Paul's Security Weekly (Audio)

This week in the security news:
Are you a FIRESTARTER?
Eavesdropping via fiber-optic cables
Copy Fail - more Linux LPE
Github RCE
Running Linux on a PS5
BadUSB tricks
SilentGlass and HDMI threats
Sonicwall and vague details
Universities are for porn?
The Banshee
Before CVEs comes scanning
Vendor addresses AirSnitch
GitHub and not serious work
Routers have country-specific backdoors
Phones with Hotspot are fine
Visit https://www.securityweekly.com/psw for all the latest episodes!
Show Notes: https://securityweekly.com/psw-924

This week:
Larry's in the host seat and chaos ensues. We dig into:
A very questionable story about tracking a warship with a $5 Bluetooth tracker
Serial-to-IP devices quietly sitting in critical infrastructure… and full of holes
New York regulators mandating MFA and asset inventory—aka CIS Control #1 is now breaking news
A ransomware negotiator who decided to double-dip (and landed in prison)
"Brand new" hard drives that come preloaded… with someone else's data
The Vercel breach: no zero-day, just shadow IT, stolen tokens, and bad decisions
AI-driven vulnerability discovery and the looming "vulnpocalypse"
Quantum crypto debates: real threat or just another security boogeyman?
Mirai is STILL alive—because apparently we still don't patch routers
And yes… Flipper Zero makes an appearance (no, you're not hacking airplanes… calm down)
Then, we rebroadcast an interview from RSAC.
Breach Readiness for Measurable Risk Reduction in the Age of AI Cyber leaders no longer debate whether a breach will occur. What has changed is the speed and scale at which AI now enables those breaches. The real question is how far an attacker can move once inside. In this conversation, Rajesh Khazanchi explores why breach readiness, including AI-assisted containment, measurable blast radius reduction, and pervasive microsegmentation, has become mission-critical for business continuity in 2026.
This segment is sponsored by ColorTokens. Visit https://securityweekly.com/colortokensrsac to learn more about them!
Visit https://www.securityweekly.com/psw for all the latest episodes!
Show Notes: https://securityweekly.com/psw-923

This week:
CSA issues guidance to CISOs on Mythos
Vuln management woes
Windows tells you about Secure Boot
AI-assisted firmware vuln hunting
The dumbest hack
Edge decay and the failing perimeter
Mac OS X on a Wii
Little snitch comes to Linux
CPUID served malware
Buying plugins to backdoor them
Addicted to hacking
Is Mythos just a sales pitch?
We are still talking about Adobe Acrobat vulns
A single line AI jailbreak
Hacking Apple Intelligence
Don't leave your ICS device or RDP exposed to the Internet!
Visit https://www.securityweekly.com/psw for all the latest episodes!
Show Notes: https://securityweekly.com/psw-922

This week:
Rage dropping 0-Day
Claude Mythos, things are different now
From UART to root, on a device made in China, where's the FCC?
More CUPS vulnerabilities
Russians are hacking routers, FCC ban doesn't stop them
Mongoose vulnerabilities, and FCC still does nothing
Renting virtual phones
Iran's cyber attacks
SHA-256 almost broken?
Catching Axios
New Rowhammer, dubbed GPUBreach, gives you root
Windows 11 has sudo! (And SSH...)
And Inside a Kubernetes Scanning Fleet
Visit https://www.securityweekly.com/psw for all the latest episodes!
Show Notes: https://securityweekly.com/psw-921

In the Security News:
Claude leaks source code and new models
Two really smart people say AI is finding vulnerabilities better than ever
Windows is using your internet to send updates to strangers
BIG-IP APM vulnerability - all you need to know
Linux KVM for the win
The bus factor and open source
Axios supply chain breach
Trimming Grub
Depotting and hacking e-Motorcycles
Trivy and Cisco source code leaks
The FCC ban and What is a router?
Visit https://www.securityweekly.com/psw for all the latest episodes!
Show Notes: https://securityweekly.com/psw-920