Podcasts about BitLocker

Bitlocker keys, Tweaking utility, Legacy Outlook for Mac, Onyx for Mac

On this week's show Patrick Gray, Adam Boileau and James Wilson discuss the week's cybersecurity news. They cover: Anthropic's Fable 5 and Mythos 5 get nuked by the US government four days after launch “because security” Why “guardrails” won't keep the world safe from your AI doomsday machine The FISA 702 statute expired, but the spying can (probably) continue! NPM v12 delivers some protection against supply chain attacks, but not enough. Microsoft has a series of bugs that prevent Windows Update from … updating Much, much more! This episode is also available on YouTube Show notes Anthropic suspends new AI models after government directive | NBC News Tech Anthropic rankles users with safety-first Fable release | NBC News Tech How a 90-minute White House deadline sparked Silicon Valley's biggest AI fight | washingtonpost.com Pete Hegseth (@PeteHegseth) on X | X (formerly Twitter) David Sacks (@DavidSacks) on X | X (formerly Twitter) DoW CIO Kirsten Davies (@DoWCIODavies) on X | X (formerly Twitter) David Shulman (@DavidShulmanFL) on X | X (formerly Twitter) Controversial FISA spying law expires tonight. The spying will continue. | Ars Technica GitHub announces npm security changes to tackle supply-chain attacks | BleepingComputer Why NPM v12 won't stop supply chain attacks - Risky Business Media | Social Signals Oracle PeopleSoft servers hacked in ShinyHunters data theft attacks | BleepingComputer Microsoft patches Exchange Server zero-day exploited in attacks | BleepingComputer Max severity Ivanti Sentry vulnerability now exploited in attacks | BleepingComputer CISA warns of another cPanel plugin flaw exploited in attacks | BleepingComputer Critical Fortinet FortiSandbox flaws now exploited in attacks | BleepingComputer CISA orders feds to patch actively exploited Ivanti flaw by Sunday | BleepingComputer CISA to require federal agencies to patch some cyber vulnerabilities within 3 days | therecord.media Path traversal flaw in AI dev platform Langflow exploited in attacks | BleepingComputer Microsoft: Some Windows PCs fail to install latest monthly updates | BleepingComputer Microsoft fixes BitLocker recovery bug on Windows Server 2025 | BleepingComputer Microsoft fixes Windows update failures linked to WUSA installer | BleepingComputer New attack turned Microsoft 365 Copilot into 1-click data theft tool | BleepingComputer Over 73,000 French govt employees affected in Tchap messenger breach | BleepingComputer Signal Alums Reveal ‘Encrypted Spaces,' a System for Making Private Collaboration Apps | wired.com FBI disrupts massive AI-powered phishing service using a million URLs | BleepingComputer Cyberattack shuts down major Australian sugar mills, disrupting harvest | The Record Drug Sites Hijacked Spotify's Search Ranking Through Fake Podcasts, Report Finds | wired.com It Is Trivially Easy to Use Reddit to Manipulate AI Search, Research Suggests | 404.feed.press Who Runs the Ransomware Group ‘The Gentlemen?' | krebsonsecurity.com :brdKnife: (@cR0w@infosec.exchange) | Infosec Exchange

Parce que… c'est l'épisode 0x30A! Préambule Expérimentation avec une nouvelle approche d'enregistrer en itinérance. Le son n'est pas idéal, mais pas trop loin de l'objectif. Un nouvel essai aura lieu le 21 juin, où j'améliorerai l'approche pour atteindre une qualité suffisante en limitant la quantité de choses que j'apporte lorsque je suis en voyage. Shameless plug 24 et 25 juin 2026 - Troopers 26 et 27 juin 2026 - leHACK 30 juin au 2 juillet 2026 - Pass the SALT 19 septembre 2026 - Bsides Montréal 20 au 26 septembre 2026 - BruCON 13 novembre 2026 - DEATHCon 16 au 19 novembre - European Cyber Week 1 au 3 décembre 2026 - Forum INCYBER - Canada 2026 24 et 25 février 2027 - SéQCure 2027 Notes IA ou Ghost in the shell Fable ou fiction Claude Fable 5 Doesn't Change the Mythos Security Story Anthropic says these topics are too dangerous to let its Fable 5 model talk about Cybersecurity researchers aren't happy about the guardrails on Anthropic's Fable Il était une fois… l'export control ou la fable de l'accès universel Statement on the US government directive to suspend access to Fable 5 and Mythos 5 Anthropic Anthropic's Claude Fable 5 Alleged Jailbreak to Generate Stack Exploits Anthropic shuts down Fable, Mythos models following Trump admin directive Our response to the US ban on Fable 5 and Mythos 5 How Amazon and the White House ended Anthropic's Fable US ban on Anthropic's Fable 5 and Mythos 5 has ‘Amazon link': Researchers from Amazon used a series of prompts to … Tech Things: There is a massive shadow hanging over this Fable thing Lawsuit: ChatGPT validated suicidal woman's distrust of crisis lines Zcash - Une IA déniche en 24h une faille vieille de 4 ans Extracting Recurring Vulnerabilities from Black-Box LLM-Generated Software Friend or Foe? Language as an ideological switch in open-weight LLMs under Russian disinformation stress AI Code Sandboxes: A Comparative Security Study Part 1 of 2 — Engine-Level Properties (Attack Surface, Leakage, Stackability, CVE History, Patch Cadence, Fuzzing) Sample-Efficient LLM-Based Detection of Malicious Web Server Logs with Forensically Explainable Reasoning SecureClaw: Clawing Back Control of LLM Agents Security Risks of Apple's AI Changing Your Passwords Blame AI: Patch Tuesday Hits Record 206 CVEs Un ver informatique qui raisonne tout seul China-linked operators revive botnet, stir AI datacenter debate Are Frontier LLMs Ready for Cybersecurity? Evidence for Vertical Foundation Models from Dual-Mode Vulnerability Benchmarks Bypassing Prompt Guards in Production with Controlled-Release Prompting Mind your key: An Empirical Study of LLM API Credential Leakage in iOS Apps GenAI Is Both Hunter and Hunted at Pwn2Own Berlin 2026 La guerre, la guerre, c'est pas une raison pour se faire mal! Iran Signed a Ceasefire — Its Hackers Didn't The Strange Defeat of Nuclear Deterrence Souveraineté ou vive le numérique libre! Digital Sovereignty Becomes An Imperative As the US Reads Dutch Emails All the Ways Europe Is Ditching American Technology Euro-Office 1.0 Arrives To Open-Source Infighting: ‘Compatibility Is Not Sovereignty' Infineon to Open German Chip Fab as Part of EU Sovereignty Push AI Sovereignty: A Qualitative Model of Strategic Competition as AI Becomes an Instrument of National Power Canada: Artificial Intelligence as a Pillar of Digital Sovereignty - INCYBER NEWS Kevin Beaumont: “I'm on year 3 of trying to con…” - Cyberplace Germany

V této epizodě CCTV NEWS se podíváme na spor kolem modelů Fable 5 a Mythos 5, novou metodiku NÚKIB pro bezpečnější ICT zakázky, statistiky ukazující Českou republiku jako jednu z nejčastěji napadaných zemí v Evropě, aktuální smishingovou kampaň s falešnými pokutami, nový BitLocker bypass GreatXML a kritickou zranitelnost v systému Splunk Enterprise.

