Security Now (Audio)
TWiT
Security Now is a long-running, deep-dive exploration into the rapidly evolving landscape of cybersecurity and digital infrastructure. Hosted by Steve Gibson, the show serves as an essential weekly briefing for those who want to understand the mechanics of the internet, the nature of emerging threats, and the technical realities behind the day's biggest security headlines. The podcast has recently pivoted toward an intense focus on the dual-edged sword of artificial intelligence. Gibson meticulously breaks down how AI is revolutionizing both offensive hacking—by accelerating vulnerability discovery and automating exploitation—and defensive strategies, such as autonomous patching and diagnostic troubleshooting. Listeners get a front-row seat to the collision between traditional IT management and the blistering pace of AI-driven cyber warfare. Beyond the cutting-edge tech, the show excels at contextualizing current events within the history of computing. Whether dissecting the intricacies of supply chain attacks in Linux repositories, analyzing the failure modes of major web browsers, or uncovering forgotten pieces of digital sabotage, the program provides rigorous technical analysis without losing sight of the human and institutional failures that often invite disaster. If you are looking for a show that prioritizes facts, logical deduction, and a proactive mindset toward digital safety, this is the ultimate resource for staying informed in an increasingly complex and automated world.
Updated Jul 2, 2026
Episodes
SN 1085: A SOTA State-Sponsored Campaign - AI's New Superpower: Loop Engineering
AI-driven looping and iteration have become the new standard for autonomous vulnerability discovery and exploitation.
SN 1084: The Residential Proxy Threat - Malicious Proxies in Your Living Room
Residential proxy networks are enabling attackers to bypass geo-blocking by routing malicious traffic through home IPs.
SN 1083: Patch Tuesday à la AI - Arch Linux Repo Under Siege
Over 400 Arch Linux repository packages were compromised by a stealthy rootkit designed to steal developer secrets.
SN 1082: The Malicious Use of AI - Anthropic's Red Team Report
Anthropic reveals how hackers are using AI for malicious campaigns as analyzed through the MITRE ATT&CK framework.
SN 1081: AI Captured the Flag - Personal AI: Productivity Superpower or Privacy Threat?
AI is revolutionizing cybersecurity by transforming capture the flag competitions and exposing hidden vulnerabilities.
SN 1080: Vulnerability Debt Repayment - Will Mythos Change Cybersecurity Forever?
AI-driven vulnerability discovery is exposing the limits of the CVE system, forcing a shift to automated remediation.
SN 1079: Daybreak and Codename MDASH - Microsoft's Edge Password Blunder
Microsoft is patching a flaw in the Edge password manager that stored user credentials in plain text within system RAM.
SN 1078: DigiCert does it right - Hugging Face Under Fire
DigiCert sets the standard for breach disclosure while AI uncovers a critical 21-year-old vulnerability in FreeBSD.
SN 1077: A Browser AI API? - End of Bug Bounties?
AI-powered vulnerability research is accelerating the discovery of legacy flaws, likely spelling the end of bug bounties.
SN 1076: FAST16.SYS - Unmasking the NSA's Most Diabolical Digital Sabotage
Researchers have uncovered a diabolically brilliant piece of malware from the Windows 2000 era that predates Stuxnet.
SN 1075: Yes. Exactly. - The Zero-Day Ticking Clock
A disgruntled researcher is leaking Windows zero-day exploits in retaliation against Microsoft’s security disclosures.
SN 1074: What Mythos Means - Marketing or Mayhem
In episode 1074 of Security Now, hosts Steve Gibson and Leo Laporte analyze a critical turning point in the evolution of digital security. The discussion centers on the rapid emergence of autonomous artificial intelligence capable of chaining zero-day vulnerabilities into functional exploits. The hosts explore how this technological leap signals the end of the traditional software industry practice of shipping products with known flaws and patching them later. They argue that the current landscape represents perhaps the most consequential hundred days in cyber history, forcing a fundamental shift in how developers and organizations approach code integrity. Listeners can expect a deep dive into the implications of these AI-driven threats, the necessity for a new security mindset, and the urgent demand for more rigorous, proactive software development standards in an increasingly volatile and automated threat environment.
SN 1073: The FCC Bans New Consumer Routers - LinkedIn's JavaScript Bombshell
In this episode of Security Now, hosts Steve Gibson and Leo Laporte dive into a controversial FCC ruling that bans new consumer-grade routers manufactured outside the United States. The hosts analyze the potential cybersecurity implications of this mandate, explaining why experts believe it could hinder innovation and trap users with aging, insecure hardware. Beyond the FCC news, the discussion covers a wide range of industry developments, including LinkedIn’s massive JavaScript footprint, Microsoft’s aggressive push for Windows 11 updates, and a significant Cisco supply-chain vulnerability. Listeners will also get updates on Proton’s new privacy-focused video conferencing tool, GitHub’s security improvements for Actions, and Cloudflare’s efforts to bolster WordPress security using artificial intelligence. This episode provides a comprehensive briefing for anyone looking to stay informed on the latest threats, software updates, and regulatory changes impacting the digital security landscape.
SN 1072: LiteLLM - Click Fix Attacks Surge
In this episode of Security Now, Steve Gibson and Leo Laporte dive into a critical supply chain vulnerability involving LiteLLM, where a near-catastrophic malware injection was narrowly avoided thanks to the quick actions of a vigilant developer. The hosts analyze the mechanics of this averted disaster and provide a broader look at the surge in dangerous ClickFix attack campaigns. Beyond these technical threats, the discussion covers shifting international security landscapes, including Russia’s adoption of domestic 5G encryption and the discovery of Russian-planted surveillance equipment in Ukraine. The episode also explores the implications of new age-verification requirements, Google’s updated timeline for quantum computing milestones, and the rising prevalence of AI-driven bot activity on social platforms. Listeners can expect a comprehensive breakdown of these security trends and the latest developments shaping the current digital threat landscape.
