Paul's Security Weekly (Audio) AI: No One Is Safe - PSW #912
5 snips
Feb 5, 2026 Coverage of rampant residential proxy abuse and massive scanning campaigns. A Notepad++ update hijack and broader supply-chain compromises are unpacked. Risks around signed Windows drivers and EDR bypasses get attention. Insecure AI agents and exposed LLM endpoints raise alarm. Discussions also touch on attacks against VPNs, NAS, and national cyber policy shifts.
AI Snips
Chapters
Transcript
Episode notes
Update Server Compromise Is Devastating
- Notepad++'s compromised updates show repository compromise can defeat client-side checks.
- Developers and defenders must assume backend update servers can be controlled by attackers.
Legacy Driver Signatures Undermine Windows Trust
- Windows still accepts some old revoked driver certificates due to timestamp-based validation and legacy exceptions.
- That acceptance enables kernel drivers to bypass modern signing protections and undermine EDRs.
Enable Memory Integrity Where Possible
- Enable HVCI (Memory Integrity) to enforce Microsoft's vulnerable driver block list where possible.
- Use platform features to block known-bad signed drivers if you cannot rely on revocation.