Big thanks to TryHackMe for sponsoring this video. Learn Cyber Security with Practical Labs on TryHackMe:https://tryhackme.com/DavidBombalTech Use my code DAVIDTECH25 to get 25% OFF on Annual Subscription! Dr. Mike Pound joins David Bombal to explain symmetric encryption, AES, secret keys, VPN encryption, TLS, block ciphers, stream ciphers and why encryption is one of the most important building blocks in modern cybersecurity. In this video, Mike explains what encryption actually does: it takes readable plaintext and turns it into unreadable ciphertext so that only someone with the correct secret key can decrypt it. He breaks down how symmetric encryption works, why the same key is used to encrypt and decrypt, and why algorithms like AES are used everywhere from secure websites and VPNs to BitLocker and full disk encryption. You'll learn why AES is so fast on modern CPUs, how keys interact with encryption algorithms, and why AES uses rounds of substitution and permutation to scramble data. Mike also explains the difference between block ciphers and stream ciphers, including AES, DES, Triple DES, ChaCha20 and older algorithms like RC4 and A5/1. The discussion also covers why symmetric encryption is used for bulk encryption in protocols like TLS and IPsec, why asymmetric encryption is used differently, and why you should never write your own encryption algorithm or implement your own AES code for real-world security. If you want to understand how encryption protects your data, how VPNs and secure web traffic work, and why AES is still one of the most important algorithms in cybersecurity, this is a great place to start. // Mike SOCIAL // X: / _mikepound YouTube Channel: / computerphile // YouTube Video REFERENCE //Password Cracking: Can a Rainbow table reverse a hashed password?: • Password Cracking: Can a Rainbow table rev... // David's SOCIAL // Discord: discord.com/invite/usKSyzb Twitter: www.twitter.com/davidbombal Instagram: www.instagram.com/davidbombal LinkedIn: www.linkedin.com/in/davidbombal Facebook: www.facebook.com/davidbombal.co TikTok: tiktok.com/@davidbombal YouTube: / @davidbombal Spotify: open.spotify.com/show/3f6k6gE... SoundCloud: / davidbombal Apple Podcast: podcasts.apple.com/us/podcast... // MY STUFF // https://www.amazon.com/shop/davidbombal // SPONSORS // Interested in sponsoring my videos? Reach out to my team here: sponsors@davidbombal.com // MENU // 0:00 - Coming Up 0:27 - TryHackMe Sponsor 0:49 - Intro 01:18 - Symmetric vs Asymmetric Encryption 04:38 - Key Exchange and VPN Analogy 06:10 - Examples of Symmetric Algorithms 08:56 - Advantages of Stream vs Block Cyber 10:31 - Deeper AES Explanation 14:34 - Substitution, Permutation, Mixing in AES 19:24 - Don't Implement your Own Encryption 20:16 - TryHackMe Sponsor - DEMO 24:21 - DES Algorithm and the NSA 26:01 - Where to Learn More about Encryption 27:42 - Outro Please note that links listed may be affiliate links and provide me with a small percentage/kickback should you use them to purchase any of the items listed or recommended. Thank you for supporting me and this channel! Disclaimer: This video is for educational purposes only. #symmetricencryption #aes #des

More Bitlocker Issues: GreatXML https://git.churchofmalware.org/Nightmare_Eclipse/GreatXML Security Advisory Ivanti Sentry (CVE-2026-10520, CVE-2026-10523) https://hub.ivanti.com/s/article/Security-Advisory-Ivanti-Sentry-CVE-2026-10520-CVE-2026-10523?language=en_US Oracle Security Alert Advisory - CVE-2026-35273 https://www.oracle.com/security-alerts/alert-cve-2026-35273.html https://www.bleepingcomputer.com/news/security/oracle-mitigates-peoplesoft-zero-day-exploited-in-data-theft-attacks/ How Deceptive Installers Are Targeting macOS Users https://www.huntress.com/blog/deceptive-installers-macos-infostealers My Upcoming Classes https://www.sans.org/profiles/dr-johannes-ullrich

Bad Phones, Sarlaccs, Maine, Chinese Sites, Ivanti, GreatXML, Bitlocker, Peoplesoft, Josh Marpet, and More on this episode of the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-589

Bad Phones, Sarlaccs, Maine, Chinese Sites, Ivanti, GreatXML, Bitlocker, Peoplesoft, Josh Marpet, and More on this episode of the Security Weekly News. Show Notes: https://securityweekly.com/swn-589

Bad Phones, Sarlaccs, Maine, Chinese Sites, Ivanti, GreatXML, Bitlocker, Peoplesoft, Josh Marpet, and More on this episode of the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-589

Bad Phones, Sarlaccs, Maine, Chinese Sites, Ivanti, GreatXML, Bitlocker, Peoplesoft, Josh Marpet, and More on this episode of the Security Weekly News. Show Notes: https://securityweekly.com/swn-589

Een AI-supportbot die zonder goede controle Instagram-accounts weggeeft, de Silent Ransom Group die data steelt en slachtoffers afperst zonder bestanden te versleutelen, en een GitHub-issue waarmee een AI-agent zijn eigen repository in gevaar kan brengen. Ronald, Marco en Jelle beginnen met drie verhalen waarin vertrouwen gevaarlijk ruim wordt uitgedeeld. Daarna duikt Ronald in YellowKey. Met een speciaal geprepareerde USB-stick kan een aanvaller Windows Recovery misleiden en de standaard BitLocker-bescherming van Windows 11 omzeilen. Minstens zo interessant is de ruzie eromheen: onderzoeker Nightmare-Eclipse zegt meerdere zero-days te publiceren uit frustratie over Microsoft, waarna een publiek conflict ontstaat over disclosure, verantwoordelijkheid en de macht van een grote leverancier. Marco bespreekt vervolgens een proof-of-concept voor adaptieve AI-wormen. In plaats van één vast ingebouwd aanvalspad gebruikt deze worm lokale AI-agenten om per doelwit een strategie te bedenken, fouten te herstellen en kennis met andere besmette machines te delen. Het is nog laboratoriumonderzoek, maar wel een ongemakkelijke vooruitblik op malware die ook redeneert. Tot slot gaat Jelle ouderwets Shodan-bingo spelen met automatic tank gauges: kleine systemen die brandstof- en vloeistoftanks meten en soms nog direct aan het internet hangen. Cyber-fysieke ellende hoeft niet te beginnen bij een energiecentrale; een vergeten meetkastje met een hardcoded creds is soms genoeg. *Bronnen* Meta AI-support en Instagram - 404 Media: https://www.404media.co/hackers-simply-asked-meta-ai-to-give-them-access-to-high-profile-instagram-accounts-it-worked/ - TechCrunch: https://techcrunch.com/2026/06/01/hackers-hijacked-instagram-accounts-by-tricking-meta-ai-support-chatbot-into-granting-access/ Silent Ransom Group en DNS fast flux - Resecurity: https://www.resecurity.com/blog/article/silent-ransom-group-srg-uncovering-dns-fast-flux-infrastructure - FBI: https://www.fbi.gov/file-repository/cyber-alerts/silent-ransom-group-targeting-law-firms-052325.pdf Claude Code GitHub Action - GMO Flatt Security: https://flatt.tech/research/posts/poisoning-claude-code-one-github-issue-to-break-the-supply-chain/ YellowKey en Microsoft - Ars Technica: https://arstechnica.com/security/2026/05/zero-day-exploit-completely-defeats-default-windows-11-bitlocker-protections/ - Windows Central: https://www.windowscentral.com/microsoft/microsoft-backs-off-legal-threats-against-windows-security-researchers Adaptieve AI-wormen - Paper, AI Agents Enable Adaptive Computer Worms: https://arxiv.org/abs/2606.03811 Automatic tank gauges - NSA: https://www.nsa.gov/Press-Room/Press-Releases-Statements/Press-Release-View/Article/4507204/nsa-joins-cisa-and-partners-to-release-guidance-on-hardening-automatic-tank-gau/ - BleepingComputer: https://www.bleepingcomputer.com/news/security/cisa-warns-of-cyberattacks-targeting-fuel-tank-monitoring-systems/

Als sich das DENIC kürzlich bei einem Schlüsselwechsel ein Bein stellte, gingen im deutschen Internet für kurze Zeit die Lichter aus. Sylvester und Christopher haben den DNS-Experten Carsten Strotmann eingeladen, der ihnen und den Hörern im ersten Teil der Folge die Gründe und Auswirkungen dieses Ausfalls erläutert. Im zweiten Teil geht es dann zunächst um einen digitalen Raubzug mithilfe eines Domainklaus. Er betraf ein Unternehmen aus dem Krypto-Universum (as in Kursschwankung, nicht as in quantensicher) und dessen Kunden. Dann klären die beden Hosts die Frage, ob YellowKey den Beinamen "Bitlocker-Bypass" verdient hat und - ganz neu - probieren ein neues Format aus. In drei fünfminütigen Kurzschnipseln erzählen sie weitere aktuelle Begebenheiten rund um Signal, PQC und eine weitere Failzwiebel. Keywords: DENIC, DNSSEC, Key Rollover, Ausfall, Domains, Registry, Registrar, Exploit, Full Disclosure, Nightmare Eclipse, YellowKey, Bitlocker, Windows, Signal, Datenbank, Post-Quanten-Kryptografie, Zero-Trust Proof, Redundanz, CIA-Triade,

