Exploited: The Cyber Truth

RunSafe Security
  • 0.0 (0)
  • EDUCATION
  • UPDATED WEEKLY

Exploited: The Cyber Truth is a hard-hitting, no-fluff podcast exposing the realities of today’s cyber threat landscape and risks to critical infrastructure. Through candid conversations with top cybersecurity experts, industry leaders, and frontline defenders, the show breaks down recent high-profile vulnerabilities and exploits and covers innovative strategies used to stop them. To keep critical infrastructure safe, defenders need the upper hand. Tune in and get the cyber truth.

  1. 2026 ICS Security Predictions: What’s Next for Critical Infrastructure

    5D AGO

    2026 ICS Security Predictions: What’s Next for Critical Infrastructure

    As industrial control systems become more connected, more Linux-based, and more exposed to IT-style threats, 2026 is shaping up to be a turning point for ICS security. In this end-of-year predictions episode of Exploited: The Cyber Truth, host Paul Ducklin is joined by RunSafe Security Founder & CEO Joseph M. Saunders and CTO Shane Fry to discuss what will define ICS and critical infrastructure security in 2026. The episode explores a bold prediction: We will see a major ICS breach originating from a web application vulnerability running directly on an embedded control device. As full Linux operating systems, Node.js apps, and web servers increasingly appear inside OT equipment, long-standing IT vulnerabilities are colliding with systems that are difficult—or impossible—to patch. Joe and Shane dig into why detection-only strategies fall short in constrained, long-lived devices, and why secure by design engineering, memory safety, and runtime protections are becoming essential. They also discuss the importance of accurate, build-time Software Bills of Materials, especially as regulations like the EU Cyber Resilience Act push manufacturers toward transparency, accountability, and provable supply-chain visibility. Together, they cover: Why ICS exploitation is shifting from theoretical to operationalHow web app and RCE vulnerabilities are creeping into OT devicesThe limits of detection-only security strategiesWhy memory safety and runtime protections reduce exploitable riskHow build-time SBOMs improve vulnerability tracking and trust

    32 min
  2. When Vehicles Aren’t Just Machines: Cybersecurity, Autonomy & What’s Next

    12/18/2025

    When Vehicles Aren’t Just Machines: Cybersecurity, Autonomy & What’s Next

    As vehicles evolve into always-connected, software-defined systems, cybersecurity decisions increasingly shape privacy, safety, and trust on the road. In this episode of Exploited: The Cyber Truth, host Paul Ducklin is joined by RunSafe Security CEO Joseph M. Saunders and special guest Sean McKeever, Global Product Cybersecurity Lead at Marelli, for a candid discussion on what it really means to secure modern vehicles. Sean brings deep industry experience to unpack how OEMs and suppliers are navigating data stewardship, autonomous testing, vehicle theft, and diverging global regulations. Together, Paul, Joe, and Sean explore: What constant connectivity means for driver privacy and data stewardshipThe risks of beta-testing autonomous systems on public roadsHow car theft has shifted from physical break-ins to software exploitationWhy U.S. and EU cybersecurity regulations take fundamentally different approachesThe importance of collaboration across OEMs, suppliers, and regulators From RF relay attacks to software-defined vehicles with decade-long lifecycles, this episode highlights why cybersecurity is no longer an add-on but a core design decision shaping the future of mobility.

    33 min
  3. When Open Source Gets You Into Hot Water: Copyleft Risk in Embedded Systems

