Security Now (Audio)
TWiT
SN 1071: Bucketsquatting - Meta and TikTok's Tracking Pixels
In this episode of Security Now, hosts Steve Gibson and Mikah Sargent delve into a range of critical cybersecurity concerns, starting with the dangerous implications of bucketsquatting and the extensive tracking capabilities hidden within Meta and TikTok pixels. The conversation addresses significant oversights in mission-critical software, including alarming practices found in H&R Block’s tax tools and a high-profile cyberattack involving Intoxalock breathalyzers. Listeners will also get updates on major vulnerabilities, such as critical CVSS 10.0 flaws identified in Cisco and Ubiquiti systems. Beyond these technical exploits, the hosts explore the latest developments in privacy, including Firefox’s new free VPN, the state of messaging apps in Russia, and essential security advice for protecting crypto-wallets. This episode provides a comprehensive analysis of modern digital threats and actionable insights for maintaining online safety in an increasingly complex landscape.
Updated May 1, 2026
About This Episode
When convenience trumps caution, disaster waits in the wings. Join Steve Gibson and Mikah Sargent as they break down the jaw-dropping oversights lurking in mission-critical tax and cloud tools, and examine how a single unchecked decision can upend internet security for years.
- H&R Block's tax software does something SO WRONG.
- The Intoxalock breathalyzer calibration cyber attack.
- Firefox now offers a 100% free built-in VPN.
- TikTok and Meta's tracking pixels are so much more.
- Russians beg for the return of Telegram, WhatsApps and others.
- Never connect your crypto-wallet to an unknown service.
- What would a week be without a Cisco CVSS of 10.0.
- Ubiquiti patches a 10.0 critical flaw.
- Listener feedback and...
- What's "Bucketsquatting" and what can be done to prevent it
Show Notes - https://www.grc.com/sn/SN-1071-Notes.pdf
Hosts: Steve Gibson and Mikah Sargent
Download or subscribe to Security Now at https://twit.tv/shows/security-now.
You can submit a question to Security Now at the GRC Feedback Page.
For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.
Join Club TWiT for Ad-Free Podcasts!
Support what you love and get ad-free audio and video feeds, a members-only Discord, and exclusive content. Join today: https://twit.tv/clubtwit
Sponsors:
Listen to Security Now (Audio) in Podtastic
For listeners, not advertisers
More Episodes
SN 1085: A SOTA State-Sponsored Campaign - AI's New Superpower: Loop Engineering
In episode 1085 of Security Now, host Steve Gibson explores the rapidly shifting landscape of cybersecurity, heavily influenced by the integration of artificial intelligence. A primary focus of the discussion is the emergence of loop engineering, where AI systems iterate and refine themselves to identify vulnerabilities with unprecedented speed. Gibson examines how this new capability is reshaping both offensive hacking techniques and defensive strategies, emphasizing that institutional inertia in IT departments must be overcome to keep pace with these automated threats. The episode also covers significant industry developments, including Microsoft’s decision to extend Extended Security Updates (ESU) for Windows 10 until 2027, despite ongoing efforts to transition users to Windows 11. Gibson provides detailed insights into critical vulnerabilities, such as those found in Ubiquiti’s UniFi OS and Cisco’s Unified Communications Manager, highlighting the growing necessity for automated patching to mitigate risks effectively. Furthermore, the discussion touches on the impracticality of traditional reboot-heavy update cycles and the potential for future systems to implement hot-patching. Additionally, the host shares a historical anecdote about the late Kevin Mitnick, illustrating the ongoing importance of learning from past security incidents.
SN 1084: The Residential Proxy Threat - Malicious Proxies in Your Living Room
In this episode of Security Now, Steve Gibson explores the escalating threat landscape driven by advancements in artificial intelligence and the proliferation of residential proxy networks. The episode highlights how cybercriminals are increasingly utilizing residential proxies to bypass geolocation-based IP filtering, effectively masking their origins by routing malicious traffic through the devices of unsuspecting users. A significant portion of the discussion is dedicated to the impact of AI on cybersecurity. Drawing from recent reporting, the host examines how AI models are fundamentally changing the speed and scale of cyberattacks, drastically shortening the time between the discovery of a vulnerability and its exploitation. The conversation touches on the irony of software companies relying on external security researchers to find flaws in their products, noting that the status quo of "slapdash" coding is becoming unsustainable. Beyond these core topics, the episode covers emergency updates for F5 and Nginx, ongoing vulnerabilities in Firefox, and a new segment on AI experimentation. The host also addresses the increasing weaponization of AI in social engineering, underscoring the necessity for robust defense strategies in an era where deepfake technology is becoming both more accessible and more deceptive.