Host Jim Love and panelists David Shipley, Laura Payne, and Jeff Williams discuss a researcher ("Chaotic/Nightmare Eclipse") publicly disclosing multiple Windows zero-days affecting components including Defender and BitLocker, frustration with Microsoft's vulnerability disclosure process, and backlash to Microsoft's initially threatening tone before it was partially walked back; the panel debates responsible disclosure, the need for researcher support/organization, transparency vs liability, and how vulnerability reporting is straining under volume. They then examine a White House AI executive order focused on voluntary measures and 30-day model access, criticizing the lack of basic safety and cybersecurity protections amid FOMO about losing to China and an AI investment bubble. The conversation covers AI-driven harms and studies on reduced brain activity and "cognitive surrender," while noting benefits when AI is used as a tutor. Shipley highlights Canada's Senate passing Bill C-8 on critical infrastructure cybersecurity, and the group urges outcome-focused security, architecture/risk prioritization, and critical thinking against AI-enabled social engineering. Cybersecurity Today would like to thank Material Security for sponsoring this podcast. Material Security provides faster, more complete detection and response for email, identity, and data threats inside Google Workspace and Microsoft 365. You can contact them at material[dot]security. 00:00 Sponsor Message 00:24 Show Welcome Panel 01:17 Microsoft Zero Day Fallout 04:19 Researcher Backlash Drama 06:46 Unionizing Bug Hunters 13:10 Product Liability Debate 23:23 Regulation vs Transparency 26:00 AI Bubble Investor Risk 28:01 White House AI Order 32:24 Cybersecurity Gaps Telecom 33:19 Telecom Trust Breakdown 34:32 AI Harms and Exploitation 35:36 Studies on Cognitive Surrender 38:13 Markets Regulation and Politics 40:13 Canada Cyber Law Win 42:33 Adoption Hype and Subsidy Bubble 48:50 Patch Deluge and AppSec Strain 52:10 Defenses Beyond Patching 54:17 Outcomes Critical Thinking and CIA 01:01:49 Education Disruption and Closing 01:04:14 Sponsor Message Material Security

Wat deed er echt toe deze week: Batman's technologie gaat van fictie naar feit GBA is Marktenhof beetje beu Credentials die rondslingeren, it's been done, maar nog nooit door CISA Backdoor in Bitlocker? Of gewoon incompetentie? En ook pornosterren hebben recht op privacy, obviously, maar sommigen dachten daar anders over Dat en meer deze week in Dasprive Shownotes: Dasprive Soirée d’ été 2026 Lidmaatschap https://news.infomaniak.com/en/infomaniak-foundation-sovereign-cloud https://tweakers.net/nieuws/248146/proton-zet-postquantumversleuteling-tijdelijk-stop-na-synchronisatieproblemen.html https://dl.acm.org/doi/epdf/10.1145/3719027.3765062 https://www.sciencedaily.com/releases/2026/05/260522023127.htm https://www.sciencedirect.com/science/article/abs/pii/S1389128623001962 https://www.brusselstimes.com/belgium/2135116/belgian-data-protection-authority-to-use-criminal-courts-to-enforce-regulations https://krebsonsecurity.com/2026/05/cisa-admin-leaked-aws-govcloud-keys-on-github https://www.security.nl/posting/937337/Microsoft+waarschuwt+voor+YellowKey-lek+dat+BitLocker-encryptie+omzeilt https://tweakers.net/nieuws/247800/nieuwe-voorzitter-van-autoriteit-persoonsgegevens-is-privacyadvocaat.html https://www.vrt.be/vrtnws/nl/2026/05/06/7-mannen-moeten-schadevergoeding-betalen-na-verspreiding-seksuel https://www.404media.co/mayo-clinic-is-using-ai-to-listen-to-emergency-room-visits https://www.security.nl/posting/937584/Privacy-OS+Tails+wegens+security+voortaan+geleverd+zonder+Thunderbird https://tweakers.net/nieuws/248170/kwetsbaarheid-bij-trump-mobile-legt-mogelijk-data-van-27000-klanten-bloot.html https://www.theguardian.com/us-news/2026/may/23/trump-mobile-investigating-potential-exposure-of-would-be-customers-personal-information https://tweakers.net/reviews/14634/hoezo-zet-trump-een-eigen-logo-op-een-oude-midrange-htc-telefoon.html https://www.security.nl/posting/937816/Duitse+ziekenhuizen+lekken+gegevens+van+honderdduizend+pati%C3%ABnten https://www.gpdp.it/web/guest/home/docweb/-/docweb-display/docweb/10234984 https://www.gpdp.it/web/guest/home/docweb/-/docweb-display/docweb/10235001 https://www.techtransparencyproject.org/https://github.com/jksalcedo/librefind

SummaryIn this episode of the Blue Security Podcast, hosts Andy Jaw and Adam Brewer discuss critical cybersecurity topics, including newly discovered Windows Zero Days, insights from Verizon's latest Data Breach Investigations Report, and a significant credential leak at CISA. They emphasize the importance of vulnerability management, the evolving threat landscape, and best practices for securing sensitive data. The conversation highlights the need for organizations to adapt quickly to emerging threats and implement robust security measures to protect against breaches.----------------------------------------------------YouTube Video Link: ⁠https://youtu.be/DtPgg2jQCyM----------------------------------------------------Documentation: https://thehackernews.com/2026/05/windows-zero-days-expose-bitlocker.html?m=1https://www.verizon.com/business/resources/T158/reports/2026-dbir-data-breach-investigations-report.pdfhttps://arstechnica.com/information-technology/2026/05/in-stunning-display-of-stupid-secret-cisa-credentials-found-in-public-github-repo/----------------------------------------------------Contact Us:Website: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://bluesecuritypod.comBluesky: https://bsky.app/profile/bluesecuritypod.comLinkedIn: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://www.linkedin.com/company/bluesecpodYouTube: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://www.youtube.com/c/BlueSecurityPodcast-----------------------------------------------------------Andy JawBluesky: https://bsky.app/profile/ajawzero.comLinkedIn: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://www.linkedin.com/in/andyjaw/Email: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠andy@bluesecuritypod.com⁠----------------------------------------------------Adam BrewerTwitter: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://twitter.com/ajbrewerLinkedIn: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://www.linkedin.com/in/adamjbrewer/Email: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠adam@bluesecuritypod.com

Welcome to this week's episode of the PEBCAK Podcast!  We've got four amazing stories this week so sit back, relax, and keep being awesome!  Be sure to stick around for our Dad Joke of the Week. (DJOW) Follow us on Instagram @pebcakpodcast   Please share this podcast with someone you know!  It helps us grow the podcast and we really appreciate it!   Simple 6 signup link https://simple6.co/r/CFUR98   Microsoft releases a temporary mitigation script for "YellowKey," a BitLocker-bypassing Windows zero-day with no permanent fix yet https://www.bleepingcomputer.com/news/microsoft/microsoft-shares-mitigation-for-yellowkey-windows-zero-day/   Researchers uncover FAST16, a state-sponsored cyber-sabotage framework from 2005 that silently corrupted precision engineering calculations — predating Stuxnet by at least five years and linked to NSA tooling https://www.tomshardware.com/software/security-software/decades-old-pre-stuxnet-cyber-sabotage-tool-breaks-cover-nsa-listed-it-as-nothing-to-see-here-fast16-targeted-nuclear-reactors-dam-design-and-other-high-precision-civil-engineering-software-years-before-stuxnet-broke-cover https://www.wired.com/story/fast16-malware-stuxnet-precursor-iran-nuclear-attack/ https://www.sentinelone.com/labs/fast16-mystery-shadowbrokers-reference-reveals-high-precision-software-sabotage-5-years-before-stuxnet/   Riot Games clarifies its Vanguard anti-cheat doesn't brick PCs — it just renders $6,000 worth of DMA cheat hardware completely useless https://www.ign.com/articles/riot-games-says-it-would-not-and-cannot-use-vanguard-anti-cheat-to-brick-pcs-after-rumors-spread https://www.tweaktown.com/news/111774/valorants-vanguard-anti-cheat-now-destroys-dma-cheat-firmware/index.html https://x.com/dexerto/status/2057785616255860991   Apple is developing an "anti-snatch" feature that automatically locks an iPhone the moment sensors detect it's been ripped from a user's hand — and London thieves already prefer iPhones over Samsungs https://appleinsider.com/articles/26/05/27/rumored-anti-snatch-feature-will-automatically-lock-iphones-yanked-out-of-a-users-hand https://appleinsider.com/articles/25/11/18/london-thieves-snatching-iphones-but-dont-want-no-samsung   Dad Joke of the Week (DJOW)   Find the hosts on LinkedIn: Chris - https://www.linkedin.com/in/chlouie/ Brian - https://www.linkedin.com/in/briandeitch-sase/ Ben - https://www.linkedin.com/in/benjamincorll/

