The Adversarial Podcast

Jerry Perullo, Sounil Yu, Mario Duarte
  • 5,0 (22)
  • NEGÓCIOS

Join former ICE:NYSE CISO Jerry Perullo, former Snowflake CISO Mario Duarte, and former JupiterOne CISO and Bank of America leader Sounil Yu as they dive into the good, the bad, and the ugly in the latest cybersecurity news. Each week, we discuss the most pressing headlines, offer candid commentary, and share unique insights from our extensive experience in the field.

  1. HÁ 4 DIAS

    Adversarial Podcast S4E05 – Oracle Zero-Day, US cyber info sharing law expires, UK government guarantor for Jaguar attack

    00:00 Highlight 03:44 Oracle E-Business Suite Zero-Day 14:49 UK government to be guarantor for Jaguar Land Rover cyberattack 25:54 "Moved the needle" Part 2 48:18 12 Security Problems Practitioners Want Solved 1:02:53 National Risk of Losing the CISA 2015 Act? Oracle E-Business Suite Zero-Day Exploited in Widespread Extortion Campaign Mandiant and Google Threat Intelligence Group uncovered a large-scale CL0P-linked extortion campaign exploiting a zero-day (CVE-2025-61882) in Oracle E-Business Suite to steal data from organizations before patches were released. https://cloud.google.com/blog/topics/threat-intelligence/oracle-ebusiness-suite-zero-day-exploitation UK government to be guarantor for Jaguar Land Rover loan as it recovers from cyberattack The UK government is guaranteeing a £1.5 billion loan to Jaguar Land Rover to support its recovery and supply chain after a major cyberattack forced the automaker to halt production earlier this month. https://therecord.media/jaguar-land-rover-loan-guarantor-cyberattack 12 Security Problems Practitioners Want Solved Leen and Lockstep Ventures released a “Requests for Security Startups” report outlining twelve practitioner-driven problem areas—from preventative security and identity sprawl to AI-native assistants and continuous compliance—calling for builders to create practical, AI-powered, and workflow-integrated solutions that solve real security pain points. https://www.leen.dev/beyond-the-noise When Cyber Visibility Fades: The National Risk of Losing the CISA 2015 Act—and How Organizations Can Stay Secure Without It The expiration of the Cybersecurity Information Sharing Act of 2015 has reduced national cyber visibility and weakened public–private threat intelligence sharing, prompting experts to warn that organizations must strengthen internal risk management and collaboration to stay secure. https://www.carson-saint.com/when-cyber-visibility-fades-the-national-risk-of-losing-the-cisa-2015-act-and-how-organizations-can-stay-secure-without-it Hosts: Jerry Perullo (Founder, https://adversarial.com/) Sounil Yu (Founder, https://www.knostic.ai/) Mario Duarte (Founder, stealth startup) Producer: Tillson Galloway (Founder, http://githoundexplore.com/)

    1h11min

  2. 30 DE SET.

    Adversarial Podcast S4E04 – "Moving the needle" awards, effect of H-1B changes on cyber industry, Salesloft aftermath

    00:00 Highlight 00:43 Intro 06:40 "Moved the needle" awards 37:05 Scattered Lapsus$ and Jaguar Hack 44:39 One Token to Rule Them All - Entra pwned 1:02:21 H-1B visa changes and their effect on the cyber industry Scattered Lapsus$ and Jaguar Hack Jaguar Land Rover has extended its production pause until October after a cyberattack crippled its IT systems. The company is struggling to recover operations at Range Rover plants. https://www.wsj.com/business/jaguar-land-rover-extends-production-pause-until-october-following-cyberattack-0e39b7e8 One Token to Rule Them All A deep dive into how attackers can obtain Global Admin across all Entra ID tenants using Actor tokens — the mechanics, prerequisites, and mitigation strategies. https://dirkjanm.io/obtaining-global-admin-in-every-entra-id-tenant-with-actor-tokens/ What to Know About Changes to the H-1B Visa Program The U.S. is proposing major H-1B visa changes, including a $100,000 annual fee per visa starting in 2026, a move aimed at prioritizing higher-wage hires but likely to hit startups and global tech talent hard. https://www.wsj.com/us-news/h1b-visa-changes-explained-45b818e9?mod=djemCybersecruityPro Hosts: Jerry Perullo (Founder, https://adversarial.com/) Sounil Yu (Founder, https://www.knostic.ai/) Mario Duarte (Founder, stealth startup) Producer: Tillson Galloway (Founder, http://githoundexplore.com/)

    1h19min

  3. 16 DE SET.

