Generative AI is poised to revolutionize vulnerability discovery in critical infrastructure, but will it actually fix the problem, or just shift the burden? The recent AI Cybersecurity Challenge (AIxCC), a two-year competition sponsored by the US Defense Advanced Research Projects Agency (DARPA) and Advanced Research Projects Agency for Health (ARPA-H), crowned winners whose AI systems autonomously discovered and patched zero-day flaws in real-world code. Now, with models potentially going open-source, the implications for defenders, attackers and policymakers are seismic. In this episode, we sat down with Taesoo Kim, the leader of Team Atlanta, the AIxCC winning team, and Andrew Carney, program manager for the AIxCC at DARPA and ARPA-H. In the interview (13.56), they discuss why the commercialization of GenAI-powered vulnerability scanning tools could be just around the corner and how "self-healing infrastructure" might soon become a reality.

In this special episode of the Infosecurity Magazine podcast, we dive deep into the rapidly evolving story surrounding Microsoft SharePoint On-Premises. Recent disclosures have revealed a series of vulnerabilities now being exploited in targeted campaigns, with Chinese threat actors at the centre but other threat actors joining in the attacks. This episode breaks down the complexities of the incident, the ongoing exploitations and the broader implications for security practitioners. Stay updated as this story unfolds and equip yourself with valuable insights to better understand and defend against emerging cyber threats. Our discussion includes: Timeline of events surrounding the ToolShell Microsoft SharePoint on-prem vulnerability (02.20) Interview with Charles Carmakal, CTO at Mandiant, now part of Google Cloud (06.38). Charles details these critical vulnerabilities and steps towards patching and what some orgnaizations may be missing, leaving them vulnerable to compromise. Interview Lorri Janssen-Anessi, Director of External Cyber Assessments at BlueVoyant. With extensive experience from her time at the NSA and the Department of Homeland Security, Lorri provides an in-depth perspective on the impact these attacks are having and what they mean for organizations today. (17.18) Sing up to receive Infosecurity Magazine's weekly newsletter here.

In this Infosecurity podcast episode, the team dive into the details of Donald Trump's June 2025 Cybersecurity Executive Order (EO). This EO revises previous orders from both Barack Obama and Joe Biden, while also removing a host of requirements from Biden's January 2025 EO. From software supply chains and quantum computing to the research and testing of AI for cyber defense, this new order covers a wide array of critical cybersecurity topics. To unpack the details of the latest EO We sit down with Nick Reese, the co-founder and COO of Frontier Foundry, a Professor at New York University and a member of the Homeland Security Advisory Board at the George Washington University. Reese brings invaluable experience from his time as Director for Emerging Technology Policy at the US Department of Homeland Security (2019-2023). In our discussion, we break down the intricate details of the executive order, helping us understand its provisions and the nuances of the changes it introduces to the cybersecurity landscape. Sing up to receive Infosecurity Magazine's weekly newsletter here.

In this episode of the Infosecurity Magazine podcast we dive into the exciting world of Infosecurity Europe. Two veteran cybersecurity pros share their expert advice on how to get the most out of your visit to one of the industry's premier events. Heather Lowrie, former CISO and co-founder of Resilionix, and Jon Davies, Director - Cyber, KPMG share their perspectives on emerging cybersecurity themes to expect at the event and their reflections on how Infosecurity Europe has evolved over the years. We touch on how to navigate the diverse offerings at Infosecurity Europe, the value of engaging in Table Talks and Masterclasses and how to best plan your visit. This episode is packed with valuable insights to help you maximize your experience at Infosecurity Europe. Infosecurity Europe returns from 3rd to 5th June, 2025, at London’s Excel, celebrating its 30th anniversary. Registration is now open at infosecurityeurope.com. Find out more about Infosecurity Europe via the website here. https://www.infosecurityeurope.com/en-gb/lp/register-now.html?utm_source=advert&utm_medium=referral&utm_campaign=infosecurity_magazine&utm_content=&utm_term= Discover more from our sponsor, Vanta, here. https://www.vanta.com/demo-uk?utm_campaign=emea_generic&utm_source=info-security&utm_medium=podcast Sing up to receive Infosecurity Magazine's weekly newsletter here. https://www.infosecurity-magazine.com/my-account/login/

