Security Now (Audio)

A devastating new React vulnerability earned a "perfect 10" for risk, letting attackers remotely run code on a million-plus servers with a single HTTP request. Find out what happened, how fast attackers moved in, and why this bug changes everything for web security. Show Notes - https://www.grc.com/sn/SN-1055-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free audio and video feeds, a members-only Discord, and exclusive content. Join today: https://twit.tv/clubtwit Sponsors: 1password.com/securitynowveeam.combigid.com/securitynowzscaler.com/securityhoxhunt.com/securitynow

Cisco has finally admitted it's time for real change and is vowing to build "secure by default" gear after decades of criticism. Steve Gibson reacts to a rare moment when a tech giant actually gets security right—and what it means for everyone running critical infrastructure. • Scattered Lapsus$ Hunters strikes (Salesforce) again. • Cisco actually (no kidding) sees the light. • Next week, Australia bans all underage social media. • The EU Parliament moves to replace US computer tech. • When to use Passwords, Passkeys or Yubikeys. • Do unpowered SSDs lose their data. • How about a "Joy of Coding" podcast. • A Bitwarden Passkeys integration glitch. • XSLT is sneaky. It's where you don't expect it. • We know where last week's picture came from. • The long-awaited return of a new Stargate series. • A simple test to check our networks for any bot infections. Show Notes - https://www.grc.com/sn/SN-1054-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: joindeleteme.com/twit promo code TWITvanta.com/SECURITYNOWbitwarden.com/twitthreatlocker.com for Security Nowcanary.tools/twit - use code: TWIT

Could banning VPNs really become law in the US? This episode breaks down the jaw-dropping legislation in Wisconsin and Michigan that targets VPN access for everyone, not just kids—and what it means for your digital privacy. Show Notes - https://www.grc.com/sn/SN-1053-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: bigid.com/securitynowzscaler.com/securityMelissa.com/twithoxhunt.com/securitynow1password.com/securitynow

Think your cell phone is safe from tracking? Steve reveals how global networks let anyone pinpoint your location—no hacking required and no malware involved. Show Notes - https://www.grc.com/sn/SN-1052-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: threatlocker.com for Security Nowbigid.com/securitynowveeam.combitwarden.com/twitjoindeleteme.com/twit promo code TWIT

Amazon is taking Perplexity AI to court over its agentic browser that shops on your behalf, raising urgent questions about who controls your online buying experience when bots do the heavy lifting. Show Notes - https://www.grc.com/sn/SN-1051-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: veeam.comhoxhunt.com/securitynowzscaler.com/securityzapier.com/securitynowvanta.com/SECURITYNOW

AI-powered web browsers are hitting the scene fast, but Steve and Leo unpack why these smart assistants could usher in an era of security chaos most users aren't ready for. Brace yourself for the wild risks, real-world scams, and the privacy questions no one else is asking. Show Notes - https://www.grc.com/sn/SN-1050-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: bitwarden.com/twitjoindeleteme.com/twit promo code TWITcanary.tools/twit - use code: TWITbigid.com/securitynowthreatlocker.com for Security Now

Just when you thought DNS cache poisoning was a thing of the past, Steve and Leo reveal why this 17-year-old bug is making a dramatic comeback—and why most DNS resolvers still can't manage high-quality random numbers after all this time. Show Notes - https://www.grc.com/sn/SN-1049-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: hoxhunt.com/securitynowzapier.com/securitynow1password.com/securitynowveeam.comzscaler.com/security

Think your mouse is harmless? Steve and Leo uncover how modern optical mice might be secretly "listening" in, and reveal why satellite data pouring down on us is almost entirely unsecured. https://www.grc.com/sn/SN-1048-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: Melissa.com/twithoxhunt.com/securitynowthreatlocker.com for Security Nowjoindeleteme.com/twit promo code TWITbitwarden.com/twit

Texas is on the brink of forcing Apple and Google to overhaul app downloads with strict age verification laws—are tech giants ready, or is your privacy about to get caught in the crossfire? Show Notes - https://www.grc.com/sn/SN-1047-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: zscaler.com/securityexpressvpn.com/securitynowvanta.com/SECURITYNOWcanary.tools/twit - use code: TWITbigid.com/securitynow