    Adversarial Podcast S4E03 – Fumbled NPM Attack, Entering the AI Browser Market, Salesloft breach

    00:00 Intro 03:10 NPM supply chain attack leaves attackers empty handed 24:44 Why is Atlassian buying a browser company? 37:20 Apple's new Memory Integrity Enforcement 52:56 Salesloft breach leads to downstream hacks Hackers left empty-handed after massive NPM supply-chain attack Hackers briefly compromised popular NPM packages like chalk and debug-js, infecting ~10% of cloud environments, but despite the massive supply-chain reach they only netted about $600 in stolen cryptocurrency. https://www.bleepingcomputer.com/news/security/hackers-left-empty-handed-after-massive-npm-supply-chain-attack/ Why is Atlassian Buying a Browser Company? Atlassian is buying The Browser Company (makers of Arc and Dia) for $610M to gain control of the browser channel, secure its AI agent (Rovo) distribution, and enter the emerging “enterprise browser” market, even though success is uncertain against Google and Microsoft. https://nextword.substack.com/p/why-is-atlassian-buying-a-browser Memory Integrity Enforcement: A complete vision for memory safety in Apple devices Apple’s new Memory Integrity Enforcement (MIE) brings always-on hardware-software memory safety to iPhone 17, making advanced spyware exploits far harder. https://security.apple.com/blog/memory-integrity-enforcement/ Salesloft breached to steal OAuth tokens for Salesforce data-theft attacks Hackers exploited Salesloft’s Drift–Salesforce integration to steal OAuth tokens and exfiltrate sensitive Salesforce data, tracked as UNC6395. https://www.bleepingcomputer.com/news/security/salesloft-breached-to-steal-oauth-tokens-for-salesforce-data-theft-attacks/ Hosts: Jerry Perullo (Founder, https://adversarial.com/) Sounil Yu (Founder, https://www.knostic.ai/) Mario Duarte (Founder, stealth startup) Producer: Tillson Galloway (https://tillsongalloway.com)

    1h9min

  4. 4 DE SET.

    Adversarial Podcast S4E02 - Cyber acquisitions and raises, 95% of GenAI pilots failing, Zelle's alleged security lapses

    00:00 Introduction & BlackHat 02:06 Cybersecurity in Schools 18:53 Black Hat Conference Highlights 34:02 New York sues Zelle 44:48 Trends in Cybersecurity Mergers and Acquisitions 1:02:44 95% of generative AI pilots at companies are failing 1:08:53 Prompt injection with poisoned calendar invites DARPA announces $4 million winner of AI code review competition at DEF CON DARPA announced Team Atlanta as the winner of its two-year competition among researchers to create the best artificial intelligence systems that can find and fix vulnerabilities. Attorney General James Sues Company Behind Zelle for Enabling Widespread Fraud New York today sued Early Warning Services, a company owned and controlled by a group of the largest banks in the United States that was tasked with developing and operating the electronic payment platform Zelle, for failing to protect its users from massive amounts of fraud. Cyber Acquisitions Palo Alto / CyberArkCrowdStrike / OnumOkta / AxiomArmis raises millions at $5B valuation MIT report: 95% of generative AI pilots at companies are failing A recent MIT‑commissioned study—highlighted in Fortune on August 18, 2025—reveals that approximately 95% of generative AI pilot programs at companies failed to deliver any measurable return on investment or financial uplift. The core issue appears to be not the AI itself, but poor integration into existing workflows and misaligned use cases, with only about 5% of pilots achieving rapid revenue growth by focusing sharply on specific pain points. Hackers Hijacked Google’s Gemini AI With a Poisoned Calendar Invite to Take Over a Smart Home Security researchers demonstrated that a poisoned Google Calendar invite could indirectly prompt-inject Google’s Gemini, causing it to control smart-home devices. Hosts: Jerry Perullo (Founder, https://adversarial.com/) Sounil Yu (Founder, https://www.knostic.ai/) Mario Duarte (Founder, stealth startup) Producer: Tillson Galloway (https://tillsongalloway.com)

    1h16min

  5. 30 DE JUL.

    Adversarial Podcast S4E01 - Trump's AI Action Plan, Chip Security Act, receiving gifts from vendors

