Security Now!

Why did a mysterious empty "inetpub" directory appear after April's Patch Tuesday?
And what new Windows Update crashing hack did this also create?
North Korea is now creating fake US companies to...

Enabling Firefox's Tab Grouping.
Recalled Recall Re-Rolls out.
The crucial CVE program nearly died. It's been given new life.
China confesses to hacking the US (blames our stance on Taiwan)....

Android to get "Lockdown Mode".
What's in the new editions of Chrome and Firefox?
Why did Apple silently re-enable automatic updates?
My new iPhone 16, Chinese tariffs and electronics.
Dynamic...

Canon printer driver vulnerabilities enable Windows kernel exploitation.
Astonishing cyber-security awareness from a household appliance manufacturer.
France tries to hook 2.5 million school...

Kuala Lumpur International Airport says no to a ransom attack, switches to whiteboard.
A tired and jet-lagged Troy Hunt got Phished then listed himself on his own site.
Cloudflare completely...

The dangers of doing things you don't understand.
Espressif responds to the claims of an ESP32 backdoor.
A widely leveraged mistake Microsoft stubbornly refuses to correct.
A disturbingly simple...

An analysis of Telegram Messenger's crypto.
A beautiful statement of the goal of modern crypto design.
Who was behind Twitter's recent outage trouble?
An embedded Firefox root certificate...

Utah passes age verification requirement for app stores.
The inside story on fake North Korean employees. Is that a Texas accent?
An update on the ongoing Bybit cryptoheist saga.
The industry...

Firefox amends their privacy policy -- the world melts down.
Signal threatens to leave Sweden.
Aftermath of the massive $1.5 billion Bybit ETH heist.
It turns out that it wasn't actually Bybit's...

US lawmakers respond to the UK's outrageous demand about Apple's encryption.
What, exactly, is a "backdoor", and can a "backdoor" NOT be secret?
Highlights from last week's Windows' Patch...

Why was DeepSeek banned by Italian authorities?
What internal proprietary DeepSeek data was found online?
What is "DeepSeek" anyway? Why do we care, and what does it mean?
Did Microsoft just...

eM Client CAN be purchased outright.
An astonishing 5-year-old typo in MasterCard's DNS.
An unwelcome surprise received by 18,459 low-level hackers.
DDoS attacks continue growing, seemingly...

What do we learn from January's record breaking 0-day critical Patch Tuesday?
Microsoft to "force-install" a new Outlook into all Windows 10 and 11 desktops?
GoDaddy required to get much more...

Meta winds down 3rd-party content filtering. Is encryption soon to follow?
Taking over abandoned Command & Control server domains (strictly for research purposes only).
IoT devices to get the...

The consequences of Internet content restriction.
The measured risks of 3rd-party browser extensions.
The consequences of SonicWall's unpatched 9.8 firewall severity.
The incredible number of...

Leo revisits some of the year's top Security Now segments of 2024.
956. Apple's Hardware Backdoor: Steve reflects on the previous week's 'The Mystery of CVE-2023-38606' deep-dive. Did Apple...

Is AI the Wizard of Oz? Or is it more?
Microsoft's long standing effective MFA login bypass.
Is TPM 2.0 not required after all for Windows 11?
Meet 14 North Korean IT workers who made $88...

This week, Steve and Leo discuss the recent 'Salt Typhoon' hack of U.S. telecom providers by China, TPM 2.0 requirement for Windows 11, Microsoft's newly hacked Windows activation system, Apple...

Steve Gibson and Leo Laporte discuss Microsoft's clarification about AI training data usage, a fascinating breakthrough in understanding autonomous vehicle vulnerabilities, and an urgent call for...

What's the new "nearest neighbor" attack and how do you defend against it?
Let's Encrypt just turned 10. What changes has it wrought?
Now the Coast Guard is worried about Chinese built...