mnemonic security podcast
The mnemonic security podcast is a place where IT Security professionals can go to obtain insight into what their peers are working with and thinking about.
mnemonic security podcast
Lay of the Land: How Attackers Move in '26
Use Left/Right to seek, Home/End to jump to start or end. Hold shift to jump forward or backward.
The security world is a noisy place lately. What's actually going on in the trenches?
Candid Wüest, Principal Security Advocate at xorlab, joins Robby to cut through the hype and take a look at how attackers are actually operating in 2026.
They open with a reference to their last discussion about LLM-infused malware, and touch upon using deception techniques such as honey tokens, fake password files and prompt injections to derail automated attackers. From there, they walk through the actual lay of the land: edge device exploits, credential abuse via infostealers, supply chain attacks targeting GitHub repositories, and why ClickFix social engineering is still working just as well as ever. They also dig into the growing connection between AI-assisted development and supply chain risk and what organisations should actually be doing about it.
The episode closes on the bug bounty market, where AI is quietly disrupting the economics of responsible disclosure, and what that might mean for how vulnerabilities get reported, priced, and exploited going forward.
