SN 1067: KongTuke's CrashFix - Click, Paste, Pwned
From Security Now (Audio) by TWiT
March 3, 2026 · 2h 53m · Episode 1067
About this episode
The episode discusses a new social engineering attack exploiting clipboard vulnerabilities in Windows and various related security topics.
A crafty new breed of social engineering attack is tricking users into launching malware straight from their clipboard, exposing a fresh vulnerability in Windows that even tech pros could fall for. Leo Laporte and Steve Gibson break down how the latest ClickFix and CrashFix exploits are outsmarting traditional defenses. The lowdown on last week's "no turn" picture of the week. Is an AI-driven hacking campaign a big deal now. Clause used in multiple Mexican government attacks. Apple continues to be confronted with age restrictions. COPPA needs an exception to allow age collection. Meta swamps law enforcement with AI-slop CSAM reports. Roskomnadzor has been busy blocking VPNs. Guess how many. The UK tries to report their self-scanning success. Remember that hacker who extorted the psychotherapy patients. Scattered Lapsus$ Hunters is actively recruiting women. Cisco lands another breathtakingly rare 10.0 CVSS. VulnCheck's report on 2025 vulnerabilities and exploits. Steve discovers a fabulous $72 Hardware Security Module. A listener shares an interesting AI service discovery. The very potent "ClickFix" exploit evolves Show Notes - https://www.grc.com/sn/SN-1067-Notes.pdf Hosts…
People in this episode
Hosts: Leo Laporte, Steve Gibson
Topics covered
- social engineering attacks
- malware
- Windows vulnerabilities
- AI-driven hacking
- law enforcement
- VPN blocking
- hardware security
Keywords
- social engineering
- malware
- Windows vulnerability
- AI hacking
- ClickFix
- CrashFix
- VPN
- law enforcement
- hardware security
Mentioned in this episode
Organizations: Meta, Cisco, Roskomnadzor, VulnCheck, GRC
Products: Hardware Security Module
Places: Mexico
More episodes of Security Now (Audio)
- SN 1082: The Malicious Use of AI - Anthropic's Red Team Report · June 10, 2026 · 2h 37m
- SN 1081: AI Captured the Flag - Personal AI: Productivity Superpower or Privacy Threat? · June 3, 2026 · 3h 20m
- SN 1080: Vulnerability Debt Repayment - Will Mythos Change Cybersecurity Forever? · May 27, 2026 · 2h 44m
- SN 1079: Daybreak and Codename MDASH - Microsoft's Edge Password Blunder · May 20, 2026 · 2h 52m
- SN 1078: DigiCert does it right - Hugging Face Under Fire · May 13, 2026 · 2h 41m
- SN 1077: A Browser AI API? - End of Bug Bounties? · May 6, 2026 · 2h 35m
Explore listener stats, chart rankings, contacts and more on the Security Now (Audio) podcast page.