Jon Westfall and I welcomed back our long-time friend Don Sorcinelli, who hasn't been on the show since last October (podcast 583). Don shared his deliberate "low-tech" approach to entertaining his two-year-old granddaughter, opting for traditional toys over tablets to encourage focus and avoid the "out" that screen time provides. This sparked some fun tech nostalgia, as I recounted my own experiences as a dad of a toddler trying "interactive" toys like the light-sensing Microsoft Barney and the giant yellow Microsoft EasyBall trackball—both of which proved that sometimes, simpler is better. A major theme of this episode was the shifting economic reality of AI. Don, ever the healthy skeptic, compared the current AI hype to the dot-com bust and the "magic math" of non-GAAP reporting. We discussed the "tokens vs. humans" trade-off, noting that as companies like Google and OpenAI move toward token-based pricing, the cost of farming out thinking to AI may soon exceed the cost of hiring a human. I've been finding ways to outsmart these limits by using standard LLMs to "interview" me and generate highly efficient Codex prompts, which usually get the job done on the first try. We also tackled some serious infrastructure and software headaches. I'm currently dealing with expiring Secure Boot certificates on some of my no-name PC boxes—a situation Don rightly called a "mismanaged" disaster on Microsoft's part, given the lack of clear documentation and the bugs causing BitLocker prompts. On a more positive note, my 8GB MacBook Neo continues to impress me with its efficiency, proving that tight optimization can often trump raw specs. We wrapped up with a look at the future of Nvidia ARM-based processors for Windows and a strange sighting during my daily walk: a fiber optic cable hanging at neck height between utility poles, a reminder that even high-tech infrastructure can have very physical (and dangerous) failures

It looks like Bitlocker had a back door in it, how a listener accidentally broke Gitea for users of the snap version, Google accidentally published an unpatched exploit for Chromium-based browsers, why people are starting to ditch Bitwarden, and moving a tech stack away from large corporations. Plugs Support us on patreon and get an ad-free RSS feed with some early episodes How Klara and TrueNAS fixed ZFS's longest standing limitation Webinar: June 25th @ 11am EDT: Understanding AnyRAID with Jon from HexOS News/discussion YellowKey Bitlocker Bypass Vulnerability Microsoft shares mitigation for YellowKey Windows zero-day How I Broke Gitea for Everyone Google publishes exploit code threatening millions of Chromium users The Quiet Renovation at Bitwarden Free consulting We were asked about moving a tech stack away from large corporations. See our contact page for ways to get in touch.

It looks like Bitlocker had a back door in it, how a listener accidentally broke Gitea for users of the snap version, Google accidentally published an unpatched exploit for Chromium-based browsers, why people are starting to ditch Bitwarden, and moving a tech stack away from large corporations. Plugs Support us on patreon and get an ad-free RSS feed with some early episodes How Klara and TrueNAS fixed ZFS's longest standing limitation Webinar: June 25th @ 11am EDT: Understanding AnyRAID with Jon from HexOS News/discussion YellowKey Bitlocker Bypass Vulnerability Microsoft shares mitigation for YellowKey Windows zero-day How I Broke Gitea for Everyone Google publishes exploit code threatening millions of Chromium users The Quiet Renovation at Bitwarden Free consulting We were asked about moving a tech stack away from large corporations. See our contact page for ways to get in touch.

Shownotes – Episode 124Rüdiger hat tagelang eine Terrasse gebaut und festgestellt: IT-Hände sind für echte Arbeit nicht gemacht. Tobi hat dafür eine Taschenlampe zerlegt. Willkommen in einer neuen Folge.Clack – die Tastatur-Nostalgie-App Rüdiger hat die 5,99-Euro-App sofort nach der letzten Folge gekauft und ist Fan. Einziges Manko: Bluetooth-Lautsprecher erzeugen ein nerviges Delay. Am MacBook direkt läuft es perfekt. ISX Conference – wir kommen live! Zusammen mit der Vogelakademie sind wir auf Tour: Frankfurt (3.6.), München (9.6.), Hamburg (16.6.), Düsseldorf (23.6.). Live-Podcast zur Mittagszeit – plus interaktive Abschluss-Keynote mit Cyberkriminalitäts-Bezug. Tobi schaltet sich beim Frankfurt-Termin live aus Südafrika zu. AirPods Max & der Gefriertruhentrick Rüdigers AirPods Max laden nicht mehr. Apple will 400 € für die Reparatur. Reddit-Lösung: 20 Minuten in die Gefriertruhe – und sie funktionieren wieder. Physikalisch unerklärlich, aber wahr.Yellow Key Bug – Microsofts BitLocker-Lücke Microsoft hat die Schwachstelle offiziell bestätigt, aber kaum kommentiert. Workaround: Pre-Boot-PIN reaktivieren, damit die Festplatte nicht über einen präparierten USB-Stick ausgelesen werden kann. Das Schweigen von Microsoft wirft Fragen auf. Enhanced Games – Dopen erlaubt Peter Thiel investiert in ein Sport-Event in Las Vegas, bei dem Athleten gedopt antreten dürfen – legal, ärztlich überwacht, mit eigenem Online-Shop für alles, was sonst im Darknet landet. Sechs Olympia-Medaillengewinner sind dabei. Tobi glaubt: Das hat TV-Zukunft. ChatGPT mit Bankkontozugang In den USA kann ChatGPT jetzt live auf Bankkonten zugreifen und Spartipps geben. Datenschutztechnisch ein Albtraum – aber Rüdiger gibt zu: Wenn KI-Agenten dann auch gleich Flüge buchen, wird die Versuchung groß. Seine persönliche Grenze: keine Finanz- und Gesundheitsdaten. isyouraidown.com & isaiprofitable.com Zwei nützliche Seiten: Stefan Skrupisch hat isyouraidown.com gebaut – ein Echtzeit-Statusmonitor für alle großen KI-Dienste, in zwei Tagen per Vibe Coding entstanden. isaiprofitable.com zeigt, wer mit KI wirklich Geld verdient. Spoiler: Nur Nvidia ist im Plus. Alle anderen verbrennen Milliarden. Chip-Knappheit & der Druckertinten-Effekt KI-Unternehmen kaufen Hardware in Massen weg – Laptops und Raspberry Pis werden teurer, Lieferketten brechen. Wer heute KI tief in seine Prozesse einbaut, sitzt morgen in der Falle: Die Preise werden steigen, der Ausstieg wird teuer. TI-Taschenrechner mit ChatGPT Jemand moddet Texas-Instruments-Taschenrechner mit einem Raspberry Pi und WLAN – und baut ChatGPT ein. Für 100 Dollar Umbaukosten: der perfekte Prüfungs-Cheat-Key. Rüdiger überlegt ernsthaft, einen zu bestellen. Google wird Antwortmaschine Google kündigt an, keine klassische Suchmaschine mehr zu sein. Videos hochladbar, KI beantwortet direkt – ohne Weiterleitungen. Das Problem: Der Traffic zu Content-Anbietern stirbt. Hörerin Klaus' These: Noch mehr Inhalte werden hinter Paywalls verschwinden. Wahrscheinlich richtig. -- Links zur Folge immer auf https://podcast.ichglaubeeshackt.de/ Wenn Euch unser Podcast gefallen hat, freuen wir uns über eine Bewertung! Feedback wie z.B. Themenwünsche könnt Ihr uns über sämtliche Kanäle zukommen lassen: Email: podcast@ichglaubeeshackt.de Web: podcast.ichglaubeeshackt.de Instagram: http://instagram.com/igehpodcast

Tra Bitlocker violabile e gli aiuti tedeschi a KDE LinuxDue notizie che vanno a braccetto. Ma dobbiamo capire anche i limiti, non solo gli annunci.Parliamo di Bitlocker, apparentemente violabile, e gli aiuti finanziari della Germania a KDE Linux per sviluppare alcuni standard di comunicazione (webdav su tutti, interessante come approccio.Buon ascolto(PS ricordo ai membri che entrando in caffe20.it/in hanno opzioni in piu'. Per diventare membri: caffe20.it/membri )

GitHub Breach https://x.com/github/status/2056949168208552080 Agentic Threat Intelligence Feed - VS Code Extensions https://agentmesh.knostic.ai/extensions More NGINX Vulnerabilities https://x.com/nebusecurity/status/2057071579876753643 https://my.f5.com/manage/s/article/K000161307 Microsoft Publishes YellowKey Mitigation CVE-2026-45585 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45585 Incomplete Sonicwall Patch CVE-2024-12802 https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0001

Chris and Hector break down a major ransomware attack on Foxconn, the growing strain AI data centers are putting on power grids, and new allegations surrounding Microsoft security and cloud infrastructure. They also discuss insider threats, ransomware leaks, BitLocker concerns, and why cybersecurity vendors continue to overwhelm the industry with noise instead of solutions. Join our Patreon for weekly bonus episodes: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://www.patreon.com/c/hackerandthefed⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ Send HATF your questions at ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠questions@hackerandthefed.com

