Smashing Security

A Wikipedia security engineer accidentally wakes a dormant JavaScript worm that hadn't stirred since 2024 - and within minutes, giant woodpecker images are plastered across the internet's favourite encyclopaedia. Meanwhile, a crypto contractor hired to help the US Marshals manage seized digital assets allegedly decides to help himself to $46 million of it - and then brags about it on a recorded Telegram call. Plus: Graham champions Asterix, Trisha discovers the fantasy novels of Robin Hobb, and someone called "Lick" ends up in the nick. All this, and much more, in episode 458 of the "Smashing Security" podcast with cybersecurity veteran Graham Cluley, and special guest Tricia Howard. EPISODE LINKS: Major data leak forum dismantled in global action against cybercrime forum - Europol.Ericsson blames vendor vishing slip-up for breach exposing thousands of records - The Register.How hackers bypassed MFA with a $120 phishing kit – until law enforcement shut them down - Hot for Security.Wikipedia hit by self-propagating JavaScript worm that vandalized pages - Bleeping Computer.FBI arrests crypto thief accused of stealing $46 million from seized government wallet - Tom’s Hardware.Twitter thread by ZachXBT about John Daghita’s arrest - Twitter.Asterix - Wikipedia.Robin Hobb.The Complete Farseer trilogy - Harper Collins.Smashing Security merchandise (t-shirts, mugs, stickers and stuff) SPONSORS: VantaThreatLockerMeter SUPPORT THE SHOW: Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser. Become a supporter! Join Smashing Security PLUS via Patreon or Apple Podcasts for ad-free episodes on our early-release feed! FOLLOW THE SHOW: Follow us on Bluesky or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes. THANKS: Theme tune: "Vinyl Memories" by Mikael Manvelyan. Assorted sound effects: AudioBlocks. Privacy & Opt-Out: https://redcircle.com/privacy

When a top cybersecurity firm discovered it had a leak, you would expect the FBI to be called. Instead, the person put in charge of the investigation was the actual leaker... who promptly sent an innocent colleague into a career-ending ambush. In this episode, we unravel the jaw-dropping tale of a defence contractor caught selling zero-day exploits to a Russia-linked broker. Plus: are nation states quietly poisoning AI models to bend reality itself? We explore how “foreign information manipulation interference” could target not just social media users, but the large language models we increasingly trust for answers — and what that might mean for truth, trust, and the future of online influence. All this, and much more, in episode 457 of the "Smashing Security" podcast with cybersecurity veteran Graham Cluley, and special guest Carl Miller. EPISODE LINKS: Large-Scale Online Deanonymization with LLMsHacked Prayer App Sends ‘Surrender’ Messages to Iranians Amid Israeli and US Strikes“Stay safe out there gamers”: Streamers say Amazon just made Wishlists a doxxing riskApple alerts exploit developer that his iPhone was targeted with government spywareFormer General Manager for U.S. Defense Contractor Sentenced to 87 Months for Selling Stolen Trade Secrets to Russian BrokerTreasury Sanctions Exploit Broker Network for Theft and Sale of U.S. Government Cyber ToolsInside the story of the US defense contractor who leaked hacking tools to Russia​​Hundreds of English-language websites link to pro-Kremlin propagandaThe Incredible Shrinking Man“The Immortalists” by Aleks KortoskiSmashing Security merchandise (t-shirts, mugs, stickers and stuff) SPONSORS: Action1MeterVanta SUPPORT THE SHOW: Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser. Become a supporter! Join Smashing Security PLUS via Patreon or Apple Podcasts for ad-free episodes on our early-release feed! FOLLOW THE SHOW: Follow us on Bluesky or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes. THANKS: Theme tune: "Vinyl Memories" by Mikael Manvelyan. Assorted sound effects: AudioBlocks. Privacy & Opt-Out: https://redcircle.com/privacy