SN 1083: Patch Tuesday à la AI - Arch Linux Repo Under Siege
In this episode of Security Now, Steve Gibson explores the emerging impact of AI on the cybersecurity landscape, specifically focusing on its role in the latest Patch Tuesday and the rise of automated vulnerability discovery. The discussion highlights how AI is fundamentally changing the velocity of patch management, moving it from a back-burner task to a critical operational requirement for organizations. A major focus of the episode is the significant supply chain attack discovered in the Arch Linux User Repository (AUR), where over 400 packages were found to contain sophisticated info-stealer malware. Steve provides a detailed technical breakdown of how this malware operates, utilizing NPM lifecycle hooks for execution and leveraging EBPF technology to act as a rootkit, effectively hiding its presence from system administrators. The malware is designed to harvest extensive developer-centric data, including browser cookies, session tokens, and credentials for platforms like GitHub, Slack, and Docker. Additionally, the hosts share personal experiences with AI agents acting as powerful diagnostic tools for complex technical issues, emphasizing the evolving, highly capable nature of modern large language models in troubleshooting and system maintenance.
SN 1082: The Malicious Use of AI - Anthropic's Red Team Report
In episode 1082 of Security Now, Steve Gibson explores the increasingly sophisticated and malicious use of AI in cyberattacks. The discussion centers on a comprehensive report from Anthropic’s red team, which spent the past year mapping how abusers exploit AI models using the MITRE ATT&CK framework. The hosts examine how AI is enabling faster, more automated, and bone-chillingly efficient malicious campaigns, emphasizing the urgency for organizations to adopt state-of-the-art security measures. Beyond AI, the episode covers a range of critical industry updates. Gibson analyzes why high-end law firms have become prime targets for ransomware, noting that even with a recent decline in paid ransoms, these firms remain vulnerable to extortion due to the sensitivity of their client data. The conversation also touches on recurring vulnerabilities in Cisco’s SD-WAN manager, the inherent dangers of using PHP’s eval function in web plugins, and the irresponsible disclosure of an HTTP/2 bomb that threatens to overwhelm web servers. Through these technical breakdowns and case studies, the podcast provides a sobering look at the current threat landscape, urging listeners to remain vigilant in an era where AI-driven attacks are rapidly becoming the new norm.
SN 1081: AI Captured the Flag - Personal AI: Productivity Superpower or Privacy Threat?
In episode 1081 of Security Now, Steve Gibson explores the shifting landscape of cybersecurity, focusing on how artificial intelligence is fundamentally altering the field. A primary topic is the potential decline of Capture the Flag (CTF) competitions. While these events have historically served as vital training grounds for researchers to discover vulnerabilities, the rise of AI-driven code analysis is beginning to automate the discovery process, effectively changing the nature of these competitive challenges. The hosts also discuss the ongoing risks posed by unpatched systems, highlighting recent attacks on Ubiquiti’s UniFi OS devices and a critical SQL injection vulnerability in Drupal. These incidents serve as a backdrop for a broader discussion on the necessity of automated updates. Gibson argues that in an era where every known vulnerability is rapidly exploited by malicious actors, waiting to patch is no longer a viable strategy for most users. Furthermore, the episode touches on the massive investment by tech giants into AI-driven security tools, suggesting a future where software might finally be provably secure, moving beyond the long-held and often frustrating industry standard that all software must inherently contain bugs.
SN 1080: Vulnerability Debt Repayment - Will Mythos Change Cybersecurity Forever?
In this episode of Security Now, Steve Gibson discusses the industry’s looming "vulnerability debt" and the transformative impact of AI on cybersecurity. The conversation centers on a recent report from Cisco regarding their experience with Anthropic’s new AI model, Mythos. This model has demonstrated an unprecedented ability to discover massive amounts of software vulnerabilities in days, a capability that threatens to overwhelm the traditional, human-centric Common Vulnerabilities and Exposures (CVE) system. The hosts explore the critical disconnect between the speed of AI-driven vulnerability discovery and the slow, manual processes of current patch management. Key insights include the necessity of moving toward autonomous patching infrastructures and replacing individual CVE tickets with "vulnerability class reports" to help security teams manage the anticipated flood of data. Additionally, the episode covers significant security news, including Microsoft’s mitigation for a BitLocker bypass, critical patches for Ubiquity routers, and the internal security breach at GitHub. Gibson also shares personal reflections on how AI has accelerated his own technical workflows, arguing that while the industry faces a painful transition, the integration of AI into defensive security pipelines is not just inevitable, but essential for survival.
