This week in the security news:

• Android catches up to iOS with its own lockdown mode
• Just in case, there is a new CVE foundation
• Branch privilege injection attacks
• My screen is vulnerable
• The return of embedded devices to take over the world - 15 years later
• Attackers are going after MagicINFO
• Hacking Starlink
• Mitel SIP phones can be hacked
• Reversing with Hopper
• Supercharge your Ghidra with AI
• Pretending to be an anti-virus to bypass anti-virus
• macOS RCE - perfect colors
• End of life routers are a hackers dream, and how info sharing sucks
• Ransomware in your CPU
• Disable ASUS DriverHub
• Age verification and privacy concerns

Show Notes: https://securityweekly.com/psw-874

Security news for this week:

• RDP and credentials that are not really revoked, and some RDP bitmap caching fun
• Some magic info on MagicINFO
• Vulnerability Management Zombies
• There is a backdoor in your e-commerce
• Airborne: vulnerabilities in AirPlay
• Bring your own installer - crafty EDR bypass
• The Signal clone used by US government officials: shocker: has been hacked
• AI slop vulnerability reporting
• Bricking iPhones with a single line of code
• Hacking planet technology
• Vibe hacking for the win?
• Cybersecurity CEO arrested for deploying malware
• Hello my perverted friend
• FastCGI - fast, but vulnerable

Chapters:

0:00 Opening and introductions 2:43 Panel introductions and conference recaps 4:46 Conference announcements and Corncon discussion 8:05 RSAC 2025 recap and vulnerability management trends 15:44 RDP credential revocation flaw in Windows 11 34:57 Apple AirPlay "wormable" vulnerabilities and third-party device risks 44:10 Signal clone breach used by US officials (TeleMessage incident) 55:38 Supply chain attack: Magento extensions backdoor 66:12 "Hello my perverted friend": Sextortion scam analysis 72:10 Security culture and phishing awareness at home 75:25 Digital signage vulnerabilities: Samsung MagicInfo 81:41 Threat hunting tradecraft and blue team operations 88:38 AI slop in vulnerability reporting and vibe hacking 98:59 Apple notification DoS and sandbox bypass 101:24 VMware licensing controversy and alternatives 107:14 CEO arrested for planting malware in hospital systems 116:06 FastCGI vulnerabilities in embedded/IoT systems 122:12 Rooting Android phones and device locking 124:08 Closing and outro

Show Notes: https://securityweekly.com/psw-873

The PSW crew discusses tips, tricks, and traps for using AI and LLMs. We discuss a wide range of AI-related topics, including how to utilize AI tools for writing, coding, data analysis, website design, and more! Some key takeaways include:

• AI has rapidly shifted from novelty to an essential tool in security and other fields.
• Paid AI versions offer significant advantages for professionals.
• Legal, ethical, and copyright questions around AI-generated content remain unresolved.
• Human skills, critical thinking, communication, and adaptability are more important than ever.
• AI is a powerful assistant, but not a replacement for expertise, creativity, or judgment.
• Fact-checking AI outputs and understanding bias are critical in the age of generative AI.

This episode offers a comprehensive, practical, and philosophical look at how AI is reshaping security, education, and society, providing both optimism and caution for the future.

Show Notes: https://securityweekly.com/psw-872

The crosswalk is talking to me man!, don't block my website without due process, Florida is demanding encryption backdoors, attacking boilers and banning HackRF Ones, time to update your flipper zero, using AI to create working exploits, what happens when you combine an RP2350 and an ESP32? Hopefully good hackery things!, more evidence that patching is not enough, auditing the PHP source code, reading the MEGA advisories, threat actors lie about data breaches (you don't say?), the data breach that Hertz, CISA warns of ransomware, some can't get Ahold of data breaches, please don't let people take control of your PC over Zoom and Paul's hot takes on: 4chan hack, the CVE program, and Microsoft Recall!

Show Notes: https://securityweekly.com/psw-871

Govt Unravelling, AI Hijinx, Bot Chaos, Recall, Oracle, Slopesquatting, Tycoon 2FA, College, who knows, a lot more... On Paul's Security Weekly.