In This Episode: Apple's AI, Google I/O Updates, and the BitLocker Yellow Key Security Flaw This week the TEH Podcast is hosted by Leo Notenboom, the “Chief Question Answerer” at Ask Leo!, and Gary Rosenzweig, the host and producer of MacMost, and mobile game developer at Clever Media. (You’ll find longer Bios on the Hosts page.) Top Stories 0:00 GR: What will the new Siri be like? (WWDC coming up) Stand-alone app Voice assistant that understands what you mean Gemini but not Gemini, Gemini model running on Apple's servers, doing Apple things 12:30 LN: Bitlocker busted? Yellowkey exploit 16:00 How encryption keys are really stored 22:00 GR: Folding Phones? Big deal or niche product? Really looks like Apple is doing this soon (iPhone Ultra) Pixel Fold: https://store.google.com/product/pixel_10_pro_fold?hl=en-US&pli=1  33:00 GR: Google I/O stuff, audio glasses, AI agents Glasses without any visual component: just mic, speaker and camera? 36:00 LN: https://bee.computer/  41:00 Hot take: People don't want agents, as people don't normally have assistants. Normal people talk to other people (chat) Also: Could it come to a point where it is all just moving too fast? Ain’t it Cool 57:00 GR: I'll Miss Stephen Colbert 1:00:00 LN: New Murderbot – Platform Decay BSP: Blatant Self-Promotion 01:01:16 GR: https://macmost.com/10-reasons-why-you-should-be-using-icloud-photos.html  01:03:43 LR: Has BitLocker Been Broken? What YellowKey Means to You – askleo.com/192620 Transcript teh_267 Video

Send us Fan MailBitLocker feels like a safety net until you see how a single bypass can change the whole risk picture. Today we react to the Yellow Key vulnerability (noted in the news and referenced as CVE 2645585) and use it as a practical CISSP training moment: a public proof of concept is available, a vendor patch is not, and the attack hinges on physical access. That mix forces you to think clearly about what “high risk” actually means, why “critical” is not always the right label, and how real security teams respond when the perfect fix does not exist yet.We connect the story to CISSP domains you are actively tested on. Domain 3 shows up in the basics of data at rest encryption and the uncomfortable truth that encryption is only as strong as its implementation. Domain 7 shows up in zero-day vulnerability management, compensating controls, and the need to have patch deployment ready to move the moment Microsoft ships a fix. We also highlight why secure boot and firmware integrity checks matter, and why endpoint detection may not help when an attacker can silently read files with little to no logging signal.Then we shift into five exam-style questions designed to sharpen your decision-making: how to classify risk using likelihood and impact, how to spot absolute-language distractors, which CIA triad principle is actually failing when data is accessed without detection, and why data minimisation can reduce breach impact more than “adding another tool.” If you're studying for the CISSP exam and want practice that feels like real life, this is built for you.Subscribe for weekly CISSP practice, share this with a study partner, and leave a review so more candidates can find the show. What control would you tighten first if a BitLocker bypass hit your fleet tomorrow?Gain exclusive access to 360 FREE CISSP Practice Questions at FreeCISSPQuestions.com and have them delivered directly to your inbox!  Don't miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

OpenAI, Microsoft, and Google are racing to unleash next-gen AI that hunts for software vulnerabilities and hacks at scale. This episode explores how these advancements could shake up everything we thought we knew about cybersecurity. Microsoft rethinks Edge's "intended behavior" after it gets press. Chaotic Eclipse hacker strikes again with a Bitlocker bypass. Google's threat analysis group documents malicious AI use. Canada hasn't learned the lessons of the EU and the UK. AI chatbots may be far more addictive than social media. Project: Hail Mary now available to stream. An apparently-serious zero-point quantum vacuum energy source. A bit of listener feedback. OpenAI's & Microsoft's vulnerability discovery systems Show Notes - https://www.grc.com/sn/SN-1079-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free audio and video feeds, a members-only Discord, and exclusive content. Join today: https://twit.tv/clubtwit Sponsors: outsystems.com/twit hoxhunt.com/securitynow zscaler.com/security meter.com/securitynow canary.tools/twit - use code: TWIT joindeleteme.com/twit promo code TWIT

On this week's show Patrick Gray, Adam Boileau and James Wilson discuss the week's cybersecurity news. They cover: GitHub announced a possible breach CISA leaks important creds, keys in public repo Awful vulnerability in Bitlocker renders it useless without a PIN So. Many. Patches. Polish Government urges officials to ditch Signal for mSzyfr Much, much more This week's show is brought to you by Thinkst Canary. Thinkst's founder, Haroon Meer, is this week's sponsor guest. He joined James Wilson to talk about how doing “the basics” in security isn't trivially easy. This episode is also available on YouTube. Show notes GitHub on X: "We are investigating unauthorized access to GitHub's internal repositories. While we currently have no evidence of impact to customer information stored outside of GitHub's internal repositories (such as our customers' enterprises, organizations, and repositories), we are closely" / X CISA Admin Leaked AWS GovCloud Keys on Github – Krebs on Security Experts Confirm the Fast16 Malware Was Sabotaging Nuclear Weapons Tests, Likely in Iran Iran hackers: Hackers have breached tank readers at gas stations; officials suspect Iran is responsible | CNN Politics War and Data Centers Are Driving Up the Cost of Fiber-Optic Cable Microsoft on pace to break annual vulnerability record as AI-driven patch wave takes hold | The Record from Recorded Future News NCSC's Ollie Whitehouse on surviving the "bugpocalypse" - Risky Business Media Defense at AI speed: Microsoft's new multi-model agentic security system tops leading industry benchmark | Microsoft Security Blog Project Glasswing: what Mythos showed us Linus Torvalds says AI-powered bug hunters have made Linux security mailing list ‘almost entirely unmanageable' First public macOS kernel memory corruption exploit on Apple M5 OpenAI launches Daybreak to combat cyber threats | Cybersecurity Dive Zero-day exploit completely defeats default Windows 11 BitLocker protections - Ars Technica GitHub - Wack0/bitlocker-attacks: A list of public attacks on BitLocker · GitHub Catalin Cimpanu: "The Polish government has advi…" - Mastodon CISA orders all federal agencies to patch exploited bug in Cisco SD-WAN systems by Sunday | The Record from Recorded Future News CVE-2026-20182: Critical authentication bypass in Cisco Catalyst SD-WAN Controller (FIXED) Huawei zero-day attack behind last year's crash of Luxembourg's entire telecoms network | The Record from Recorded Future News Patch bypass allows hackers to exploit prior flaw in SonicWall SSL-VPN | Cybersecurity Dive Microsoft disrupts Fox Tempest malware-signing-as-a-service platform tied to ransomware gangs | The Record from Recorded Future News Streamer Realtime Deepfakes Himself into Mr. Beast, Says He Loves 'Touching Little Boys'

OpenAI, Microsoft, and Google are racing to unleash next-gen AI that hunts for software vulnerabilities and hacks at scale. This episode explores how these advancements could shake up everything we thought we knew about cybersecurity. Microsoft rethinks Edge's "intended behavior" after it gets press. Chaotic Eclipse hacker strikes again with a Bitlocker bypass. Google's threat analysis group documents malicious AI use. Canada hasn't learned the lessons of the EU and the UK. AI chatbots may be far more addictive than social media. Project: Hail Mary now available to stream. An apparently-serious zero-point quantum vacuum energy source. A bit of listener feedback. OpenAI's & Microsoft's vulnerability discovery systems Show Notes - https://www.grc.com/sn/SN-1079-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free audio and video feeds, a members-only Discord, and exclusive content. Join today: https://twit.tv/clubtwit Sponsors: outsystems.com/twit hoxhunt.com/securitynow zscaler.com/security meter.com/securitynow canary.tools/twit - use code: TWIT joindeleteme.com/twit promo code TWIT

OpenAI, Microsoft, and Google are racing to unleash next-gen AI that hunts for software vulnerabilities and hacks at scale. This episode explores how these advancements could shake up everything we thought we knew about cybersecurity. Microsoft rethinks Edge's "intended behavior" after it gets press. Chaotic Eclipse hacker strikes again with a Bitlocker bypass. Google's threat analysis group documents malicious AI use. Canada hasn't learned the lessons of the EU and the UK. AI chatbots may be far more addictive than social media. Project: Hail Mary now available to stream. An apparently-serious zero-point quantum vacuum energy source. A bit of listener feedback. OpenAI's & Microsoft's vulnerability discovery systems Show Notes - https://www.grc.com/sn/SN-1079-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free audio and video feeds, a members-only Discord, and exclusive content. Join today: https://twit.tv/clubtwit Sponsors: outsystems.com/twit hoxhunt.com/securitynow zscaler.com/security meter.com/securitynow canary.tools/twit - use code: TWIT joindeleteme.com/twit promo code TWIT

