The Awareness Angle: Security Awareness and Human Risk

This week on The Awareness Angle, we hit 1.2 million views on a single video across TikTok and Instagram, which is pretty wild for an independent podcast. Thank you to everyone who watched and shared.ADT gets breached for the third time in under a year and it all started with a phone call. An AI coding agent wipes a startup's entire database and all its backups in nine seconds, then writes its own incident report admitting it broke every safety rule it had. The supply chain attack that started with Trivy has now hit Checkmarx and Bitwarden, with three criminal groups teaming up to turn supply chain access into ransomware. And the UK government's annual cyber report says 43% of businesses were breached last year, phishing was behind 85% of them, and despite M&S, Co-op and JLR making national headlines, nothing's really changed. Plus Instructure's Canvas LMS breached again, Itron's smart meters filing quietly on a Friday night, Microsoft Teams helpdesk impersonation going wild, 610,000 Roblox accounts stolen by three lads in Ukraine, QR code scams in Toronto, and a toaster with a touchscreen that nobody asked for.The Awareness Angle is an independent cybersecurity podcast covering cyber news, data breaches, phishing, social engineering, and security awareness. New episodes every week.Chapters:00:00 Intro01:30 Welcome01:52 ADT Breached Again by ShinyHunters Vishing Attack07:23 Instructure / Canvas LMS Hit by Another Cyber Attack13:38 Critical Infrastructure Giant Itron Confirms Cyberattack17:56 AI Coding Agent Deletes Startup Database in 9 Seconds25:28 Supply Chain Attack Hits Checkmarx and Bitwarden28:40 Roblox Account Theft: 610,000 Accounts Stolen36:56 UK Cyber Security Breaches Survey 2025-2643:06 Microsoft Teams Helpdesk Impersonation Attacks52:21 QR Code Scams in Toronto57:03 Smart Toasters and Unnecessary IoT1:01:09 Hannah Fry on AI Agents Going RogueSubscribe to the newsletter at riskycreative.comOur Intro and Outro Song © 16 by Falling Foreverhttps://fallingforever.bandcamp.com/track/16Licensed under Creative Commons Attribution 4.0https://creativecommons.org/licenses/by/4.0/

Roblox cheats at work lead to a full corporate breach. Half a million people's health data listed for sale on Alibaba by the researchers trusted to protect it. A $5 Bluetooth tracker in a postcard tracks a NATO warship for 24 hours. The UK government officially says passkeys should replace passwords.In this episode we break down the Vercel breach, the UK Biobank scandal, a Bluetooth tracker that exposed a $585 million warship, the NCSC's official passkey guidance ahead of World Password Day, plus Rituals Cosmetics, GCHQ's SilentGlass, Claude Desktop's silent browser hooks, a Grafana-branded sextortion scam, and Bitwarden's CLI getting hijacked.Chapters00:00 Intro01:18 Vercel Breach: Roblox Cheats to Customer Data Exposure06:38 Rituals Cosmetics Loyalty Programme Breach09:46 UK Biobank Health Data Sold on Alibaba13:41 GCHQ SilentGlass: Blocking Malware Over HDMI16:25 Claude Desktop Silently Installs Browser Hooks24:03 Sextortion Scam Disguised as Grafana Alert29:15 Bitwarden CLI Hijacked in Supply Chain Attack31:52 $5 Bluetooth Tracker Exposes NATO Warship35:44 NCSC: Passkeys Should Replace Passwords42:50 Security Socials: The HR Hot Take46:08 Security Socials: Spam Caller Rick Astley Script48:09 Security Socials: iPhone 17 Pro Stolen51:56 Security Socials: My Cocoon Airplane Privacy54:19 Security Socials: GPT Image 2 AI Generation58:57 OutroSubscribe to the newsletter for links to every story we discuss:LinkedIn: https://www.linkedin.com/newsletters/the-awareness-angle-newsletter-7274932363787132928/Our Intro and Outro Song © 16 by Falling Forever — Bandcamp: https://fallingforever.bandcamp.com/track/16 — Licence: https://creativecommons.org/licenses/by/4.0/

Nearly 800 Hungarian government passwords found in breach databases — including one from a colonel in charge of information security who used "FrankLampard". We break down how it happened, why it keeps happening, and what it means for anyone responsible for security culture at work.Also this week: Rockstar Games hacked for the second time in three years through a third-party supplier. Basic-Fit gym breach exposes bank details of around one million members across Europe. Booking.com customers scammed using their own stolen reservation data before the company even told them about the breach.On the news side: Microsoft's biggest ever Patch Tuesday with 165 fixes including an actively exploited SharePoint flaw, France ditching Windows across government, a UK energy company loses £700,000 in a payment redirection attack, Google cracking down on back button hijacking, and an emergency Adobe Acrobat patch for a flaw being quietly exploited since December.Cybersecurity news explained in plain English. No jargon. Just the stories that matter and why they matter to real people.New episodes every week. Subscribe wherever you listen.SpotifyApple PodcastsLinkedIn NewsletterYouTubeInstagramTikTokOur Intro and Outro Song © 16 by Falling Forever — https://fallingforever.bandcamp.com/track/16

This week: attackers are sending fake missile alert emails exploiting real Iran-US-Israel tensions to steal Microsoft credentials via QR code. We also cover a massive leak of sensitive LAPD police documents, an AI model that autonomously finds and exploits thousands of zero-days, and a Windows exploit that went public after a researcher fell out with Microsoft.This week on The Awareness Angle:Hackers steal 7.7TB of sensitive LAPD police documents including officer files, internal affairs investigations, and unredacted witness identities, via a third-party storage system. World Leaks (formerly Hunters International) are behind it.Anthropic's Claude Mythos autonomously discovers and exploits thousands of zero-day flaws across major systems. The same capability that speeds up defence also speeds up attack. We break down what this means for security teams.GrafanaGhost: a vulnerability in the popular monitoring platform Grafana that allows silent data exfiltration via AI prompt injection. Grafana disputes the severity. We give both sides.Fake missile alert emails are landing in inboxes right now, exploiting real Iran-US-Israel tensions. They use QR codes to bypass email filters and redirect victims to a fake Microsoft login page. Urgency is the mechanism.BlueHammer: a Windows local privilege escalation zero-day leaked publicly by a disgruntled researcher after a falling-out with Microsoft's security response team. No patch available. Functional exploit on GitHub.The White House is proposing a $707 million cut to CISA, the agency that coordinates national cyber defence. A third of staff already left in the first months of Trump's second term.Phish of the Week (from Hoxhunt): a WhatsApp/Meta impersonation email targeting business accounts that captures your login credentials and your MFA code in real time.Plus: a North Korean hacker gets caught mid-interview, a job candidate accidentally receives a recording of his interviewers criticising him after he dropped off the call, and TikTok Lite appearing on Android phones after a carrier update.00:00 Introduction01:03 Breach of the Week: LAPD Police Documents Stolen and Leaked03:18 Wynn Resorts - 21,000 Employees Hit by ShinyHunters05:21 ChipSoft Ransomware Attack Disrupts Dutch Hospitals06:51 Jones Day Law Firm Confirms Breach - Silent Ransom Group09:48 Anthropic Project Glasswing: AI Finds Thousands of Zero-Days13:42 GrafanaGhost: Data Theft via AI Prompt Injection17:53 Missile Alert Phishing - Fake Civil Defence Emails Steal Microsoft Logins22:49 BlueHammer: Windows Zero-Day Leaked on GitHub26:55 White House Proposes $707M Cut to CISA30:10 Phish of the Week: WhatsApp Meta Impersonation35:34 Security SocialsSubscribe to the newsletter: https://www.linkedin.com/newsletters/the-awareness-angle-newsletter-7274932363787132928/Spotify: https://open.spotify.com/show/7rwzcRsKrXbASFBfiXoCZ6Apple Podcasts: https://podcasts.apple.com/us/podcast/the-awareness-angle-cyber-news-weekly/id1784126196TikTok: https://www.tiktok.com/@infosecantInstagram: https://www.instagram.com/riskycreativeYouTube: https://www.youtube.com/@riskycreativeOur Intro and Outro Song © 16 by Falling ForeverBandcamp: https://fallingforever.bandcamp.com/track/16Licence: https://creativecommons.org/licenses/by/4.0/

Chinese hackers just broke into the system the FBI uses to track its own surveillance targets. The White House released an app that security researchers took apart and didn't like what they found. LinkedIn has been secretly scanning your browser extensions without telling you. And a Carnegie Mellon professor says app privacy labels are the nutrition labels of the internet — which tells you everything.This week on The Awareness Angle: cybersecurity news explained in plain English, no jargon, no technical degree required. Anthony and Luke break down the biggest cyber stories of the week including a major FBI data breach, WhatsApp malware targeting Windows users, Google Drive's new ransomware protection, Apple blocking ClickFix attacks, and why AI-generated slop is quietly making all of us easier to scam.New episode every week. Subscribe so you don't miss one.Chapters00:00 Intro01:40 Breach of the Week: Chinese Hackers Breach the FBI's Wiretap System07:15 Trivy Supply Chain Attack Hits the European Commission11:45 The White House App Security Concerns Explained18:15 Apple Blocks ClickFix Paste Attacks in macOS23:35 App Privacy Labels vs Food Nutrition Labels28:40 Google Drive Ransomware Detection Now Available35:51 LinkedIn Secretly Scanning Your Browser Extensions41:11 WhatsApp Used to Deliver Malware to Windows PCs44:54 Phish of the Week: QR Code Salary Scam and Device Code Phishing50:42 SMS Delivery Scam in the Wild57:06 Sloppypasta and Why AI Content Is a Security Risk1:02:04 Artemis II Has Two Broken Instances of Outlook in Space1:03:54 Artemis II is Running Microsoft 365 in Space1:04:43 Artemis II Astronaut Enters PIN on Live Stream1:06:43 Apple Passwords App Ad1:09:58 Nice Looking TikTok Video📩 New episode every week. Get the newsletter at riskycreative.com🌐 Website: https://www.riskycreative.com🎙️ Spotify: https://open.spotify.com/show/7rwzcRsKrXbASFBfiXoCZ6🍎 Apple Podcasts: https://podcasts.apple.com/us/podcast/the-awareness-angle-cyber-news-weekly/id1784126196💼 LinkedIn: https://www.linkedin.com/newsletters/the-awareness-angle-newsletter-7274932363787132928/🎵 TikTok: @infosecant📸 Instagram: https://www.instagram.com/riskycreative▶️ YouTube: https://www.youtube.com/@riskycreative🎵 Intro/outro music: "16" by Falling Forever -- Licensed under Creative Commons Attribution 4.0 International (CC BY 4.0).Track: https://fallingforever.bandcamp.com/track/16License: https://creativecommons.org/licenses/by/4.0/

Episode 81 of The Awareness Angle.This week: a hack at Ajax Amsterdam let attackers steal season tickets and quietly lift stadium bans. A security scanner got compromised and was used to backdoor LiteLLM, a tool downloaded 3.4 million times a day. OpenAI shuts down Sora and Disney walks away from its $1 billion deal. Meta launches new AI anti-scam features across WhatsApp, Facebook and Messenger. And Lloyds Banking reveals the full picture of its March 12 app glitch, where nearly half a million customers briefly saw each other's transactions.We've also got Apple's new age verification rollout for UK iPhone users, a phishing campaign targeting TikTok for Business accounts that can bypass 2FA, and the ChatGPT fake invoice phish doing the rounds.In the Security Socials: a great child online safety poster worth sharing with parents, a free phishing game for kids called The Phisherman, a viral deepfake detection trick, a personalised smishing campaign in France, and what happens when a French soldier goes for a Strava run on a ship.Chapters00:00 Intro01:31 Breach of the Week: Ajax Amsterdam04:37 Meta anti-scam tools10:08 OpenAI Sora and Disney14:23 LiteLLM supply chain attack21:43 Apple age verification UK26:33 TikTok for Business phishing32:26 Lloyds Banking app glitch37:26 Phish of the Week: ChatGPT fake invoice42:57 Security Socials48:32 Anthony's Security Social1:00:47 Luke's Security SocialSubscribe to the newsletter at riskycreative.com🌐 Website: https://riskycreative.com🎧 Spotify: https://open.spotify.com/show/theawarenessangle🍎 Apple Podcasts: https://podcasts.apple.com/podcast/the-awareness-angle💼 LinkedIn: https://www.linkedin.com/company/risky-creative🎵 TikTok: https://www.tiktok.com/@theawarenessangle📸 Instagram: https://www.instagram.com/theawarenessangle▶️ YouTube: https://www.youtube.com/@theawarenessangleOur Intro and Outro Song © 16 by Falling Foreverhttps://fallingforever.bandcamp.com/track/16License https://creativecommons.org/licenses/by/4.0/

This week's human cybersecurity news . A US general leaves classified military documents on a train, over 8 million anonymous crime tips are exposed in a major data breach, and a Chrome extension with a million users and Google's Featured badge was silently hijacking shopping commissions for months. This week's cyber news explained in plain English.Also covered this week: the FBI seizes websites belonging to Handala, the Iran-linked hacker group behind the devastating Stryker wiper attack that wiped 200,000 devices and shut down hospitals. Companies House exposes UK company directors' home addresses, email addresses and dates of birth for five months, through a bug that required nothing more than pressing the browser back button. A new Android malware called Perseus hides inside IPTV streaming apps and targets your notes app to steal passwords, financial details and account recovery phrases. And Japan officially legalises offensive cyber operations, or "proactive cyber defence", from October 2026, a major shift away from its post-war defensive-only stance.This week's phishing example: a convincing Emirates loyalty reward scam sent through legitimate Eventbrite infrastructure to bypass email security filters, and how to spot it.We're The Awareness Angle, a weekly cybersecurity podcast and newsletter that explains the biggest cyber threats, data breaches and online scams in plain English, with a focus on the human side of security. No jargon. No technical background needed.New episode every week. Get the newsletter at riskycreative.comFull episode on YouTube: https://youtu.be/9n-ewD0zZuUChapters0:00 Intro1:47 Breach of the Week: US General leaves classified maps on a train7:23 Crime Stoppers data breach: 8 million anonymous tips exposed12:22 Android malware Perseus: hiding in streaming apps, targeting your notes17:29 Handala update: FBI seizes hacker websites after Stryker attack20:58 Marquis ransomware: 672,000 bank customers' data stolen26:37 Companies House: five months of exposed director data, fixed with a back button31:34 Chrome extension malware: Save Image as Type removed after stealing commissions38:18 Phish of the Week: Emirates loyalty scam via Eventbrite43:05 SANS Security Awareness Summit 2026: call for presentations45:18 Topics: Idris Elba's wax model unlocks his iPhone46:30 Pete Tong reads out a URL like it's 199548:40 Tinder wants to scan your camera roll with AI50:07 Japan legalises hacking backFind UsWebsiteSpotifyApple PodcastsLinkedInTikTokInstagramYouTubeMusicIntro/outro music: "16" by Falling Forever, licensed under Creative Commons Attribution 4.0 International (CC BY 4.0).Track: https://fallingforever.bandcamp.com/track/16License: https://creativecommons.org/licenses/by/4.0/

This week it's a busy one. We've got stories about hackers targeting your phone, your bank account, and even your doctor's equipment. There's a nasty trick doing the rounds that looks just like a Google Meet update, a massive data leak from the US government, and some alarming news for anyone who banks with Lloyds, Halifax or Bank of Scotland. All that, plus why you really need to update your iPhone this week. Let's get into it. Chapters00:01 Intro01:50 Breach of the Week: Starbucks06:06 Stryker hit by Iran-linked wiper attack11:03 Lloyds, Halifax and Bank of Scotland banking glitch16:09 Fake Google Meet update hands attackers control of your PC20:19 Google Messages to get SMS blaster protection27:02 Live: Anthony calls the SMS blaster scammer34:51 DOGE staffer allegedly walked out with Americans' Social Security data38:16 Apple patches older iPhones against Coruna exploit kit43:32 Phish of the Week: Google recovery notification callback scam (Hoxhunt)48:09 Topics: ClickFix evolves again51:03 Topics: Darren Jones MP accidentally shares his passcode on camera53:06 Topics: Tricking an AI scam caller56:29 Topics: Apple MacBook Neo Touch ID ad1:01:02 Outro Subscribe to the weekly newsletter at riskycreative.com or find us as The Awareness Angle on LinkedIn, TikTok, Instagram, YouTube, Spotify and Apple Podcasts. Got a story for us? Drop us a line at [email protected]

