SN 1063: Mongo's Too Easy - AI Bug Bounties Gone Wild
Security Now (Audio)
Leo Laporte
4.6 • 2.3K Ratings
🗓️ 3 February 2026
⏱️ 176 minutes
🧾️ Download transcript
Summary
When a popular antivirus and even Notepad++ turn into infection vectors after supply chain breaches, it's clear no software is safe from attack—or from its own update system. Steve and Leo unpack the risks hiding right inside your next auto-update.
- An anti-virus system infects its own users.
- Apple's next iOS release "fuzzes" cellular locations.
- cURL discontinues bug bounties under bogus AI flood.
- AI discovers and fixes 15 CVE-worthy 0-days in OpenSSL.
- Ireland did NOT already pass their spying legislation.
- AI irreversibly deletes all project files. Says it's sorry.
- Windows has a serious global clipboard security problem.
- ISPs have the ability to monetize their subscriber's identities.
- MongoDB has lowered the hacking skill level bar to the floor
Show Notes - https://www.grc.com/sn/SN-1063-Notes.pdf
Hosts: Steve Gibson and Leo Laporte
Download or subscribe to Security Now at https://twit.tv/shows/security-now.
You can submit a question to Security Now at the GRC Feedback Page.
For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.
Join Club TWiT for Ad-Free Podcasts!
Support what you love and get ad-free audio and video feeds, a members-only Discord, and exclusive content. Join today: https://twit.tv/clubtwit
Sponsors:
Transcript
Click on a timestamp to play from that location
| 0:00.0 | It's time for security now. Steve Gibson is here. He's going to talk about an antivirus that infects its own users. |
| 0:07.6 | Hmm, that's not good. Curl discontinues bug bounties. That's not good either. They say they have to do it. |
| 0:14.9 | And MongoDB has lowered the hacking skill level bar to the floor. |
| 0:22.6 | It's too easy to hack. |
| 0:23.6 | All of that and more. |
| 0:25.6 | Coming up next on Security Now. |
| 0:30.3 | Podcasts you love. |
| 0:32.0 | From people you trust. |
| 0:34.6 | This is Twitter. This is Twit. |
| 0:46.9 | This is Security Now with Steve Gibson, episode 1063, recorded Tuesday, February 3, 2026. |
| 0:49.2 | Mongo's too easy. |
| 0:51.7 | It's time for security now. |
| 0:52.9 | Oh, goody, goody, goody. |
| 0:56.6 | I don't think all those CSOs and CIOs and security professionals listening are going, oh, goody, goody, goody. But in their heart |
| 1:00.6 | of hearts, they're thinking, yay, it's Tuesday. Steve's here. Yay. What are they going to talk about |
| 1:06.1 | the day? Steve Gibson, our hero, the man of the hour. Every Tuesday, we get together, talk about the latest |
| 1:12.6 | security news. And, you know, interestingly enough, there's never been a lack of security news to talk about. |
| 1:18.7 | Oh, boy. And in fact, I, I, Lori's been pushing me to start working on the podcast earlier in the week. |
| 1:29.1 | Well, and it makes sense because she knows how stressed I get. |
| 1:32.7 | You know, I'm when I commit to doing something and doing a good job, that's going to happen. |
| 1:38.6 | So I was reminiscing with her that there was a time maybe a couple years ago when I would come, |
| 1:46.2 | I would, you know, because I'm working in my separate location during the day. |
... |
Please login to see the full transcript.
Disclaimer: The podcast and artwork embedded on this page are from Leo Laporte, and are the property of its owner and not affiliated with or endorsed by Tapesearch.
Generated transcripts are the property of Leo Laporte and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.
Copyright © Tapesearch 2026.