OpenAI, Microsoft, and Google are racing to unleash next-gen AI that hunts for software vulnerabilities and hacks at scale. This episode explores how these advancements could shake up everything we thought we knew about cybersecurity. Microsoft rethinks Edge's "intended behavior" after it gets press. Chaotic Eclipse hacker strikes again with a Bitlocker bypass. Google's threat analysis group documents malicious AI use. Canada hasn't learned the lessons of the EU and the UK. AI chatbots may be far more addictive than social media. Project: Hail Mary now available to stream. An apparently-serious zero-point quantum vacuum energy source. A bit of listener feedback. OpenAI's & Microsoft's vulnerability discovery systems Show Notes - https://www.grc.com/sn/SN-1079-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free audio and video feeds, a members-only Discord, and exclusive content. Join today: https://twit.tv/clubtwit Sponsors: outsystems.com/twit hoxhunt.com/securitynow zscaler.com/security meter.com/securitynow canary.tools/twit - use code: TWIT joindeleteme.com/twit promo code TWIT

OpenAI, Microsoft, and Google are racing to unleash next-gen AI that hunts for software vulnerabilities and hacks at scale. This episode explores how these advancements could shake up everything we thought we knew about cybersecurity. Microsoft rethinks Edge's "intended behavior" after it gets press. Chaotic Eclipse hacker strikes again with a Bitlocker bypass. Google's threat analysis group documents malicious AI use. Canada hasn't learned the lessons of the EU and the UK. AI chatbots may be far more addictive than social media. Project: Hail Mary now available to stream. An apparently-serious zero-point quantum vacuum energy source. A bit of listener feedback. OpenAI's & Microsoft's vulnerability discovery systems Show Notes - https://www.grc.com/sn/SN-1079-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free audio and video feeds, a members-only Discord, and exclusive content. Join today: https://twit.tv/clubtwit Sponsors: outsystems.com/twit hoxhunt.com/securitynow zscaler.com/security meter.com/securitynow canary.tools/twit - use code: TWIT joindeleteme.com/twit promo code TWIT

OpenAI, Microsoft, and Google are racing to unleash next-gen AI that hunts for software vulnerabilities and hacks at scale. This episode explores how these advancements could shake up everything we thought we knew about cybersecurity. Microsoft rethinks Edge's "intended behavior" after it gets press. Chaotic Eclipse hacker strikes again with a Bitlocker bypass. Google's threat analysis group documents malicious AI use. Canada hasn't learned the lessons of the EU and the UK. AI chatbots may be far more addictive than social media. Project: Hail Mary now available to stream. An apparently-serious zero-point quantum vacuum energy source. A bit of listener feedback. OpenAI's & Microsoft's vulnerability discovery systems Show Notes - https://www.grc.com/sn/SN-1079-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free audio and video feeds, a members-only Discord, and exclusive content. Join today: https://twit.tv/clubtwit Sponsors: outsystems.com/twit hoxhunt.com/securitynow zscaler.com/security meter.com/securitynow canary.tools/twit - use code: TWIT joindeleteme.com/twit promo code TWIT

A serious new Windows 11 BitLocker vulnerability, open-sourced offensive malware tools, a suspected Iranian cyber campaign targeting U.S. fuel infrastructure, and malware that appears designed to interfere with nuclear weapons simulation systems.  Cybersecurity Today would like to thank Material Security for sponsoring this podcast. Material Security provides faster, more complete detection and response for email, identity, and data threats inside Google Workspace and Microsoft 365. You can contact them at material[dot]security. David Shipley breaks down four major cybersecurity stories on Cybersecurity Today. First, a newly disclosed zero-day dubbed YellowKey reportedly defeats default Windows 11 BitLocker protection on systems using TPM-only encryption, giving attackers with physical access a path to unencrypted data through the Windows Recovery Environment. Microsoft is investigating, while security experts are urging stronger BitLocker configurations. The episode also examines the TeamPCP threat group's decision to release offensive tooling publicly, dramatically lowering the barrier for copycat supply-chain attacks. Researchers have already spotted malicious NPM packages borrowing similar techniques, including persistence mechanisms aimed at developer environments such as Visual Studio Code and Claude Code. David also looks at disturbing analysis of the FAST16 malware, which researchers believe was engineered to tamper with nuclear weapons simulation software including LS-DYNA and AutoDyn. And finally, U.S. officials reportedly suspect Iranian actors in cyberattacks targeting internet-exposed gas station automatic tank gauge systems, a reminder that weak operational technology security can quickly become a real-world infrastructure problem. 00:00 Sponsor Message 00:24 Headlines Overview 00:50 BitLocker Zero Day 03:32 TeamPCP Tools Leak 06:13 Copycat NPM Malware 06:50 Fast16 Nuclear Sabotage 08:37 Iran Gas Station Hacks 10:28 Hardening Critical Infrastructure 11:16 Wrap Up And Events 11:59 Sponsor Deep Dive #Cybersecurity #Windows11 #BitLocker #ZeroDay #TeamPCP #IranCyberAttack #SupplyChainAttack #CriticalInfrastructure #CyberSecurityToday

A security researcher just showed that bypassing BitLocker on Windows 11 takes little more than a USB stick and a reboot. I'll discuss what we know, who needs to worry, what the risks are for most people, and what you can do about it right now.

OpenAI, Microsoft, and Google are racing to unleash next-gen AI that hunts for software vulnerabilities and hacks at scale. This episode explores how these advancements could shake up everything we thought we knew about cybersecurity. Microsoft rethinks Edge's "intended behavior" after it gets press. Chaotic Eclipse hacker strikes again with a Bitlocker bypass. Google's threat analysis group documents malicious AI use. Canada hasn't learned the lessons of the EU and the UK. AI chatbots may be far more addictive than social media. Project: Hail Mary now available to stream. An apparently-serious zero-point quantum vacuum energy source. A bit of listener feedback. OpenAI's & Microsoft's vulnerability discovery systems Show Notes - https://www.grc.com/sn/SN-1079-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free audio and video feeds, a members-only Discord, and exclusive content. Join today: https://twit.tv/clubtwit Sponsors: outsystems.com/twit hoxhunt.com/securitynow zscaler.com/security meter.com/securitynow canary.tools/twit - use code: TWIT joindeleteme.com/twit promo code TWIT

OpenAI, Microsoft, and Google are racing to unleash next-gen AI that hunts for software vulnerabilities and hacks at scale. This episode explores how these advancements could shake up everything we thought we knew about cybersecurity. Microsoft rethinks Edge's "intended behavior" after it gets press. Chaotic Eclipse hacker strikes again with a Bitlocker bypass. Google's threat analysis group documents malicious AI use. Canada hasn't learned the lessons of the EU and the UK. AI chatbots may be far more addictive than social media. Project: Hail Mary now available to stream. An apparently-serious zero-point quantum vacuum energy source. A bit of listener feedback. OpenAI's & Microsoft's vulnerability discovery systems Show Notes - https://www.grc.com/sn/SN-1079-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free audio and video feeds, a members-only Discord, and exclusive content. Join today: https://twit.tv/clubtwit Sponsors: outsystems.com/twit hoxhunt.com/securitynow zscaler.com/security meter.com/securitynow canary.tools/twit - use code: TWIT joindeleteme.com/twit promo code TWIT

