FCC, Github, MiniShai-hulud, Stated of Supply Chain, Itron, CRA, NIS2, and more!! - PSW #927
Show notes
In the security news this week:
- FCC router bans and the hidden firmware update problem
- Why extending support timelines actually improves security
- Github supply chain concerns and the evolving SBOM ecosystem
- CRA and NIS2 compliance deadlines are getting very real
- The EU Cyber Resilience Act's 24-hour vulnerability disclosure requirement
- Security regulation: vertical vs horizontal compliance models
- Vehicle-to-load EV systems powering homes during outages
- Solar, batteries, AI farms, and the future economics of electricity
- Data centers consuming regional power grids
- BitLocker "Yellow Key" fallout and large-scale remediation challenges
- AI-generated PowerShell fixes and the rise of vibe scripting
- Linux kernel exploits, module jail, and default deny strategies
- Medical biometric data theft and why fingerprints are terrible passwords
- Interpol cybercrime operations across the MENA region
- OT security, connected vehicles, and accepting real-world risk
The crew also discusses threat intelligence obligations under the CRA, the operational realities of patching at enterprise scale, the economics of secure-by-default systems, and why making security cheaper than insecurity might finally move the industry forward.
Visit https://www.securityweekly.com/psw for all the latest episodes!
Show Notes: https://securityweekly.com/psw-927