Paul's Security Weekly (Audio) FIRESTARTER - PSW #924
Apr 30, 2026
Deep dives into a new malware family that targets VPN appliances and steals credentials. Technical breakdowns of a Linux CopyFail privilege escalation and how page cache manipulation enables attacks. Demos of BadUSB builds, the Banshee hardware hacker device, and HDMI/fiber eavesdropping risks. Debates on AI agents in security, supply-chain credential stealers, and internet scanning that foreshadows disclosures.
AI Snips
Chapters
Transcript
Episode notes
Sandbox AI Agents And Limit Credentials
- Isolate AI agents in sandboxes and give them minimal access to reduce data-exfiltration risk.
- Sam and Paul run agents in VMs and feed them forwarded mail accounts or ProtonMail to avoid exposing primary credentials.
CopyFail Logic Bug Enables Broad Linux LPE
- CopyFail is a logic bug in Linux kernel subsystems (af_alg, splice, page cache) enabling unprivileged escalation without memory corruption.
- Paul reproduced it on Kali; success varies by kernel config and some systems resist it, implying mitigations depend on builds.
NCSC Silent Glass Between Computer And Monitor
- Paul describes the NCSC 'Silent Glass' hardware that inspects HDMI/DisplayPort traffic as a pass-through monitor firewall.
- He and others debate whether it mitigates TEMPEST leakage versus firmware/monitor tampering like Monitor Darkly research.