Image email subscriptions
Click Here – for GRC's new DNS Benchmark v2 !!



ImageImage
Image		Image
Image
Our weekly audio security column
& podcast by Steve Gibson and Leo Laporte
TechTV's Leo Laporte and I spend somewhat shy of two hours each week to discuss important issues of personal computer security. Sometimes we'll discuss something that just happened. Sometimes we'll talk about long-standing problems, concerns, or solutions. Either way, every week we endeavor to produce something interesting and important for every personal computer user.

SteveAndLeoAsPicardAndRiker
(This was not our idea. It was created by a fan of the podcast using GIMP (similar to
Photoshop). But as a work of extreme image manipulation, it came out surprisingly well.)

Image You may download and listen to selected episodes from this page (see below), or subscribe to the ongoing series as an RSS "podcast" to have them automatically downloaded to you as they are produced. To subscribe, use whichever service you prefer . . .

ImageImageImageImage

Image Click here to subscribe and receive a podcast summary and show notes link before each new episode is recorded.
Image
Image Send us your feedback: Registering your email address with us, even if you choose not to subscribe, will enable you to send email to the “Security Now” email.
Image
Image Leo also produces "This Week in Tech" (TWiT) and a number of other very popular podcasts. So if you are looking for more informed technology talk, be sure to check out Leo's other podcasts and mp3 files.
Image


Image
Image
Image
Episode Archive

Each episode has SIX resources:
Image
ImageHigh quality 64 kbps mp3 audio file
ImageQuarter size, bandwidth-conserving,
16 kbps (lower quality) mp3 audio file
ImageA PDF file containing Steve's show notes
ImageA web page text transcript of the episode
ImageA simple text transcript of the episode
ImageReady-to-print PDF (Acrobat) transcript  
Image
(Note that the text transcripts will appear a few hours later
than the audio files since they are created afterwards.)

For best results: RIGHT-CLICK on one of the two audio icons Image & Image below then choose "Save Target As..." to download the audio file to your computer before starting to listen. For the other resources you can either LEFT-CLICK to open in your browser or RIGHT-CLICK to save the resource to your computer.

You can receive a weekly show summary, notes and
picture of the week the evening before the podcast!
 
(Every email sent contains an instant unsubscribe.)
Click HERE to see a sample weekly email.


Episode #1074 | 14 Mar 2026 | ... min.
What Mythos Means
Image
• A San Francisco AI developer conference in two weeks. • Thank goodness Anthropic was the one who created Mythos rather than any of our cyber-adversaries.
Image 236 KB   <-- Show Notes

Episode #1073 | 07 Mar 2026 | 146 min.
The FCC Bans New Consumer Routers
Image
• Apple's 26.4 age queries catches many by surprise. • LinkedIn's 2.7 MB of privacy-invading javascript. • Microsoft starts forcing Win11 24H2 to 25H2. • Cisco loses source code to the Trivy supply-chain mess. • Proton introduces privacy-first voice and video "Meet". • GitHub to fix lagging security of its Actions feature. • Cloudflare reaffirms the privacy of its 1.1.1.1 DNS. • Cloudflare uses AI to re-code better secure Wordpress. • The FCC drops a ban on all new consumer-grade routers.
Image70 MB Image17 MB Image 377 KB   <-- Show Notes Image163 KB Image114 KB Image366 KB

Episode #1072 | 31 Mar 2026 | 147 min.
LiteLLM
Image
• Will California require Linux to verify its user's age. • Apple's iOS 26.4 requires UK users to prove their age. • Russia chooses to use home grown 5G mobile encryption. • Ukraine knew the webcam was installed by Russian spies. • Google moves quantum computing "Q Day" to 2029. • At RSA, UK's NCSC CEO warns of vibe-coded SaaS replacements. • More information about nasty ClickFix campaigns. • More than one in seven Reddit postings are an AI-bot. • The story behind the LiteLLM disaster that was averted.
Image71 MB Image18 MB Image 225 KB   <-- Show Notes Image175 KB Image115 KB Image383 KB

Episode #1071 | 24 Mar 2026 | 153 min.
Bucketsquatting
Image
• H&R Block's tax software does something SO WRONG. • The Intoxalock breathalyzer calibration cyber attack. • Firefox now offers a 100% free built-in VPN. • TikTok and Meta's tracking pixels are so much more. • Russians beg for the return of Telegram, WhatsApps and others. • Never connect your crypto-wallet to an unknown service. • What would a week be without a Cisco CVSS of 10.0. • Ubiquiti patches a 10.0 critical flaw. • Listener feedback and... • What's "Bucketsquatting" and what can be done to prevent it.
Image73 MB Image18 MB Image 768 KB   <-- Show Notes Image127 KB Image110 KB Image321 KB