In this episode of Infosecurity Magazine's podcast, we delve into the critical realm of vulnerability management, exploring the pivotal roles played by two US government-funded security programs that today are under pressure as vulnerability reporting explodes. Join us as we discus the latest developments involving the National Vulnerability Database (NVD), operated by a dedicated team within NIST, which has been under pressure for the last 12 months. We’ll also touch on the recent uncertainty relating to the CVE Program, sponsored by the US Department of Homeland Security (DHS) and CISA and managed by the non-profit MITRE Corporation. These programs serve as essential data sources for organizations worldwide, enabling them to identify, prioritize and remediate vulnerabilities effectively. Our discussion is enriched by insights from expert guests, including: • Brian Martin, former member of the CVE Board (10:23) • Stephen Shaffer, a principal security engineer at a leading pharmaceutical company (26:55) • Rose Gupta, Cyber Exposure Management Lead at AssuredPartners (39:43) Discover more from our sponsor, Vanta, https://www.vanta.com/demo-uk?utm_campaign=emea_generic&utm_source=info-security&utm_medium=podcast Sing up to receive Infosecurity Magazine's weekly newsletter https://www.infosecurity-magazine.com/my-account/login/

With 4.3 million devices infected and 3.9 billion stolen passwords shared by hackers, infostealers have emerged as one of the dominant malware threats of 2024. According to recent reports from Kela and Huntress, these stealthy attackers are now involved in one in four cyber-attacks, making them a major concern for individuals and organizations alike. In our latest podcast episode, we take a closer look at the rise of infostealers and what you can do to protect yourself from these insidious threats. You will hear from Leonid Rozenberg, Cybercrime and Threat Intelligence Researcher at Hudosn Rock about: Infostealers’ ability to steal passwords stored in browsers and other malware features that most people don’t usually talk about (7:24) The latest trends in infostealer development, deployment and distribution in 2025 (26:40) How organizations and individuals can prevent and mitigate the infostealer threat (32:07) Discover more from our sponsor, Vanta, here. https://www.vanta.com/demo-uk?utm_campaign=emea_generic&utm_source=info-security&utm_medium=podcast Sign up to recieve Infosecurity Magazine's weekly newsletter here.https://www.infosecurity-magazine.com/my-account/login/

Listen to this episode of the Infosecurity Magazine podcast for your comprehensive guide to Infosecurity Europe 2024, taking place at the Excel London from 2-6 June. This episode dives deep into Europe's leading information security event, featuring insights from seasoned attendees Paul Watts, Distinguished Analyst and vCISO at the Information Security Forum, and Mun Vajil, CISO at Trainline. Listen to learn: • What Infosecurity Europe is all about and how to register. • Proven strategies to maximize your experience, whether you're a first-timer or a veteran. • Highlights of the conference program, including must-see sessions, key topics and exclusive speakers. • How to navigate the exhibition and connect with leading cybersecurity vendors. Plus, get valuable tips to help you make the most of your Infosecurity Europe experience. Click here to register for Infosecurity Europe 2024: https://www.infosecurityeurope.com/en-gb.html

This episode of the Infosecurity Magazine Podcast dives deep into the recent cyber-attack on Change Healthcare, a major player in US healthcare billing and data. The attack's impact went beyond data breaches, disrupting prescriptions, payments, and causing significant financial losses. Hear from: Wes Wright, Chief Healthcare Officer at Ordr, (08.37) who explains how the attack rippled through the healthcare system. Victor Acin, Head of Threat Intel at Outpost24, (26.00) who sheds light on the ransomware gang that targeted Change Healthcare and why healthcare is a prime target The discussion explores the attack's tactics, the future of Ransomware-as-a-Service (RaaS), and what lessons healthcare can learn to improve its cybersecurity posture.

