Smashing Security

Meta's smart glasses promise privacy "designed for you" - but everything they record was being beamed off to workers in Nairobi to label by hand. When those workers blew the whistle, Meta sacked all 1,108 of them.Meanwhile, the IT press is in a frenzy over a new Linux bug called "Copy Fail" - complete with logo, dedicated website, and a marketing-friendly name. But is it really the disaster everyone's making it out to be?And in our featured interview, Jake Moore of ESET explains how he tricked a company into offering his deepfake clone a job - after a perfectly normal-looking video interview.All this and more in episode 466 of the "Smashing Security" podcast with cybersecurity expert and keynote speaker Graham Cluley, joined this week by special guest Paul Ducklin.EPISODE LINKS:Anti-DDoS Firm Heaped Attacks on Brazilian ISPs - Krebs On Security.Microsoft Defender wrongly flags DigiCert certs as Trojan:Win32/Cerdigent.A!dha - Bleeping Computer.Trellix confirms data breach after hack of 'a portion' of its source code - TechRadar.Meta’s AI Smart Glasses and Data Privacy Concerns: Workers Say “We See Everything” - Svd.Dispute over fate of Kenyan workers who saw Meta AI glasses films - BBC News.Copy Fail - CVE-2026-31431.Copy Fail: Hype versus reality - the full story - SolCyber.Flight into Danger: The Original Airplane! - BBC Sounds.The Luton writer behind the original Airplane! - BBC News.Code Dependent by Madhumita Murgia - Pan Macmillan.The Code Book - Simon Singh.Smashing Security merchandise (t-shirts, mugs, stickers and stuff)SPONSORS:Vanta - Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get $1000 off!ESET - 30 years of threat research behind unique global telemetry, AI-native technology, and human expertise working together to keep your business protected.Action1 - Keep your systems safe (and your sanity intact) with the patch management platform that just works. The best part? Your first 200 endpoints are free, forever, with no functional limits.SUPPORT THE SHOW:Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.Become a supporter! Join Smashing Security PLUS via Patreon or Apple Podcasts for ad-free episodes on our early-release feed!FOLLOW THE SHOW:Follow us on Bluesky or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.THANKS:Theme tune: "Vinyl Memories" by Mikael Manvelyan.Assorted sound effects: AudioBlocks.Privacy & Opt-Out: https://redcircle.com/privacy

A developer at an AI startup wanted to cheat at Roblox. They downloaded a dodgy script on their work laptop. That one decision triggered a cascade of failures that ended with a $2 million data breach affecting hundreds of thousands of organisations. All for some free in-game currency.Meanwhile, there's a 1980s phone protocol called SS7 that lets shadowy surveillance companies track anyone, anywhere, via their mobile phone. Governments know about it. Telecoms know about it. Nobody's fixing it.All this and more in episode 465 of the "Smashing Security" podcast with cybersecurity keynote speaker and industry veteran Graham Cluley, joined this week by special guest James Ball.Plus! Don't miss our featured interview with Rob Edmondson of CoreView, discussing how to lock down Microsoft 365 before it's too late.EPISODE LINKS:Burglar alarm biz gets burgled, ShinyHunters pursues ransom - The Register.Ransomware negotiator pleads guilty after leaking victims' insurance details to 'BlackCat' hackers - Tom’s Hardware.Grok tells researchers pretending to be delusional ‘drive an iron nail through the mirror while reciting Psalm 91 backwards’ - The Guardian.Vercel April 2026 security incident - Vercel.App host Vercel says it was hacked and customer data stolen - TechCrunch.Vercel Breach Tied to Context AI Hack Exposes Limited Customer Credentials - Hacker News.Sorry for the Nazi spam from my Twitter account - Graham Cluley.Bad Connection: Uncovering Global Telecom Exploitation by Covert Surveillance Actors - Citizen Lab.Surveillance vendors caught abusing access to telcos to track people's phone locations, researchers say - TechCrunch.The rapid rise of phone surveillance firms - The Bureau of Investigative Journalism.Please shut up about your Spotify Wrapped - The New World.Think For Yourself - Beatles Song Identification Game.Nodes: Free Connection Puzzle & Vertex Game Alternative.Smashing Security merchandise (t-shirts, mugs, stickers and stuff)SPONSORS:Elastic – AI is transforming security operations, but security is still a data problem. Learn how context-rich data drives faster, more reliable defence.Vanta - Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get $1000 off!Coreview - Download "Total Tenant Takeover", a white paper about the Microsoft 365 Disaster No One Is Ready For.SUPPORT THE SHOW:Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.Become a supporter! Join Smashing Security PLUS via Patreon or Apple Podcasts for ad-free episodes on our early-release feed!FOLLOW THE SHOW:Follow us on Bluesky or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.THANKS:Theme tune: "Vinyl Memories" by Mikael Manvelyan.Assorted sound effects: AudioBlocks.Privacy & Opt-Out: https://redcircle.com/privacy

A company that ran anonymous tip lines for 35,000 American schools - handling reports of bullying, weapons, and self-harm - boasted on its website that it had suffered zero security breaches in over 20 years. A hacker called Internet Yiff Machine thought that sounded like a challenge, with predictable results...Meanwhile, Rockstar Games gets hacked again - and the stolen data turns out to be less embarrassing than the financial secrets it accidentally revealed. GTA Online is still making half a billion dollars a year. Red Dead Redemption is not.All this and more in episode 464 of the "Smashing Security" podcast with cybersecurity keynote speaker and industry veteran Graham Cluley, joined this week by special guest BBC cybersecurity correspondent Joe Tidy.Plus! Don't miss our featured interview with Ryan Benson of Meter.EPISODE LINKS:Grinex exchange blames "Western intelligence" for $13.7M crypto hack - Bleeping Computer.Are Former Black Basta Affiliates Automating Executive Targeting? - Reliaquest.Apple is working on passcode bug locking out iPhone users - The Register.Hackers who stole crime tip records offering data cache for $10k - San.P3 Advertised 20+ Years and 0 Security Breaches. You Can Guess What Happened Next - Databreaches.net.Portland police urge residents to avoid Crime Stoppers following hack - San.GTA-maker Rockstar Games hacked again but downplays impact - BBC News.Rockstar hackers release their stolen data, reveal that Rockstar was right to not pay them anything for it - PC Gamer.XCancel.”We Are Anonymous” by Parmy Olson - Penguin.Smashing Security merchandise (t-shirts, mugs, stickers and stuff)SPONSORS:Elastic – AI is transforming security operations, but security is still a data problem. Learn how context-rich data drives faster, more reliable defence.Meter – Network infrastructure for the enterprise. Get a free personalised demo.Vanta – Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get $1000 off!SUPPORT THE SHOW:Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.Become a supporter! Join Smashing Security PLUS via Patreon or Apple Podcasts for ad-free episodes on our early-release feed!FOLLOW THE SHOW:Follow us on Bluesky or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.THANKS:Theme tune: "Vinyl Memories" by Mikael Manvelyan.Assorted sound effects: AudioBlocks.Privacy & Opt-Out: https://redcircle.com/privacy

A hacking group claims to have broken into the flood defence system protecting Venice's Piazza San Marco - and is offering to sell access to whoever wants it. The asking price? A frankly insulting $600.Meanwhile, Anthropic accidentally leaked the source code for Claude Code via a basic packaging mistake. Oh, and by the way, they've also just revealed they've built an AI model called Mythos that can find and chain together software vulnerabilities faster than any human. Sleep well.All this and more in episode 463 of the “Smashing Security” podcast with cybersecurity expert and keynote speaker Graham Cluley, joined this week by special guest Tanya Janca.EPISODE LINKS:Booking.com warns customers of hack that exposed their data - The Guardian.GTA-maker Rockstar Games hacked again but downplays impact - BBC News.Meta removes ads for social media addiction litigation - Axios.Hackers claim control over Venice San Marco anti-flood pumps - Security Affairs.Venezia, attacco hacker al sistema di pompe che difende piazza San Marco dall'acqua: «Abbiamo i codici, possiamo disattivarlo» - Corriere del Veneto. Digging into the Claude Code source - Dave Schumaker’s write-up of Anthropic leaking data in February 2025.Anthropic goes nude, exposes Claude Code source by accident - The Register.Assessing Claude Mythos Preview’s cybersecurity capabilities - Anthropic.Smashing Security transcripts!Shrinking - Apple TV. Smashing Security merchandise (t-shirts, mugs, stickers and stuff)SPONSORS:Meter - Network infrastructure for the enterprise. Get a free personalised demo.Vanta - Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get $1000 off!Coreview - Download "Total Tenant Takeover", a white paper about the Microsoft 365 Disaster No One Is Ready For.SUPPORT THE SHOW:Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.Become a supporter! Join Smashing Security PLUS via Patreon or Apple Podcasts for ad-free episodes on our early-release feed!FOLLOW THE SHOW:Follow us on Bluesky or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.THANKS:Theme tune: "Vinyl Memories" by Mikael Manvelyan.Assorted sound effects: AudioBlocks.Privacy & Opt-Out: https://redcircle.com/privacy

LinkedIn has been secretly scanning your browser for over 6,000 installed extensions — on every single click you make. It can tell if you're job hunting, what religion you are, and whether you have ADHD. And none of this is mentioned anywhere in their privacy policy.Meanwhile, California's crypto millionaires are learning that no amount of encryption can protect you from someone who knocks on your door pretending to deliver a pizza.All this and more in episode 462 of the “Smashing Security” podcast with cybersecurity expert and keynote speaker Graham Cluley, joined this week by special guest Dave Bittner.EPISODE LINKS:Russian government hackers broke into thousands of home routers to steal passwords - TechCrunch.Refusal to Give the Government Passwords to Personal Mobile Device Criminalized in Hong Kong - US Consulate in Hong Kong."I didn't think millions would see this..." Russians are calling each other through a cat feeder - GUBDaily.BrowserGate.Scanned extensions database - BrowserGate.LinkedIn secretly scans for 6,000+ Chrome extensions, collects data - Bleeping Computer.Translate into LinkedIn speak - Kagi.Security - xkcd.Wealthy California crypto holders targeted in violent ‘wrench attacks’ - KTLA 5.Lost Doctor Who episodes to be released this week - BBC News.Doctor Who: The Daleks’ Master Plan - The Nightmare Begins - BBC iPlayer.Doctor Who: The Daleks’ Master Plan - Devil’s Planet - BBC iPlayer.Milton Bradley Grandmaster Robotic Chess Computer - YouTube.Robot Chess - One-armed gambit - Techmoan on YouTube.Smashing Security merchandise (t-shirts, mugs, stickers and stuff)SPONSORS:ESET - 30 years of threat research behind unique global telemetry, AI-native technology, and human expertise working together to keep your business protected.Meter - Network infrastructure for the enterprise. Get a free personalised demo.Vanta - Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get $1000 off!SUPPORT THE SHOW:Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.Become a supporter! Join Smashing Security PLUS via Patreon or Apple Podcasts for ad-free episodes on our early-release feed!FOLLOW THE SHOW:Follow us on Bluesky or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.THANKS:Theme tune: "Vinyl Memories" by Mikael Manvelyan.Assorted sound effects: AudioBlocks.Privacy & Opt-Out: https://redcircle.com/privacy

A cannabis-growing, beekeeping, gyrocopter-flying Irishman invested his drug money in Bitcoin back in 2011 - and now sits on a fortune worth $400 million. There's just one small problem: the access codes were tucked inside his fishing rod case, which has mysteriously vanished. Or has it? Because this week, one of his frozen wallets suddenly woke up and moved $35 million - and someone had to identify themselves to do it.Meanwhile, Ajax Football Club scores a spectacular cyber own-goal, as a data breach that the club claimed affected "a few hundred" fans turns out to may have exposed the personal details of 300,000 supporters - along with the ability to steal match tickets and quietly remove people from the stadium ban list.All this and much more in episode 461 of the "Smashing Security" podcast with cybersecurity expert and keynote speaker Graham Cluley, joined this week by special guest journalist Danny Palmer.EPISODE LINKS:Iran-linked hackers breach FBI director's personal email, publish photos and documents - Reuters.Windows PCs crash three times as often as Macs, report says - TechSpot.Wife used CCTV to steal $176M of husband’s crypto, UK court told - Coin Telegraph.Gardaí open €30m bitcoin virtual wallet, first of 12 accessed since seizure in 2019 - Irish Times.Irish Drug Dealer’s Lost BTC Stack Worth $400m Has Woken Up - Arkham.Ajax FC data breach exposes 300,000 fans, hacker steals tickets an stadium ban details - Cybernews.Small Prophets - BBC iPlayer.RPG Taverns - Dungeons and Dragons tavern in London.Smashing Security merchandise (t-shirts, mugs, stickers and stuff)SPONSORS:Action1 - Keep your systems safe (and your sanity intact) with the patch management platform that just works. The best part? Your first 200 endpoints are free, forever, with no functional limits.Meter - Network infrastructure for the enterprise. Get a free personalised demo.Vanta - Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get $1000 off!SUPPORT THE SHOW:Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.Become a supporter! Join Smashing Security PLUS via Patreon or Apple Podcasts for ad-free episodes on our early-release feed!FOLLOW THE SHOW:Follow us on Bluesky or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.THANKS:Theme tune: "Vinyl Memories" by Mikael Manvelyan.Assorted sound effects: AudioBlocks.Privacy & Opt-Out: https://redcircle.com/privacy

