Security Now (Audio)
TWiT
Cybersecurity guru Steve Gibson joins Leo Laporte every Tuesday. Steve and Leo break down the latest cybercrime and hacking stories, offering a deep understanding of what's happening and how to protect yourself and your business. Security Now is a must listen for security professionals every week. You can join Club TWiT for $10 per month and get ad-free audio and video feeds for all our shows plus everything else the club offers...or get just this podcast ad-free for $5 per month.
New episodes every Tuesday.
New episodes every Tuesday.
Episodes
Mentioned books
11 snips
Mar 25, 2026 • 2h 48min
SN 1071: Bucketsquatting - Meta and TikTok's Tracking Pixels
They dissect a tax software that installs a persistent root certificate and how an exposed private key enables spoofing. They explore pixels from major platforms that harvest PII and bypass consent. They explain bucket squatting risks when cloud names are reused and how attackers can hijack update flows. They cover critical device and router flaws, phishing that targets developers, and crypto-wallet dangers.
43 snips
Mar 18, 2026 • 2h 46min
SN 1070: CISA's Free Internet Scanning - Malware Disguised as a VPN
They dig into CISA's free internet scanning and one engineer’s hands-on experience getting actionable vulnerability reports. Big tech privacy rollbacks get attention, from Meta removing end-to-end chat encryption to WhatsApp parental controls. Malicious actors use fake VPN clients, SEO-poisoned AI installers, and a clever AV-evasion zip trick to steal credentials.
38 snips
Mar 11, 2026 • 2h 44min
SN 1069: You can't hide from LLMs - Was Your Smart TV a Stealth Proxy?
They unpack how advanced LLMs can de-anonymize users across platforms at scale. They dig into AI-driven vulnerability discovery and how Claude helped find Firefox bugs. They cover smart TV apps acting as residential web proxies and a remote takeover in OpenClaw. They also touch on cross-platform RCS encryption testing, Ubuntu sudo changes, and privacy implications for everyday internet use.
42 snips
Mar 5, 2026 • 52min
SN 1068: The Call Is Coming From Inside the House - Live From Zero Trust World 2026
Live coverage from a security conference about how internal networks have become the primary attack surface. They trace the rise of extortion via cryptocurrency and evolving authentication failures. Practical defenses like IP whitelisting, segmentation, nondefault ports and least-privilege endpoints are highlighted. They also explore continuous reauthentication, passkeys, and AI agents that warn users in real time.
29 snips
Mar 3, 2026 • 2h 53min
SN 1067: KongTuke's CrashFix - Click, Paste, Pwned
They unpack a new clipboard-based social engineering attack that tricks users into launching malware. They track the evolution from ClickFix to the more dangerous CrashFix campaign. Coverage also includes AI-driven low-skill attacks, mass VPN blocks in Russia, a critical Cisco zero-day, and troubling trends in AI-generated security noise.
41 snips
Feb 25, 2026 • 2h 50min
SN 1066: Password Leakage - Zero Trust, Zero Knowledge
A deep technical audit of major password managers and why feature creep can hide critical flaws. Discussions of massive personal-data leaks, ransom trends, and exposed Social Security numbers. Debate over 3D‑printer gun‑blocking bills and why those fixes are flawed. Notes on browser support changes, Russia briefly blocking the Linux kernel site, and warnings against using LLMs to generate passwords.
39 snips
Feb 18, 2026 • 2h 41min
SN 1065: Attestation - Code Signing Gets Tough
They dig into a massive spyware and Chrome extension surveillance campaign that exposed millions of users. Code signing and attestation changes get close scrutiny as the hosts recount navigating new lawyer/notary requirements. Windows, Chrome 145 device-bound credentials, and a WinRAR zero-day are discussed. A leaked Graphite tool and the first malicious Outlook add-in raise fresh alarm about software supply-chain trust.
80 snips
Feb 11, 2026 • 2h 37min
SN 1064: Least Privilege - Cybercrime Goes Pro
Discussion of EU GDPR fines that were largely uncollected. How democracies are expanding offensive cyber operations and the cyber role in disabling missiles. The rise and risks of agentic tools like OpenClaw and signs of psychological dependence on advanced chatbots. CISA orders to unplug end‑of‑support devices and practical advice for reducing post‑upgrade Windows annoyances. Insider breach risks from outsourcing and Coinbase’s contractor compromise.
47 snips
Feb 4, 2026 • 2h 56min
SN 1063: Mongo's Too Easy - AI Bug Bounties Gone Wild
Supply-chain updates turning apps into infection vectors and why auto-updates can be dangerous. AI rapidly finding and patching dozens of critical vulnerabilities and the new risks of autonomous code agents. Accidental destructive behavior from AI developer tools and how to survive catastrophic deletions. MongoDB instances left exposed and why low-skill ransom campaigns keep succeeding.
60 snips
Jan 28, 2026 • 2h 42min
SN 1062: AI-Generated Malware - Ireland Legalizes Spyware
They unpack the first advanced AI-generated malware and how spec-driven agents sped its creation. They cover Ireland’s new lawful interception law that effectively legalizes spyware. They discuss Microsoft handing over BitLocker keys and the implications for encrypted data. They debate AI replacing developers and the risks of agentic coding lowering barriers for attackers.