SN 1079: Daybreak and Codename MDASH - Microsoft's Edge Password Blunder
In this episode of Security Now, Steve Gibson discusses a significant security update for the Microsoft Edge browser. Initially, Microsoft defended the practice of loading decrypted passwords into RAM at startup as intended behavior. However, following public disclosure and criticism regarding this unnecessary exposure, the company quickly pivoted, releasing an update to resolve the issue. The hosts explore the concept of defense-in-depth and the importance of separating sensitive authentication credentials, such as one-time passwords, from primary password managers to mitigate risk. The conversation extends to the broader landscape of modern security, including the ongoing debates surrounding BitLocker bypasses and the implications of local device compromises. The hosts also delve into the rapidly evolving world of artificial intelligence, sharing insights on the potential for AI-driven threats and the addictive nature of AI chatbots. Other topics include Google’s observations on the malicious use of AI, the growing discourse on AI consciousness, and the fascination with unconventional scientific topics like zero-point quantum vacuum energy. The episode emphasizes the necessity of maintaining robust security boundaries even as technology prioritizes user convenience.
SN 1078: DigiCert does it right - Hugging Face Under Fire
In episode 1078 of Security Now, Steve Gibson explores critical developments in digital infrastructure and cybersecurity. The episode begins with a discussion on the FCC’s recent policy shift, which extends firmware update permissions for existing consumer routers through 2029. While this provides a reprieve for many, Gibson critiques the lingering inconsistencies in the agency's regulatory approach. A major focus of the episode is the disclosure of a critical 21-year-old remote code execution vulnerability in FreeBSD, discovered via AI-assisted code analysis. Gibson highlights the severity of this flaw, which stems from a legacy DHCP client issue, and discusses the growing role of AI in uncovering long-dormant security threats. Additionally, the episode covers the recent Let’s Encrypt outage, using it as a case study for responsible incident disclosure and operational transparency. Gibson also examines the industry-standard response by DigiCert following their recent security breach, praising their methodical and communicative handling of the incident. Finally, the show touches upon the emerging concern of malicious AI model repositories, drawing parallels to previous threats seen in open-source software ecosystems. Through these topics, the episode reinforces the necessity of disciplined engineering and proactive security management in an increasingly complex digital landscape.
SN 1077: A Browser AI API? - End of Bug Bounties?
In episode 1077 of Security Now, host Steve Gibson explores the growing intersection of artificial intelligence and cybersecurity. A primary focus is Google’s decision to integrate a local AI model directly into the Chrome browser, a move that has sparked significant debate regarding security implications and industry standards. The episode also highlights a concerning trend where threat actors are leveraging AI to automate malicious activities, such as verifying stolen credit cards. Gibson discusses a specific case involving an unsecured server, pointing out that while AI is a powerful tool, it often produces flawed results when users fail to provide proper security parameters or authentication requirements. Furthermore, the hosts analyze a warning from the UK’s National Cyber Security Centre regarding a coming "patch wave." This forced correction is expected to address decades of technical debt exposed by AI-driven vulnerability research. Gibson notes that this shift might signal the end of traditional bug bounty programs as AI becomes capable of finding and exploiting vulnerabilities at unprecedented speeds. The episode concludes with a look at the evolving landscape of responsible disclosure and the critical need for proactive security management.
SN 1076: FAST16.SYS - Unmasking the NSA's Most Diabolical Digital Sabotage
In episode 1076 of Security Now, Steve Gibson uncovers a fascinating piece of digital history involving the discovery of Fast16.sys, a piece of sophisticated malware that predated Stuxnet by five years. The discussion explores the brilliance of this forgotten driver and how its accidental recovery highlights the advanced capabilities of intelligence agencies in the early 2000s. Beyond this deep dive, the hosts analyze a recent supply chain attack targeting the Bitwarden command line interface. While the incident briefly compromised a development package, Gibson clarifies that end-user vault data remained secure, emphasizing the increasing risks associated with automated GitHub actions. The episode also touches on reports regarding mysterious malfunctions in networking hardware at an Iranian nuclear site, the implications of Meta logging employee activity for AI training, and the logistical challenges nations face when attempting to disconnect from the global internet. Finally, Gibson provides a personal update on the major structural overhaul of his own e-commerce systems, reflecting on the evolution of software licensing and his commitment to specialized tools. The episode serves as both a historical retrospective and a warning about the modern complexities of supply chain security.
Related Podcasts
All podcast names and trademarks are the property of their respective owners. Podcasts listed on Podtastic are publicly available shows distributed via RSS. Podtastic does not endorse nor is endorsed by any podcast or podcast creator listed in this directory.