loader from loading.io

Security Researchers Are Threat Actors - PSW #929

Paul's Security Weekly (Audio)

Release Date: 06/04/2026

1999 Called and It Wants It's Exploits Back - PSW #935 show art 1999 Called and It Wants It's Exploits Back - PSW #935

Paul's Security Weekly (Audio)

This week, our technical segment covers a new open-source tool written by Paul (and Claude) that helps you keep your Linux systems up to date and assess supply chain risks. It's called "fettle" and is a pure Python implementation that gives you even more features than previously discussed! Then in the security news: The GodDamn Ransomware CMMC suspended Holy Microsoft Tuesday! Lessons learned Without the Internet, do we still get water? The forgotten shims More than two BIOS passwords Cracking firmware encryption with Claude 1999 called, and it wants its "Exploits" back Prompt injection for...

info_outline
AI Is Annoying & IoT Devices Still Get Hacked - PSW #934 show art AI Is Annoying & IoT Devices Still Get Hacked - PSW #934

Paul's Security Weekly (Audio)

In the security news: Son of Anton strikes again! HalluSquatting and using Claude to defend itself CISA KEV’s Revolving Door LLM's hallucinate and companies get sued Additionally - GitLost Yet even more Linux vulnerabilities Citrix just keeps bleeding Old hardware is new again A sneak peak into next week's tech segment Tenda hidden backdoors We're still talking about Mirai Today was not a good day for Roundcube Canada is hacking criminals AI safeguards are still annnoying All cars will spy on you The FatFs unpatched vulnerability in millions of embedded devices Windows OS market share drops...

info_outline
Linux Tech Segment & Vulnerabilities Galore - PSW #933 show art Linux Tech Segment & Vulnerabilities Galore - PSW #933

Paul's Security Weekly (Audio)

This week we have a technical segment based on the response to "Atomic Arch", an updated open-source tool to help you catch malicious packages. In the security news: Exploitarium A hot messy summer of vulnerabilities AI Squatting Linux LPE - no shortage of those Fingerprinting Favicons Windows 10 extended Can Clothes Make You Invisible to Facial Recognition? Fable and Mythos for All Do we care about Quantum? Execs have AI risk under control Biological warefare in Spyware The scripts in-scope for PCI We don't have privacy, but we may get age restrictions Visit for all the latest episodes!...

info_outline
Cloud Visibility, Fortibleed, hacking things the easy way - Sandy Bird - PSW #932 show art Cloud Visibility, Fortibleed, hacking things the easy way - Sandy Bird - PSW #932

Paul's Security Weekly (Audio)

First up is Sandy Bird from Sonrai discussing how to protect our cloud infrastructure! This segment is sponsored by Sonrai Security. Visit to learn more about them! Next up in the security news: Help, I am Fortibleeding Cisco SD-WAN needs help The secret life of probe requests Help, I am Squidbleeding XSS to RCE and why CVSS isn't the full picture TVs spy on you Foundational security practices Cybersecurity costs money Happy "Its too late to update your KEK key" day You don't have security flaws if no one can report them Rickrolling FIFA Domain takeovers End of life, out of luck The key to...

info_outline
GPS, PCI, ARCH, OH MY! - PSW #931 show art GPS, PCI, ARCH, OH MY! - PSW #931

Paul's Security Weekly (Audio)

In the security news this week: GPS spoofing and satellite jamming are getting way too accessible Rekeying satellites in orbit sounds terrifying Cyber extortion and whether criminals still have ethics AI helping cybersecurity research... and drug discovery Data centers eating regional power grids Nuclear, solar, natural gas, and the future of AI infrastructure What happens when GPS stops being trustworthy? Satellite constellations as the next critical infrastructure target AI guardrails and why sci-fi warned us first Cyber ranges that don't simulate reality anymore The weird morality line...

info_outline
Trolling Microsoft With Vulnerabilities - PSW #930 show art Trolling Microsoft With Vulnerabilities - PSW #930

Paul's Security Weekly (Audio)