A disgruntled data analyst decides that the best response to losing his contract is to steal the entire company payroll database and demand $2.5 million in Bitcoin - signing his extortion emails from a company called "Loot."Meanwhile, two people drive up to the entrance of the UK's nuclear submarine base at Faslane and politely ask if they can have a look around. Tourists? Spies? Something in between?Plus: Female Muslim punk rock group, and a little red book that might save your sanity in a post-truth world.All this and more in episode 460 of the "Smashing Security" podcast with cybersecurity veteran Graham Cluley, and special guest Jenny Radcliffe.EPISODE LINKS:A Top Google Search Result for Claude Plugins Was Planted by Hackers - 404 Media.Iowa-based Intoxalock cyberattack disrupts calibration service for interlock users - DysruptionHub.China hacker group leaks $7M crypto theft operation targeting wallet supply chains​ - Crypto News.Federal Jury Convicts Charlotte Man For Cyber Extortion Scheme That Targeted International Technology Company - DOJ.Iranian and Romanian charged after allegedly trying to enter UK nuclear naval base - Sky News.LadyParts - Spotify.On Disinformation: How to Fight for Truth and Protect Democracy - Lee McIntyre.Smashing Security merchandise (t-shirts, mugs, stickers and stuff)SPONSORS:ThreatLocker - Start your free trial and book a demo of ThreatLocker today to see how you can implement Zero Trust in your environment.Vanta - Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get $1000 off!Meter - Network infrastructure for the enterprise. Get a free personalised demo.SUPPORT THE SHOW:Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.Become a supporter! Join Smashing Security PLUS via Patreon or Apple Podcasts for ad-free episodes on our early-release feed!FOLLOW THE SHOW:Follow us on Bluesky or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.THANKS:Theme tune: "Vinyl Memories" by Mikael Manvelyan.Assorted sound effects: AudioBlocks.Privacy & Opt-Out: https://redcircle.com/privacy

In episode 459 of Smashing Security, we dive into a chillingly clever account takeover attempt targeting WordPress co-founder Matt Mullenweg - involving MFA fatigue, real Apple alerts, a convincing support call, and a phishing page that oh-so-nearly worked. If a famous techie could have this happen to you, can you be sure you're immune?Plus: would you donate your lifetime medical history to science if you were promised anonymity? We unpack serious concerns around UK Biobank, where “de-identified” data may not be as anonymous as you think — and how surprisingly little information it takes to reveal everything.And! Human-powered “AI”, and a punishment worse than prison: eight hours on the RSA expo floor...All this, and much more, in episode 459 of the "Smashing Security" podcast with cybersecurity veteran Graham Cluley, and special guest Paul Ducklin.EPISODE LINKS:DOGE employee stole Social Security data and put it on a thumb drive, report says - TechCrunch.Foreign hacker in 2023 compromised Epstein files held by FBI, source and documents show - Reuters.New font-rendering trick hides malicious commands from AI tools - Bleeping Computer.Lockdown Mode - Apple support.Gone (Almost) Phishin’ - Matt Mullenweg.Listen to the Live Scam Call Targeting Matt Mullenweg’s Apple Account - YouTube.Confidential health records from UK BioBank project exposed online - The Guardian.A message from Professor Sir Rory Collins, Chief Executive and Principal Investigator of UK Biobank - UK BioBank.Psychotherapy data breach blackmailer sent to prison - Paul Ducklin.Your AI slop bores me.Post by Vaughan Shanks - LinkedIn.Judge Sentences CISO to 8 Consecutive Hours on RSA Expo Floor as Formal Punishment for Security Breach - The Exploit.Smashing Security merchandise (t-shirts, mugs, stickers and stuff)SPONSORS:Vanta - Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get $1000 off!Adaptive Security - request a custom demo featuring a real CEO deepfake simulation.Meter - Network infrastructure for the enterprise. Get a free personalised demo.SUPPORT THE SHOW:Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.Become a supporter! Join Smashing Security PLUS via Patreon or Apple Podcasts for ad-free episodes on our early-release feed!FOLLOW THE SHOW:Follow us on Bluesky or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.THANKS:Theme tune: "Vinyl Memories" by Mikael Manvelyan.Assorted sound effects: AudioBlocks.Privacy & Opt-Out: https://redcircle.com/privacy

A Wikipedia security engineer accidentally wakes a dormant JavaScript worm that hadn't stirred since 2024 - and within minutes, giant woodpecker images are plastered across the internet's favourite encyclopaedia.Meanwhile, a crypto contractor hired to help the US Marshals manage seized digital assets allegedly decides to help himself to $46 million of it - and then brags about it on a recorded Telegram call.Plus: Graham champions Asterix, Trisha discovers the fantasy novels of Robin Hobb, and someone called "Lick" ends up in the nick.All this, and much more, in episode 458 of the "Smashing Security" podcast with cybersecurity veteran Graham Cluley, and special guest Tricia Howard.EPISODE LINKS:Major data leak forum dismantled in global action against cybercrime forum - Europol.Ericsson blames vendor vishing slip-up for breach exposing thousands of records - The Register.How hackers bypassed MFA with a $120 phishing kit – until law enforcement  shut them down - Hot for Security.Wikipedia hit by self-propagating JavaScript worm that vandalized pages - Bleeping Computer.FBI arrests crypto thief accused of stealing $46 million from seized government wallet - Tom’s Hardware.Twitter thread by ZachXBT about John Daghita’s arrest - Twitter.Asterix - Wikipedia.Robin Hobb.The Complete Farseer trilogy - Harper Collins.Smashing Security merchandise (t-shirts, mugs, stickers and stuff)SPONSORS:Vanta - Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get $1000 off!ThreatLocker - Start your free trial and book a demo of ThreatLocker today to see how you can implement Zero Trust in your environment.Meter - Network infrastructure for the enterprise. Get a free personalised demo.SUPPORT THE SHOW:Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.Become a supporter! Join Smashing Security PLUS via Patreon or Apple Podcasts for ad-free episodes on our early-release feed!FOLLOW THE SHOW:Follow us on Bluesky or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.THANKS:Theme tune: "Vinyl Memories" by Mikael Manvelyan.Assorted sound effects: AudioBlocks.Privacy & Opt-Out: https://redcircle.com/privacy

When a top cybersecurity firm discovered it had a leak, you would expect the FBI to be called. Instead, the person put in charge of the investigation was the actual leaker... who promptly sent an innocent colleague into a career-ending ambush.In this episode, we unravel the jaw-dropping tale of a defence contractor caught selling zero-day exploits to a Russia-linked broker.Plus: are nation states quietly poisoning AI models to bend reality itself? We explore how “foreign information manipulation interference” could target not just social media users, but the large language models we increasingly trust for answers — and what that might mean for truth, trust, and the future of online influence.All this, and much more, in episode 457 of the "Smashing Security" podcast with cybersecurity veteran Graham Cluley, and special guest Carl Miller.EPISODE LINKS:Large-Scale Online Deanonymization with LLMs - Simon Lermen.Hacked Prayer App Sends ‘Surrender’ Messages to Iranians Amid Israeli and US Strikes - Wired.“Stay safe out there gamers”: Streamers say Amazon just made Wishlists a doxxing risk - Daily Dot.Apple alerts exploit developer that his iPhone was targeted with government spyware - TechCrunch.Former General Manager for U.S. Defense Contractor Sentenced to 87 Months for Selling Stolen Trade Secrets to Russian Broker - US Department of Justice.Treasury Sanctions Exploit Broker Network for Theft and Sale of U.S. Government Cyber Tools - US Department of Treasury.Inside the story of the US defense contractor who leaked hacking tools to Russia - TechCrunch.​​Hundreds of English-language websites link to pro-Kremlin propaganda - Guardian.The Incredible Shrinking Man - Internet Archive.“The Immortalists” by Aleks Kortoski - Penguin Books.Smashing Security merchandise (t-shirts, mugs, stickers and stuff)SPONSORS:Action1 - Keep your systems safe (and your sanity intact) with the patch management platform that just works. The best part? Your first 200 endpoints are free, forever, with no functional limits.Meter - Network infrastructure for the enterprise. Get a free personalised demo.Vanta - Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get $1000 off!SUPPORT THE SHOW:Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.Become a supporter! Join Smashing Security PLUS via Patreon or Apple Podcasts for ad-free episodes on our early-release feed!FOLLOW THE SHOW:Follow us on Bluesky or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.THANKS:Theme tune: "Vinyl Memories" by Mikael Manvelyan.Assorted sound effects: AudioBlocks.Privacy & Opt-Out: https://redcircle.com/privacy

When the mysterious operator of an internet archiving-service decided to silence a curious Finnish blogger, they didn’t just send a stroppy email - they allegedly weaponised their own CAPTCHA page to launch a DDoS attack, threatened to invent an entirely new genre of AI porn, and tampered with parts of their own archive to smear the blogger's name.In this episode, we unravel how a website designed to preserve history may have trashed its own credibility - and how Wikipedia responded when trust went out the window.Plus a ransomware gang shoots itself in the foot with a classic case of buffoonery, accidentally corrupting the very keys victims would need to decrypt their data. When even the criminals can’t unlock your files, what happens next?All this, a surprisingly zen Pick of the Week, and a gloriously splenetic rant against web forms, on episode 456 of the award-winning "Smashing Security" podcast, with cybersecurity veteran Graham Cluley and special guest Paul Ducklin.EPISODE LINKS:This App Will Detect People Wearing Smart Glasses Near You - Lifehacker.Patients listed as dead after major NZ health app MediMap hacked - 1News.Why fake AI videos of UK urban decline are taking over social media - BBC News.FBI orders domain registrar to reveal who runs mysterious Archive.is site - Ars Technica.Archive.today CAPTCHA page executes DDoS; Wikipedia considers banning site - Ars Technica.Archive.today is directing a DDOS attack against my blog - Gyrovague.Critical buffer overflow bug - in ESXi ransomware - SolCyber.Yoga with Adriene - YouTube.Smashing Security merchandise (t-shirts, mugs, stickers and stuff)SPONSORS:Coreview - Download "Total Tenant Takeover", a white paper about the Microsoft 365 Disaster No One Is Ready For.Vanta - Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get $1000 off!ThreatLocker - Start your free trial and book a demo of ThreatLocker today to see how you can implement Zero Trust in your environment.SUPPORT THE SHOW:Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.Become a supporter! Join Smashing Security PLUS via Patreon or Apple Podcasts for ad-free episodes on our early-release feed!FOLLOW THE SHOW:Follow us on Bluesky or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.THANKS:Theme tune: "Vinyl Memories" by Mikael Manvelyan.Assorted sound effects: AudioBlocks.Privacy & Opt-Out: https://redcircle.com/privacy

Could America turn off Europe's internet?That’s one of the questions that Graham and special guest James Ball will be exploring as they discuss tech sovereignty. Could Gmail, cloud services, and critical infrastructure really become geopolitical leverage? And is anyone actually building a Plan B?Plus we explore if Meta is quietly plotting to turn its smart glasses into face-recognising surveillance specs? With reports of internal memos suggesting they plan to launch controversial features while everyone’s distracted by political chaos, we ask: is this innovation really wanted by the public... or something far creepier?All of this, and much more, in episode 455 of the award-winning "Smashing Security" podcast with cybersecurity veteran Graham Cluley, joined this week by journalist and author James Ball.EPISODE LINKS:IcedID malware developer fakes his own death to escape the FBI - Risky Business.Sex toys maker Tenga says hacker stole customer information - TechCrunch.Dutch police arrest man for "hacking" after accidentally sending him confidential files - Hot for Security.Meta Plans to Add Facial Recognition Technology to Its Smart Glasses - New York Times.Trading Sovereignty for Scale? The Costs of the US - UK Tech Prosperity Deal - Just Security.Just Mercy - Wikipedia.Just Mercy trailer - YouTube.Bryan Stevenson’s TED talk: We need to talk about an injustice - YouTube.The Residence - Netflix.Smashing Security merchandise (t-shirts, mugs, stickers and stuff)SPONSORS:Vanta - Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get $1000 off!Passwork - a reliable secrets manager and password management solution.Adaptive Security - request a custom demo featuring a real CEO deepfake simulation.SUPPORT THE SHOW:Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.Become a supporter! Join Smashing Security PLUS via Patreon or Apple Podcasts for ad-free episodes on our early-release feed!FOLLOW THE SHOW:Follow us on Bluesky or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.THANKS:Theme tune: "Vinyl Memories" by Mikael Manvelyan.Assorted sound effects: AudioBlocks.Privacy & Opt-Out: https://redcircle.com/privacy