When the mysterious operator of an internet archiving-service decided to silence a curious Finnish blogger, they didn’t just send a stroppy email - they allegedly weaponised their own CAPTCHA page to launch a DDoS attack, threatened to invent an entirely new genre of AI porn, and tampered with parts of their own archive to smear the blogger's name. In this episode, we unravel how a website designed to preserve history may have trashed its own credibility - and how Wikipedia responded when trust went out the window. Plus a ransomware gang shoots itself in the foot with a classic case of buffoonery, accidentally corrupting the very keys victims would need to decrypt their data. When even the criminals can’t unlock your files, what happens next? All this, a surprisingly zen Pick of the Week, and a gloriously splenetic rant against web forms, on episode 456 of the award-winning "Smashing Security" podcast, with cybersecurity veteran Graham Cluley and special guest Paul Ducklin. EPISODE LINKS: This App Will Detect People Wearing Smart Glasses Near You - Lifehacker.Patients listed as dead after major NZ health app MediMap hacked - 1News.Why fake AI videos of UK urban decline are taking over social media - BBC News.FBI orders domain registrar to reveal who runs mysterious Archive.is site - Ars Technica.Archive.today CAPTCHA page executes DDoS; Wikipedia considers banning site - Ars Technica.Archive.today is directing a DDOS attack against my blog - Gyrovague.Critical buffer overflow bug - in ESXi ransomware - SolCyber.Yoga with Adriene - YouTube.Smashing Security merchandise (t-shirts, mugs, stickers and stuff) SPONSORS: CoreviewVantaThreatLocker SUPPORT THE SHOW: Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser. Become a supporter! Join Smashing Security PLUS via Patreon or Apple Podcasts for ad-free episodes on our early-release feed! FOLLOW THE SHOW: Follow us on Bluesky or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes. THANKS: Theme tune: "Vinyl Memories" by Mikael Manvelyan. Assorted sound effects: AudioBlocks. Privacy & Opt-Out: https://redcircle.com/privacy

Could America turn off Europe's internet? That’s one of the questions that Graham and special guest James Ball will be exploring as they discuss tech sovereignty. Could Gmail, cloud services, and critical infrastructure really become geopolitical leverage? And is anyone actually building a Plan B? Plus we explore if Meta is quietly plotting to turn its smart glasses into face-recognising surveillance specs? With reports of internal memos suggesting they plan to launch controversial features while everyone’s distracted by political chaos, we ask: is this innovation really wanted by the public... or something far creepier? All of this, and much more, in episode 455 of the award-winning "Smashing Security" podcast with cybersecurity veteran Graham Cluley, joined this week by journalist and author James Ball. EPISODE LINKS: Meta Plans to Add Facial Recognition Technology to Its Smart GlassesTrading Sovereignty for Scale? The Costs of the US - UK Tech Prosperity DealJust Mercy Just Mercy trailerBryan Stevenson’s TED talk: We need to talk about an injusticeThe ResidenceSmashing Security merchandise (t-shirts, mugs, stickers and stuff) SPONSORS: VantaPassworkAdaptive Security SUPPORT THE SHOW: Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser. Become a supporter! Join Smashing Security PLUS via Patreon or Apple Podcasts for ad-free episodes on our early-release feed! FOLLOW THE SHOW: Follow us on Bluesky or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes. THANKS: Theme tune: "Vinyl Memories" by Mikael Manvelyan. Assorted sound effects: AudioBlocks. Privacy & Opt-Out: https://redcircle.com/privacy

AI bots are having existential crises, inventing religions, and allegedly plotting against humanity... or so the internet would have you believe. We dig into Moltbook, the “AI-only” social network that sent Twitter into a meltdown, attracted breathless talk of the singularity, and turned out to be far less Terminator and far more humans role-playing as bots. Plus we discuss why "vibe coding" your app might be a catastrophically bad idea, when security researchers can easily peek inside rifle through your private messages, API keys, and databases. Also this week we learn that pro-Russian hackers are circling the Winter Olympics - or is it the Jamaican Bobsleigh team? All this and more is discussed in episode 454 of the "Smashing Security" podcast with cybersecurity veteran Graham Cluley, and special guest Iain Thomson. EPISODE LINKS: AI Agents Created Their Own Religion, Crustafarianism, On An Agent-Only Social Network - Forbes.I Infiltrated Moltbook, the AI-Only Social Network Where Humans Aren’t Allowed - Wired.'Moltbook' social media site for AI agents had big security hole, cyber firm Wiz says - Reuters.Italy blames Russia-linked hackers for cyberattacks ahead of Winter Olympics - The Record.Italy says railways hit by 'serious sabotage' as Winter Olympics begin - BBC News.EpsteIN - GitHub.Private Eye.Smashing Security merchandise (t-shirts, mugs, stickers and stuff) SPONSORS: MeterVantaPasswork SUPPORT THE SHOW: Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser. Become a supporter! Join Smashing Security PLUS via Patreon or Apple Podcasts for ad-free episodes on our early-release feed! FOLLOW THE SHOW: Follow us on Bluesky or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes. THANKS: Theme tune: "Vinyl Memories" by Mikael Manvelyan. Assorted sound effects: AudioBlocks. Privacy & Opt-Out: https://redcircle.com/privacy

Supposedly redacted Jeffrey Epstein files can still reveal exactly who they’re talking about - especially when AI, LinkedIn, and a few biographical breadcrumbs do the heavy lifting. Sloppy redaction leads to explosive claims, and difficult reputational consequences for cybersecurity vendors, and we learn how trust - once cracked - can be almost impossible to fully restore. Elsewhere, the spotlight turns to insider threat in the age of AI, after a senior US cybersecurity official uploads sensitive government material into the public version of ChatGPT. Oops. All this, and much more, in episode 453 of Smashing Security with cybersecurity veteran Graham Cluley and special guest Tricia Howard. EPISODE LINKS: Notepad++ hijacked to serve malware in targeted attacks - Notepad++.Porn-quitting app caught leaking users’ sexual habits - 404 Media.MicroWorld Technologies’ eScan anti-virus update turned into a malware delivery system - Morphisec.Jmail.World.Informant told FBI that Jeffrey Epstein had a ‘personal hacker’ - Techcrunch.Confidential informant statement given to FBI - US Department of Justice.Post by Graham Cluley - LinkedIn.Trump’s acting cyber chief uploaded sensitive files into a public version of ChatGPT - Politico.We are Lady Parts - Channel 4.We are Lady Parts trailer - YouTube.“Bashir with a good beard” by We are Lady Parts - YouTube.“Voldermort under my headscarf” by We are Lady Parts - YouTube.Doctor Who: The Shakespeare Notebooks - Penguin.Smashing Security merchandise (t-shirts, mugs, stickers and stuff) SPONSORS: PassworkMeterVanta SUPPORT THE SHOW: Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser. Become a supporter! Join Smashing Security PLUS via Patreon or Apple Podcasts for ad-free episodes on our early-release feed! FOLLOW THE SHOW: Follow us on Bluesky or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes. THANKS: Theme tune: "Vinyl Memories" by Mikael Manvelyan. Assorted sound effects: AudioBlocks. Privacy & Opt-Out: https://redcircle.com/privacy

In episode 452, a London-based YouTuber wins a landmark court case against Saudi Arabia after his phone was hacked with Pegasus spyware — exposing how a single, seemingly harmless text message can turn a smartphone into a round-the-clock surveillance device. Plus, we go looking for professional hitmen online - only to uncover uncomfortable questions about why some crimes attract customers but very few complaints. All this and more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veteran Graham Cluley, joined this week by special guest Joe Tidy. EPISODE LINKS: Sorry Dave, I’m afraid I can’t do that! PCs refuse to shut down after Microsoft patchRussian state hackers likely behind wiper malware attack on Poland’s power gridUS charges 31 more suspects linked to ATM malware attacksDark web arrests in Romania linked to portal which offered services including murderRomanian scammers ran fake hitman-for-hire site, lured desperate perpetrators as 'incompetent assassins'This Fake Hitman Site Is the Most Elaborate, Twisted Dark Web Scam YetUnlikely Assassin, The Murder of Amy AllwineSaudi dissident awarded $4.1 million by UK court for hacking, assault 'by Saudi Arabia'Stalkerware: The software that spies on your partnerUsing 'stalkerware' to spy on a colleague's phone“Polite Society” trailerElegoo Saturn 3 3D printerSmashing Security merchandise (t-shirts, mugs, stickers and stuff) SPONSORS: PassworkCoreviewVanta SUPPORT THE SHOW: Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser. Become a supporter! Join Smashing Security PLUS via Patreon or Apple Podcasts for ad-free episodes on our early-release feed! FOLLOW THE SHOW: Follow us on Bluesky or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes. THANKS: Theme tune: "Vinyl Memories" by Mikael Manvelyan. Assorted sound effects: AudioBlocks. Privacy & Opt-Out: https://redcircle.com/privacy

In episode 451 of "Smashing Security," we meet the cybercriminal who hacked the US Supreme Court, Veterans Affairs, and more - and then helpfully posted screenshots (and even someone’s blood type) on an account called "I hacked the government." Plus we discuss how researchers uncovered a creepy flaw that lets attackers hijack wireless headphones, listen in on calls, inject audio, and even turn your earbuds into a stalking device - all without you noticing. All this, and much more, in this episode of the "Smashing Security" podcast with Graham Cluley, and special guest Ray [REDACTED] EPISODE LINKS: Tennessee Man Pleads in Hacking U.S. Supreme Court, AmeriCorps, and VA Health System - US Department of Justice.Paris Hilton’s hacker sentenced to 57 months in prison - Graham Cluley.WhisperPair.One Tap To Hijack Them All - A Security Analysis of the Google Fast Pair Protocol - YouTube.Hundreds of Millions of Audio Devices Need a Patch to Prevent Wireless Hacking and Tracking - Wired.Line of Duty - Wikipedia.Line of Duty - BBC iPlayer.Forgive the haters - YouTube.Smashing Security merchandise (t-shirts, mugs, stickers and stuff) SPONSORS: VantaThreatLockerAdaptive Security SUPPORT THE SHOW: Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser. Become a supporter! Join Smashing Security PLUS via Patreon or Apple Podcasts for ad-free episodes on our early-release feed! FOLLOW THE SHOW: Follow us on Bluesky or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes. THANKS: Theme tune: "Vinyl Memories" by Mikael Manvelyan. Assorted sound effects: AudioBlocks. Y Privacy & Opt-Out: https://redcircle.com/privacy

Confusion reigns after claims that data linked to 17.5 million Instagram accounts is up for sale - sparked by a vague post, contradictory statements, and a flood of password reset emails nobody asked for. And we dig into Grok, Elon Musk’s AI chatbot, after it started generating sexualised images of women and children - raising uncomfortable questions about guardrails, accountability, and why playing the censorship card doesn’t make the problem go away. All this, and much more, in this episode of the "Smashing Security" podcast with Graham Cluley, and special guest Monica Verma. EPISODE LINKS: Free Speech Union website down after alleged funders exposed by trans hackers - Pink News.Illinois Man Charged in Snapchat Hacking Investigation - US Dept of Justice.Hackers get hacked, as BreachForums database is leaked - Hot for Security.Post by Malwarebytes - Bluesky.Post by Instagram - Twitter.Instagram denies breach amid claims of 17 million account data leak - Bleeping Computer.Ofcom asks X about reports its Grok AI makes sexualised images of children - BBC News.Musk’s Grok blocked by Indonesia, Malaysia over sexualized images in world first - CNN.Elon Musk shares AI images of Starmer in bikini in row over grim Grok deepfakes - Mirror.Soul Music - BBC Sounds.Smashing Security merchandise (t-shirts, mugs, stickers and stuff) SPONSORS: VantaMeter SUPPORT THE SHOW: Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser. Become a supporter! Join Smashing Security PLUS via Patreon or Apple Podcasts for ad-free episodes on our early-release feed! FOLLOW THE SHOW: Follow us on Bluesky or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes. THANKS: Theme tune: "Vinyl Memories" by Mikael Manvelyan. Assorted sound effects: AudioBlocks. ENJOYED THE SHOW? Make sure to check out our sister podcast, "The AI Fix". Privacy & Opt-Out: https://redcircle.com/privacy

Romance scammers have apparently discovered astrology... and Taurus is their secret weapon. In episode 449 of "Smashing Security", we take a look inside an actual romance-fraud handbook - complete with scripts, personality “types”, corporate jargon, and a seven-day plan to get victims from hello to hand over the crypto. Then Lesley "hacks4pancakes" Carhart delivers a reality check on the dire cybersecurity jobs market for juniors: why entry-level roles are evaporating, how automated CV screening is chewing candidates up, and what hopeful newcomers (and weary veterans) can do about it. Plus, Graham talks to ThreatLocker CEO Danny Jenkins about why misconfigurations are behind an uncomfortable number of breaches, how default-deny security actually works in practice, and why detecting attacks after they’ve started is already too late. All this, and much more, in this episode of the "Smashing Security" podcast with Graham Cluley, and special guest Lesley Carhart. EPISODE LINKS: Millions of Android Powered TVs and Streaming Devices Infected by Kimwolf Botnet - Hackread.Ilya Lichtenstein, Bitcoin hacker behind massive crypto theft, credits Trump for early prison release - CNBC.How Fake BSODs and Trusted Build Tools Are Used to Construct a Malware Infection - Securonix.A scammer's guide: How cybercriminals plot to rob a target in a week - Reuters.Game of Wool: Britian’s Best Knitter - Channel 4.Game of Wool trailer - YouTube.Earthrise One: Melbourne's Premier Sci-Fi Escape Room Adventure.Smashing Security merchandise (t-shirts, mugs, stickers and stuff) SPONSORS: VantaThreatLockerMeter SUPPORT THE SHOW: Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser. Become a supporter! Join Smashing Security PLUS via Patreon or Apple Podcasts for ad-free episodes on our early-release feed! FOLLOW THE SHOW: Follow us on Bluesky or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes. THANKS: Theme tune: "Vinyl Memories" by Mikael Manvelyan. Assorted sound effects: AudioBlocks. ENJOYED THE SHOW? Make sure to check out our sister podcast, "The AI Fix". Privacy & Opt-Out: https://redcircle.com/privacy

Think your Kindle is harmless? Think again! In this episode, Graham and special guest Danny Palmer unpack a Black Hat Europe talk revealing how a boobytrapped audiobook could exploit the Amazon eBook reader - potentially letting an attacker break into your account and seize control of your credit card. Plus a blast from 2021's "summer of ransomware" returns to haunt Ireland's Health Service Executive, as victims are offered €750 each. And because it's the last show before the Christmas break, there's also a Pick of the Week that veers from cosy rom-com comfort to pointy-polygon nostalgia. All this, and more, in episode 448 of the "Smashing Security" podcast with Graham Cluley, and special guest Danny Palmer. 🎅 🎄 Thanks to everyone for listening to "Smashing Security" during 2025 - we look forward to being back in your ear'oles in early January. Stay safe! 🎅 🎄 EPISODE LINKS: Password manager provider fined £1.2m by ICO for data breach affecting up to 1.6 million people in the UK - ICO.Trump Administration Turning to Private Firms in Cyber Offensive - Bloomberg.Russian ban on Roblox gaming platform sparks rare protest - Reuters.Once upon an exploit: how fake audiobook led to Kindle takeover - Cybernews.Four years later, Irish health service offers €750 to victims of ransomware attack - Bitdefender.When Harry Met Sally - Wikipedia.When Harry Met Sally trailer - YouTube.Tomb Raider 1-3 Remastered review - you were never going to smooth these games out - Eurogamer.Smashing Security merchandise (t-shirts, mugs, stickers and stuff) SPONSORS: VantaThreatLocker SUPPORT THE SHOW: Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser. Become a supporter! Join Smashing Security PLUS via Patreon or Apple Podcasts for ad-free episodes on our early-release feed! FOLLOW THE SHOW: Follow us on Bluesky or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes. THANKS: Theme tune: "Vinyl Memories" by Mikael Manvelyan. Assorted sound effects: AudioBlocks. ENJOYED THE SHOW? Make sure to check out our sister podcast, "The AI Fix". Privacy & Opt-Out: https://redcircle.com/privacy

On this week's show we learn that AI really can be a stalker’s best friend, as we explore a strange tale that starts with a manatee-shaped mailbox on a millionaire's lawn and ends with Grok happily doxxing real people, mapping out stalking "strategies," and handing out revenge-porn tips. Then we go inside the Louvre heist, where thieves in hi-vis and a hire van waltzed off with the French crown jewels in broad daylight, exploiting our assumptions about what "looks normal" - the same kind of bias we’re now baking into security AIs. Plus, Graham chats with Rob Edmondson from CoreView about why misconfigurations and over-privileged accounts can make Microsoft 365 dangerously vulnerable. All this, and more, in episode 447 of the "Smashing Security" podcast with Graham Cluley, and special guest Jenny Radcliffe. EPISODE LINKS: Khashoggi widow files complaint in France alleging Saudi government infected devices with spywareUS Posts $10 Million Bounty for Iranian HackersInfostealer has entered the chatDave Portnoy posts a photo of his lawn (including a manatee-shaped mailbox)Elon Musk’s Grok AI Is Doxxing Home Addresses of Everyday PeopleElon Musk’s Grok Is Providing Extremely Detailed and Creepy Instructions for StalkingHow the Louvre thieves exploited human psychology to avoid suspicion – and what it reveals about AIOutrageous (TV series)Outrageous trailerMan charged with theft after allegedly swallowing Fabergé pendant in jewellery storeFree Microsoft 365 Tenant Security ScannerSmashing Security merchandise (t-shirts, mugs, stickers and stuff) SPONSORS: VantaHorizon3.aiCoreView SUPPORT THE SHOW: Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser. Become a supporter! Join Smashing Security PLUS via Patreon or Apple Podcasts for ad-free episodes on our early-release feed! FOLLOW THE SHOW: Follow us on Bluesky or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes. THANKS: Theme tune: "Vinyl Memories" by Mikael Manvelyan. Assorted sound effects: AudioBlocks. ENJOYED THE SHOW? Make sure to check out our sister podcast, "The AI Fix". Privacy & Opt-Out: https://redcircle.com/privacy

A teenage cybercriminal posts a smug screenshot to mock a sextortion scammer... and accidentally hands over the keys to his real-world identity. Meanwhile, we look into the crystal ball for 2026 and consider how stolen data is now the jet fuel of cybercrime – and how next year could be even nastier than 2025. Plus, Graham rants about recipe sites that won’t shut up, and there's even more love for Lily Allen's album "West End Girl" album. All this and more is discussed in episode 446 of the "Smashing Security" podcast with cybersecurity veteran Graham Cluley, and special guest Rik Ferguson. EPISODE LINKS: Europol nukes Cryptomixer laundering hub, seizing €25M in Bitcoin4.3 Million Browsers Infected: Inside ShadyPanda's 7-Year Malware CampaignUncovering a Calendly-themed phishing campaign targeting business ad manager accountsMeet Rey, the Admin of ‘Scattered Lapsus$ Hunters’Jonathan Ross email goof highlights Twitter security issueVIDEO: Mark Zuckerberg’s password choices are dadada-dumb!Password to Louvre’s video surveillance system was 'Louvre', according to employeeJust the RecipeWest End GirlWest End GirlSmashing Security merchandise (t-shirts, mugs, stickers and stuff) SPONSORS: 1PasswordVantaDrata SUPPORT THE SHOW: Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser. Become a supporter! Join Smashing Security PLUS via Patreon or Apple Podcasts for ad-free episodes on our early-release feed! FOLLOW THE SHOW: Follow us on Bluesky or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes. THANKS: Theme tune: "Vinyl Memories" by Mikael Manvelyan. Assorted sound effects: AudioBlocks. ENJOYED THE SHOW? Make sure to check out our sister podcast, "The AI Fix". Privacy & Opt-Out: https://redcircle.com/privacy

America's airwaves are haunted by zombies again, as we dig into a decade of broadcasters leaving their hardware open to attack, giving hackers the chance to hijack TV shows, blast out fake emergency alerts, and even replace religious sermons with explicit furry podcasts. Meanwhile, we look at how a worker at a cybersecurity firm allegedly leaked internal information to a hacking gang - raising big questions about insider threats. Plus: Frankenstein on Netflix, Vine nostalgia, and why Barney the Dinosaur may be the true criminal mastermind behind it all. All this and more is discussed in episode 445 of the “Smashing Security” podcast with cybersecurity veteran Graham Cluley, and special guest Dan Raywood. EPISODE LINKS: Fake adult websites pop realistic Windows Update screen to deliver stealers via ClickFix - Acronis.Tokyo Court Finds Cloudflare Liable For Manga Piracy in Long-Running Lawsuit - TorrentFreak.Former Google chief accused of spying on employees through account ‘backdoor’ - LA Times.Bogus zombie apocalypse warnings undermine US emergency alert system - Ars Technica.2013 EAS Zombie Hoax - Emergency Alert System Wiki.The 1987 Max Headroom incident - YouTube.Nation-wide radio station hack airs hours of vulgar “furry sex” ramblings - Ars Technica.ESPN 97.5 Houston Victim Of Barix Hack - Radio Insight.ESPN Houston apologises to viewers - Facebook.CrowdStrike fires ‘suspicious insider’ who passed information to hackers - TechCrunch.Frankenstein official trailer - YouTube.Frankenstein - Netflix.Vine: Six Seconds that changed the world - Global Player.Smashing Security merchandise (t-shirts, mugs, stickers and stuff) SPONSORS: Action1VantaHorizon3.ai SUPPORT THE SHOW: Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser. Become a supporter! Join Smashing Security PLUS via Patreon or Apple Podcasts for ad-free episodes on our early-release feed! FOLLOW THE SHOW: Follow us on Bluesky or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes. THANKS: Theme tune: "Vinyl Memories" by Mikael Manvelyan. Assorted sound effects: AudioBlocks. ENJOYED THE SHOW? Make sure to check out our sister podcast, "The AI Fix". Privacy & Opt-Out: https://redcircle.com/privacy

Stop the press - a company has actually said "sorry" after a data breach, and hotels are helping hackers phish their own guests. In episode 444 of "Smashing Security" we examine a refreshingly honest breach response (and why legacy systems are still going to ruin your week), dig into a nasty hotel-booking malware campaign that abuses trust in apps and CAPTCHAs, and chat about autonomous pen testing, AI-turbocharged cybercrime, and what CISOs should really be asking on Monday morning. And lost Doctor Who is brought back to life by one very dedicated animator, and we take a look at Eddie Murphy’s career. All this and more is discussed in episode 444 of the "Smashing Security" podcast with cybersecurity veteran Graham Cluley, and special guest Tricia Howard. Plus - don't miss our featured interview with Snehal Antani from Horizon3.ai! EPISODE LINKS: A Simple WhatsApp Security Flaw Exposed 3.5 Billion Phone Numbers - Wired.British hacker must repay £4m after hijacking celebrity Twitter accounts - BBC News.Cloudflare experiences a massive outage - LifeHacker.Protecting our Merchants: Standing up to Extortion - Checkout.A miracle: A company says sorry after a cyber attack - and donates the ransom to cybersecurity research - Hot for Security.Large-Scale ClickFix Phishing Attacks Target Hotel Systems with PureRAT Malware - The Hacker News.Unmasking a Sophisticated Phishing Campaign That Targets Hotel Guests - Akamai.Doctor Who Animation: Daleks' Master Plan - The Nightmare Begins. Part 1 - YouTube.Doctor Who Animation: Daleks' Master Plan - The Nightmare Begins. Part 2 - YouTube.Being Eddie - Netflix.Smashing Security merchandise (t-shirts, mugs, stickers and stuff) SPONSORS: VantaHorizon3.ai SUPPORT THE SHOW: Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser. Become a supporter! Join Smashing Security PLUS via Patreon or Apple Podcasts for ad-free episodes on our early-release feed! FOLLOW THE SHOW: Follow us on Bluesky or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes. THANKS: Theme tune: "Vinyl Memories" by Mikael Manvelyan. Assorted sound effects: AudioBlocks. ENJOYED THE SHOW? Make sure to check out our sister podcast, "The AI Fix". Privacy & Opt-Out: https://redcircle.com/privacy

