Paul's Security Weekly (Audio)

Rob Allen from Threatlocker joins us to discuss the risks associated with VPN appliances and how to implement better security solutions that don't leave you hanging out on the open Internet. The interview segment is sponsored by ThreatLocker. Visit https://securityweekly.com/threatlockerrsac to learn more about them! In the Security News: Less details about the FCC router ban Canary traps that work Hacking trains and getting arrested You can be an adult if you have a mustache cPanel is being exploited Pro-Iran group takes down Ubuntu Anthropic's new security solution Safe AI Agents and other lies People still use screensavers? CISA and operating for weeks or months in isolation Paramiko issues fixes Find security research Copy/Fail and AI slop debate ESP32 simulator Spotting vibe coded malware Fast16 - Stuxnet before Stuxnet Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw-925

Deep dives into a new malware family that targets VPN appliances and steals credentials. Technical breakdowns of a Linux CopyFail privilege escalation and how page cache manipulation enables attacks. Demos of BadUSB builds, the Banshee hardware hacker device, and HDMI/fiber eavesdropping risks. Debates on AI agents in security, supply-chain credential stealers, and internet scanning that foreshadows disclosures.

They unpack a Bluetooth tracker sent to a navy ship and risky serial-to-IP devices sitting in critical infrastructure. Regulation news forces MFA and asset inventories into the limelight. Conversations cover AI-driven vulnerability discovery, the persistent Mirai threat from unpatched routers, quantum crypto timing debates, preloaded used drives, and strategies for breach readiness and microsegmentation.

This week: CSA issues guidance to CISOs on Mythos Vuln management woes Windows tells you about Secure Boot AI-assisted firmware vuln hunting The dumbest hack Edge decay and the failing perimeter Mac OS X on a Wii Little snitch comes to Linux CPUID served malware Buying plugins to backdoor them Addicted to hacking Is Mythos just a sales pitch? We are still talking about Adobe Acrobat vulns A single line AI jailbreak Hacking Apple Intelligence Don't leave your ICS device or RDP exposed to the Internet! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw-922

This week: Rage dropping 0-Day Claude Mythos, things are different now From UART to root, on a device made in China, where's the FCC? More CUPS vulnerabilities Russians are hacking routers, FCC ban doesn't stop them Mongoose vulnerabilities, and FCC still does nothing Renting virtual phones Iran's cyber attacks SHA-256 almost broken? Catching Axios New Rowhammer, dubbed GPUBreach, gives you root Windows 11 has sudo! (And SSH...) And Inside a Kubernetes Scanning Fleet Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw-921

In the Security News: Claude leaks source code and new models Two really smart people say AI is finding vulnerabilities better than ever Windows is using your internet to send updates to strangers BIG-IP APM vulnerability - all you need to know Linux KVM for the win The bus factor and open source Axios supply chain breach Trimming Grub Depotting and hacking e-Motorcycles Trivy and Cisco source code leaks The FCC ban and What is a router? Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw-920

A tour of internet-scale scanning tools for network edge devices. They compare passive queries with active fast scans and banner grabs. Service fingerprinting, template vulnerability checks, and AI-powered whitebox testing get covered. The conversation also covers orchestration pipelines, firmware analysis, certificate inventorying, and operationalizing regular edge scans.

Sergi Àlvarez (Pancake), creator of the Radare2 reverse engineering framework and NowSecure researcher. He chats about Radare2’s architecture, plugin system, and how it grew from forensics roots. Short takes on decompilation vs disassembly, recovering symbols from stripped binaries, and securing contributions. Also: research into nine IP KVM vulnerabilities and other recent hardware and mobile security stories.

Deep dive into the XZ backdoor and how performance anomalies exposed it. Heated debate on CVE mis-management, KEV, and national cyber strategy shortfalls. Reversing traffic light controllers and IoT firmware using AI tools. Warnings about malvertising, curl-to-bash scams, and lingering legacy device risks. Tales of exploit chains, rapid zero-day weaponization, and privacy issues with Tile tracking.

Wireless client isolation flaws and AirSnitch techniques like ARP spoofing and GTK abuse. Network appliance risks from Linux-based OSes, Cisco SD‑WAN advisories, and limited defender visibility. Large-scale signed Windows driver fuzzing and kernel bug exposure. BLE/TPMS tracking, Claude-assisted detector prototyping, and hacking consumer devices to extend lifespan. Policy debates on banning certain AI models and age verification impacts.