AI bots are having existential crises, inventing religions, and allegedly plotting against humanity... or so the internet would have you believe.We dig into Moltbook, the “AI-only” social network that sent Twitter into a meltdown, attracted breathless talk of the singularity, and turned out to be far less Terminator and far more humans role-playing as bots.Plus we discuss why "vibe coding" your app might be a catastrophically bad idea, when security researchers can easily peek inside rifle through your private messages, API keys, and databases.Also this week we learn that pro-Russian hackers are circling the Winter Olympics - or is it the Jamaican Bobsleigh team?All this and more is discussed in episode 454 of the "Smashing Security" podcast with cybersecurity veteran Graham Cluley, and special guest Iain Thomson.EPISODE LINKS:AI Agents Created Their Own Religion, Crustafarianism, On An Agent-Only Social Network - Forbes.I Infiltrated Moltbook, the AI-Only Social Network Where Humans Aren’t Allowed - Wired.'Moltbook' social media site for AI agents had big security hole, cyber firm Wiz says - Reuters.Italy blames Russia-linked hackers for cyberattacks ahead of Winter Olympics - The Record.Italy says railways hit by 'serious sabotage' as Winter Olympics begin - BBC News.EpsteIN - GitHub.Private Eye.Smashing Security merchandise (t-shirts, mugs, stickers and stuff)SPONSORS:Meter - Network infrastructure for the enterprise. Get a free personalised demo.Vanta - Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get $1000 off!Passwork - a reliable secrets manager and password management solution.SUPPORT THE SHOW:Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.Become a supporter! Join Smashing Security PLUS via Patreon or Apple Podcasts for ad-free episodes on our early-release feed!FOLLOW THE SHOW:Follow us on Bluesky or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.THANKS:Theme tune: "Vinyl Memories" by Mikael Manvelyan.Assorted sound effects: AudioBlocks.Privacy & Opt-Out: https://redcircle.com/privacy

Supposedly redacted Jeffrey Epstein files can still reveal exactly who they’re talking about - especially when AI, LinkedIn, and a few biographical breadcrumbs do the heavy lifting.Sloppy redaction leads to explosive claims, and difficult reputational consequences for cybersecurity vendors, and we learn how trust - once cracked - can be almost impossible to fully restore.Elsewhere, the spotlight turns to insider threat in the age of AI, after a senior US cybersecurity official uploads sensitive government material into the public version of ChatGPT. Oops.All this, and much more, in episode 453 of Smashing Security with cybersecurity veteran Graham Cluley and special guest Tricia Howard.EPISODE LINKS:Notepad++ hijacked to serve malware in targeted attacks - Notepad++.Porn-quitting app caught leaking users’ sexual habits - 404 Media.MicroWorld Technologies’ eScan anti-virus update turned into a malware delivery system - Morphisec.Jmail.World.Informant told FBI that Jeffrey Epstein had a ‘personal hacker’ - Techcrunch.Confidential informant statement given to FBI - US Department of Justice.Post by Graham Cluley - LinkedIn.Trump’s acting cyber chief uploaded sensitive files into a public version of ChatGPT - Politico.We are Lady Parts - Channel 4.We are Lady Parts trailer - YouTube.“Bashir with a good beard” by We are Lady Parts - YouTube.“Voldermort under my headscarf” by We are Lady Parts - YouTube.Doctor Who: The Shakespeare Notebooks - Penguin.Smashing Security merchandise (t-shirts, mugs, stickers and stuff)SPONSORS:Passwork - a reliable secrets manager and password management solution.Meter - Network infrastructure for the enterprise. Get a free personalised demo.Vanta - Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get $1000 off!SUPPORT THE SHOW:Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.Become a supporter! Join Smashing Security PLUS via Patreon or Apple Podcasts for ad-free episodes on our early-release feed!FOLLOW THE SHOW:Follow us on Bluesky or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.THANKS:Theme tune: "Vinyl Memories" by Mikael Manvelyan.Assorted sound effects: AudioBlocks.Privacy & Opt-Out: https://redcircle.com/privacy

In episode 452, a London-based YouTuber wins a landmark court case against Saudi Arabia after his phone was hacked with Pegasus spyware — exposing how a single, seemingly harmless text message can turn a smartphone into a round-the-clock surveillance device.Plus, we go looking for professional hitmen online - only to uncover uncomfortable questions about why some crimes attract customers but very few complaints.All this and more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veteran Graham Cluley, joined this week by special guest Joe Tidy.EPISODE LINKS:Sorry Dave, I’m afraid I can’t do that! PCs refuse to shut down after Microsoft patch - The Register.Russian state hackers likely behind wiper malware attack on Poland’s power grid - The Record.US charges 31 more suspects linked to ATM malware attacks - Bleeping Computer.Dark web arrests in Romania linked to portal which offered services including murder - ROCU.Romanian scammers ran fake hitman-for-hire site, lured desperate perpetrators as 'incompetent assassins' - Fox News.This Fake Hitman Site Is the Most Elaborate, Twisted Dark Web Scam Yet - VICE.Unlikely Assassin, The Murder of Amy Allwine - Rooster.Saudi dissident awarded $4.1 million by UK court for hacking, assault 'by Saudi Arabia' - Reuters.Stalkerware: The software that spies on your partner - BBC News.Using 'stalkerware' to spy on a colleague's phone - YouTube.“Polite Society” trailer - YouTube.Elegoo Saturn 3 3D printer - Elegoo.Smashing Security merchandise (t-shirts, mugs, stickers and stuff)SPONSORS:Passwork - a reliable secrets manager and password management solution.Coreview - Download "Total Tenant Takeover", a white paper about the Microsoft 365 Disaster No One Is Ready For.Vanta - Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get $1000 off!SUPPORT THE SHOW:Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.Become a supporter! Join Smashing Security PLUS via Patreon or Apple Podcasts for ad-free episodes on our early-release feed!FOLLOW THE SHOW:Follow us on Bluesky or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.THANKS:Theme tune: "Vinyl Memories" by Mikael Manvelyan.Assorted sound effects: AudioBlocks.Privacy & Opt-Out: https://redcircle.com/privacy

In episode 451 of "Smashing Security," we meet the cybercriminal who hacked the US Supreme Court, Veterans Affairs, and more - and then helpfully posted screenshots (and even someone’s blood type) on an account called "I hacked the government."Plus we discuss how researchers uncovered a creepy flaw that lets attackers hijack wireless headphones, listen in on calls, inject audio, and even turn your earbuds into a stalking device - all without you noticing.All this, and much more, in this episode of the "Smashing Security" podcast with Graham Cluley, and special guest Ray [REDACTED]EPISODE LINKS:Tennessee Man Pleads in Hacking U.S. Supreme Court, AmeriCorps, and VA Health System - US Department of Justice.Paris Hilton’s hacker sentenced to 57 months in prison - Graham Cluley.WhisperPair.One Tap To Hijack Them All - A Security Analysis of the Google Fast Pair Protocol - YouTube.Hundreds of Millions of Audio Devices Need a Patch to Prevent Wireless Hacking and Tracking - Wired.Line of Duty - Wikipedia.Line of Duty - BBC iPlayer.Forgive the haters - YouTube.Smashing Security merchandise (t-shirts, mugs, stickers and stuff)SPONSORS:Vanta - Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get $1000 off!ThreatLocker - Start your free trial and book a demo of ThreatLocker today to see how you can implement Zero Trust in your environment.Adaptive Security - request a custom demo featuring a real CEO deepfake simulation today from adaptivesecurity.com.SUPPORT THE SHOW:Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.Become a supporter! Join Smashing Security PLUS via Patreon or Apple Podcasts for ad-free episodes on our early-release feed!FOLLOW THE SHOW:Follow us on Bluesky or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.THANKS:Theme tune: "Vinyl Memories" by Mikael Manvelyan.Assorted sound effects: AudioBlocks.Privacy & Opt-Out: https://redcircle.com/privacy

Confusion reigns after claims that data linked to 17.5 million Instagram accounts is up for sale - sparked by a vague post, contradictory statements, and a flood of password reset emails nobody asked for.And we dig into Grok, Elon Musk’s AI chatbot, after it started generating sexualised images of women and children - raising uncomfortable questions about guardrails, accountability, and why playing the censorship card doesn’t make the problem go away.All this, and much more, in this episode of the "Smashing Security" podcast with Graham Cluley, and special guest Monica Verma.EPISODE LINKS:Free Speech Union website down after alleged funders exposed by trans hackers - Pink News.Illinois Man Charged in Snapchat Hacking Investigation - US Dept of Justice.Hackers get hacked, as BreachForums database is leaked - Hot for Security.Post by Malwarebytes - Bluesky.Post by Instagram - Twitter.Instagram denies breach amid claims of 17 million account data leak - Bleeping Computer.Ofcom asks X about reports its Grok AI makes sexualised images of children - BBC News.Musk’s Grok blocked by Indonesia, Malaysia over sexualized images in world first - CNN.Elon Musk shares AI images of Starmer in bikini in row over grim Grok deepfakes - Mirror.Soul Music - BBC Sounds.Smashing Security merchandise (t-shirts, mugs, stickers and stuff)SPONSORS:Vanta - Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get $1000 off!Meter - Network infrastructure for the enterprise. Get a free personalised demo.SUPPORT THE SHOW:Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.Become a supporter! Join Smashing Security PLUS via Patreon or Apple Podcasts for ad-free episodes on our early-release feed!FOLLOW THE SHOW:Follow us on Bluesky or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.THANKS:Theme tune: "Vinyl Memories" by Mikael Manvelyan.Assorted sound effects: AudioBlocks.ENJOYED THE SHOW?Make sure to check out our sister podcast, "The AI Fix".Privacy & Opt-Out: https://redcircle.com/privacy

Romance scammers have apparently discovered astrology... and Taurus is their secret weapon.In episode 449 of "Smashing Security", we take a look inside an actual romance-fraud handbook - complete with scripts, personality “types”, corporate jargon, and a seven-day plan to get victims from hello to hand over the crypto.Then Lesley "hacks4pancakes" Carhart delivers a reality check on the dire cybersecurity jobs market for juniors: why entry-level roles are evaporating, how automated CV screening is chewing candidates up, and what hopeful newcomers (and weary veterans) can do about it.Plus, Graham talks to ThreatLocker CEO Danny Jenkins about why misconfigurations are behind an uncomfortable number of breaches, how default-deny security actually works in practice, and why detecting attacks after they’ve started is already too late.All this, and much more, in this episode of the "Smashing Security" podcast with Graham Cluley, and special guest Lesley Carhart.EPISODE LINKS:Millions of Android Powered TVs and Streaming Devices Infected by Kimwolf Botnet - Hackread.Ilya Lichtenstein, Bitcoin hacker behind massive crypto theft, credits Trump for early prison release - CNBC.How Fake BSODs and Trusted Build Tools Are Used to Construct a Malware Infection - Securonix.A scammer's guide: How cybercriminals plot to rob a target in a week - Reuters.Game of Wool: Britian’s Best Knitter - Channel 4.Game of Wool trailer - YouTube.Earthrise One: Melbourne's Premier Sci-Fi Escape Room Adventure.Smashing Security merchandise (t-shirts, mugs, stickers and stuff)SPONSORS:Vanta - Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get $1000 off!ThreatLocker - Start your free trial and book a demo of ThreatLocker today to see how you can implement Zero Trust in your environment.Meter - Network infrastructure for the enterprise. Get a free personalised demo.SUPPORT THE SHOW:Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.Become a supporter! Join Smashing Security PLUS via Patreon or Apple Podcasts for ad-free episodes on our early-release feed!FOLLOW THE SHOW:Follow us on Bluesky or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.THANKS:Theme tune: "Vinyl Memories" by Mikael Manvelyan.Assorted sound effects: AudioBlocks.ENJOYED THE SHOW?Make sure to check out our sister podcast, "The AI Fix".Privacy & Opt-Out: https://redcircle.com/privacy

