Security Now (Audio)

Steve Gibson and Leo Laporte host a special episode of Security Now live from ThreatLocker's Zero Trust World 2026 in Orlando, Florida.

The final frontier of security is internal. Today, we have the tools, techniques and technologies to thwart attacks originating from outside our perimeter. We're now good at protecting our borders. But major high profile breaches occurring over the past several years have revealed that insufficie...

A crafty new breed of social engineering attack is tricking users into launching malware straight from their clipboard, exposing a fresh vulnerability in Windows that even tech pros could fall for. Leo Laporte and Steve Gibson break down how the latest ClickFix and CrashFix exploits are outsmarting traditional defenses.

• The lowdown on last week's "no turn" picture of the week.
• Is an AI-driven hacking campaign a big deal now.
...

ETH Zurich's deep-dive into the world's top password managers exposes how feature overload and legacy design obscure real security flaws, forcing a rethink of what "zero knowledge" actually means for your vault. Learn why recent fixes matter—and why open source may be your safest bet.

• CA's warn us to urgently prepare for the inevitable.
• Three U.S. states attempt to ban 3D printed firearms.
• Denied ransom, ShinyHunters leaks ...

How secure are your Chrome extensions and certificate signings really? This episode pulls back the curtain on a massive spyware discovery and exposes the convoluted hoops developers must jump through to prove their identity in 2026.

• Websites can place high demands upon limited CPU resources.
• Microsoft appears to back away from its security commitment.
• What's Windows 11 26H1 and where do I get it.
• Chrome 145 brings Device B...

From EU fines that never get paid to cyber warfare grounding missiles mid-battle, this week's episode uncovers the untold stories and real-world consequences shaping today's digital defenses.

• How is the EU's GDPR fine collection going.
• Western democracies are getting serious about offensive cybercrime.
• The powerful cyber component of the Midnight Hammer operation.
• Signs of psychological dependence upon OpenAI's GPT-4o chat...

When a popular antivirus and even Notepad++ turn into infection vectors after supply chain breaches, it's clear no software is safe from attack—or from its own update system. Steve and Leo unpack the risks hiding right inside your next auto-update.

• An anti-virus system infects its own users.
• Apple's next iOS release "fuzzes" cellular locations.
• cURL discontinues bug bounties under bogus AI flood.
• AI discovers and fixes 15 ...

Can AI really write malware better than hackers ever could? This episode exposes the first real-world case of advanced, fully AI-generated malware and why it signals a seismic shift in cybersecurity risk.

• CISA's uncertain future remains quite worrisome.
• Worrisome is Ireland's new "lawful" interception law.
• The EU's Digital Rights organization pushes back.
• Microsoft acknowledges it turns over user encryption keys.
• Alex Nei...

Soaring RAM prices are about to hit your security gear where it hurts, and the fallout could change what's protecting your network. Find out who's about to pay and why the AI gold rush is reshaping more than just your server specs.

• RAM pricing to affect enterprise firewall equipment.
• Anthropic provides sizeable support to Python Foundation.
• The FTC clamps down on GM's secret sale of driving data.
• "ANCHOR" replaces "CIPAC" ...

Why are code signing certificates suddenly so expensive, short-lived, and tangled in red tape? Leo Laporte and Steve Gibson dig into Microsoft's "three-day certificates," the hidden costs for developers, and the security tradeoffs no one saw coming.

• A look at Microsoft's Azure cloud code signing.
• California implements DROP, global data broker opt-out.
• Where's the town of "Whata Bod" Idaho.
• iOS built-in Mail app worked itse...