Show Notes: https://securityweekly.com/psw-870

In the security news this week: You should really just patch things, the NVD backlog, Android phones with malware pre-installed, so convenient, keyloggers and a creepy pharmacist, snooping on federal workers, someone stole your browser history, NSA director fired, deputy director of NSA also fired, CrushFTP the saga continues, only steal the valid credit cards, another post that vanished from the Internet, hiding in NVRAM, protecting the Linux kernel, you down with MCP?, more EOL IoT, bypassing kernel protections, when are you ready for a pen test, red team and bug bounty, what EDR is really missing, and based on this story you should just patch everything all the time!

Show Notes: https://securityweekly.com/psw-869

Rob Allen, Chief Product Officer at Threatlocker joins us for an interview segment on using AI in security products: What works and what's not fully baked! Then in the security news, There are more holes in your boot...loader according to Microsoft, related: Secure Boot is in danger and no one is really talking about it (still), Dear Microsoft: I don't want to send you my data, I don't grant you remote access, and I don't want to create a MS account, CrushFTP has to crush some bugs, bypassing unprivileged user namespace restrictions, FBI raids, attackers using your GPU, Find My anything, protecting GlobalProtect, the exploits will continue until things improve, your call records were not protected, good vs. bad drivers, AI is hacking AI, time traveling attacks, and a bizarre call for security researchers.

This segment is sponsored by ThreatLocker. Visit https://www.securityweekly.com/threatlocker to learn more about them!

Show Notes: https://securityweekly.com/psw-868

How do we handle scope creep for vulnerabilities?, find the bugs before it hits the real world, risk or hype vulnerabilities, RTL-SDR in a browser, using AI to hack AI and protect AI, 73 vulnerabilities of which 0 patches have been issued, Spinning Cats, bypassing WDAC with Teams and JavaScript, Rust will solve all the security problems, did you hear some Signal chats were leaked?, ingress nginx, robot dogs, what happens to your 23andme data?, Oracle's cloud was hacked, despite what Oracle PR says, inside the SCIF, and cvemap to the rescue.

Show Notes: https://securityweekly.com/psw-867

This week: Compliance, localization, blah blah, the Greatest Cybersecurity Myth Ever Told, trolling Microsoft with a video, Github actions give birth to a supply chain attack, prioritizing security research, I'm tired of 0-Days that are not 0-Days, sticking your head in the sand and believing everything is fine, I'm excited about AI crawlers, but some are not, Room 641A, a real ESP32 vulnerability, do we need a CVE for every default credential?, smart Flipper Zero add-ons, one more reason why people fear firmware updates, no more Windows 10, you should use Linux, and I have a Linux terminal in my pocket, now what?

Show Notes: https://securityweekly.com/psw-866

Sounil Yu joins us to kick things off with AI defenses: Enterprise AI search tools like Copilot for Microsoft 365 lack the in-depth access controls required to ensure that query responses align with the user’s need-to-know boundaries. Without proper controls, these tools accelerate the discovery of improperly secured sensitive files within the organization. Knostic’s solution ensures that enterprise data is safeguarded without slowing down innovation. By automating the detection and remediation of LLM data exposure, Knostic helps organizations mitigate the security, privacy, and compliance risks associated with AI chatbots and enterprise search tools.

In the security news: The controversial pick for National Cyber Director, the not-so-controversial pick to lead CISA, complete with funding cuts, the controversial ESP32 backdoor that is not a backdoor but hidden features, Dark Storm takes down X, interesting use cases for LoRa, using AI to get your dream job, details on the biggest crypto heist in history, an EDR bypass and a 404 error, slipping through the cracks in CVSS, old school vulnerability disclosure in 2025, Rayhunter, a pen test that should not have been, JTAG and your Flipper Zero, a Linux webcam was used for what now?, and "Spatial-Domain Wireless Jamming with Reconfigurable Intelligent Surfaces"!

Segment Resources: * https://www.knostic.ai/blog/enterprise-ai-search-tools-addressing-the-risk-of-data-leakage * https://www.knostic.ai/what-we-do

Show Notes: https://securityweekly.com/psw-865