Think your Kindle is harmless? Think again! In this episode, Graham and special guest Danny Palmer unpack a Black Hat Europe talk revealing how a boobytrapped audiobook could exploit the Amazon eBook reader - potentially letting an attacker break into your account and seize control of your credit card.Plus a blast from 2021's "summer of ransomware" returns to haunt Ireland's Health Service Executive, as victims are offered €750 each.And because it's the last show before the Christmas break, there's also a Pick of the Week that veers from cosy rom-com comfort to pointy-polygon nostalgia. All this, and more, in episode 448 of the "Smashing Security" podcast with Graham Cluley, and special guest Danny Palmer.🎅 🎄 Thanks to everyone for listening to "Smashing Security" during 2025 - we look forward to being back in your ear'oles in early January. Stay safe! 🎅 🎄EPISODE LINKS:Password manager provider fined £1.2m by ICO for data breach affecting up to 1.6 million people in the UK - ICO.Trump Administration Turning to Private Firms in Cyber Offensive - Bloomberg.Russian ban on Roblox gaming platform sparks rare protest - Reuters.Once upon an exploit: how fake audiobook led to Kindle takeover - Cybernews.Four years later, Irish health service offers €750 to victims of ransomware attack - Bitdefender.When Harry Met Sally - Wikipedia.When Harry Met Sally trailer - YouTube.Tomb Raider 1-3 Remastered review - you were never going to smooth these games out - Eurogamer.Smashing Security merchandise (t-shirts, mugs, stickers and stuff)SPONSORS:Vanta - Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get $1000 off!ThreatLocker - Start your free trial and book a demo of ThreatLocker today to see how you can implement Zero Trust in your environment.SUPPORT THE SHOW:Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.Become a supporter! Join Smashing Security PLUS via Patreon or Apple Podcasts for ad-free episodes on our early-release feed!FOLLOW THE SHOW:Follow us on Bluesky or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.THANKS:Theme tune: "Vinyl Memories" by Mikael Manvelyan.Assorted sound effects: AudioBlocks.ENJOYED THE SHOW?Make sure to check out our sister podcast, "The AI Fix".Privacy & Opt-Out: https://redcircle.com/privacy

On this week's show we learn that AI really can be a stalker’s best friend, as we explore a strange tale that starts with a manatee-shaped mailbox on a millionaire's lawn and ends with Grok happily doxxing real people, mapping out stalking "strategies," and handing out revenge-porn tips.Then we go inside the Louvre heist, where thieves in hi-vis and a hire van waltzed off with the French crown jewels in broad daylight, exploiting our assumptions about what "looks normal" - the same kind of bias we’re now baking into security AIs.Plus, Graham chats with Rob Edmondson from CoreView about why misconfigurations and over-privileged accounts can make Microsoft 365 dangerously vulnerable.All this, and more, in episode 447 of the "Smashing Security" podcast with Graham Cluley, and special guest Jenny Radcliffe.EPISODE LINKS:Khashoggi widow files complaint in France alleging Saudi government infected devices with spyware - The Record.US Posts $10 Million Bounty for Iranian Hackers - Security Week.Infostealer has entered the chat - Kaspersky.Dave Portnoy posts a photo of his lawn (including a manatee-shaped mailbox) - Twitter.Elon Musk’s Grok AI Is Doxxing Home Addresses of Everyday People - Futurism.Elon Musk’s Grok Is Providing Extremely Detailed and Creepy Instructions for Stalking - Futurism.How the Louvre thieves exploited human psychology to avoid suspicion – and what it reveals about AI - The Conversation.Outrageous (TV series) - Wikipedia.Outrageous trailer - YouTube.Man charged with theft after allegedly swallowing Fabergé pendant in jewellery store - The Guardian.Free Microsoft 365 Tenant Security Scanner - CoreView.Smashing Security merchandise (t-shirts, mugs, stickers and stuff)SPONSORS:Vanta - Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get $1000 off!Horizon3.ai - Get an autonomous pentest demo and see your network the way attackers do. Visit Horizon3.ai.CoreView - Benchmark your Microsoft 365 tenant security against the Center for Internet Security (CIS) controls. SUPPORT THE SHOW:Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.Become a supporter! Join Smashing Security PLUS via Patreon or Apple Podcasts for ad-free episodes on our early-release feed!FOLLOW THE SHOW:Follow us on Bluesky or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.THANKS:Theme tune: "Vinyl Memories" by Mikael Manvelyan.Assorted sound effects: AudioBlocks.ENJOYED THE SHOW?Make sure to check out our sister podcast, "The AI Fix".Privacy & Opt-Out: https://redcircle.com/privacy

A teenage cybercriminal posts a smug screenshot to mock a sextortion scammer... and accidentally hands over the keys to his real-world identity. Meanwhile, we look into the crystal ball for 2026 and consider how stolen data is now the jet fuel of cybercrime – and how next year could be even nastier than 2025.Plus, Graham rants about recipe sites that won’t shut up, and there's even more love for Lily Allen's album "West End Girl" album.All this and more is discussed in episode 446 of the "Smashing Security" podcast with cybersecurity veteran Graham Cluley, and special guest Rik Ferguson.EPISODE LINKS:Europol nukes Cryptomixer laundering hub, seizing €25M in Bitcoin - The Register.4.3 Million Browsers Infected: Inside ShadyPanda's 7-Year Malware Campaign - Koi.Uncovering a Calendly-themed phishing campaign targeting business ad manager accounts - Push Security.Meet Rey, the Admin of ‘Scattered Lapsus$ Hunters’ - Krebs on Security.Jonathan Ross email goof highlights Twitter security issue - Graham Cluley.VIDEO: Mark Zuckerberg’s password choices are dadada-dumb! - Graham Cluley.Password to Louvre’s video surveillance system was 'Louvre', according to employee - ABC News.Just the Recipe.West End Girl - Wikipedia.West End Girl - Spotify.Smashing Security merchandise (t-shirts, mugs, stickers and stuff)SPONSORS:1Password - Take the first step to better security by securing your team’s credentials.Vanta - Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get $1000 off!Drata - The world’s most advanced Trust Management platform – making risk and compliance management accessible, continuous, and 10x more automated than ever before.SUPPORT THE SHOW:Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.Become a supporter! Join Smashing Security PLUS via Patreon or Apple Podcasts for ad-free episodes on our early-release feed!FOLLOW THE SHOW:Follow us on Bluesky or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.THANKS:Theme tune: "Vinyl Memories" by Mikael Manvelyan.Assorted sound effects: AudioBlocks.ENJOYED THE SHOW?Make sure to check out our sister podcast, "The AI Fix".Privacy & Opt-Out: https://redcircle.com/privacy

America's airwaves are haunted by zombies again, as we dig into a decade of broadcasters leaving their hardware open to attack, giving hackers the chance to hijack TV shows, blast out fake emergency alerts, and even replace religious sermons with explicit furry podcasts.Meanwhile, we look at how a worker at a cybersecurity firm allegedly leaked internal information to a hacking gang - raising big questions about insider threats.Plus: Frankenstein on Netflix, Vine nostalgia, and why Barney the Dinosaur may be the true criminal mastermind behind it all.All this and more is discussed in episode 445 of the “Smashing Security” podcast with cybersecurity veteran Graham Cluley, and special guest Dan Raywood.EPISODE LINKS:Fake adult websites pop realistic Windows Update screen to deliver stealers via ClickFix - Acronis.Tokyo Court Finds Cloudflare Liable For Manga Piracy in Long-Running Lawsuit - TorrentFreak.Former Google chief accused of spying on employees through account ‘backdoor’ - LA Times.Bogus zombie apocalypse warnings undermine US emergency alert system - Ars Technica.2013 EAS Zombie Hoax - Emergency Alert System Wiki.The 1987 Max Headroom incident - YouTube.Nation-wide radio station hack airs hours of vulgar “furry sex” ramblings - Ars Technica.ESPN 97.5 Houston Victim Of Barix Hack - Radio Insight.ESPN Houston apologises to viewers - Facebook.CrowdStrike fires ‘suspicious insider’ who passed information to hackers - TechCrunch.Frankenstein official trailer - YouTube.Frankenstein - Netflix.Vine: Six Seconds that changed the world - Global Player.Smashing Security merchandise (t-shirts, mugs, stickers and stuff)SPONSORS:Action1 - Keep your systems safe (and your sanity intact) with the patch management platform that just works. The best part? Your first 200 endpoints are free, forever, with no functional limits.Vanta - Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get $1000 off!Horizon3.ai - Get an autonomous pentest demo and see your network the way attackers do. Visit Horizon3.ai.SUPPORT THE SHOW:Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.Become a supporter! Join Smashing Security PLUS via Patreon or Apple Podcasts for ad-free episodes on our early-release feed!FOLLOW THE SHOW:Follow us on Bluesky or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.THANKS:Theme tune: "Vinyl Memories" by Mikael Manvelyan.Assorted sound effects: AudioBlocks.ENJOYED THE SHOW?Make sure to check out our sister podcast, "The AI Fix".Privacy & Opt-Out: https://redcircle.com/privacy

Stop the press - a company has actually said "sorry" after a data breach, and hotels are helping hackers phish their own guests.In episode 444 of "Smashing Security" we examine a refreshingly honest breach response (and why legacy systems are still going to ruin your week), dig into a nasty hotel-booking malware campaign that abuses trust in apps and CAPTCHAs, and chat about autonomous pen testing, AI-turbocharged cybercrime, and what CISOs should really be asking on Monday morning.And lost Doctor Who is brought back to life by one very dedicated animator, and we take a look at Eddie Murphy’s career.All this and more is discussed in episode 444 of the "Smashing Security" podcast with cybersecurity veteran Graham Cluley, and special guest Tricia Howard.Plus - don't miss our featured interview with Snehal Antani from Horizon3.ai!EPISODE LINKS:A Simple WhatsApp Security Flaw Exposed 3.5 Billion Phone Numbers - Wired.British hacker must repay £4m after hijacking celebrity Twitter accounts - BBC News.Cloudflare experiences a massive outage - LifeHacker.Protecting our Merchants: Standing up to Extortion - Checkout.A miracle: A company says sorry after a cyber attack - and donates the ransom to cybersecurity research - Hot for Security.Large-Scale ClickFix Phishing Attacks Target Hotel Systems with PureRAT Malware - The Hacker News.Unmasking a Sophisticated Phishing Campaign That Targets Hotel Guests - Akamai.Doctor Who Animation: Daleks' Master Plan - The Nightmare Begins. Part 1 - YouTube.Doctor Who Animation: Daleks' Master Plan - The Nightmare Begins. Part 2 - YouTube.Being Eddie - Netflix.Smashing Security merchandise (t-shirts, mugs, stickers and stuff)SPONSORS:Vanta - Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get $1000 off!Horizon3.ai - Get an autonomous pentest demo and see your network the way attackers do. Visit Horizon3.ai.SUPPORT THE SHOW:Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.Become a supporter! Join Smashing Security PLUS via Patreon or Apple Podcasts for ad-free episodes on our early-release feed!FOLLOW THE SHOW:Follow us on Bluesky or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.THANKS:Theme tune: "Vinyl Memories" by Mikael Manvelyan.Assorted sound effects: AudioBlocks.ENJOYED THE SHOW?Make sure to check out our sister podcast, "The AI Fix".Privacy & Opt-Out: https://redcircle.com/privacy

Tinder has got a plan to rummage through your camera roll, and Warren Buffett keeps popping up in convincing deepfakes dishing "number one investment tips."Meanwhile, will agentic AI replace your co-hosts before you can say "EDR for robots"? and why you should still read books.All this, plus Lily Allen's new album and Claude Code come up for discussion in episode 443 of the "Smashing Security" podcast, with special guest Ron Eddings.EPISODE LINKS:‘Landfall’ spyware abused zero-day to hack Samsung Galaxy phones - TechCrunch.Cyber insurers paid out over twice as much for UK ransomware attacks last year - The Register.Lost iPhone? Don’t fall for phishing texts saying it was found - Bleeping Computer.Tinder to use AI to get to know users, tap into their Camera Roll photos - TechCrunch.Facebook’s AI can now suggest edits to the photos still on your phone - TechCrunch.Berkshire warns of AI deepfakes impersonating Warren Buffett - Reuters.West End Girl - Wikipedia.West End Girl - Spotify.Claude Code.Smashing Security merchandise (t-shirts, mugs, stickers and stuff)SPONSORS:Action1 - Keep your systems safe (and your sanity intact) with the patch management platform that just works. The best part? Your first 200 endpoints are free, forever, with no functional limits.Vanta - Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get $1000 off!Trelica by 1Password - Access Governance for every SaaS app. Discover, manage, and optimize access for any of your SaaS apps - whether managed or unmanaged.SUPPORT THE SHOW:Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.Become a supporter! Join Smashing Security PLUS via Patreon or Apple Podcasts for ad-free episodes on our early-release feed!FOLLOW THE SHOW:Follow us on Bluesky or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.THANKS:Theme tune: "Vinyl Memories" by Mikael Manvelyan.Assorted sound effects: AudioBlocks.ENJOYED THE SHOW?Make sure to check out our sister podcast, "The AI Fix".Privacy & Opt-Out: https://redcircle.com/privacy

