Paul's Security Weekly (Audio)

In the security news this week:
GPS spoofing and satellite jamming are getting way too accessible
Rekeying satellites in orbit sounds terrifying
Cyber extortion and whether criminals still have ethics
AI helping cybersecurity research... and drug discovery
Data centers eating regional power grids
Nuclear, solar, natural gas, and the future of AI infrastructure
What happens when GPS stops being trustworthy?
Satellite constellations as the next critical infrastructure target
AI guardrails and why sci-fi warned us first
Cyber ranges that don't simulate reality anymore
The weird morality line between hackers, scammers, and criminals
Future satellite warfare without calling it warfare
Security standards for infrastructure nobody thought would be online
Historical cybersecurity stories that suddenly feel very current
Why AI changes both offense and defense simultaneously
And how much of modern cyber defense is just educated guessing
Visit https://www.securityweekly.com/psw for all the latest episodes!
Show Notes: https://securityweekly.com/psw-931

In the security news:
Trolling Microsoft With Vulnerabilities
Fable 5 loves guardrails
Binwalk vulnerability
EMBA and local models
EDRChoker
AI worms
Interesting Arista vulnerability added to KEV
BOD 26-04 and stakeholder specific vulnerability categorization
Bring your own execution environment
Homelab tips
MikroTik routers as interceptors
Ivanti Sentry and irony
Smart TV botnets
Privacy laws
Solarwinds Serv-U lives on
More Cisco SD-WAN fun!
Russia can jam GPS
No nudes for you says UK Government
"Why would someone want to learn code when AI does it better and faster?"
Visit https://www.securityweekly.com/psw for all the latest episodes!
Show Notes: https://securityweekly.com/psw-930

This week in the security news:
Security Researchers Are Threat Actors according to Microsoft
Hands-free malicious firmware
If you've ever typed "ls" in Windows, this is for you
Cisco makes more patches, wants you to pay
Ambiguous Secure Boot bypass
Threat actors love network edge devices, and I have the chat logs and leaks to prove it
The downside of chip sanctions
Your VoIP phone is hacked
Vulnerability disclosure and incentives
Claude reccovers Bitcoin wallet
an Instagram "Exploit"
Turn the plane around
The worms will continue
PAN-OS global protect vulnerability
The 1-Click Github token stealer
Data-nuking prompt injection
Turning Buses into spies
SymJack
NIST NVD mistakes, and how CNAs need to up their game
Visit https://www.securityweekly.com/psw for all the latest episodes!
Show Notes: https://securityweekly.com/psw-929

This week we have a technical segment focused on Linux! Paul released a script that helps you get a handle on Linux supply chain security, and new features allow you to assess the state of Secure Boot on your Linux systems (that also use MS certificates, ironically). The script is in his Git repo: https://github.com/pasadoorian/Linux_Hacks.
In the security news:
The CVE chase
The new security basics
Enterprises are lacking more than AI
Detections are falling behind
Why DOOM!?!
Chromium vulnerability
The ambitious Flipper One
I'm still curious who was behind these leaks
Mitre moves Caldera to Apache foundation
Wind cybersecurity
PQC updates
YellowKey Bitlocker Bypass updates
The software supply chain is in deep trouble
Visit https://www.securityweekly.com/psw for all the latest episodes!
Show Notes: https://securityweekly.com/psw-928

In the security news this week:
FCC router bans and the hidden firmware update problem
Why extending support timelines actually improves security
Github supply chain concerns and the evolving SBOM ecosystem
CRA and NIS2 compliance deadlines are getting very real
The EU Cyber Resilience Act's 24-hour vulnerability disclosure requirement
Security regulation: vertical vs horizontal compliance models
Vehicle-to-load EV systems powering homes during outages
Solar, batteries, AI farms, and the future economics of electricity
Data centers consuming regional power grids
BitLocker "Yellow Key" fallout and large-scale remediation challenges
AI-generated PowerShell fixes and the rise of vibe scripting
Linux kernel exploits, module jail, and default deny strategies
Medical biometric data theft and why fingerprints are terrible passwords
Interpol cybercrime operations across the MENA region
OT security, connected vehicles, and accepting real-world risk
The crew also discusses threat intelligence obligations under the CRA, the operational realities of patching at enterprise scale, the economics of secure-by-default systems, and why making security cheaper than insecurity might finally move the industry forward.
Visit https://www.securityweekly.com/psw for all the latest episodes!
Show Notes: https://securityweekly.com/psw-927