    12/11/2025

    When Open Source Gets You Into Hot Water: Copyleft Risk in Embedded Systems

    Open source accelerates development in embedded systems, but hidden license obligations can quickly create legal and operational risk. In this episode of Exploited: The Cyber Truth, host Paul Ducklin is joined by RunSafe Security Founder and CEO Joseph M. Saunders and Salim Blume, Director of Security Applications, for a look at how copyleft risk emerges and why compliance in embedded products is more challenging than many teams expect. Salim breaks down how restrictive licenses, such as GPL and AGPL, can force the disclosure of proprietary code, interrupt product shipments, or create exposure long after devices are deployed in the field. Joe shares why accurate SBOMs, automated license checks, and enforcing policy at build time are critical to preventing surprises in downstream products. The discussion also touches on the ongoing Vizio case, where the TV manufacturer faces litigation that could compel public release of source code under the GPL, highlighting how open source obligations can surface years after products hit the market. Together, Paul, Joe, and Salim explore: How copyleft obligations can require source-code disclosureWhy embedded environments complicate license complianceReal-world cases where unnoticed GPL dependencies caused major issues, such as Vizio’s GPL lawsuit and Cisco’s WRT54G router familyThe growing implications of AGPL for SaaS and connected servicesHow build-time SBOMs and automated controls reduce long-term risk Whether you're building connected devices, managing software supply chain compliance, or protecting proprietary IP, this episode offers practical guidance to reduce copyleft risk before it becomes a costly problem.

    30 min
  4. The Asymmetric Advantage: How Cybersecurity Can Outpace Adversaries

    12/04/2025

    The Asymmetric Advantage: How Cybersecurity Can Outpace Adversaries

    In this episode of Exploited: The Cyber Truth, host Paul Ducklin sits down with RunSafe Founder and CEO Joseph M. Saunders to explore why the future of cyber defense depends on disrupting attacker economics rather than racing to keep up with every new threat. Joe breaks down how organizations can gain an asymmetric advantage by reducing exploitability across entire classes of vulnerabilities, especially persistent memory safety flaws that continue to expose critical systems. He shares why adding lightweight, automated protections at build time is one of the fastest ways to shift the cost curve onto attackers without forcing massive code rewrites or slowing development teams down. Together, Paul and Joe discuss: Why attackers’ resource advantage requires a new defensive mindsetThe power of “patchless” protection in embedded and OT environmentsWhy memory safety flaws persist and how to neutralize them at scaleThe risks of AI-generated code and how to prevent silent vulnerabilitiesHow Secure by Design practices improve resilience for critical infrastructure If you're responsible for securing embedded systems, OT assets, or long-lived devices where patch cycles are slow and risk is high, this episode offers a new mindset that gives defenders the upper hand.

    27 min
  5. Smarter Vulnerability Management in OT Systems: Building Resilience

    11/20/2025

    Smarter Vulnerability Management in OT Systems: Building Resilience

    As OT environments face rising geopolitical tensions, ransomware threats, and aging infrastructure, vulnerability management has never been more complex. In this episode of Exploited: The Cyber Truth, host Paul Ducklin is joined by RunSafe Security CEO Joe Saunders and Stuxnet expert Ralph Langner, Founder and CEO of Langner, Inc. Ralph shares from his decades of firsthand experience defending industrial control systems and explains why traditional CVE-focused vulnerability management falls short in OT. He breaks down the three major categories of OT vulnerabilities—design flaws, feature abuse, and configuration errors—and reveals why competent attackers often ignore CVEs entirely. Joe highlights how memory-based vulnerabilities continue to threaten critical systems and why eliminating entire vulnerability classes can create an asymmetric advantage for defenders. Together, Ralph and Joe explore: Why most OT equipment remains insecure by design and why replacement will take decadesHow features, not bugs, often become the real attack vectorThe growing role of ransomware and IT-side weaknesses in OT compromisesPractical steps OT defenders can take today to incrementally improve resilienceThe value of class-level protections, better architectures, and secure development processes Whether you secure energy infrastructure, manufacturing systems, or mixed IT/OT networks, this episode delivers experience-driven guidance for strengthening cyber-physical resilience.

