Paul's Security Weekly (Audio)

AI says that this is the show where we turn coffee into threat intelligence and cigar smoke into packet captures. This week:
a firmware backdoor living its best life inside Android tablets
a fresh BeyondTrust RCE that already has scanners circling like seagulls over a french fry.
Lenovo Vantage reminds us that "preinstalled convenience" is just another way to spell "attack surface."
Texas is taking a swing at TP-Link
supercomputers with a 20-year-old Munge bug that still has teeth.
Your AI coding assistant might be quietly squirreling away secrets
macOS gets a visit from an infostealer delivered as helpful add-ons
Chrome extensions allegedly spy on millions
open source maintainers drowning in AI-generated nonsense
Windows flirting with smartphone-style permission prompts.
Put your passwords in a vault, not in a repo, and stay tuned for Paul's Security Weekly!
Visit https://www.securityweekly.com/psw for all the latest episodes!
Show Notes: https://securityweekly.com/psw-914

In the security news:
Viral AI prompts
Things to do in your home security lab
I can open your garage door
They call me DKnife
Beyondtrust RCE
Cool AI device
Robots need your body
Meta is just full of scams, phishing, and malware
Claude Opus 4.6 found more than 500 high-severity vulnerabilities
Arista next gen firewalls and command injection
Secure Boot updates
The RCE AMD won't fix and why the article went away
End of support means get it off the network
Accidentally giving away $44 billion of Bitcoin
Visit https://www.securityweekly.com/psw for all the latest episodes!
Show Notes: https://securityweekly.com/psw-913

In the security news this week:
Residential proxy abuse is everywhere this week: from Google's takedown of IPIDEA to massive Citrix NetScaler scanning and the Badbox 2.0 botnet
Supply chain fun time: Notepad++ updates were hijacked
Attackers set their sights on: Ivanti EPMM, Dell Unity storage, Fortinet VPNs/firewalls, and ASUSTOR NAS devices
Russian state hackers went after Poland's grid
Is ICE on a surveillance shopping spree and into hacking anti-ICE apps?
Ukraine's war-time Starlink problem is turning into a policy and controls experiment
The AI security theme is alive and well with exposed LLM endpoints, OpenClaw/Moltbot/Moltbook fiasco, and letting anyone hijack agents
Signed forensic driver for Windows is still an EDR killer
The Trump administration's rollback of software security attestation
National Cyber Director Sean Cairncross says: "less regulation, more cooperation."
Finally, there are some "only in infosec" human stories: * pen testers arrested in Iowa now getting a settlement, * a Google engineer convicted over stolen AI IP, * Booz Allen losing Treasury work over intentional insider leaks, * and an "AI psychosis" saga at an adult-content platform.
Visit https://www.securityweekly.com/psw for all the latest episodes!
Show Notes: https://securityweekly.com/psw-912

This week, we get un-curmudgeoned by Mandy, spending a bunch of time talking about regulations, compliance, and even the US federal government's commitment to cybersecurity internally and with the community at large. We even dive into some Microsoft patches, hacking defunct eScooters, and a lively discussion on ADS-B spoofing!
Visit https://www.securityweekly.com/psw for all the latest episodes!
Show Notes: https://securityweekly.com/psw-911

In the security news:
Rainbow tables for everyone
Lilygo releases a new T-Display that looks awesome
AI generated malware for real
Detecting BadUSB when its not a dongle
A telnetd vulnerability
Google Fast Pair and how I took control of your headset
Should we make CVE noise?
Exploiting the Fortinet patch
DIY data diode
Bambu NFC reader for your Flipper
Payloads in PNG files
Don't leave the lab door open - amazing research and new tool release
Fixing your breadboards
Finding vulnerabilities in AI using AI
Then, Rob Allen from ThreatLocker joins us to discuss default allow, and why that is still a really bad idea.
This segment is sponsored by ThreatLocker. Visit https://securityweekly.com/threatlocker to learn more about them!
Visit https://www.securityweekly.com/psw for all the latest episodes!
Show Notes: https://securityweekly.com/psw-910