A hacker didn't need a team of experts. They just needed to convince an AI chatbot they were a penetration tester. What followed was the systematic breach of ten Mexican government agencies, 150GB of stolen data, and records touching 195 million people — more than the entire population of Mexico. That's just one of the stories this week on The Awareness Angle — the weekly cyber news podcast that focuses on the human side of security.This week we also cover:The LastPass phishing campaign that doesn't ask for your password — it warns you someone else is stealing it, then harvests it anywayHow the TfL hack in 2024 actually affected 10 million people, despite "some customers" being the official line for over a yearThe Odido data breach that triggered AI-voiced compensation scams within days of the data going publicWhy Meta Ray-Ban glasses may have captured intimate moments that ended up reviewed by contractors in KenyaHow North Korea is using voice changers, Face Swap and AI-generated CVs to get hired by Western companiesA QR code phishing email so well crafted it uses your company logo and a unique code tied to your email addressTimestamps00:00:00 Intro00:01:01 Podcast Intro00:02:15 Breach of the Week – Star Citizen Data Breach00:06:28 Hackers Use Claude AI to Breach Mexican Government00:11:32 Fake LastPass Support Email Phishing Campaign00:17:33 TfL Hack Affected 10 Million People00:22:57 Odido Breach Triggers AI Scam Calls00:27:57 Meta Ray-Ban Glasses Contractor Review00:36:48 North Korea Using AI to Fake Job Interviews00:40:51 Phish of the Week – QR Code Unlogged Work Hours00:45:48 The Admin Password That Wasn't00:47:22 Free PDF Converters and the 637 Cookies You Didn't Agree To00:52:36 Dunning-Kruger and Why Users Click00:55:26 The PayPal Two-Step ScamMore informationhttps://riskycreative.comListen on the goSpotifyhttps://open.spotify.com/show/7rwzcRsKrXbASFBfiXoCZ6Apple Podcastshttps://podcasts.apple.com/us/podcast/the-awareness-angle-cyber-news-weekly/id1784126196Follow usLinkedInhttps://www.linkedin.com/newsletters/the-awareness-angle-newsletter-7274932363787132928/TikTokhttps://www.tiktok.com/@infosecantInstagramhttps://www.instagram.com/riskycreativeYouTubehttps://www.youtube.com/@riskycreativeOur Intro and Outro Song © 16 by falling foreverhttps://fallingforever.bandcamp.com/track/16Licensehttps://creativecommons.org/licenses/by/4.0/

This week on The Awareness Angle, attackers ditch malware and pick up the phone, fake QR codes hit real parking meters, and even your weather app might be quietly fingerprinting you.We start with Breach of the Week, as Optimizely confirms a data breach following a vishing attack. Impersonated IT support calls led to compromised internal systems and stolen CRM contact data. No ransomware, no exploit chain, just social engineering and misplaced trust.In the news, fraudsters place fake QR stickers on 75 parking meters in Kelowna, turning everyday convenience into credential theft. New research reveals Samsung’s pre-installed weather app may create a persistent device fingerprint using hashed location identifiers. The UK’s ICO fines Reddit £14.47 million for unlawfully processing children’s data, raising fresh questions around age verification and platform responsibility.We also cover security flaws across Android mental health apps with 14.7 million installs, exposing sensitive therapy data to potential risk, Instagram rolling out parental alerts for teen self-harm searches, and a researcher who accidentally gained control of nearly 7,000 robot vacuums worldwide.In Awareness, we explore how AI tools like Gemini can be used to rapidly build interactive learning content, from phishing simulators to gamified modules, and what that means for the future of security awareness.Plus, we touch on the viral Dacia Sandman campervan that never existed, the growing wave of ClickFix social engineering pop-ups, Samsung’s new privacy screen display tech, and a fresh warning about Google Ads phishing targeting Ahrefs users.If you like your cyber news grounded in reality, focused on people, and just a little bit sceptical, you’re in the right place.Timestamps00:00:00 Intro00:01:20 Breach of the Week – Optimizely Vishing Attack00:03:40 Fake QR Codes on 75 Parking Meters00:08:10 Samsung Weather App Fingerprinting Research00:13:00 UK Fines Reddit £14.47M Over Children’s Data00:17:30 Android Mental Health Apps Security Flaws00:23:43 Instagram Parental Alerts for Self-Harm Searches00:29:00 7,000 Robot Vacuums Remotely Accessible00:35:00 Building Interactive Security Training with Gemini00:46:40 The Dacia Sandman That Never Existed00:51:43 ClickFix Pop-Ups in the Wild00:54:43 Samsung Privacy Display Feature00:58:17 Ahrefs Google Ads Phishing WarningMore Informationhttps://riskycreative.comFollow usLinkedInhttps://www.linkedin.com/newsletters/the-awareness-angle-newsletter-7274932363787132928/TikTokhttps://www.tiktok.com/@infosecantInstagramhttps://www.instagram.com/riskycreativeYouTubehttps://www.youtube.com/@riskycreativeOur Intro and Outro Song © 16 by falling foreverhttps://fallingforever.bandcamp.com/track/16Licensehttps://creativecommons.org/licenses/by/4.0/

This week on The Awareness Angle, Breach Watch is busy.We cover 73,000 patients hit in an Arizona healthcare breach, stolen Eurail traveller data now up for sale, a phishing led incident at fintech firm Figure, 600,000 Canada Goose customer records leaked, and fresh claims from ShinyHunters around CarGurus.In the news, we unpack the US plan for a freedom.gov portal designed to bypass content bans in Europe and elsewhere, plus new research finding vulnerabilities in popular password managers, and the first real world case of infostealer malware targeting OpenClaw AI agent secrets.In Awareness, we talk about why AI generated passwords might not be as random as they look, why “strong looking” does not always mean secure, and what to do instead. We also end on a strong discussion point, online review blackmail, and why reputation is now part of your attack surface.If you want cyber news explained with clarity, context, and a few strong opinions along the way, you are in the right place.Timestamps00:02:03 73,000 Patients Hit in Arizona Urology Data Breach00:06:51 Eurail Traveller Data for Sale on the Dark Web00:11:28 Fintech Firm Figure Breach After Phishing Attack00:14:17 Canada Goose 600,000 Customer Records Leaked00:18:25 ShinyHunters Claims CarGurus Breach00:18:44 US “freedom.gov” Portal to Bypass Content Bans00:22:50 Password Manager Vulnerabilities Exposed00:26:21 Infostealer Malware Targeting OpenClaw AI Agents00:32:44 AI Generated Passwords May Be Predictable00:39:15 The 90 Day Password Rule Regret00:44:30 Online Review Blackmail Scam00:49:18 SSD Destruction FailMore Informationriskycreative.comFollow usLinkedIn: The Awareness Angle NewsletterTikTok: @infosecantInstagram: @riskycreativeYouTube: @riskycreativeListen on the goSpotify: The Awareness Angle on SpotifyApple Podcasts: The Awareness Angle on Apple PodcastsMusicIntro and Outro Song © 16 by falling foreverTrack linkLicense: CC BY 4.0

This week on The Awareness Angle, trust is stretched across platforms, partnerships, and AI powered systems. From 70,000 government ID images exposed in a Discord age verification breach, to staff data leaks at the European Commission and supplier fallout hitting Volvo Group, the pattern is clear. More data, more dependency, more risk.We start with Breach Watch, breaking down the Discord backlash after sensitive identity documents were exposed via a third party age verification provider. We look at why collecting more sensitive data increases impact, and how third party risk quietly expands the blast radius. We also cover the European Commission disclosing a staff data breach linked to mobile device management systems, and why internal employee data is prime fuel for follow on phishing and impersonation. Then we examine the Conduent breach impacting Volvo Group, and what this says about concentration risk across large service providers.In security updates, we discuss Apple’s emergency patch for a zero day vulnerability already exploited in highly sophisticated attacks, why patching speed still matters, and the reality that targeted does not mean safe. We also revisit the Notepad++ supply chain conversation, and debate whether banning software is ever the right response to vulnerability disclosures.In the news, we unpack a devastating AI deepfake investment scam that cost an 82 year old woman nearly £200,000, and explore how authority bias, emotional manipulation, and crypto make a dangerous combination. We discuss Amazon distancing itself from Flock Safety following backlash over Ring’s neighbourhood search features, and the growing tension between convenience and surveillance. We also look at OpenClaw integrating VirusTotal scanning after enterprise risk concerns, and what autonomous AI agents mean for attack surface expansion.In Awareness and Topics, we cover Cloudflare themed ClickFix scams, LinkedIn AI trend oversharing, email bombing tactics used to hide real compromise alerts, and the continued rise of convincing deepfakes. We also highlight practical inspiration from cybersecurity creators and discuss the reality of children, parental controls, and digital safety at home.If you want cyber news explained with clarity, context, and zero jargon, you are in the right place.Timestamps00:02:03 Discord age verification breach00:06:26 European Commission staff data breach00:10:00 Volvo Group impacted by Conduent breach00:11:28 Apple zero day patch00:16:35 Notepad++ Ban Debate – Overreaction or smart move?00:19:49 £200k AI Deepfake Investment Scam – 82 year old targeted00:24:16 Amazon Drops Flock Safety – Ring Super Bowl backlash00:30:49 Deepfake Detection Advice – Already outdated?00:38:12 OpenClaw Adds VirusTotal – AI agent risk grows00:42:08 Cloudflare ClickFix Phishing Variant00:43:06 LinkedIn AI Caricature Trend – Oversharing risk00:44:46 Email Bombing Tactic Explained00:47:36 TikTok Spotlight – TheCivDiv00:49:14 Most Common PIN Codes – Data visualisation breakdown00:52:28 Offline YouTube QR Setup for KidsMore Informationhttps://riskycreative.comListen on the goSpotifyhttps://open.spotify.com/show/7rwzcRsKrXbASFBfiXoCZ6Apple Podcastshttps://podcasts.apple.com/us/podcast/the-awareness-angle-cyber-news-weekly/id1784126196Follow usLinkedInhttps://www.linkedin.com/newsletters/the-awareness-angle-newsletter-7274932363787132928/TikTokhttps://www.tiktok.com/@infosecantInstagramhttps://www.instagram.com/riskycreativeYouTubehttps://www.youtube.com/@riskycreativeIf you found this useful, hit subscribe and share it with someone who cares about cyber but does not speak cyber.Stay aware, stay secure.🎵 Our Intro and Outro Song © 16 by falling foreverhttps://fallingforever.bandcamp.com/track/16Licensehttps://creativecommons.org/licenses/by/4.0/

This week on The Awareness Angle, trust keeps breaking in places it was assumed to be solid. From a state linked supply chain attack slipping malware into trusted software updates, to ransomware actors claiming access to airport systems, and even cybercrime forums being breached themselves, the pattern this week is confidence collapsing across the stack.We start with Breach Watch, unpacking how Notepad++ users were targeted through compromised update infrastructure rather than the software itself, why supply chain attacks remain so effective, and what selective targeting really tells us. We also look at ransomware claims against a US airport, the growing tactic of dumping sensitive files as proof, and what it means when critical infrastructure gets dragged into extortion.In the news, we cover the FBI seizure of a major ransomware forum, and why takedowns rarely end criminal ecosystems. We dig into claims that WhatsApp encryption is a lie, why cryptographers are sceptical, and how trust in closed source security tools keeps getting tested. We also discuss Spain announcing a ban on social media for under 16s, the wider regulatory trend this fits into, and the difficult reality of enforcement. Then we break down how mobile phones can silently share GPS level location with carriers at the network level, without app permissions or user awareness.In Awareness and Topics, we look at ransomware rising sharply in early 2026, why recovery matters more than negotiation, and how extortion gangs are shifting from data theft into personal harassment and psychological pressure. We also talk about McDonald’s calling out weak password habits using breached credential data, why predictable passwords still dominate, and what organisations can learn from simple, well executed awareness campaigns. We finish with a discussion on breaking into cybersecurity, mentorship, community, and why there is no single path into the industry.Chapters00:00 Intro01:11 Breach Watch, Notepad++ supply chain attack06:52 Ransomware group claims airport breach10:28 BreachForums breached, criminals exposed13:02 FBI seizes RAMP hacking forum16:18 WhatsApp encryption lawsuit explained19:33 Spain plans social media ban for under 16s25:20 Phones silently sharing GPS with carriers30:12 Scattered Lapsus ShinyHunters harassment tactics35:21 Ransomware activity up in 202639:45 McDonald’s calls out weak passwords45:06 Getting your first job in cybersecurity51:39 Real or phishing, campaign emails analysedMore Informationhttps://riskycreative.comFollowLinkedIn: https://www.linkedin.com/newsletters/the-awareness-angle-newsletter-7274932363787132928/TikTok: https://www.tiktok.com/@infosecantInstagram: https://www.instagram.com/riskycreativeYouTube: https://www.youtube.com/@riskycreativeIf you found this useful, share it with someone who cares about cyber but does not speak cyber.Stay aware, stay secure.Intro and Outro Music (© 16 by falling forever)https://fallingforever.bandcamp.com/track/16License: CC BY 4.0https://creativecommons.org/licenses/by/4.0

This week on The Awareness Angle, trust keeps breaking in places people expect it to hold. From exposed AI agent infrastructure and phishing malware slipping into the Chrome Web Store, to sensitive government data being uploaded to ChatGPT, the theme this week is misplaced confidence. Tools designed to help, automate, and protect are being misused, misconfigured, or trusted too far.We start with Breach Watch, looking at claims that ShinyHunters accessed data linked to major dating platforms, and what exposure through analytics providers and contractor access really means. We then cover reports that the acting head of the US cybersecurity agency uploaded internal government documents to ChatGPT, raising uncomfortable questions about AI use at the highest levels of security leadership.In the news, we break down Clawdbot, also known as Moltbot, an open source AI agent that promises automation but has left hundreds of exposed gateways leaking credentials, API keys, and private conversations. We look at why autonomous AI agents expand attack surfaces, how third party add ons turn convenience into risk, and why hardening these systems is not optional. We also cover phishing capable Chrome extensions bypassing store review, Google improving ransomware protection in Drive, and France fast tracking plans to ban social media for under 15s.In Topics, we talk about exposed admin panels in AI powered toys and what happens when children’s conversations and profiles are stored behind weak controls. We also discuss phishing awareness in the real world, misleading breach headlines, fake profiles, and why simple in store warnings on gift cards can be surprisingly effective.If you want cyber news explained with clarity, context, and zero jargon, you are in the right place.Episode timestamps00:00 Intro01:11 Breach Watch, ShinyHunters dating app data claims06:52 US cybersecurity chief uploads documents to ChatGPT10:28 What is Clawdbot and why it matters13:02 Hundreds of exposed Clawdbot gateways16:18 The AI agent craze and growing security risks19:33 Phishing malware sold as Chrome extensions25:20 Google Drive ransomware protection improvements30:12 France moves to ban social media for under 15s35:21 Exposed admin panel found in AI toy43:31 Awareness, spotting phishing and AI content49:45 Misleading breach headlines and fake panic51:39 Reverse image search exposing fake profiles53:06 Gift card scam warnings in store54:31 Covering phone cameras as a security habit56:12 Free WIFI on Flight QR Code Prank57:57 TikTok Argos MacBook Retail Discount Code01:00:36 Real world phishing and family account compromiseMore Informationhttps://riskycreative.comListen on the goSpotify: https://open.spotify.com/show/7rwzcRsKrXbASFBfiXoCZ6Apple Podcasts: https://podcasts.apple.com/us/podcast/the-awareness-angle-cyber-news-weekly/id1784126196Follow usLinkedIn: https://www.linkedin.com/newsletters/the-awareness-angle-newsletter-7274932363787132928/TikTok: https://www.tiktok.com/@infosecantInstagram: https://www.instagram.com/riskycreativeYouTube: https://www.youtube.com/@riskycreativeIf you found this useful, hit subscribe and share it with someone who cares about cyber but does not speak cyber.Stay aware, stay secure.🎵 Our Intro and Outro Song (© 16 by falling forever)https://fallingforever.bandcamp.com/track/16License: CC BY 4.0https://creativecommons.org/licenses/by/4.0``

