Paul's Security Weekly (Audio)

This week in the security news:
Security Researchers Are Threat Actors according to Microsoft
Hands-free malicious firmware
If you've ever typed "ls" in Windows, this is for you
Cisco makes more patches, wants you to pay
Ambiguous Secure Boot bypass
Threat actors love network edge devices, and I have the chat logs and leaks to prove it
The downside of chip sanctions
Your VoIP phone is hacked
Vulnerability disclosure and incentives
Claude reccovers Bitcoin wallet
an Instagram "Exploit"
Turn the plane around
The worms will continue
PAN-OS global protect vulnerability
The 1-Click Github token stealer
Data-nuking prompt injection
Turning Buses into spies
SymJack
NIST NVD mistakes, and how CNAs need to up their game
Visit https://www.securityweekly.com/psw for all the latest episodes!
Show Notes: https://securityweekly.com/psw-929

This week we have a technical segment focused on Linux! Paul released a script that helps you get a handle on Linux supply chain security, and new features allow you to assess the state of Secure Boot on your Linux systems (that also use MS certificates, ironically). The script is in his Git repo: https://github.com/pasadoorian/Linux_Hacks.
In the security news:
The CVE chase
The new security basics
Enterprises are lacking more than AI
Detections are falling behind
Why DOOM!?!
Chromium vulnerability
The ambitious Flipper One
I'm still curious who was behind these leaks
Mitre moves Caldera to Apache foundation
Wind cybersecurity
PQC updates
YellowKey Bitlocker Bypass updates
The software supply chain is in deep trouble
Visit https://www.securityweekly.com/psw for all the latest episodes!
Show Notes: https://securityweekly.com/psw-928

In the security news this week:
FCC router bans and the hidden firmware update problem
Why extending support timelines actually improves security
Github supply chain concerns and the evolving SBOM ecosystem
CRA and NIS2 compliance deadlines are getting very real
The EU Cyber Resilience Act's 24-hour vulnerability disclosure requirement
Security regulation: vertical vs horizontal compliance models
Vehicle-to-load EV systems powering homes during outages
Solar, batteries, AI farms, and the future economics of electricity
Data centers consuming regional power grids
BitLocker "Yellow Key" fallout and large-scale remediation challenges
AI-generated PowerShell fixes and the rise of vibe scripting
Linux kernel exploits, module jail, and default deny strategies
Medical biometric data theft and why fingerprints are terrible passwords
Interpol cybercrime operations across the MENA region
OT security, connected vehicles, and accepting real-world risk
The crew also discusses threat intelligence obligations under the CRA, the operational realities of patching at enterprise scale, the economics of secure-by-default systems, and why making security cheaper than insecurity might finally move the industry forward.
Visit https://www.securityweekly.com/psw for all the latest episodes!
Show Notes: https://securityweekly.com/psw-927

This week:
New Yellowkey bitlocker bypass and what it means for you
Hackers can run you over with a robot lawnmower
FCC says new things about routers, again
Glitching with AI
almost no false positives
AI thought it was evil
DirtyFrag and the sad state of Linux LPEs
You can buy better tools, perfect security, and other lies
The Canvas breach
Hackers can still take over trains
Baby monitors, on the Internet!
dnsmasq flaws I am now paying attention to
Swordfish
A neat vulnerability for ransomware
Mythos, Curl, and how to do secure software
Various ways to use AI to find bugs, spoiler, you don't need Mythos
Visit https://www.securityweekly.com/psw for all the latest episodes!
Show Notes: https://securityweekly.com/psw-926

Rob Allen from Threatlocker joins us to discuss the risks associated with VPN appliances and how to implement better security solutions that don't leave you hanging out on the open Internet. The interview segment is sponsored by ThreatLocker. Visit https://securityweekly.com/threatlockerrsac to learn more about them!
In the Security News:
Less details about the FCC router ban
Canary traps that work
Hacking trains and getting arrested
You can be an adult if you have a mustache
cPanel is being exploited
Pro-Iran group takes down Ubuntu
Anthropic's new security solution
Safe AI Agents and other lies
People still use screensavers?
CISA and operating for weeks or months in isolation
Paramiko issues fixes
Find security research
Copy/Fail and AI slop debate
ESP32 simulator
Spotting vibe coded malware
Fast16 - Stuxnet before Stuxnet
Visit https://www.securityweekly.com/psw for all the latest episodes!
Show Notes: https://securityweekly.com/psw-925