Welcome to this week's episode of the PEBCAK Podcast!  We've got four amazing stories this week so sit back, relax, and keep being awesome!  Be sure to stick around for our Dad Joke of the Week. (DJOW) Follow us on Instagram @pebcakpodcast   Please share this podcast with someone you know!  It helps us grow the podcast and we really appreciate it!   Cyb3r Operations https://www.cyb3roperations.com/   https://www.bleepingcomputer.com/news/security/windows-bitlocker-zero-day-gives-access-to-protected-drives-poc-released/ https://www.tomshardware.com/tech-industry/cyber-security/microsoft-bitlocker-protected-drives-can-now-be-opened-with-just-some-files-on-a-usb-stick-yellowkey-zero-day-exploit-demonstrates-an-apparent-backdoor YellowKey Zero-Day: An unpatched BitLocker bypass dubbed "YellowKey" allows physical attackers to unlock encrypted Windows 11 and Server 2022/2025 drives using just a USB stick — no password or recovery key needed — and the frustrated researcher behind it is threatening more disclosures after Microsoft allegedly ignored previous reports. https://calmatters.org/economy/technology/2026/05/california-went-big-on-canvas-the-worst-happened/ https://databreaches.net/2026/05/08/one-size-does-not-fit-all-sometimes-victims-probably-should-pay-ransom/ https://www.bleepingcomputer.com/news/security/us-govt-seeks-instructure-testimony-on-massive-canvas-cyberattack/ Canvas Ransomware Attack: ShinyHunters breached education platform Canvas twice within a week, stealing data from an estimated 275 million users across nearly 9,000 institutions globally, disrupting final exams across California and beyond — and now the U.S. House Committee on Homeland Security is demanding Instructure executives testify, while analysts debate whether refusing to pay the initial ransom made the fallout far worse.    https://insider-gaming.com/forza-horizon-6-leak-drops-155-gb-content/ Forza Horizon 6 Leak: Playground Games accidentally uploaded the complete, unencrypted 155GB build of Forza Horizon 6 to Steam ten days before its May 19 release, making the full game available to pirates — and Playground has since issued lifetime bans to players who streamed the leaked footage.   https://www.rotowire.com/soccer/article/2026-world-cup-groups-full-group-by-group-preview-analysis-projections-and-dark-horses-100836 https://au.news.yahoo.com/head-knocks-ultra-violence-viral-231852371.html 2026 World Cup Preview: With the expanded 48-team tournament kicking off June 11 across the U.S., Canada, and Mexico, Spain, France, and England headline the favorites — but the new format means more upsets, more dark horses, and storylines ranging from Messi's likely final campaign to Iraq's return to the World Cup stage for the first time since 1986.   Dad Joke of the Week (DJOW)   Find the hosts on LinkedIn: Chris - https://www.linkedin.com/in/chlouie/ Brian - https://www.linkedin.com/in/briandeitch-sase/ Buck - https://www.linkedin.com/in/buck-rogers-9952446a/

This is a recap of the top 10 posts on Hacker News on May 17, 2026. This podcast was generated by wondercraft.ai (00:30): Mozilla to UK regulators: VPNs are essential privacy and security toolsOriginal post: https://news.ycombinator.com/item?id=48166459&utm_source=wondercraft_ai(02:00): Security researcher says Microsoft built a Bitlocker backdoor, releases exploitOriginal post: https://news.ycombinator.com/item?id=48168856&utm_source=wondercraft_ai(03:31): I don't think AI will make your processes go fasterOriginal post: https://news.ycombinator.com/item?id=48168221&utm_source=wondercraft_ai(05:02): At least 25 Flock cameras have been destroyed in five states since April 2025Original post: https://news.ycombinator.com/item?id=48170798&utm_source=wondercraft_ai(06:33): Native all the way, until you need textOriginal post: https://news.ycombinator.com/item?id=48168058&utm_source=wondercraft_ai(08:04): AI subscriptions are a ticking time bomb for enterpriseOriginal post: https://news.ycombinator.com/item?id=48168056&utm_source=wondercraft_ai(09:35): AI is a technology not a productOriginal post: https://news.ycombinator.com/item?id=48168626&utm_source=wondercraft_ai(11:06): Apple Silicon costs more than OpenRouterOriginal post: https://news.ycombinator.com/item?id=48168198&utm_source=wondercraft_ai(12:37): I turned a $80 RK3562 Android tablet into a Debian Linux workstationOriginal post: https://news.ycombinator.com/item?id=48168668&utm_source=wondercraft_ai(14:08): WHO declares Ebola outbreak a global health emergencyOriginal post: https://news.ycombinator.com/item?id=48168708&utm_source=wondercraft_aiThis is a third-party project, independent from HN and YC. Text and audio generated using AI, by wondercraft.ai. Create your own studio quality podcast with text as the only input in seconds at app.wondercraft.ai. Issues or feedback? We'd love to hear from you: team@wondercraft.ai

Elon Musk perde la causa contro OpenAI. Eric Schmidt fischiato all'università. La backdoor di Bitlocker. Bitwarden cancella la licenza gratuita. ChatGPT e il conto in banca. Recupera i bitcoin grazie a Claude AI. Queste e molte altre le notizie tech commentate nella puntata di questa settimana.Dallo studio distribuito di digitalia:Franco Solerio, Michele Di MaioProduttori esecutivi:Jose, Mario Giammona, Simone Podico, Marco Grechi, Jacopo Conti, Manuel Giannatempo, Calogero Augusta, Michelangelo Rocchetti, Andrea Guido, Vito Astone, Davide Tinti, Alessandro Morgantini, Daniele Bastianelli, Andrea Malesani, Silvio Mariuzzo, Fabio Brunelli, Jean Dal Bo, Gabriele Marinelli, Enrico, Fiorenzo Pilla, Luca Ubiali, Umberto Marcello, Alessio Ferrara, Edoardo Volpi Kellerman, Beconsulting, Ivan, Cristian De Solda, Donato Gravino, Enrico Carangi, Giorgio Puglisi, Emanuele Libori, Davide Porta, Paolo Tegoni, Denis Grosso, Paolo Bernardini, Vincenzo Ingenito, Nicola Grilli, Andrea Giovacchini, Carlo Tomas, Riccardo Famà, Manuel Zavatta, Cristian Pastori, Diego Arati, Andrea Picotti, Mario Cervai, Giuliano ArcinottiSponsor:Squarespace.com - utilizzate il codice coupon "DIGITALIA" per avere il 10% di sconto sul costo del primo acquisto.Links:Elon Musk loses court battle against Sam Altman and OpenAIFabricated citations: an audit across 25 million biomedical papersLIA non ha rotto la scienza. Lha smascherataSecurity researcher says MS secretly built a backdoor into BitLockerBitwarden scrubs 'Always free' from its websiteConcerns Over Bitwarden Moving Away from Open SourceI see 1Password is stepping on the rake againWhat we learned using AI agents to refactor a monolithFBI remotely scrubs Russian malware from compromised devicesChatGPT Wants Access to Your Bank AccountOpenAI now wants ChatGPT to access your bank accountsOpenAI seals deal in Malta to give all Maltese access to ChatGPT PlusDigitalia DistillataChatbots at the drive-thru are just the beginningAI vigilante trap snares alleged paedophile ex-teacher in FranceAnthropic blames dystopian sci-fi for training AI models to act evilBitcoin trader recovers $400,000 using Claude AIGoogle's Android-powered laptops are called GooglebooksWill I be OK? Teen died after ChatGPT pushed deadly mix of drugsThe funniest thing about the Trump arcade game is how good it isTeam America: World Police Theme SongGingilli del giorno:Pro-level travel tips - consigli per i viaggi per geekPaperless AI Assist - automatizza Paperless-ngx con l'AISupporta Digitalia, diventa produttore esecutivo.

Bitlocker may not be as locked as we thought!, AI Note takers for you Dr visit is screwing up 60% of the time! Caller wants a new laptop, Whatnot seller but keeps buffering, Flashdrive issues write protection, Proton VPN/Mail accounts,

Proxying the Unproxyable? Sending EXE traffic to a Proxy https://isc.sans.edu/diary/Proxying%20the%20Unproxyable%3F%20Sending%20EXE%20traffic%20to%20a%20Proxy/32982 New Nightmare Eclipse Vulnerabilities Disclosed https://github.com/Nightmare-Eclipse/YellowKey https://github.com/Nightmare-Eclipse/GreenPlasma Adobe Patches https://helpx.adobe.com/security.html

Foxconn confirms North American factory attack BitLocker zero-day accesses protected drives MDASH patches 16 Windows flaws Get the show notes here: https://cisoseries.com/cybersecurity-news-foxconn-factory-attacks-bitlocker-zero-day-accesses-protected-drives-mdash-patches-windows-flaws/↗ Huge thanks to our episode sponsor, Doppel  Social engineering attacks look trustworthy — a routine request, an internal email, a familiar face on a call.   But Doppel sees through the disguise. Our AI-native platform detects and disrupts attacks across every channel, while training employees to recognize deepfakes and deception.   We fight relentlessly to protect your business, brand, and people.   Doppel. Outpacing what's next in social engineering.   Learn more at doppel.com.  

