Cisco's routers just exposed more than two million networks thanks to a "security optional" SNMP setup that's being actively exploited—Steve and Leo break down why this is a worst-case scenario for the industry and how easily it could have been avoided.

• Gmail's spam filtering false-positive spree.
• iOS 26's Safari randomizes its fingerprint by default.
• Cisco's SNMP stands for "Security Not My Problem".
• Windows' "stuck" Extended Security Updates (ESU).
• Europe complains, gets 1-year of ESU with no strings.
• Where to get $6 TLS certs (really) while they last.
• The lessons to learn from Jaguar Land Rover's mess.
• The NEON app: get paid to have your voice recorded.
• Bluesky's age verification, now coming to Ohio.
• What is "Kids Web Services" for age verification.
• More than 10K Ollama instances publicly exposed.
• GRC's DNS Benchmark reaches "release candidate"

Show Notes - https://www.grc.com/sn/SN-1045-Notes.pdf

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to Security Now at https://twit.tv/shows/security-now.

You can submit a question to Security Now at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Join Club TWiT for Ad-Free Podcasts!
Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit

Sponsors:

• vanta.com/SECURITYNOW
• 1password.com/securitynow
• Melissa.com/twit
• threatlocker.com/twit
• zapier.com/twit

• Consumer Reports on Windows 10 updates.
• Waste (not fraud or abuse) within DoD Cyberoperations.
• China's DeepSeek produces deliberately flawed code.
• WebAssembly v3.0 officially released.
• Firefox v143 updates and new features.
• Firefox for Android now offers DoH.
• A nearly terminal flaw in Microsoft's Entra ID.
• Chrome hits its 6th 0-day this year. Emergency update.
• DRAM (now DDR5) still vulnerable to RowHammer.
• SAMSUNG kitchen refrigerators begin showing ads.
• China says no to NVIDIA.
• 300 more (new) NPM maliciouspackages found and removed.
• The EU is already testing proper online age verification.

Show Notes - https://www.grc.com/sn/SN-1044-Notes.pdf

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to Security Now at https://twit.tv/shows/security-now.

You can submit a question to Security Now at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Join Club TWiT for Ad-Free Podcasts!
Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit

Sponsors:

• bigid.com/securitynow
• go.acronis.com/twit
• zscaler.com/security
• 1password.com/securitynow
• hoxhunt.com/securitynow

Apple just rewrote the rules of device security with a chip-level upgrade that could wipe out most iPhone vulnerabilities overnight. Find out how "memory integrity enforcement" aims to make exploits a thing of the past—and why it took half a decade to pull off.

• Are Bitcoin ATMs anything more than scamming terminals.
• Ransomware hits the Uvalde school district and Jaguar.
• Did "Scattered LapSus Hunters" just throw in the towel.
• Germany, for one, to vote "no" on Chat Control.
• Russia's new MAX messenger has startup troubles.
• Samsung follows Apple's WhatsApp patch chain.
• Shocker: UK school hacks are mostly by students.
• HackerOne was hacked.
• Connected washing machines in Amsterdam hacked.
• DDoS breaks another record.
• Bluesky to implement conditional age verification.
• Enforcement actions for Global Privacy Control.
• Might Apple have finally beaten vulnerabilities

Show Notes - https://www.grc.com/sn/SN-1043-Notes.pdf

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to Security Now at https://twit.tv/shows/security-now.

You can submit a question to Security Now at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Join Club TWiT for Ad-Free Podcasts!
Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit

Sponsors:

• joindeleteme.com/twit promo code TWIT
• vanta.com/SECURITYNOW
• threatlocker.com for Security Now
• bitwarden.com/twit
• Melissa.com/twit