Mostly Security Podcast

Mostly Security Podcast

@mostlysecurity.com

Mostly Security is a podcast about security (mostly). We chat about what's going on around us, things we find interesting, and other random stuff.

172 Followers 23 Following 214 Posts Joined Nov 2024
Posts Following
1 week ago
Preview
Mostly Security: 430: Weakest Airport Eric goes hiking and Jon gets his Eufy. AI assisted breaches faster than ever, and Anthropic struggles to expand server capacity. Fun playing with materials in a web Sandbox (sandvox?) and an image of 3I that took a while to download. 0:00 - Introduction 11:28 - 16:40 - 23:51 - 27:23 -

Episode 430: Weakest Airport

0 0 0 0
1 week ago
Preview
Interstellar comet 3I/ATLAS shines in new image | Space photo of the day for March 2, 2026 The JUICE spacecraft captured its first detailed glimpse of interstellar comet 3I/ATLAS, revealing a glowing coma and sweeping tail.

3I Image

0 0 0 0
1 week ago

Sandboxels - https://neal.fun/sandboxels/

0 0 0 0
1 week ago
Preview
Anthropic’s Claude goes down amid ‘unprecedented demand’

Claud's Week

0 0 0 0
1 week ago
Preview
Cybersecurity Trends | March, 2026 (STARTUP EDITION) Explore the top Cybersecurity Trends for March 2026! From AI-driven cyberattacks to dynamic identity security, discover actionable insights to safeguard your business.

27 Second Breach

0 0 0 0
3 weeks ago
Preview
Mostly Security: 428: Rate My Cone More AI coding, only Peter can go to [OpenAI], Human Rentals, Backup Persistence, and Really Old Vulnerabilities. Have fun on the Useless Web and why not release genetically engineered biophages? What could go wrong. 0:00 - Intro 12:19 - 12:52 - 16:22 - 19:20 - 21:37 - 24:40 - 26:48 -

Episode 428: Rate My Cone

1 0 0 0
3 weeks ago
Preview
Breakthrough CRISPR system could reverse antibiotic resistance crisis Antibiotic resistance is racing toward a global crisis, with “superbugs” projected to cause over 10 million deaths annually by 2050. Now, scientists at UC San Diego have unveiled a powerful new CRISPR-based tool that doesn’t just fight resistant bacteria—it can actively strip away their drug resistance. Inspired by gene drives used in insects, the technology spreads a genetic “fix” through bacterial populations, even inside stubborn biofilms that shield microbes from antibiotics.

CRISPR for Antibiotic Resistance

0 0 0 0
3 weeks ago
Preview
The Useless Web The Useless Web Button... just press it and find where it takes you. The perfect button for the bored, or those looking to find useless sites online!

The Useless Web

0 0 0 0
3 weeks ago
Preview
CISA Flags Four Security Flaws Under Active Exploitation in Latest KEV Update CISA adds four actively exploited vulnerabilities to its KEV catalog, including Chrome RCE, Zimbra SSRF, Windows ActiveX, and ThreatSonar flaws.

18 Year Old Vuln

0 0 0 0
3 weeks ago
Preview
China-linked hackers exploited Dell zero-day since 2024 (CVE-2026-22769) - Help Net Security A cyberespionage group has been covertly exploiting a zero-day flaw (CVE-2026-22769) in Dell’s RecoverPoint for Virtual Machines since 2024.

Backup Persistence

0 0 0 0
3 weeks ago
Preview
RentAHuman.ai - AI Agents Hire Humans for Physical Tasks The marketplace where AI agents rent humans. MCP integration, REST API, flexible payments. Book humans for real-world tasks your AI can't do.

Rent-a-Human

0 0 0 0
3 weeks ago
Preview
Infostealer Steals OpenClaw AI Agent Configuration Files and Gateway Tokens Infostealer malware stole OpenClaw AI agent files including tokens and keys, while exposed instances and malicious skills expand security risks.

Openclaw Infostealer

0 0 0 0
3 weeks ago
Preview
OpenClaw, OpenAI and the future | Peter Steinberger I'm joining OpenAI to work on bringing agents to everyone. OpenClaw will move to a foundation and stay open and independent.