The episode identifies a structural shift in the evaluation and deployment of AI within organizations: decision-making is now driven by governance, control, and auditability rather than by features or capabilities of AI tools. This mechanism is anchored in the need for defendable practices amidst heightened scrutiny from institutions, regulators, and insurers. The change is observable in companies such as Anthropic and OpenAI, as well as in regulatory and procurement activities tracked by outlets like The New York Times and Business Insider, signaling that market adoption is tightly coupled to liability, enforcement, and institutional risk visibility. A primary area of evidence is cybersecurity, where state-sponsored attackers have leveraged AI to automate infiltration attempts, according to reporting on Anthropic's disclosures concerning Chinese actors targeting dozens of companies and agencies. The same sources note that Anthropic's AI identified over 500 previously unknown zero-day vulnerabilities in open-source software, demonstrating increased operational tempo and automation on both sides of the cybersecurity equation. In procurement, declining app download metrics for Claude, following its involvement in U.S. security policy narratives, showcase how reputational and geopolitical risk can quickly alter adoption patterns. Additional developments reinforce this trend. Machine learning conferences have systematically audited and penalized the use of AI-generated peer review, leading to hundreds of paper rejections and mass article retractions, according to Semaphore and Nature. On the hardware front, HP, AMD, and Intel are collaborating to address BitLocker vulnerabilities via an industry standard rather than proprietary features, illustrating how vendors are responding to systemic risk through structural controls and standards. Channelholic's references to workforce limitations underscore that automation's workload cannot be absorbed by labor alone. For MSPs and IT service providers, these developments mean the core value proposition shifts from offering AI tools to governing their use, ensuring full documentation, traceability, and defensibility. Failure to treat this as a governance issue leads to underpricing, overlooked controls, and transfer of liability for autonomously executed actions. Providers must now develop acceptable use policies, audit AI agent activity logs, and systematically vet vendors on audit trail, policy, and breach notification—otherwise risking exclusion from regulated deals and exposure to contractual and compliance penalties. 00:00 The Visibility Problem 03:45 Platform Lock-In 06:30 Governed or Liable 09:35 Why Do We Care?  Supported by:  CometBackUp and TimeZest

professorjrod@gmail.comChoosing the right Windows edition is a critical decision in technology education and IT skills development. In this episode, we explore the differences between Windows Home, Pro, Enterprise, and Education editions — explaining why a seemingly simple choice can affect your ability to join domains, enforce security policies, and manage devices remotely. Whether you're prepping for CompTIA exams or looking to deepen your tech expertise, understanding Windows editions will save you from months of troubleshooting and rework. Join us as we break down these essentials to boost your tech exam prep and workplace efficiency.I explain what each edition is built to do and what it cannot do, using practical scenarios that match how IT support and small businesses actually operate. We hit the features that matter when you need centralized management and security: domain join, Group Policy, Remote Desktop, BitLocker encryption, enterprise deployment, and volume licensing. If you're studying for CompTIA A+ or supporting real users, you'll hear the exam clues and the technician mindset that separates “it boots” from “it's built right.”Then we shift into the architecture choices that cause the sneakiest performance problems: 32-bit vs 64-bit Windows. We break down the 4GB RAM limit, why a modern PC can feel mysteriously slow even with plenty of memory installed, and the compatibility rules for running 32-bit and 64-bit apps. I also cover Windows N editions and why missing media features can be about EU regulations, plus the key rule that an architecture change from 32-bit to 64-bit requires a clean install and proper backups.If you've ever wondered why one Windows install feels effortless and another becomes a constant support headache, this is the blueprint. Subscribe, share this with a friend who is setting up a new PC, and leave a review if it helps, then reply with what you're running right now: Home, Pro, or something else?Support the showArt By Sarah/DesmondMusic by Joakim KarudLittle chacha ProductionsJuan Rodriguez can be reached atTikTok @ProfessorJrodProfessorJRod@gmail.com@Prof_JRodInstagram ProfessorJRod

Join The Full Nerd gang as they talk about the latest PC building news. In this episode the gang is joined by Certified Ethical Hacker (CEH) Mike Danseglio to talk about the Intel Core Ultra 7 270K Plus reviews, Microsoft's promise to improve Windows 11, a deep dive into Bitlocker with the person who created BitLocker, and more. And of course we answer questions live! Links: - 270K Plus review: https://www.pcworld.com/article/3095697/intel-core-ultra-7-270k-plus-5-key-things-to-know.html - Windows 11 pledge: https://www.pcworld.com/article/3093997/windows-11-reset-microsoft-pledges-more-speed-stability-and-control.html - Copilot scaling back: https://www.pcworld.com/article/3094059/microsoft-says-windows-11-will-get-faster-as-it-scales-back-copilot.html Join the PC related discussions and ask us questions on Discord: https://discord.gg/UWhjwg778a Follow the crew on X and Bluesky: @AdamPMurray @BradChacos @MorphingBall @WillSmith ============= Read PCWorld! Website: http://www.pcworld.com Newsletter: http://www.pcworld.com/newsletters/signup ============= Learn more about your ad choices. Visit megaphone.fm/adchoices

Author caught using AI to publish a book that was 78 percent AI generated, Water Company Startup used AI to make an engineering decision that turned out incorrect at scale, JP Morgan using Bossware to make sure their Jr Bankers don't work too hard, BitLocker turned on without my awareness so now what? Slow Chrome on a site vs other browsers, Dumpster Laptop is still not working, How can they tell the content is AI generated?

Microsoft quietly hands over BitLocker keys to the government, TikTok's new privacy terms spark a user panic, and Europe's secret tech backups reveal anxious prep for digital fallout. Plus, how gambling platforms are changing the future of news and sports. You can bet on how much snow will fall in New York City this weekend Europe Prepares for a Nightmare Scenario: The U.S. Blocking Access to Tech China, US sign off on TikTok US spinoff TikTok users freak out over app's 'immigration status' collection -- here's what it means Elon Musk's Grok A.I. Chatbot Made Millions of Sexualized Images, New Estimates Show Microsoft Gave FBI Keys To Unlock Encrypted Data, Exposing Major Privacy Flaw - Forbes House of Lords votes to ban social media for Brits under 16 Overrun with AI slop, cURL scraps bug bounties to ensure "intact mental health" Route leak incident on January 22, 2026 149 Million Usernames and Passwords Exposed by Unsecured Database Millions of people imperiled through sign-in links sent by SMS Anthropic revises Claude's 'Constitution,' and hints at chatbot consciousness The new Siri chatbot may run on Google servers, not Apple's A Wikipedia Group Made a Guide to Detect AI Writing. Now a Plug-In Uses It to 'Humanize' Chatbots GitHub - anthropics/original_performance_takehome: Anthropic's original performance take-home, now open for you to try! Telly's "free" ad-based TVs make notable revenue—when they're actually delivered - Ars Technica Toilet Maker Toto's Shares Get Unlikely Boost From AI Rush - Slashdot Dr. Gladys West, whose mathematical models inspired GPS, dies at 95 Host: Leo Laporte Guests: Alex Stamos, Doc Rock, and Patrick Beja Download or subscribe to This Week in Tech at https://twit.tv/shows/this-week-in-tech Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free audio and video feeds, a members-only Discord, and exclusive content. Join today: https://twit.tv/clubtwit Sponsors: threatlocker.com/twit meter.com/twit redis.io expressvpn.com/twit shopify.com/twit

Microsoft granted the FBI access to laptops encrypted with BitLocker. The EU opens an investigation into Grok's creation of sexually explicit images. Glimmers of access pierce Iran's internet blackout. Koi Security warns npm fixes fall short against PackageGate exploits. Some Windows 11 devices fail to boot after installing the January Patch Tuesday updates. CISA warns of active exploitation of  multiple vulnerabilities across widely used enterprise and developer software. ESET researchers have attributed the cyberattack on Poland's energy sector to Russia's Sandworm. This week's business breakdown. Brandon Karpf joins us to talk space and cyber. CISA sits out RSAC.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Our guest today is cybersecurity executive and friend of the show Brandon Karpf with Dave Bittner and T-Minus Space Daily host Maria Varmazis, for our monthly space and cyber segment. Brandon, Maria and Dave discuss “No more free rides: it's time to pay for space safety.” Selected Reading FBI Accessed Windows Laptops After Microsoft Shared BitLocker Recovery Keys (Hackread) European Commission opens new investigation into X's Grok (The Register) Amid Two-Week Internet Blackout, Some Iranians Are Getting Back Online (New York Times) Hackers can bypass npm's Shai-Hulud defenses via Git dependencies (Bleeping Computer) Microsoft investigates Windows 11 boot failures after January updates (Bleeping Computer) CISA says critical VMware RCE flaw now actively exploited (Bleeping Computer) CISA confirms active exploitation of four enterprise software bugs (Bleeping Computer) ESET Research: Sandworm behind cyberattack on Poland's power grid in late 2025 (ESET)  Aikido secures $60 million in Series B funding. (N2K Pro Business Briefing) CISA won't attend infosec industry's biggest conference (The Register) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.   Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices