SN 1067: KongTuke's CrashFix - Click, Paste, Pwned

A crafty new breed of social engineering attack is tricking users into launching malware straight from their clipboard, exposing a fresh vulnerability in Windows that even tech pros could fall for. Leo Laporte and Steve Gibson break down how the latest ClickFix and CrashFix exploits are outsmarting traditional defenses.

• The lowdown on last week's "no turn" picture of the week. • Is an AI-driven hacking campaign a big deal now. • Clause used in multiple Mexican government attacks. • Apple continues to be confronted with age restrictions. • COPPA needs an exception to allow age collection. • Meta swamps law enforcement with AI-slop CSAM reports. • Roskomnadzor has been busy blocking VPNs. Guess how many. • The UK tries to report their self-scanning success. • Remember that hacker who extorted the psychotherapy patients. • Scattered Lapsus$ Hunters is actively recruiting women. • Cisco lands another breathtakingly rare 10.0 CVSS. • VulnCheck's report on 2025 vulnerabilities and exploits. • Steve discovers a fabulous $72 Hardware Security Module. • A listener shares an interesting AI service discovery. • The very potent "ClickFix" exploit evolves

Show Notes - https://www.grc.com/sn/SN-1067-Notes.pdf

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to Security Now at https://twit.tv/shows/security-now.

You can submit a question to Security Now at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free audio and video feeds, a members-only Discord, and exclusive content. Join today: https://twit.tv/clubtwit

Sponsors:

meter.com/securitynow guardsquare.com threatlocker.com/twit adaptivesecurity.com outsystems.com/twit