    28 min
  6. Clean Files, Safe Operations: Defending Federal and OT Systems from AI-Driven Threats

    11/13/2025

    Clean Files, Safe Operations: Defending Federal and OT Systems from AI-Driven Threats

    AI is fueling both innovation and new attack tactics. In this episode of Exploited: The Cyber Truth, host Paul Ducklin is joined by RunSafe Security Founder and CEO Joseph M. Saunders and Kelly Davis, Senior Solutions Architect at Glasswall, to uncover how AI-powered malware is slipping through traditional detection in federal and defense environments—and what can be done about it. Kelly breaks down how “clean file” strategies are redefining cybersecurity by ensuring only safe, verified content enters critical systems. Joe connects these insights to operational technology (OT), where malicious code can disrupt industrial operations, safety systems, and even national infrastructure. Together, they explore: How AI is changing both attack and defense in cybersecurityWhy detection-based security is too slow—and how AI is widening the gapHow Content Disarm and Reconstruction (CDR) strengthens federal and defense workflowsHow federal agencies can adopt file-level defenses using pilots, boundary controls, and workflow APIsThe parallels between clean files in IT and secure binaries in OT Whether you’re defending national assets or securing industrial systems, this episode reveals why prevention—not detection—is the smartest defense in the AI era.

    27 min
  7. Designing Security into Life-Critical Devices: Where Innovation Meets Regulation

    11/06/2025

    Designing Security into Life-Critical Devices: Where Innovation Meets Regulation

    As healthcare becomes increasingly connected, cybersecurity is now as critical to patient safety as the devices themselves. In this episode of Exploited: The Cyber Truth, host Paul Ducklin sits down with RunSafe Security Founder and CEO Joseph M. Saunders to explore how medical device manufacturers can design protection into every phase of product development—from concept to deployment and beyond. Joe discusses how medical device manufacturers are aligning innovation with evolving FDA and CISA cybersecurity expectations, embedding secure-by-design principles, and redefining engineering culture to treat security as part of product quality and not just compliance. Listeners will learn: Why Secure by Design is critical for building safe, resilient medical devices from the startHow FDA guidance has pushed manufacturers to treat cybersecurity as part of product design and is reshaping compliance in healthcareWhat a Software Bill of Materials (SBOM) is and why generating it at build time gives the clearest picture of software riskWhy openness about software components helps reduce risk, even when it feels counterintuitiveHow standardizing development practices makes devices safer, lowers costs, and leaves more room for innovation For those developing life-critical devices or managing medtech risk, this episode explores how building security into every stage of design and development protects patients and sustains innovation in connected care.

    27 min
  8. How Generative AI Is Addressing Warfighter Challenges

    10/30/2025

    How Generative AI Is Addressing Warfighter Challenges

    When we think of generative AI in defense, many think of how it will be used on the frontlines. But it actually serves a much wider purpose in helping warfighters plan, prepare, and execute missions. In this episode of Exploited: The Cyber Truth, host Paul Ducklin is joined by RunSafe Security Founder and CEO Joseph M. Saunders and Arthur Reyenger, Generative AI Strategy Executive at Ask Sage, Inc., to explore how generative AI is transforming defense missions—from planning to execution. They discuss how AI-driven decision support, predictive analytics, and digital twins are giving defense teams faster insights and tactical advantages while maintaining trust, security, and control. The conversation looks at examples of how AI is accelerating acquisition processes, strengthening cybersecurity, and even supporting front-line logistics aboard Navy vessels. Together, Joe and Arthur discuss: How generative AI accelerates decision-making and mission readinessThe role of commercial off-the-shelf (COTS) AI in defense innovationWhy responsible AI and human oversight remain criticalHow secure, scalable platforms are redefining operational impact Whether you’re in defense, cybersecurity, or technology leadership, this episode sheds light on how generative AI is helping warfighters stay one step ahead.

    31 min
See All (36)

About

Exploited: The Cyber Truth is a hard-hitting, no-fluff podcast exposing the realities of today’s cyber threat landscape and risks to critical infrastructure. Through candid conversations with top cybersecurity experts, industry leaders, and frontline defenders, the show breaks down recent high-profile vulnerabilities and exploits and covers innovative strategies used to stop them. To keep critical infrastructure safe, defenders need the upper hand. Tune in and get the cyber truth.

Information

  • Creator
    RunSafe Security
  • Years Active
    2K
  • Episodes
    36
  • Rating
    Clean
  • Copyright
    © 2025 Exploited: The Cyber Truth
  • Show Website
    Exploited: The Cyber Truth