
Tom Eston and Scott Wright break down the Supreme Court’s geofence warrant/location privacy ruling and explain why everyday phone users should review how apps, platforms, and data brokers collect and store location data.
Jul 6
14 min

Jay Beale joins Tom and Kevin for a funny, story-heavy conversation about physical pen tests, Kubernetes attack-and-defense training, DEF CON's Kubernetes CTF, and why AI systems running on Kubernetes create very real new attack paths.
Jun 29
38 min

The U.S. government reportedly ordered Anthropic to suspend access to two of its newest frontier AI models, Fable 5 and Mythos 5, citing national security concerns tied to a possible jailbreak. Anthropic complied, but pushed back on the reasoning, arguing that the reported behavior was narrow and that similar capabilities already exist in other advanced AI models.In this episode, Tom, Scott, and Kevin discuss why treating AI capabilities like export-controlled technology may create more problems than it solves. The conversation connects today’s AI restrictions to earlier fights over encryption export controls, hacker tools, and government attempts to regulate technical capability by banning access. The bigger concern: defenders may lose access to tools that help them find, fix, and test vulnerable code while attackers simply move to other models or providers.The team also looks at what this means for businesses using cloud-based AI tools. If an AI service can disappear because of a government order, vendor decision, or geopolitical restriction, security and engineering teams need alternatives, back-out plans, and a realistic “ripcord” strategy for mission-critical workflows.Special thanks to Guardsquare for sponsoring this episode! Guardsquare is the leader in mobile application security, with multi-layered protection for your Android and iOS apps. Learn more at Guardsquare.com.** Links mentioned on the show ** Anthropic statement: Fable/Mythos access https://www.anthropic.com/news/fable-mythos-accessReuters: US blocks foreign access to Anthropic's most advanced AI models https://www.reuters.com/technology/us-blocks-foreign-access-anthropics-most-advanced-ai-models-axios-reports-2026-06-13/Decrypt: US Government Orders Anthropic to Pull Claude Fable/Mythos AI Models https://decrypt.co/371027/us-government-orders-anthropic-pull-claude-fable-mythos-ai-modelsKatie Moussouris / Luta Security: The Fable 5 Export Controls Harm US Cyber Defensehttps://www.lutasecurity.com/post/the-fable-5-export-controls-harm-us-cyber-defense** Watch this episode on YouTube **https://youtu.be/Y62TlfnVtRg** Become a Shared Security Supporter **Get exclusive access to bonus episodes, listen to new episodes before they are released, receive a monthly shout-out on the show, and get a discount code for 15% off merch at the Shared Security store. Become a supporter today by going to our YouTube channel's membership section: https://www.youtube.com/channel/UCg9CCDIYkDDqwEZ3UYaxjnA/join** Thank you to our sponsors! **SLNTVisit slnt.com to check out SLNT's amazing line of Faraday bags and other products built to protect your privacy. As a listener of this podcast you receive 10% off your order at checkout using discount code "sharedsecurity".** Subscribe and follow the podcast **Subscribe on YouTube: https://www.youtube.com/c/SharedSecurityPodcastFollow us on Bluesky: https://bsky.app/profile/sharedsecurity.bsky.socialFollow us on Mastodon: https://infosec.exchange/@sharedsecurityJoin us on Reddit: https://www.reddit.com/r/SharedSecurityShow/Visit our website: https://sharedsecurity.netSubscribe on your favorite podcast app: https://sharedsecurity.net/subscribeSign-up for our email newsletter to receive updates about the podcast, contest announcements, and special offers from our sponsors: https://shared-security.beehiiv.com/subscribeLeave us a rating and review: https://ratethispodcast.com/sharedsecurityContact us: https://sharedsecurity.net/contact
Jun 22
18 min

