Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

This week on the podcast, we cover a wave of attacks against network edge equipment and internet-exposed systems including an update on the recently patched Firebox 0-Day. After that, we cover two stories on browser extensions siphoning off data and making unwanted modifications to victim’s web browsing activity.

SecurityScorecard is the global leader in cybersecurity ratings and the only service with over 12 million companies continuously rated.

Security teams don’t struggle to find issues. They struggle to move them forward. In this use case demo, we show how remediation coordination breaks down when assets have no clear owner, and how remediation orchestration restores accountability across teams, tools, and environments. You’ll see how security teams can move beyond manual handoffs, Slack messages, and guesswork by orchestrating remediation across teams, even when ownership is unclear or spans multiple domains.

Now that ggshield is installed, the next step is to authenticate it with GitGuardian so it can scan and talk to the API. The most common method is browser-based login: ggshield auth login This opens your browser and prompts you to sign in through the GitGuardian dashboard. It automatically generates an access token for you and stores it safely in your local configuration. By default, the token is scoped for secret scanning, which is what most people need. We’ll revisit scopes later.

In this video, I walk you step by step through the process of adding MCP servers to Google’s Antigravity. You’ll learn how they integrate with Antigravity and how to configure them correctly so everything runs smoothly.

Garrett Hamilton, CEO and Co-Founder of Reach Security, sits down with Todd Graham, Managing Partner at Microsoft’s venture fund M12, to discuss why modern cybersecurity programs struggle to reduce real risk — despite massive spending on tools. Recorded at Black Hat, the conversation explores how misconfigurations, unused controls, and operational blind spots create exposure long before attackers need advanced techniques.

Security teams know the attack techniques. What they don’t always know is how those techniques actually land in their environment. Reach maps your existing controls to MITRE ATT&CK (and D3FEND) and shows—visually—︎ which techniques are covered︎ which tools provide that coverage︎ and where real gaps exist Because “we have the tool” isn’t the same as “the technique is stopped.”

Kovrr’s new AI Risk Governance Suite gives enterprises the visibility, structure, and measurable control needed to manage GenAI responsibly across its full lifecycle. Join us for Office Hours: Part 1, where Or Amir will walk through the first three modules of the suite—showing how enterprises can gain real-time oversight and quantifiable insight into their AI landscape: Discover how these capabilities help enterprises align innovation with accountability—building a defensible foundation for responsible GenAI adoption.

Nate Fulton, Operations & Technology Support Specialist at Visit Indy, shares how PhishER has simplified their day-to-day IT work and provided more free time to assist users and focus on training. Learn how PhishER addresses the challenges of managing reported emails.

See how to build a prompt-based custom entity detector in Nightfall that understands context, not just patterns. Using a real healthcare example, you’ll see how prescription numbers are detected accurately while similar-looking data like purchase order numbers are ignored. You’ll see: Why regex breaks down in real workflows How prompt-based detection reduces false positives Creating a custom detector with positive and negative examples Deploying it to Slack and validating results across files.