YusufOnSecurity.com

EXPLORE

Society & Culture

© 2024 PodJoint

https://is1-ssl.mzstatic.com/image/thumb/Podcasts211/v4/03/fe/d0/03fed0cd-0a38-c9eb-bdc6-41f1cc9a1f27/mza_14936740212252581849.jpg/600x600bb.jpg

YusufOnSecurity.com

YusufOnSecurity.Com

256 episodes

3 days ago

Enjoying the content? Let us know your feedback! As we've done at the end of each year, it's time to look back at what resonated most with you, our listeners. 2025 brought us some incredible episodes covering everything from fundamental security concepts to cutting-edge AI developments. But three episodes truly stood out—pulling the highest download numbers and sparking the most conversation. These weren't just popular because they covered trending topics. They addressed real, practical chal...

Show more...

All content for YusufOnSecurity.com is the property of YusufOnSecurity.Com and is served directly from their servers with no modification, redirects, or rehosting. The podcast is not affiliated with or endorsed by Podjoint in any way.

Enjoying the content? Let us know your feedback! As we've done at the end of each year, it's time to look back at what resonated most with you, our listeners. 2025 brought us some incredible episodes covering everything from fundamental security concepts to cutting-edge AI developments. But three episodes truly stood out—pulling the highest download numbers and sparking the most conversation. These weren't just popular because they covered trending topics. They addressed real, practical chal...

Show more...

Episodes (20/256)

YusufOnSecurity.com

The best of 2025

Enjoying the content? Let us know your feedback! As we've done at the end of each year, it's time to look back at what resonated most with you, our listeners. 2025 brought us some incredible episodes covering everything from fundamental security concepts to cutting-edge AI developments. But three episodes truly stood out—pulling the highest download numbers and sparking the most conversation. These weren't just popular because they covered trending topics. They addressed real, practical chal...

1 week ago

1 hour 40 minutes

YusufOnSecurity.com

255 - Shadow AI-The Invisible Security Risk Already Inside Your Organization

Enjoying the content? Let us know your feedback! Today, we're tackling one of the fastest-emerging threats of 2025—one that's probably already active in your organization right now, whether you know it or not. We're talking about Shadow AI, and the statistics are alarming: That means right now, as you're listening to this, someone in your organization is likely pasting sensitive data into ChatGPT, Claude, or another AI tool—and your security team has no idea it's happening. Lets peel the onio...

2 weeks ago

23 minutes

YusufOnSecurity.com

254 - Infostealers-The Silent Malware Stealing Everything

Enjoying the content? Let us know your feedback! Today we're talking about one of the most dangerous yet underestimated threats in cybersecurity right now. While everyone's worried about ransomware making headlines with million-dollar extortion demands, there's a quieter threat that's actually fueling those attacks. It's called infostealer malware, and in 2024 alone, these silent digital pickpockets were responsible for nearly one in four cyberattacks. They stole over 2 billion credentials an...

3 weeks ago

27 minutes

YusufOnSecurity.com

253 - Shadow IT and SaaS Sprawl - The Hidden Security Risk in Your Organization

Enjoying the content? Let us know your feedback! Imagine discovering that your organization is running nearly ten times more applications than your IT team knows about. Imagine learning that two out of every three cloud tools being used by your employees were never approved, never vetted for security, and are completely invisible to your monitoring systems. Now imagine that one-third of all data breaches last year involved exactly these kinds of hidden applications. This isn't a hypothetical ...

1 month ago

14 minutes

YusufOnSecurity.com

252 - Windows password security - What is under the hood?

Enjoying the content? Let us know your feedback! Today, we're lifting the hood on something you interact with dozens of times per day but probably never think about: Windows password security. What actually happens when you type your password and hit Enter? Where does Windows store that password? And perhaps most importantly, why do attackers spend so much time trying to steal password databases? https://learn.microsoft.com:Prevent Windows Store LMHash Password https://www.nist.go...

1 month ago

32 minutes

YusufOnSecurity.com

251 - The Future of Security Operations- Are SIEM, XDR, and SOAR Converging or Moving Apart?