This week on The Awareness Angle, security failures show how quickly everyday systems can tip from background noise into real world disruption. From ransomware knocking a major IT distributor offline, to schools closing after cyber attacks, and criminals selling voice phishing kits like a product, the theme this week is scale. Small failures, trusted platforms, and familiar channels being used to create outsized impact.We start with Breach Watch, looking at the Ingram Micro ransomware attack and what it reveals about supply chain fragility when a single distributor goes dark. We then cover a breach at Grubhub caused by access to a third party support system, exposing customer, driver, and merchant data. We also look at the Minnesota Department of Human Services breach affecting nearly 304,000 people, and a UK secondary school forced to close after cyber disruption took critical systems offline.In the news, Microsoft releases emergency out of band Windows updates after patching issues prevent systems from shutting down properly. We look at criminals openly selling ready made voice phishing kits, making vishing easier to run at scale, and a malicious Chrome extension that deliberately crashes browsers to push fake fixes in a new ClickFix variant. We also discuss the EU launching a new vulnerability database as an alternative to CVE, a phishing campaign targeting LastPass users with fake security alerts, the UK government consulting on banning social media for under 16s, and TikTok finalising a deal to split its US operations into a new joint venture.In Topics, we talk about password hints that are completely useless, the ongoing debate around the phrase human risk, and the Action Fraud rebrand to Report Fraud, including why its sign in experience raises some uncomfortable trust questions. We also look at how AI generated content is flooding social platforms, and share practical ways to spot fake accounts and videos before they fool you.If you want cyber news explained with clarity, context, and zero jargon, you are in the right place.0:00 Introduction and Overview1:25 Ingram Micro Ransomware Attack5:38 Grubhub Third Party Breach9:41 Minnesota Department of Human Services Data Breach12:39 UK School Forced to Close After Cyber Attack18:52 Microsoft Emergency Windows Updates20:45 Voice Phishing Kits for Sale25:25 Malicious Chrome Extension and ClickFix Variant30:34 EU Vulnerability Database Alternative to CVE34:19 LastPass Phishing Campaign39:29 UK Consultation on Social Media Ban for Under 16s45:10 TikTok Splits US Operations48:30 Password Hints and Human Risk Discussion53:19 Action Fraud Rebrand and Trust Issues1:01:26 AI Generated Content and Spotting FakesMore Informationhttps://riskycreative.comListen on the goSpotify: https://open.spotify.com/show/7rwzcRsKrXbASFBfiXoCZ6Apple Podcasts: https://podcasts.apple.com/us/podcast/the-awareness-angle-cyber-news-weekly/id1784126196Follow usLinkedIn: https://www.linkedin.com/newsletters/the-awareness-angle-newsletter-7274932363787132928/TikTok: https://www.tiktok.com/@infosecantInstagram: https://www.instagram.com/riskycreativeYouTube: https://www.youtube.com/@riskycreativeIf you found this useful, hit subscribe and share it with someone who cares about cyber but does not speak cyber.Stay aware, stay secure.🎵 Our Intro and Outro Song (© 16 by falling forever)https://fallingforever.bandcamp.com/track/16License: https://creativecommons.org/licenses/by/4.0

This week on The Awareness Angle, confusion, control, and credibility sit at the centre of the cyber news. From password reset emails triggering panic at global scale, to ransomware groups shaping the narrative without releasing data, the theme this week is trust, who controls it, and how quickly it can unravel.We start with Breach Watch, looking at ransomware claims against Nissan and how screenshots and file listings are increasingly used to apply pressure without publishing stolen data. We then move to a confirmed breach at Spanish energy giant Endesa, where customer data linked to energy contracts and payment details was exposed, and compare two very different approaches to communication and incident handling. We also cover BreachForums leaking its own user database, a reminder that even criminal platforms are not immune to basic security failures.In What the Hack, we break down the Instagram password reset email saga that left millions of users unsure whether they were under attack. We look at Meta’s explanation, Malwarebytes’ claims of leaked data, and why old scraped information keeps coming back to cause fresh concern. We also cover Microsoft’s Patch Tuesday, including an actively exploited zero day, and why severity scores often miss the real risk story.The wider topics include Microsoft potentially allowing Copilot to be fully removed from managed devices, growing pushback against forced AI adoption at work, and why major PC manufacturers are now saying AI is confusing customers rather than selling devices. We also look at a hacker jailed for attacks on the ports of Rotterdam and Antwerp, showing how cyber access directly enables real world organised crime, and a foiled cyber attack targeting Poland’s energy infrastructure.We wrap up with two very human stories, a classic scam email that knows your password and why it still works, and a look at eye scanning being pitched as proof that you are human, complete with crypto incentives, biometric risk, and some uncomfortable questions about where identity is heading.If you want cyber news explained with clarity, context, and zero jargon, you are in the right place.More informationhttps://riskycreative.comListen on the goSpotify: https://open.spotify.com/show/7rwzcRsKrXbASFBfiXoCZ6Apple Podcasts: https://podcasts.apple.com/us/podcast/the-awareness-angle-cyber-news-weekly/id1784126196Follow usLinkedIn: The Awareness Angle NewsletterTikTok: @infosecantInstagram: @riskycreativeYouTube: @riskycreativeIf you found this useful, follow the show and share it with someone who cares about cyber but does not speak cyber.Stay aware, stay secure.🎵 Our Intro and Outro Song (© 16 by falling forever)https://fallingforever.bandcamp.com/track/16License: CC BY 4.0

This week on The Awareness Angle, everyday systems, subscriptions, and trusted tools keep showing how easily they can be turned against us. From major data breaches affecting millions to phishing tactics designed to look like system failures, the theme this week is familiarity, and how attackers exploit what people already trust.We kick off with Breach Watch, starting with Condé Nast, where a breach claim could affect millions of subscribers across brands like Wired, Vogue, and GQ. We then look at Covenant Health in the US, where a breach initially disclosed as small has grown to nearly half a million people, exposing highly sensitive medical data. We also cover a US gas station operator running more than 150 locations, where attackers accessed payment card data, bank details, and government issued IDs, with customers only notified months later. We round out Breach Watch with Tokyo FM in Japan and the European Space Agency, now under criminal investigation after sensitive systems were compromised.In What the Hack, we break down one of the most worrying phishing techniques we have seen recently. Fake Blue Screen of Death pop ups are being used to panic hotel staff into installing malware, using Booking.com themed emails and ClickFix style attacks. We also dig into how password managers were unexpectedly pulled into a mobile banking security decision, and why sideloaded apps are becoming a growing point of confusion for users.The wider topics include a deep dive into Equifax’s security culture years after its breach, OpenAI’s move to connect health data to ChatGPT and why that changes the value of accounts, the UK government’s new cyber action plan, and why outdated, box ticking cyber training continues to miss the mark. We also look at scam texts, SMS trust problems, and even cyber exclusions quietly appearing in home insurance policies.If you want cyber news explained with clarity, context, and zero jargon, you are in the right place.Chapters00:00:00 Welcome, and this week’s storiesBreach Watch00:01:01 Breach Watch begins00:01:22 Condé Nast breach claims and subscriber data risk00:04:41 Covenant Health breach grows to nearly half a million people00:07:18 Tokyo FM breach and why radio stations hold so much data00:10:13 US gas station operator breach, payment cards and delayed notification00:12:31 European Space Agency breach under criminal investigationWhat the Hack00:22:52 Fake Blue Screen of Death attacks targeting hotel staff00:26:37 ClickFix techniques and why panic keeps working00:34:49 HSBC, Bitwarden, sideloaded apps, and mobile trust decisionsTopics00:37:52 OpenAI, ChatGPT health data, and account value00:42:03 UK government cyber action plan00:44:48 NCSC cyber training for school staff and why delivery matters00:49:00 Parking fine scams, bank texts, and SMS trust issues00:57:07 Cyber events appearing in home insurance policies01:02:54 Closing thoughts and wrap upMore Informationhttps://riskycreative.comListen on the goSpotify: https://open.spotify.com/show/7rwzcRsKrXbASFBfiXoCZ6Apple Podcasts: https://podcasts.apple.com/us/podcast/the-awareness-angle-cyber-news-weekly/id1784126196Follow usLinkedIn: https://www.linkedin.com/newsletters/the-awareness-angle-newsletter-7274932363787132928/TikTok: https://www.tiktok.com/@infosecantInstagram: https://www.instagram.com/riskycreativeYouTube: https://www.youtube.com/@riskycreativeIf you found this useful, hit subscribe and share it with someone who cares about cyber but does not speak cyber.Stay aware, stay secure.🎵 Our Intro and Outro Song (© 16 by falling forever)https://fallingforever.bandcamp.com/track/16License: CC BY 4.0https://creativecommons.org/licenses/by/4.0

In this episode of The Awareness Angle, I’m joined by two people who genuinely live and breathe community-led security awareness, Roberto Ishmael Pennino and Liam Stock Rabbat.This conversation goes well beyond phishing simulations and training slides. We talk openly about why community matters so much in security awareness, how loneliness and isolation are fuelling modern scams, and why human connection might be one of the most important defences we have right now.We dig into Ishmael and Liam’s joint initiative focused on cybersecurity awareness for everyone, not just people working in corporate roles, and why giving back to the wider community should matter to all of us in this space. We also explore the real-world impact of scams, shame, and silence, including why normalising these conversations can genuinely help people feel safer online.There’s plenty in here for awareness professionals, as well as for anyone interested in human risk, behaviour change, and making security feel more human.🎙️ In this episode, we cover• Why community work matters in security awareness• The human cost of scams, beyond just financial loss• How awareness can genuinely help people feel safer• AI as both a challenge and an enabler for awareness teams• What needs to change to improve online safety for everyoneIf you care about people, culture, and doing security differently, this one’s for you.👍 Like, subscribe, and share if this episode resonates💬 Let us know your thoughts in the commentsIn this episode, we discuss the "Shamrock Project", but we had that wrong. It's Operation Shamrock and more details on them and the great work that they do can be found at www.operationshamrock.orgWe also discussed my interview with Daisy Wong and her own personal experience witha romance scam. You can watch that video at https://youtu.be/T7rrOmGRAoUStay aware, stay secure.The Awareness Angle: Interviews is our ongoing series of real, no-fluff conversations with the people rethinking how we approach security, risk, and human behaviour.Read The Episode Discussion Pointshttps://www.riskycreative.comYouTubehttps://www.youtube.com/@riskycreativeLinkedInhttps://www.linkedin.com/company/[email protected]://www.riskycreative.comAbout The Awareness AngleA CYBERSECURITY PODCAST where we talk about SECURITY AWARENESS and security education. We are professionals in HUMAN RISK and Information Security Awareness. We know PHISHING CAMPAIGNS. We know PHISH. We have done annual SECURITY TRAINING. We have sent NEWSLETTERS and made videos. We have created security awareness CULTURE STUDIES and are passionate about HUMAN BEHAVIOURS. Whether you're a Cyber Security Awareness professional or simply curious about human risk, this podcast is your go-to resource for fresh perspectives and creative solutions.Intro and outro music16! by falling foreverhttps://fallingforever.bandcamp.com/track/16LicenseCreative Commons Attribution 4.0https://creativecommons.org/licenses/by/4.0

This week on The Awareness Angle, trusted platforms are being abused at scale, and the damage often starts with things that look completely legitimate. From Spotify facing claims of a massive torrent based scrape to phishing emails abusing real Google services, the theme this week is misplaced trust, and how attackers keep exploiting it.We kick off with Breach Watch, starting with claims that Anna’s Archive scraped huge volumes of Spotify audio and metadata and redistributed it via torrents. We then move to Ubisoft taking Rainbow Six Siege offline after attackers appear to gain deep backend control, triggering mass bans and in game chaos. We also cover Korean Air disclosing a passenger data exposure linked to a supplier breach, and an update on the Coupang incident where investigators recovered customer data from a laptop that had been smashed and dumped in an attempt to destroy evidence.In What the Hack, we break down a phishing campaign abusing real Google services to send convincing emails before stealing Microsoft logins, a British security researcher who secured an Australian visa after responsibly hacking a government website, and a new ClickFix service selling fake browser glitch pages at scale. We also dig into a long running browser extension malware campaign that has quietly infected millions of users across Chrome, Edge, and Firefox, Meta’s reported internal playbook for managing scam ad scrutiny, and why Flipper Zero and Raspberry Pi devices were banned from a major public event in New York.The wider topics look at loan scams thriving on social platforms, why scam ads keep slipping through despite reporting, and the quiet loss of one of the most important public resources for tracking AI jailbreaks in the wild.If you want cyber news explained with clarity and zero jargon, you are in the right place.Chapters00:00:00 Welcome, and this week’s storiesBreach Watch00:01:16 Spotify scrape claims and torrent distribution00:05:25 Rainbow Six Siege hack forces Ubisoft shutdown00:10:57 Korean Air passenger data exposed via supplier breach00:12:59 Coupang update, smashed laptop data recoveredWhat the Hack00:15:53 Google services abused for phishing Microsoft logins00:20:47 British hacker wins Australian visa after responsible disclosure00:23:34 ClickFix attacks sold via fake browser glitch pages00:28:46 Browser extensions infect millions over seven years00:34:28 NYC bans Flipper Zero and Raspberry Pi devicesTopics00:39:02 Loan scams spreading through social platforms00:42:10 Meta and the management of scam ad scrutiny00:44:59 Reddit bans r slash ChatGPTJailbreak and why it matters00:48:06 Closing thoughtsMore Informationhttps://riskycreative.comListen on the goSpotify: https://open.spotify.com/show/7rwzcRsKrXbASFBfiXoCZ6?si=1bbe58c9be6c462bApple Podcasts: https://podcasts.apple.com/us/podcast/the-awareness-angle-cyber-news-weekly/id1784126196Follow usLinkedIn: https://www.linkedin.com/newsletters/the-awareness-angle-newsletter-7274932363787132928/TikTok: https://www.tiktok.com/@infosecantInstagram: https://www.instagram.com/riskycreativeYouTube: https://www.youtube.com/@riskycreativeIf you found this useful, hit subscribe and share it with someone who cares about cyber but does not speak cyber.Stay aware, stay secure.

This week on The Awareness Angle, breaches, extortion, and quietly invasive tech all collide. From real estate firms leaking highly sensitive data to browser extensions secretly harvesting AI conversations, the theme this week is trust, and how easily it gets abused.Luke is back from holiday, and we kick off with Breach Watch, starting with a New York and DC real estate developer exposing nearly 47,000 people after a ransomware attack. We then look at SoundCloud losing control of user data, followed by one of the most personal extortion cases we have seen, PornHub Premium viewing history stolen via a third party analytics provider. We also cover the ongoing UK government hack that ministers are playing down, despite growing concern around state linked espionage.In What the Hack, we dig into malware hidden inside movie subtitle files on fake torrents, a new Microsoft account takeover technique that bypasses passwords, MFA, and passkeys, and a Chrome browser extension that was quietly intercepting millions of users’ AI chats while wearing a trusted Featured badge. We also revisit LG’s smart TV Copilot backlash, and how user pushback forced a rapid U turn.The wider topics take us from WhatsApp account hijacking via Ghost Pairing, to activity tracking risks in messaging apps, the growing problem of deepfakes and trust online, crypto scams draining life savings, and how Amazon detected a North Korean infiltrator based on something as subtle as keystroke lag.If you want cyber news explained with clarity and zero jargon, you are in the right place.Chapters00:00:00 Welcome, and this week’s storiesBreach Watch00:01:36 NYC and DC real estate developer data breach00:04:27 SoundCloud breach and VPN disruption00:08:15 PornHub extortion and leaked viewing history00:13:27 UK government hack investigationWhat the Hack00:16:49 Malware hidden in movie subtitle files00:21:55 Microsoft account takeover surge and ConsentFix00:28:47 Chrome extensions harvesting AI chats00:34:54 LG backtracks on Copilot for smart TVsTopics00:38:09 WhatsApp Ghost Pairing account hijack00:41:48 WhatsApp and Signal activity tracking risks00:47:50 Deepfakes, content credentials, and trust online00:49:43 Idris Elba waxwork and biometric security limits00:53:32 Do we actually need AI00:54:40 Crypto scam victim loses 1.8 million dollars00:57:32 North Korean infiltrator caught via keystroke lagMore Informationhttps://riskycreative.comListen on the goSpotify: https://open.spotify.com/show/7rwzcRsKrXbASFBfiXoCZ6Apple Podcasts: https://podcasts.apple.com/us/podcast/the-awareness-angle-cyber-news-weekly/id1784126196Follow usLinkedIn: The Awareness Angle NewsletterTikTok: @infosecantInstagram: @riskycreativeYouTube: @riskycreativeIf you found this useful, hit subscribe and share it with someone who cares about cyber but does not speak cyber.Stay aware, stay secure.

