Exploited: The Cyber Truth
Exploited: The Cyber Truth
Podcast Description
Exploited: The Cyber Truth is a hard-hitting, no-fluff podcast exposing the realities of today’s cyber threat landscape and risks to critical infrastructure. Through candid conversations with top cybersecurity experts, industry leaders, and frontline defenders, the show breaks down recent high-profile vulnerabilities and exploits and covers innovative strategies used to stop them. To keep critical infrastructure safe, defenders need the upper hand. Tune in and get the cyber truth.
Podcast Insights
Content Themes
The podcast explores topics such as healthcare cybersecurity, automotive security, zero-day vulnerabilities, operational technology risks, and regulatory compliance, with episodes like 'Security Without Code Changes' addressing legislative impacts on medical device security and 'Shifting Cybersecurity Left in Automotive' discussing the Secure by Design approach for vehicle safety.
Exploited: The Cyber Truth is a hard-hitting, no-fluff podcast exposing the realities of today’s cyber threat landscape and risks to critical infrastructure. Through candid conversations with top cybersecurity experts, industry leaders, and frontline defenders, the show breaks down recent high-profile vulnerabilities and exploits and covers innovative strategies used to stop them. To keep critical infrastructure safe, defenders need the upper hand. Tune in and get the cyber truth.
As industrial control systems become more connected, more Linux-based, and more exposed to IT-style threats, 2026 is shaping up to be a turning point for ICS security.
In this end-of-year predictions episode of Exploited: The Cyber Truth, host Paul Ducklin is joined by RunSafe Security Founder & CEO Joseph M. Saunders and CTO Shane Fry to discuss what will define ICS and critical infrastructure security in 2026.
The episode explores a bold prediction: We will see a major ICS breach originating from a web application vulnerability running directly on an embedded control device. As full Linux operating systems, Node.js apps, and web servers increasingly appear inside OT equipment, long-standing IT vulnerabilities are colliding with systems that are difficult—or impossible—to patch.
Joe and Shane dig into why detection-only strategies fall short in constrained, long-lived devices, and why secure by design engineering, memory safety, and runtime protections are becoming essential. They also discuss the importance of accurate, build-time Software Bills of Materials, especially as regulations like the EU Cyber Resilience Act push manufacturers toward transparency, accountability, and provable supply-chain visibility.
Together, they cover:
- Why ICS exploitation is shifting from theoretical to operational
- How web app and RCE vulnerabilities are creeping into OT devices
- The limits of detection-only security strategies
- Why memory safety and runtime protections reduce exploitable risk
- How build-time SBOMs improve vulnerability tracking and trust
Disclaimer
This podcast’s information is provided for general reference and was obtained from publicly accessible sources. The Podcast Collaborative neither produces nor verifies the content, accuracy, or suitability of this podcast. Views and opinions belong solely to the podcast creators and guests.
For a complete disclaimer, please see our Full Disclaimer on the archive page. The Podcast Collaborative bears no responsibility for the podcast’s themes, language, or overall content. Listener discretion is advised. Read our Terms of Use and Privacy Policy for more details.