In the security news: Trolling Microsoft With Vulnerabilities Fable 5 loves guardrails Binwalk vulnerability EMBA and local models EDRChoker AI worms Interesting Arista vulnerability added to KEV BOD 26-04 and stakeholder specific vulnerability categorization Bring your own execution environment Homelab tips MikroTik routers as interceptors Ivanti Sentry and irony Smart TV botnets Privacy laws Solarwinds Serv-U lives on More Cisco SD-WAN fun! Russia can jam GPS No nudes for you says UK Government "Why would someone want to learn code when AI does it better and faster?" Visit for all the...

info_outline
Security Researchers Are Threat Actors - PSW #929 show art Security Researchers Are Threat Actors - PSW #929

Paul's Security Weekly (Audio)

This week in the security news: Security Researchers Are Threat Actors according to Microsoft Hands-free malicious firmware If you've ever typed "ls" in Windows, this is for you Cisco makes more patches, wants you to pay Ambiguous Secure Boot bypass Threat actors love network edge devices, and I have the chat logs and leaks to prove it The downside of chip sanctions Your VoIP phone is hacked Vulnerability disclosure and incentives Claude reccovers Bitcoin wallet an Instagram "Exploit" Turn the plane around The worms will continue PAN-OS global protect vulnerability The 1-Click Github token...

info_outline
Linux Supply Chain How-To - PSW #928 show art Linux Supply Chain How-To - PSW #928

Paul's Security Weekly (Audio)

This week we have a technical segment focused on Linux! Paul released a script that helps you get a handle on Linux supply chain security, and new features allow you to assess the state of Secure Boot on your Linux systems (that also use MS certificates, ironically). The script is in his Git repo: . In the security news: The CVE chase The new security basics Enterprises are lacking more than AI Detections are falling behind Why DOOM!?! Chromium vulnerability The ambitious Flipper One I'm still curious who was behind these leaks Mitre moves Caldera to Apache foundation Wind cybersecurity PQC...

info_outline
FCC, Github, MiniShai-hulud, Stated of Supply Chain, Itron, CRA, NIS2, and more!! - PSW #927 show art FCC, Github, MiniShai-hulud, Stated of Supply Chain, Itron, CRA, NIS2, and more!! - PSW #927

Paul's Security Weekly (Audio)

In the security news this week: FCC router bans and the hidden firmware update problem Why extending support timelines actually improves security Github supply chain concerns and the evolving SBOM ecosystem CRA and NIS2 compliance deadlines are getting very real The EU Cyber Resilience Act’s 24-hour vulnerability disclosure requirement Security regulation: vertical vs horizontal compliance models Vehicle-to-load EV systems powering homes during outages Solar, batteries, AI farms, and the future economics of electricity Data centers consuming regional power grids BitLocker “Yellow Key”...

info_outline
You're not going to patch your way out of this - PSW #926 show art You're not going to patch your way out of this - PSW #926

Paul's Security Weekly (Audio)

This week: New Yellowkey bitlocker bypass and what it means for you Hackers can run you over with a robot lawnmower FCC says new things about routers, again Glitching with AI almost no false positives AI thought it was evil DirtyFrag and the sad state of Linux LPEs You can buy better tools, perfect security, and other lies The Canvas breach Hackers can still take over trains Baby monitors, on the Internet! dnsmasq flaws I am now paying attention to Swordfish A neat vulnerability for ransomware Mythos, Curl, and how to do secure software Various ways to use AI to find bugs, spoiler, you don't...

info_outline
 
More Episodes

This week in the security news:

  • Security Researchers Are Threat Actors according to Microsoft
  • Hands-free malicious firmware
  • If you've ever typed "ls" in Windows, this is for you
  • Cisco makes more patches, wants you to pay
  • Ambiguous Secure Boot bypass
  • Threat actors love network edge devices, and I have the chat logs and leaks to prove it
  • The downside of chip sanctions
  • Your VoIP phone is hacked
  • Vulnerability disclosure and incentives
  • Claude reccovers Bitcoin wallet
  • an Instagram "Exploit"
  • Turn the plane around
  • The worms will continue
  • PAN-OS global protect vulnerability
  • The 1-Click Github token stealer
  • Data-nuking prompt injection
  • Turning Buses into spies
  • SymJack
  • NIST NVD mistakes, and how CNAs need to up their game

Visit https://www.securityweekly.com/psw for all the latest episodes!

Show Notes: https://securityweekly.com/psw-929