On this week’s show Patrick and Adam talk through all the week’s security news, including:

NSO Group WhatsApp vuln coverage goes nuclear

Activists targeted by NSO malware in hiding in west after CIA tipoffs

Cisco Trust Anchor drags on sea floor

Linux kernel bugs likely overhyped

Adobe patches insane number of CVEs

Microsoft patches rumoured GCHQ VEP’d RDP bug

New hardware bugs affect Intel processors

SHA-1 collisions become much more practical

Major US anti-virus firms owned hard

This week’s sponsor interview with Ryan Kalember of Proofpoint. Ryan is a listener, and when he heard Adam talking about how password rotations actually result in crappy passwords, it hit a nerve with him. He says Proofpoint, via its CASBY product, is seeing a lot of targeted credential stuffing campaigns cycling through variations of passwords that have appeared in dumps.

Apparently the bad guys are hip to what a typical password rotation variation looks like and they’re using this knowledge to better direct their cred stuffing attempts.

Links to everything are below, and you can follow Patrick or Adam on Twitter if that’s your thing.