Time itself comes under attack as a state-backed hacking gang spends two years tunnelling toward a nation’s master clock — with chaos potentially only a tick away.Plus when ransomware negotiators turn to the dark side, what could possibly go wrong?All this and more is discussed in episode 442 of the "Smashing Security" podcast with cybersecurity veteran Graham Cluley, and special guest Dave Bittner.EPISODE LINKS:Alleged Meduza Stealer malware admins arrested after hacking Russian org - Bleeping Computer.Tap-and-Steal: The Rise of NFC Relay Malware on Mobile Devices - Zimperium.Postcode Lottery's lucky dip turns into data slip as players draw each other's info - The Register.Chinese Ministry of State Security MSS WeChat post - WeChat.China blames US for cyber break-in, claims America is world's biggest bit burglar - The Register.Chicago firm that resolves ransomware attacks had rogue workers carrying out their own hacks, FBI says - Chicago Sun Times.MicroMacro: Crime City.Star Wars 3.5 foot animated LED R2-D2 - Home Depot.TrackaLacker.Smashing Security merchandise (t-shirts, mugs, stickers and stuff)SPONSORS:Vanta - Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get $1000 off!Material - Email security that covers the full threat landscape – stopping new flavors of phishing and pretexting attacks in their tracks, while also protecting accounts and data from exploit or exposure.Drata - The world’s most advanced Trust Management platform – making risk and compliance management accessible, continuous, and 10x more automated than ever before.SUPPORT THE SHOW:Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.Become a supporter! Join Smashing Security PLUS via Patreon or Apple Podcasts for ad-free episodes on our early-release feed!FOLLOW THE SHOW:Follow us on Bluesky or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.THANKS:Theme tune: "Vinyl Memories" by Mikael Manvelyan.Assorted sound effects: AudioBlocks.ENJOYED THE SHOW?Make sure to check out our sister podcast, "The AI Fix".Privacy & Opt-Out: https://redcircle.com/privacy

Basketball stars have allegedly joined forces with the mafia to fleece high-rollers in a poker scam involving hacked shufflers, covert cameras, and an X-ray card table.Meanwhile, researchers have found they could poke around an FIA driver portal to pull up the personal details of Formula 1 megastars.Plus: Graham’s “Pick of the Week” turns CAPTCHA hell into a delightfully deranged browser game that will make you question vegetables, geometry, and your life choices, while Danny takes a trip to ancient Africa...All this and more is discussed in episode 441 of "Smashing Security" podcast with cybersecurity veteran Graham Cluley, and special guest Danny Palmer.EPISODE LINKS:Baohuo, the gray eminence. Android backdoor hijacks Telegram accounts, gaining complete control over them - Dr Web.Cyberattack on Russia’s food safety agency reportedly disrupts product shipments - The Record.Dissecting YouTube's malware distribution network - Check Point.31 Defendants, Including Members and Associates of Organized Crime Families and National Basketball Association Coach Chauncey Billups, Charged in Schemes to Rig Illegal Poker Games - US Department of Justice.How Hacked Card Shufflers Allegedly Enabled a Mob-Fueled Poker Scam That Rocked the NBA - Wired.Every Formula 1 driver on the grid just had their passport and license details leaked - but it could have been so much worse - TechRadar.I’m not a robot - Neal.fun.Can I Beat The CAPTCHA Game? - YouTube.An African History of Africa by Zeinab Badawi - Penguin.Smashing Security merchandise (t-shirts, mugs, stickers and stuff)SPONSORS:Action1 - Keep your systems safe (and your sanity intact) with the patch management platform that just works. The best part? Your first 200 endpoints are free, forever, with no functional limits.SecAlerts - SecAlerts makes your job easier by matching vulnerabilities to your software, using information as soon as it’s released. Use code SMASHING for 50% off a year subscription.Vanta - Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get $1000 off!SUPPORT THE SHOW:Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.Become a supporter! Join Smashing Security PLUS via Patreon or Apple Podcasts for ad-free episodes on our early-release feed!FOLLOW THE SHOW:Follow us on Bluesky or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.THANKS:Theme tune: "Vinyl Memories" by Mikael Manvelyan.Assorted sound effects: AudioBlocks.ENJOYED THE SHOW?Make sure to check out our sister podcast, "The AI Fix".Privacy & Opt-Out: https://redcircle.com/privacy

A literal insider threat: we head to a Romanian prison where “self-service” web kiosks allowed inmates to run wild. Then we head to the checkout aisle to ask why JavaScript on payment pages went feral, and how new PCI DSS rules are finally muzzling Magecart-style skimmers.Plus: Graham reveals his new-found superpower with Keyboard Maestro, and Scott describes a slick new way to whip up beautiful how-to videos with Screen Studio.All this and more is discussed in episode 440 of "Smashing Security" podcast with cybersecurity veteran Graham Cluley, and special guest Scott Helme.EPISODE LINKS:What caused the AWS outage - and why did it make the internet fall apart? - BBC News.China blames US for cyber break-in, claims America is world's biggest bit burglar - The Register.Nintendo allegedly hacked by Crimson Collective hacking group - screenshot shows leaked folders, production assets, developer files, and backups - Tom’s Hardware.Romanian inmate hacks into prison IT system, modifies sentences for others - Romania Insider.New Version of PCI DSS Designed to Tackle Emerging Payment Threats - Infosecurity Magazine.What is Magecart? How this hacker group steals payment card data - CSO.Keyboard Maestro.Screen Studio.Smashing Security merchandise (t-shirts, mugs, stickers and stuff)SPONSORS:ANON - Find, monitor and remove data about yourself online. Manage your digital footprint with ease. Use code SMASHING for a 25% discount.Vanta - Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get $1000 off!Trelica by 1Password - Access Governance for every SaaS app. Discover, manage, and optimize access for any of your SaaS apps - whether managed or unmanaged.SUPPORT THE SHOW:Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.Become a supporter via Patreon or Apple Podcasts for ad-free episodes on our early-release feed!FOLLOW THE SHOW:Follow us on Bluesky or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.THANKS:Theme tune: "Vinyl Memories" by Mikael Manvelyan.Assorted sound effects: AudioBlocks.ENJOYED THE SHOW?Make sure to check out our sister podcast, "The AI Fix".Privacy & Opt-Out: https://redcircle.com/privacy

A critical infrastructure hack hits the headlines - involving default passwords, boasts on Telegram, and a finale that will make a few cyber-crooks wish the ground would swallow them whole. Meanwhile we dig into the bit we don't talk about enough: the human cost of defending companies from hackers - stress, burnout, and how better leadership culture can help make security teams safer and saner.Plus we say a heartfelt "la di dah" to Diane Keaton, and tune in to a freshly re-released slice of pre-Fleetwood Mac history for the music-obsessed amongst us. All this and more is discussed in episode 439 of "Smashing Security" podcast with cybersecurity veteran Graham Cluley, and his special guest Annabel Berry.EPISODE LINKS:Cyber-attacks rise by 50% in past year, UK security agency says - The Guardian.What does the end of free support for Windows 10 mean for its users? - The Guardian.Satellites found exposing unencrypted data, including phone calls and some military comms - TechCrunch.Anatomy of a Hacktivist Attack: Russian-Aligned Group Targets OT/ICS - Forescout.Caught in the act: Ransomware attack sticks to our AI-created honeypot - Forescout.Human Performance in Security Operations: A Survey on Burnout, Wellbeing and Flow State Among Practitioners - NDSS Symposium.State of the Security Profession 23/24 - Chartered Institute of Information Security.Leading Cyber.Mental Health in Cybersecurity Foundation.“Play it Again, Sam” - IMDB.“Play it Again, Sam” clip - YouTube.“Buckingham Nicks” - Spotify.Fleetwood Mac - Silver Springs (Live, 1997) - YouTube.Smashing Security merchandise (t-shirts, mugs, stickers and stuff)If anything we've discussed today has resonated with you, or if you're going through a tough time, please know you are not alone. There is always someone ready to listen, without judgment. Here are a few of the available resources:Shout - text 85258 (24x7)Samaritans - tel 116123 (24x7)Suicide prevention - tel 0800 689 5652 (6pm - 3.30am)SANEline - tel 0300 304 7000 (4.30pm - 10.30pm)SPONSORS:SecAlerts - SecAlerts makes your job easier by matching vulnerabilities to your software, using information as soon as it’s released. Use code SMASHING for 50% off a year subscription.ANON - Find, monitor and remove data about yourself online. Manage your digital footprint with ease. Use code SMASHING for a 25% discount.Vanta - Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get $1000 off!SUPPORT THE SHOW:Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.Become a supporter via Patreon or Apple Podcasts for ad-free episodes on our early-release feed!FOLLOW THE SHOW:Follow us on Bluesky or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.THANKS:Theme tune: "Vinyl Memories" by Mikael Manvelyan.Assorted sound effects: AudioBlocks.ENJOYED THE SHOW?Make sure to check out our sister podcast, "The AI Fix".Privacy & Opt-Out: https://redcircle.com/privacy

Your computer's mouse might not be as innocent as it looks - and one ransomware crew has a crisis of conscience that nobody saw coming.We talk about how something as ordinary as a web page could turn your mouse into a surprisingly nosey neighbour, and why ransomware gangs need to think carefully about their reputation.Meanwhile, Graham reveals a baked potato hack that might just change your life, and we take an unexpected detour to South America for a bit of literary adventure involving inflatable pigs.All this and more is discussed in episode 438 of the "Smashing Security" podcast with cybersecurity veteran Graham Cluley, and his special guest Geoff White.EPISODE LINKS:Discord users' data stolen by hackers in third-party data breach - Bitdefender.North Korean hackers increasingly targeting wealthy crypto holders - BBC News.Scattered Lapsus$ Hunters offering $10 in Bitcoin to 'endlessly harass' execs - The Register.Vacanti mouse - Wikipedia.Mic-E-Mouse.Invisible Ears at Your Fingertips: Acoustic Eavesdropping via Mouse Sensors - Arvix.Mic-E-Mouse Pipeline Demonstration - YouTube.Hackers say they have deleted children's pictures and data after nursery attack backlash - BBC News.Baked Potato - Wikipedia.“At the Tomb of the Inflatable Pig: Travels through Paraguay” - Penguin.Smashing Security merchandise (t-shirts, mugs, stickers and stuff)SPONSORS:Vanta - Expand the scope of your security program with market-leading compliance automation... while saving time and money. Smashing Security listeners get $1000 off.Trelica by 1Password - Access Governance for every SaaS app. Discover, manage, and optimize access for any of your SaaS apps - whether managed or unmanaged.Drata - The world’s most advanced Trust Management platform – making risk and compliance management accessible, continuous, and 10x more automated than ever before.SUPPORT THE SHOW:Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.Become a supporter via Patreon or Apple Podcasts for ad-free episodes on our early-release feed!FOLLOW THE SHOW:Follow us on Bluesky or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.THANKS:Theme tune: "Vinyl Memories" by Mikael Manvelyan.Assorted sound effects: AudioBlocks.ENJOYED THE SHOW?Make sure to check out our sister podcast, "The AI Fix".Privacy & Opt-Out: https://redcircle.com/privacy

Researchers uncovered a security flaw in Salesforce’s shiny new Agentforce. The vulnerability, dubbed "ForcedLeak", let them smuggle AI-read instructions in via humble Web-to-Lead form... and ended up spilling data for the low, low price of five dollars.And we discuss why data breach communications still default to "we take security seriously" while quietly implying "assume no breach" - until the inevitable walk-back.Plus, we take a look at ITV's phone-hacking drama with David Tennant, and take a crack at decoding the history of the Rosetta Stone.Hear all this and more in episode 437 of the "Smashing Security" podcast by cybersecurity veteran Graham Cluley, joined this week by special guest Paul Ducklin.EPISODE LINKS:Harrods suffers new data breach exposing 430,000 customer records - Bleeping Computer.Caméras dissimulées : la CNIL sanctionne la Samaritaine - CNIL.‘Total internet blackout’ in Afghanistan sparks panic after Taliban vowed to stamp out immoral activities - CNN.ForcedLeak: AI Agent risks exposed in Salesforce AgentForce - Noma.The Hack - itvX.The Hack - YouTube.The Rosetta Stone: The Story of the Decoding of Hieroglyphics - Amazon.Smashing Security merchandise (t-shirts, mugs, stickers and stuff)SPONSORS:SecAlerts - SecAlerts makes your job easier by matching vulnerabilities to your software, using information as soon as it’s released. Use code SMASHING for 50% off a year subscription.ANON - Find, monitor and remove data about yourself online. Manage your digital footprint with ease. Use code SMASHING for a 25% discount.Vanta - Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get $1000 off!SUPPORT THE SHOW:Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.Become a supporter via Patreon or Apple Podcasts for ad-free episodes on our early-release feed!FOLLOW THE SHOW:Follow us on Bluesky or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.THANKS:Theme tune: "Vinyl Memories" by Mikael Manvelyan.Assorted sound effects: AudioBlocks.ENJOYED THE SHOW?Make sure to check out our sister podcast, "The AI Fix".Privacy & Opt-Out: https://redcircle.com/privacy

