Paul's Security Weekly (Audio)

In this episode, we sit down with the Radare community leader, Pancake, the creator of the Radare2 reverse engineering framework. Whether you've never heard of Radare, already use it daily, or are thinking about contributing to its development, this conversation will demystify what makes Radare unique, why thousands of engineers rely on it, and how you can step into the community.
This segment is sponsored by NowSecure. Discover how AI-powered mobile app security testing finds hidden vulns and leaks at https://securityweekly.com/nowsecure.
In the security news:
The US national cyber strategy
in the category of dumb laws and 3d printing guns
Iranian threat analysis
ESP32 Bus Pirate gets some amazing updates
I can reset the admin password
Rick-rolling yourself
Chrome 0days
Re-purposing those old Ubiquiti cloud keys
The new TLS certificate lifecycle
A Flipper Zero add-on and news on the FlipperOne
glassword malware
Do you care about exploits or patching?
attacking nuclear research centers
how we uncovered 9 vulnerabilities in IP KVMs
and hacking your laundry card with Claude
Visit https://www.securityweekly.com/psw for all the latest episodes!
Show Notes: https://securityweekly.com/psw-918

In the security news this week:
The XZ backdoor documentary
Zero days - the clock isn't ticking
Vulnerability Mis-Management
Reversing traffic light controllers
Reversing with Claude
Don't curl to bash!
Reading CVEs makes my head hurt
Dumping browser secrets
I open-sourced a new(ish) tool
D-LINK exploits
There is no password
I control the building
When old vulnerabilities become new
Tile is for stalkers
Hacking AI
Iran War: What cybersecurity needs to know
National cyber strategy
Coruna
I got phished and I want a refund
Visit https://www.securityweekly.com/psw for all the latest episodes!
Show Notes: https://securityweekly.com/psw-917

In the security news this week:
Remembering "FX"
Finding and analyzing Windows drivers
Network monitoring with Gibson
the backdoor in your PAM
The edge is fraying - and attackers have the advantage
Age verification for Linux?
Banning AI
TPMS tracking
BLE tracking
weird strings
Airsnitch
RESURGE in and on Ivanti
Attackers using Claude
Government iPhone hacking kits
Cisco SD-WAN, Linux, and 2023
Leakbase leaks
and Bro, upgrade your solar panel!
Visit https://www.securityweekly.com/psw for all the latest episodes!
Show Notes: https://securityweekly.com/psw-916

First up is a technical segment called "Paul's Linux Hacks". I finally got around to releasing a bunch of scripts and tutorials for Linux that I've created over the years. We'll go over scripts that can give you a supply chain security report and help you update your Arch-based Linux systems and the tutorial for using Linux KVM/Qemu/Libvirt. Repo is here: https://github.com/pasadoorian/Linux_Hacks
Next up is the security news:
Controlling 7,000 robot vacuums
Curl finds not all AI is bad
Palo Alto says "These are not the ties to China you were looking for"
Bloomberg writes an article that sheds light on Ivanti
Looking for BLE is a trend
Don't use AI to generate you passwords
New research on hacking Samsung TVs
Its not all about gadgets
Ring's new bug bounty
Paul will be voted in as Prime Minister of Denmark?
Hacking AI, AI does some hacking, and hackers are talking about AI
Visit https://www.securityweekly.com/psw for all the latest episodes!
Show Notes: https://securityweekly.com/psw-915

AI says that this is the show where we turn coffee into threat intelligence and cigar smoke into packet captures. This week:
a firmware backdoor living its best life inside Android tablets
a fresh BeyondTrust RCE that already has scanners circling like seagulls over a french fry.
Lenovo Vantage reminds us that "preinstalled convenience" is just another way to spell "attack surface."
Texas is taking a swing at TP-Link
supercomputers with a 20-year-old Munge bug that still has teeth.
Your AI coding assistant might be quietly squirreling away secrets
macOS gets a visit from an infostealer delivered as helpful add-ons
Chrome extensions allegedly spy on millions
open source maintainers drowning in AI-generated nonsense
Windows flirting with smartphone-style permission prompts.
Put your passwords in a vault, not in a repo, and stay tuned for Paul's Security Weekly!
Visit https://www.securityweekly.com/psw for all the latest episodes!
Show Notes: https://securityweekly.com/psw-914