Subscribe on your favourite platforms and visit https://linktr.ee/riskycreative for more of ∠The Awareness Angle.This week on The Awareness Angle Interviews, Ant sits down with Cary Johnson, founder of Phishbusters, for a straight talking conversation about security awareness, human risk, and why so many programmes struggle to prove real impact.This episode strips away dashboards, buzzwords, and vendor narratives to focus on what actually reduces phishing risk. Cary brings a science led perspective to awareness, challenging engagement metrics, benchmarks, and the idea that looking busy means you are becoming more secure.We get into phishing as a measurement tool rather than a content engine, why repeat clickers are not all the same, and how poor measurement can quietly create fatigue, resentment, and false confidence across organisations.If you work in security awareness, human risk, or phishing defence, this conversation will challenge how you think about success.We talk about Why engagement does not equal impact Benchmarks versus baselines, and why the difference really matters Phishing as the number one human risk Repeat clickers, learners, and where risk actually sits Why overtraining creates fatigue and resentment Verification skills and keeping awareness simple Compliance theatre and the danger of vanity metrics Vendors marking their own homework How to test whether your programme is genuinely workingThis is a calm but challenging discussion that says the quiet part out loud. It shows how easily good intentions can turn into noise when measurement is flawed, and how much simpler awareness can be when we focus on proof instead of performance.Let me know what it gets you thinking about.Stay aware, stay secure.Previous Episodehttps://www.youtube.com/watch?v=EntRmhcDOBM&list=PLEsOj51Q0PfA0qX6BRlNnyD7lG8JlijRfLinksYouTube: https://www.youtube.com/@riskycreativeLinkedIn: https://www.linkedin.com/company/riskycreativeSpotify: https://open.spotify.com/user/riskycreativeWebsite: https://www.riskycreative.comContact: [email protected] and outro music16! by falling foreverhttps://fallingforever.bandcamp.com/track/16License: CC BY 4.0https://creativecommons.org/licenses/by/4.0

This week on The Awareness Angle, data breaches keep piling up, ransomware is still doing damage, and software updates are becoming an attack surface all of their own. Luke is on holiday, so I am flying solo, but there is plenty to dig into.We start with a classic insider risk failure at Coupang, where a former employee kept access after leaving, followed by a credit checking firm exposing millions of people who may never even have heard of them. We also look at a misconfiguration that left vet records publicly accessible, and a pharma company hit by ransomware where data theft came before encryption.In What the Hack, Apple rushes out emergency patches for active zero-day exploits, Notepad++ fixes a flaw that allowed malicious updates to be pushed to users, and LG quietly installs Microsoft Copilot onto smart TVs with no option to remove it, raising uncomfortable questions about control and consent.We then move into the wider topics, from why a breached Pringles account is actually a serious lesson about password reuse, to Roblox horror games rated far too young, smarter captchas designed to beat bots, and a US proposal that could see travellers handing over years of social media history just to cross the border.If you want cyber news explained with clarity and zero jargon, you are in the right place.Chapters00:00 Welcome and this week’s stories01:10 Breach Watch beginsBreach Watch01:30 Coupang breach traced to ex-employee access06:30 Credit check company breach exposes millions13:40 Petco Vetco website data exposure19:40 Inotiv ransomware attack and data theftWhat the Hack25:30 Apple emergency zero-day updates30:40 What is a zero day, explained simply32:30 Notepad++ malicious update flaw37:40 LG TVs install Microsoft CopilotAnt’s Topics46:10 Germany accuses Russia of air traffic control cyber attack49:20 Pringles account breach and password reuse51:40 Roblox games and content maturity concerns53:40 US proposal to collect travellers’ social media historyWrap Up54:50 Final thoughts and sign offListen on the goSpotify: https://open.spotify.com/show/7rwzcRsKrXbASFBfiXoCZ6Apple Podcasts: https://podcasts.apple.com/us/podcast/the-awareness-angle-cyber-news-weekly/id1784126196Follow usLinkedIn: https://www.linkedin.com/newsletters/the-awareness-angle-newsletter-7274932363787132928/TikTok: https://www.tiktok.com/@infosecantInstagram: https://www.instagram.com/riskycreativeYouTube: https://www.youtube.com/@riskycreativeIf you found this useful, hit follow and share it with someone who cares about cyber but does not speak cyber.Stay aware, stay secure.

This week on The Awareness Angle, things get lively. We break down the Scientology ransomware attack, the ongoing chaos at Westminster Council, the five hundred million Windows 10 devices now left unsupported, and the ClickFix scam impersonating ChatGPT that we discovered live during the recording.We dig into what the Qilin gang claims to have taken from Scientology, why Westminster is still struggling to deliver basic services, and how Microsoft has created a global security problem by forcing users onto hardware they cannot afford. We also look at the Windows LNK zero day, Microsoft’s new activity tracking in Teams, and India’s decision to drop its mandatory cyber safety app.The big moment this week is the fake ChatGPT Atlas installer. A live ClickFix scam pushed through a compromised Google Ads account, designed to steal passwords simply by tricking people into pasting a command into their terminal. It is a clear example of how modern attacks borrow trust from real brands.We finish with AI fakery, deepfake claims and a Japanese game studio that now asks applicants to draw live to prove their portfolios are human made.If you want cyber news explained with clarity and zero jargon, you are in the right place.Chapters00:00:00 Welcome back and Luke returns00:00:29 Overview of this week’s stories00:01:19 Breach Watch beginsBreach Watch00:01:19 Scientology hit by Qilin ransomware00:03:28 Westminster Council attack update00:07:03 Freedom Mobile breach in Canada00:09:08 Brsk breach in the UK00:11:38 Marquis breach impacts seventy four US banks00:13:24 Wrap up of this week’s Breach WatchWhat the Hack00:14:25 Windows 10 crisis and unsupported devices00:16:07 Windows LNK zero day explained00:20:30 Teams location and activity reporting backlash00:22:20 India scraps mandatory cyber safety appClickFix Discovery00:25:50 Fake ChatGPT Atlas browser and ClickFix attack00:31:10 Live discovery of active scam through Google Ads00:33:54 Reporting the malicious ad and account takeoverAnt’s Topics00:41:20 Reddit story: employee clicks phishing link00:43:03 Why reporting quickly matters more than the click00:45:33 AI used to fake street footage and misinformationLuke’s Topics00:48:03 AI generated behind the scenes Home Alone footage00:53:52 Debunking viral AI content and misinformation00:55:14 Japanese studio now testing applicants live to stop AI cheatingWrap Up00:58:03 Final thoughts and sign off00:58:51 OutroListen on the goSpotify: https://open.spotify.com/show/7rwzcRs...Apple Podcasts: https://podcasts.apple.com/us/podcast...Follow usLinkedIn: https://www.linkedin.com/newsletters/the-awareness-angleTikTok: https://www.tiktok.com/@infosecantInstagram: https://www.instagram.com/riskycreativeYouTube: https://www.youtube.com/@riskycreativeIf you found this useful, hit subscribe and share it with someone who cares about cyber but does not speak cyber.Stay aware, stay secure.

📢 Subscribe on your favourite platforms and visit https://linktr.ee/riskycreative for more of ∠The Awareness Angle.📢 This Week on The Awareness AngleA council incident affecting thousands of residents, emergency alerts taken offline, a vishing breach at Harvard, fake Windows updates, AI voice scam stories, and an industrial scale Black Friday campaign tricking shoppers everywhere. Luke is off sick, so Ant takes you through a busy week in cyber on his own.We dive into AI generated shopping scams, a password trick that had Reddit arguing for hours, and a correction to a widely shared Gmail story that shows why verifying details still matters.In this episode: London councils hit by a cyber incident that slowed services Emergency alert systems in the United States disrupted after a cyber attack Harvard alumni data exposed after a vishing breach A SIM swap case that led to financial loss and emotional pressure The UK budget leak caused by a predictable URL Fake Windows update screens used to deliver malware through ClickFix Black Friday and Cyber Monday scams using hundreds of fake brand sites AI voice scams and how criminals can copy a voice with seconds of audio AI generated shopping scams and fake Etsy style listings A password trick involving colons that confused stealer logs The Gmail smart features correction and what really happened A preview of Ant’s session with Layer Eight on Champions programmesIf you work in cyber, tech, IT, risk or you simply want to stay ahead of common scams, this episode gives you clear context that helps you protect yourself and the people around you.👋 About usAnt Davis helps people make sense of the human side of cybersecurity through Kindred Cyber, a people centred security service that focuses on behaviour, culture and clear communication.Luke Pettigrew is an experienced security professional with a strong background in user education for one of the UK’s largest online retailers. Together they turn complex cyber news into simple stories and practical advice.👍 Support the showIf you enjoy the episode, follow the podcast, rate it, and share it with someone who would find it useful.Timestamps00:00 Intro and Luke is off sick01:02 London Councils cyber incident03:15 OnSolve Code Red emergency alert breach06:55 Harvard vishing breach10:25 What the Hack SIM swap case from Joe Tidy16:33 OBR Budget leak caused by a predictable URL21:18 ClickFix fake Windows update malware27:55 Black Friday fake brand giveaways35:40 CIISec Live event recap42:38 TikTok default password coffee machine44:18 TikTok AI kidnap scam voice cloning48:35 Corridor Crew AI shopping scams52:00 Password tip using a colon53:02 Gmail smart features correction55:10 Layer 8 champions report preview56:30 Closing🔗 LinksYouTube: https://www.youtube.com/@riskycreativeLinkedIn: https://www.linkedin.com/company/riskycreativeSpotify: https://open.spotify.com/user/riskycreativeWebsite: https://www.riskycreative.com🎵 MusicIntro and outro song: https://fallingforever.bandcamp.com/track/16

📢 Subscribe on your favourite platforms and visit https://linktr.ee/riskycreative for more of ∠The Awareness Angle📢 This Week on The Awareness AngleRail hacks, WhatsApp risks, CCTV horror stories, teenage cyber gangs, and a staffing breach that leaked over a hundred thousand CVs. It has been a busy week.Luke and I break down the biggest cyber stories in a way that actually makes sense for real people at work, not just security pros. We talk human risk, scams, what to watch out for, and why the simplest mistakes keep causing the biggest damage.In this episode:• The Italian rail supplier breach with 2.3 TB of stolen data• Salesforce customer data stolen through a Gainsight integration• Cornerstone Staffing and the leak of more than one hundred thousand CVs• A WhatsApp flaw exposing 3.5 billion phone numbers• A nationwide CCTV hack in India involving maternity wards and schools• Australia’s new under sixteen ban and what it means for social platforms• TfL’s 2024 cyber attack and the trial ahead• Plus our own stories, scams we spotted, and awareness topics making the rounds this week👋 About usAnt Davis helps people make sense of the human side of cybersecurity. He runs Kindred Cyber, a people centred security service that gives organisations real world guidance, support and better engagement.Luke Pettigrew is an experienced security professional with years of hands on work educating people across one of the largest online food retailers in the UK. Together they take the complex parts of cyber and turn them into simple stories, clear guidance and content that helps people understand what is happening and why it matters.👍 Support the showSubscribe, drop a like, and leave a comment. It helps more than you think.If you prefer short form content, follow us on TikTok, YouTube Shorts, and Instagram for daily clips.📨 Stay updatedJoin the weekly newsletter for extra context, stories we did not cover, and links to everything we discuss.#cybersecurity #securityawareness #phishing #podcast #cloudsecurity #passwords #AIsecurity #infosec🕒 Timestamps00:00 Intro and welcome00:19 Quick catch up00:32 Ant starting Kindred Cyber01:24 Moving into the breach report02:03 Italian rail group breach03:15 Salesforce and Gainsight breach05:18 Cornerstone Staffing ransomware attack08:32 WhatsApp flaw exposes 3.5 billion numbers12:28 UK, US and Australia sanction Russian cyber firms14:45 Australia adds Twitch to teen social media ban19:52 CCTV hack in Indian maternity wards27:43 TfL cyber attack court update30:59 CIISEC Live and Ant’s appearance32:17 Launch of Kindred Cyber34:30 Lost Phone Passcode Social Engineering Scam37:19 The AI data paste incident from Reddit41:34 Flight scam and Google ads abuse49:11 Bob's Business - Scams and AI made scam sites51:33 Wrap up and closing thoughts🍿 Previous Episodehttps://youtu.be/qsS5wWZTLrg🟥 YouTube🟦 LinkedIn🟩 Spotify📧 [email protected]🔗 https://www.riskycreative.com🎵 Our Intro and Outro Song (© 16 by falling forever)https://fallingforever.bandcamp.com/track/16License: CC BY 4.0https://creativecommons.org/licenses/by/4.0/

📢 Subscribe on your favourite platforms and visit https://linktr.ee/riskycreative for more of ∠The Awareness AngleThis week on The Awareness Angle, Ant Davis and Luke Pettigrew break down a wild mix of stories that show how everyday tools are becoming attack surfaces. This episode digs into the human habits, design gaps and risky shortcuts that make these attacks possible.🔓 Google Find Hub Used for Remote WipeA North Korean group found a way to hijack Google accounts, track victims and remotely wipe Android devices. Ant and Luke talk through how cloud accounts have quietly become the true kill switch for modern phones.🤖 The First AI Orchestrated Cyber AttackA Chinese state linked group jailbroke Claude Code and used it to run eighty to ninety percent of a full intrusion chain. No big team. No complex tooling. Just structured tasks and an AI agent that never gets tired.💸 Checkout dot com Turns Extortion Into Something PositiveInstead of paying, they donated the ransom amount to cybercrime research at Oxford and Carnegie Mellon. A rare example of turning an attack into something that helps the whole community.📡 Two Billion Credential DumpHIBP indexes a massive set of recycled passwords and emails. The boys explain why password reuse is still at the root of so many real world breaches.🔍 Ofcom Monitoring VPN UsageA UK regulator tracking VPN use with an unnamed vendor. Ant and Luke get into the privacy implications and why transparency matters.🚌 Chinese Built Buses That Can Be Stopped RemotelyA strange but worrying discovery in Norway. Even legitimate remote access can become a serious operational risk.🧠 PlusCIISec Live, clever awareness ideas on LinkedIn, why timeless videos still work, and a worrying text scam that shows how vulnerable people are still the biggest targets for social engineering.#cybersecurity #securityawareness #phishing #podcast #cloudsecurity #passwords #AIsecurity #infosec🕒 Timestamps:​00:00 Intro and catch up​01:52 Breach Watch begins​02:27 Doctor Alliance healthcare breach​04:02 Synnovis NHS ransomware investigation​07:06 DoorDash social engineering breach​08:56 Checkout dot com extortion attempt​10:10 Synthient credential stuffing dump​13:25 Ofcom monitoring VPN usage​16:20 Chinese built buses can be remotely stopped​21:59 Google Find Hub remote wipe attack​25:55 AI orchestrated espionage using Claude Code​29:55 Scotland launches cyber observatory​31:00 UK Cyber Security and Resilience Bill​35:06 Quantum Route Redirect phishing kit​38:11 Awareness Awareness​40:59 Think and Share challenge​44:34 Right Hand Cyber Halloween posters​47:07 Jimmy Kimmel password clip​50:16 Leanne Potter on language shaping cyber and AI​52:48 Luke’s topic, Lloyds Bank text scam​54:40 Ant’s topic, suspicious car finance email example​58:20 Wrap up https://www.youtube.com/@riskycreative🟦 https://www.linkedin.com/company/riskycreative🟩 https://open.spotify.com/user/riskycreative📧 [email protected]🔗 https://www.riskycreative.com🎵 Our Intro and Outro Song (© 16 by falling forever)https://fallingforever.bandcamp.com/track/16License: CC BY 4.0https://creativecommons.org/licenses/by/4.0

We are back with another interview and this one is a proper conversation about what security awareness should feel like. Honest, simple and human.This week I sat down with Dan Thornton, founder and CEO of Goldphish. Dan’s path into cyber started in the Royal Marine Commandos and moved through physical security and crisis management before one attack changed everything. NotPetya wiped out a global organisation he was supporting and it became clear that digital risk now hits harder and faster than anything physical. That moment pushed him into cyber and eventually into building Goldphish.What I love about Dan is how grounded he is. No jargon. No overcomplication. No feature overload. Just a belief that people deserve better than long training, shame based phishing tests and compliance for the sake of compliance.In this episode we get into: Why phishing is smarter, faster and more convincing How attackers use AI to personalise at scale Why shame stops people reporting Why SMEs struggle to run awareness properly Why simple, entertaining content is still the thing most companies get wrongDan is a big believer in incentives. If someone reports quickly, celebrate it. If a team does the right thing, make it visible. Culture grows when people feel supported, not judged.We also talk about voice scams, deep fakes, business email compromise and how criminals are already using AI to build long form, relationship driven fraud. This space is moving and moving quickly.There are some fun moments too. Pizza flavoured passwords, the danger of what our ChatGPT histories reveal and a few curveball questions that took us both by surprise.If you care about human risk, culture and stripping cyber back to what works, this is a great episode to dive into. Dan brings a refreshingly practical view of awareness and why the basics still matter more than anything.Listen now and imagine what your programme could be if you kept things simple, human and actually enjoyable.You can find Dan at goldphish.com or on LinkedIn.

