email subscriptions
Click Here – for GRC's new DNS Benchmark v2 !!





Our weekly audio security column
& podcast by Steve Gibson and Leo Laporte
TechTV's Leo Laporte and I spend somewhat shy of two hours each week to discuss important issues of personal computer security. Sometimes we'll discuss something that just happened. Sometimes we'll talk about long-standing problems, concerns, or solutions. Either way, every week we endeavor to produce something interesting and important for every personal computer user.

SteveAndLeoAsPicardAndRiker
(This was not our idea. It was created by a fan of the podcast using GIMP (similar to
Photoshop). But as a work of extreme image manipulation, it came out surprisingly well.)

 You may download and listen to selected episodes from this page (see below), or subscribe to the ongoing series as an RSS "podcast" to have them automatically downloaded to you as they are produced. To subscribe, use whichever service you prefer . . .

 Click here to subscribe and receive a podcast summary and show notes link before each new episode is recorded.

 Send us your feedback: Registering your email address with us, even if you choose not to subscribe, will enable you to send email to the “Security Now” email.

 Leo also produces "This Week in Tech" (TWiT) and a number of other very popular podcasts. So if you are looking for more informed technology talk, be sure to check out Leo's other podcasts and mp3 files.





Episode Archive

Each episode has SIX resources:

High quality 64 kbps mp3 audio file
Quarter size, bandwidth-conserving,
16 kbps (lower quality) mp3 audio file
A PDF file containing Steve's show notes
A web page text transcript of the episode
A simple text transcript of the episode
Ready-to-print PDF (Acrobat) transcript  

(Note that the text transcripts will appear a few hours later
than the audio files since they are created afterwards.)

For best results: RIGHT-CLICK on one of the two audio icons & below then choose "Save Target As..." to download the audio file to your computer before starting to listen. For the other resources you can either LEFT-CLICK to open in your browser or RIGHT-CLICK to save the resource to your computer.

You can receive a weekly show summary, notes and
picture of the week the evening before the podcast!
 
(Every email sent contains an instant unsubscribe.)
Click HERE to see a sample weekly email.


Episode #1066 | 24 Feb 2026 | ... min.
Password Leakage

• CA's warn us to urgently prepare for the inevitable. • Three U.S. states attempt to ban 3D printed firearms. • Denied ransom, ShinyHunters leaks 967,000 personal details. • "Billions" of U.S. social security numbers leaked. • Is Apple planning to add cameras to three new gadgets. • No more security fixes for Firefox on Windows 7 & 8. • Russia blocks the official Linux kernel site they need. • Will the U.S."freedom.gov" site post EU blocked content. • LLM's will offer secure passwords. Do Not Use Them. • As predicted, the "ClickFix" attack strategy takes over. • A listener believes his computer is compromised. • How could three popular password managers get things wrong.
 365 KB   <-- Show Notes

Episode #1065 | 17 Feb 2026 | 134 min.
Attestation

• Websites can place high demands upon limited CPU resources. • Microsoft appears to back away from its security commitment. • What's Windows 11 26H1 and where do I get it. • Chrome 145 brings Device Bound Session Credentials. • More countries are moving to ban underage social media use. • The return of Roskomnadzor. • Discord to require proof of adulthood for adult content. • Might you still be using WinRAR 7.12 -- I was. • Paragon's Graphite can definitely spy on all instant messaging. • 30 malicious Chrome Extensions. • 287 Chrome extensions from spying on 37.4 million users. • The first malicious Outlook add-in steals 4000 user's credentials. • Some AI "vibe" coding thoughts. • What I just went through to obtain a new code signing certificate.
65 MB 16 MB  244 KB   <-- Show Notes 136 KB 103 KB 329 KB

Episode #1064 | 10 Feb 2026 | 139 min.
Least Privilege

• How is the EU's GDPR fine collection going. • Western democracies are getting serious about offensive cybercrime. • The powerful cyber component of the Midnight Hammer operation. • Signs of psychological dependence upon OpenAI's GPT-4o chatbot. • CISA orders government agencies to unplug end-of-support devices. • How to keep Windows from annoying us after an upgrade. • What is OpenClaw, how safe is it to use, what does it mean. • Another listener uses AI to completely code an app. • Coinbase suffers another insider breach. What can be done.
67 MB 17 MB  252 KB   <-- Show Notes 171 KB 115 KB 366 KB