AI agents are useful, but they become risky when they can take action in real systems. In this episode, Tom Eston discusses recent reporting about attackers tricking Meta’s AI support chatbot into helping hijack Instagram accounts, and why that story matters far beyond social media. Tom explains practical guardrails for AI agents: read-only access first, human approval for consequential actions, separated accounts and contexts, prompt-injection awareness, least privilege, logging, monitoring, and adversarial testing for support and account recovery workflows.Special thanks to Guardsquare for sponsoring this episode! Guardsquare is the leader in mobile application security, with multi-layered protection for your Android and iOS apps. Learn more at Guardsquare.com.** Links mentioned on the show ** Podcast: Hackers Asked Meta AI To Let Them In. It Worked https://www.404media.co/podcast-hackers-asked-meta-ai-to-let-them-in-it-worked/The Verge summary of the Meta/Instagram AI support chatbot exploit https://www.theverge.com/tech/941179/meta-instagram-ai-support-chatbot-exploit-hacked** Watch this episode on YouTube **https://youtu.be/TL3MGnI4hUU** Become a Shared Security Supporter **Get exclusive access to bonus episodes, listen to new episodes before they are released, receive a monthly shout-out on the show, and get a discount code for 15% off merch at the Shared Security store. Become a supporter today by going to our YouTube channel’s membership section: https://www.youtube.com/channel/UCg9CCDIYkDDqwEZ3UYaxjnA/join** Thank you to our sponsors! **SLNTVisit slnt.com to check out SLNT’s amazing line of Faraday bags and other products built to protect your privacy. As a listener of this podcast you receive 10% off your order at checkout using discount code “sharedsecurity”.** Subscribe and follow the podcast **Subscribe on YouTube: https://www.youtube.com/c/SharedSecurityPodcastFollow us on Bluesky: https://bsky.app/profile/sharedsecurity.bsky.socialFollow us on Mastodon: https://infosec.exchange/@sharedsecurityJoin us on Reddit: https://www.reddit.com/r/SharedSecurityShow/Visit our website: https://sharedsecurity.netSubscribe on your favorite podcast app: https://sharedsecurity.net/subscribeSign-up for our email newsletter to receive updates about the podcast, contest announcements, and special offers from our sponsors: https://shared-security.beehiiv.com/subscribeLeave us a rating and review: https://ratethispodcast.com/sharedsecurityContact us: https://sharedsecurity.net/contactThe post Guarding AI Agents: Boundaries and Safeguards appeared first on Shared Security Podcast.
Jun 15
11 min

Mobile apps are now deeply connected platforms for identities, payments, sessions, APIs, healthcare, retail, gaming, and cloud services. In this special episode, Tom Eston talks with Joel Destefano, Senior Product Manager at Guardsquare, about the modern mobile app threat landscape and why organizations can’t treat mobile security as an afterthought.Topics include runtime manipulation, API abuse, account takeover, fake apps, overlays, malware-assisted fraud, reverse engineering, iOS vs Android risk, AI-assisted attacks, and why backend-only security is not enough.Special thanks to Guardsquare for sponsoring this episode! Guardsquare is the leader in mobile application security, with multi-layered protection for your Android and iOS apps. Learn more at Guardsquare.com.** Links mentioned on the show ** Find out more about Guardsquare https://www.guardsquare.com/Guardsquare’s Blog and Research Center https://www.guardsquare.com/blog https://www.guardsquare.com/mobile-app-security-research-center/welcomeOWASP Mobile Application Security https://owasp.org/www-project-mobile-app-security/OWASP MASVS https://mas.owasp.org/MASVS/** Watch this episode on YouTube **https://youtu.be/C5eWp9IB30U** Become a Shared Security Supporter **Get exclusive access to bonus episodes, listen to new episodes before they are released, receive a monthly shout-out on the show, and get a discount code for 15% off merch at the Shared Security store. Become a supporter today by going to our YouTube channel’s membership section: https://www.youtube.com/channel/UCg9CCDIYkDDqwEZ3UYaxjnA/join** Thank you to our sponsors! **SLNTVisit slnt.com to check out SLNT’s amazing line of Faraday bags and other products built to protect your privacy. As a listener of this podcast you receive 10% off your order at checkout using discount code “sharedsecurity”.** Subscribe and follow the podcast **Subscribe on YouTube: https://www.youtube.com/c/SharedSecurityPodcastFollow us on Bluesky: https://bsky.app/profile/sharedsecurity.bsky.socialFollow us on Mastodon: https://infosec.exchange/@sharedsecurityJoin us on Reddit: https://www.reddit.com/r/SharedSecurityShow/Visit our website: https://sharedsecurity.netSubscribe on your favorite podcast app: https://sharedsecurity.net/subscribeSign-up for our email newsletter to receive updates about the podcast, contest announcements, and special offers from our sponsors: https://shared-security.beehiiv.com/subscribeLeave us a rating and review: https://ratethispodcast.com/sharedsecurityContact us: https://sharedsecurity.net/contactThe post Mobile Application Security: What Every Organization Needs to Know appeared first on Shared Security Podcast.
Jun 10
31 min

