forced several school districts—including Hartford, CT and Toledo, OH—to delay or shut down classes on the very first day of school. Then we dive into Google Chrome’s new (at the time) update designed to block resource-heavy ads, making browsing faster and safer. Finally, we look at Microsoft’s warning about foreign interference attempts targeting the 2020 U.S. election.

What makes this episode especially powerful to revisit is how little has changed since we first talked about these threats. Schools and universities continue to be prime targets for ransomware attacks, with districts across the U.S. still struggling to protect their students and staff from disruptions. Browser security remains a critical piece of the puzzle as online ads continue to be exploited for tracking, scams, and malware delivery. And concerns about foreign interference in democratic elections are just as pressing in 2025 as they were in 2020.

Cybersecurity may evolve, but the challenges we face remain strikingly familiar.

In this episode, we discuss a recent significant cyber attack where Palo Alto Networks experienced a data breach through their Salesforce environment due to a compromised SalesLoft drift integration. Throughout the discussion, we highlight why Salesforce, a crucial CRM platform for many businesses, is becoming a prime target for supply chain attackers. We’ll discuss how the breach happened, its implications, and what organizations can do to protect themselves from similar threats. Lastly, we provide insights into Salesforce's security posture, the role of third-party integrations, and the importance of data retention policies in mitigating risks.

In this episode, we discuss if the convenience of modern technology compromises our privacy. Inspired by a thought-provoking Reddit post, we explore how everyday actions like saving passwords, enabling location tracking, and using cloud backups put our personal data at risk. Learn about the trade-offs between convenience and privacy, and get tips on using privacy-focused tools and making informed choices. Join the conversation in the comments or on Bluesky (@sharedsecurity).

Public Wi-Fi has a bad reputation — but in 2025, the “you’ll get hacked instantly” fear is largely outdated. In this episode, Tom and Kevin dig into real research and modern protections that make most public Wi-Fi connections reasonably safe. We’ll explore why HTTPS, device security, and updated standards have drastically reduced the risks, what threats still exist, and when you might actually want to use a VPN.

In this episode we're discussing the alarming breach of the Tea app, a platform intended for women to share dating experiences. The hack resulted in the exposure of over 13,000 government ID photos, 72,000 user images, and over a million private messages due to poor security practices. We'll discuss the role of sloppy coding, an exposed database, and the lack of security discipline that led to this massive leak. Join us as we explore insights from a cybersecurity researcher who disassembled the app's source code, the ensuing legal and privacy repercussions, and the broader implications for app security.

In this episode, we discuss a rising scam involving random smishing text messages. Learn how these messages work, why they're effective, and what you can do to protect yourself. Discover the dangers of replying to vague text messages from unknown numbers and get practical tips on how to block and report spam texts. Stay safe by not engaging with these scams and using built-in filters and reporting options on your mobile device.

This week we explore the recent Microsoft SharePoint vulnerability that has led to widespread exploitation by ransomware gangs and Chinese State-sponsored hackers. We also cover the confirmed compromise of multiple US agencies, including the Department of Homeland Security, in a large-scale cyber espionage campaign. Kevin Johnson joins to discuss the implications of these events, the underlying issues with patching systems, and the complexities of protecting applications like SharePoint. Stay informed on the latest cybersecurity developments and get insights on what might have gone wrong. Plus, get a peek at what’s happening at Black Hat and DEF CON in Vegas.

In this episode, we examine Amazon's Ring doorbell camera amid rising privacy concerns and policy changes. The Electronic Frontier Foundation's recent report criticizes Ring's AI-first approach and the rollback of prior privacy reforms, describing it as 'techno authoritarianism.' We also discuss a recent scare among Ring users on May 28, related to an unexplained series of logins, said by Amazon to be a UI glitch. Join hosts Tom Eston, Scott Wright, and Kevin Johnson as they explore these issues, share personal anecdotes about their experiences with tech, and discuss broader implications for privacy and civic freedoms.

In this episode, join hosts Tom Eston, Scott Wright, and Kevin Johnson as they discuss the controversial topic of seniors writing down passwords. They discuss how threat modeling differs for the elderly, the practicality of using password managers, two-factor authentication, and future solutions like passkeys. The conversation includes humorous anecdotes and touches on broader cybersecurity issues such as risk assessment and the importance of tailoring security solutions to individual needs. Tune in for insights on making security accessible and effective for an often overlooked group.

In this episode, we discuss the often overlooked security issues within Google Workspace. Rajan Kapoor, Field CISO at Material Security, joins us to talk about how Material Security is redefining the protection of documents, email accounts, and data in Google Workspace. We explore the unique challenges Workspace presents compared to traditional tools, and how Material Security provides comprehensive solutions. Rajan shares his professional journey, insights into Google's APIs, and how their service stands out. Tune in to understand why legacy tools may leave critical gaps in your organization's security.

Thanks to Material Security for sponsoring this episode! Protect your Google Workspace with [Material Security](https://material.security/)—the only detection and response platform purpose-built to secure your emails, data, and accounts before, during, and after an attack. Visit [material.security](https://material.security/) to learn more!

In this episode, we explore the revolutionary concept of autonomous penetration testing with a discussion into Cybersecurity startup XBOW’s recent breakthrough. XBOW claims to have topped HackerOne's leaderboard using a fully autonomous AI agent, raising significant questions about the future of offensive security. Hosts discuss the potential of AI in pen testing, the implications for pen testers, bug bounty hunters, and security teams, and whether this represents a genuine advancement or just more AI hype.