In the security news this week:

• Residential proxy abuse is everywhere this week: from Google's takedown of IPIDEA to massive Citrix NetScaler scanning and the Badbox 2.0 botnet
• Supply chain fun time: Notepad++ updates were hijacked
• Attackers set their sights on: Ivanti EPMM, Dell Unity storage, Fortinet VPNs/firewalls, and ASUSTOR NAS devices
• Russian state hackers went after Poland's grid
• Is ICE on a surveillance shopping spree and into hacking anti-ICE apps?
• Ukraine's war-time Starlink problem is turning into a policy and controls experiment
• The AI security theme is alive and well with exposed LLM endpoints, OpenClaw/Moltbot/Moltbook fiasco, and letting anyone hijack agents
• Signed forensic driver for Windows is still an EDR killer
• The Trump administration's rollback of software security attestation
• National Cyber Director Sean Cairncross says: "less regulation, more cooperation."
• Finally, there are some "only in infosec" human stories: * pen testers arrested in Iowa now getting a settlement, * a Google engineer convicted over stolen AI IP, * Booz Allen losing Treasury work over intentional insider leaks, * and an "AI psychosis" saga at an adult-content platform.

Show Notes: https://securityweekly.com/psw-912