Ransomware doesn’t just freeze computers - it can silence alarms too. And when the Natural History Museum in Paris went dark, thieves helped themselves to €600,000 worth of gold in a daring late-night heist. Meanwhile, developers have a new headache: a worm dubbed “Shai Hulud” has wriggled its way through more than 180 npm packages, quietly stealing secrets.But it’s not all doom and gloom - unless you count your kitchen appliances turning into ad billboards.All this and more is discussed in episode 436 of the "Smashing Security" podcast with cybersecurity veteran Graham Cluley, and his special guest Zoë Rose.EPISODE LINKS:EU cyber agency says airport software held to ransom by criminals - BBC News.Teenagers charged over cyber attack on TfL costing millions of pounds - Sky News.Teen arrested on suspicion of Vegas Strip attack that cost $100M - SF Gate.Paris: cyber-attack hits Natural History Museum, cancels exhibition - Sortira Paris.Cybersécurité : le Grand Palais et plusieurs musées dont le Louvre victimes d’une attaque par rançongiciel - Le Parisien."Des pièces de collection nationale": le directeur du Muséum d'histoire naturelle de Paris indique que les pépites d'or volées ont "une valeur inestimable" - BFMTV.Shai-Hulud Supply Chain Attack: Worm Used to Steal Secrets, 180+ NPM Packages Hit - Security Week.Shai-Hulud: Ongoing Package Supply Chain Worm Delivering Data-Stealing Malware - Wiz.180+ NPM Packages Hit in Major Supply Chain Attack - Ox.Samsung confirms ads will now be shown on its $1,800+ fridges - UniLad.Bosch Cordless Multifunction Tool - Bosch.Smashing Security merchandise (t-shirts, mugs, stickers and stuff)SPONSORED BY:Vanta – Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get $1000 off!Trelica by 1Password - Access Governance for every SaaS app. Discover, manage, and optimize access for any of your SaaS apps - whether managed or unmanaged.SUPPORT THE SHOW:Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.Become a supporter via Patreon or Apple Podcasts for ad-free episodes on our early-release feed!FOLLOW THE SHOW:Follow us on Bluesky or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.THANKS:Theme tune: "Vinyl Memories" by Mikael Manvelyan.Assorted sound effects: AudioBlocks.ENJOYED THE SHOW?Make sure to check out our sister podcast, "The AI Fix".Privacy & Opt-Out: https://redcircle.com/privacy

When "bad actors" stop being hackers and start being... actual actors.This week, Graham and special guest Jenny Radcliffe play “Hacker or Ham?” (yes, Steven Seagal, we’re looking at you), before diving into a campaign which saw an Iranian gang luring Israeli performers with fake casting calls for a serious film. We unpack why positive lures can short-circuit scepticism just as effectively as fear.Plus, the UK's ICO says students are increasingly hacking their own schools.Meanwhile, Graham heads to 1960s Oxford with Endeavour, while Jenny investigates the Wirral’s mysterious "Catman".All this, and more, in episode 435 of the "Smashing Security" podcast.EPISODE LINKS:Shai-Hulud Worm Compromises npm Ecosystem in Supply Chain Attack - Unit 42.Jaguar Land Rover extends production shutdown after cyber-attack - The Guardian.AI-Driven Deepfake Military ID Fraud Campaign by Kimsuky APT - Genians.Israel says suspected Iranian hackers targeted actors in phishing attack - Iran International.Iranian Educated Manticore Targets Leading Tech Academics - Check Point.Children hacking their own schools for 'fun', watchdog warns - BBC News.Endeavour - ITVx.Crowds armed with torches hunt the “cat man” every night - Liverpool Echo.Smashing Security merchandise (t-shirts, mugs, stickers and stuff)SPONSORS:Vanta - Expand the scope of your security program with market-leading compliance automation... while saving time and money. Smashing Security listeners get $1000 off!Adaptive Security - request a custom demo featuring a real CEO deepfake simulation today from adaptivesecurity.com.SUPPORT THE SHOW:Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.Become a supporter via Patreon or Apple Podcasts for ad-free episodes on our early-release feed!FOLLOW THE SHOW:Follow us on Bluesky or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.THANKS:Theme tune: "Vinyl Memories" by Mikael Manvelyan.Assorted sound effects: AudioBlocks.ENJOYED THE SHOW?Make sure to check out our sister podcast, "The AI Fix".Privacy & Opt-Out: https://redcircle.com/privacy

Ever wondered what would happen if Burger King left the keys to the kingdom lying around for anyone to use? Ethical hackers did - and uncovered drive-thru recordings, hard-coded passwords, and even the power to open a Whopper outlet on the moon.Meanwhile, over in Silicon Valley, one AI wunderkind managed to turn a $7 million payday into a career-ending lawsuit by allegedly walking trade secrets straight out the door as he jumped ship for a rival.All this and much more is discussed in episode 434 of the award-winning “Smashing Security” podcast with computer security veteran Graham Cluley, joined this week by special guest Lianne Potter. Hear them they chew over catastrophic fast-food security, insider threats with extra fries, and why even the biggest brains in AI can't stop themselves from doing something utterly stupid.EPISODE LINKS:We Hacked Burger King: How Authentication Bypass Led to Drive-Thru Audio Surveillance - Internet archive wayback machine.DMCA notice - Bobdahacker.xAI sues former engineer, alleging he stole trade secrets after being paid $7M - San Francisco Standard.xAI vs Xuechen Li - Court documents.Classic Reload.Digger - Classic Reload.Kingdom of Kroz - Classic Reload.The Bad Movie Bible - YouTube.Shark Attack 3: Megalodon - YouTube.Smashing Security merchandise (t-shirts, mugs, stickers and stuff)SPONSORED BY:Drata - The world’s most advanced Trust Management platform – making risk and compliance management accessible, continuous, and 10x more automated than ever before.Trelica by 1Password - Access Governance for every SaaS app. Discover, manage, and optimize access for any of your SaaS apps - whether managed or unmanaged.Vanta - Expand the scope of your security program with market-leading compliance automation... while saving time and money. Smashing Security listeners get $1000 off!SUPPORT THE SHOW:Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.Become a supporter via Patreon or Apple Podcasts for ad-free episodes on our early-release feed!FOLLOW THE SHOW:Follow us on Bluesky or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.THANKS:Theme tune: "Vinyl Memories" by Mikael Manvelyan.Assorted sound effects: AudioBlocks.ENJOYED THE SHOW?Make sure to check out our sister podcast, "The AI Fix".Privacy & Opt-Out: https://redcircle.com/privacy

Your AI reads the small print, and that's a problem. This week in episode 433 of "Smashing Security" we dig into LegalPwn - malicious instructions tucked into code comments and disclaimers that sweet-talks AI into rubber-stamping dangerous payloads (or even pretending they’re a harmless calculator).Meanwhile, new research from Anthropic reveals that hackers have already used AI agents to break into networks, steal passwords, sift through stolen data, and even write custom ransom notes. In other words, one hacker with an AI helper can work like an entire team of cybercriminals.Plus: a joyous geek detour into keyboard history, and the most diabolically annoying, fully functional AI-generated CAPTCHA that you will love to inflict on your friends.EPISODE LINKS:LegalPwn: Abusing Legal Disclaimers to Trigger Prompt Injections - Pangea Labs.LegalPwn: Tricking LLMs by burying badness in lawyerly fine print - The Register.LegalPwn Attack Tricks GenAI Tools Into Misclassifying Malware as Safe Code - HackRead.One long sentence is all it takes to make LLMs misbehave - The Register.Londoners give up eldest children in public Wi-Fi security horror show - The Guardian.Targeted social engineering is en vogue as ransom payment sizes increase - Coveware.State of Malware 2025 - ThreatDown.Cybercrime in the Age of AI - ThreatDown.Threat Intelligence Report: August 2025 - Anthropic.The Day Return Became Enter - Marcin Wichary.Ethan Mollick’s terrible AI-generated CAPTCHAs - Twitter.The very worst AI-generated CAPTCHA? - Claude.ai.Smashing Security merchandise (t-shirts, mugs, stickers and stuff)SPONSORED BY:Vanta – Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get $1000 off!SUPPORT THE SHOW:Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.Become a supporter via Patreon or Apple Podcasts for ad-free episodes on our early-release feed!FOLLOW THE SHOW:Follow us on Bluesky or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.THANKS:Theme tune: "Vinyl Memories" by Mikael Manvelyan.Assorted sound effects: AudioBlocks.ENJOYED THE SHOW?Make sure to check out our sister podcast, "The AI Fix".Privacy & Opt-Out: https://redcircle.com/privacy

We unpack how some password managers can be tricked into coughing up your secrets, with a clickjacking sleight-of-hand, what website owners can do to prevent it, and how to lock down your personal password vault.Then we time-hop to the post-quantum scramble: "harvest-now, decrypt later", Microsoft's 2033 quantum-safe pledge, and whether your printer will survive the update apocalypse.All this, plus a gloriously dodgy URL “shadyfier,” and turning the iconic iMac G4 into a modern media hub.All this and more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veteran Graham Cluley, joined this week by special guest Thom Langford.EPISODE LINKS:DOM-based Extension Clickjacking: Your Password Manager Data at Risk - Marek Tóth.Major password managers can leak logins in clickjacking attacks - Bleeping Computer.Microsoft to Make All Products Quantum Safe by 2033 - Infosecurity Magazine.Shady URL.DockLite G4 - Juicy Crumb.I perfected the iMac G4 - YouTube.Smashing Security merchandise (t-shirts, mugs, stickers and stuff)SUPPORT THE SHOW:Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.Become a supporter via Patreon or Apple Podcasts for ad-free episodes on our early-release feed!FOLLOW THE SHOW:Follow us on Bluesky or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.THANKS:Theme tune: "Vinyl Memories" by Mikael Manvelyan.Assorted sound effects: AudioBlocks.ENJOYED THE SHOW?Make sure to check out our sister podcast, "The AI Fix".Privacy & Opt-Out: https://redcircle.com/privacy

In episode 431 of the "Smashing Security" podcast, a self-proclaimed crypto-influencer calling himself CP3O thought he had found a shortcut to riches — by racking up millions in unpaid cloud bills.Meanwhile, we look at the growing threat of EDR-killer tools that can quietly switch off your endpoint protection before an attack even begins.And for something a little different, we peek into the Internet Archive’s dystopian Wayforward Machine and take a detour to Mary Shelley’s resting place in Bournemouth.All this and more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley, joined this week by special guest Allan "Ransomware Sommelier" Liska.Episode links:Crypto Influencer Sentenced to Prison for Multi-Million Dollar “Cryptojacking” Scheme - US Department of Justice.Ransomware crews don't care about your endpoint security – they've already killed it - The Register.Way Forward Machine - The Internet Archive.Mary Shelley’s grave - Atlas Obscura.Smashing Security merchandise (t-shirts, mugs, stickers and stuff)Sponsored by:Proton Drive - Protect your files with end-to-end encryption in Switzerland’s secure cloud — only on Proton Drive.SUPPORT THE SHOW:Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.Become a supporter via Patreon or Apple Podcasts for ad-free episodes on our early-release feed!FOLLOW US:Follow us on Bluesky or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.THANKS:Theme tune: "Vinyl Memories" by Mikael Manvelyan.Assorted sound effects: AudioBlocks.ENJOYED THE SHOW?Make sure to check out our sister podcast, "The AI Fix".Privacy & Opt-Out: https://redcircle.com/privacy

A poisoned Google Calendar invite that can hijack your smart home, a man is hospitalised after ChatGPT told him to season his food with… pesticide, and some thoughts on Superman’s latest cinematic outing.All this and more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley, joined this week by special guest Dave Bittner from The Cyberwire.Warning: This podcast may contain nuts, adult themes, and rude language.Episode links:Invitation Is All You Need: Invoking Gemini for Workspace Agents with a Simple Google Calendar Invite - SafeBreach.Invitation attack curses - YouTube.Invitation attack opens shutters - YouTube.Guy Gives Himself 19th Century Psychiatric Illness After Consulting With ChatGPT - 404 Media.Superman (2025) trailer - YouTube.Billy Joel: And so it goes - HBO Max.Billy Joel: And so it goes trailer - YouTube.Smashing Security merchandise (t-shirts, mugs, stickers and stuff)Sponsored by:Proton - Break free from Gmail. You should be able to choose what happens to your data. With Proton, only you can read your emails.SUPPORT THE SHOW:Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!FOLLOW US:Follow us on Bluesky or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.THANKS:Theme tune: "Vinyl Memories" by Mikael Manvelyan.Assorted sound effects: AudioBlocks.ENJOYED THE SHOW?Make sure to check out our sister podcast, "The AI Fix".Privacy & Opt-Out: https://redcircle.com/privacy