    00:00 Introduction & BlackHat 03:14 AI Action Plan Overview 13:30 Chip Security Act 20:48 Government led AI-ISAC? 23:16 UK government considering banning public sector ransomware payments 28:14 Microsoft probing if Chinese hackers learned SharePoint flaws through alert 42:07 Ethics in Vendor Relationships – Gifts for meetings America's AI Action Plan “America’s AI Action Plan,” released by the Trump administration, outlines a roadmap with over 90 federal actions across three pillars—accelerating AI innovation, building U.S. AI infrastructure, and asserting international AI leadership through exports and technology alliances. The Chip Security Act: A Bipartisan Solution to Chip Smuggling The Chip Security Act, introduced by U.S. lawmakers, mandates that export‑controlled AI chip makers (like NVIDIA) embed on‑chip location‑verification mechanisms to ensure devices go only where they’re authorized—aiming to deter smuggling (especially to China) without deploying intrusive GPS or kill switches. Why a Government-Led AI-ISAC is a Missed Opportunity Errol Weiss argues that an AI‑ISAC led by the U.S. government, as proposed in the July 2025 White House AI Action Plan, represents a missed opportunity, because government-led initiatives tend to be bureaucratic, slow, less innovative, struggle to win private-sector trust and buy‑in, risk duplicating existing ISAC efforts, and may be perceived as politically biased—undermining effective, rapid, cross-industry intelligence sharing UK plans to ban public sector bodies from paying ransom to cyber criminals The UK government is set to ban public sector bodies and operators of critical national infrastructure from paying ransom demands to cyber criminals, as part of a wider package also mandating mandatory reporting for other organisations planning to pay, aimed at dismantling the ransomware business model and protecting essential services from dangerous disruptions. Microsoft probing if Chinese hackers learned SharePoint flaws through alert, Bloomberg News reports Microsoft is investigating whether a leak from its Microsoft Active Protections Program (MAPP)—which provides early vulnerability alerts to security partners—may have enabled Chinese-aligned hackers (Linen Typhoon, Violet Typhoon, and Storm-2603) to exploit critical zero‑day flaws in on-premises SharePoint servers before Microsoft fully patched the software, fueling a global espionage and ransomware campaign. Hosts: Jerry Perullo (Founder, https://adversarial.com/) Sounil Yu (Founder, https://www.knostic.ai/) Mario Duarte (Founder, stealth startup) Producer: Tillson Galloway (https://tillsongalloway.com)

    52min

  6. 15 DE JUL.

    Adversarial Podcast Ep. 27 - Is AI necessary for cyber investment? Microsoft moving away from kernel-based AV; Moonlighting and Fake IT workers

    00:00 Intro 3:23 Cybersecurity stocks: why now might be the time to buy? 8:55 AI in cyber investment and business 29:28 Microsoft is moving antivirus providers out of the Windows kernel 34:29 New AI Malware PoC Reliably Evades Microsoft Defender 37:08 VSCode Fork; Putting Millions at Risk 43:39 Extensions turn Trojan and infect 2.3M Chrome and Edge users 54:20 US government takes down major North Korean ‘remote IT workers’ operation 1:06:06 Phishing Training Doesn't Work Cybersecurity stocks: why now might be the time to buy? https://moneyweek.com/investments/tech-stocks/buy-cybersecurity-stocks AI Is Driving A Shift Towards Outcome-Based Pricing Cloudflare will now, by default, block AI bots from crawling its clients’ websites Microsoft is moving antivirus providers out of the Windows kernel https://www.theverge.com/news/692637/microsoft-windows-kernel-antivirus-changes New AI Malware PoC Reliably Evades Microsoft Defender https://www.darkreading.com/endpoint-security/ai-malware-poc-evades-microsoft-defender Marketplace Takeover: How We Could’ve Taken Over Every Developer Using a VSCode Fork; Putting Millions at Risk https://blog.koi.security/marketplace-takeover-how-we-couldve-taken-over-every-developer-using-a-vscode-fork-f0f8cf104d44 Massive browser hijack: extensions turn Trojan and infect 2.3M Chrome and Edge users https://cybernews.com/security/chrome-edge-hijacked-by-eighteen-malicious-extensions US government takes down major North Korean ‘remote IT workers’ operation https://techcrunch.com/2025/06/30/us-government-takes-down-major-north-korean-remote-it-workers-operation/ We've All Been Wrong: Phishing Training Doesn't Work https://www.darkreading.com/endpoint-security/phishing-training-doesnt-work Hosts: Jerry Perullo (Founder, https://adversarial.com/) Sounil Yu (Founder, https://www.knostic.ai/) Mario Duarte (Founder, stealth startup) Producer: Tillson Galloway

    1h17min

  7. 1 DE JUL.

    Adversarial Podcast Ep. 26 - US Treasury's Cybersecurity Failures, SEC scraps proposed cybersecurity rules, what makes AI Security different

