Security Now (Audio)

A critical React vulnerability just received a 'perfect 10' for risk, allowing attackers to compromise over a million servers with a single request. GrapheneOS recently withdrew from France, citing privacy concerns over new laws. In India, smartphone tracking mandates faced backlash, leading to their abrupt cancellation. Meanwhile, the demand for RAM driven by AI is causing skyrocketing prices. Finally, local network access permissions in Chrome aim to enhance security against remote attacks.

Cisco finally acknowledges the need for serious security improvements, vowing to implement 'secure by default' devices. A major cybersecurity incident strikes Salesforce, leading to discussions about supply-chain breaches and the risks of outsourcing. Australia introduces a ban on underage social media use, and the EU considers replacing US tech with local alternatives. Best practices for passwords versus passkeys are explored, alongside an intriguing analysis of SSD data retention. Plus, exciting news about a new Stargate series!

Could VPN bans become a reality in the US? Discover the chilling proposals in Wisconsin and Michigan targeting digital privacy for everyone. Delve into the EU's shift on chat control and Windows 11's inclusion of Sysmon for enterprise monitoring. Explore the Pentagon's investment in offensive AI and the real threats of doxing military personnel. Plus, a look at recent WhatsApp vulnerabilities and the implications of banning VPNs altogether. Tune in for insights on tech, privacy, and the future of digital security!

Can your cellphone be tracked without malware? Absolutely! Discover how telecom signaling allows pinpointing your location. Apple’s new Digital ID is set to transform wallets, while Checkout.com opts to fund cybersecurity research over paying ransom. Google juggles AI in the cloud and rolls back some developer registration rules. Venturing into the risky world of cellphone tracking and privacy, experts reveal the ins and outs of SS7 vulnerabilities. Tune in for juicy listener feedback and vital security insights!

Amazon is suing Perplexity AI, questioning the future of automated online shopping. FFmpeg is exploring assembly language for massive performance boosts. Nevada recovers from a ransomware attack without paying a dime. A bizarre mathematical error leads to a $128 million exploit in DeFi. The UK commits to blocking number spoofing to curb scams. Meanwhile, Google acquires Wiz to enhance security, as new cookie rules are on the horizon in the EU. The ongoing discussion about AI agents raises concerns about user control over online purchases.

AI-powered web browsers are emerging, but experts warn they could lead to serious security issues. Hidden radios have been found in Chinese-made buses, raising privacy concerns. New scareware blockers in Edge and Chrome aim to combat scams, but trade-offs exist. Meanwhile, Italy introduces age verification for adult sites, and Russia pushes for domestic software use. Recent malware threatens Cisco devices, while TypeScript's popularity surges in GitHub reports. The rollout of AI browsers could create a new attack vector, prompting caution among users.

A classic security threat, DNS cache poisoning, is making a comeback, revealing vulnerabilities in DNS resolvers that struggle with random number generation. In a surprising twist, a Linux-based vacuum is found to be sending homeowner data back to its manufacturer. The podcast discusses Russia’s new vulnerability reporting laws reminiscent of China’s, while teens tied to Scattered Spider are arrested. Ransomware payments have plummeted, raising questions about recovery confidence and the tactics attackers use to breach systems.

Could your mouse be eavesdropping on you? Steve and Leo dive into startling research revealing that optical mice can pick up desk vibrations tied to speech. They also discuss the implications of unencrypted geosynchronous satellite traffic, highlighting security risks. The recent AWS outage raises concerns about Internet monoculture. Plus, updates on Texas's app age-verification lawsuit and NIST's new password guidelines. China's accusations against the NSA add a geopolitical twist to the tech landscape.

Texas may require Apple and Google to enforce strict age verification for app downloads, sparking privacy concerns. The EU has postponed a controversial chat control vote, while Salesforce refuses to pay a ransomware demand, leading to a data leak. A Discord breach exposes 70,000 government IDs, and Microsoft prepares to move GitHub to Azure. Plus, a massive botnet targets U.S. RDP services, and experts critique the usability of iOS 26's new interface. Finally, a critical vulnerability in Redis servers demands urgent attention.

Google's demand for developer registration raises alarms about the future of open-source app stores. The EU's upcoming vote on chat control could compromise user privacy significantly. Qantas tries to block the publication of stolen customer data, while researchers unveil a budget-friendly 'Battering RAM' attack device. Discord experiences a breach exposing IDs, and Imgur restricts UK access due to data protection concerns. Meanwhile, Brave disputes its claims of being three times faster than competitors. The landscape of digital privacy and security remains precarious.