Those of you who tuned in to last week's episode (#428) will have heard the big news from my podcast pal Carole that she's decided to move on from her co-hosting duties on the show.There have been some lovely messages of support sent through for Carole, and indeed for me too. Thank you very much to all of you - it's really heart-warming to hear how much the last 428 episodes have meant to you all, and how much you want the show to go on.And so - as I said last week - it will carry on. Next week there will be a regular edition of "Smashing Security" with a special guest well known to all of you, and I plan to carry on as normal every week with guests after that...This week though I felt like I needed to catch my breath, and take a break. But I didn't want to leave you without something to listen to...So, here is a special edition of "Smashing Security" with a couple of clips from recent episodes of its sister show "The AI Fix", which I co-host with Mark Stockley.If you enjoy "The AI Fix," please do follow it in your favourite podcast apps and tell your friends!Until next week, cheerio bye bye.Episode links:The AI Fix.The AI Fix on Apple Podcasts.The AI Fix on Spotify.The AI Fix on Pocketcasts.The AI Fix on Overcast.SUPPORT THE SHOW:Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!FOLLOW US:Follow us on Bluesky or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.THANKS:Theme tune: "Vinyl Memories" by Mikael Manvelyan.Assorted sound effects: AudioBlocks.ENJOYED THE SHOW?Make sure to check out our sister podcast, "The AI Fix".Privacy & Opt-Out: https://redcircle.com/privacy

The viral women-only dating safety app Tea, built to flag red flags, gets flagged itself - after leaking over 70,000 private images and chat logs. We are talking full-on selfies, ID docs, private DMs, and a dash of 4chan creepiness. Yikes.Plus, Carole takes us down memory lane as she hangs up her co-host mic after 428 glorious episodes. Expect tea, tears, and Tom Lehrer.All this is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault.Warning: This podcast may contain nuts, adult themes, and rude language.Episode links:Update regarding cybersecurity incident - Tea.Hackers steal images from women's dating safety app that vets men - BBC News.A Second Tea Breach Reveals Users’ DMs About Abortions and Cheating - 404 Media.American musical satirist Tom Lehrer dies at 97 - BBC News.Tom Lehrer website.Tom Lehrer sings The Elements, live in Copenhagen, 1967 - YouTube.Tom Lehrer sings “New Math” (animated) - YouTube.Carole’s Substack.Libby - Library app.Shokz UK.Two Birds Yoga - YouTube.Thermapen.BBC Sounds.Smashing Security merchandise (t-shirts, mugs, stickers and stuff)Sponsored by:Vanta – Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get $1000 off!Trelica by 1Password - Access Governance for every SaaS app. Discover, manage, and optimize access for any of your SaaS apps - whether managed or unmanaged.SUPPORT THE SHOW:Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!FOLLOW US:Follow us on Bluesky or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.THANKS:Theme tune: "Vinyl Memories" by Mikael Manvelyan.Assorted sound effects: AudioBlocks.Privacy & Opt-Out: https://redcircle.com/privacy

In this episode, Graham warns why it is high time we said goodbye to 2G - the outdated mobile network being exploited by cybercriminals with suitcase-sized SMS blasters. From New Zealand to London, scammers are driving around cities like dodgy Uber drivers, spewing phishing texts to thousands at once.Meanwhile, Carole unpacks a painfully awkward tale of amour fou, as a 76-year-old Belgian man drives 476 miles to meet his dream woman... only to be greeted by her very-much-still-husband at the gate.Plus: Sky Arts painting competitions get a thumbs up, Mark Zuckerberg never loses at board games, and the scandalous Facebook memoir Meta tried to silence.All this and more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault.Warning: This podcast may contain nuts, adult themes, and rude language.Episode links:Teen arrested for 'smishing scam' using technology never before seen in New Zealand - RNZ.Op Orca — smishing scam smashed - New Zealand police.SMS blasting incidents are rising - Risky Bulletin.Bangkok busts SMS Blaster sending 1 million scam texts from a van - Bleeping Computer.Police warn of SMS scams as ‘blaster’ is used to send thousands of texts - The Guardian.Reports of SMS Messages Sent by Fake Base Stations - Commsrisk.Keeping your Android device safe from text message fraud - Google Security blog.What is Paris syndrome? How culture shock can kill a trip - The Independent.Belgian man crushed after driving nearly 500 miles to meet French model he believed was his 'future wife' - Fox News. French is the language of love: myth, reality, and romance - ICLS.Romance scam victim travels 700km 'to marry French beauty queen' - BBC News.Un homme se présente chez moi pour être mon futur mari… - YouTube. Sky Artist of the Year.Careless People  - The Guardian Bookshop. Careless People: We read the book that Mark Zuckerberg doesn’t want you to read - Slate. Smashing Security merchandise (t-shirts, mugs, stickers and stuff)Sponsored by:Vanta - Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get $1000 off! SUPPORT THE SHOW:Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!FOLLOW US:Follow us on Bluesky or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.THANKS:Theme tune: "Vinyl Memories" by Mikael Manvelyan.Assorted sound effects: AudioBlocks.Privacy & Opt-Out: https://redcircle.com/privacy

In episode 426 of the "Smashing Security" podcast, Graham reveals how you can hijack a train’s brakes from 150 miles away using kit cheaper than a second-hand PlayStation.Meanwhile, Carole investigates how Grok went berserk, which didn't stop the Department of Defense signing a contract with Elon’s AI chatbot. So who is responsible when your chatbot becomes a bigot?Plus: Email headaches, SPF rage, and a glowing review for... Taskmaster SuperMax Plus?All this and more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault.Warning: This podcast may contain nuts, adult themes, and rude language.Episode links:Schoolboy hacks into city's tram system - The Telegraph.Caboose - Wikipedia.Neil Smith discusses his findings - Twitter thread.End-of-Train and Head-of-Train Remote Linking Protocol - CISA.The Cheap Radio Hack That Disrupted Poland’s Railway System - Wired.Grok, Elon Musk’s AI Chatbot, Shares Antisemitic Posts on X - The New York Times.X ordered its Grok chatbot to ‘tell like it is.’ Then the Nazi tirade began - Washington Post. Hacker uses Elmo's X account to post antisemitic rant and demand release of Epstein files - ABC News.Elon Musk Announces Sensuous Grok AI Companion - Mashable.Grok Rolls Out Pornographic Anime Companion, Lands Department of Defense Contract - The Rolling Stone. Learn DMARC.TASKMASTER SUPERMAX+.Smashing Security merchandise (t-shirts, mugs, stickers and stuff)Sponsored by:Adaptive Security - request a custom demo featuring a real CEO deepfake simulation today from adaptivesecurity.com.Vanta – Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get $1000 off!Trelica by 1Password - Access Governance for every SaaS app. Discover, manage, and optimize access for any of your SaaS apps - whether managed or unmanaged.SUPPORT THE SHOW:Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!FOLLOW US:Follow us on Bluesky or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.THANKS:Theme tune: "Vinyl Memories" by Mikael Manvelyan.Assorted sound effects: AudioBlocks.Privacy & Opt-Out: https://redcircle.com/privacy

In episode 425 of "Smashing Security", Graham reveals how "Call of Duty: WWII" has been weaponised - allowing hackers to hijack your entire PC during online matches, thanks to ancient code and Microsoft’s Game Pass.Meanwhile, Carole digs into a con targeting the recently incarcerated, with scammers impersonating bail bond agents to fleece desperate families.All this and more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault.Warning: This podcast may contain nuts, adult themes, and rude language.Episode links:Call of Duty: WWII trailer - YouTube.Warning: Do NOT Play COD WWII on PC Gamepass - YouTube.2017 Wichita swatting - Wikipedia.Call of Duty: WW2 on PC Game Pass yanked offline amid reports security exploits are leaving players with screens full of smut - Eurogamer.Common Bail Bond Scams and How to Avoid Them - US Attorneys.Can I Check out Another Person's Criminal Record? - Nolo. Belton Bail Bond Testimonials.‘They know everything’: Families of inmates at Sumner County Jail targeted in bail scam - Nashville WKRN.Latest scam targets NJ families of those who were recently arrested, demanding bail - New Jersey 1050.John & Paul: A Love Story in Songs by Ian Leslie review – let it be the new gold standard in Beatles studies - The Guardian.Introducing 'John & Paul: A Love Story In Songs' - Ian Leslie.Charles Paris mysteries - BBC Radio 4.Smashing Security merchandise (t-shirts, mugs, stickers and stuff)Sponsored by:Adaptive Security - request a custom demo featuring a real CEO deepfake simulation today from adaptivesecurity.com.Drata - The world’s most advanced Trust Management platform – making risk and compliance management accessible, continuous, and 10x more automated than ever before.Vanta – Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get $1000 off!SUPPORT THE SHOW:Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!FOLLOW US:Follow us on Bluesky or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.THANKS:Theme tune: "Vinyl Memories" by Mikael Manvelyan.Assorted sound effects: AudioBlocks.Privacy & Opt-Out: https://redcircle.com/privacy

A Mexican drug cartel spies on the FBI using traffic cameras and spyware — because "ubiquitous technical surveillance” is no longer just for dystopian thrillers. Graham digs into a chilling new US Justice Department report that shows how surveillance tech was weaponised to deadly effect.Meanwhile, Carole checks the rear-view mirror on the driverless car industry. Whatever happened to those million Tesla robotaxis Elon Musk promised by 2020? Spoiler: they’re here — sort of — but they sometimes drive into oncoming traffic.Plus: Leighton House, heatwave survival gadgets, and an unflushable toilet situation (not what you think).All this and more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault.Warning: This podcast may contain nuts, adult themes, and rude language.Episode links:Mexican drug cartel hacker spied on FBI official’s phone to track and kill informants, report says - TechCrunch.Audit of the Federal Bureau of Investigation's Efforts to Mitigate the Effects of Ubiquitous Technical Surveillance - US Department of Justice Office of the Inspector General.Tesla driver tells police he was using 'self-drive' system when his car hit a parked police vehicle - AP News.‘Lidar is lame’: why Elon Musk’s vision for a self-driving Tesla taxi faltered - The Guardian.Tesla invited influencers to test its robotaxi. Here's what they had to say - USA Today Europe.Elon Musk Hails 'Successful' Tesla Robotaxis Launch in Austin Amid Reported Glitches - eWEEK.A Fatal Tesla Crash Shows the Limits of Full Self-Driving - Bloomberg.The Arab Hall at Leighton House.Spandau Ballet’s “Gold” - shot at Leighton House!Shark FlexBreeze Fan With InstaCool Mist Attachment - Shark.Smashing Security merchandise (t-shirts, mugs, stickers and stuff)Sponsored by:Vanta – Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get $1000 off!Trelica by 1Password - Access Governance for every SaaS app. Discover, manage, and optimize access for any of your SaaS apps - whether managed or unmanaged.SUPPORT THE SHOW:Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!FOLLOW US:Follow us on Bluesky or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.THANKS:Theme tune: "Vinyl Memories" by Mikael Manvelyan.Assorted sound effects: AudioBlocks.Privacy & Opt-Out: https://redcircle.com/privacy

In this episode, Graham unravels Operation Endgame - the surprisingly stylish police crackdown that is seizing botnets, mocking malware authors with anime videos, and taunting cybercriminals via Telegram.Meanwhile, Carole exposes the AI-generated remote hiring threat. Could your next coworker be a North Korean hacker with a perfect LinkedIn?And BBC cyber correspondent Joe Tidy joins us to talk about "Ctrl-Alt-Chaos", his new book diving into the murky world of teenage hackers, ransomware gangs, and the strange motivations that lie behind digital mayhem.Plus: competitive pond husbandry, dead slugs, Hitster the board game, and a shoutout to the AI startup that hijacked Graham's SEO.All this and more is discussed in episode 423 of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault - it's like a cauldron of life... but for cybersecurity.Warning: This podcast may contain nuts, adult themes, and rude language.Episode links:Operation Endgame.Ctrl+Alt+Chaos.Lizard Squad Member: Why I Took Down Xbox and PlayStation - YouTube.Reckoning With the Rise of Deepfakes - The Regulatory Review.Deepfake interviews: Navigating the growing AI threat in recruitment and organizational security - Fast Company. Why Your Hiring Process is Now a Cybersecurity Vulnerability - Pindrop.Best Practices for Defeating Deepfake Candidate Fraud - Dice Hiring.Phanpy - A minimalistic opinionated Mastodon web client.How to make a mini pond - Gardener’s World.Hitster board game.Smashing Security merchandise (t-shirts, mugs, stickers and stuff)Sponsored by:Vanta– Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get $1000 off!Flare- Uncover the latest threats across the dark web and Telegram. Start your free trial today.Trelica by 1Password - Access Governance for every SaaS app. Discover, manage, and optimize access for any of your SaaS apps - whether managed or unmanaged.SUPPORT THE SHOW:Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!FOLLOW US:Follow us on Bluesky or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.THANKS:Theme tune: "Vinyl Memories" by Mikael Manvelyan.Assorted sound effects: AudioBlocks.Privacy & Opt-Out: https://redcircle.com/privacy

