FCC, Github, MiniShai-hulud, Stated of Supply Chain, Itron, CRA, NIS2, and more!! - PSW #927

In the security news this week:

• FCC router bans and the hidden firmware update problem
• Why extending support timelines actually improves security
• Github supply chain concerns and the evolving SBOM ecosystem
• CRA and NIS2 compliance deadlines are getting very real
• The EU Cyber Resilience Act's 24-hour vulnerability disclosure requirement
• Security regulation: vertical vs horizontal compliance models
• Vehicle-to-load EV systems powering homes during outages
• Solar, batteries, AI farms, and the future economics of electricity
• Data centers consuming regional power grids
• BitLocker "Yellow Key" fallout and large-scale remediation challenges
• AI-generated PowerShell fixes and the rise of vibe scripting
• Linux kernel exploits, module jail, and default deny strategies
• Medical biometric data theft and why fingerprints are terrible passwords
• Interpol cybercrime operations across the MENA region
• OT security, connected vehicles, and accepting real-world risk

The crew also discusses threat intelligence obligations under the CRA, the operational realities of patching at enterprise scale, the economics of secure-by-default systems, and why making security cheaper than insecurity might finally move the industry forward.

Visit https://www.securityweekly.com/psw for all the latest episodes!

Show Notes: https://securityweekly.com/psw-927