You are tuned in to The Awareness Angle, the weekly show where we cut through the cyber noise and get straight to the scams, slip ups, and stories that actually matter.In this episode, Ant and Luke dig into a fresh batch of breaches, some worrying policy decisions, and a few very human stories from inside the cyber world. From councils leaking resident data, to VPNs quietly opening the door to ransomware, to AI powered scams on your favourite apps, this one is packed.In this episodeGlobal breach round up Hyundai AutoEver America, Nikkei’s Slack compromise, and South Gloucestershire Council accidentally publishing residents’ personal data. What happened, what was exposed, and what it says about everyday cyber hygiene.The Louvre robbery and terrible passwords The reported CCTV password that matched the museum name, ignored audits, and what happens when reputation gives people a false sense of security.Australia’s social media ban for under 16s Reddit and others join the list. Safety, surveillance, and whether bans really help children, or just push them into darker corners of the internet.FCC rolls back telecom cyber rules Why stripping mandatory requirements after major hacks is a bad look, and what it tells us about politics and security.Apple’s monster patch day More than 100 vulnerabilities fixed across iOS, macOS, iPadOS and more, but very little clarity on severity. Patch fatigue, transparency, and WebKit as the quiet weak point.Firewalls, VPNs, and hidden complexity New data that links complex Cisco and Citrix VPN setups to a much higher ransomware risk, and why “do everything” security boxes often end up poorly maintained.Microsoft Teams message manipulation Flaws that allowed attackers to alter messages, spoof identities, and fake calls. What this means for trust in internal chat tools and executive impersonation.M&S profits almost wiped out by a cyber attack A single incident that slashed profits by 99 percent, disrupted shelves and click and collect, and showed just how fast cyber risk becomes business risk.When the good guys go bad Two former cyber professionals accused of running ALPHV ransomware attacks on the side. Insider knowledge, trust, and the reality of cyber crime as a business.HuFiCon trip and human risk in the wild Ant’s debrief from the Human Firewall Conference in Cologne, why SoSafe impressed, and a few live examples of herd mentality and social proof you can use in your own awareness work.ChatGPT’s “improve the model for everyone” setting Why you should check that toggle if you are using personal accounts for work data, and why business or enterprise plans matter.Meta, scam ads, and shameless profit A look at reports that Meta is earning serious money from obviously fraudulent adverts, and what that means for ordinary users trying to stay safe.AI image fraud and DoorDash style scams Using AI tools to fake photos for refund claims and how app design could shut some of this down.ClickFix in the wild A real world example of the copy and paste into the run box attack, why it works, and the simple message you need people to remember.Recruitment rants and candidate experience Ghosting, broken promises, and what sloppy hiring processes say about culture inside security teams.Listen forReal stories you can reuse in your own awareness or training sessions.Plain language explanations of complex attacks, from VPN misuse to Teams abuse.Honest chat about what is and is not working in the world of human risk.Stay connectedSubscribe to The Awareness Angle Newsletter for story links and extra commentary.Watch full episodes and clips on YouTube, search for Risky Creative or The Awareness Angle.New episodes every week. Views are our own, not our employers.

This week on The Awareness Angle, Ant Davis and Luke Pettigrew unpack a wave of global cyber stories — from telecom breaches and AI-powered defence tools to sextortion scams and the emotional risks of “friendly” chatbots. It’s a mix of human stories, technical takeaways, and practical lessons for anyone trying to stay safe in an AI-shaped world.📡 Global Breaches & Third-Party Fallout – LG U+, Toys “R” Us Canada, HSBC, and Verisure all suffer breaches linked to vendors or poor visibility. The takeaway? Even mature orgs keep getting blindsided by supplier access and delayed disclosure.🤖 OpenAI’s ‘Aardvark’ GPT-5 Agent – A self-fixing AI for security flaws sounds promising—until you realise it’s patching live code. Automation helps, but trust and verification still matter more than ever.💬 Meta’s Scam Detector – WhatsApp and Messenger now use AI to flag impersonation and job scams. Ant ties this to his own “Tilly from Fram Search” scam attempt, showing how emotional hooks still trump logic.🧒 AI Sextortion Scams & ReportRemove – Deepfaked nudes used to extort teens; a BBC case highlights the IWF’s lifesaving removal tool. A reminder that awareness isn’t just about security—it’s safeguarding.👥 Character.AI Blocks Teen Chat – After reports of inappropriate AI conversations, under-18s are now cut off. Ant and Luke discuss why “empathetic” AI companions can quickly turn toxic.🇬🇧 NCSC Annual Review – Four major UK cyber incidents every week, a 129% rise year-on-year. New SME Cyber Action Toolkit promises easy wins, but small firms still face time and funding barriers.🧩 Chrome Zero-Day (Memento Mori) – Active exploit patched, but only if users reboot. Awareness message: “Auto-update isn’t a shield—restart and verify.”💼 Insider Threats & Classroom Tricks – A Reddit post shows real insider exfiltration, while teachers hide invisible AI prompts to catch students using ChatGPT. Both show behaviour—not tech—is the true battleground.📰 AI Authenticity Crisis – From AI-written beauty magazines to GPT vs Google explainers, even “real” media now demands literacy training to spot synthetic content.🧠 ‘EtherHiding’ Malware on Blockchain – Malicious code hidden in blockchain assets targets job seekers via fake coding tests. Proof that persistence now has a whole new meaning.Whether you’re defending systems, teaching staff, or just trying to keep your kids safe online—this episode connects the technical, the human, and the emotional sides of cybersecurity.🕒 Timestamps00:00 — Introduction & Milestone Celebration📩 For links, videos, and the newsletter – head to ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠riskycreative.com⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠💬 ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Check Out This Episode's Discussion Points⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠📧 ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠[email protected]⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠🔗⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ riskycreative.com⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠🎵 Our Intro & Outro Song (© ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠16! by ⁠falling forever⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠)License: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://creativecommons.org/licenses/by/4.0⁠⁠⁠

This week on The Awareness Angle, Ant Davis and Luke Pettigrew dive into the fast-moving collision between AI innovation, real-world breaches, and human behaviour. From Sotheby’s data leak to AI browsers that remember your every move, this episode explores where awareness, policy, and technology are all being stress-tested.🏭 Sotheby’s, Muji & JLR Breaches – From luxury auctions to car factories, supply chain ransomware continues to ripple through industries. JLR’s £1.9B loss now marks the UK’s costliest cyber incident.🧠 Deepfake Politics – A fake video of MP George Freeman “defecting” proves that AI-fabricated political manipulation is no longer hypothetical—it’s here and hyper-local.📹 YouTube’s Likeness Detection – Google’s new system to identify AI fakes comes with a trade-off: creators must hand over government ID and facial video. Security meets privacy in a messy middle.🎣 Phishing-as-a-Service – “Whisper 2FA” has powered over 1M phishing attacks, using AJAX to steal live MFA codes. A reminder: phishing kits evolve faster than most awareness programs.🧭 ChatGPT Atlas Browser – The new AI-integrated browser introduces “memory” and “agent” modes—but also raises massive insider and data leakage risks. Shadow AI just went mainstream.🧩 Windows Zero-Days – Legacy modem and RASMAN flaws are being exploited in the wild. Microsoft and vendors rush to patch, underlining the ongoing struggle with hidden legacy code.📈 Reddit’s Reality Check – Security pros report phishing surges of up to 300%, likely linked to the Salesforce leak. Community intel confirms: automation is scaling human deception.🎙️ Community Highlights – Ant joins the Go Fish podcast and Layer8’s Security Champions project ahead of his talk at the Human Firewall Conference in Cologne.🔍 Phishing Design & Visual Cues – The hosts dissect a fake rnicrosoft.com email and how simple UI details—like hyperlink colours—still shape digital literacy.🎬 AI & Authenticity – OpenAI’s first brand ad was filmed on 35mm film. Even AI firms are leaning on the “human touch” to rebuild audience trust.🛠️ Tools Worth Knowing – Shoutout to Pistachio App, a clean, transparent platform for phishing simulations and insider risk detection—proof that simplicity wins adoption.🚨 TikTok, SIM Farms & SMS Blasters – Latvian police seize 40,000 SIMs in a major fraud ring, while a UK man is jailed for sending parcel scam texts on the Tube—awareness in action.🕒 Timestamps00:00 — Introduction & Milestone Celebration📩 For links, videos, and the newsletter – head to ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠riskycreative.com⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠💬 ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Check Out This Episode's Discussion Points⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠📧 ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠[email protected]⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠🔗⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ riskycreative.com⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠🎵 Our Intro & Outro Song (© ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠16! by ⁠falling forever⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠)License: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://creativecommons.org/licenses/by/4.0⁠⁠⁠

This week on The Awareness Angle, Ant Davis and Luke Pettigrew unpack a packed lineup of real-world cybersecurity stories — from paper-based recovery plans to AI data leaks, healthcare ransoms, and the human messiness behind governance and awareness. It’s all about what happens when the systems fail, the people improvise, and resilience gets real.📄 Paper Plans & Power Cuts – The NCSC urges organisations to keep printed incident plans. The hosts ask the hard question: how do you “open your playbook” if it’s been ransomwared?☁️ Cloud “Whoopsie” of the Week – A misconfigured “Invoicedly” S3 bucket leaks sensitive financial data. Simple mistakes, big consequences.🤖 Shadow AI at Work – 77% of employees reportedly paste company data into ChatGPT. Culture or control — what’s the real fix?🏥 Healthcare Ransomware Ethics – X-rays and ECGs leaked online reignite debate over whether private healthcare firms should ever pay.📬 Court-Themed Phishing – Fake legal summonses using SVG attachments show how scammers are levelling up in realism.💬 Discord Support Leak Confusion – Government IDs appear in a third-party breach; finger-pointing follows. Who’s really accountable?💸 Capita’s £14M Lesson – The ICO fine lands, proving that prevention costs less than penalties. A nod to burnt-out IR teams who rarely get a break.🧠 F5 Networks Intrusion – Nation-state attackers lurked for months before discovery. The takeaway? Patch, disclose, repeat.📉 Deloitte’s $440K AI Blunder – A government report filled with hallucinated citations — proof that even consultants need a human review step.🧩 Awareness Corner – Ant previews his HuFiCon talk in Cologne and shares Layer8’s open research on what makes security champions work.🕒 Timestamps00:00 — Introduction & Milestone Celebration📩 For links, videos, and the newsletter – head to ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠riskycreative.com⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠💬 ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Check Out This Episode's Discussion Points⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠📧 ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠[email protected]⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠🔗⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ riskycreative.com⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠🎵 Our Intro & Outro Song (© ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠16! by ⁠falling forever⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠)License: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://creativecommons.org/licenses/by/4.0⁠⁠

This week on The Awareness Angle, Ant Davis and Luke Pettigrew unpack the latest in cybersecurity and human risk — from fake job recruiters flooding LinkedIn to deepfake chaos and a nursery hack that shocked the UK. Whether it’s scams, software flaws, or stolen art, this episode is all about where human behaviour meets digital consequence.🕵️‍♂️ LinkedIn Recruitment Scam – “Open to Work” TrapWhen Ant switched on “Open to Work,” fake recruiters arrived within seconds — zero followers, spam hashtags, and mismatched job offers. It’s a stark reminder of how social engineering preys on urgency and hope. Pause, verify, and think before engaging.🎮 Unity Vulnerability – Game Engine FlawA high-severity Unity exploit forced Steam to block unpatched games. It’s a lesson in patch psychology — users delay for convenience, but the cost of waiting is higher than the update itself.🎬 AI Video Boom & Deepfake ConcernsSora 2 becomes the fastest-downloaded app ever as creators like MrBeast warn of deepfake chaos — from fake celebrity videos to stolen likenesses. The takeaway: verification and transparency are the new currency of trust online.🧒 Kido Nursery Hack – Teenagers ArrestedTwo 17-year-olds were charged over a ransomware attack on a UK nursery chain — an alarming example of how young people can be drawn into cybercrime, and why early education and deterrence are essential.🎨 Author’s iPad Theft – Six Years LostThe Boy, The Mole, The Fox and The Horse author lost years of unreleased artwork after his iPad was stolen. A real-world reminder: backups only matter if they actually work — and you’ve tested them.🌐 Domain Hijack – Puffin Books / Andy CopeA hijacked author website redirected visitors to adult content. It’s a simple DNS lapse with reputational fallout — renew your domains, secure your logins, and monitor what matters.💬 Discord Vendor Breach – Third-Party RiskA vendor compromise exposed 70,000 Discord users. Even if your systems are secure, partners can still sink you. Limit data retention and review vendor practices regularly.🎰 DraftKings Credential StuffingAttackers accessed accounts through reused passwords — fewer than 30 victims, but entirely preventable. MFA and unique credentials remain the simplest, strongest defence.☁️ Salesforce / Scattered SpiderRansomware actors claim 1.5 billion records — one of the largest alleged data thefts to date. Another case of companies refusing to pay, proving resilience and communication are as vital as response plans.🎤 Wrap-Up & Awareness TakeawaysAnt plugs upcoming appearances at HuffyCon (Human Firewall Conference, Cologne) .🕒 Timestamps00:00 — Introduction & Milestone Celebration📩 For links, videos, and the newsletter – head to ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠riskycreative.com⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠💬 ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Check Out This Episode's Discussion Points⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠📧 ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠[email protected]⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠🔗⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ riskycreative.com⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠🎵 Our Intro & Outro Song (© ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠16! by ⁠falling forever⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠)License: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://creativecommons.org/licenses/by/4.0⁠⁠

This week on The Awareness Angle, Anthony Davis and Luke Pettigrew dig into a packed line-up of stories that show just how wide the cyber threat landscape has become—from luxury retailers and carmakers taken offline, to insider risks, ransom trends, and the latest fights between governments and Big Tech. It’s not just about breaches and numbers; it’s about people, trust, and the human cost behind the headlines.🛍️ Harrods, Renault & Asahi Hit – A wave of big-name attacks highlights how third-party breaches ripple across industries—and why some victims keep getting hit again.💰 Ransomware Stats That Shock – Hiscox research shows 27% of SMEs targeted last year, 80% paying up, and only 60% recovering data. We debate whether ransom bans are coming.🧑‍💻 Insider Temptations – Hackers offered the BBC’s Joe Tidy a cut of ransom if he gave insider access. It’s a stark reminder of how disgruntled staff can become the weakest link.🎒 Nursery Data Fallout – After outrage, hackers “apologised” and claimed to delete leaked children’s profiles. We unpack what this says about criminal limits and reputational damage.📧 Oracle Extortion Emails – CLOP-linked scammers target execs directly with extortion threats. Why quiet, internal responses can make things worse.🕹️ Platforms Under Pressure – Imgur blocked in the UK, Roblox culls 8 million games for age compliance. VPNs remain the obvious workaround, but at what risk?😓 Cybersecurity Burnout – The BBC spotlighted Ant on stress in cyber jobs. We talk long hours, mental health, and why culture matters as much as controls.🍏 UK vs Apple – A Technical Capability Notice demands more government access. Apple’s pushback could have knock-on effects for WhatsApp, Meta, and beyond.📊 Security Champions & Community Research – Fresh insights from Layer 8’s survey on what makes champion programs succeed—and why open-source research helps awareness pros.🤖 Shadow AI at Work – Staff still pasting secrets into ChatGPT despite training. Should companies ban tools outright, or build safer corporate alternatives?🔐 Password Managers Ranked – Wired tips Bitwarden for most users, ProtonPass for free setups. The takeaway: stop reusing passwords, start managing them properly.🎭 AI Video & Deepfake Surge – From TikTok character swaps to OpenAI’s Sora 2, the line between fake and real gets blurrier by the day. What it means for scams, politics, and trust.From ransomware payments to burnout, insider risks to AI misuse, this episode connects the dots on how cyber threats are evolving—and why awareness needs to evolve too.🕒 Timestamps00:00 — Introduction & Milestone Celebration📩 For links, videos, and the newsletter – head to ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠riskycreative.com⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠💬 ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Check Out This Episode's Discussion Points⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠📧 ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠[email protected]⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠🔗⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ riskycreative.com⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠🎵 Our Intro & Outro Song (© ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠16! by ⁠falling forever⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠)License: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://creativecommons.org/licenses/by/4.0⁠⁠

This week on The Awareness Angle, Anthony Davis and Luke Pettigrew dive into everything from car factories grinding to a halt to ransomware crews dumping nursery data online. It’s a mix of big-business losses, government experiments with digital ID, and the human cost of attacks that don’t care who they hit.🚗 Jaguar Land Rover Shutdown – Millions lost each day, suppliers in crisis, and no cyber insurance in sight. We unpack why this wasn’t “just an IT problem.”✈️ Airports Held to Ransom – Collins Aerospace software outage takes down check-in systems across Europe. We look at third-party risks and déjà vu comparisons with the CrowdStrike fiasco.🪪 UK Digital Identity Scheme – A bold plan for online trust, or surveillance by stealth? We explore what it could mean for privacy and daily life.🎒 Nursery Ransomware Leak – Criminals publish children’s profiles and family data. The ethics are grim, but it raises bigger questions about ransom bans and government policy.⚖️ Law Firms in the Crosshairs – Weak passwords, outdated tech, and no MFA. Why smaller firms are prime targets—and how class actions are fuelling the chaos.💻 GitHub & npm Security Overhaul – After 500+ compromised packages, stronger controls are here. But will devs embrace them, or find ways around?🎙️ Deepfakes & Fake Voices – A survey says 44% of businesses hit by audio deepfakes. We’re sceptical—but the tactics are real, and awareness needs to evolve.🍪 Cookie Banners on the Way Out – The EU may finally kill off endless pop-ups. Great for users, but what replaces them?Along the way, Ant recaps highlights from KnowBe4’s CyberSecure Leeds and the SANS Security Awareness Summit, with stories of romance scams, AI panels, and why awareness needs a human edge.If you care about supply chain fragility, human risk, and how attackers exploit the cracks in everyday systems, this one’s full of lessons.🕒 Timestamps00:00 — Introduction & Milestone Celebration02:57 — Cybersecurity Awareness & Community Engagement06:00 — Password Manager Vulnerabilities09:00 — AI Ransomware & the Rise of AI in Cybersecurity12:01 — Cyber Attacks on Major Corporations17:20 — Reflections on Cybersecurity Trends18:37 — Compensation Claims & Data Breaches22:26 — SalesLoft Drift Breach: Implications & Insights27:17 — Cyber Awareness & Phishing Campaigns32:31 — AI, Misinformation & Media Risks37:41 — Emerging Cybersecurity Threats📩 For links, videos, and the newsletter – head to ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠riskycreative.com⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠💬 ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Check Out This Episode's Discussion Points⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠📧 ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠[email protected]⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠🔗⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ riskycreative.com⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠🎵 Our Intro & Outro Song (© ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠16! by ⁠falling forever⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠)License: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://creativecommons.org/licenses/by/4.0⁠⁠

