

Security Now (Audio)
TWiT
Cybersecurity guru Steve Gibson joins Leo Laporte every Tuesday. Steve and Leo break down the latest cybercrime and hacking stories, offering a deep understanding of what's happening and how to protect yourself and your business. Security Now is a must listen for security professionals every week.
Records live every Tuesday at 4:30pm Eastern / 1:30pm Pacific / 20:30 UTC.
Records live every Tuesday at 4:30pm Eastern / 1:30pm Pacific / 20:30 UTC.
Episodes
Mentioned books

Oct 29, 2025 • 3h 11min
SN 1049: DNS Cache Poisoning Returns - Ransomware Payments Plummet
 A classic security threat, DNS cache poisoning, is making a comeback, revealing vulnerabilities in DNS resolvers that struggle with random number generation. In a surprising twist, a Linux-based vacuum is found to be sending homeowner data back to its manufacturer. The podcast discusses Russia’s new vulnerability reporting laws reminiscent of China’s, while teens tied to Scattered Spider are arrested. Ransomware payments have plummeted, raising questions about recovery confidence and the tactics attackers use to breach systems. 

21 snips
Oct 22, 2025 • 2h 50min
SN 1048: Mic-E-Mouse - AWS Goes Down Hard
 Could your mouse be eavesdropping on you? Steve and Leo dive into startling research revealing that optical mice can pick up desk vibrations tied to speech. They also discuss the implications of unencrypted geosynchronous satellite traffic, highlighting security risks. The recent AWS outage raises concerns about Internet monoculture. Plus, updates on Texas's app age-verification lawsuit and NIST's new password guidelines. China's accusations against the NSA add a geopolitical twist to the tech landscape. 

20 snips
Oct 15, 2025 • 2h 32min
SN 1047: RediShell's CVSS 10.0 - The Rise of Mega Botnets
 Texas may require Apple and Google to enforce strict age verification for app downloads, sparking privacy concerns. The EU has postponed a controversial chat control vote, while Salesforce refuses to pay a ransomware demand, leading to a data leak. A Discord breach exposes 70,000 government IDs, and Microsoft prepares to move GitHub to Azure. Plus, a massive botnet targets U.S. RDP services, and experts critique the usability of iOS 26's new interface. Finally, a critical vulnerability in Redis servers demands urgent attention. 

43 snips
Oct 8, 2025 • 2h 31min
SN 1046: Google's Developer Registration Decree - The End of Free Android Apps?
 Google's demand for developer registration raises alarms about the future of open-source app stores. The EU's upcoming vote on chat control could compromise user privacy significantly. Qantas tries to block the publication of stolen customer data, while researchers unveil a budget-friendly 'Battering RAM' attack device. Discord experiences a breach exposing IDs, and Imgur restricts UK access due to data protection concerns. Meanwhile, Brave disputes its claims of being three times faster than competitors. The landscape of digital privacy and security remains precarious. 

44 snips
Oct 1, 2025 • 2h 50min
SN 1045: News and Listener Views - 2.3 Million Cisco Devices Exposed
 A shocking vulnerability exposes over two million Cisco devices due to a dangerously flawed SNMP setup, prompting a call for urgent fixes. Gmail faces a false-positive spam filtering crisis, while Safari introduces advanced fingerprint protection in iOS 26. The fallout from Jaguar Land Rover's ransomware attack provides key lessons on cyber preparedness. Meanwhile, the Neon app pays users for voice recordings, raising privacy concerns. Plus, discussions on age verification solutions and the potential risks of unprotected LLM instances make for a riveting listen. 

54 snips
Sep 24, 2025 • 3h 1min
SN 1044: The EU's Online Age Verification - Consumer Reports vs. Microsoft
 Consumer Reports urges Microsoft to extend Windows 10 support as many users feel abandoned. The GAO exposes significant waste in DoD cyber operations. Meanwhile, DeepSeek's flawed code raises ethical concerns. Chrome faces a sixth 0-day vulnerability, prompting an emergency update, and DDR5 memory remains vulnerable to attacks. In a surprising twist, Samsung refrigerators start displaying ads. Finally, Spain pioneers a privacy-focused age verification system, navigating the balance between security and identity protection. 

68 snips
Sep 17, 2025 • 2h 51min
SN 1043: Memory Integrity Enforcement - Crypto ATM Scam Epidemic
 Discover how Apple's new Memory Integrity Enforcement technology aims to revolutionize iPhone security and potentially eliminate most vulnerabilities. Dive into the alarming rise of crypto ATM scams and the neglect shown by companies like Athena Bitcoin. Listen to discussions on recent ransomware attacks impacting schools and a record-breaking DDoS incident causing chaos online. Explore the ongoing debates in the EU around privacy laws and the challenges of balancing security with user freedom in the digital age. 

80 snips
Sep 10, 2025 • 2h 56min
SN 1042: Letters of Marque - 1.1.1.1 Certificate Snafu
 The potential legalization of 'hack back' missions could turn companies into cyber warriors, blurring defense and retaliation lines. Google faces backlash for allegedly blackmailing security researchers. Artists encounter threats as AI seeks to use their work without consent. Misissued TLS certificates highlight trust issues in cybersecurity. Ongoing legal battles between Apple and the UK raise privacy concerns. Can the software supply chain ever be trusted? The intersection of AI and cyber threats complicates the landscape, making vigilance and ethical considerations more crucial than ever. 

52 snips
Sep 3, 2025 • 3h 3min
SN 1041: Covering All the Bases - SHAKEN Networks, Uncontrollable AI, and Robocall Reckoning
 Steve Gibson dives into the chaos of software supply chain vulnerabilities, questioning if anyone can truly vet dependencies. The ramifications of AI out of control, illustrated by celebrity chatbots, raise critical ethical concerns. Also discussed are the newly enforced SHAKEN protocols for telecoms and the dangers of authentication consolidation. Issues surrounding age verification online and recent data breaches shed light on privacy challenges. As we celebrate BYTE Magazine's 50th anniversary, the conversation wraps up with reflections on tech evolution and user autonomy in AI. 

100 snips
Aug 27, 2025 • 2h 51min
SN 1040: Clickjacking "Whac-A-Mole" - Inside the Password Manager Clickjacking Frenzy and What It Means
 Alarm bells ring over a potential browser zero-day threat, but is it really that serious? The discussion dives into clickjacking and its implications for password security. Germany may outlaw ad blockers, raising privacy concerns. There's also news about the UK backing off its demands from Apple and Microsoft throttling new tenants. AI's dual role in advertising and cybersecurity is explored, along with vulnerabilities in Linux systems and password managers. Finally, the balance between user control and advertising impact is examined. 


