Paul's Security Weekly (Audio)

Rob Allen, Chief Product Officer at Threatlocker joins us for an interview segment on using AI in security products: What works and what's not fully baked! Then in the security news, There are more holes in your boot...loader according to Microsoft, related: Secure Boot is in danger and no one is really talking about it (still), Dear Microsoft: I don't want to send you my data, I don't grant you remote access, and I don't want to create a MS account, CrushFTP has to crush some bugs, bypassing unprivileged user namespace restrictions, FBI raids, attackers using your GPU, Find My anything,...

Paul's Security Weekly (Audio)

How do we handle scope creep for vulnerabilities?, find the bugs before it hits the real world, risk or hype vulnerabilities, RTL-SDR in a browser, using AI to hack AI and protect AI, 73 vulnerabilities of which 0 patches have been issued, Spinning Cats, bypassing WDAC with Teams and JavaScript, Rust will solve all the security problems, did you hear some Signal chats were leaked?, ingress nginx, robot dogs, what happens to your 23andme data?, Oracle's cloud was hacked, despite what Oracle PR says, inside the SCIF, and cvemap to the rescue. Visit for all the latest episodes! Show Notes:

Paul's Security Weekly (Audio)

This week: Compliance, localization, blah blah, the Greatest Cybersecurity Myth Ever Told, trolling Microsoft with a video, Github actions give birth to a supply chain attack, prioritizing security research, I'm tired of 0-Days that are not 0-Days, sticking your head in the sand and believing everything is fine, I'm excited about AI crawlers, but some are not, Room 641A, a real ESP32 vulnerability, do we need a CVE for every default credential?, smart Flipper Zero add-ons, one more reason why people fear firmware updates, no more Windows 10, you should use Linux, and I have a Linux terminal in...

Paul's Security Weekly (Audio)

Sounil Yu joins us to kick things off with AI defenses: Enterprise AI search tools like Copilot for Microsoft 365 lack the in-depth access controls required to ensure that query responses align with the user’s need-to-know boundaries. Without proper controls, these tools accelerate the discovery of improperly secured sensitive files within the organization. Knostic’s solution ensures that enterprise data is safeguarded without slowing down innovation. By automating the detection and remediation of LLM data exposure, Knostic helps organizations mitigate the security, privacy, and compliance...

Paul's Security Weekly (Audio)

Hacking your mattress, Taylor Swift all the time, DNS sinkholes, throwing parties at rental properties, detect jamming, it took 18 years to hack, airtag hacks, undetectable weapons, RIP Skype, Cellebrite targets, upgrade ALL the things, Kali, Raspberry PIs, and M.2 hats, pirating music through a supply chain attack, Cisco small business and why you shouldn't use it, stop hacking Russia, Badbox is back, but it likely never left, and AI still Hallucinates! Visit for all the latest episodes! Show Notes:

Paul's Security Weekly (Audio)

Apple, the UK, and data protection, you can get pwned really fast, Australia says no Kaspersky for you!, the default password is on the Internet, topological qubits, dangerous AI tools, old software is not just old but vulnerable too, tearing down Sonic Walls, CWE is good but could be great, updating your pi-hole, should you watch "Zero Day"? my non-spoiler review will tell you, no more DBX hellow SBAT!, and I love it when chat logs of secret not-so-secret ransomware groups are leaked! Visit for all the latest episodes! Show Notes:

Paul's Security Weekly (Audio)

Our thoughts on Zero Trust World, and just a little bit of news. Of course we covered some firmware and UEFI without Paul! Visit for all the latest episodes! Show Notes:

Paul's Security Weekly (Audio)

You can install Linux in your PDF, just upload everything to AI, hackers behind the forum, TP-Link's taking security seriously, patche Tuesday for everyone including Intel, AMD, Microsoft, Fortinet, and Ivanti, hacking your space heater for fun and fire, Cybertrucks on fire (or not), if you could just go ahead and get rid of the buffer overflows, steam deck hacking and not what you think, Prompt Injection and Delayed Tool Invocation, new to me Ludus, Contec patient monitors are just insecure, Badbox carries on, the compiler saved me, and Telnet command injection! Visit for all the latest...

Paul's Security Weekly (Audio)

Deepseek troubles, AI models explained, AMD CPU microcode signature validation, what happens when you leave an AWS S3 bucket laying around, 3D printing tips, and the malware that never was on Ethernet to USB adapters. Visit for all the latest episodes! Show Notes:

Paul's Security Weekly (Audio)

This week, we talked to our friends at Bitwarden about password vaults, storing more than just passwords, free software to manage those SSH keys, and vaults for developers. In the news, new/old Palo Alto vulnerabilities explained, taking down the power grid with a FlipperZero, more vulnerable bootloaders, putting garbage in your .ASS file, the US Government wants to look at routers, magic backdoors, weak password hashing, everyone is talking about Deepseek, hardware-level Anti-Virus, VMware ESXi and SSH, and if you pay the ransom you likely will not get your data back! This segment is...