New Episode of Security Now: Security Now 1055

In this episode of Security Now, Steve Gibson and Leo Laporte address a multitude of topics related to cybersecurity, government regulations, and critical vulnerabilities in computer systems. Here is a detailed summary of the key points discussed.

The episode begins with a discussion on cookie regulations and data protection in France. The magazine Vanity Fair France was fined 750,000 euros for non-compliance with cookie rules. This case highlights the importance of adhering to European regulations, particularly the GDPR, which imposes strict obligations regarding user consent. French authorities found that Vanity Fair was placing cookies on users' devices without notification or permission, despite several warnings and discussions with the CNIL (National Commission on Informatics and Liberty).

Another major topic concerns the withdrawal of GrapheneOS from France. GrapheneOS, an Android operating system focused on security and privacy, announced it was leaving France due to a new law requiring backdoors in encryption systems. French authorities attempted to compel GrapheneOS developers to provide ways to bypass device security protections, which the developers categorically refused. This situation illustrates the growing tensions between governments and privacy advocates, particularly regarding encryption and personal data protection.

Steve and Leo also discuss new regulations in Australia and the European Union aimed at restricting social media access for minors under 16. In Australia, this law came into effect on December 10, 2025, requiring social media platforms to verify users' ages. This measure aims to protect young people from the risks associated with social media but also poses technical and ethical challenges, particularly in verifying age while preserving user privacy. The EU is considering similar measures, with a focus on developing a privacy-respecting age verification application.

In India, the government recently imposed controversial measures to combat smartphone theft and cybercrime. Among these measures is the requirement for smartphone manufacturers to preinstall the government application Sanchar Saathi, which allows tracking and blocking of stolen devices. Apple refused to comply with this directive, leading the Indian government to backtrack. However, India has also imposed strict rules for encrypted messaging applications, requiring them to be linked to a SIM card, raising concerns about privacy and government surveillance.

Another topic discussed is the spectacular increase in RAM prices due to increased demand related to AI. Data centers and tech companies consume large amounts of RAM to power their AI models, leading to shortages and price surges. This situation affects not only businesses but also consumers, with RAM and SSD prices reaching record levels.

Steve Gibson also announces the release of version 2 of his DNS Benchmark tool. This tool allows users to test and compare the performance of DNS servers. The new version includes enhanced features, such as support for IPv6 and secure connections via DNS over TLS (DoT) and DNS over HTTPS (DoH). The tool is available for a one-time purchase of $9.95, with all future updates included.

Finally, the episode concludes with an in-depth discussion on a critical vulnerability in React, a widely used JavaScript library for developing user interfaces. This vulnerability, identified as CVE-2025-55182, allows for remote code execution (RCE) without authentication, making it one of the most severe vulnerabilities ever discovered. It affects millions of servers and web applications, including major platforms like Instagram, Netflix, and Airbnb. Attackers can exploit this flaw to execute malicious code on vulnerable servers, leading to emergency updates and protections deployed by major cloud service providers like Cloudflare and AWS.

In summary, this episode of Security Now provides an overview of current challenges in cybersecurity, government regulations, and critical vulnerabilities in computer systems. The discussions highlight the importance of data protection, privacy, and the security of digital infrastructures in an increasingly connected world.