    00:00 Intro 03:17 Banks call out US Treasury's cybersecurity failures 28:54 SEC scraps proposed cybersecurity rules 38:05 What makes AI Security different Banks Challenge Treasury on Cybersecurity Failures. A coalition of major U.S. banking associations—including the American Bankers Association, Bank Policy Institute, MFA, and SIFMA—has publicly challenged the U.S. Treasury and OCC to adopt private-sector cybersecurity standards, decentralize sensitive data, enforce rapid breach notifications, and streamline data collection following high-profile email breaches at federal regulators. https://www.theglobaltreasurer.com/2025/06/10/banking-groups-demand-regulator-cybersecurity-standards/ SEC scraps proposed cybersecurity rules for investment advisers, market participants. The U.S. Securities and Exchange Commission (SEC) has scrapped proposed cybersecurity regulations targeting investment advisers, funds, and market participants. The withdrawal reflects pushback from the financial industry, which cited concerns over compliance burdens and regulatory overlap. Critics argue the move weakens oversight as cyber threats continue to rise across the financial sector. https://www.cybersecuritydive.com/news/sec-withdraw-cyber-rules-investment-advisers-funds/750786/ Exclusive: New Microsoft Copilot flaw signals broader risk of AI agents being hacked—‘I would be terrified’. A newly discovered vulnerability in Microsoft’s Copilot platform—dubbed “Echoleak”—allows malicious actors to extract private user data from AI agent interactions. The flaw underscores the broader risks associated with AI-powered assistants, particularly as they become more deeply embedded in enterprise workflows. Experts warn this class of attacks could signal a new era of AI exploitation. https://fortune.com/2025/06/11/microsoft-copilot-vulnerability-ai-agents-echoleak-hacking/ Hosts: Jerry Perullo (Founder, https://adversarial.com/)Sounil Yu (Founder, https://www.knostic.ai/)Mario Duarte (Founder, stealth startup)Producer: Tillson Galloway (https://tillsongalloway.com)

    59min

  8. 16 DE JUN.

    Adversarial Podcast Ep. 25 – From CISOs to Entrepreneurs, Trump changes to Biden's Cyber EOs, banks ask SEC to drop disclosure requirements

    00:00 Intro 04:15 Our journeys from CISOs to Entreprenuers 23:48 Trump changes Biden's Cyber EOs 28:40 States rebuff proposed federal ban on AI laws 36:43 Vanta bug exposes customers' data to other customers 49:12 SentinelOne outage 52:53 Banking groups ask SEC to drop incident disclosure requirements 1:00:37 Cybersecurity teams generate average $36M in business growth 1:03:50 Cybersecurity Companies Want to Go Public. The Market Isn’t Letting Them Trump Cybersecurity Fact Sheet President Trump announced a reprioritization of U.S. cybersecurity efforts, shifting away from prior frameworks and emphasizing national defense and economic resilience. https://www.whitehouse.gov/fact-sheets/2025/06/fact-sheet-president-donald-j-trump-reprioritizes-cybersecurity-efforts-to-protect-america/ Vanta Bug Exposed Customer Data A software flaw in Vanta's platform briefly exposed sensitive compliance data between customers. https://techcrunch.com/2025/06/02/vanta-bug-exposed-customers-data-to-other-customers/ SentinelOne Outage A major backend outage at SentinelOne disrupted security operations for numerous customers. https://apple.news/AuaqeFPP8QUyoOwuAwvRBkA States Push Back on Federal AI Law Ban U.S. states are resisting a federal proposal to ban state-level AI regulation, citing sovereignty and innovation concerns. https://www.wsj.com/articles/states-rebuff-proposed-federal-ban-on-ai-laws-6dde3ce6?mod=procyber_lead_pos1&tpl=cs Banking Groups Oppose SEC Cyber Rule Banking associations urged the SEC to drop mandatory cyber incident disclosure rules, citing risk to financial stability. https://ecency.com/hive-167922/@justmythoughts/banking-groups-ask-sec-to Cybersecurity Teams “Drive $36M in Growth” A report claims cybersecurity teams deliver $36M in business value annually—an assertion met with industry skepticism. https://www.infosecurity-magazine.com/news/cybersecurity-teams-business-growth/ Cybersecurity IPO Market Frozen Despite strong interest, cybersecurity companies are unable to go public due to investor hesitation and market volatility. https://www.wsj.com/articles/cybersecurity-companies-want-to-go-public-the-market-isnt-letting-them-60bfe663 Hosts: Jerry Perullo (Founder, https://adversarial.com/)Sounil Yu (Founder, https://www.knostic.ai/)Mario Duarte (Founder, stealth startup)Producer: Tillson Galloway (https://tillsongalloway.com)

    1h11min
Ver tudo (42)

Classificações e avaliações

5
de 5
22 avaliações

Sobre

Join former ICE:NYSE CISO Jerry Perullo, former Snowflake CISO Mario Duarte, and former JupiterOne CISO and Bank of America leader Sounil Yu as they dive into the good, the bad, and the ugly in the latest cybersecurity news. Each week, we discuss the most pressing headlines, offer candid commentary, and share unique insights from our extensive experience in the field.

Informações

  • Criado por
    Jerry Perullo, Sounil Yu, Mario Duarte
  • Anos de atividade
    2022 - 2025
  • Episódios
    42
  • Classificação
    Livre
  • Copyright
    © Adversarial Risk Management
  • Site do podcast
    The Adversarial Podcast

Você também pode gostar de