Dennis sits down with Tom Ptacek of Fly.io, a veteran security researcher, founder, and observer of the vulnerability landscape, to talk about the recent wave of AI-assisted vulnerability discovery and exploit development, specifically from the use of frontier models such as Claude Mythos. Tom has strong opinions on what's coming and how human researchers and defenders need to respond.

Tom's post: https://sockpuppet.org/blog/2026/03/30/vulnerability-research-is-cooked/

The internet is dark and full of terrors, but thanks to folks such as Andrew Northern, a principal security researcher at internet-mapping pioneer Censys, it doesn't have to be, Andrew joins Dennis to talk about the cybercrime ecosystem, getting his start in security on a tiny team with huge responsibilities, and the value of a strong mentor.

It's been quite a week in security news, and Dennis and Lindsey dig into the continued effects of the axios supply chain attack, the incredibly fast adoption of AI tools for vulnerability research and what that means for software makers and defenders, and what the future holds for vulnerability research and exploit development.

Security Theater in Austin: https://material.security/theater-2026#theater-live-event

Dennis and Lindsey dig into what we know do far about the supply chain attack on the axios NPM package, including how the attacker gained access to the maintainer's account, the window of exposure for the malicious packages, the behavior of the RAT that's installed on victims' machines, and what the downstream effects may be.

Links

Huntress post: https://www.huntress.com/blog/supply-chain-compromise-axios-npm-package

Socket analysis: https://socket.dev/blog/axios-npm-package-compromised

Fresh off the plane from RSA, Dennis fills Lindsey in on everything she missed (and didn't miss) at this year's conference (0:23), from the insanity of the expo floor (4:06) to the appearance of a line of synchronized robots or spacemen or something (8:18), to some very interesting conversations about the hyper speed of AI malware development and what's coming next for defenders (27:25).

With the RSA Conference on the horizon, Dennis and Lindsey are here with a preview of the conference's more interesting sessions and keynotes, a discussion of the recent and ancient history of the conference, and a quick game: Is this a security vendor or a prescription drug name?

Sure, space pirate is a cool title, but what about space hacker? Way cooler! With the imminent release of Project Hail Mary, Wendy Nather joins Dennis Fisher to dig into the nutrient-rich narrative soil that produced a modern classic that truly epitomizes the hacker ethos. We are the greatest podcasters on Mars!

This week's news includes a reappearance by an old favorite, APT28, aka Fancy Bear, which is back with some nasty new implants and tools it is deploying against targets in Ukraine (2:10), and we also have another law enforcement disruption of a residential proxy network, this one known as SocksEscort, which had victims all over the globe (7:45). Lastly, we talk about some of the upcoming episodes, including a new hacker movie podcast and our RSA preview that's coming next week.

Links

APT28 reappears: https://decipher.sc/2026/03/10/apt28-reemerges-with-modern-espionage-arsenal-code-tied-to-2010s-operations/

SocksEscort takedown: https://decipher.sc/2026/03/12/us-europol-crack-down-on-socksescort-residential-proxy-network/

The process of developing and deploying exploits is a complex and controversial one and it's often a black box to outside observers. To help shine a light on how this all works, Caitlin Condon of VulnCheck joins Dennis Fisher for a deep dive into the zero day exploit landscape, what goes into exploit development, and what actually qualifies as a functional exploit.

Every day is zero day, and this week we talked about the new Google Threat Intelligence Group report on the zero day exploit landscape in 2025 (2:22) and who's exploiting what, then we discuss Microsoft's disruption of the Tycoon 2FA cybercrime operation (9:51), and finally we talk about the KEVology report from runZero and our new podcast with Tod Beardsley (13:25).

Tod Beardsley, VP of security research at runZero and former KEV section chief at CISA, joins Dennis Fisher to talk about the evolution of the Known Exploited Vulnerabilities catalog, how much value defenders should place on a specific bug being in the KEV, and his new KEVology report that breaks down all of the data in the KEV and sifts through it for specific insights for defenders.