Security Now (Audio)

Steve Gibson and Leo Laporte host a special episode of Security Now live from ThreatLocker's Zero Trust World 2026 in Orlando, Florida. The final frontier of security is internal. Today, we have the tools, techniques and technologies to thwart attacks originating from outside our perimeter. We're no...

A crafty new breed of social engineering attack is tricking users into launching malware straight from their clipboard, exposing a fresh vulnerability in Windows that even tech pros could fall for. Leo Laporte and Steve Gibson break down how the latest ClickFix and CrashFix exploits are outsmarting ...

A crafty new breed of social engineering attack is tricking users into launching malware straight from their clipboard, exposing a fresh vulnerability in Windows that even tech pros could fall for. Leo Laporte and Steve Gibson break down how the latest ClickFix and CrashFix exploits are outsmarting ...

ETH Zurich's deep-dive into the world's top password managers exposes how feature overload and legacy design obscure real security flaws, forcing a rethink of what "zero knowledge" actually means for your vault. Learn why recent fixes matter—and why open source may be your safest bet. CA's warn us t...

ETH Zurich's deep-dive into the world's top password managers exposes how feature overload and legacy design obscure real security flaws, forcing a rethink of what "zero knowledge" actually means for your vault. Learn why recent fixes matter—and why open source may be your safest bet. CA's warn us t...

How secure are your Chrome extensions and certificate signings really? This episode pulls back the curtain on a massive spyware discovery and exposes the convoluted hoops developers must jump through to prove their identity in 2026. Websites can place high demands upon limited CPU resources. Microso...

From EU fines that never get paid to cyber warfare grounding missiles mid-battle, this week's episode uncovers the untold stories and real-world consequences shaping today's digital defenses. How is the EU's GDPR fine collection going. Western democracies are getting serious about offensive cybercri...

When a popular antivirus and even Notepad++ turn into infection vectors after supply chain breaches, it's clear no software is safe from attack—or from its own update system. Steve and Leo unpack the risks hiding right inside your next auto-update. An anti-virus system infects its own users. Apple's...

Can AI really write malware better than hackers ever could? This episode exposes the first real-world case of advanced, fully AI-generated malware and why it signals a seismic shift in cybersecurity risk. CISA's uncertain future remains quite worrisome. Worrisome is Ireland's new "lawful" intercepti...

Soaring RAM prices are about to hit your security gear where it hurts, and the fallout could change what's protecting your network. Find out who's about to pay and why the AI gold rush is reshaping more than just your server specs. RAM pricing to affect enterprise firewall equipment. Anthropic provi...

Why are code signing certificates suddenly so expensive, short-lived, and tangled in red tape? Leo Laporte and Steve Gibson dig into Microsoft's "three-day certificates," the hidden costs for developers, and the security tradeoffs no one saw coming. A look at Microsoft's Azure cloud code signing. Ca...

Why are code signing certificates suddenly so expensive, short-lived, and tangled in red tape? Leo Laporte and Steve Gibson dig into Microsoft's "three-day certificates," the hidden costs for developers, and the security tradeoffs no one saw coming. A look at Microsoft's Azure cloud code signing. Ca...

Why are code signing certificates suddenly getting shorter, pricier, and more restrictive? Steve Gibson and Leo Laporte expose the "cabal" rewriting the rules for everyone who builds software—and what it means for your security and your wallet. Code-signing certificate lifetimes shortened by two yea...

In this special holiday episode, Steve Gibson and Leo Laporte revisit their classic conversation about vitamin D—diving into the science, surprising updates, and practical tips for your health. Whether you've heard it before or are tuning in for the first time, this "blast from the past" is the perf...

What if your smart TV and Firefox extensions were secretly hijacking your security and privacy? This episode reveals the jaw-dropping discovery of a massive TV botnet and the surprisingly clever malware lurking behind innocent browser icons. North Korea's profitable fixation on cryptocurrency. Amazo...

Australia's nationwide social media ban has put tech's age verification tools under the spotlight, exposing the flaws and privacy risks in today's facial detection systems and sparking worldwide debate about what's coming for the rest of us. Home Depot's puzzling reluctance to close a bad hole. GNOM...

A devastating new React vulnerability earned a "perfect 10" for risk, letting attackers remotely run code on a million-plus servers with a single HTTP request. Find out what happened, how fast attackers moved in, and why this bug changes everything for web security. France's VanityFair face a stiff ...

Cisco has finally admitted it's time for real change and is vowing to build "secure by default" gear after decades of criticism. Steve Gibson reacts to a rare moment when a tech giant actually gets security right—and what it means for everyone running critical infrastructure. • Scattered Lapsus$ Hun...

Could banning VPNs really become law in the US? This episode breaks down the jaw-dropping legislation in Wisconsin and Michigan that targets VPN access for everyone, not just kids—and what it means for your digital privacy. The EU finally comes to its "Chat Control" senses. Windows 11 to include Sys...

Think your cell phone is safe from tracking? Steve reveals how global networks let anyone pinpoint your location—no hacking required and no malware involved. Apple introduces a new Digital ID inside Wallet. Checkout.com refuses to pay a ransom demand. Google announces "Private AI Compute" in the clo...