Cams, Gelbwurst, Chrome, SCCM, CVES, SSHStalker, RAM, TikTok, Josh Marpet, and More on this episode of the Security Weekly News.

Visit https://www.securityweekly.com/swn for all the latest episodes!

Show Notes: https://securityweekly.com/swn-555

In the security news:

• Viral AI prompts
• Things to do in your home security lab
• I can open your garage door
• They call me DKnife
• Beyondtrust RCE
• Cool AI device
• Robots need your body
• Meta is just full of scams, phishing, and malware
• Claude Opus 4.6 found more than 500 high-severity vulnerabilities
• Arista next gen firewalls and command injection
• Secure Boot updates
• The RCE AMD won't fix and why the article went away
• End of support means get it off the network
• Accidentally giving away $44 billion of Bitcoin

Visit https://www.securityweekly.com/psw for all the latest episodes!

Show Notes: https://securityweekly.com/psw-913

Quantum security has gone from being a theoretical idea filed away for some unknown future date to an urgent requirement driven by quantum computing advances and government and industry guidance. The thought of nation-state adversaries with a quantum computer that can conduct harvest-now-decrypt later attacks and forge digital signatures makes the threat more real than ever to executives, who have started to ask security leaders, "Are we quantum safe?"

With Q-day estimates now within 10 years and moving ever closer — and with NIST deprecating existing asymmetric algorithm support in 2030 (and disallowing it entirely by 2035), as well as the increasing nation-state threat — what should security leaders be doing now?

Sandy Carielli, VP, Principal Analyst at Forrester Research, joins Business Security Weekly to discuss why technology leaders must work together to prepare for Q-Day. Addressing quantum security requirements is not just a job for the security team. Security, infrastructure, development, emerging tech, risk, and procurement have roles to play in executing a holistic quantum security strategy. Sandy will cover their report, which security leaders should use, to gain executive buy-in and build and execute a quantum security migration plan with stakeholders across the organization.

Segment Resources: https://www.forrester.com/report/technology-leaders-must-work-together-to-prepare-for-q-day/RES191420 https://www.forrester.com/blogs/create-a-cross-functional-q-day-team-or-suffer-a-hard-days-night/

In the leadership and communications segment, The Cybersecurity Reckoning: How CISOs Are Preparing for an Era of AI-Driven Threats and Quantum Disruption, Should I stay or should I go?, Are Legacy Metrics Derailing Your Transformation?, and more!

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Show Notes: https://securityweekly.com/bsw-434

Idoru, Singapore, Gambling, Smartertools, Ivanti, ZeroDayRat, Twiki, Aaran Leyland, and More on the Security Weekly News.

Visit https://www.securityweekly.com/swn for all the latest episodes!

Show Notes: https://securityweekly.com/swn-554

When it comes to agents and MCPs, the interesting security discussion isn't that they need strong authentication and authorization, but what that authn/z story should look like, where does it get implemented, and who implements it. Dan Moore shares the useful parallels in securing APIs that should be brought into the world of MCPs -- especially because so many are still interacting with APIs.

Resources

• https://stackoverflow.blog/2026/01/21/is-that-allowed-authentication-and-authorization-in-model-context-protocol/
• https://fusionauth.io/articles/identity-basics/authorization-models

Visit https://www.securityweekly.com/asw for all the latest episodes!

Show Notes: https://securityweekly.com/asw-369

"Clickfix" attacks aren't new, but they're certainly more common these days. Rob Allen joins us to help us understand what they are, why they work on your employees, and how to stop them! We tie it into infostealers and ransomware actors. Plenty of practical recommendations for how to spot and prevent these attacks in your environment, don't miss it!

This segment is sponsored by ThreatLocker. Visit https://securityweekly.com/threatlocker to learn more about them!

Threatlocker's 6th annual Zero Trust World event is happening next month! This three day event runs from March 4th through the 6th once again in sunny Orlando, Florida.

This year's event is packed with hands-on hacking workshops, competitions, prizes, and keynotes from Marcus Hutchins, and Linus and Luke from Linus Tech Tips. Security Weekly will be there as well, doing live interviews and recording an episode of ESW live!

This segment is sponsored by ThreatLocker's annual Zero Trust World. Visit https://securityweekly.com/ztw to learn more about the conference and register with discount code ZTW26ESW!

For this week's enterprise news, we discuss

1. OpenClaw!
2. funding!
3. acquisitions!
4. testing out AI models' offensive security capabilities
5. more openclaw!
6. the need for more transparency and testing in the vendor space
7. A photobooth service leaks drunken pictures of wedding parties
8. The salty snack that helps server uptime

All that and more, on this episode of Enterprise Security Weekly.

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://securityweekly.com/esw-445

The smell of victory, Bongo Fury, Sysmon, Antiques, Looker, Openclaw, Kimwolf, Josh Marpet, and More on this episode of the Security Weekly News.

Visit https://www.securityweekly.com/swn for all the latest episodes!

Show Notes: https://securityweekly.com/swn-553

In the security news this week:

• Residential proxy abuse is everywhere this week: from Google's takedown of IPIDEA to massive Citrix NetScaler scanning and the Badbox 2.0 botnet
• Supply chain fun time: Notepad++ updates were hijacked
• Attackers set their sights on: Ivanti EPMM, Dell Unity storage, Fortinet VPNs/firewalls, and ASUSTOR NAS devices
• Russian state hackers went after Poland's grid
• Is ICE on a surveillance shopping spree and into hacking anti-ICE apps?
• Ukraine's war-time Starlink problem is turning into a policy and controls experiment
• The AI security theme is alive and well with exposed LLM endpoints, OpenClaw/Moltbot/Moltbook fiasco, and letting anyone hijack agents
• Signed forensic driver for Windows is still an EDR killer
• The Trump administration's rollback of software security attestation
• National Cyber Director Sean Cairncross says: "less regulation, more cooperation."
• Finally, there are some "only in infosec" human stories: * pen testers arrested in Iowa now getting a settlement, * a Google engineer convicted over stolen AI IP, * Booz Allen losing Treasury work over intentional insider leaks, * and an "AI psychosis" saga at an adult-content platform.

Visit https://www.securityweekly.com/psw for all the latest episodes!

Show Notes: https://securityweekly.com/psw-912