A crafty new breed of social engineering attack is tricking users into launching malware straight from their clipboard, exposing a fresh vulnerability in Windows that even tech pros could fall for. Leo Laporte and Steve Gibson break down how the latest ClickFix and CrashFix exploits are outsmarting traditional defenses.
- The lowdown on last week's "no turn" picture of the week.
- Is an AI-driven hacking campaign a big deal now.
- Clause used in multiple Mexican government attacks.
- Apple continues to be confronted with age restrictions.
- COPPA needs an exception to allow age collection.
- Meta swamps law enforcement with AI-slop CSAM reports.
- Roskomnadzor has been busy blocking VPNs. Guess how many.
- The UK tries to report their self-scanning success.
- Remember that hacker who extorted the psychotherapy patients.
- Scattered Lapsus$ Hunters is actively recruiting women.
- Cisco lands another breathtakingly rare 10.0 CVSS.
- VulnCheck's report on 2025 vulnerabilities and exploits.
- Steve discovers a fabulous $72 Hardware Security Module.
- A listener shares an interesting AI service discovery.
- The very potent "ClickFix" exploit evolves
Show Notes - https://www.grc.com/sn/SN-1067-Notes.pdf
Hosts: Steve Gibson and Leo Laporte
Download or subscribe to Security Now at https://twit.tv/shows/security-now.
You can submit a question to Security Now at the GRC Feedback Page.
For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.
Join Club TWiT for Ad-Free Podcasts!
Support what you love and get ad-free audio and video feeds, a members-only Discord, and exclusive content. Join today: https://twit.tv/clubtwit
Sponsors:
