Podcasts about backdoors

Abdel is one of the most prolific developers in the Zero Knowledge space. Since our conversation in September, he was able to accomplish so much that he requested another interview to talk about it. So what happened with ZK STARKs that is so important? Time stamps: 00:01:04 Podcast Introduction & Sponsor Acknowledgments 00:02:15 Vlad's Rant on Bitcoin Media & Podcast Landscape 00:03:24 Bitcoin Takeover Podcast Mission & Seven-Year Anniversary 00:04:39 Transition to Abdel's Updates & ZK-STARKS 00:05:44 Abdel's Zcash & Bitcoin Proposals 00:07:00 Comparing Bitcoin and Zcash Community Reactions 00:08:36 Altcoins as Experimentation Grounds 00:11:23 Scaling, Rollups, and Drivechains 00:13:10 Abdel's Proposal for Native STARK Verification 00:17:19 Zcash's TDE and Layer 2 Possibilities 00:19:22 ZK-Rollups, Privacy, and Regulatory Pressures 00:21:02 Government Surveillance & KYC Concerns 00:24:26 Cultural Stigma Around Bitcoin Privacy 00:25:34 Zcash's SEC Presentation & Institutional Acceptance 00:28:58 Debate on Privacy, Transparency, and Backdoors 00:30:00 Bitcoin's Social Layer & Governance 00:32:47 Critique of Bitcoin Perfectionism & Altcoin Dismissal 00:35:49 Bitcoin's Mission: P2P Cash vs. Store of Value 00:36:49 Learning from Ethereum & Second-Layer Innovations 00:37:24 Sponsor Plugs & BTCfi Introduction 00:40:14 BTCfi: Bitcoin Staking & Yield Mechanisms 00:46:15 Bridging BTC to StarkNet & Atomic Swaps 00:48:36 BTCfi: KYC, Permissionless DeFi, and Institutional Offerings 00:50:59 DeFi Risks & Bitcoin Staking Security 00:51:40 ZK-STARK Verifiers on Bitcoin Cash 00:53:10 Bitcoin Cash, Zcash, and Social Layer Value 00:58:54 Bitcoin Cash's Technical Innovations & Community Dynamics 01:00:04 Quantum Resistance: Investor Fears & Satoshi's Coins 01:02:29 Quantum Threat Timeline & Migration Planning 01:10:25 Quantum-Resistant Signatures & Scalability Trade-offs 01:11:20 Hard Fork vs. Soft Fork for Quantum Resistance 01:13:08 Consensus, Confiscation Proposals, and Social Risks 01:17:56 Stagnation in Bitcoin Development & Altcoin Innovation 01:23:12 Ethereum's Role in Crypto Ecosystem 01:25:24 Zcash's Dual Incentives & Institutional Recognition 01:28:08 Zcash's Future: Innovation vs. Ossification 01:30:39 Sponsor Plugs: Noones & SideShift 01:33:42 Quantum Resistance Migration: Hard Fork Efficiency 01:37:11 Bitcoin's Future: Security, Consensus, and Upgrades 01:43:09 Bull Markets, Technological Breakthroughs, and Lightning 01:45:18 Lightning's Shift to B2B & Retail Challenges 01:47:02 Bitcoin Treasury Companies & Business Models 01:49:18 Seinfeld Analogy & Bitcoin's Societal Impact 01:52:11 Magic Wand: Abdel's One Change for Bitcoin 01:54:03 Legitimate Altcoins & Project Criteria 01:57:16 Monero, Kaspa, Litecoin, and Altcoin Usefulness 02:02:06 ZK-STARKs: Complementary or Standard? 02:06:21 ZK-STARKs for Fast Bitcoin Syncing 02:10:27 Call for Wallet Integration & User Experience 02:14:08 Bull Bitcoin Wallet & Open Source Security 02:22:02 Freedom Tech, Nostr, and ZK for Sovereignty 02:26:02 ZK-STARKs: Career Opportunities & Verification 02:28:41 Outro & Listener Easter Egg

Our final news roundup for 2025 is a holiday sampler of tasty, chewy (and a few yucky) confections. We look at a years-long exploit campaign that used browser extensions to steal credentials, inject malicious content, and track behavior; tracks ongoing exploits using the React2Shell vulnerability; and debates whether a surveillance camera maker’s pledge to follow... Read more »

Our final news roundup for 2025 is a holiday sampler of tasty, chewy (and a few yucky) confections. We look at a years-long exploit campaign that used browser extensions to steal credentials, inject malicious content, and track behavior; tracks ongoing exploits using the React2Shell vulnerability; and debates whether a surveillance camera maker’s pledge to follow... Read more »

This is the abstract and introduction of our new paper. Links:

The Running Man by Stephen KingAndy and Dani go for a jog. Just kidding, absolutely not. This week we tackle The Running Man and ask the hard questions: who actually liked this book, and why are you hiding? We unpack the what-was-the-point energy, the truly wild amount of racism, and Stephen King's deep, unsettling commitment to extremely detailed bodily harm. Seriously, we get it. The guts were out.

(Presented by ThreatLocker (https://threatlocker.com/threebuddyproblem): Allow what you need. Block everything else by default, including ransomware and rogue code.) Three Buddy Problem - Episode 75: We dig into a CVSS 10/10 unauthenticated RCE bug causing chaos across the internet and early signs that Chinese APTs are already launching exploits, the cascading patch chaos, and a long tail of malware intrusions to come. Plus, commentary on Chrome's telemetry collection, Microsoft and the "SFI success story," newest BRICKSTORM backdoor intrusions, the US national security strategy, Anthropic's AI popping smart-contract bugs, a secret FBI ransomware-hunting unit getting weird, and a pair of sad stories in the security community. Cast: Juan Andres Guerrero-Saade (https://twitter.com/juanandres_gs), Ryan Naraine (https://twitter.com/ryanaraine) and Costin Raiu (https://twitter.com/craiu).

DeepSeek's Security Backdoors — Jack Burnham — Burnham reports that the Chinese AI model DeepSeekgenerates code containing severe security vulnerabilities when queried regarding Chinese Communist Party-sensitive topics including Tibet, Xinjiang, and Taiwan, demonstrating that the model contains embedded political surveillance and control mechanisms. Burnham characterizes DeepSeek as possessing a "split personality": technical competence in general programming tasks combined with sophisticated political filtering and censorship capabilities. Burnhamrecommends urgent prohibition of such Chinese AI models from American critical infrastructure, government systems, and defense networks due to inherent security risks and embedded espionage capabilities. 1956

Referências do EpisódioWebinar Tendências em Cyber 2026New eBPF Filters for Symbiote and BPFdoor MalwareTechnical Analysis of Matanbuchus 3.0Hook for Gold: Inside GoldFactory's Сampaign That Turns Apps Into GoldminesValleyRAT Campaign Targets Job Seekers, Abuses Foxit PDF Reader for DLL Side-loadingMuddyWater: Snakes by the riverbankRoteiro e apresentação: Carlos CabralEdição de áudio: Paulo Arruzzo Narração de encerramento: Bianca Garcia

We pull on a few loose threads from recent episodes, and some of them unravel into way more than we expected.Sponsored By:Managed Nebula: Meet Managed Nebula from Defined Networking. A decentralized VPN built on the open-source Nebula platform that we love. 1Password Extended Access Management: 1Password Extended Access Management is a device trust solution for companies with Okta, and they ensure that if a device isn't trusted and secure, it can't log into your cloud apps. CrowdHealth: Discover a Better Way to Pay for Healthcare with Crowdfunded Memberships. Join CrowdHealth to get started today for $99 for your first three months using UNPLUGGED.Unraid: A powerful, easy operating system for servers and storage. Maximize your hardware with unmatched flexibility. Support LINUX UnpluggedLinks:

Joseph speaks to Michael Bobbitt, a former FBI official who worked directly on Operation Trojan Shield. In this operation the FBI secretly ran its own encrypted phone company for organized crime, backdoored the phone, and collected tens of millions of messages. Michael and Joseph discuss how Michael handled intelligence sourced from the phones, how to navigate an operation that complex, and its fallout. YouTube Version: https://youtu.be/bLeueG5V4QY Dark Wire: The Incredible True Story of the Largest Sting Operation Ever Podcast: Signal's President Meredith Whittaker on Backdoors and AI Subscribe at 404media.co for bonus content. Learn more about your ad choices. Visit megaphone.fm/adchoices

In the electric chaos of DEF CON—where dial tones, solder smoke, and hacker legends collide—one figure stands out: John Aff, aka PANDA.A veteran in the hacker community, he moves effortlessly between challenge design, telephony wizardry, mesh networking experiments, and the culture that surrounds it all.Behind the reputation is a journey that started with game hacking, shifted into enterprise security, and evolved into a life built around creativity, community, and technical obsession. It's also a story of identity—of finding a place where personal expression and professional skill finally intersected.This conversation pulls back the curtain on a mind shaped by curiosity, lived experience, and a deep love for the craft.CHAPTERS00:00 - Introduction to Barcode Podcast00:24 - Meet Panda: Cybersecurity Icon01:47 - Panda's Journey into Cybersecurity10:12 - Creating Interactive Challenges for Conferences22:11 - Badge Building: The Art and Science28:00 - Lessons from Offensive Security for Defenders30:11 - Winning the TeleChallenge: A Team Effort35:10 - Nostalgia in Gaming: The Phone Verse Experience37:30 - Understanding LoRa and Mesh Networking43:20 - Real-World Applications of MeshTastic Technology49:14 - The Intersection of Furry Culture and Cybersecurity56:54 - Community Building and Future Aspirations in TechLINKSTeleFreak – https://telefreak.org Home of the legendary TeleChallenge and a cornerstone of phreaking culture at DEF CON.DEF CON – https://defcon.org The world's largest hacker conference and the backdrop for many of Panda's stories, competitions, and breakthroughs.RedSeer Security – https://redseersecurity.com The security practice Panda supports on the defensive and strategic side.Assura, Inc. – https://assurainc.com Where Panda leads offensive security operations and continuous testing programs.MeshTastic – https://meshtastic.org Open-source long-range mesh communication project central to Panda's community work.Comms For All – https://commsforall.com Panda's initiative focused on mesh networking, LoRa radios, and community education.B-Sides Jax – https://bsidesjax.org Conference where Panda built the interactive phone-based badge challenge.HackSpaceCon – https://hackspacecon.com The first conference where you and Panda crossed paths; a major Florida hacker gathering.JLCPCB – https://jlcpcb.com PCB manufacturing service used for producing custom badge hardware.EasyEDA – https://easyeda.com Design tool Panda uses to create the multilayer art and circuitry for badges.Vectorizer.AI – https://vectorizer.ai The AI-powered tool Panda relies on to convert artwork into vector format for PCB badge design.KiCad – https://kicad.org Open-source PCB design suite used for laying out circuits and prototyping badge hardware.Adtran – https://www.adtran.com Telecom hardware vendor whose legacy gateways were used in the BSides Jax phone challenge.QueerCon – https://www.queercon.org Long-running LGBTQ+ hacker community at DEF CON that collaborated with Panda on early badge projects.National Cyber Games (NCA Cyber Games) – https://nationalcybergames.org Competition platform where Panda designed MeshTastic-based CTF challenges.UNF Osprey Security – https://www.unf.edu University of North Florida's student security group that runs CTFs and collaborated locally with Panda.HackRedCon – https://hackredcon.com Security conference where Panda volunteers and participates in community events.Jax2600 – https://2600.com Local chapter of the classic 2600 hacker community, part of Panda's long-term involvement in grassroots infosec groups.Backdoors & Breaches – https://blackhillsinfosec.com/projects/backdoors-breaches Incident response card game Panda used for blue team development and tabletop exercises.