Tinder has got a plan to rummage through your camera roll, and Warren Buffett keeps popping up in convincing deepfakes dishing "number one investment tips." Meanwhile, will agentic AI replace your co-hosts before you can say "EDR for robots"? and why you should still read books. All this, plus Lily Allen's new album and Claude Code come up for discussion in episode 443 of the "Smashing Security" podcast, with special guest Ron Eddings. EPISODE LINKS: ‘Landfall’ spyware abused zero-day to hack Samsung Galaxy phones - TechCrunch.Cyber insurers paid out over twice as much for UK ransomware attacks last year - The Register.Lost iPhone? Don’t fall for phishing texts saying it was found - Bleeping Computer.Tinder to use AI to get to know users, tap into their Camera Roll photos - TechCrunch.Facebook’s AI can now suggest edits to the photos still on your phone - TechCrunch.Berkshire warns of AI deepfakes impersonating Warren Buffett - Reuters.West End Girl - Wikipedia.West End Girl - Spotify.Claude Code.Smashing Security merchandise (t-shirts, mugs, stickers and stuff) SPONSORS: Action1VantaTrelica by 1Password SUPPORT THE SHOW: Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser. Become a supporter! Join Smashing Security PLUS via Patreon or Apple Podcasts for ad-free episodes on our early-release feed! FOLLOW THE SHOW: Follow us on Bluesky or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes. THANKS: Theme tune: "Vinyl Memories" by Mikael Manvelyan. Assorted sound effects: AudioBlocks. ENJOYED THE SHOW? Make sure to check out our sister podcast, "The AI Fix". Privacy & Opt-Out: https://redcircle.com/privacy

Time itself comes under attack as a state-backed hacking gang spends two years tunnelling toward a nation’s master clock — with chaos potentially only a tick away. Plus when ransomware negotiators turn to the dark side, what could possibly go wrong? All this and more is discussed in episode 442 of the "Smashing Security" podcast with cybersecurity veteran Graham Cluley, and special guest Dave Bittner. EPISODE LINKS: Alleged Meduza Stealer malware admins arrested after hacking Russian orgTap-and-Steal: The Rise of NFC Relay Malware on Mobile DevicesPostcode Lottery's lucky dip turns into data slip as players draw each other's infoChinese Ministry of State Security MSS WeChat postChina blames US for cyber break-in, claims America is world's biggest bit burglarChicago firm that resolves ransomware attacks had rogue workers carrying out their own hacks, FBI saysMicroMacro: Crime CityStar Wars 3.5 foot animated LED R2-D2TrackaLackerSmashing Security merchandise (t-shirts, mugs, stickers and stuff) SPONSORS: VantaMaterialDrata SUPPORT THE SHOW: Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser. Become a supporter! Join Smashing Security PLUS via Patreon or Apple Podcasts for ad-free episodes on our early-release feed! FOLLOW THE SHOW: Follow us on Bluesky or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes. THANKS: Theme tune: "Vinyl Memories" by Mikael Manvelyan. Assorted sound effects: AudioBlocks. ENJOYED THE SHOW? Make sure to check out our sister podcast, "The AI Fix". Privacy & Opt-Out: https://redcircle.com/privacy

