Paul's Security Weekly (Audio)

In the security news this week:
Residential proxy abuse is everywhere this week: from Google's takedown of IPIDEA to massive Citrix NetScaler scanning and the Badbox 2.0 botnet
Supply chain fun time: Notepad++ updates were hijacked
Attackers set their sights on: Ivanti EPMM, Dell Unity storage, Fortinet VPNs/firewalls, and ASUSTOR NAS devices
Russian state hackers went after Poland's grid
Is ICE on a surveillance shopping spree and into hacking anti-ICE apps?
Ukraine's war-time Starlink problem is turning into a policy and controls experiment
The AI security theme is alive and well with exposed LLM endpoints, OpenClaw/Moltbot/Moltbook fiasco, and letting anyone hijack agents
Signed forensic driver for Windows is still an EDR killer
The Trump administration's rollback of software security attestation
National Cyber Director Sean Cairncross says: "less regulation, more cooperation."
Finally, there are some "only in infosec" human stories: * pen testers arrested in Iowa now getting a settlement, * a Google engineer convicted over stolen AI IP, * Booz Allen losing Treasury work over intentional insider leaks, * and an "AI psychosis" saga at an adult-content platform.
Visit https://www.securityweekly.com/psw for all the latest episodes!
Show Notes: https://securityweekly.com/psw-912

This week, we get un-curmudgeoned by Mandy, spending a bunch of time talking about regulations, compliance, and even the US federal government's commitment to cybersecurity internally and with the community at large. We even dive into some Microsoft patches, hacking defunct eScooters, and a lively discussion on ADS-B spoofing!
Visit https://www.securityweekly.com/psw for all the latest episodes!
Show Notes: https://securityweekly.com/psw-911

In the security news:
Rainbow tables for everyone
Lilygo releases a new T-Display that looks awesome
AI generated malware for real
Detecting BadUSB when its not a dongle
A telnetd vulnerability
Google Fast Pair and how I took control of your headset
Should we make CVE noise?
Exploiting the Fortinet patch
DIY data diode
Bambu NFC reader for your Flipper
Payloads in PNG files
Don't leave the lab door open - amazing research and new tool release
Fixing your breadboards
Finding vulnerabilities in AI using AI
Then, Rob Allen from ThreatLocker joins us to discuss default allow, and why that is still a really bad idea.
This segment is sponsored by ThreatLocker. Visit https://securityweekly.com/threatlocker to learn more about them!
Visit https://www.securityweekly.com/psw for all the latest episodes!
Show Notes: https://securityweekly.com/psw-910

In the security news:
KVMs are a hacker's dream
Hacking an e-scooter
Flipper Zero alternatives
The best authentication bypass
Pwning Claude Code
ForiSIEM, vulnerabilities, and exploits
Microsoft patches and Secure Boot fun
Making Windows great, again?
Breaching the Breach Forum
Congressional Emails
unsolicited Instagram password reset requests - Is Meta doing enough to secure the platform?
LLMs are HIPAA compliant?
Threat actors target LLM honeypots
Visit https://www.securityweekly.com/psw for all the latest episodes!
Show Notes: https://securityweekly.com/psw-909

This week in the security news:
Supply chain attacks and XSS
PS5 leaked keys
Claude tips for security pros
No Flipper Zeros allowed, or Raspberry PIs for that matter
Kimwolf and your local network
Linux is good now
Removing unremovable apps without root
Detecting lag catches infiltrators
Defending your KVM
Fixing some of the oldest code
Deleting websites live on stage in costume
It was a honeypot
FCC is letting telecoms off easy
Don't buy a Haribo power bank
Ransomeware scum
Fortinet vulns
CISA warns about NVRs
Patching MongoDB
Visit https://www.securityweekly.com/psw for all the latest episodes!
Show Notes: https://securityweekly.com/psw-908