Microsoft’s response to a researcher publicly disclosing proof-of-concept exploit code has reignited an old debate in security: where does responsible disclosure end and reckless disclosure begin? Tom and Scott discuss the Nightmare Eclipse controversy, the history of full disclosure, bug bounty incentives, and why legal threats against researchers may ultimately hurt customers. They also explain why researchers still need to follow responsible processes — and why vendors need to avoid punishing the people who help make their products safer.
Special thanks to Guardsquare for sponsoring this episode! Guardsquare is the leader in mobile application security, with multi-layered protection for your Android and iOS apps. Learn more at Guardsquare.com.
** Links mentioned on the show **
The Verge: Microsoft is threatening legal action for disclosing exploits
https://www.theverge.com/tech/940416/microsoft-nightmare-eclipse-zero-day-vulnerability
Microsoft MSRC Blog: A shared responsibility: Protecting customers through coordinated vulnerability disclosure
https://www.microsoft.com/en-us/msrc/blog/2026/05/a-shared-responsibility-protecting-customers-through-coordinated-vulnerability-disclosure
Kevin Beaumont / DoublePulsar: Microsoft’s stance on zero day exploits is a dumpster fire of their own making
https://doublepulsar.com/microsofts-stance-on-zero-day-exploits-is-a-dumpster-fire-of-their-own-making-0946117940a4
** Watch this episode on YouTube **
** Become a Shared Security Supporter **
Get exclusive access to bonus episodes, listen to new episodes before they are released, receive a monthly shout-out on the show, and get a discount code for 15% off merch at the Shared Security store. Become a supporter today by going to our YouTube channel’s membership section: https://www.youtube.com/channel/UCg9CCDIYkDDqwEZ3UYaxjnA/join
** Thank you to our sponsors! **
SLNT
Visit slnt.com to check out SLNT’s amazing line of Faraday bags and other products built to protect your privacy. As a listener of this podcast you receive 10% off your order at checkout using discount code “sharedsecurity”.
** Subscribe and follow the podcast **
Subscribe on YouTube: https://www.youtube.com/c/SharedSecurityPodcast
Follow us on Bluesky: https://bsky.app/profile/sharedsecurity.bsky.social
Follow us on Mastodon: https://infosec.exchange/@sharedsecurity
Join us on Reddit: https://www.reddit.com/r/SharedSecurityShow/
Visit our website: https://sharedsecurity.net
Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe
Sign-up for our email newsletter to receive updates about the podcast, contest announcements, and special offers from our sponsors: https://shared-security.beehiiv.com/subscribe
Leave us a rating and review: https://ratethispodcast.com/sharedsecurity
Contact us: https://sharedsecurity.net/contact
The post Microsoft Threatens Legal Action Over Exploit Disclosure appeared first on Shared Security Podcast.
Jun 8
17 min

