This week, we dive into the world of Meshtastic and LoRa—two technologies empowering secure, long-range, and infrastructure-free communication. We'll talk about the origins of Meshtastic, how LoRa radio works, and why mesh networking is revolutionizing off-grid messaging for adventurers, hackers, emergency responders, and privacy advocates alike. We break down the available hardware, walk you through firmware installation, and share real-world use cases of LoRa to create decentralized, encrypted networks. Whether you’re a hacker, a prepper, or just curious about the future of resilient communication, this episode is packed with insights and practical tips you won’t want to miss!

This segment is sponsored by ThreatLocker. Visit https://www.securityweekly.com/threatlocker to learn more about them!

Show Notes: https://securityweekly.com/psw-881

This conversation explores the intersection of cybersecurity and emerging technologies, focusing on innovative hacking techniques, the evolution of vulnerability management, and the critical importance of asset discovery. The discussion also delves into the implications of cyber warfare, the persistent threat of default passwords, and the integration of open source tools in enhancing security measures. The conversation delves into various aspects of cybersecurity, focusing on aircraft tracking, data filtering, the evolution of vulnerability management, and the role of AI in enhancing security measures. The speakers discuss the challenges posed by default credentials and the shared responsibility model in cloud infrastructure. They also explore the limitations of AI in cybersecurity and the potential for future advancements, particularly in localized LLMs. The conversation delves into the intersection of technology, cybersecurity, and privacy, exploring the implications of AI on energy demands, vulnerabilities in telecom infrastructure, the complexities of network maintenance, and the challenges of ransomware negotiations. The discussion also touches on privacy concerns related to data tracking by major tech companies like Meta and Apple, as well as the evolving landscape of legal implications in the face of cyber threats.

This segment is sponsored by runZero. Get complete visibility across your total attack surface in literally minutes - no agents, no authentication required. Start a free trial or access the free Community Edition at https://securityweekly.com/runzero.

HD Moore joins us to discuss finding all the things and how vulnerability management has changed. In the security news:

• Hacking from a light bulb
• Reverse engineering, the easy ways
• Detecting Jitter
• FCC probes into Cyber Trust Mark
• Bluetooth Jamming
• New Wifi Apple features: What could go wrong?
• Just turn off the Internet for the entire country
• Meta's Localhost tracking
• Hacking printers, for realz this time
• Are we not patching 2023 CVEs?
• Cleaning up legacy drivers
• One of the Best Hackers in the Country is an AI Bot

Show Notes: https://securityweekly.com/psw-880

This week: * The true details around Salt Typhoon are still unknown * The search for a portable pen testing device * Directories named "hacker2" are suspicious * Can a $24 cable compete with a $180 cable? * Hacking Tesla wall chargers * Old Zyxel exploits are new again * Hacking Asus drivers * Stealing KIAs - but not like you may think * Fake articles * Just give everything to LLMs, like Nmap * Retiring Floppy disks * An intern leaked secrets * Discord link hijacking * Cray vs. Raspberry PI * More car hacking with BMW

Show Notes: https://securityweekly.com/psw-879

This week:

• You got a Bad box, again
• Cameras are expose to the Internet
• EU and connected devices
• Hydrophobia
• NVRAM variables
• Have you heard about IGEL Linux?
• SSH and more NVRAM
• AI skeptics are nuts, and AI doesn't make you more efficient
• Trump Cybersecurity orders
• I think I can root my Pixel 6
• Decentralized Wordpres plugin manager
• Threat actor naming conventions
• I have the phone number linked to your Google account
• Fortinet flaws exploited in ransomeware attacks (and how lack of information sharing is killing us)
• retiring floppy disks
• fault injection for the masses
• there is no defender
• AI blackmails

Show Notes: https://securityweekly.com/psw-878

Two parts to this episode:

• Tech Segment: Updating Linux Systems - Beyond apt-get upgrade * Custom scripts for ensuring your Linux systems are up-to-date * topgrade - tutorial for using topgrade to update Linux systems on various Linux distributions

• Discussion Topic: Anti-Malware and/or EDR on Linux Platforms * PCI calls for scanning Linux systems * What tools exist for analyzing Linux systems? (AIDE, uac, chkrootkit) * Best Anti-Malware for Linux - Commercial tools, open-source, both, none? * ClamAV - fa-notify and the dangers

Show Notes: https://securityweekly.com/psw-877

In the security news:

• Vicious Trap - The malware hiding in your router
• Hacking your car
• WSL is open-source, but why?
• Using AI to find vulnerabilities - a case study
• Why you should not build your own password manager
• The inside scoop behind Lumma Infostealer
• Hacking a smart grill
• Hardcoded credentials on end of life routers and "Alphanetworks"
• SIM swapping is still happening
• LoRa for C2
• Russian drones use Telegram
• Flipper Zero mod for the LOLZ
• Signal blocks Recall
• CISA loses more people

Show Notes: https://securityweekly.com/psw-876

This week in the security news:

• Malware-laced printer drivers
• Unicode steganography
• Rhode Island may sue Deloitte for breach. They may even win.
• Japan's active cyber defense law
• Stop with the ping
• LLMs replace Stack Overflow - ya don't say?
• Aggravated identity theft is aggravating
• Ivanti DSM and why you shouldn't use it
• EDR is still playing cat and mouse with malware
• There's a cellular modem in your solar gear
• Don't slack on securing Slack
• XSS in your mail
• SIM swapping and the SEC
• Ivanti and libraries
• Supercomputers in space!

Show Notes: https://securityweekly.com/psw-875

This week in the security news:

• Android catches up to iOS with its own lockdown mode
• Just in case, there is a new CVE foundation
• Branch privilege injection attacks
• My screen is vulnerable
• The return of embedded devices to take over the world - 15 years later
• Attackers are going after MagicINFO
• Hacking Starlink
• Mitel SIP phones can be hacked
• Reversing with Hopper
• Supercharge your Ghidra with AI
• Pretending to be an anti-virus to bypass anti-virus
• macOS RCE - perfect colors
• End of life routers are a hackers dream, and how info sharing sucks
• Ransomware in your CPU
• Disable ASUS DriverHub
• Age verification and privacy concerns

Show Notes: https://securityweekly.com/psw-874

Security news for this week:

• RDP and credentials that are not really revoked, and some RDP bitmap caching fun
• Some magic info on MagicINFO
• Vulnerability Management Zombies
• There is a backdoor in your e-commerce
• Airborne: vulnerabilities in AirPlay
• Bring your own installer - crafty EDR bypass
• The Signal clone used by US government officials: shocker: has been hacked
• AI slop vulnerability reporting
• Bricking iPhones with a single line of code
• Hacking planet technology
• Vibe hacking for the win?
• Cybersecurity CEO arrested for deploying malware
• Hello my perverted friend
• FastCGI - fast, but vulnerable

Chapters:

0:00 Opening and introductions 2:43 Panel introductions and conference recaps 4:46 Conference announcements and Corncon discussion 8:05 RSAC 2025 recap and vulnerability management trends 15:44 RDP credential revocation flaw in Windows 11 34:57 Apple AirPlay "wormable" vulnerabilities and third-party device risks 44:10 Signal clone breach used by US officials (TeleMessage incident) 55:38 Supply chain attack: Magento extensions backdoor 66:12 "Hello my perverted friend": Sextortion scam analysis 72:10 Security culture and phishing awareness at home 75:25 Digital signage vulnerabilities: Samsung MagicInfo 81:41 Threat hunting tradecraft and blue team operations 88:38 AI slop in vulnerability reporting and vibe hacking 98:59 Apple notification DoS and sandbox bypass 101:24 VMware licensing controversy and alternatives 107:14 CEO arrested for planting malware in hospital systems 116:06 FastCGI vulnerabilities in embedded/IoT systems 122:12 Rooting Android phones and device locking 124:08 Closing and outro

Show Notes: https://securityweekly.com/psw-873

The PSW crew discusses tips, tricks, and traps for using AI and LLMs. We discuss a wide range of AI-related topics, including how to utilize AI tools for writing, coding, data analysis, website design, and more! Some key takeaways include:

• AI has rapidly shifted from novelty to an essential tool in security and other fields.
• Paid AI versions offer significant advantages for professionals.
• Legal, ethical, and copyright questions around AI-generated content remain unresolved.
• Human skills, critical thinking, communication, and adaptability are more important than ever.
• AI is a powerful assistant, but not a replacement for expertise, creativity, or judgment.
• Fact-checking AI outputs and understanding bias are critical in the age of generative AI.

This episode offers a comprehensive, practical, and philosophical look at how AI is reshaping security, education, and society, providing both optimism and caution for the future.

Show Notes: https://securityweekly.com/psw-872