A GCHQ intern forgets the golden rule of spy school — don’t take the secrets home with you — and finds himself swapping Cheltenham for a cell. Meanwhile, an Australian hacker flies too close to the sun, hacks his way into a US indictment, and somehow walks free... only to get booted back Down Under.Plus: flow states, Bob Mortimer, and the joys of pretending to carry an owl around on a cushion.All this and more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault.Warning: This podcast may contain nuts, adult themes, and rude language.Episode links:The Cheltenham Doughnut - Wikipedia.Summer placements - GCHQ.Spy school dropout: GCHQ intern jailed for swiping classified data - The Register.Former GCHQ intern jailed for taking top secret files home - Crown Prosecution Service.United States government says it will deport Australian hacker David Kee Crees  - ABC News.Australian national known as “DR32” sentenced in U.S. federal court  – DataBreaches.ICE takes steps to deport the Australian hacker known as “DR32” – DataBreaches.Aussie Travel Cover has hundreds of thousands of records stolen in hacking, policy holders not informed - ABC News.Australian cybercriminal to be deported from US - Information Age.Government sites hit by Aussie Travel Cover hacker - ZDNET.Abdilo, Australia-based computer hacker, live streams attack on US education sites - ABC News.Bob Mortimer's Pet Owl - YouTube.And Away… by Bob Mortimer - Simon & Schuster.Flow by Mihaly Csikszentmihaly -  HarperCollins.Smashing Security merchandise (t-shirts, mugs, stickers and stuff)Sponsored by:Vanta – Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get $1000 off!Flare - Uncover the latest threats across the dark web and Telegram. Start your free trial today.Trelica by 1Password - Access Governance for every SaaS app. Discover, manage, and optimize access for any of your SaaS apps - whether managed or unmanaged.SUPPORT THE SHOW:Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!FOLLOW US:Follow us on Bluesky or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.THANKS:Theme tune: "Vinyl Memories" by Mikael Manvelyan.Assorted sound effects: AudioBlocks.Privacy & Opt-Out: https://redcircle.com/privacy

What do a sleazy nightclub carpet, Google’s gaping privacy hole, and an international student conned by fake ICE agents have in common? This week’s episode of the "Smashing Security" podcast obviously.Graham explains how a Singaporean bug-hunter cracked Google’s defences and could brute-force your full phone number. Meanwhile, Carole dives into a chilling scam where ICE impersonators used fear, spoofed numbers, and... Apple gift cards to extort terrified migrants.Plus: Nazis, door safety, and the age-old struggle of telling Ralph Fiennes from Liam Neeson.All this and more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault.Warning: This podcast may contain nuts, adult themes, and rude language.Episode links:Bruteforcing the phone number of any Google user - Brutecat.Leaking the phone number of any Google user - YouTube.Researcher Found Flaw to Discover Phone Numbers Linked to Any Google Account - The Hacker News.Google fixes flaw that could unmask YouTube users' email addresses - Bleeping Computer.ICE Scammers Are On The Rise: What To Do  - Newsweek.Student visa holder tricked by fake ICE agent scam, loses thousands  - Newsweek.Conspiracy - IMDB.Schindler’s List - IMDB.Dutch Reach car door opening method - The AA.Smashing Security merchandise (t-shirts, mugs, stickers and stuff)Sponsored by:Drata - The world’s most advanced Trust Management platform – making risk and compliance management accessible, continuous, and 10x more automated than ever before.Vanta – Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get $1000 off!Flare - Uncover the latest threats across the dark web and Telegram. Start your free trial today.SUPPORT THE SHOW:Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!FOLLOW US:Follow us on Bluesky or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.THANKS:Theme tune: "Vinyl Memories" by Mikael Manvelyan.Assorted sound effects: AudioBlocks.Privacy & Opt-Out: https://redcircle.com/privacy

A bizarre case of political impersonation, where Trump’s top aide Susie Wiles is cloned (digitally, not biologically — we think), and high-ranking Republicans start getting invitations to link up with "her" on Telegram to share their Trump pardon wishlists. Was it a deepfake? Or just someone with a halfway decent impression and access to a shady data broker?Meanwhile, we take a worryingly familiar journey into the mental health crisis in the UK — and how TikTok is stepping in with advice like “eat an orange in the shower” to cure your anxiety. Spoiler: it won’t. But it might make your bathroom smell nice.Plus: a nostalgic tech support tale involving a CRT monitor, a wooden door, and an unexpected shade of brown.All this and more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault.Warning: This podcast may contain nuts, adult themes, and rude language.Episode links:Federal Authorities Probe Effort to Impersonate White House Chief of Staff - Wall Street Journal.FBI probes effort to impersonate White House chief of staff Susie Wiles, sources say - CBS News.The Trump Administration Accidentally Texted Me Its War Plans - The Atlantic.The Trump campaign is still being hacked - Popular Information.The Big Mental Health Report - Mind.Mental Health Pressures - British Medical Association. More than half of top 100 mental health TikToks contain misinformation, study finds  - The Guardian.‘They thought they were doing good but it made people worse’: why mental health apps are under scrutiny - The Guardian.How to find therapy or counselling - Mind.Carole in the shower with an orange? - Twitter.Matter - modern read-later app for iPhone, iPad, and web.Techie fixed a ‘brown monitor’ by closing a door - The Register.Smashing Security merchandise (t-shirts, mugs, stickers and stuff)Sponsored by:MetaCompliance - MetaCompliance's Security Awareness Planner is your free 12-month roadmap to reduce risk and build a culture of cyber awareness.Vanta – Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get $1000 off!Harmonic - Let your teams adopt AI tools safely by protecting sensitive data in real time with minimal effort. Harmonic Security gives you full control and stops leaks so your teams can innovate confidently.SUPPORT THE SHOW:Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!FOLLOW US:Follow us on Bluesky or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.THANKS:Theme tune: "Vinyl Memories" by Mikael Manvelyan.Assorted sound effects: AudioBlocks.Privacy & Opt-Out: https://redcircle.com/privacy

Why is a cute Star Wars fan website now redirecting to the CIA? How come Cambodia has become the world's hotspot for scam call centres? And can a WhatsApp image really drain your bank account with a single download, or is it just a load of hacker hokum?All this and much more is discussed in the latest edition of the award-winning "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Allan Liska.Warning: This podcast may contain nuts, adult themes, and rude language.Episode links:How I found a Star Wars website made by the CIA - Ciro Santilli on YouTube.How the CIA failed Iranian informants in its secret war with Tehran - Reuters.Isis and al-Qaeda sending coded messages through eBay, pornography and Reddit - Independent.Games Without Frontiers: Investigating Video Games as a Covert Channel - IEEE.General David Petraeus used clever Gmail trick during affair - Network World.Cambodia is home to world’s most powerful criminal network: report - SCMP.How to protect yourself from suspicious messages and scams- WhatsApp.Is WhatsApp Safe? Tips for Staying Secure - WhatsApp.Hacked on WhatsApp – how to stay safe when using the messaging app - BBC.Just a GIF Image Could Have Hacked Your Android Phone Using WhatsApp - The Hacker News.Kon-Tiki: The Epic Raft Journey Across the Pacific - YouTube.Still Standing with Jonny Harris - CBC.Niki de Saint Phalle & Jean Tinguely - Myths & Machines - Hauser & Wirth.Smashing Security merchandise (t-shirts, mugs, stickers and stuff)Sponsored by:Vanta– Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get $1000 off!1Password Extended Access Management– Secure every sign-in for every app on every device.MetaCompliance - MetaCompliance's Security Awareness Planner is your free 12-month roadmap to reduce risk and build a culture of cyber awareness.SUPPORT THE SHOW:Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!FOLLOW US:Follow us on Bluesky or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.THANKS:Theme tune: "Vinyl Memories" by Mikael Manvelyan.Assorted sound effects: AudioBlocks.Privacy & Opt-Out: https://redcircle.com/privacy

In this week’s episode, Graham investigates the mysterious Iberian Peninsula blackout (aliens? toaster? cyberattack?), Carole dives in the UK legal aid hack that exposed deeply personal data of society's most vulnerable, and Dinah Davis recounts how Instagram scammers hijacked her daughter’s account - and how a parental control accidentally saved the day.All this and more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault, joined this week by special guest Dinah Davis.Warning: This podcast may contain nuts, adult themes, and rude language.Episode links:418 - I’m a teapot - MDN Web Docs.2025 Iberian Peninsula blackout - Wikipedia.What could have caused the major power outage in Spain and Portugal? Experts weigh in - Euro News.Spain investigates cyber weaknesses in blackout probe - Financial Times.Report on Working Conditions at INCIBE, the company Investigating the blackout - El Cierre Digital.My Teen's Instagram Account was Hacked - Dinah Davis.We Got Her Account Back, Here’s What the Forensics Revealed - Dinah Davis.'Significant amount' of private data stolen in Legal Aid hack  - BBC News.Civil legal aid: millions still without access to justice - The Law Society.Civil representation - Legal aid data - GOV.UK.Legal aid statistics England and Wales bulletin Oct to Dec 2024  - GOV.UK.Funding for justice down 22% since 2010 - Bar Council. The Assembly - ITV.The Assembly review – this celebrity interview show is going to be massive - The Guardian.The Assembly: Inside the most groundbreaking TV show of the year - The Independent.David Tennant gets emotional from neurodivergent musicians - YouTube.OceanMan.All the Colours of the Dark by Chris Whitaker - Orion Books. Smashing Security merchandise (t-shirts, mugs, stickers and stuff)Sponsored by:Vanta – Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get $1000 off!1Password Extended Access Management – Secure every sign-in for every app on every device.MetaCompliance - MetaCompliance's Security Awareness Planner is your free 12-month roadmap to reduce risk and build a culture of cyber awareness.SUPPORT THE SHOW:Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!FOLLOW US:Follow us on Bluesky or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.THANKS:Theme tune: "Vinyl Memories" by Mikael Manvelyan.Assorted sound effects: AudioBlocks.Privacy & Opt-Out: https://redcircle.com/privacy

Don't get duped, doxxed, or drained! In this episode of "Smashing Security" we dive into the creepy world of sextortion scams, and investigate how crypto wallet firm Ledger's Discord server was hijacked in an attempt to phish for cryptocurrency recovery phrases.All this and more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault.Plus! Don't miss our featured interview with Drata's Matt Hillary.Warning: This podcast may contain nuts, adult themes, and rude language.Episode links:Ledger secures Discord after hacker bot tried to steal seed phrases - CoinTelegraph.Binance Founder CZ Warns: Ledger Discord Hack Targets Recovery Phrases - CoinPedia.Ledger confirms physical scam letters requesting seed phrase in fake security upgrade - The Block.Physical addresses of 270K Ledger owners leaked on hacker forum - Bleeping Computer.Criminals are mailing altered Ledger devices to steal cryptocurrency - Bleeping Computer.New Hello Pervert Email Attack Warning — ‘I Know Where You Live’ - Forbes.‘Hello pervert’: the sextortion scam claiming to have videoed you - The Guardian."Hello Pervert" Email Is A Total Scam - What You Need To Know - Malware Tips.Scam email sent from my own email address - Microsoft Community.Thunderbolts* review: 'The greatest Marvel offering in years' - BBC.Limelight, Exemplar - BBC Radio 4.Smashing Security merchandise (t-shirts, mugs, stickers and stuff)Sponsored by:Drata - The world’s most advanced Trust Management platform – making risk and compliance management accessible, continuous, and 10x more automated than ever before.Dashlane - Protect against the #1 cause of data breaches - poor password habits. Save 25% off a new business plan, or 35% off a personal Premium plan!Vanta – Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get $1000 off!SUPPORT THE SHOW:Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!FOLLOW US:Follow us on Bluesky or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.THANKS:Theme tune: "Vinyl Memories" by Mikael Manvelyan.Assorted sound effects: AudioBlocks.Privacy & Opt-Out: https://redcircle.com/privacy