Paul's Security Weekly (Audio)

In the Security News:
Claude leaks source code and new models
Two really smart people say AI is finding vulnerabilities better than ever
Windows is using your internet to send updates to strangers
BIG-IP APM vulnerability - all you need to know
Linux KVM for the win
The bus factor and open source
Axios supply chain breach
Trimming Grub
Depotting and hacking e-Motorcycles
Trivy and Cisco source code leaks
The FCC ban and What is a router?
Visit https://www.securityweekly.com/psw for all the latest episodes!
Show Notes: https://securityweekly.com/psw-920

In this segment, we will explore some pretty awesome tools for scanning the Internet, with a focus on network edge devices. We'll bring it all together with Claude Code and look at some sample results. Tools include:
Shodan | Passive recon — query existing scan data for exposed devices, services, and vulns | Passive (API) | Instant (no packets sent)
ZMap | Host discovery — find live hosts with open ports | L4 (TCP SYN, UDP, ICMP) | Millions of packets/sec
ZGrab2 | Application-layer handshakes — grab banners, certs, headers | L7 (30+ protocol modules) | Thousands of hosts/sec
Nerva | Service fingerprinting — identify 140+ protocols with metadata, CPEs, technology stacks | L7 (TCP, UDP, SCTP) | Fast, concurrent
Nuclei | Template-based vulnerability scanning — default creds, exposed panels, known CVEs | L7 (HTTP, network) | Hundreds of targets/min
Shannon | Vulnerability exploitation — AI-powered whitebox pentesting of web apps | Application | ~1-1.5 hrs per target
edgescan.py | Automated pipeline — orchestrates all tools above into a single command | Orchestration | End-to-end
Visit https://www.securityweekly.com/psw for all the latest episodes!
Show Notes: https://securityweekly.com/psw-919

In this episode, we sit down with the Radare community leader, Pancake, the creator of the Radare2 reverse engineering framework. Whether you've never heard of Radare, already use it daily, or are thinking about contributing to its development, this conversation will demystify what makes Radare unique, why thousands of engineers rely on it, and how you can step into the community.
This segment is sponsored by NowSecure. Discover how AI-powered mobile app security testing finds hidden vulns and leaks at https://securityweekly.com/nowsecure.
In the security news:
The US national cyber strategy
in the category of dumb laws and 3d printing guns
Iranian threat analysis
ESP32 Bus Pirate gets some amazing updates
I can reset the admin password
Rick-rolling yourself
Chrome 0days
Re-purposing those old Ubiquiti cloud keys
The new TLS certificate lifecycle
A Flipper Zero add-on and news on the FlipperOne
glassword malware
Do you care about exploits or patching?
attacking nuclear research centers
how we uncovered 9 vulnerabilities in IP KVMs
and hacking your laundry card with Claude
Visit https://www.securityweekly.com/psw for all the latest episodes!
Show Notes: https://securityweekly.com/psw-918

In the security news this week:
The XZ backdoor documentary
Zero days - the clock isn't ticking
Vulnerability Mis-Management
Reversing traffic light controllers
Reversing with Claude
Don't curl to bash!
Reading CVEs makes my head hurt
Dumping browser secrets
I open-sourced a new(ish) tool
D-LINK exploits
There is no password
I control the building
When old vulnerabilities become new
Tile is for stalkers
Hacking AI
Iran War: What cybersecurity needs to know
National cyber strategy
Coruna
I got phished and I want a refund
Visit https://www.securityweekly.com/psw for all the latest episodes!
Show Notes: https://securityweekly.com/psw-917

In the security news this week:
Remembering "FX"
Finding and analyzing Windows drivers
Network monitoring with Gibson
the backdoor in your PAM
The edge is fraying - and attackers have the advantage
Age verification for Linux?
Banning AI
TPMS tracking
BLE tracking
weird strings
Airsnitch
RESURGE in and on Ivanti
Attackers using Claude
Government iPhone hacking kits
Cisco SD-WAN, Linux, and 2023
Leakbase leaks
and Bro, upgrade your solar panel!
Visit https://www.securityweekly.com/psw for all the latest episodes!
Show Notes: https://securityweekly.com/psw-916