Apple and Google are finally bringing end-to-end encrypted RCS messaging to iPhone and Android chats. In this episode, Tom Eston and Kevin Tackett explain why that matters, why insecure SMS is not going away anytime soon, and why Signal is still the better choice for truly sensitive conversations. They also revisit the green bubble versus blue bubble debate, platform trust issues, and what everyday users should understand before assuming every text message is private.
Special thanks to Guardsquare for sponsoring this episode! Guardsquare is the leader in mobile application security, with multi-layered protection for your Android and iOS apps. Learn more at Guardsquare.com.
** Links mentioned on the show **
Victory! End-to-End Encrypted RCS Comes to Apple and Android Chats
https://www.eff.org/deeplinks/2026/05/victory-end-end-encrypted-rcs-comes-apple-and-android-chats
‘Blue Bubbles’—Apple Says iPhone Messaging Is Still ‘Best’
https://www.forbes.com/sites/zakdoffman/2026/05/26/blue-bubbles-apple-says-iphone-messaging-is-still-best/
End-to-end encrypted RCS messaging begins rolling out today in beta
https://www.apple.com/newsroom/2026/05/end-to-end-encrypted-rcs-messaging-begins-rolling-out-today-in-beta/
** Watch this episode on YouTube **
** Become a Shared Security Supporter **
Get exclusive access to bonus episodes, listen to new episodes before they are released, receive a monthly shout-out on the show, and get a discount code for 15% off merch at the Shared Security store. Become a supporter today by going to our YouTube channel’s membership section: https://www.youtube.com/channel/UCg9CCDIYkDDqwEZ3UYaxjnA/join
** Thank you to our sponsors! **
SLNT
Visit slnt.com to check out SLNT’s amazing line of Faraday bags and other products built to protect your privacy. As a listener of this podcast you receive 10% off your order at checkout using discount code “sharedsecurity”.
** Subscribe and follow the podcast **
Subscribe on YouTube: https://www.youtube.com/c/SharedSecurityPodcast
Follow us on Bluesky: https://bsky.app/profile/sharedsecurity.bsky.social
Follow us on Mastodon: https://infosec.exchange/@sharedsecurity
Join us on Reddit: https://www.reddit.com/r/SharedSecurityShow/
Visit our website: https://sharedsecurity.net
Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe
Sign-up for our email newsletter to receive updates about the podcast, contest announcements, and special offers from our sponsors: https://shared-security.beehiiv.com/subscribe
Leave us a rating and review: https://ratethispodcast.com/sharedsecurity
Contact us: https://sharedsecurity.net/contact
The post Apple Finally Fixes One of Texting’s Biggest Security Problems appeared first on Shared Security Podcast.
Jun 1
14 min

OpenAI is now allowing some ChatGPT users to connect their bank accounts and financial data directly to the platform. In this episode, we discuss the technology behind the feature, the convenience it promises, and the serious privacy and security questions it raises.
From AI-generated budgeting advice to the risks of centralized financial profiling, we examine what happens when conversational AI gains visibility into your spending habits, debts, subscriptions, and financial goals.
Special thanks to Guardsquare for sponsoring this episode! Guardsquare is the leader in mobile application security, with multi-layered protection for your Android and iOS apps. Learn more at Guardsquare.com.
** Links mentioned on the show **
ChatGPT Can Now Connect to Your Bank Account and See All Your Transactions
https://gizmodo.com/chatgpt-can-now-connect-to-your-bank-account-and-see-all-your-transactions-2000759306
** Watch this episode on YouTube **
** Become a Shared Security Supporter **
Get exclusive access to bonus episodes, listen to new episodes before they are released, receive a monthly shout-out on the show, and get a discount code for 15% off merch at the Shared Security store. Become a supporter today by going to our YouTube channel’s membership section: https://www.youtube.com/channel/UCg9CCDIYkDDqwEZ3UYaxjnA/join
** Thank you to our sponsors! **
SLNT
Visit slnt.com to check out SLNT’s amazing line of Faraday bags and other products built to protect your privacy. As a listener of this podcast you receive 10% off your order at checkout using discount code “sharedsecurity”.
** Subscribe and follow the podcast **
Subscribe on YouTube: https://www.youtube.com/c/SharedSecurityPodcast
Follow us on Bluesky: https://bsky.app/profile/sharedsecurity.bsky.social
Follow us on Mastodon: https://infosec.exchange/@sharedsecurity
Join us on Reddit: https://www.reddit.com/r/SharedSecurityShow/
Visit our website: https://sharedsecurity.net
Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe
Sign-up for our email newsletter to receive updates about the podcast, contest announcements, and special offers from our sponsors: https://shared-security.beehiiv.com/subscribe
Leave us a rating and review: https://ratethispodcast.com/sharedsecurity
Contact us: https://sharedsecurity.net/contact
The post Should AI Have Access to Your Financial Life? appeared first on Shared Security Podcast.
May 25
24 min

