Decipher
Decipher Security Podcast
Every week, Dennis Fisher and Lindsey O'Donnell-Welch, the editors of Decipher, bring you exclusive, in-depth conversations with security researchers, CISOs, founders, and security experts to hellp you understand the threat landscape and better protect your organizations.
Where to listen?
Podcasts in the app Replaio Radio Coming soonPodcasts are coming to the app soon. Install now and be the first to see a whole new take on podcasts
Episodes
Our AI Coding Future with Jack Cable 07.07.2026 23:12
Jack Cable, co-founder and CEO of Corridor and a former senior technical advisor at CISA, discusses AI's impact on cybersecurity, vulnerability discovery, and coding practices.
Fable 5 Export Controls, the Dual Use Paradox, and the ARToken Phishing Framework 02.07.2026 37:28
It's a pre-July 4th extravaganza! To celebrate, we dive into a little cybersecurity history with a story about the MySpace Samy worm, then we jumpe into the news of the week, including an update on the Fable 5 export control drama, and the emergence of the ARToken operator panel.
The (Bug) Disclosure Day Conundrum and How AI is Changing the Game with Katie Moussouris 29.06.2026 57:33
Hacker and legendary vulnerability disclosure expert Katie Moussouris of Luta Security joins Dennis to talk about the Fable 5 munitions classification controversy, the recent re-emergence of the disclosure debate, how AI-assisted bug hunting is reshaping the defensive landscape, and what the future holds for attackers and defenders.
The Gaslight macOS Backdoor, Cisco Zero Day Exploit, and Operation Endgame 26.06.2026 31:57
It's a non-AI podcast! This week we dig into the new Gaslight macOS implant that tries to trick security researchers with some anti-forensics techniques, then we discuss the Operation Endgame takedown of some malware infrastructure, and finally we discuss a Cisco Catalyst SD-WAN bug that was exploited as a zero day.
How Much Do Data Breaches Really Cost? | Alex Pinto 16.06.2026 41:26
Alex Pinto, one of the lead authors of the Verizon Data Breach Investigations Report, joins Dennis to talk about his organization's newest publication, the Breach Impact Study, which digs into the real world cost of breaches, both in dollars and in organizational impact. Spoiler: Breaches are expensive. Verizon BIS : https://www.verizon.com/business/resources/reports/2026-breach-impact-study-d...
The Shrinking Exploit Window, Patch Schedule Changes, and the Vulnpocalypse 12.06.2026 32:39
This week was blessedly free of any major supply chain compromises, so we start by talking about new research from Anthropic on the shrinking window between bug disclosure and exploitation, then we discuss the changing patch schedule for Cisco and how all of this is changing the prioritization process for security teams, and finally we discuss some upcoming episodes and our latest hacker movie pod...
How The Conversation Predicted Our Surveillance Society 50 Years Ago 08.06.2026 58:48
Perhaps no film captures the paranoia and anxiety of the 1970s better than The Conversation, Francis Ford Copolla's masterpiece about reclusive surveillance expert Harry Caul, a man who it's safe to say has some demons. Decades before we all agreed to carry tracking and recording devices in our pockets, The Conversation shows us just how invasive and damaging technology can be.
Shai Hulud Returns, How Attackers are Using AI, and More Weird MSRC Behavior 05.06.2026 36:32
We regret to inform you that there are more npm supply chain attacks this week, and a new variant of the Shai Hulud worm is involved. We also talk about the new analysis from Anthropic on a year of data relating to how attackers are using AI in their operations, and the continuing adventures of Microsoft's relationship with security researchers.
Microsoft Has Forgotten Its Vulnerability Disclosure History 29.05.2026 45:58
The recent Nightmare-Eclipse zero day drop and attendant drama has stirred up all kinds of trouble and unfortunately spurred Microsoft to publish a post scolding security researchers for not using the "proper channels" to disclose bugs, threatening legal action, and generally dredging up every hobby horse from the threadbare disclosure debate. Links MSRC post: https://www.microsoft.com/e...
Lessons in Resilience, Perseverance, and Leadership With Matt Eversmann 25.05.2026 1:18:12
After being caught in one of the more notorious battles in modern American history, Matt Eversmann's military career has become the stuff of legend. The Battle of Mogadishu, immortalized in the book and movie Black Hawk Down, was a pivotal event in U.S. history and in the lives of Matt and his fellow soldiers. Now retired from the army and focusing on training the next generation of leaders, M...
Chain Chain Chain of Compromises 22.05.2026 22:18
In the spring, a young attacker's fancy turns to supply chain compromises, and this season's crop includes the GitHub breach and the Grafana intrusion, which are connected and trace back to the TanStack supply chain attack and...TeamPCP. Links Grafana attack: https://decipher.sc/2026/05/17/grafana-investigating-token-compromise-and-extortion-attempt/ GitHub breach: https://decipher.sc/2026...
What the Data Tells Us About Claude Mythos and Bug Exploitability | Jay Jacobs and Michael Roytman 19.05.2026 43:41
Finding a huge pile of bugs with Claude Mythos is great, but the logical next step is figuring out how many of those vulnerabilities are likely to be exploited in the near future. Jay Jacobs and Michael Roytman of Empirical Security join Dennis to talk about how the Exploit Prediction Scoring System can help teams make informed decisions and prioritize patching the most important vulnerabilities....
