In the Security News:

• Claude leaks source code and new models
• Two really smart people say AI is finding vulnerabilities better than ever
• Windows is using your internet to send updates to strangers
• BIG-IP APM vulnerability - all you need to know
• Linux KVM for the win
• The bus factor and open source
• Axios supply chain breach
• Trimming Grub
• Depotting and hacking e-Motorcycles
• Trivy and Cisco source code leaks
• The FCC ban and What is a router?

Visit https://www.securityweekly.com/psw for all the latest episodes!

Show Notes: https://securityweekly.com/psw-920

In this segment, we will explore some pretty awesome tools for scanning the Internet, with a focus on network edge devices. We'll bring it all together with Claude Code and look at some sample results. Tools include:

• Shodan | Passive recon — query existing scan data for exposed devices, services, and vulns | Passive (API) | Instant (no packets sent)
• ZMap | Host discovery — find live hosts with open ports | L4 (TCP SYN, UDP, ICMP) | Millions of packets/sec
• ZGrab2 | Application-layer handshakes — grab banners, certs, headers | L7 (30+ protocol modules) | Thousands of hosts/sec
• Nerva | Service fingerprinting — identify 140+ protocols with metadata, CPEs, technology stacks | L7 (TCP, UDP, SCTP) | Fast, concurrent
• Nuclei | Template-based vulnerability scanning — default creds, exposed panels, known CVEs | L7 (HTTP, network) | Hundreds of targets/min
• Shannon | Vulnerability exploitation — AI-powered whitebox pentesting of web apps | Application | ~1-1.5 hrs per target
• edgescan.py | Automated pipeline — orchestrates all tools above into a single command | Orchestration | End-to-end

Visit https://www.securityweekly.com/psw for all the latest episodes!

Show Notes: https://securityweekly.com/psw-919

In this episode, we sit down with the Radare community leader, Pancake, the creator of the Radare2 reverse engineering framework. Whether you’ve never heard of Radare, already use it daily, or are thinking about contributing to its development, this conversation will demystify what makes Radare unique, why thousands of engineers rely on it, and how you can step into the community.

This segment is sponsored by NowSecure. Discover how AI-powered mobile app security testing finds hidden vulns and leaks at https://securityweekly.com/nowsecure.

In the security news:

• The US national cyber strategy
• in the category of dumb laws and 3d printing guns
• Iranian threat analysis
• ESP32 Bus Pirate gets some amazing updates
• I can reset the admin password
• Rick-rolling yourself
• Chrome 0days
• Re-purposing those old Ubiquiti cloud keys
• The new TLS certificate lifecycle
• A Flipper Zero add-on and news on the FlipperOne
• glassword malware
• Do you care about exploits or patching?
• attacking nuclear research centers
• how we uncovered 9 vulnerabilities in IP KVMs
• and hacking your laundry card with Claude

Visit https://www.securityweekly.com/psw for all the latest episodes!

Show Notes: https://securityweekly.com/psw-918