TVs, Old York, Flipper One, Ubiquity, Underminr, CISOs, GitHub, Josh Marpet... - SWN #583
Get the full intelligence
Search transcripts, export clips, track mentions, and explore all topics from “TVs, Old York, Flipper One, Ubiquity, Underminr, CISOs, GitHub, Josh Marpet... - SWN #583” inside PodZeus.
A staggering 75% of organizations knowingly ship vulnerable code simply to meet business deadlines—a cultural crisis in software development that’s fueling supply chain risks and making enterprises ripe for attack. Doug White and guest Josh Marpet dissect this alarming trend, revealing how pressure from sales and marketing to 'ship now' overrides security, even when the consequences are catastrophic. The episode dives into real-world threats like the Flipper One project, a modular Linux-powered security toolkit aiming to be the ultimate hacker’s Swiss Army knife, and the dangerous 'Underminer' attack that mimics domain fronting to bypass CDNs. Meanwhile, a UK doctor fined £1,000 for littering defends himself by blaming AI-generated images—raising urgent questions about digital evidence integrity in courts. The podcast also exposes the CISO talent shortage, where companies offer $22–25/hour for roles requiring PhDs and 10 years of experience, and reveals a GitHub supply chain breach affecting 3,800 internal repositories. At the heart of it all: a broken culture where security is an afterthought, and the tools to fix it—like open-source TV firmware—are being fought tooth and nail by corporations.
75% of organizations ship code they know is vulnerable due to business pressure, not technical inability.
The 'Underminer' attack uses DNS and SNI manipulation to bypass CDNs, mimicking domain fronting—most CDNs don’t yet block it.
Flipper One is a modular, Linux-based security platform designed to be a universal toolkit for penetration testing and network manipulation.
Vizio is being sued by the Software Freedom Conservancy for eight years to release full open-source code for its Linux-based TVOS.
CISO roles are in crisis: 35,000 global CISOs for 300–600 million businesses, with pay as low as $22–25/hour for PhD-level candidates.
…and 3 more takeaways available in PodZeus
Welcome to Security Weekly News #583
Doug White kicks off the episode with his signature humor, referencing pop culture, the 108-minute cycle, and the 4-8-15-16-23-42 sequence from Lost, setting a playful tone for the week's security news.
Flipper One: The Next-Gen Security Swiss Army Knife
“Well, shut up and take my money. I mean, come on. Why not? A TV media box, an HDMI support device. So basically all this and it can poach an egg and clean up cat barf.”
Ubiquity OS: Critical Vulnerabilities Exposed
“So because this thing is all intrusive. It pretty much is pretty scary if they say somebody could make changes to targeted systems, like say active directory devices or something like that, or just Linux servers.”
Underminer: The New Domain Fronting Threat
“The simplest explanation for all this is that you show a ticket to the conductor for the train to Valley Stream, but you just stay on the train until you get to Montauk.”
The CISO Crisis: Talent Shortage and Pay Disparity
“She said it's $22 to $25 per hour, no benefits. And I said, and is this a full-time job? And she said, well, it's 39 hours a week. And I was like, oh, so you said it like that, so I don't get any benefits.”
“It wasn't me, your worship. It was that nasty Claude made a picture of me with a witch. And the witch, well, the witch made those other pictures of me putting a tea in first instead of the milk and throwing that cigarette butt on the ground.”
“We have a culture where code applications just aren't secure. And this is actually down. This is the scary part. So the Verizon Data Breach Investigation Report actually said that it was down from 81% of organizations shipped insecure code or vulnerable code knowingly. So it's down and we're still at 75%.”
“The simplest explanation for all this is that you show a ticket to the conductor for the train to Valley Stream, but you just stay on the train until you get to Montauk.”
Host
Guest
Doug White
person
Josh Marpet
person
Flipper One
product
Vizio
organization
Underminer
other
GitHub
organization
Team PCP
other
Ubiquity
organization
Software Freedom Conservancy
organization
Unify OS
product
DexterBot, Darksword, Eviltokens, Tubular Bells, Claude, Drift, Gmail, Josh Marpet... - SWN #569
Security Weekly News (Audio) • 32m • 4/3/2026
Staypuft, Claude, One Pixel, deepfakes, Raccoon, BOFH, Satoshi Nakamoto, Josh Marpet. - SWN #571
Security Weekly News (Audio) • 30m • 4/10/2026
Zuckbot, Rockstar, Klaude, Browsers Galore, Microsoft 365, ATC, Kieran Human and more - Kieran Human - SWN #572
Security Weekly News (Audio) • 36m • 4/14/2026
Dougbot, RedSun, ATHR, Vishing, Cisco, Google, Chrome, Severance, Shor, Josh Marpet.. - SWN #573
Security Weekly News (Audio) • 33m • 4/17/2026
Robosawmill, Gentleman, Vercel, GitHub, Claude, RS232, Josh Marpet, and More... - SWN #574
Security Weekly News (Audio) • 32m • 4/21/2026
Get the full intelligence
Search transcripts, export clips, track mentions, and explore all topics from “TVs, Old York, Flipper One, Ubiquity, Underminr, CISOs, GitHub, Josh Marpet... - SWN #583” inside PodZeus.
Start discovering podcast insights today
Start with a 7-day trial and explore a growing catalog of popular podcasts. No credit card required.
No credit card required • 7-day trial • Cancel anytime