Episode #1070 | 17 Mar 2026 | 139 min.
CISA's Free Internet Scanning
Image
• The Security Now “Caption That Photo” contest. • A mega social media company says “no” to strong encryption. • WhatsApp to give parents more control. • Consumer bandwidth proxying is becoming a big deal. • Meta buys the Moltbook duo. • The EU gives up and settles upon the status quo. • When a ransomware negotiation is not what it seems. • CISA compels federal agencies to submit their logs. • Is that a VPN in your pocket or something more malicious. • Be careful what you download, thinking it's AI. • A super-clever and super-simple A/V scanner bypass. • Will AI write code for me? • Another listener discovers the Joy of AI. • Steve's CISA Internet scanning experience.
Image67 MB Image17 MB Image 490 KB   <-- Show Notes Image163 KB Image107 KB Image358 KB

Episode #1069 | 10 Mar 2026 | 146 min.
You can't hide from LLMs
Image
• Anthropic & Mozilla improve Firefox's security. • Apple & Google begin testing cross-platform RCS encryption. • Ubuntu's SUDO starts echoing asterisks. • Inviting a web proxy into your home. • Apple devices cleared by Germany for NATO's use. • A serious remote takeover of OpenClaw. • TokTok won't encrypt messaging for visibility. • Microsoft bans the term “Microslop” on Discord. • Lot's of great listener feedback. • LLMs could make Orwell's 1984 seem optimistic.
Image70 MB Image17 MB Image 328 KB   <-- Show Notes Image174 KB Image114 KB Image383 KB

Episode #1068 | 04 Mar 2026 | 49 min.
The Call is Coming from Inside the House
Image
ThreadLocker Special – Steve & Leo take to the stage during ThreatLocker's 4th annual Zero Trust World security conference to discuss the final frontier of enterprise security and the need to rethinking the need for true “least privilege” security design.
Image23.3 MB Image5.8 MB (No show notes or transcripts for this live on-stage presentation.)

Episode #1067 | 03 Mar 2026 | 135 min.
KongTuke's CrashFix
Image
• The lowdown on last week's “no turn” picture of the week. • Is an AI-driven hacking campaign a big deal now. • Clause used in multiple Mexican government attacks. • Apple continues to be confronted with age restrictions. • COPPA needs an exception to allow age collection. • Meta swamps law enforcement with AI-slop CSAM reports. • Roskomnadzor has been busy blocking VPNs. Guess how many? • The UK tries to report their self-scanning success. • Remember that hacker who extorted the psychotherapy patients? • Scattered Lapsus$ Hunters is actively recruiting women. • Cisco lands another breathtakingly rare 10.0 CVSS. • VulnCheck's report on 2025 vulnerabilities and exploits. • Steve discovers a fabulous $72 Hardware Security Module. • A listener shares an interesting AI service discovery. • The very potent “ClickFix” exploit evolves.
Image65 MB Image16 MB Image 330 KB   <-- Show Notes Image194 KB Image121 KB Image396 KB

Episode #1066 | 24 Feb 2026 | 148 min.
Password Leakage
Image
• CA's warn us to urgently prepare for the inevitable. • Three U.S. states attempt to ban 3D printed firearms. • Denied ransom, ShinyHunters leaks 967,000 personal details. • "Billions" of U.S. social security numbers leaked. • Is Apple planning to add cameras to three new gadgets. • No more security fixes for Firefox on Windows 7 & 8. • Russia blocks the official Linux kernel site they need. • Will the U.S."freedom.gov" site post EU blocked content. • LLM's will offer secure passwords. Do Not Use Them. • As predicted, the "ClickFix" attack strategy takes over. • A listener believes his computer is compromised. • How could three popular password managers get things wrong.
Image71 MB Image18 MB Image 365 KB   <-- Show Notes Image168 KB Image116 KB Image371 KB

Episode #1065 | 17 Feb 2026 | 134 min.
Attestation
Image
• Websites can place high demands upon limited CPU resources. • Microsoft appears to back away from its security commitment. • What's Windows 11 26H1 and where do I get it. • Chrome 145 brings Device Bound Session Credentials. • More countries are moving to ban underage social media use. • The return of Roskomnadzor. • Discord to require proof of adulthood for adult content. • Might you still be using WinRAR 7.12 -- I was. • Paragon's Graphite can definitely spy on all instant messaging. • 30 malicious Chrome Extensions. • 287 Chrome extensions from spying on 37.4 million users. • The first malicious Outlook add-in steals 4000 user's credentials. • Some AI "vibe" coding thoughts. • What I just went through to obtain a new code signing certificate.
Image65 MB Image16 MB Image 244 KB   <-- Show Notes Image136 KB Image103 KB Image329 KB