Operation Cronos took the cybersecurity world by storm as law enforcement disrupted one of the most prolific ransomware gangs in the world. Now the dust has settled it’s time for a first assessment of the takedown’s impact on the LockBit ransomware group. In this episode, the Infosecurity Magazine team goes behind the scenes of the law enforcement operation with Prodaft, a threat intelligence company that collaborated with the FBI, the NCA, and Europol to take down the group’s infrastructure. We also dissected the operation’s impact on LockBit’s activity and explored what the future holds for this notorious cybercriminal organization, with great insights from RedSense, another threat intelligence firm that spent three years investigating the group. You will hear from: -Koryak Uzan, co-founder of Prodaft (6.52) -Marley Smith, principal threat researcher at RedSense and Yelisey Bohuslavskyi, RedSense co-founder (31.36)

Big corporations are tightening their cyber defenses, making small and medium businesses (SMEs) a tempting target for cybercriminals. This episode of Infosecurity Magazine’s podcast dives into the growing threat landscape for SMEs and explores the potential consequences of an attack. Guests include: • Simon Whittaker, CEO of Vertical Structure (07.35) • Gill Thomas, Director of Engagement, Capacity and Resilience Program at the Global Cyber Alliance (33.15)

This year’s Data Privacy Week campaign carries the theme ‘take control of your data,’ underlying the scale of personal information being collected and used online by businesses. In this episode, we analyze growing consumer awareness and concern about the use of their personal data online, and practical steps businesses can take to improve trust and transparency in this area. This includes creating ‘value exchange’ with customers around using their personal data. We also delve into the impact of AI on data privacy – good and bad, and how to manage customer relationships during a data breach. Tune into this episode to learn practical ways organizations can update their data privacy practices for the modern consumer. Guests include: Joe Jones, Director of Research and Insights for the International Association of Privacy Professionals (IAPP) – 07.21 Sarah Pearce, Partner, Hunton Andrews Kurth – 20.32

In this episode of the Infosecurity Magazine podcast, we take a look back at 2023 and explore some of the most significant cybersecurity trends and topics that have shaped the industry this year. We discuss the growing cyber skills gap, the increasing use of AI in both offensive and defensive cybersecurity operations, and the emerging threats posed by AI-powered tools like ChatGPT. We also feature an interview with Brad LePorte of LionFish Tech Advisors, who shares his insights on the future of cybersecurity in 2024. Listen to hear more about: The widening cyber skills gap and its impact on organizational security The growing use of AI in both offensive and defensive cybersecurity operations Insights from Brad LePorte of LionFish on cybersecurity trends for 2024

In November the UK hosted its first ever AI Safety Summit, less than one year after OpenAI released ChatGPT, its revolutionary generative AI-powered chatbot. In this episode, we delve into the rapidly evolving world of artificial intelligence, exploring the implications of recent developments and announcements from governments, tech companies, and industry bodies around the globe. Join us as we dissect the key takeaways from the AI Safety Summit and examine how these advancements impact the cybersecurity landscape. Whether you're a cybersecurity professional or simply curious about the future of AI, this episode provides valuable insights into the intersection of AI and cybersecurity. You’ll hear from: - Matt Roach, Head of i-4 Cyber Security Leaders Community, KPMG UK (11.45) - Rob van der Veer, Senior Director, Software Improvement Group (SIG) & Founder, OWASP AI Exchange (30.01)

Phishing has been a prominent topic in cyber for many years, but attackers have become more sophisticated in their approaches, assisted by generative AI and deepfake technologies. During this episode to mark the 20th anniversary of Cybersecurity Awareness Month, the Infosecurity Magazine team discuss new trends relating to this vector, and how awareness training and guidance needs to be reviewed and updated in response. Two experts from the field of academia share their thoughts and new research in this constantly evolving area of cybersecurity. Guests include: • Constantinaos Patsakis, Associate Professor at the Department of Informatics, University of Piraeus (04.28) • Jason Nurse, Director of Science & Research at CybSafe and Reader, University of Kent (28.27)

This episode of the Infosecurity Magazine podcast focuses on the cybersecurity skills gap and how to bridge the divide. We discuss the challenges of recruiting and retaining cybersecurity talent, as well as the innovative solutions that are being developed to address the problem. We also speak to MK Palmore, Vice President of Cyversity, about his work to increase diversity in the cybersecurity workforce and why diversity of thought is vital to the cybersecurity landscape.

