SN 1047: RediShell's CVSS 10.0 - The Rise of Mega Botnets
Security Now (Audio)
Leo Laporte
4.6 • 2.1K Ratings
🗓️ 14 October 2025
⏱️ 152 minutes
🧾️ Download transcript
Summary
Texas is on the brink of forcing Apple and Google to overhaul app downloads with strict age verification laws—are tech giants ready, or is your privacy about to get caught in the crossfire?
- The EU aborted their Chat Control vote knowing it would fail.
- Salesforce says it's not going to pay; customer data is released.
- Hackers claim Discord breach netted 70,000 government IDs.
- Microsoft to move Github to Azure. What could possibly go wrong.
- New California law allows universal data sharing opt-out.
- OpenAI reports that it's blocking foreign abuse. Who cares.
- IE Mode refuses to die, so Microsoft is burying it deeper.
- The massive mess created by Texas legislation SB2420.
- The BreachForums website gets a makeover.
- 100,000 strong global botnet attacking U.S. RDP services.
- UI experts weigh in on Apple's iOS 26 user-interface.
- 330,000 publicly exposed REDIS servers are RCE-vulnerable
Show Notes - https://www.grc.com/sn/SN-1047-Notes.pdf
Hosts: Steve Gibson and Leo Laporte
Download or subscribe to Security Now at https://twit.tv/shows/security-now.
You can submit a question to Security Now at the GRC Feedback Page.
For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.
Join Club TWiT for Ad-Free Podcasts!
Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit
Sponsors:
Transcript
Click on a timestamp to play from that location
| 0:00.0 | It's time for security now. Steve Gibson is here with good news on the EU chat control vote. |
| 0:06.7 | We'll talk about that discord breach. Salesforce says we're not going to pay. And then there is a very bad bug in 330,000 publicly exposed Redis servers. |
| 0:19.6 | It's got a CVSS of 10. Stay tuned. All will be revealed next on Security Now. |
| 0:29.5 | Podcasts you love. From people you trust. This is Twitter. |
| 0:39.3 | This is Security Now with Steve Gibson, episode 147, recorded Tuesday, October 14th, 2025, Redis Shell's CVS 10.0. |
| 0:52.6 | It's time for security now, the show we cover the latest in security, privacy, computing, |
| 0:58.4 | pretty much anything Steve Gibson wants to talk about because he's the man of the hour. |
| 1:03.4 | Hello, Mr. G. And I do try to largely keep us on topic as much as possible. |
| 1:09.6 | No, I'm the one who distracts. |
| 1:11.2 | I'm the distractor. |
| 1:13.2 | There are sometimes we wander a little bit off the range. |
| 1:16.4 | But I always get feedback from our listeners saying, hey, that was fun or that was interesting. |
| 1:20.8 | Or like with, you know, like sci-fi stuff. |
| 1:23.8 | Some of the best sci-fi series that I've read have come from listeners saying, |
| 1:29.4 | hey, try this. That's true. Also, some of the worst. But that's just the nature of |
| 1:34.5 | that's just the nature of the game. So the topic I chose for today is just one of a bunch of interesting news that we're going to cover. |
| 1:49.7 | And, you know, it came at the end. |
| 1:52.1 | So, okay, that's what we're going to talk about when we wrap things up. |
| 1:55.2 | And that's an arguably really worrisome remote code execution exploit in all Redis servers, which have been around for the last, the exploit has been around for the last 13 years. |
| 2:13.9 | It's in Lua. |
| 2:15.6 | We use Redis. |
| 2:17.2 | We use Redis. |
... |
Please login to see the full transcript.
Disclaimer: The podcast and artwork embedded on this page are from Leo Laporte, and are the property of its owner and not affiliated with or endorsed by Tapesearch.
Generated transcripts are the property of Leo Laporte and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.
Copyright © Tapesearch 2025.