Episode #1064 | 10 Feb 2026 | 139 min.
Least Privilege
Image
• How is the EU's GDPR fine collection going. • Western democracies are getting serious about offensive cybercrime. • The powerful cyber component of the Midnight Hammer operation. • Signs of psychological dependence upon OpenAI's GPT-4o chatbot. • CISA orders government agencies to unplug end-of-support devices. • How to keep Windows from annoying us after an upgrade. • What is OpenClaw, how safe is it to use, what does it mean. • Another listener uses AI to completely code an app. • Coinbase suffers another insider breach. What can be done.
Image67 MB Image17 MB Image 252 KB   <-- Show Notes Image171 KB Image115 KB Image366 KB

Episode #1063 | 03 Feb 2026 | 150 min.
Mongo's Too Easy
Image
• An anti-virus system infects its own users. • Apple's next iOS release “fuzzes” cellular locations. • cURL discontinues bug bounties under bogus AI flood. • AI discovers and fixes 15 CVE-worthy 0-days in OpenSSL. • Ireland did NOT already pass their spying legislation. • AI irreversibly deletes all project files. Says it's sorry. • Windows has a serious global clipboard security problem. • ISPs have the ability to monetize their subscriber's identities. • MongoDB has lowered the hacking skill level bar to the floor.
Image72 MB Image18 MB Image 286 KB   <-- Show Notes Image187 KB Image121 KB Image398 KB

Episode #1062 | 27 Jan 2026 | 147 min.
VoidLink: AI-Generated Malware
Image
• CISA's uncertain future remains quite worrisome. • Worrisome is Ireland's new "lawful" interception law. • The EU's Digital Rights organization pushes back. • Microsoft acknowledges it turns over user encryption keys. • Alex Neihaus on AI enterprise usage dangers. • Gavin confesses he put a database on the Internet. • Worries about a massive podcast rewinding backlog. • What does the emergence of AI-generated malware portend?
Image70 MB Image18 MB Image 216 KB   <-- Show Notes Image171 KB Image118 KB Image372 KB

Episode #1061 | 20 Jan 2026 | 134 min.
More GhostPoster
Image
• RAM pricing to affect enterprise firewall equipment. • Anthropic provides sizeable support to Python Foundation. • The FTC clamps down on GM's secret sale of driving data. • “ANCHOR” replaces “CIPAC” for industry-government sharing. • Germany planning to legislate total access to global data. • Grubhub becomes the latest ShinyHunters extortion victim. • Let's Encrypt's 6-Day certs are available to everyone. • Iran planning to permanently take itself off the Internet. • HD Tune before and after a SpinRite Level 3 refresh. • Some great listener feedback, and • More trouble from GhostPoster malicious browser extensions.
Image64 MB Image16 MB Image 475 KB   <-- Show Notes Image170 KB Image108 KB Image360 KB

Episode #1060 | 13 Jan 2026 | 147 min.
3-Day Certificates
Image
• A look at Microsoft's Azure cloud code signing. • California implements DROP, global data broker opt-out. • Where's the town of “Whata Bod” Idaho. • iOS built-in Mail app worked itself out of a job. • A 30-minute tutorial for non-coders about AI coding. • Claude Code appears to be winning over the AI coding world. • Various listener musings on code signing. • A bit of Magnesium feedback. • What use are 3-day code signing certs?
Image71 MB Image18 MB Image 437 KB   <-- Show Notes Image182 KB Image121 KB Image392 KB

Episode #1059 | 06 Jan 2026 | 171 min.
MongoBleed
Image
• Code-signing certificate lifetimes shortened by two years. • Sadly, ChatGPT is heading toward an advertising profit model. • The Python Package Index is strengthening its security. • BitLocker gets hardware acceleration, but not today. • New York City's mayoral inauguration banned Raspberry Pi's. • An astonishingly good British time travel series. • A critical link between Vitamin D and Magnesium. • A look inside the very bad MongoBleed vulnerability.
Image82 MB Image20 MB Image 454 KB   <-- Show Notes Image224 KB Image137 KB Image455 KB
Past Years Archives

• Current Podcast Page
• Security Now 2025
• Security Now 2024
• Security Now 2023
• Security Now 2022
• Security Now 2021
• Security Now 2020
• Security Now 2019
• Security Now 2018
• Security Now 2017
• Security Now 2016
• Security Now 2015
• Security Now 2014
• Security Now 2013
• Security Now 2012
• Security Now 2011
• Security Now 2010
• Security Now 2009
• Security Now 2008
• Security Now 2007
• Security Now 2006
• Security Now 2005


Jump to top of page
Gibson Research Corporation is owned and operated by Steve Gibson.  The contents
of this page are Copyright (c) 2026 Gibson Research Corporation. SpinRite, ShieldsUP,
NanoProbe, and any other indicated trademarks are registered trademarks of Gibson
Research Corporation, Laguna Hills, CA, USA. GRC's web and customer privacy policy.
Jump to top of page

Last Edit: Apr 13, 2026 at 08:56 (1.12 days ago)Viewed 796 times per day