Enjoying the content? Let us know your feedback! Today we're talking about the future of security operations, specifically three technologies that have dominated the conversation for the past few years: SIEM, XDR, and SOAR. And I'm going to make a case that might surprise some people: these tools are converging. They're merging into unified platforms, and that's actually a good thing. Now, if you're a security professional, you've probably noticed this trend already. Vendors are starting to ...

1 month ago

22 minutes

YusufOnSecurity.com

250 - PenTesting vs Red Teaming vs Vulnerability Assessment-Which One Do You Need?

Enjoying the content? Let us know your feedback! Today we're tackling a question I get asked constantly: "Should we do a pentest, a red team engagement, or a vulnerability assessment?" These terms get thrown around interchangeably, but they're actually very different things with different goals, different costs, and they're appropriate for different situations. Choosing the wrong one can either waste money on overkill testing or leave you with a false sense of security. Here's the reality: ...

1 month ago

20 minutes

YusufOnSecurity.com

249 - What Is Credential Stuffing? How Hackers Use Your Old Passwords Against You

Enjoying the content? Let us know your feedback! Today we're talking about one of the most common yet misunderstood cyber attacks happening right now: credential stuffing. And I do mean right now. As I'm recording this, somewhere in the world, automated bots are attempting billions of login attempts across thousands of websites, trying to break into accounts using stolen usernames and passwords. - https://www.usenix.org: Protecting accounts from credential stuffing with password breach alerti...

1 month ago

30 minutes

YusufOnSecurity.com

248 - The Truth About Security Awareness Training- Why 95% of Programs Don't Work

Enjoying the content? Let us know your feedback! Today we're diving into something that keeps cybersecurity professionals up at night, and no, it's not the latest ransomware attack or data breach. It's something much more frustrating: the fact that despite spending billions of dollars on security awareness training every year, employees keep clicking on phishing emails, using weak passwords, and falling for social engineering attack. - https://www.sans.org: Security Awareness Training - http...

2 months ago

29 minutes

YusufOnSecurity.com

247 - AI-Powered Browsers-The Privacy and Security Risks No One Talks About

Enjoying the content? Let us know your feedback! Something fundamental changed in how we browse the internet in October 2025, and most people have no idea. In just 48 hours, OpenAI launched ChatGPT Atlas, Microsoft fired back with a revamped Edge, and suddenly every major tech company was racing to release AI-powered browsers that don't just load web pages—they can read your emails, book your travel, and access every logged-in account you have, all autonomously. The marketing promises unprece...

2 months ago

23 minutes

YusufOnSecurity.com

246 - Is AI-Generated Code Safe-The Hidden Dangers of Vibe Coding

Enjoying the content? Let us know your feedback! So today, we're unpacking what vibe coding is, why it's creating serious security risks, and what you can do about it. Because whether you love it or hate it, vibe coding isn't going anywhere. The question is: are we shipping features, or are we shipping vulnerabilities? All that coming up next in today's episode. Be sure to subscribe! You can also stream from https://yusufonsecurity.com In there, you will find a list of all previous episodes...

2 months ago

21 minutes

YusufOnSecurity.com

245 - 50 Documents Can Poison AI Models - CISA KEV Adds 12 Decade-Old Vulnerabilities and Salesforce Ransomware

Enjoying the content? Let us know your feedback! This week, we've got three stories that really caught my attention, and honestly, they're all pretty alarming in their own ways. If you're new here, welcome to the show where we break down the latest cybersecurity news and help you understand what's really happening in the cyber security domains. We're going to talk about a shocking discovery about AI security - turns out it takes way fewer malicious documents than anyone thought to compl...

2 months ago

30 minutes

YusufOnSecurity.com

244 - The Recent Cyberattacks on European Airports - A Wake-Up Call for Critical Infrastructure

Enjoying the content? Let us know your feedback! Picture this: You're at London Heathrow, Europe's busiest airport, ready to check in for your flight. But the kiosks aren't working. The screens are blank. Airport staff are scrambling with iPads and even pen and paper to manually check passengers in. Your flight is delayed, maybe canceled. And you're stuck in a long line with thousands of other frustrated travelers. Today we're diving into something that disrupted the travel plans of thousand...