TUESDAY HR 5 The K.O.D. - His Highness is house shopping. Asks what are the rules of living in the cul-de-sac? It's never okay for the boss to sleep with emplyee's. Now a days? Charlie Sheen sets the record straight. Ryan shares insight on relationships. Monster Messages & Hot Takes

TUESDAY HR 5 The K.O.D. - His Highness is house shopping. Asks what are the rules of living in the cul-de-sac? It's never okay for the boss to sleep with emplyee's. Now a days? Charlie Sheen sets the record straight. Ryan shares insight on relationships. Monster Messages & Hot Takes See omnystudio.com/listener for privacy information.

Disclaimer: I am not a financial or tax advisor. This is not financial or tax advice. This is for entertainment purposes only. Enjoy!!

*Threat Hunting Management Workshop: The Business Value of Threat Hunting October 29, 2025 | 12:00 - 12:30 PM ET Sign Up: https://www.intel471.com/resources/webinars/threat-hunting-management-workshop-the-business-value-of-threat-hunting ---------- Top Headlines: Cisco Talos | Velociraptor Leveraged in Ransomware Attacks: https://blog.talosintelligence.com/velociraptor-leveraged-in-ransomware-attacks/ GBHackers Security | Hackers Use Court-Themed Phishing to Deliver Info-Stealer Malware: https://gbhackers.com/info-stealer-malware/?web_view=true FortiGuard Labs | New Stealit Campaign Abuses Node.js Single Executable Application: https://www.fortinet.com/blog/threat-research/stealit-campaign-abuses-nodejs-single-executable-application eSecurity Planet | AI Chatbots Used as Backdoors in New Cyberattacks: https://www.esecurityplanet.com/news/ai-exploited-prompt-injection/?&web_view=true ---------- Stay in Touch! Twitter: https://twitter.com/Intel471Inc LinkedIn: https://www.linkedin.com/company/intel-471/ YouTube: https://www.youtube.com/channel/UCIL4ElcM6oLd3n36hM4_wkg Discord: https://discord.gg/DR4mcW4zBr Facebook: https://www.facebook.com/Intel471Inc/

Top Headlines: LastPass Labs | Large-Scale Attack Targeting Macs via GitHub Pages Impersonating Companies to Attempt to Deliver Stealer Malware: https://blog.lastpass.com/posts/attack-targeting-macs-via-github-pages Cisco Talos Blog | How RainyDay, Turian and a new PlugX variant abuse DLL search order hijacking: https://blog.talosintelligence.com/how-rainyday-turian-and-a-new-plugx-variant-abuse-dll-search-order-hijacking/?&web_view=true SentinelOne | Prompts as Code & Embedded Keys | The Hunt for LLM-Enabled Malware: https://www.sentinelone.com/labs/prompts-as-code-embedded-keys-the-hunt-for-llm-enabled-malware/ Trend MicroTrend Micro | AI-Powered App Exposes User Data, Creates Risk of Supply Chain Attacks: https://www.trendmicro.com/en_us/research/25/i/ai-powered-app-exposes-user-data.html?&web_view=true ---------- Stay in Touch! Twitter: https://twitter.com/Intel471Inc LinkedIn: https://www.linkedin.com/company/intel-471/ YouTube: https://www.youtube.com/channel/UCIL4ElcM6oLd3n36hM4_wkg Discord: https://discord.gg/DR4mcW4zBr Facebook: https://www.facebook.com/Intel471Inc/

Referências do EpisódioCISA Adds Two Known Exploited Vulnerabilities to CatalogCISA Flags TP-Link Router Flaws CVE-2023-50224 and CVE-2025-9377 as Actively ExploitedTechnical News and Reports about Quad 7 (7777) Botnet aka CovertNetwork-1658GhostRedirector poisons Windows servers: Backdoors with a side of PotatoesContagious Interview | North Korean Threat Actors Reveal Plans and Ops by Abusing Cyber Intel PlatformsVídeo que fiz sobre ClickFixViewState Deserialization Zero-Day Vulnerability in Sitecore Products (CVE-2025-53690)25,000 IPs Scanned Cisco ASA Devices — New Vulnerability Potentially IncomingRoteiro e apresentação: Carlos CabralEdição de áudio: Paulo ArruzzoNarração de encerramento: Bianca Garcia

Salt Typhoon marks China's most ambitious campaign yet. A major Google outage hit Southeastern Europe.  A critical zero-day flaw in FreePBX gets patched. Scattered Lapsus$ Hunters claim the Jaguar Land Rover hack. Researchers uncover a major evolution in the XWorm backdoor campaign. GhostRedirector is a new China-aligned threat actor. CISA adds a pair of TP-Link router flaws to its Known Exploited Vulnerabilities (KEV) catalog. The feds put a $10 million bounty on three Russian FSB officers. Experts warn sweeping cuts to ODNI could cripple U.S. cyber defense. Our guest is Rick Kaun, Global Director of Cybersecurity Services at Rockwell Automation, discussing IT/OT convergence in securing critical water and wastewater systems. Google says rumors of Gmail's breach are greatly exaggerated. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.CyberWire Guest Today our guest is Rick Kaun, Global Director of Cybersecurity Services at Rockwell Automation, who is talking about "IT/OT Convergence for Critical Water & Wastewater Security." Selected Reading ‘Unrestrained' Chinese Cyberattackers May Have Stolen Data From Almost Every American (The New York Times) Google Down in Eastern Europe (UPDATED) (Novinite Sofia News Agency) Sangoma Patches Critical Zero-Day Exploited to Hack FreePBX Servers (SecurityWeek) M&S hackers claim to be behind Jaguar Land Rover cyber attack (BBC) XWorm's Evolving Infection Chain: From Predictable to Deceptive (Trellix) GhostRedirector poisons Windows servers: Backdoors with a side of Potatoes (welivesecurity by ESET) CISA Flags TP-Link Router Flaws CVE-2023-50224 and CVE-2025-9377 as Actively Exploited (The Cyber Security News)  US offers $10 million bounty for info on Russian FSB hackers (Bleeping Computer) Cutting Cyber Intelligence Undermines National Security (FDD) No, Google did not warn 2.5 billion Gmail users to reset passwords (Bleeping Computer) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

In this episode, Ryan Williams Sr. and Shannon Tynes discuss the latest cybersecurity news, including a ransomware attack in Nevada and the federal response to improve cybersecurity funding. They dive into the implications of AI in cybersecurity, the Salt Typhoon hack as a national defense crisis, and personal reflections on gaming, particularly the Madden franchise. The conversation highlights the challenges and opportunities in the cybersecurity landscape, emphasizing the need for international standards and proactive measures. Articles: Federal, state officials investigating ransomware attack targeting Nevada https://www.cybersecuritydive.com/news/federal-state-investigating-ransomware-nevada/758863/?fbclid=IwZXh0bgNhZW0CMTAAYnJpZBExamluU2h2WDFUcjdHQTFjVgEeCjaDx2kSMvwp90SaocW9G3SYU7EpIc7x5oNQmq7O-L9XwgzHnSw9ipqPGXg_aem_x6hVfkHI7y2Vc01A3LCbMw Can Your Security Stack See ChatGPT? Why Network Visibility Matters https://thehackernews.com/2025/08/can-your-security-stack-see-chatgpt-why.html U.S. And Allies Declare Salt Typhoon Hack A National Defense Crisis https://www.forbes.com/sites/emilsayegh/2025/08/30/us-and-allies-declare-salt-typhoon-hack-a-national-defense-crisis/?fbclid=IwZXh0bgNhZW0CMTAAYnJpZBExamluU2h2WDFUcjdHQTFjVgEeQ1F7W3L6A9XwbQBJ_7ynNSlrQAaUAwp5dgydOMHdSl0VTZOv9-jeenaWf80_aem_4j4G6wyTFBhZYVmquGcvUg Please LISTEN

⏰ TIMECODES BELOW ⏰ Luke and Nessa spoke to Donnchadh O'Mahony, a guidance counsellor and CAO expert, to answer the most burning students have at this time of year. From how to prepare for results day (do you know how to log into the self service portal?) to how the CAO rounds of offers work, this podcast has you covered. For more tips on the CAO and career guidance, check out Donnchadh aka Leaving Cert Guidance on Instagram and TikTok. TIMECODES: LC Results: 01:36 - Tips for nerves ahead of Leaving Cert Results 02:36 - How to prepare for Leaving Cert Results 05:03 - What to know about the appeals and scripts process CAO Offers: 09:34 - The most common question Donnchadh gets on CAO Offers Day 10:27 -  "I got the points, why haven't I got an offer" 10:58 - "Will I get another offer?" 11:22 - "Should I accept the first offer I get?" (How the CAO rounds of offers work) 14:13 - Getting an offer in the 2nd round after accepting your 1st 15:00 - "I'm going to be offered my 3rd choice, but I'd prefer my 4th" 15:59 - What are 'Available Places'? 18:44 - "Can I accept my course if I want to defer it for a year?" 20:15 - Advice for students who are disappointed with their first offer 21:26 - Backdoors into courses: PLCs, Apprenticeships, Tertiary Degrees and "Clearing" 26:50 - Interesting new courses you should know about 29:55 - Different paths to get to where you want to be 34:29 - Dealing with disappointment on Results Day ------ Got an idea you'd like us to cover on the podcast? Drop us a line at info@studyclix.ie, or reach out to us on social media. Our DMs are always open

The digital landscape is evolving at breakneck speed, and with it comes a host of unexpected consequences that blur the lines between helpful innovation and concerning overreach. In this eye-opening episode, we examine how AI is creeping into spaces where human judgment and empathy might better serve us.A troubling new wave of voice phishing attacks has emerged, with cybercriminals using AI to perfectly mimic human voices in real-time conversations. Even tech giant Google fell victim to this sophisticated approach when the notorious Shiny Hunters group breached their Salesforce CRM instance. The days of obvious phishing emails are behind us – now your boss's voice on the phone might actually be an AI impersonation designed to extract sensitive information.Our special guest Nick Espinoza joins us to unpack the fascinating world of AI competitions, revealing how OpenAI's model recently outperformed Elon Musk's Grok in a chess tournament. But the conversation takes a more serious turn when we discuss government pushes for backdoor access to AI chips – ostensibly for security, but creating vulnerabilities that could be exploited. Most alarming is the FDA's implementation of AI in drug approval processes, with former employees reporting the system hallucinating non-existent studies and misrepresenting research.The human cost of AI overreach becomes clear when we explore the growing trend of using chatbots for psychological support. As one journalist discovered when using ChatGPT for couples counseling, these systems lack the empathy and insight necessary for therapeutic work, exhibiting "sycophancy" by agreeing with users rather than providing objective guidance. On a lighter note, we tackle Nintendo's official announcement that Mario has been friend-zoned by Princess Peach after four decades of rescue missions, and share the tale of a man who successfully sued Google after Street View captured him naked in his private backyard despite having a tall privacy wall.Pour yourself a glass and join us as we taste Still Austin Straight Rye whiskey while navigating the complex intersection of technology, privacy, and human connection in our rapidly evolving digital world.Support the show

video: https://youtu.be/xbAxLonf9iQ Comment on the TWIL Forum (https://thisweekinlinux.com/forum) This week in Linux, there's some big distro news because we got a brand new version of Debian, probably, and openSUSE Leap 16 just hit release candidate status. We've also got some cool news from Nvidia including their stance against adding backdoors to their hardware. Plus, we've got new app releases from the Mastodon client Tuba and the awesome screenshot tool Flameshot. All of this and more on This Week in Linux, the weekly news show that keeps you up to date with what's going on in the Linux and Open Source world. Now let's jump right into Your Source for Linux GNews! Download as MP3 (https://aphid.fireside.fm/d/1437767933/2389be04-5c79-485e-b1ca-3a5b2cebb006/c097383d-e87d-43d4-92f5-31d64b7afb00.mp3) Support the Show Become a Patron = tuxdigital.com/membership (https://tuxdigital.com/membership) Store = tuxdigital.com/store (https://tuxdigital.com/store) Chapters: 00:00 Intro 01:06 Debian 13 Trixie Released (maybe) 04:12 NVIDIA says NO! to Backdoors and Kill Switches 07:49 OpenSUSE Leap 16.0 reaches RC status 10:32 Sandfly Security, agentless Linux security [ad] 12:57 Automotive Industry wants Open Source Collaboration 15:38 Flameshot 13 released 18:43 Tuba v0.10.0 released 20:46 Humble Bundles 22:37 Outro Links: Debian 13 Trixie Released (maybe) https://www.debian.org (https://www.debian.org) https://www.debian.org/releases/trixie/release-notes.en.pdf (https://www.debian.org/releases/trixie/release-notes.en.pdf) https://www.phoronix.com/review/debian-13-benchmarks (https://www.phoronix.com/review/debian-13-benchmarks) NVIDIA says NO! to Backdoors and Kill Switches https://blogs.nvidia.com/blog/no-backdoors-no-kill-switches-no-spyware/ (https://blogs.nvidia.com/blog/no-backdoors-no-kill-switches-no-spyware/) https://docs.nvidia.com/cuda/cuda-toolkit-release-notes/index.html (https://docs.nvidia.com/cuda/cuda-toolkit-release-notes/index.html) https://www.gamingonlinux.com/2025/08/nvidia-are-working-on-a-general-optimization-for-vkd3d-directx12-games-on-linux/ (https://www.gamingonlinux.com/2025/08/nvidia-are-working-on-a-general-optimization-for-vkd3d-directx12-games-on-linux/) OpenSUSE Leap 16.0 reaches RC status https://news.opensuse.org/2025/08/04/leap-16-rc/ (https://news.opensuse.org/2025/08/04/leap-16-rc/) https://www.gamingonlinux.com/2025/08/opensuse-leap-16-0-will-need-steam-gamers-to-install-some-extras-due-to-no-32-bit/ (https://www.gamingonlinux.com/2025/08/opensuse-leap-16-0-will-need-steam-gamers-to-install-some-extras-due-to-no-32-bit/) https://www.theregister.com/2025/08/07/opensuseleap16reachesrc/ (https://www.theregister.com/2025/08/07/opensuse_leap_16_reaches_rc/) Sandfly Security, agentless Linux security [ad] https://thisweekinlinux.com/sandfly (https://thisweekinlinux.com/sandfly) Automotive Industry wants Open Source Collaboration https://www.electrive.com/2025/06/25/automotive-industry-launches-alliance-for-software-development/ (https://www.electrive.com/2025/06/25/automotive-industry-launches-alliance-for-software-development/) https://www.sovereign.tech/tech (https://www.sovereign.tech/tech) https://www.opendesk.eu/en (https://www.opendesk.eu/en) https://opencode.de/en (https://opencode.de/en) https://news.ycombinator.com/item?id=44370494 (https://news.ycombinator.com/item?id=44370494) https://www.vda.de/en/press/press-releases/2025/250624PMAutomotiveindustrysignsMemorandumof_Understanding (https://www.vda.de/en/press/press-releases/2025/250624_PM_Automotive_industry_signs_Memorandum_of_Understanding) Flameshot 13 released https://flameshot.org/ (https://flameshot.org/) https://github.com/flameshot-org/flameshot/releases/tag/v13.0.0 (https://github.com/flameshot-org/flameshot/releases/tag/v13.0.0) https://www.omgubuntu.co.uk/2025/08/flameshot-13 (https://www.omgubuntu.co.uk/2025/08/flameshot-13) Tuba v0.10.0 released https://tuba.geopjr.dev/ (https://tuba.geopjr.dev/) https://www.omgubuntu.co.uk/2025/08/tuba-0-10-mastodon-client-linux-new-features (https://www.omgubuntu.co.uk/2025/08/tuba-0-10-mastodon-client-linux-new-features) Humble Bundles WB Games = https://humblebundleinc.sjv.io/09K6DE (https://humblebundleinc.sjv.io/09K6DE) Co-Op = https://humblebundleinc.sjv.io/3J0K3k (https://humblebundleinc.sjv.io/3J0K3k) Other Bundles = https://humblebundleinc.sjv.io/4Gn7Yr (https://humblebundleinc.sjv.io/4Gn7Yr)

Hackers hijacked Google's Gemini AI with a poisoned calendar invite to take over a smart home Nvidia rejects US demand for backdoors in AI chips Google says hackers stole its customers' data by breaching its Salesforce database Huge thanks to our sponsor, ThreatLocker ThreatLocker® is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit ThreatLocker.com/CISO.

A daily Chronicle of AI Innovations in August 06th 2025Hello AI Unraveled Listeners,In today's AI Daily News,

Governments are pushing hard for AI chip backdoors by Nick Espinosa, Chief Security Fanatic

Chris and Hector break down a wild crypto kidnapping, supply chain sabotage in U.S. infrastructure, and the growing cyber risks of imported tech. Plus, shoutouts and real talk from the front lines of cybersecurity. Join our new Patreon! ⁠⁠⁠⁠⁠https://www.patreon.com/c/hackerandthefed⁠⁠⁠⁠⁠ Send HATF your questions at ⁠⁠⁠⁠⁠questions@hackerandthefed.com

A digital rights group blasted the Florida bill, but lawmakers voted to advanced the draft law. Learn more about your ad choices. Visit podcastchoices.com/adchoices

EU Wants Encryption Backdoors For Everything! by Nick Espinosa, Chief Security Fanatic

Forecast = Cloudy with a chance of cyber meatballs. ‍ We're not fooling around in this episode of Storm⚡️Watch! The show kicks off with some positive news about the Journal Times returning to full operations following a cyberattack. This is followed by important information for VMware users regarding Broadcom's significant licensing changes effective April 10, including an increase in minimum core requirements from 16 to 72 cores per command line and a new 20% penalty for late subscription renewals that will be applied retroactively. The crew then reviews results from their recent poll asking listeners which feature of encrypted messaging apps concerns them most, with options including data storage, unencrypted backups, metadata, and accidental adds. In our first segment, we discuss security concerns with the Unitree Go1 consumer-grade robot dog, specifically focusing on the recently disclosed Zhexi Oray Tunnel backdoor that has raised alarm in the security community. Next up, the team explores FamousSparrow and their SparrowDoor malware, examining the techniques and implications of this threat actor's operations. In light of recent event, the hosts provide comprehensive guidance on secure messaging practices, drawing from recent Washington Post and Wired articles. They emphasize that secure communication depends not just on the app but also on how you use it. Key recommendations include choosing contacts wisely, securing your devices by using personal rather than work equipment, setting messages to automatically delete, and selecting the right messaging apps with Signal being the top recommendation for its verifiable end-to-end encryption. They also warn about potential vulnerabilities in cross-platform messaging and advise caution with apps like Telegram. We quickly review Europol's 2025 report on the evolving landscape of organized crime, which now heavily intersects with cybercrime. Traditional criminal networks have transformed into technology-driven enterprises using AI, blockchain, and cryptocurrency to enhance their operations. The internet has become the primary theater for organized crime with data as the new currency of power. The report identifies seven key threat areas and calls for improved global financial security measures, noting that criminal asset confiscation remains stagnant at around 2%. Finally, we conclude with updates from our benevolent overlords, including Censys' reports on JunOS vulnerabilities and Kubernetes issues, VulnCheck's partnership with Filigran, runZero's approach to exposure management, and GreyNoise's observations on DrayTek router activity and Palo Alto Networks scanner activity that may indicate upcoming threats. Storm Watch Homepage >> Learn more about GreyNoise >>  

Three Buddy Problem - Episode 38: On the show this week, we look at a hefty batch of Microsoft zero-days exploited in the wild, iOS 18.3.2 fixing an exploited WebKit bug, a mysterious Unpatched.ai being credited with Microsoft Access RCE flaws, and OpenAI lobbying for the US to ban China's DeepSeek. Plus, discussion on a Binarly technical paper with new approach to finding UEFI bootkits, Mandiant flagging custom backdoors on Juniper routers, and MEV 'sandwich attacks' front-running cryptocurrency transactions. Cast: Juan Andres Guerrero-Saade (https://twitter.com/juanandres_gs), Costin Raiu (https://twitter.com/craiu) and Ryan Naraine (https://twitter.com/ryanaraine).

Microsoft Patch Tuesday Microsoft Patched six already exploited vulnerabilities today. In addition, the patches included a critical patch for Microsoft's DNS server and about 50 additional patches. https://isc.sans.edu/diary/Microsoft%20Patch%20Tuesday%3A%20March%202025/31756 Apple Updates iOS/macOS Apple released an update to address a single, already exploited, vulnerability in WebKit. This vulnerability affects iOS, macOS and VisionOS. https://support.apple.com/en-us/100100 Expressif Response to ESP32 Debug Commands Expressif released a statement commenting on the recent release of a paper alledging "Backdoors" in ESP32 chipsets. According to Expressif, these commands are debug commands and not reachable directly via Bluetooth. https://www.espressif.com/en/news/Response_ESP32_Bluetooth

Skype hangs up for good, over a million cheap Android devices may be backdoored, parallels between jailbreak research and XSS, impersonating AirTags, network reconnaissance via a memory disclosure vuln in the GFW, and more! Show Notes: https://securityweekly.com/asw-321

❤️ Visite nossa campanha de financiamento coletivo e nos apoie!

In this episode, Kevin and Tom discuss current events including the latest developments with DOGE and the significant changes happening at the Cybersecurity and Infrastructure Security Agency (CISA). They also touch on Apple's decision to refuse creating backdoors for encryption, setting a new precedent in digital security. Tune in for an insightful discussion on the […] The post Cybersecurity Impact of DOGE, Apple's Stand Against Encryption Backdoors appeared first on Shared Security Podcast.

US employee screening firm confirms breach Swedish law enforcement seeking messaging app backdoors Dems warn of exposed entry points on government systems Huge thanks to our sponsor, Conveyor Ever wish you had a teammate that could handle the most annoying parts of customer security reviews? You know, chasing down SMEs for answers, updating systems, coordinating across teams—all the grunt work nobody wants to do.  Plus, having to finish the dang questionnaire itself.  Well. That teammate exists—Conveyor just launched Sue, the first AI Agent for Customer Trust. Sue really is the dream teammate. She never misses a deadline, answers every customer request from sales, completes every questionnaire and knocks out all the coordination in-between.  Sue, Conveyor's AI agent, handles it all so you don't have to. Learn more at www.conveyor.com.

Podcast: PrOTect It All (LS 25 · TOP 10% what is this?)Episode: Encryption Dilemmas: When Government Access May Threaten Individual SecurityPub date: 2025-02-24Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationIn this episode of Protect It All, host Aaron Crow gets into pressing cybersecurity issues currently making headlines. Listeners are invited to explore the complex challenges governments face to ensure accountability without compromising security.  Aaron examines the implications of global policies that could force tech companies to undermine encryption. Steering clear of political discourse, he focuses on real cybersecurity risks, from untracked government spending to potential backdoors in personal devices and broader national security concerns.  Aaron provides critical insights into how these issues impact businesses, private citizens, and infrastructure, raising questions about privacy and data protection in today's digital age.  Whether you're a cybersecurity expert, a business leader, or someone who values privacy, this episode offers valuable perspectives and strategies to navigate the intricate IT and OT cybersecurity landscape. Join Aaron as he tackles these pressing topics and discusses how to maintain transparency and security for everyone. Key Moments 00:00 Demanding Oversight for Sensitive Expenditures 05:42 Fragmented Infrastructure and Cybersecurity Challenges 09:19 Suing for Backdoors in Secure Communication 11:35 Phone Security and Privacy Concerns 13:40 Cybersecurity Risks of Government Backdoors 16:54 Encryption Backdoors: Security vs. Privacy? Connect With Aaron Crow: Website: www.corvosec.com  LinkedIn: https://www.linkedin.com/in/aaronccrow   Learn more about PrOTect IT All: Email: info@protectitall.co  Website: https://protectitall.co/  X: https://twitter.com/protectitall  YouTube: https://www.youtube.com/@PrOTectITAll  FaceBook:  https://facebook.com/protectitallpodcast    To be a guest or suggest a guest/episode, please email us at info@protectitall.co Please leave us a review on Apple/Spotify Podcasts: Apple   - https://podcasts.apple.com/us/podcast/protect-it-all/id1727211124 Spotify - https://open.spotify.com/show/1Vvi0euj3rE8xObK0yvYi4The podcast and artwork embedded on this page are from Aaron Crow, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

Applying forgivable vs. unforgivable criteria to reDoS vulns, what backdoors in LLMs mean for trust in building software, considering some secure AI architectures to minimize prompt injection impact, developer reactions to Rust, and more! Show Notes: https://securityweekly.com/asw-319

In this week's round-up of the latest news in online speech, content moderation and internet regulation, Mike and Ben are joined by a group of students from the Media Law and Policy class at the American University School of Communication. Together they cover:U.K. orders Apple to let it spy on users' encrypted accounts (Washington Post)US lawmakers respond to the UK's Apple encryption backdoor request (Engadget)UK: Encryption order threatens global privacy rights (Human Rights Watch)Analysis: AI Summit emphasizes innovation and competition over trust and safety (DFR Lab)An overdue idea for making the internet safer just got the funding it needs (Platformer)Google-backed public interest AI partnership launches with $400M+ for open ecosystem building (Techcrunch)Britain dances to JD Vance's tune as it renames AI institute (Politico) Section 230 Still Works in the Fourth Circuit (For Now)–M.P. v. Meta (Eric Goldman)TikTok Opts to Not Take Section 230 Immunity Fight to the US Supreme Court (Law.com)Shopify says risk of fraud, not Nazi swastika, was reason for Kanye West store takedown (The Logic)This episode is brought to you with financial support from the Future of Online Trust & Safety Fund. Ctrl-Alt-Speech is a weekly podcast from Techdirt and Everything in Moderation. Send us your feedback at podcast@ctrlaltspeech.com and sponsorship enquiries to sponsorship@ctrlaltspeech.com. Thanks for listening.

This week on Hacker And The Fed former FBI agent Chris Tarbell and ex-black hat hacker Hector Monsegur discussdiscuss a newly discovered SSH backdoor used by Chinese cyber spies, the alarming rise of insider threats in critical U.S. infrastructure, and the significant drop in ransomware payments in 2024. Hector also delivers a passionate rant about government security oversight and the risks posed by unvetted personnel in federal systems. Plus, the duo shares insights on bypassing corporate security with SSH tunneling, the evolution of cybercrime tactics, and why cybersecurity resilience is more crucial than ever. Send HATF your questions at questions@hackerandthefed.com.

To Simulate or Replicate: Crafting Cyber Ranges Automating the creation of cyber ranges. This will be a multi part series and this part covers creating the DNS configuration in Windows https://isc.sans.edu/diary/To%20Simulate%20or%20Replicate%3A%20Crafting%20Cyber%20Ranges/31642 Scammers Exploiting Deepseek Hype Scammers are using the hype around Deepseek, and some of the confusion caused by it's site not being reachable, to scam users into installing malware. I am also including a link to a "jailbreak" of Deepseek (this part was not covered in the podcast). https://www.welivesecurity.com/en/cybersecurity/scammers-exploiting-deepseek-hype/ https://lab.wallarm.com/jailbreaking-generative-ai/ PyPi Archived Status PyPi introduced a new feature to mark repositories as archived. This implies that the author is no longer maintaining the particular package https://blog.pypi.org/posts/2025-01-30-archival/ ICS Mecial Advisory: Comtec Patient Monitor Backdoor And interested backdoor was found in a Comtech Patient Monitor. https://www.cisa.gov/news-events/ics-medical-advisories/icsma-25-030-01

Three Buddy Problem - Episode 31: Dennis Fisher steps in for Ryan Naraine to moderate discussion on a very busy week in cybersecurity. The cast dig into the wave of big research reports, the disbanding of the Cyber Safety Review Board (CSRB), the ongoing flood of exploits targeting security appliances from Ivanti and SonicWall, and the recent Lumen research on Juniper router backdoors. Plus, the challenges of coordinating disclosures, the tough realities of intelligence work, and the complex landscape of nation-state attacks -- especially around Chinese threat actors and Western defenses. Cast: Juan Andres Guerrero-Saade (https://twitter.com/juanandres_gs), Costin Raiu (https://twitter.com/craiu) and Dennis Fisher. Ryan Naraine (https://twitter.com/ryanaraine) in on work travel.

Three Buddy Problem - Episode 29: Another day, another Ivanti zero-day being exploited in the wild. Plus, China's strange response to Volt Typhoon attribution, Japan blames China for hacks, a Samsung 0-click vulnerability found by Project Zero, Kim Zetter's reporting on drone sightings and a nuclear scare. Plus, hijacking abandoned .gov backdoors and Ukrainian hacktivists wiping a major Russian ISP. Cast: Juan Andres Guerrero-Saade (https://twitter.com/juanandres_gs), Costin Raiu (https://twitter.com/craiu) and Ryan Naraine (https://twitter.com/ryanaraine).

[glossary_exclude]They assume perfection, and we all know how that goes.[/glossary_exclude] by Leo A. Notenboom (Image: DALL-E 3) A phrase we've heard more and more often in recent years is encryption backdoor. The concept is simple: government agencies want to be able to monitor otherwise encrypted communications. The concept is flawed. [glossary_exclude]Encryption backdoors[/glossary_exclude][glossary_exclude]Encryption backdoors allow governments or other entities to access private communications, undermining privacy. These backdoors create vulnerabilities; they rely on the trustworthiness of those entities to use backdoor keys responsibly and prevent leaks. Criminals can still bypass such measures using traditional, non-backdoored encryption. Encryption backdoors risk your privacy without effectively improving anyone's security.[/glossary_exclude] Securing communications with encryption The fundamental concept of encrypted communications is that only the sender and the recipient can read a message exchanged between them. The sender encrypts it before sending, and only the recipient has the ability to decrypt it.1 One example I run into regularly is sending someone a password -- you don't want someone "in the middle" to be able to see it. An end-to-end encrypted messaging service is one solution. Governments don't like this at all. At its most basic, encryption prevents law enforcement from monitoring potentially illegal activities. At its most extreme, it prevents oppressive governments from monitoring what their citizens might be up to. As a result, from time to time we hear of proposed legislation to force service providers to provide a back door that would allow authorized entities such as governments and perhaps others to access otherwise inaccessible communications. How a backdoor might work Traditional encryption works in one of two ways. One method uses a common secret, like a password, which is used to both encrypt and decrypt data. The other method uses a key-pair: one key can decrypt data encrypted by the other, and vice versa. Without the appropriate password or key, encrypted data cannot be decrypted.2 What both these approaches have in common is math -- lots and lots of advanced, complex math. A backdoor adds more math. In addition to the password or key, some kind of "master key" would also be needed to decrypt the data. That master key would be shared only with trusted entities (like governments) with (hopefully) legitimate reasons to decrypt the data. A real-world physical example Consider the TSA-approved padlock. TSA's "back door" on a combination lock. (Image: askleo.com) This padlock might have a key or combination. If you have the key or know the combination, you can unlock it. In the United States, the TSA (Transportation Security Administration) has mandated that approved padlocks also have an additional key slot -- a key slot for which their agents have a master key. This master key is a back door allowing them to bypass your padlock's mechanism completely and open it. This allows them to examine the contents of your luggage. You can use a non-compliant padlock, but the TSA has the right to break the lock. There's a reasonable argument that this contributes to public safety. However, even though it's likely illegal to possess, the master key has long been available to anyone who cares to get it. Travelers have been forced to sacrifice personal privacy for public security. Physical versus digital The major difference between our physical example and encryption is the bolt cutter. Luggage locks are easily broken. Even the most secure locking mechanisms can typically be thwarted with enough skill or force. That's not quite the same as digital encryption. An appropriately strong encryption algorithm can be practically impossible to break. Again, governments don't like this. They would very much like a way to break the lock,

We get frustrated with Nintendo. Then, dig into the 30-year-old backdoor that was recently exploited and the hard lesson we should learn from it. Then, we'll break down some "hot tips" that promise to make you the next DevRel star.

00:00 - Introduction01:22 - The Scenario02:50 - First Steps03:48 - Endpoint Analysis Roll04:22 - Logon Scripts Were installed05:09 - I.R. Team Introductions07:17 - Second Step10:32 - Network Threat Hunting Roll11:36 - Third Step15:12 - Anyway Here's Firewall Roll15:43 - Fourth Step18:26 - SIEM Roll19:41 - Fifth Step20:47 - UEBA Roll21:19 - Senario Recap22:20 - Senario Plausibility?25:51 - Wrap-up Takeaways

CrowdStrike Exec's "Most Epic Fail" Award Hardware backdoors discovered in Chinese-made key cards Counterfeit CISCO networking gear SpinRite Errata NPD breach updates from listeners Looking back at old SN episodes Cascading Bloom Filters Show Notes - https://www.grc.com/sn/SN-989-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: canary.tools/twit - use code: TWIT 1password.com/securitynow e-e.com/twit GO.ACILEARNING.COM/TWIT code SN100

CrowdStrike Exec's "Most Epic Fail" Award Hardware backdoors discovered in Chinese-made key cards Counterfeit CISCO networking gear SpinRite Errata NPD breach updates from listeners Looking back at old SN episodes Cascading Bloom Filters Show Notes - https://www.grc.com/sn/SN-989-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: canary.tools/twit - use code: TWIT 1password.com/securitynow e-e.com/twit GO.ACILEARNING.COM/TWIT code SN100

CrowdStrike Exec's "Most Epic Fail" Award Hardware backdoors discovered in Chinese-made key cards Counterfeit CISCO networking gear SpinRite Errata NPD breach updates from listeners Looking back at old SN episodes Cascading Bloom Filters Show Notes - https://www.grc.com/sn/SN-989-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: canary.tools/twit - use code: TWIT 1password.com/securitynow e-e.com/twit GO.ACILEARNING.COM/TWIT code SN100

This week, we are joined by a Security Researcher from SpyCloud Labs, James, who is discussing their work on "Unpacking Infostealer Malware: What we've learned from reverse engineering LummaC2 and Atomic macOS Stealer." Infostealer malware has become highly prevalent, with SpyCloud tracking over 50 families and finding that 1 in 5 digital identities are at risk. This research analyzes the workings and intentions behind infostealers like LummaC2 and Atomic macOS Stealer, focusing on the types of data extracted and the broader security implications. The research can be found here: Reversing LummaC2 4.0: Updates, Bug Fixes Reversing Atomic macOS Stealer: Binaries, Backdoors & Browser Theft How the Threat Actors at SpaxMedia Distribute Malware Globally Learn more about your ad choices. Visit megaphone.fm/adchoices