This week on The Awareness Angle, Anthony Davis and Luke Pettigrew hit episode 52—a year of weekly podcasts—by digging into some of the biggest cyber stories shaking business, government, and everyday users. From billion-record breaches to fake podcast invites delivering malware, it’s another mix of serious lessons and eyebrow-raising human behaviour.🎉 Free Hoxhunt Cybersecurity Awareness Month videos on AI phishing, deepfakes, and messaging scams. https://hoxhunt.com/cam-toolkit🗂️ APCS Data Breach – UK background check provider compromised, exposing passports, NI numbers, and driver’s licences. We break down identity risks, government liability, and how reporting muddied the waters.🤝 SalesLoft / Drift / Salesforce Breach – ShinyHunters claim 1.5B Salesforce records stolen, hitting over 760 companies (including big-name cyber vendors). OAuth token theft shows how fragile supply chains can be.📦 npm Supply Chain Attack (“Shai-Hulud”) – 187 npm packages hijacked with self-propagating malware, stealing tokens and secrets. GitHub’s slow response raises serious trust questions.🚗 Jaguar Land Rover Attack – A September 1st ransomware hit halted UK car sales and production, with ripple effects on suppliers and staff. Linked to Scattered Spider—again.📱 Apple Backports Zero-Day Fix – Even iPhone 6s got patched after targeted attacks. We explain what “zero-day” really means and why it matters beyond the headlines.🎙️ Fake Podcast Invites – Attackers posing as podcast hosts tricked victims into downloading AMOS Stealer. Media credibility is becoming a new social engineering vector.🚇 Teenagers Behind TfL Cyber Attack – Two 18–19 year olds caused £39m in disruption. A case study in wasted cyber talent—and organised crime’s youth recruitment problem.🤖 ShadowLeak vs ChatGPT – Prompt injection attack silently exfiltrated Gmail data from OpenAI’s “Deep Research” agent. Key lesson: don’t hook AI tools directly into sensitive accounts.📲 TikTok’s Oracle Buyout – Larry Ellison takes 80% ownership in a politically charged deal. But does it actually solve the data-to-China question—or just shift control to another power?🎭 Lighter Bits – Siri flunks, ChatGPT flexes, and a Trump/Starmer deepfake sparks laughs and awareness lessons.In short, this all shows how fragile trust really is—whether in supply chains, AI tools, or the platforms we rely on every day.🕒 Timestamps00:00 — Introduction & Milestone Celebration02:57 — Cybersecurity Awareness & Community Engagement06:00 — Password Manager Vulnerabilities09:00 — AI Ransomware & the Rise of AI in Cybersecurity12:01 — Cyber Attacks on Major Corporations17:20 — Reflections on Cybersecurity Trends18:37 — Compensation Claims & Data Breaches22:26 — SalesLoft Drift Breach: Implications & Insights27:17 — Cyber Awareness & Phishing Campaigns32:31 — AI, Misinformation & Media Risks37:41 — Emerging Cybersecurity Threats📩 For links, videos, and the newsletter – head to ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠riskycreative.com⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠💬 ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Check Out This Episode's Discussion Points⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠📧 ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠[email protected]⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠🔗⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ riskycreative.com⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠🎵 Our Intro & Outro Song (© ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠16! by ⁠falling forever⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠)License: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://creativecommons.org/licenses/by/4.0⁠⁠

This week on The Awareness Angle, Anthony Davis and Luke Pettigrew kick off Cybersecurity Awareness Month with new short videos made in collaboration with Hoxhunt—covering spear phishing, deepfakes, and the psychology behind social engineering. Then it’s straight into the big security stories of the week: from iCloud phishing invites to Scattered Spider’s latest breach, and why even attackers are installing antivirus.🎉 Free Hoxhunt Cybersecurity Awareness Month videos on AI phishing, deepfakes, and messaging scams. https://hoxhunt.com/cam-toolkit📅 Apple iCloud Calendar Phishing – Scammers use Apple’s own domain to push fake calendar invites tied to PayPal scams. If it looks odd, it probably is—delete, don’t click.✈️ Qantas Breach & Accountability – Scattered Spider strikes again, hitting 5.7M customers. Qantas cut exec bonuses by 15%—a rare move leaders elsewhere might want to note.🎥 Nexar Dashcam Database Leak – 130TB of video, GPS, and metadata left exposed in an AWS bucket. Dashcams are becoming rolling surveillance devices—often with little oversight.🕵️ Inside the Attacker’s Browser – Huntress stumbled onto open C2 servers, exposing adversary tools, comms, even their use of Bitdefender and Malwarebytes. A rare window into cybercrime operations.🎮 Plex Breach & Messaging Missteps – Usernames, emails, and hashes leaked. Plex’s reset advice was buried in long paragraphs—a reminder that breach comms need to be blunt and clear.📜 Reddit’s Wildest Breaches – Job scams running PowerShell commands, council-wide malware spreads, and SOC analysts debating true vs false positives. We unpack what awareness pros can take from the chaos.🎭 Deepfakes vs Reality – A Trump clip went viral with viewers insisting it was AI. ITV even shared it as genuine before higher-res footage confirmed it was real. Awareness lesson: in 2025, people doubt the truth as much as they fall for fakes.The week’s major cyber headlines, decoded into useful takeaways—and sprinkled with moments that make you raise an eyebrow.🕒 Timestamps00:00 — Introduction & Milestone Celebration02:57 — Cybersecurity Awareness & Community Engagement06:00 — Password Manager Vulnerabilities09:00 — AI Ransomware & the Rise of AI in Cybersecurity12:01 — Cyber Attacks on Major Corporations17:20 — Reflections on Cybersecurity Trends18:37 — Compensation Claims & Data Breaches22:26 — SalesLoft Drift Breach: Implications & Insights27:17 — Cyber Awareness & Phishing Campaigns32:31 — AI, Misinformation & Media Risks37:41 — Emerging Cybersecurity Threats📩 For links, videos, and the newsletter – head to ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠riskycreative.com⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠💬 ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Check Out This Episode's Discussion Points⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠📧 ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠[email protected]⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠🔗⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ riskycreative.com⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠🎵 Our Intro & Outro Song (© ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠16! by ⁠falling forever⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠)License: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://creativecommons.org/licenses/by/4.0⁠⁠

This week on The Awareness Angle, Anthony Davis and Luke Pettigrew celebrate the 50th episode with community shoutouts, fresh awareness content, and a packed lineup of security stories. From password manager flaws to the first AI-powered ransomware. Whether it’s car dealerships grinding to a halt or deepfakes making truth harder to pin down, this one’s about the evolving risks, and the practical takeaways that matter most.🎉 50th Episode & Community Updates – We mark the milestone with a shoutout to Liam, our first official member, plus new merch, Discord updates, and free Hoxhunt awareness videos on AI phishing, deepfakes, and messaging scams.Get the Cybersecurity Awareness Month videos here! https://riskycreative.com/en-gbp/pages/cybersecurity-awareness-month🔑 Password Manager Autofill Flaw – A clickjacking bug in major tools (1Password, Bitwarden, LastPass, NordPass, ProtonPass) lets hidden fields steal your credentials. We explain why you shouldn’t ditch password managers—but why autofill and MFA settings matter more than ever.🤖 The First AI Ransomware – “PromptLock” uses a local AI model (gpt-oss-20b) to generate its own malicious code on demand. Lightweight, cross-platform, and harder to detect—it’s a glimpse of where AI-driven attacks are heading.🚗 Jaguar Land Rover Breach – Registrations halted, staff sent home, and Scattered Spider linked to an exploit of SAP NetWeaver. With hackers claiming stolen data but JLR insisting otherwise, we also warn about opportunistic “compensation scam” ads targeting worried customers.💬 SalesLoft/Drift Breach – Stolen authentication tokens exposed Salesforce integrations at companies like Google, Palo Alto, and Zscaler. We break down what UNC6395 pulled off, why SaaS “shiny tools” can be risky, and the urgent need for token hygiene.📧 Phishing Campaigns That Work – From “lost puppy” photos to cider raffles and free pizza, Reddit’s favourite phish templates spark a debate: are tricksy simulations effective, or should awareness always tie back to real workplace processes?🎭 Deepfakes & Denial – Joe Rogan fooled by a fake video, Trump dismissing real footage as AI. We explore the new problem of “liar’s dividend”—where fakes make truth itself harder to defend.🖼️ Hidden Gemini Prompts in Images – Malicious instructions embedded in pictures, not just text. We ask: when AI gets conflicting commands, what wins? Policies and training will need to catch up fast.This week’s major cyber headlines, decoded into useful takeaways—and sprinkled with moments that make you raise an eyebrow.🕒 Timestamps00:00 — Introduction & Milestone Celebration02:57 — Cybersecurity Awareness & Community Engagement06:00 — Password Manager Vulnerabilities09:00 — AI Ransomware & the Rise of AI in Cybersecurity12:01 — Cyber Attacks on Major Corporations17:20 — Reflections on Cybersecurity Trends18:37 — Compensation Claims & Data Breaches22:26 — SalesLoft Drift Breach: Implications & Insights27:17 — Cyber Awareness & Phishing Campaigns32:31 — AI, Misinformation & Media Risks37:41 — Emerging Cybersecurity Threats📩 For links, videos, and the newsletter – head to ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠riskycreative.com⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠💬 ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Check Out This Episode's Discussion Points⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠📧 ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠[email protected]⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠🔗⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ riskycreative.com⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠🎵 Our Intro & Outro Song (© ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠16! by ⁠falling forever⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠)License: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://creativecommons.org/licenses/by/4.0⁠⁠

This week on The Awareness Angle, Anthony Davis and Luke Pettigrew come together for a special in-person episode while filming new Cybersecurity Awareness Month videos. From exposed AI chats to insider sabotage, telecom breaches, and Denmark’s bold new deepfake law, the conversation digs into how human behaviour, weak controls, and patchy regulation continue to shape today’s cyber risks.🤖 AI Data Leaks – Elon Musk’s Grok chatbot exposed over 370,000 private conversations in Google search results due to a flawed share feature.🍏 Mac Malware Masquerades – A new info-stealer (“Shamos”) tricks users with fake fixes and malvertising, targeting those with admin rights or poor IT support.🕵️ Insider Sabotage – A developer planted a kill switch in his former employer’s systems, locking out staff after termination and causing massive damage.📱 Telecom Breach in Belgium – Orange Belgium exposed data of 850,000 customers, raising sim-swapping and phishing risks despite quick containment.📲 Android Developer Verification – From 2026, only verified developers will be able to distribute apps—even outside Google Play—in a long overdue accountability move.⚖️ Legal Battles Over Online Safety – 4chan and Kiwi Farms challenge the UK’s Online Safety Act in US courts, arguing it violates First Amendment rights.📊 The UK Government’s Costly Leak – A hidden-tab spreadsheet exposed Afghan allies’ identities, despite staff being explicitly warned. A breach officials called “the most expensive email ever sent.”🎭 Denmark’s Deepfake Law – A pioneering amendment gives people copyright control over their likeness and voice—even extending 50 years after death.📡 Wi-Fi Motion Tracking – Researchers show Wi-Fi signals can map human posture and movement indoors, raising both fascinating applications and surveillance fears.📧 Email Unsubscribe Hack – A hidden Gmail feature lets users see all active subscriptions and unsubscribe in one place—finally making inbox clean-up easier.Whether you’re building awareness programs, tracking regulations, or just trying to keep up with scam tactics, this in-person episode packs sharp insights and practical takeaways.Note: Apologies for the changes in video brightness/exposure throughout the episode — filming conditions varied during recording.🕒 Timestamps00:00 — Introduction & Collaboration Announcement01:07 — Cybersecurity Awareness Month: Key Topics01:55 — News Roundup: Breaches & Security Flaws08:26 — Insider Threats & Malicious Code11:26 — Telecom Data Breach: User Awareness13:37 — Android Developer Verification & Security17:28 — Legal Challenges in Online Safety Regulations20:34 — Password Breaches & Public Perception23:55 — Government Data Breach & Accountability29:45 — Denmark’s Deepfake Legislation31:18 — Cultural Views on Hackers33:26 — Wi-Fi Signal Tracking Technology36:51 — Email Unsubscribe Features & UX📩 For links, videos, and the newsletter – head to ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠riskycreative.com⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠💬 ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Check Out This Episode's Discussion Points⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠📧 ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠[email protected]⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠🔗⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ riskycreative.com⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠🎵 Our Intro & Outro Song (© ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠16! by ⁠falling forever⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠)License: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://creativecommons.org/licenses/by/4.0⁠⁠

This week on The Awareness Angle, Anthony Davis and Luke Pettigrew unpack the latest mix of cyber weirdness, policy drama, and awareness lessons—from fake law firm emails dropping malware to pro-Russian hackers playing with dam floodgates. It’s a week of scams, slips, and security culture stories you’ll want to hear.🇬🇧 Age Verification Laws – UK and Texas push mandatory ID scans for adult sites. We break down the privacy pitfalls, weak safeguards, and why VPNs only complicate things.🍏 Apple vs. UK Backdoors – Reports say the UK quietly dropped its iMessage backdoor push. We look at privacy pressure, government demands, and why the crypto wars never end.📩 “Noodle-o-file” Infostealer – Malware dressed up as copyright takedown notices. Fake law firms, DLL sideloading, and another reason not to trust scary attachments.💳 15.8M PayPal Credentials? – A threat actor claims to be selling plaintext logins. Likely infostealer loot, not PayPal itself—but a sharp reminder for MFA and unique passwords.📊 Workday Breach – Social engineering exposed employee data. We unpack the follow-on risks when attackers weaponise stolen contact lists.📱 iOS & Android Messaging Security – Could iOS 26 finally encrypt RCS end-to-end? We look at global habits—and why iMessage, WhatsApp, and SMS all carry different risks.💧 Norway Dam Hack – Pro-Russian attackers briefly hijacked hydropower floodgates. A stark warning on hybrid cyber campaigns hitting critical infrastructure.🛑 Malicious VPN Extension – “Free VPN.1” hit 100k+ Chrome installs while screenshotting users. How does malware this blatant slip past Chrome’s checks?🌐 Google Chrome Zero-Day – Google’s AI tool “Big Sleep” spotted a critical V8 flaw. Emergency patches are out for Chrome and Edge—update now.📒 SANS 2025 Awareness Report – From 1,000+ pros: small teams, social engineering still top risk, AI as an assistant (not replacement), and a rebrand to “Workforce Security & Risk Training.”⚽ NowTV’s Anti-Piracy Ad – Lag, pop-ups, and missed goals used to mock illegal streams. We explore how entertainment risks mirror security awareness.If you want the week’s biggest cyber stories distilled into actionable insights—with a side of human behaviour and tech nostalgia—this episode has it all.🕒 Timestamps00:00:00 — Episode Introduction00:03:48 — Porn Censorship: Internet Impact00:07:36 — UK Government Demands Apple Backdoor00:11:24 — Noodle-o-file: Emerging InfoStealer Threat00:20:47 — PayPal Credential Dump: Security Risks00:24:07 — Workday Breach: Social Engineering Tactics00:26:33 — Potential Messaging Security Upgrades00:30:41 — The Evolution of Communication Tools00:32:08 — Cyber Threats to Critical Infrastructure00:34:30 — VPN Risks and Privacy Concerns00:39:30 — Google AI’s Role in Cybersecurity00:41:20 — Key Insights from SANS Security Awareness Report00:51:19 — Creative Approaches to Cybersecurity Awareness📩 For links, videos, and the newsletter – head to ⁠⁠⁠⁠⁠⁠⁠⁠⁠riskycreative.com⁠⁠⁠⁠⁠⁠⁠⁠⁠💬 ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Check Out This Episode's Discussion Points⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠📧 ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠[email protected]⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠🔗⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ riskycreative.com⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠🎵 Our Intro & Outro Song (© ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠16! by ⁠falling forever⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠)License: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://creativecommons.org/licenses/by/4.0⁠⁠