Despite a general slowdown of ransomware attacks in in 2022 we are now experiencing a resurgence of ransomware activities. In this episode, the Infosecurity Magazine team discuss some of the research recently published by threat analysts in the ransomware space and what it is demonstrating about how threat actors are evolving their approaches in 2023. This includes interviews with two cybersecurity experts who have uncovered critical new insights into the evolution of ransomware. Guests include: Jacqueline Burns Koven, Head of Cyber Threat Intelligence at Chainalysis, explains why ransomware is on course for one of its biggest years to date (07.15) Dr Karen Nershi, Postdoctoral Fellow, Stanford Internet Observatory, discusses increasing political motivations for this threat vector (22.45) Tune in now to understand the latest ransomware trends and tactics.

Join the Infosecurity Magazine team and guests as they plunge into the heart of a devastating cyber-attack that has impacted the likes of BBC, PwC, and Schneider Electric. In this episode, we delve deep into the world of supply chain attacks, and where the notorious Clop ransomware group capitalizes on a hidden weakness in MOVEit Transfer—a trusted file transfer solution used by thousands of companies. In an interview with Secureworks, one of the first cybersecurity firms to sound the alarm, we examine the cloak-and-dagger tactics, techniques, and procedures (TTPs) employed by the audacious Clop. Our expert guests unravel the secrets behind the far-reaching impact of this hack, while offering invaluable insights into the crucial steps cybersecurity practitioners must take in the face of such a high-stakes incident. Tune in now to stay one step ahead in the battle against the relentless forces of cybercrime. Guests include: • Rafe Pilling, Director of Threat Research at Secureworks Counter Threat Unit • William Thomas, CTI Researcher at Equinix Threat Analysis Center (ETAC) & co-founder of Curated Intelligence • Paul Watts, Distinguished Analyst at the Information Security Forum This Podcast is sponsored by Mandiant’s mWISE Conference, click here to register.

Infosecurity Europe is Europe's leading cybersecurity event, and this year's show is no exception. In this podcast episode hear about some of the key conference sessions, activities and must-see attractions at the 2023 event. The Infosecurity Magazine editorial team also highlight some of the biggest cybersecurity themes at discussion topics that will be important for information security professionals to educate themselves on and will hear about at Infosecurity Europe. Finally, Brian Honan, CEO of BH Consulting and former Infosecurity Europe Hall of Fame winner, gives his advice on how to get the most out the event and some of the sessions he’s most looking forward to attending.

Since the launch of ChatGPT in November 2022 the cybersecurity world has been abuzz with talk of AI and its usefulness as well as the threat it poses. In this episode of the podcast the team discuss how cybersecurity vendors are leveraging AI, what threats AI has brought to the technology landscape and what to be cautious of when using large language models. Beth Maundrill also sits down with Sergey Shykevich, Threat Intelligence Group Manager at Check Point Research, to dispel some of the myths around threat actors' use of AI and what Check Point has observed over the past six months. Shykevich also provides his thoughts on the future of AI in cybersecurity.

The RSA conference in San Francisco is back this month and the editorial team will be crossing the pond to join the cybersecurity community at the largest North America cyber event. During this episode of the podcast, Beth Maundrill and James Coker discuss what they think will be the biggest talking points at RSA 2023 and some of the sessions that have caught their eye. Expect to hear a lot about government initiatives including President Biden’s National Cybersecurity Strategy and how Federal agencies are working with international partners to bolster cyber defenses. AI will of course be a huge topic at all events this year following the emergence of ChatGPT. The team also speaks to Pam Nigro, chair, board of directors at ISACA and VP of security at Medecision, about what she thinks about some of the emerging conference themes as well as tips on how to make the most out of the event in-person.