Solving Hard Security Problems With an Outsider's Perspective | Sravish Sridhar 15.05.2026 53:56
Unlike a lot of founders in the industry, Sravish Sridhar hasn't spent his career in the security world. He comes from a background in distributed computing and advanced math, and is a successful entrepreneur who's now bringing that experience to bear at TrustCloud, where he's helping CISOs automate and streamline their compliance programs.
AI Has a Security Measurement Problem | Gary McGraw 13.05.2026 38:02
Few people (if any) have spent more time thinking about and working on the hard problems in security and software than Gary McGraw, and he also happens to have a PhD in cognitive science and computer science and has been studying neural nets and AI systems for 30+ years. Gary joins Dennis to talk about his team's new research into AI security benchmarks, measurement, and bringing a software se...
Inside the $285M Drift Protocol Heist | Ari Redbord 11.05.2026 34:11
Ari Redbord, Global Head of Policy at TRM Labs, talks about the insane background behind the $285 million Drift Protocol crypto heist, how law enforcement agencies are investigating ransomware-linked cryptocurrency wallets, and how effective sanctions are on cybercrime.
The Canvas Attack, Ivanti and Palo Alto Exploits, and Dirty Frag 08.05.2026 41:29
If we needed any more evidence that the internet was a mistake, this week provided it. We kick things off with a discussion of the Canvas breach that has affected thousands of schools worldwide, then we dig into the disclosure of two new vulnerabilities in Ivanti and Palo Alto Networks products that are actively exploited, and then we talk about a new branded Linux bug called Dirty Frag. Finally,...
Fighting Cybercrime With Global Intelligence | Will Dixon 06.05.2026 44:23
Will Dixon has seen the evolution of cybercrime as both a GCHQ intelligence officer and a private sector executive and analyst, and has seen the way these groups operate up close. He joins Dennis to talk about the ongoing threat from ransomware gangs, how organizations are managing their responses, and what he expects to come next.
The fast16 Mystery, Stuxnet, and the History of Cyber Espionage | Juan Andres Guerrero-Saade 04.05.2026 1:08:31
JAGS joins Dennis Fisher to unpack the complex history of fast16, a highly targeted cyber espionage platform that goes back as far as 2005, many years before Stuxnet, and was deployed against targets in Iran. JAGS has been in the APT hunting game for a long time, and brings his historical perspective and context around the Shadow Brokers leak, Stuxnet ties, and how this discovery changes what we k...
cPanel Exploits, Copy Fail, and the History of Branded Bugs 01.05.2026 42:12
The security news was out of hand this week, so we had to pick our spots. We start with the nasty cPanel/WHM vulnerability that affects tens of millions of domains in shared hosting environments, then we discuss the C opy Fail Linux bug and its effects before seguing into the delightful history of branded bugs, logos, and parodies. Links Branded bugs and logos: https://io.netgarage.org/logo/
Defeating Online Scams and Disrupting the Cybercrime Chain | Ariana Mirian 28.04.2026 50:33
Ariana Mirian, cofounder of startup Beesafe, joins Dennis to talk about the mechanics of online romance and finance scams, how the scammers draw in victims over weeks or months, and why user awareness isn't the complete solution to the problem. LinksBeesafe AI: https://beesafe.ai/
The Vercel Intrusion and What is Happening at CISA 24.04.2026 39:41
This week we dig deep into the Vercel intrusion that emerged last weekend, how it happened, what the response was, and what the downstream effects may be for defenders. Then we talk about CISA's bizarre delayed response to the Axios npm compromise and what it signals about the agency's capabilities going forward.
Claude Mythos, Automated Bug Hunting, and AI Eating Everything 17.04.2026 32:32
It's been A WEEK. Security news never sleeps, and neither does AI, so Dennis and Lindsey dive into all of the storylines coming from the Claude Mythos and Project Glasswing announcements, how organizations will deal with the coming flood of CVEs and patches, NIST's decision to only enrich specific CVEs going forward, and what could possibly be next on the horizon.
The Era of AI-Led Vulnerability Research With Tom Ptacek 13.04.2026 55:57
Dennis sits down with Tom Ptacek of Fly.io, a veteran security researcher, founder, and observer of the vulnerability landscape, to talk about the recent wave of AI-assisted vulnerability discovery and exploit development, specifically from the use of frontier models such as Claude Mythos. Tom has strong opinions on what's coming and how human researchers and defenders need to respond. Tom'...
Mapping the Cybercrime Ecosystem With Andrew Northern of Censys 07.04.2026 33:47
The internet is dark and full of terrors, but thanks to folks such as Andrew Northern, a principal security researcher at internet-mapping pioneer Censys, it doesn't have to be, Andrew joins Dennis to talk about the cybercrime ecosystem, getting his start in security on a tiny team with huge responsibilities, and the value of a strong mentor.
The Rapid Rise of AI Exploit Development and More Axios Compromise Effects 03.04.2026 51:24
It's been quite a week in security news, and Dennis and Lindsey dig into the continued effects of the axios supply chain attack, the incredibly fast adoption of AI tools for vulnerability research and what that means for software makers and defenders, and what the future holds for vulnerability research and exploit development. Security Theater in Austin: https://material.security/theater-2026...
Similar podcasts
Replaio is not a podcast publisher; show names, artwork and audio belong to their authors and are distributed through public RSS feeds.