This week on The Awareness Angle, Anthony Davis and Luke Pettigrew share their experiences from the SANS Security Awareness Summit, exploring the latest threats, innovative awareness strategies, and the ever-evolving cybersecurity landscape. From vulnerabilities in everyday devices to scams targeting car finance payouts, this episode is packed with lessons for anyone trying to keep people—and their data—safe.🎨 SANS Summit Insights – Key takeaways from the event for security awareness professionals, including trends, challenges, and the latest thinking in behavior-driven cybersecurity training.🖥️ Lenovo Webcam Vulnerabilities – Why even seemingly harmless devices can create serious security risks, and what organizations should do to protect themselves.💰 Car Finance Scams & Pig Butchering – How scammers exploit emerging financial schemes, and practical tips for spotting and preventing fraud.🔐 Ransomware Risks – Why ransomware remains a top concern for CISOs, and how strong recovery plans are critical for organizational resilience.🎮 Educational Games in Security Awareness – Exploring innovative approaches to train users and improve engagement with cyber awareness programs.🛡️ Ad Blockers & Online Safety – The importance of blocking malicious ads and protecting users from hidden threats online.💾 Farewell to AOL Dial-Up – A nostalgic look at the end of an era and what it reminds us about evolving tech and persistent risks.📈 Metrics & Behavior Change – Measuring the real-world impact of awareness initiatives and ensuring programs actually improve security behavior.If you want the week’s biggest cyber stories distilled into actionable insights—with a side of human behaviour and tech nostalgia—this episode has it all.🕒 Timestamps00:00:00 Intro: SANS Security Awareness Summit00:02:54 Summit Insights: Keynote Takeaways00:05:54 Why Security Awareness Training Matters00:07:56 Cybersecurity News: Latest Vulnerabilities & Scams00:11:56 Browser Security & Ad Blockers00:15:54 Scams Targeting Car Finance Payouts00:18:48 Critical Password Vault Vulnerabilities00:19:52 Cyber Attack Hits French Telecom00:22:03 Wrap-Up: Final Thoughts00:22:38 Ransomware: Escalating Threats00:24:48 The St. Paul Cyber Attack Explained00:27:56 Common Password Security Myths00:35:22 Cyber Awareness & Education Strategies00:38:13 AOL Dial-Up Service Retires00:42:04 Scam Calendar Invitations: How They Work📩 For links, videos, and the newsletter – head to ⁠⁠⁠⁠⁠⁠⁠⁠riskycreative.com⁠⁠⁠⁠⁠⁠⁠⁠💬 ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Check Out This Episode's Discussion Points⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠📧 ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠[email protected]⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠🔗⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ riskycreative.com⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠🎵 Our Intro & Outro Song (© ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠16! by ⁠falling forever⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠)License: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://creativecommons.org/licenses/by/4.0⁠

This week on The Awareness Angle, Anthony Davis and Luke Pettigrew dig into everything from privacy holes in the UK’s Online Safety Act to deepfake diet scams and a ransomware payout denied over missing MFA. It’s a mix of policy, people, and pure cyber weirdness you won’t want to miss.🇬🇧 UK Online Safety Act – New age verification rules put privacy on the line, with overseas firms handling sensitive data, no clear safeguards, and easy VPN workarounds.🖥️ Microsoft Recall Risks – Despite Microsoft’s reassurances, Recall can still capture passwords, credit card details, and private chats—data that’s stored locally and vulnerable if your device is compromised.💰 Hamilton’s Insurance Nightmare – A ransomware recovery claim denied because the city hadn’t implemented MFA as required by their cyber policy.🛡️ Proton Authenticator Launch – Free, privacy-first 2FA app with encryption, cross-device sync, and no ads or tracking.🛍️ Deepfake Diet Scams – Fake online health stores use AI-generated before/after shots and impersonate real dietitians to push unregulated products.📞 Google Salesforce Breach – Voice phishing used to gain CRM access, proving social engineering still outpaces many technical controls.🎧 Pandora Data Breach – Third-party platform compromise exposed customer names and emails—possible link to ShinyHunters.📱 WhatsApp Scam Takedowns – 6.8M accounts shut down in six months, many tied to organised crime networks in Southeast Asia.🖥️ Old Tech Risks – From Windows Server 2003 to WEP Wi-Fi, outdated systems are still in active use, posing massive security risks.📧 Reply-All Apocalypse – The 2016 NHS mass email storm shows how human error can grind operations to a halt.🕵️‍♂️ North Korean IT Workers – Thousands of covert contractors using fake IDs to funnel foreign pay back to the DPRK regime.💬 Community & Social Reactions – From phishing test backlash to TikTok debates, we dive into what people are really saying about security awareness.If you want the week’s big cyber stories distilled into practical takeaways—with a side of eyebrow-raising human behaviour—this one’s got it all.🕒 Timestamps00:00:00 – Intro & studio update00:03:08 – VPN chaos & Online Safety Act00:06:05 – Labour’s VPN warning00:08:57 – Sims beat facial recognition00:11:10 – Spotify’s age checks00:12:42 – Funny VPN reel00:16:08 – YouTube uses AI to guess age00:17:16 – Google AI search shake-up00:21:10 – Lovense email leak00:23:31 – Copilot Mode & privacy00:27:05 – Allianz breach00:29:28 – St. Paul ransomware00:32:53 – NASCAR ransom00:35:31 – Orange France hack00:36:42 – QR code TikTok goes viral00:39:47 – Copilot Vision backlash00:42:19 – CybSafe SebDB 4.000:44:42 – Free maturity model tool00:48:58 – SANS Summit preview00:52:53 – Shoutout to Dan Connolly00:55:08 – Phishing test horror story01:01:09 – Bin chaos = bad UX01:04:40 – Bird audio encryption01:08:58 – Fable Security debut📩 For links, videos, and the newsletter – head to ⁠⁠⁠⁠⁠⁠⁠riskycreative.com⁠⁠⁠⁠⁠⁠⁠💬 ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Check Out This Episode's Discussion Points⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠📧 ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠[email protected]⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠🔗⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ riskycreative.com⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠🎵 Our Intro & Outro Song (© ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠16! by ⁠falling forever⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠)License: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://creativecommons.org/licenses/by/4.0

This week on The Awareness Angle, Anthony Davis and Luke Pettigrew untangle the week’s biggest cybersecurity themes—from silent data breaches to AI tool mishaps and the slow-moving train of regulatory change. Whether it’s government policies, scam trends, or workplace surveillance, this episode covers the tensions between safety, privacy, and the real-world consequences of overlooked vulnerabilities.🔞 The UK Online Safety Act & Age Verification – Luke breaks down the new age checks for adult content in the UK. Will they work? Will people just use VPNs? We explore the privacy trade-offs, the rise in demand for incognito browsing, and what the law might mean for future content regulation.📈 VPN Usage Spikes – Anthony talks about the broader privacy impact, including a 30% spike in VPN signups, especially among iPhone users. Is this privacy-conscious behaviour—or just workarounds?🚗 Digital Surveillance Creep – From employer device monitoring to always-on productivity tools, we dive into how digital surveillance is quietly creeping into the workplace and public life—and how it's being normalised.🏁 NASCAR & Allianz Breaches – Luke highlights recent major data breaches in both the finance and sports sectors. Allianz Life’s 12-million user exposure shows just how fragile enterprise security postures can be, while NASCAR joins a growing list of entertainment brands hit by attackers.🧠 Phishing Tests Reconsidered – Are traditional phishing tests actually backfiring? We debate whether they build resilience or just resentment—and how security teams can rethink the human risk approach.🖥️ Microsoft Copilot Mode & Surveillance Concerns – Anthony explains how Microsoft’s “Copilot Vision” could log user activity in the name of productivity. We discuss where the line is between helpful automation and invasive oversight.📜 GDPR vs AI Regulation – The conversation shifts to Europe’s privacy regulation legacy. We compare GDPR’s maturity to newer AI regulations and ask whether privacy is still being prioritised as new tech emerges.🧑‍🎓 Youth & Cyber Literacy – What are schools actually teaching about cybersecurity and digital literacy? We explore the lack of early education on scams, security, and safe digital habits—and why that matters for the next generation.Whether you’re leading security comms, shaping policy, or just trying to stay one step ahead of the next privacy headache—this episode packs practical insights, candid takes, and a few unexpected side quests.🕒 Timestamps00:00:00 – Intro & studio update00:03:08 – VPN chaos & Online Safety Act00:06:05 – Labour’s VPN warning00:08:57 – Sims beat facial recognition00:11:10 – Spotify’s age checks00:12:42 – Funny VPN reel00:16:08 – YouTube uses AI to guess age00:17:16 – Google AI search shake-up00:21:10 – Lovense email leak00:23:31 – Copilot Mode & privacy00:27:05 – Allianz breach00:29:28 – St. Paul ransomware00:32:53 – NASCAR ransom00:35:31 – Orange France hack00:36:42 – QR code TikTok goes viral00:39:47 – Copilot Vision backlash00:42:19 – CybSafe SebDB 4.000:44:42 – Free maturity model tool00:48:58 – SANS Summit preview00:52:53 – Shoutout to Dan Connolly00:55:08 – Phishing test horror story01:01:09 – Bin chaos = bad UX01:04:40 – Bird audio encryption01:08:58 – Fable Security debut📩 For links, videos, and the newsletter – head to ⁠⁠⁠⁠⁠⁠riskycreative.com⁠⁠⁠⁠⁠⁠💬 ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Check Out This Episode's Discussion Points⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠📧 ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠[email protected]⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠🔗⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ riskycreative.com⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠🎵 Our Intro & Outro Song (© ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠16! by ⁠falling forever⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠)License: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://creativecommons.org/licenses/by/4.0

This week on The Awareness Angle: Interviews, Anthony is joined by Harley Sugarman, co-founder of Anagram Security, a company taking a fresh, no-nonsense approach to security awareness. Think short, sharp challenges, real behaviour change, and zero tolerance for checkbox compliance.We talk about why so much training still misses the mark—and how Harley’s background (which involves a surprising early career twist we won’t spoil here) helps him see awareness through a very different lens.🧯 Smoke, Mirrors & Metrics – “Most training is built to satisfy auditors, not change behaviour.”📉 Bad Metrics, Bad Decisions – “Completion rates aren’t proof of learning. They’re proof someone clicked play.”🧠 Nudges, Not Magic – Nudges are useful, but they’re not the main event—and people can smell the white noise.🧍 Stop Calling People ‘Risks’ – “You can’t build trust while labelling people as the problem.”📚 The Anagram Origin Story – From puzzle-based security training to bite-sized interactive learning—why they’re doing it differently.🤖 The AI Bit – Why most “AI-powered training” isn’t as clever as it sounds, and what actually works.🎩 The Secret Ingredient – Let’s just say Harley’s old job involved a bit of sleight of hand—and it explains a lot about how he thinks about engagement.If you’re tired of awareness that ticks boxes but changes nothing, this one’s packed with ideas, honesty, and a few good laughs.The Awareness Angle: Interviews is our ongoing series of honest, practical conversations with the people reshaping how we think about human risk, behaviour change, and learning that actually works.🕒 Timestamps00:00 Intro: Why Security Awareness Still Matters00:35 How Awareness Training Has Evolved03:52 Measuring Success: Metrics That Miss the Mark09:58 Human Risk: What Are We Really Solving For?15:34 Where AI Fits in Security Awareness19:11 People Over Systems: A Needed Mindset Shift25:05 Smarter, Fresher Training Approaches30:41 What’s Next for Awareness Programs?32:16 Compliance Isn’t Awareness (But It’s Changing)34:54 Anagram’s Shift from Training to True Awareness39:04 Standing Out in a Crowded Awareness Market40:51 Reframing Human Risk Management45:27 Real Change Requires behavioural Shifts46:07 Diverse Paths into Security Awareness50:34 Buzzwords We Need to Ditch54:09 Human Risk + Communication = The Real Challenge📩 For links, videos, and the newsletter – head to ⁠⁠⁠⁠⁠riskycreative.com⁠⁠⁠⁠⁠💬 ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Check Out This Episode's Discussion Points⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠📧 ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠[email protected]⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠🔗⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ riskycreative.com⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠🎵 Our Intro & Outro Song (© ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠16! by ⁠falling forever⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠)License: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://creativecommons.org/licenses/by/4.0

This week on The Awareness Angle, Anthony Davis and Luke Pettigrew dig into everything from dodgy data startups to accidental database wipes by AI tools. Whether it’s passwords, passkeys, or privacy, this episode covers the real-world risks that slip through the cracks of digital life—and what security professionals can learn from them.🔍 Farnsworth Intelligence & $50 Breach Data – A sketchy startup offers hacked data for pocket change. We unpack the ethical nightmare and what it says about the commodification of stolen info.🔐 158-Year-Old Business Crushed by a Weak Password – Ransomware took down The Royal Mint’s paper supplier. One reused password triggered a chain reaction of damage.🧽 Clorox Hit by “Just Asking” – Hackers used basic social engineering to trick staff into sharing passwords. The result? A lawsuit and $49M in damages.📁 SharePoint Exploits Still Work – Legacy SharePoint systems are being targeted in the wild. We explain why updating your systems is table stakes—not optional.🧠 Windows 11 Copilot Vision – Microsoft’s AI assistant watches how you work. We look at the privacy implications of system-level activity tracking.🔑 Passkey Friction & Frustration – They're the future of authentication—but only if users understand them. We break down what’s working, and what’s still broken.🇬🇧 UK Online Safety Act – New laws now require age verification for adult content in the UK. But what does that mean for privacy and enforcement?🤖 AI Deletes a Database (Oops) – A dev tool gave one engineer too much power. We talk about guardrails, defaults, and the real risks of AI in production.👾 Reddit Malware Ads – Malicious ads are sneaking through Reddit’s filters. We discuss the broken reporting flow and why community trust is on the line.📉 QR Codes That Expire? – Ever scanned a QR code that no longer works? We explain why some codes time out—and what that means for security and UX.📞 The Netstat Scam – Fake ISP reps use netstat commands to convince victims their connection is “compromised.” Old trick, still effective.🪪 Fake IDs & Physical Access Risks – It’s not just digital anymore. We explore how low-tech social engineering can breach high-security environments.🔁 Ring.com Login Confusion – A bug in Ring’s login system left users rattled. It’s a small issue, but a big reminder about user trust and account security.📣 Bonus: Ant is heading to the SANS Security Awareness Summit in Chicago! Expect livestreams, interviews, and plenty of behind-the-scenes content.🕒 Timestamps00:00 Introduction and Overview02:57 Breach Marketplace: Ethics & Stolen Data05:53 One Weak Password Crashes 158-Year-Old Firm09:12 Clorox Breach via Simple Social Engineering11:57 SharePoint Exploits Still Active in the Wild15:07 Windows Copilot: Privacy or Overreach?17:57 Passkeys: Why Users Still Struggle21:05 UK Age Checks: Safety vs. Privacy24:01 AI Deletes Database: The Risks of Autopilot37:44 Replit’s Data Loss Incident39:11 What Is Vibe Coding?42:08 Password Management Still a Mess46:03 Reddit Malware Ads Slip Through50:11 QR Codes That Expire? UX Meets Security52:17 Netstat Scam: An Old Trick Returns55:58 Phishing Emails from Local Councils01:01:57 Gift Card Scams and Account Takeovers01:03:23 Fake IDs and Physical Access Risks01:10:39 Ring.com Login Bug Raises Trust Issues📩 For links, videos, and the newsletter – head to ⁠⁠⁠⁠⁠riskycreative.com⁠⁠⁠⁠⁠💬 ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Check Out This Episode's Discussion Points⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠📧 ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠[email protected]⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠🔗⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ riskycreative.com⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠🎵 Our Intro & Outro Song (© ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠16! by ⁠falling forever⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠)License: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://creativecommons.org/licenses/by/4.0

This week on The Awareness Angle, Anthony Davis and Luke Pettigrew dive into some of the most unexpected and revealing cyber stories of the week. From job offers to gym selfies to your dog’s microchip, this week’s stories prove no part of daily life is off-limits to cyber risk.📸 Fitness App Photo Leak – A design flaw exposed thousands of users’ near-nude progress pics. We talk about the risks of default sharing settings and poor privacy design.🐾 Pet Microchip Scams – Fraudsters are now using fake pet registry emails to phish for personal data. Yes, even your dog’s ID is fair game.🛗 Windows Update Stalls Elevator – An elevator froze mid-floor during a Windows update. Embedded system risks are more common than you think.📥 Phishing & New Hires – A new study suggests phishing simulations during onboarding may actually make things worse. We break down the nuance.🤖 AI Prompt Abuse in Gemini – With the right input, scammers can weaponise AI responses. What does this mean for user trust and LLM safeguards?🧳 Secret Government Breach – A low-profile government breach forced thousands to relocate. We discuss the hidden human cost of high-stakes incidents.🧬 Reddit’s Selfie-Based Age Check – Reddit quietly rolled out biometric verification. Where do we draw the line between safety and privacy?👜 Luxury Brands Breached – Another week, another fashion label hit. It’s a reminder that no amount of prestige protects poor security posture.📞 The Persistence of Tech Support Scams – Fake warnings and rogue pop-ups are still fooling people. Why are they so effective—and what’s missing from awareness?💬 Security Is Emotional – We close with a reminder: breaches impact people, not just systems. Awareness programs need empathy, feedback, and real-world context to work.If you’re building awareness programs—or just trying to stay one step ahead—this episode is packed with stories that stick.🕒 Timestamps00:00:00 – Intro, newsletter & YouTube plug 00:02:25 – Laurie Steuart interview recap 00:03:34 – Fitify app leaks private user photos 00:09:01 – WeTransfer AI terms backlash 00:14:32 – US National Guard hacked by Salt Typhoon 00:17:42 – Reddit age verification and Online Safety Act 00:25:54 – Pet microchip renewal phishing scam 00:31:33 – Indian police raid tech support scam call centre 00:38:23 – Secret Afghan relocation after data breach 00:44:44 – Louis Vuitton customer data breach 00:48:02 – Keepnet report: new hires more likely to fall for phishing 00:53:20 – Listener email: Boris on scam victim impact 00:58:30 – Chris Stokel-Walker’s anti-phishing placebo post 01:03:03 – Windows update traps user in elevator 01:06:15 – Gemini phishing via AI summary exploit 01:13:09 – Announcement: Ant at SANS Chicago 01:14:06 – Outro and wrap-up📩 For links, videos, and the newsletter – head to ⁠⁠⁠⁠riskycreative.com⁠⁠⁠⁠💬 ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Check Out This Episode's Discussion Points⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠📧 ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠[email protected]⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠🔗⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ riskycreative.com⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠🎵 Our Intro & Outro Song (© ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠16! by ⁠falling forever⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠)License: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://creativecommons.org/licenses/by/4.0