SN 1071: Bucketsquatting - Meta and TikTok's Tracking Pixels
In this episode of Security Now, hosts Steve Gibson and Mikah Sargent delve into a range of critical cybersecurity concerns, starting with the dangerous implications of bucketsquatting and the extensive tracking capabilities hidden within Meta and TikTok pixels. The conversation addresses significant oversights in mission-critical software, including alarming practices found in H&R Block’s tax tools and a high-profile cyberattack involving Intoxalock breathalyzers. Listeners will also get updates on major vulnerabilities, such as critical CVSS 10.0 flaws identified in Cisco and Ubiquiti systems. Beyond these technical exploits, the hosts explore the latest developments in privacy, including Firefox’s new free VPN, the state of messaging apps in Russia, and essential security advice for protecting crypto-wallets. This episode provides a comprehensive analysis of modern digital threats and actionable insights for maintaining online safety in an increasingly complex landscape.
SN 1070: CISA's Free Internet Scanning - Malware Disguised as a VPN
In this episode of Security Now, hosts Steve Gibson and Leo Laporte dive into the shifting landscape of digital privacy and emerging cybersecurity threats. The discussion highlights growing concerns as major tech platforms like Meta and TikTok backtrack on encryption promises, challenging user trust. Steve Gibson shares his firsthand experience with CISA’s free government security scans, offering a practical look at why these resources are essential for modern businesses. The episode also explores the rise of malicious software disguised as legitimate VPNs, the risks of downloading unverified AI tools, and clever new methods for bypassing antivirus scanners. Beyond these threats, the hosts examine the complexities of ransomware negotiations and the increasing prevalence of consumer bandwidth proxying. Listeners will gain valuable insights into protecting their digital environments, staying ahead of sophisticated social media shifts, and navigating the current state of online security.
SN 1069: You can't hide from LLMs - Was Your Smart TV a Stealth Proxy?
In this episode of Security Now, hosts Steve Gibson and Leo Laporte dive into the unsettling reality that Large Language Models are making internet anonymity a thing of the past. By leveraging advanced data processing, these models can de-anonymize users with alarming ease, fundamentally changing how we perceive online privacy. Beyond this, the discussion covers significant industry updates, including Firefox security improvements, the rollout of cross-platform RCS encryption by Apple and Google, and a critical look at the risks of web proxies in home networks. The hosts also examine security vulnerabilities in OpenClaw, the implications of NATO clearing Apple devices for secure use, and updates regarding Ubuntu’s SUDO interface. Listeners can expect a deep, technical breakdown of these developments and a thoughtful exploration of how evolving technology continues to redefine the boundaries of digital security and surveillance.
SN 1068: The Call Is Coming From Inside the House - Live From Zero Trust World 2026
In this special live episode of Security Now, Steve Gibson and Leo Laporte broadcast from Zero Trust World 2026 in Orlando to address a critical shift in the cybersecurity landscape. While the industry has become adept at securing external perimeters, the hosts argue that the true vulnerability now lies within our own networks. They explore how decades of permissive system design have left organizations exposed to threats from the inside, whether those breaches are accidental, intentional, or the result of compromised credentials. Throughout the discussion, the hosts emphasize that the next frontier of defense requires a fundamental move toward zero trust architecture. Listeners can expect an insightful breakdown of why the principle of least privilege is no longer optional and how modern security strategies must evolve to protect internal environments from those who have already bypassed the outer gates.
SN 1067: KongTuke's CrashFix - Click, Paste, Pwned
In this episode of Security Now, hosts Leo Laporte and Steve Gibson analyze a dangerous new wave of social engineering attacks that exploit Windows clipboards to execute malware. The discussion centers on the sophisticated ClickFix and CrashFix exploits, which are bypassing traditional security defenses and catching even seasoned professionals off guard. Beyond these critical vulnerabilities, the hosts cover a wide range of industry news, including a rare 10.0 CVSS rating for Cisco, the ongoing impact of AI-driven hacking campaigns, and recent regulatory clashes involving Apple and global data protection efforts. Listeners will also get insights into a new affordable hardware security module and a comprehensive report on 2025 vulnerability trends. Whether discussing state-sponsored digital censorship or evolving attacker tactics, the episode provides a deep dive into the technical realities and security threats facing users in an increasingly complex digital landscape.
Listen to Security Now (Audio) with Podtastic
Smart Skip for Security Now (Audio)
Smart Skip automatically skips past the interruptions listeners skip in Security Now (Audio) episodes, using aggregated listener data.
Smart Summaries for Security Now (Audio)
Podtastic generates evolving AI summaries for Security Now (Audio) and every episode. Know what's worth listening to before you press play.
Smart Topics in Security Now (Audio)
Podtastic highlights key topics in Security Now (Audio) episodes so you can jump straight to the sections that interest you most.
Skip Silence for Security Now (Audio)
Skip Silence auto-removes silences from Security Now (Audio) episodes — saving you 5–15 minutes per hour.
Enhance Voices for Security Now (Audio)
Enhance Voices in Security Now (Audio) episodes — voice-tuned EQ and compression that makes voices clearer and evens out loud and quiet podcasts.
Listen to Security Now (Audio) in Podtastic
For listeners, not advertisers
Related Podcasts
All podcast names and trademarks are the property of their respective owners. Podcasts listed on Podtastic are publicly available shows distributed via RSS. Podtastic does not endorse nor is endorsed by any podcast or podcast creator listed in this directory.