3 months ago

43 minutes

YusufOnSecurity.com

243 - Are Web Application Firewalls (WAFs) Obsolete in 2025? Pros, Cons, and Future of Application Security - Part 2

Enjoying the content? Let us know your feedback! Welcome back and thank you for tuning in to YusufOnSecurity, the cyber-security podcast for everyday defender from analyst to the C-Suites, in plain English. I am your host Ibrahim Yusuf... This is part 2 of where we will continue covering the debate that's been heating up in security circles: Are Web Application Firewalls obsolete? Now, if you've been in the security game for a while, you've probably heard the whispers. Some people are...

3 months ago

28 minutes

YusufOnSecurity.com

241 - AI vs. Cybersecurity-How LLMs Are Reshaping the Defender-Attacker Battle

Enjoying the content? Let us know your feedback! In this week's episode I am joined by my good old friend Shakel Ahmed a cyber security practitioner with over 20 years of experience. We discussing how the cybersecurity landscape is at a tipping point as AI revolutionizes both defenses and threat capabilities. While tools like ML/LLM boost defender and developer efficiency, they're simultaneously empowering attackers with unprecedented advantages—operating without the ethical constraints that ...

3 months ago

55 minutes

YusufOnSecurity.com

242 - Are Web Application Firewalls (WAFs) Obsolete in 2025? Pros, Cons, and Future of Application Security - Part 1

Enjoying the content? Let us know your feedback! We're tackling a debate that's been heating up in security circles: Are Web Application Firewalls obsolete? Now, if you've been in the security game for a while, you've probably heard the whispers. Some people are saying WAFs are dead weight, legacy technology from a bygone era. Others swear by them as the cornerstone of application security. So which is it? Well, stay tuned because this is exactly what you will find out in today's episode. -...

3 months ago

23 minutes

YusufOnSecurity.com

240 - The Great OAuth Heist: How Salesloft's Breach Exposed Major Cybersecurity Firms

Enjoying the content? Let us know your feedback! Today we're unpacking one of the most significant supply chain attacks of 2025 - the Salesloft-Drift OAuth breach that sent shockwaves through the enterprise software world. We'll explore how a compromise at one marketing company led to data theft at some of the biggest names in cybersecurity and technology. We'll break down the technology at the heart of it all - i.e. those digital keys that let applications talk to each other - and exa...

4 months ago

37 minutes

YusufOnSecurity.com

239 - Volt Typhoon Report-How Critical Infrastructure Was Targeted and Compromised

Enjoying the content? Let us know your feedback! Today’s episode is all about Volt Typhoon, a Chinese state-sponsored hacking group whose stealthy techniques and strategic missions have caused significant concern for defenders worldwide. We’ll break down who Volt Typhoon is, analyze the recent major report covering their activities, walk through real examples of the organizations they targeted, and explain every bit of technical jargon so everyone can follow along. By the end, you’ll und...

4 months ago

25 minutes

YusufOnSecurity.com

238 - Patchwork and Transparency -Microsoft’s August Security Updates & Google's Project Zero Redefined

Enjoying the content? Let us know your feedback! This week, the cybersecurity landscape delivers two major stories that demand attention. Microsoft’s August Patch Tuesday brought a wave of critical updates and exposed gaps, challenging defenders to reassess their priorities and protections. Meanwhile, Google’s Project Zero team is changing the rules on how and when the world learns about new vulnerabilities—speeding up transparency and raising fresh questions for vendors and users alike. - ht...

4 months ago

15 minutes

YusufOnSecurity.com

237 - Generative AI Security-How Companies Protect Against Attacks and Data Risks

Enjoying the content? Let us know your feedback! In this episode, we’re diving into how companies are working to secure Generative AI—the technology behind chatbots, image creators, and code-writing assistants. We’ll break down how it’s different from traditional enterprise security, look at real-world attack examples, bust some myths, and explore what the future holds. - https://owaspai.org: AI Security Overview - https://artificialintelligenceact.eu: The EU AI Act Be sure to subscribe! Y...

4 months ago

22 minutes