This week on The Awareness Angle Interviews, Anthony chats with Lori Steuart—a cybersecurity marketer with a passion for storytelling, content that resonates, and turning awareness from a box-tick into something people actually care about.From synthesisers to password managers, from yoga habits to ransomware planning, Lori brings a refreshingly human and honest perspective to what makes security communication land—or fall flat.🔍 Cutting Through the Noise – Why most awareness content gets ignored, and how to make yours stick.📖 Storytelling, Synths & Security – Lori shares how emotion and context help make complex topics relatable—even when they’re technical.📣 Content People Want to Read – We talk about why trust beats fear, how to avoid “AI ick,” and why marketing is more about the reader than the writer.🧠 Security as a Habit – What secure behaviours have in common with piano practice, bike training, and building any real muscle?👀 Risk in Unexpected Places – Why marketing teams may be one of the riskiest parts of your org—and how to secure them without sounding like the fun police.🛠️ From Small Teams to Strong Culture – Whether you’re a team of one or ten, Lori offers practical ways to build trust, reinforce secure habits, and communicate clearly (even on bad news days).💬 A Thousand Seconds a Day – How small nudges and daily context can shape long-term behaviour, without resorting to doom and gloom.If you’re looking to make your security messages more human, memorable, and effective, this one’s packed with perspective, laughs, and plenty of practical takeaways.The Awareness Angle: Interviews is our series of real, candid conversations with the people reshaping security culture from the inside out, released alongside our regular episodes.🕒 Timestamps00:00 Introduction and Setting the Stage03:00 Exploring Cybersecurity Marketing05:59 The Importance of Authentic Content08:58 Understanding Demand in Marketing12:04 The Challenge of Awareness in Cybersecurity14:56 Building Secure Habits17:49 The Role of Password Managers21:01 Ransomware Concerns for Small Businesses23:56 The Impact of Ransomware on Operations27:00 Storytelling in Marketing29:56 Conclusion and Key Takeaways34:51 Sensing the Unseen: The Art of Repair36:52 Emotional Intelligence in Cybersecurity38:54 Building Habits: The Power of Small Steps40:55 Nudge Theory: Subtle Influences in Cybersecurity Awareness42:22 Collaborative Content Creation: The Workshop Approach44:23 The Importance of Feedback in Communication48:59 AI in Content Creation: A Double-Edged Sword53:37 Standing Out in a Crowded Market56:41 Creating Trust Through Positive Engagement01:02:58 Cross-Department Collaboration for Better Outcomes📩 For links, videos, and the newsletter – head to ⁠⁠⁠⁠riskycreative.com⁠⁠⁠⁠💬 ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Check Out This Episode's Discussion Points⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠📧 ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠[email protected]⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠🔗⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ riskycreative.com⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠🎵 Our Intro & Outro Song (© ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠16! by ⁠falling forever⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠)License: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://creativecommons.org/licenses/by/4.0

This week on The Awareness Angle, Anthony Davis and Luke Pettigrew dive into a week full of sharp turns—from a teen hacker forcing Microsoft to rethink its bounty program, to hackers hijacking a decades-old video game to take control of PCs. Also in the mix: 64 million job seekers exposed by a single password, suspicious Google Ads requests, Instagram flannel cons, and a football kit nod to Bletchley Park. 👾 Youth & Cybercrime – A UK teenager linked to major Microsoft and Nvidia breaches shows why digital ethics education can’t be optional for young, technically skilled individuals.🎮 Old Games, New RCEs – Hackers exploited multiplayer game engines to gain remote access to PCs. Legacy software can create modern attack surfaces, on and off the clock.📬 Phishing & Domain Abuse – The .es top-level domain is increasingly used in phishing scams. Help users decode domains and trust signals beyond just the brand name.🔐 MFA Saves the Day – A spoofed Google Ads request almost succeeded—until MFA stepped in. A real-life reminder that layering defences works.📄 AI Prompt Injection – Academic PDFs are being weaponised with hidden prompts to influence AI-generated outputs. It’s time to add LLM manipulation to your awareness radar.📢 Emergency Alerts & Privacy – With government alert tests rolling out, employees with hidden phones (e.g., in domestic abuse cases) face real safety risks. Consider the human layer in crisis comms.👚 Instagram Scams & Flannel Fraud – Niche cons on social media show how easy it is to mimic small businesses. Don’t forget brand impersonation when training around phishing.🧑‍💼 Insider Threat Economics – A CNM insider sold credentials for just $300. Reinforce messaging around ethics, behaviour monitoring, and low-cost high-risk breaches.🍟 Hiring Platform Data Leak – McDonald's and Paradox AI leaked data on 64M+ applicants—another reminder: third-party vendors aren’t automatically secure.📊 Security Culture Benchmarks – Tools like KnowBe4’s Human Risk Maturity assessment help awareness pros evaluate where their culture stands and what needs improvement.⚽ Bonus: Bletchley Park-Inspired Football Kit – What does a football shirt have to do with WWII codebreaking? A surprisingly wholesome win for security storytelling.If you care about where behaviour, tech, and trust intersect, this one’s got it all.🕒 Timestamps00:00 Intro: A new intro and newsletter plug02:53 Cyber Crime Developments: M&S and Co-op Attacks05:56 Gaming Vulnerabilities: Call of Duty Incident10:07 Young Innovators: Dylan's Microsoft Teams Hack12:59 AI Manipulation in Academic Research16:57 UK Emergency Alert System Testing20:04 Phishing Trends: The Rise of .es Domains24:59 Bribery in Cyber Crime: The Brazilian Bank Heist27:58 Monzo's Fake Address Scandal31:57 MK Dons Tribute to Bletchley Park34:02 McDonald's AI Hiring Blunder36:19 Paradox AI and Data Breach Concerns37:35 Human Risk Management Insights42:17 The Importance of Authentic Internal Communication44:41 Deepfake Technology and Its Implications49:34 Scams Targeting Consumers: Apple Pay Warning53:26 Identifying Scams: The Dixon Shirt Fraud01:00:14 Victor's Near Miss with a Scam01:11:23 Weekly Wrap-up and Final Thoughts📩 For links, videos, and the newsletter – head to ⁠⁠⁠riskycreative.com⁠⁠⁠💬 ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Check Out This Episode's Discussion Points⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠📧 ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠[email protected]⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠🔗⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ riskycreative.com⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠🎵 Our Intro & Outro Song (© ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠16! by ⁠falling forever⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠)License: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://creativecommons.org/licenses/by/4.0

This week on The Awareness Angle, Anthony Davis and Luke Pettigrew unpack everything from text scams and AI scrapers to school shutdowns and insider threats. It’s a mix of the strange, the serious, and the preventable, plus a few thoughts on whether changing the Blue Screen of Death was really necessary.Episode note - In this episode, we mention that 26,000 public sector devices were lost or stolen. That number isn’t accurate. The real figure is still shocking, with just over 2,000 devices in the past year, according to FOI-based reports. We caught the error before the episode went live, but since we recorded it, we’re calling it out here to keep things straight. Always better to be accurate.📱 SMS Blasters & Android Security – Low-cost tools are sending out spoofed texts by the thousands. Meanwhile, Android 16 adds cellular warnings—so why doesn’t iPhone🎥 The Hikvision Ban – Canada pulls the plug on Hikvision over national security concerns. We talk cheap CCTV, surveillance tech, and where other countries stand.💻 26,000 Lost Devices – UK government departments lost thousands of laptops and phones. We dig into unencrypted risks and the shadow IT no one talks about.🧠 Cloudflare vs AI Bots – New protections aim to stop AI from scraping websites—but are some tools are already mimicking humans to sneak past?🎓 University Parking Hack – A former student manipulates grades, parking, and more. It started small… and escalated fast.🏫 Cyberattacks on Schools – Another UK school forced to close after a ransomware attack. 60% of secondary schools were hit last year—why are they such a soft target?📲 QR Code Phishing (Quishing) – A new warning on fake parking signs and QR scams. We ask: is it time to fix the mess that is parking apps?👨‍💻 Insider Threats – A suspended IT worker wipes systems, costing £200k. A reminder: always revoke access before the fallout.🖥️ The Death of the Blue Screen – Microsoft ditches the iconic BSOD for a black version. It’s a small change—but raises big questions about user trust and clarity.If you care about human risk, digital culture, and the strange places security slips through, this episode’s got something for you.🕒 Timestamps00:00 – Intro: A new intro and newsletter plug01:30 – AJ King interview highlights03:26 – SMS Blasters and Google’s Pixel 10 protection09:27 – Canada bans Hikvision over national security risks15:04 – 26,000 public sector devices lost or stolen20:39 – Cloudflare launches AI bot blocker24:28 – Ex-student hacks university over parking, triggers breach27:41 – Cornwall school cyberattack and UK education stats31:13 – £3.5m lost to quishing (QR phishing)35:20 – IT worker jailed for revenge attack after suspension38:23 – Microsoft kills the Blue Screen of Death42:00 – Awareness events: SANS Summit, IASAP, and Huficon46:01 – Can we teach our mums to spot fake AI videos?48:06 – IKEA gift card checkout scam warning50:27 – WHSmith rebrands as TG Jones – phishing vibes54:07 – Instagram inheritance scam analysed by ChatGPT57:51 – TikTok strikes vs Meta’s scam filtering59:15 – AI chatbots recommending phishing links01:04:09 – CSGO player doxxed via Steam OSINT01:08:47 – Digital footprints and parenting in a connected world01:11:16 – Local business cyber day preview01:12:11 – Weekly wrap-up and final thoughts📩 For links, videos, and the newsletter – head to ⁠⁠riskycreative.com⁠⁠💬 ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Check Out This Episode's Discussion Points⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠📧 ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠[email protected]⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠🔗⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ riskycreative.com⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠🎵 Our Intro & Outro Song (© ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠16! by ⁠falling forever⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠)License: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://creativecommons.org/licenses/by/4.0

This week on The Awareness Angle Interviews… Anthony sits down with AJ King, a UX researcher and behavioural science expert, to explore what it really takes to change security behaviour. Forget check-the-box training and flashy nudges—this episode gets into the messy, human side of behaviour change, why habits are hard to break, and how your gym routine might just explain why people keep clicking phishing links.🧠 Why People Don’t Remember Training – AJ breaks down the cognitive reasons annual awareness programs often fall flat.🎯 Nudges Aren’t Enough – We explore why simple prompts can help—but won’t fix—behavioural gaps without deeper engagement.💪 The Gym Metaphor – Building secure habits is like fitness: it takes consistency, relevance, and personal motivation.📈 Beyond Compliance – Compliance might drive reporting, but it rarely changes how people actually act.🔁 Repetition & Real Life – Training sticks when it reflects daily behaviour—not once-a-year reminders.📣 Speaking Their Language – Why tailoring awareness efforts to people’s lived experience matters more than security buzzwords.🤝 Behavioural Science Meets UX – AJ shares how user research and human-centred design can elevate your awareness program from frustrating to effective.💬 Feedback as a Force Multiplier – What users tell you (and what they don’t) can reshape how you teach security.⚖️ Fear vs. Motivation – We talk about the psychology of risk, and why scaring people isn’t a sustainable strategy.🔄 Security is a Human System – Tools help, but behaviour drives outcomes. Awareness needs to meet people where they are.If you're trying to move the needle on secure behaviour—not just track who opened the training email—this one's packed with fresh thinking, honest insights, and practical ways to rethink your approach.The Awareness Angle: Interviews is our ongoing series of real, no-fluff conversations with the people reimagining how we approach security, risk, and human behaviour.🕒 Timestamps00:00 – Why AJ’s Here: Behaviour and Security01:29 – Why AJ is Ant’s go-to behaviour guy03:06 – What actually *is* human behaviour?05:15 – Why behaviour change isn’t a 5-minute training course09:02 – The problem with “mandatory training”12:09 – Should we focus on personal security instead?14:25 – Does compliance culture harm behaviour change?18:35 – Why annual training is a compliance box, not a solution20:11 – The myth of the nudge silver bullet24:31 – Present bias and procrastinating secure behaviour30:45 – You can’t predict when behaviour will matter32:44 – Engagement is everything: the gym metaphor34:05 – Why nudging alone won’t work for everyone38:06 – What should the function be called – and does it matter?42:46 – Reframing security for leadership48:06 – Using behavioural change to get more support from the top56:05 – Fear vs Reward: What really works?59:01 – Phishing screen colours and peer influence01:03:13 – Simulated phishing: don’t destroy your brand01:08:04 – Be the purple cow – standing out in awareness01:14:11 – Nudges, newsletters, and long-term behaviour change01:18:41 – Book recs: Freakonomics & Very Good Copy01:21:09 – AJ will be back for The Art of Change01:22:45 – Where to find AJ King💬 ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Check Out This Episode's Discussion Points⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠📧 ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠[email protected]⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠🔗⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ riskycreative.com⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠🎵 Our Intro & Outro Song (© ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠16! by ⁠falling forever⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠)License: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://creativecommons.org/licenses/by/4.0

This week on The Awareness Angle, Anthony Davis and Luke Pettigrew break down the biggest cyber stories, from smishing attacks in car parks to leaked US military secrets on gaming forums. It’s all about what slipped through the cracks, and what to watch for next.🛡️ Mass Claims & M&S Breach – Legal firms swarm the M&S data breach. Who really benefits: victims or opportunists?🎮 Nexus Mods Ownership Shift – A quiet change sparks questions about transparency on one of gaming’s most trusted mod sites.🌐 Record-Breaking DDoS Attack – 37 million requests per second. The new HTTP/2 “rapid reset” exploit shows how attacks keep evolving.🍕 OSINT & Pizza Orders – Can pizza deliveries reveal classified military ops? A deep dive into how open-source intel can be weaponized.✈️ Military Secrets Leaked on Forums – War Thunder players keep spilling classified info. Why does this keep happening?🏥 AI in GP Clinics – UK doctors use unapproved AI transcription tools. What are the privacy risks of this shadow IT?📂 New ClickFix Variant: FileFix – A stealthy Windows Explorer exploit you need to know about. Don’t blindly paste code.📱 SMS Blasters Deployed – Low-cost devices send spoofed texts by the thousands. Just because it looks real, doesn’t mean it is.💉 Ransomware Linked to NHS Death – The human cost of cybercrime grows as a Synnovis attack ties to a patient fatality.🧰 Windows 10 Extended Support – Staying on Windows 10 past October 2025 comes with hidden costs. Is it worth it?🧪 Fake Interviews, Real Malware – Developers targeted via NPM packages during bogus test tasks. Beware offers that seem too good to be true.🎁 Scam of the Week – Anthony’s mum nearly falls for a fake M&S hamper giveaway. Funny but also a sharp warning.🔍 Tool of the Week: Metomic – A clever, nudge-based DLP platform that helps teams catch oversharing before it turns into a breach.If you care about real-world threats, human behavior, and how security can slip through everyday cracks, this episode has plenty to chew on.🕒 Timestamps00:00 Introduction to Cybersecurity News04:01 M&S Claims and Ethical Concerns06:14 Record-Breaking DDoS Attack10:02 OSINT and Pizza Intelligence14:27 Military Secrets Leaked on Gaming Forums18:02 Doctors Using Unapproved AI Tools22:08 New FileFix Attack in Cybersecurity26:08 SMS Blasters and Smishing Attacks30:12 Ransomware Impact on Healthcare33:04 Cybersecurity Compliance Risks36:02 Fake Interviews and Malware Distribution39:04 Public Reactions to Data Breaches44:09 Innovative Cybersecurity Tools49:07 Evaluating Discount Software Purchases55:02 Identifying Scams and Phishing Attempts01:01:00 Password Security and Data Breaches📩 For links, videos, and the newsletter – head to ⁠riskycreative.com⁠💬 ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Check Out This Episode's Discussion Points⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠📧 ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠[email protected]⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠🔗⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ riskycreative.com⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠🎵 Our Intro & Outro Song (© ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠16! by ⁠falling forever⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠)License: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://creativecommons.org/licenses/by/4.0