How secure are your Chrome extensions and certificate signings really? This episode pulls back the curtain on a massive spyware discovery and exposes the convoluted hoops developers must jump through to prove their identity in 2026.
Websites can place high demands upon limited CPU resources.
Microsoft appears to back away from its security commitment.
What's Windows 11 26H1 and where do I get it.
Chrome 145 brings Device Bound Session Credentials.
More countries are moving to ban underage social media use.
The return of Roskomnadzor.
Discord to require proof of adulthood for adult content.
Might you still be using WinRAR 7.12 -- I was.
Paragon's Graphite can definitely spy on all instant messaging.
30 malicious Chrome Extensions.
287 Chrome extensions from spying on 37.4 million users.
The first malicious Outlook add-in steals 4000 user's credentials.
Some AI "vibe" coding thoughts.
What I just went through to obtain a new code signing certificate
Show Notes - https://www.grc.com/sn/SN-1065-Notes.pdf
Hosts: Steve Gibson and Leo Laporte
Download or subscribe to Security Now at https://twit.tv/shows/security-now.
You can submit a question to Security Now at the GRC Feedback Page.
For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.
Join Club TWiT for Ad-Free Podcasts!
Support what you love and get ad-free audio and video feeds, a members-only Discord, and exclusive content. Join today: https://twit.tv/clubtwit
Sponsors:
canary.tools/twit - use code: TWIT
joindeleteme.com/twit promo code TWIT
meter.com/securitynow
zscaler.com/security
hoxhunt.com/securitynow