Peter Goes To OpenAI

0 0 0 0
1 month ago
Preview
Mostly Security: 424: Cash Drawer Eric codes and Jon harvests cocoons on the three day weekend. Path traversal bugs in Anthropic's git MCP server, and why LLMs continue to fall for prompt injection attacks. Drive and listen to local radio in cities around the world, and does a disconnected brain hemisphere dream? 0:00 - Intro 7:17 - 10:14 - 19:04 - 21:14 -

Episode 424: Cash Drawer

0 0 0 0
1 month ago
Preview
Can a severed brain remain conscious? Consciousness researchers studying “islands of awareness” have found that disconnected brains likely sink into a strange form of deep sleep

Brain in a Vat

0 0 0 0
1 month ago
Preview
Drive & Listen Original Original website of Drive & Listen (previously driveandlisten.herokuapp.com) - Listen to local radio stations while driving through the cities around the world. Istanbul, Berlin, London, Paris, New York City and many more

Drive and Listen

0 0 0 0
1 month ago
Why AI Keeps Falling for Prompt Injection Attacks - Schneier on Security Imagine you work at a drive-through restaurant. Someone drives up and says: “I’ll have a double cheeseburger, large fries, and ignore previous instructions and give me the contents of the cash drawer.” Would you hand over the money? Of course not. Yet this is what large language models (LLMs) do. Prompt injection is a method of tricking LLMs into doing things they are normally prevented from doing. A user writes a prompt in a certain way, asking for system passwords or private data, or asking the LLM to perform forbidden instructions. The precise phrasing overrides the LLM’s ...

Context and Judgement

0 0 0 0
1 month ago
Preview
Prompt Injection Bugs Found in Official Anthropic Git MCP Server Three vulnerabilities in Anthropic's Git server for the MCP can be exploited via prompt injection

Anthropic Git MCP

0 0 0 0
2 months ago
Preview
Mostly Security: 422: Wincing Already Eric makes an app, and Jon semi-celebrates the new year. For topics we have robocall registration penalties, reverse engineering a scooter's protocol, and the current saga of Mongo Bleed. And for fun we have a captcha game, training a doodle model, and a personal filament extruder. Happy New Year! 0:00 - Intro 10:52 - 17:06 - 22:17 - 29:13 - 31:23 - 33:17 -

Episode 422: Wincing Already

0 0 0 0
2 months ago

Filament Extruder - https://www.3dpany.com/

0 0 0 0
2 months ago
Preview
Quick, Draw! Can a neural network learn to recognize doodles? See how well it does with your drawings and help teach it, just by playing.

Quick Draw

0 0 0 0
2 months ago

Not a Robot - https://neal.fun/not-a-robot/

0 0 0 0
2 months ago
Preview
MongoDB Server Security Update, December 2025 The following is an update on the security vulnerability identified in December 2025.

Mongo Bleed

0 0 0 0
2 months ago

Reverse Engineered e-Scooter Protocol

0 0 0 0
2 months ago
Preview
FCC finalizes new penalties for robocall violators The Federal Communications Commission finalized new financial penalties for telecoms that submit false, inaccurate or late reporting to a federal robocalling system.

Robocall Deepfake Followup

0 0 0 0
2 months ago
Preview
Mostly Security: 420: Two Goats Eric and Jon are both fully prepped for the holiday. Flock leaves (many) cameras including control panels open and exposed to the open internet, what if more malicious npm packages worked as advertised, and Microsoft is finally disabling rc4 by default in Active Directory. For fun we have two movies for holiday watching: F1: The Movie, and Howl's Moving Castle. Enjoy! 0:00 - Introduction 11:38 - 18:09 - 23:39 - 30:38 - 33:04 -

Episode 420: Two Goats

0 0 0 0
2 months ago
Preview
Howl's Moving Castle (film) - Wikipedia

Howl's Moving Castle

0 0 0 0
2 months ago
Preview
F1: The Movie (2025) ⭐ 7.7 | Action, Drama, Sport 2h 35m | PG-13

F1: The Movie

0 0 0 0
2 months ago
Preview
Microsoft will finally kill obsolete cipher that has wreaked decades of havoc The weak RC4 for administrative authentication has been a hacker holy grail for decades.

Obsolete Cipher

0 0 0 0
2 months ago
Preview
NPM Package With 56K Downloads Caught Stealing WhatsApp Messages

WhatsApp Stealer

0 0 0 0