Google's new demand for developer registration could spell the end for open-source app stores, while Europe's controversial chat control vote threatens privacy for everyone—Steve and Leo break down what's at stake for devs and users alike. Show Notes - https://www.grc.com/sn/SN-1046-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: threatlocker.com for Security Nowjoindeleteme.com/twit promo code TWIThoxhunt.com/securitynowbitwarden.com/twitveeam.com

Cisco's routers just exposed more than two million networks thanks to a "security optional" SNMP setup that's being actively exploited—Steve and Leo break down why this is a worst-case scenario for the industry and how easily it could have been avoided. Show Notes - https://www.grc.com/sn/SN-1045-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: vanta.com/SECURITYNOW1password.com/securitynowMelissa.com/twitthreatlocker.com/twitzapier.com/twit

Show Notes - https://www.grc.com/sn/SN-1044-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: bigid.com/securitynowgo.acronis.com/twitzscaler.com/security1password.com/securitynowhoxhunt.com/securitynow

Apple just rewrote the rules of device security with a chip-level upgrade that could wipe out most iPhone vulnerabilities overnight. Find out how "memory integrity enforcement" aims to make exploits a thing of the past—and why it took half a decade to pull off. Show Notes - https://www.grc.com/sn/SN-1043-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: joindeleteme.com/twit promo code TWITvanta.com/SECURITYNOWthreatlocker.com for Security Nowbitwarden.com/twitMelissa.com/twit

Is the U.S. on the verge of legalizing "hack back" missions, turning private companies into sanctioned cyber warriors? Steve and Leo unpack Google's plan for a cyber disruption unit and why the lines between defense and digital retaliation are suddenly blurring. Show Notes - https://www.grc.com/sn/SN-1042-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: uscloud.comcanary.tools/twit - use code: TWITbigid.com/securitynowzscaler.com/securityexpressvpn.com/securitynow

When even the Department of Defense can't properly vet its software dependencies, what chance do the rest of us have? Steve Gibson reveals how "fast-glob" became a case study in supply chain blindness, explores whether AI can ever truly be controlled after Meta's celebrity chatbot disaster, and celebrates BYTE Magazine's 50th anniversary with a look at how far we've come (and how vulnerable we still are). Show Notes - https://www.grc.com/sn/sn-1041-notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: go.acronis.com/twitthreatlocker.com/twitbitwarden.com/twitbigid.com/securitynowjoindeleteme.com/twit promo code TWIT

Alarm bells are ringing over a supposed browser zero-day, but is the threat as bad as it sounds? Steve reveals why "clickjacking" might be more whac-a-mole than breaking news, and what that really means for your passwords. • Germany may soon outlaw ad blockers • What's happening in the courts over AI • The U.K. drops its demands of Apple • New Microsoft 365 tenants being throttled • Is Russia preparing to block Google Meet? • Bluesky suspends its service in Mississippi • How to throttle AI • A tricky SSH-busting Go library • Here comes the Linux desktop malware • Apple just patched a doozy of a vulnerability • A trivial Docker escape was found and fixed • Why the recent browser 0-day clickjacking is really just whac-a-mole Show Notes - https://www.grc.com/sn/sn-1040-notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: 1password.com/securitynowzscaler.com/securitybigid.com/securitynowuscloud.com

Show Notes - https://www.grc.com/sn/SN-1039-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: threatlocker.com for Security Nowbitwarden.com/twitgo.acronis.com/twitjoindeleteme.com/twit promo code TWITvanta.com/SECURITYNOW

Show Notes - https://www.grc.com/sn/SN-1038-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: zscaler.com/securitycanary.tools/twit - use code: TWITuscloud.comgo.acronis.com/twit

Show Notes - https://www.grc.com/sn/SN-1037-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: bitwarden.com/twitbigid.com/securitynowjoindeleteme.com/twit promo code TWITMelissa.com/twitthreatlocker.com for Security Now

Show Notes - https://www.grc.com/sn/SN-1036-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: canary.tools/twit - use code: TWITthreatlocker.com for Security Nowbitwarden.com/twituscloud.com