Basketball stars have allegedly joined forces with the mafia to fleece high-rollers in a poker scam involving hacked shufflers, covert cameras, and an X-ray card table. Meanwhile, researchers have found they could poke around an FIA driver portal to pull up the personal details of Formula 1 megastars. Plus: Graham’s “Pick of the Week” turns CAPTCHA hell into a delightfully deranged browser game that will make you question vegetables, geometry, and your life choices, while Danny takes a trip to ancient Africa... All this and more is discussed in episode 441 of "Smashing Security" podcast with cybersecurity veteran Graham Cluley, and special guest Danny Palmer. EPISODE LINKS: Baohuo, the gray eminence. Android backdoor hijacks Telegram accounts, gaining complete control over themCyberattack on Russia’s food safety agency reportedly disrupts product shipmentsDissecting YouTube's malware distribution network31 Defendants, Including Members and Associates of Organized Crime Families and National Basketball Association Coach Chauncey Billups, Charged in Schemes to Rig Illegal Poker GamesHow Hacked Card Shufflers Allegedly Enabled a Mob-Fueled Poker Scam That Rocked the NBAEvery Formula 1 driver on the grid just had their passport and license details leaked - but it could have been so much worseI’m not a robotCan I Beat The CAPTCHA Game?An African History of Africa by Zeinab BadawiSmashing Security merchandise (t-shirts, mugs, stickers and stuff) SPONSORS: Action1SecAlerts Vanta SUPPORT THE SHOW: Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser. Become a supporter! Join Smashing Security PLUS via Patreon or Apple Podcasts for ad-free episodes on our early-release feed! FOLLOW THE SHOW: Follow us on Bluesky or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes. THANKS: Theme tune: "Vinyl Memories" by Mikael Manvelyan. Assorted sound effects: AudioBlocks. ENJOYED THE SHOW? Make sure to check out our sister podcast, "The AI Fix". Privacy & Opt-Out: https://redcircle.com/privacy

A literal insider threat: we head to a Romanian prison where “self-service” web kiosks allowed inmates to run wild. Then we head to the checkout aisle to ask why JavaScript on payment pages went feral, and how new PCI DSS rules are finally muzzling Magecart-style skimmers. Plus: Graham reveals his new-found superpower with Keyboard Maestro, and Scott describes a slick new way to whip up beautiful how-to videos with Screen Studio. All this and more is discussed in episode 440 of "Smashing Security" podcast with cybersecurity veteran Graham Cluley, and special guest Scott Helme. EPISODE LINKS: What caused the AWS outage - and why did it make the internet fall apart?China blames US for cyber break-in, claims America is world's biggest bit burglarNintendo allegedly hacked by Crimson Collective hacking group - screenshot shows leaked folders, production assets, developer files, and backupsRomanian inmate hacks into prison IT system, modifies sentences for othersNew Version of PCI DSS Designed to Tackle Emerging Payment ThreatsWhat is Magecart? How this hacker group steals payment card dataKeyboard MaestroScreen StudioSmashing Security merchandise (t-shirts, mugs, stickers and stuff) SPONSORS: ANONVantaTrelica by 1Password SUPPORT THE SHOW: Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser. Become a supporter via Patreon or Apple Podcasts for ad-free episodes on our early-release feed! FOLLOW THE SHOW: Follow us on Bluesky or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes. THANKS: Theme tune: "Vinyl Memories" by Mikael Manvelyan. Assorted sound effects: AudioBlocks. ENJOYED THE SHOW? Make sure to check out our sister podcast, "The AI Fix". Privacy & Opt-Out: https://redcircle.com/privacy

A critical infrastructure hack hits the headlines - involving default passwords, boasts on Telegram, and a finale that will make a few cyber-crooks wish the ground would swallow them whole. Meanwhile we dig into the bit we don't talk about enough: the human cost of defending companies from hackers - stress, burnout, and how better leadership culture can help make security teams safer and saner. Plus we say a heartfelt "la di dah" to Diane Keaton, and tune in to a freshly re-released slice of pre-Fleetwood Mac history for the music-obsessed amongst us. All this and more is discussed in episode 439 of "Smashing Security" podcast with cybersecurity veteran Graham Cluley, and his special guest Annabel Berry. EPISODE LINKS: Cyber-attacks rise by 50% in past year, UK security agency saysWhat does the end of free support for Windows 10 mean for its users?Satellites found exposing unencrypted data, including phone calls and some military commsAnatomy of a Hacktivist Attack: Russian-Aligned Group Targets OT/ICSCaught in the act: Ransomware attack sticks to our AI-created honeypotHuman Performance in Security Operations: A Survey on Burnout, Wellbeing and Flow State Among PractitionersState of the Security Profession 23/24Leading CyberMental Health in Cybersecurity Foundation“Play it Again, Sam”“Play it Again, Sam” clip“Buckingham Nicks”Fleetwood Mac - Silver Springs (Live, 1997)Smashing Security merchandise (t-shirts, mugs, stickers and stuff) If anything we've discussed today has resonated with you, or if you're going through a tough time, please know you are not alone. There is always someone ready to listen, without judgment. Here are a few of the available resources: SPONSORS: SecAlertsANONVanta SUPPORT THE SHOW: Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser. Become a supporter via Patreon or Apple Podcasts for ad-free episodes on our early-release feed! FOLLOW THE SHOW: Follow us on Bluesky or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes. THANKS: Theme tune: "Vinyl Memories" by Mikael Manvelyan. Assorted sound effects: AudioBlocks. ENJOYED THE SHOW? Make sure to check out our sister podcast, "The AI Fix". Privacy & Opt-Out: https://redcircle.com/privacy