In this episode we discuss the recent cyber attack targeting Instructure’s widely used learning platform, Canvas, and the major late-breaking development that Instructure reached an “agreement” with the ShinyHunters cybercriminal group after threats to leak large amounts of stolen student and faculty data. Instructure says the stolen data was returned and that attackers provided digital confirmation that the information was destroyed, but the company did not deny making a payment—language that many in cybersecurity interpret as a ransom settlement.
Special thanks to Guardsquare for sponsoring this episode! Guardsquare is the leader in mobile application security, with multi-layered protection for your Android and iOS apps. Learn more at Guardsquare.com.
** Links mentioned on the show **
Cyberattack on Canvas system causes chaos for students at thousands of schools
https://apnews.com/article/cyberattack-schools-canvas-instructure-shinyhunters-a0d7719689263e6b5f90d0e633391b5b
Instructure strikes agreement with hackers after Canvas breach hits Duke, thousands of other schools
https://www.dukechronicle.com/article/duke-university-instructure-reaches-agreement-with-canvas-hackers-shinyhunters-cyberattack-leak-down-stolen-data-ransom-20260512
** Watch this episode on YouTube **
** Become a Shared Security Supporter **
Get exclusive access to bonus episodes, listen to new episodes before they are released, receive a monthly shout-out on the show, and get a discount code for 15% off merch at the Shared Security store. Become a supporter today by going to our YouTube channel’s membership section: https://www.youtube.com/channel/UCg9CCDIYkDDqwEZ3UYaxjnA/join
** Thank you to our sponsors! **
SLNT
Visit slnt.com to check out SLNT’s amazing line of Faraday bags and other products built to protect your privacy. As a listener of this podcast you receive 10% off your order at checkout using discount code “sharedsecurity”.
** Subscribe and follow the podcast **
Subscribe on YouTube: https://www.youtube.com/c/SharedSecurityPodcast
Follow us on Bluesky: https://bsky.app/profile/sharedsecurity.bsky.social
Follow us on Mastodon: https://infosec.exchange/@sharedsecurity
Join us on Reddit: https://www.reddit.com/r/SharedSecurityShow/
Visit our website: https://sharedsecurity.net
Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe
Sign-up for our email newsletter to receive updates about the podcast, contest announcements, and special offers from our sponsors: https://shared-security.beehiiv.com/subscribe
Leave us a rating and review: https://ratethispodcast.com/sharedsecurity
Contact us: https://sharedsecurity.net/contact
The post Cybersecurity Lessons from the Canvas Data Breach appeared first on Shared Security Podcast.
May 18
16 min

World Password Day was on May 7th—but are we actually getting better at password security?
In this episode, we discuss why compromised credentials are still behind the majority of breaches in 2026. From password reuse and phishing to infostealer malware and MFA bypass techniques, attackers are finding it easier than ever to log in instead of hack in. We also talk about whether passkeys can finally shift the landscape—and what organizations should be doing right now to reduce risk.
Special thanks to Guardsquare for sponsoring this episode! Guardsquare is the leader in mobile application security, with multi-layered protection for your Android and iOS apps. Learn more at Guardsquare.com.
** Links mentioned on the show **
Password Statistics 2026 – Trends, Facts & Data Insights
https://www.privateproxyguide.com/password-statistics/
World Password Day 2026: Attackers simply log in
https://www.organisator.ch/en/operational-excellence/2026-04-30/world-password-day-2026-angreifer-loggen-sich-einfach-ein/
** Watch this episode on YouTube **
** Become a Shared Security Supporter **
Get exclusive access to bonus episodes, listen to new episodes before they are released, receive a monthly shout-out on the show, and get a discount code for 15% off merch at the Shared Security store. Become a supporter today by going to our YouTube channel’s membership section: https://www.youtube.com/channel/UCg9CCDIYkDDqwEZ3UYaxjnA/join
** Thank you to our sponsors! **
SLNT
Visit slnt.com to check out SLNT’s amazing line of Faraday bags and other products built to protect your privacy. As a listener of this podcast you receive 10% off your order at checkout using discount code “sharedsecurity”.
** Subscribe and follow the podcast **
Subscribe on YouTube: https://www.youtube.com/c/SharedSecurityPodcast
Follow us on Bluesky: https://bsky.app/profile/sharedsecurity.bsky.social
Follow us on Mastodon: https://infosec.exchange/@sharedsecurity
Join us on Reddit: https://www.reddit.com/r/SharedSecurityShow/
Visit our website: https://sharedsecurity.net
Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe
Sign-up for our email newsletter to receive updates about the podcast, contest announcements, and special offers from our sponsors: https://shared-security.beehiiv.com/subscribe
Leave us a rating and review: https://ratethispodcast.com/sharedsecurity
Contact us: https://sharedsecurity.net/contact
The post Passwords Are Still Failing Us (World Password Day 2026) appeared first on Shared Security Podcast.
May 11
21 min
Load more