Episode #1063 | 03 Feb 2026 | 150 min.
Mongo's Too Easy

• An anti-virus system infects its own users. • Apple's next iOS release “fuzzes” cellular locations. • cURL discontinues bug bounties under bogus AI flood. • AI discovers and fixes 15 CVE-worthy 0-days in OpenSSL. • Ireland did NOT already pass their spying legislation. • AI irreversibly deletes all project files. Says it's sorry. • Windows has a serious global clipboard security problem. • ISPs have the ability to monetize their subscriber's identities. • MongoDB has lowered the hacking skill level bar to the floor.
72 MB 18 MB  286 KB   <-- Show Notes 187 KB 121 KB 398 KB

Episode #1062 | 27 Jan 2026 | 147 min.
VoidLink: AI-Generated Malware

• CISA's uncertain future remains quite worrisome. • Worrisome is Ireland's new "lawful" interception law. • The EU's Digital Rights organization pushes back. • Microsoft acknowledges it turns over user encryption keys. • Alex Neihaus on AI enterprise usage dangers. • Gavin confesses he put a database on the Internet. • Worries about a massive podcast rewinding backlog. • What does the emergence of AI-generated malware portend?
70 MB 18 MB  216 KB   <-- Show Notes 171 KB 118 KB 372 KB

Episode #1061 | 20 Jan 2026 | 134 min.
More GhostPoster

• RAM pricing to affect enterprise firewall equipment. • Anthropic provides sizeable support to Python Foundation. • The FTC clamps down on GM's secret sale of driving data. • “ANCHOR” replaces “CIPAC” for industry-government sharing. • Germany planning to legislate total access to global data. • Grubhub becomes the latest ShinyHunters extortion victim. • Let's Encrypt's 6-Day certs are available to everyone. • Iran planning to permanently take itself off the Internet. • HD Tune before and after a SpinRite Level 3 refresh. • Some great listener feedback, and • More trouble from GhostPoster malicious browser extensions.
64 MB 16 MB  475 KB   <-- Show Notes 170 KB 108 KB 360 KB

Episode #1060 | 13 Jan 2026 | 147 min.
3-Day Certificates

• A look at Microsoft's Azure cloud code signing. • California implements DROP, global data broker opt-out. • Where's the town of “Whata Bod” Idaho. • iOS built-in Mail app worked itself out of a job. • A 30-minute tutorial for non-coders about AI coding. • Claude Code appears to be winning over the AI coding world. • Various listener musings on code signing. • A bit of Magnesium feedback. • What use are 3-day code signing certs?
71 MB 18 MB  437 KB   <-- Show Notes 182 KB 121 KB 392 KB

Episode #1059 | 06 Jan 2026 | 171 min.
MongoBleed

• Code-signing certificate lifetimes shortened by two years. • Sadly, ChatGPT is heading toward an advertising profit model. • The Python Package Index is strengthening its security. • BitLocker gets hardware acceleration, but not today. • New York City's mayoral inauguration banned Raspberry Pi's. • An astonishingly good British time travel series. • A critical link between Vitamin D and Magnesium. • A look inside the very bad MongoBleed vulnerability.
82 MB 20 MB  454 KB   <-- Show Notes 224 KB 137 KB 455 KB
Past Years Archives

• Current Podcast Page
• Security Now 2025
• Security Now 2024
• Security Now 2023
• Security Now 2022
• Security Now 2021
• Security Now 2020
• Security Now 2019
• Security Now 2018
• Security Now 2017
• Security Now 2016
• Security Now 2015
• Security Now 2014
• Security Now 2013
• Security Now 2012
• Security Now 2011
• Security Now 2010
• Security Now 2009
• Security Now 2008
• Security Now 2007
• Security Now 2006
• Security Now 2005


Jump to top of page
Gibson Research Corporation is owned and operated by Steve Gibson.  The contents
of this page are Copyright (c) 2026 Gibson Research Corporation. SpinRite, ShieldsUP,
NanoProbe, and any other indicated trademarks are registered trademarks of Gibson
Research Corporation, Laguna Hills, CA, USA. GRC's web and customer privacy policy.
Jump to top of page

Last Edit: Feb 23, 2026 at 11:26 (0.29 days ago)Viewed 798 times per day