Smashing Security

In this week’s episode, Graham investigates the mysterious Iberian Peninsula blackout (aliens? toaster? cyberattack?), Carole dives in the UK legal aid hack that exposed deeply personal data of society's most vulnerable, and Dinah Davis recounts how Instagram scammers hijacked her daughter’s account - and how a parental control accidentally saved the day.All this and more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault, joined this week by special guest Dinah Davis.Warning: This podcast may contain nuts, adult themes, and rude language.Episode links:418 - I’m a teapot - MDN Web Docs.2025 Iberian Peninsula blackout - Wikipedia.What could have caused the major power outage in Spain and Portugal? Experts weigh in - Euro News.Spain investigates cyber weaknesses in blackout probe - Financial Times.Report on Working Conditions at INCIBE, the company Investigating the blackout - El Cierre Digital.My Teen's Instagram Account was Hacked - Dinah Davis.We Got Her Account Back, Here’s What the Forensics Revealed - Dinah Davis.'Significant amount' of private data stolen in Legal Aid hack  - BBC News.Civil legal aid: millions still without access to justice - The Law Society.Civil representation - Legal aid data - GOV.UK.Legal aid statistics England and Wales bulletin Oct to Dec 2024  - GOV.UK.Funding for justice down 22% since 2010 - Bar Council. The Assembly - ITV.The Assembly review – this celebrity interview show is going to be massive - The Guardian.

Don't get duped, doxxed, or drained! In this episode of "Smashing Security" we dive into the creepy world of sextortion scams, and investigate how crypto wallet firm Ledger's Discord server was hijacked in an attempt to phish for cryptocurrency recovery phrases.All this and more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault.Plus! Don't miss our featured interview with Drata's Matt Hillary.Warning: This podcast may contain nuts, adult themes, and rude language.Episode links:Ledger secures Discord after hacker bot tried to steal seed phrases - CoinTelegraph.Binance Founder CZ Warns: Ledger Discord Hack Targets Recovery Phrases - CoinPedia.Ledger confirms physical scam letters requesting seed phrase in fake security upgrade - The Block.Physical addresses of 270K Ledger owners leaked on hacker forum - Bleeping Computer.Criminals are mailing altered Ledger devices to steal cryptocurrency - Bleeping Computer.New Hello Pervert Email Attack Warning — ‘I Know Where You Live’ - Forbes.‘Hello pervert’: the sextortion scam claiming to have videoed you - The Guardian."Hello Pervert" Email Is A Total Scam - What You Need To Know - Malware Tips.Scam email sent from my own email address - Microsoft Community.Thunderbolts* review: 'The greatest Marvel offering in years' - BBC.Limelight, Exemplar - BBC Radio 4.Smashing Security merchandise (t-shirts, mugs, stickers and stuff)Sponsored by:Drata - The world’s most advanced Trust Management platform – making risk and compliance management accessible, continuous, and 10x more automated than ever before.Dashlane - Protect against the #1 cause of data breaches - poor password habits. Save 25% off a new business plan, or 35% off a personal Premium plan!a...

Brits face empty shelves and suspended meal deals as cybercriminals hit major high street retailers, and a terminated Disney employee gets revenge with a little help with Wingdings. Plus Graham challenges Carole to a game of "Malware or metal?", and we wonder just happens when you have sex on top of a piano?All this and more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault.Plus! Don't miss our featured interview with Jon Cho of Dashlane.Warning: This podcast may contain nuts, adult themes, and rude language.Episode links:Why is the M&S cyber attack chaos taking so long to resolve? - BBC News.M&S 'had no plan' for cyber attacks, insider claims, with 'staff left sleeping in the office amid paranoia and chaos' - Sky News.Hackers target the Co-op as police probe M&S cyber attack - BBC News.Harrods latest retailer to be hit by cyber attack - BBC News.Alleged ‘Scattered Spider’ Member Extradited to US - Krebs on Security.British 'ringleader' of hacking group 'behind M&S cyber attack' fled his home after 'masked thugs burst in and threatened him with blowtorches' - Daily Mail.Incidents impacting retailers – recommendations - NCSC.Ex-Disney employee gets 3 years in the clink for goofy attacks on mousey menus - The Register. United States of America V Michael Sheuer - Plea Agreement - US District Court PDF.The Tall Guy - IMDB.At 99, David Attenborough shares strongest message for the ocean - Oceanographic magazine.Smashing Security merchandise (t-shirts, mugs, stickers and stuff)Sponsored by:Dashlane - Protect against the #1 cause of data breaches - poor password habits. Save 25% off a new business plan, or 35% off a personal Premium plan! Vanta – Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get $1000 off!

He's not a pop star, but Jeffrey Bowie is alleged to have toured staff areas of a hospital in Oklahoma, hunting for computers he could install spyware on. We dive into the bizarre case of the man accused of hacking medical networks and then sharing how he did it on LinkedIn. Plus! Move over Nigerian princes — the WASPI scams are here. Fraudsters are now targeting UK women born in the 1950s, exploiting pension injustice for phishing gain.All this and more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault.Warning: This podcast may contain nuts, adult themes, and rude language.Episode links:Cybersecurity Firm CEO Charged with Installing Malware on a Hospital Computer - HIPAA Journal.Edmond cybersecurity CEO accused in major hack at hospital - YouTube.Jeffrey Bowie’s post on LinkedIn - Wayback Machine.Martin Lewis issues scam warning as fraudsters use him to target WASPI women - Metro News.‘Waspi’ women warned over fake compensation websites - The Guardian.WASPI campaigners warn of "dangerous" spike in fake compensation scams - Financial Reporter.National Trust.Wallet Creator - iOS App Store.DIY Dubai chocolate: Ravneet Gill’s recipe for crunchy pistachio chocolate - The Guardian.Smashing Security merchandise (t-shirts, mugs, stickers and stuff)Sponsored by:Vanta – Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get $1000 off!1Password Extended Access Management – Secure every sign-in for every app on every device.SUPPORT THE SHOW:Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.Become a supporter via Patreon or Apple Podcasts for ad-free...

Graham explores how the Elusive Comet cybercrime gang are using a sneaky trick of stealing your cryptocurrency via an innocent-appearing Zoom call, and Carole goes under the covers to explore the extraordinary lengths bio-hacking millionaire Bryan Johnson is attempting to extend his life.All this and more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault.Warning: This podcast may contain nuts, adult themes, and rude language.Episode links:Elusive Comet advisory - Security Alliance.Mitigating Elusive Comet Zoom remote control attacks - Trail of Bits.Aureon Capital: The Fake VCs who Almost Hacked Me - David Z Morris.Requesting or giving Remote Control - Zoom knowledgebase article.Has Bryan Johnson’s anti-aging experiment backfired? Biohacker spending $2 million-a-year admits to a costly misstep - Economic Times.  How Blueprint Founder Bryan Johnson Sought Control Via Confidentiality Agreements - The New York Times.Anti-aging mogul Bryan Johnson claims NY Times preparing ‘hit piece’ about alleged use of prostitutes, drugs - NY Post.KOReader - document reader for E Ink devices.Killing Thatcher: The IRA, the Manhunt and the Long War on the Crown - Bookshop.org.The Urge - Our history of addiction by Carl Erik Fisher.Smashing Security merchandise (t-shirts, mugs, stickers and stuff)Sponsored by:Vanta – Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get $1000 off!1Password Extended Access Management – Secure every sign-in for every app on every device.SUPPORT THE SHOW:Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.Become a supporter via a...

A cybersecurity firm is buying access to underground crime forums to gather intelligence. Does that seem daft to you?And over in Nigeria, even if romance scammers would like to update their LinkedIn profiles, just how easy is it to turn a new leaf after a sweet-talking career in cybercrime?All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault.Warning: This podcast may contain nuts, adult themes, and rude language.Episode links:Sell your forum accounts - PRODAFT.International Scammers Steal Over $1 Trillion in 12 Months in Global State of Scams Report 2024 - Gasa.org.Why Nigeria's internet scammers are 'role models' - BBC News.28-year-old fraudster surrenders to EFCC, confesses to romance scams - Punch Newspapers.Black Box - BBC iPlayer.Black Box trailer - YouTube.Katherine Ryan Battleaxe Tour - LW Theatres. Louis Theroux Interviews - Series 1: 5. Katherine Ryan - BBC iPlayer.Smashing Security merchandise (t-shirts, mugs, stickers and stuff)Sponsored by:Dashlane - Protect against the #1 cause of data breaches - poor password habits. Save 25% off a new business plan, or 35% off a personal Premium plan! Drata - The world’s most advanced Trust Management platform – making risk and compliance management accessible, continuous, and 10x more automated than ever before. Vanta – Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get $1000 off!SUPPORT THE SHOW:Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!FOLLOW US:Follow us on Bluesky or a...

QR codes are being weaponised by scammers — so maybe think twice before scanning that parking meter. And in a blunder so dumb it makes autocorrect look smart, the White House explains how it leaked war plans on Signal because an iPhone mistook a journalist for a government insider.Plus! Don't miss our featured interview with Josh Donelson of Material and Tony Albano from Google, about detection and response in today's AI-driven world.All this and more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault.Warning: This podcast may contain nuts, adult themes, and rude language.Episode links:The Trump Administration Accidentally Texted Me Its War Plans - The Atlantic.Here Are the Attack Plans That Trump’s Advisers Shared on Signal - The Atlantic.How the Atlantic’s Jeffrey Goldberg got added to the White House Signal group chat - The Guardian.From convenience to compromise: The rising threat of quishing scams - Fast Company.Microsoft Warns of Tax-Themed Email Attacks Using PDFs and QR Codes to Deliver Malware - Hacker News.QR Code Statistics 2024: Trends & Use Cases - QR Code.Honey Garlic Scallop Kabobs - Heinz.With QR Code Redemption Set to Surge to 5.3 Billion in 2025, Cybercriminals will Increase Their Quishing Attacks - Wealth & Finance International.Chess Masters: The End Game - BBC iPlayer.Cribbage Classic - iOS app store.Smashing Security merchandise (t-shirts, mugs, stickers and stuff)Sponsored by:Material - Email security that covers the full threat landscape – stopping new flavors of phishing and pretexting attacks in their tracks, while also protecting accounts and data from exploit or exposure.Vanta – Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get $1000 off!1Password Extended Access Management – Secure every sign-in for every app on every device.SUPPORT THE...

Renowned cybersecurity expert Troy Hunt falls victim to a phishing attack, resulting in the exposure of thousands of subscriber details, and don't lose your life savings in a whisky scam...All this and more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault.Plus! Don't miss our featured interview with Alastair Paterson, CEO and co-founder of Harmonic Security, discussing how companies can adopt Generative AI without putting their sensitive data at risk.Warning: This podcast may contain nuts, adult themes, and rude language.Episode links:A Sneaky Phish Just Grabbed my Mailchimp Mailing List - Troy Hunt.Thunderbird breach notice.Opération Cactus - Le Groupement d’Intérêt Public Action contre la Cybermalveillance.Cancer patient lost life savings to whisky barrel scammers - BBC. How to spot an investment scam - Saga Money.More than £612 million was lost to investment fraud in the UK last year - City of London Police. Adolescence - Netflix.Behind the scenes of Adolescence - YouTube.Thames Water: Inside the Crisis - BBC iPlayer.Who let the BBC inside Thames Water? - The New Statesman.Smashing Security merchandise (t-shirts, mugs, stickers and stuff)Sponsored by:Harmonic - Let your teams adopt AI tools safely by protecting sensitive data in real time with minimal effort. Harmonic Security gives you full control and stops leaks so your teams can innovate confidently.Vanta – Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get $1000 off!Acronis Threat Research Unit - Your secret weapon against cyber attacks. Access the reports now.SUPPORT THE SHOW:Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or

A YouTuber has unleashed an innovative AI bot army to disrupt and outwit the world of online scammers, and a New York Times investigation looks into the intricate web of global money laundering.All this and more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault.Warning: This podcast may contain nuts, adult themes, and rude language.Episode links:O2’s AI granny Daisy unveils what she’s learnt from her time on the phone to scammers – and what you can do to ruin their day - O2.Lenny - The Telemarketing Troll.I Built a Bot Army that Scams Scammers - Kitboga on YouTube.Takeaways From Our Money Laundering Investigation - The New York Times.Infiltrating scammer networks with the world’s top fraud fighters - YouTube.Open Street Map - Open Street Map.Smashing Security merchandise (t-shirts, mugs, stickers and stuff)Sponsored by:Vanta – Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get $1000 off!Drata - The world’s most advanced Trust Management platform – making risk and compliance management accessible, continuous, and 10x more automated than ever before. 1Password Extended Access Management – Secure every sign-in for every app on every device.SUPPORT THE SHOW:Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!FOLLOW US:Follow us on Bluesky or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.THANKS:Theme tune: "Vinyl Memories" by Mikael Manvelyan.Assorted sound effects: AudioBlocks.This...

In episode 409 of the "Smashing Security" podcast, we uncover the curious case of the Chinese cyber-attack on Littleton's Electric Light Company, and a California landlord's hidden camera scandal. All this and more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault.Warning: This podcast may contain nuts, adult themes, and rude language.Episode links:This is the FBI, open up. China's Volt Typhoon is on your network - The Register.Landlord recorded nude videos of woman tenant with cameras hidden in bedroom smoke detectors, lawsuit says - The Independent.Landlord arrested after tenant discovers hidden camera in rented room - PBSO.Hidden Cameras: What Travelers Need to Know - The New York Times.Shakespeare insults t-shirt - Royal Shakespeare Company.OAS Exhibitions - Oxford Art  Society.Carole’s “Rusty Sage” - Bluesky.Smashing Security merchandise (t-shirts, mugs, stickers and stuff)Sponsored by:Drata - The world’s most advanced Trust Management platform – making risk and compliance management accessible, continuous, and 10x more automated than ever before. Acronis Threat Research Unit - Your secret weapon against cyber attacks. Access the reports now.Vanta – Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get $1000 off!SUPPORT THE SHOW:Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!FOLLOW US:Follow us on Bluesky or Mastodon, or on the

What happens when a healthcare giant’s legal threats ignite a Streisand Effect wildfire… while a ransomware gang appears to ditch the dark web for postage stamps?Find out about this, and more, in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault.Warning: This podcast may contain nuts, adult themes, and rude language.Episode links:'We wanted to help': Students arrested after exposing FreeHour security flaw - Times of Malta.Medusa ransomware gang demands $2M from UK private health services provider - DataBreaches.net.Medusa Unveils Another 50TB of Stolen Data from HCRG Care Group, Giving Greater Insight Into the Scope of the Breach - DataBreaches.net.HCRG Care’s lawyers claimed an injunction issued in a “private” hearing required us to remove two posts. We didn’t comply - DataBreaches.net.Security firm leaves more than five billion records exposed on unsecured database - Graham Cluley.After threatening me with legal action, Keepnet Labs finally issues statement over data breach - Graham Cluley.Sophos apologises for going legal on school techies - The Register.Mail Scam Targeting Corporate Executives Claims Ties to Ransomware - IC3.One of the nastiest ransomware groups around may have a whole new way of doing things - TechRadar.Snail Mail Fail: Fake Ransom Note Campaign Preys on Fear - GuidePoint Security.Severance - Apple TV+.Smashing Security merchandise (t-shirts, mugs, stickers and stuff)Sponsored by:1Password Extended Access Management – Secure every sign-in for every app on every device.Palo Alto Networks - Get the 2025 Unit 42 Global Incident Response report to discover emerging threat trends, attacker tactics and expert recommendations to safeguard your business.a...

Journey with us to Myanmar's shadowy scam factories, where trafficked workers are forced to run romance-baiting and fake tech support scams, and find out why a company's mandatory hold time for tech support could lead to innocent users having their computers compromised.All this and more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault.Plus - don't miss our featured interview with Acronis CISO Gerald Beuchelt!Warning: This podcast may contain nuts, adult themes, and rude language.Episode links:HP deliberately adds 15 minutes waiting time for telephone support calls - The Register.HP mandated 15-minute wait time for callers - why that was good news for criminals - Bob Sullivan.How vulnerable people are trafficked to fuel a global cyber scam industry - ABC News.Hundreds of foreigners freed from Myanmar's scam centres - BBC News.'I need help': Freed from Myanmar's scam centres, thousands are now stranded - BBC News.Some foreigners pulled out of Myanmar scam centres face struggle to get home - Yahoo! News.'Pig Butchering' Scam: How China's 'Broken Tooth' stole over $75 bn from global investors using crypto currencies - The Economic Times.Scunthorpe problem - Wikipedia.Scunthorpe Sans font.Sociopath: A Memoir by Patric Gagne - Goodreads.Smashing Security merchandise (t-shirts, mugs, stickers and stuff)Sponsored by:Acronis - Integrated cybersecurity, data protection and endpoint management built for MSPs.Threat Vector - The podcast from Palo Alto Networks that gives you timely analysis of current security trends and challenges.Drata - The world’s most advanced Trust Management platform – making risk and compliance management accessible, continuous, and 10x more automated than ever before. SUPPORT THE SHOW:Tell your friends and colleagues about “Smashing Security”, and leave us a review on

We explore how the cryptocurrency exchange Bybit has been hacked to the jaw-dropping tune of $1.5 billion, and we look at what is being done to better defend women and girls' safety online.All this and more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault.Warning: This podcast may contain nuts, adult themes, and rude language.Episode links:Incident Update: Unauthorized Activity Involving ETH Cold Wallet - Bybit.Bybit Launches Recovery Bounty Program with Rewards up to 10% of Stolen Funds - Bybit.ZachXBT links Bybit hack to Lazarus Group - Twitter.Online Safety Act: explainer - GOV.UKThese Are The 10 Most Complained-About TV Moments In Ofcom's History - Ofcom. Ofcom to push for better age verification, filters and 40 other checks in new online child safety code - TechCrunch.UK’s internet watchdog toughens approach to deepfake porn - TechCrunch.Girlguiding research exposes alarming online harms facing girls - Charity Today News.Ofcom's approach to implementing the Online Safety Act - Ofcom. Women's abuse online: 'I get trolled every second, every day' - BBC. Amanda’s funniest moments in Motherland - YouTube.Amandaland - BBC iPlayer.Cassandra Sci-Fi Thriller limited series - Netflix. Smashing Security merchandise (t-shirts, mugs, stickers and stuff)Sponsored by:1Password – Secure every app, device, and identity – even the unmanaged ones at 1password.com/smashing.Scanner.dev provides a new technology offering fast search and threat detections for security data in S3 helping teams reduce the total cost of ownership of their SIEM by up to 90%. Try the interactive...

From shadowy Bitcoin exchanges to Interpol’s most wanted, Alexander Vinnik was the alleged kingpin behind BTC-e, a $4bn crypto laundering empire. Learn more about him, and how he became a geopolitical pawn between the US, France, and Russia. Plus! Hear how concert-goers are being warned about a swathe of scams hitting stadiums and arenas around the world.All this and more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault.PLUS! Don't miss our featured interview with Cliff Crosland of Scanner.devWarning: This podcast may contain nuts, adult themes, and rude language.Episode links:Russian National And Bitcoin Exchange Charged In 21-Count Indictment For Operating Alleged International Money Laundering Scheme And Allegedly Laundering Funds From Hack Of Mt. Gox - US Dept of Justice.BTC-e Operator Pleads Guilty to Money Laundering Conspiracy - US Dept of Justice.US releases Russian cybercriminal as part of exchange for teacher Marc Fogel - The Guardian.Lloyds Bank issues urgent warning over Taylor Swift ticket scams - Lloyds.Warning after more than 120k people queue for Black Sabbath Villa Park tickets as fans say 'scam' - Birmingham Live.‘Don’t buy tickets for Beyoncé’ - Minister Gayton McKenzie warns South Africans of concert scam - Independent Online.Beyonce Cowboy Carter tour fake tickets scam: Ticketmaster warns fans - USA Today.Singapore ticket scam queen jailed for three years after conning 76 Taylor Swift fans of S$110,000 - Malaysia News. Did Ozzy Osbourne really eat a bat? - Rock and Roll Garage.How to stop hiccups - Graham Cluley.The Telepathy Tapes podcast.Smashing Security merchandise (t-shirts, mugs, stickers and stuff)Sponsored by:1Password – Secure every app, device, and identity – even the unmanaged ones at

The story of how hackers managed to compromise the US Government's official SEC Twitter account to boost the price of Bitcoins, AI isn't helping reduce the rife conspiracy theories inside classrooms, and is the funeral bell tolling for ransomware?All this and more is discussed in episode 404 of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault, joined this week by special guest Jane Wakefield.Warning: This podcast may contain nuts, adult themes, and rude language.Episode links:SEC's Twitter account hacked to say Bitcoin ETFs approved - Hot for Security.Twitter says it’s not its fault the SEC’s account got hacked - Graham Cluley.SEC Twitter hack blamed on SIM swap attack - Hot for Security.The SEC’s X account got hacked by a 25-year-old who went by ‘AGiantSchnauzer’ and got paid in Bitcoin, feds say - Fortune.Pupils share conspiracy theories for fun, with girls ‘more susceptible’ - The Times.AI chatbots unable to accurately summarise news, BBC finds - BBC News.US-led cybersecurity coalition vows to not pay hackers' ransom demands - TechCrunch.35% Year-over-Year Decrease in Ransomware Payments, Less than Half of Recorded Incidents Resulted in Victim Payments - Chain Analysis.Ransomware: proposals to increase incident reporting and reduce payments to criminals - GOV.UK.The 2024 Ransomware Landscape: ‘Looking back on another painful year’ - IT Wire.The Space Doctor’s Big Idea by Randall Munroe - The New Yorker.Reading guide: Creation Lake by Rachel Kushner - Booker Prizes.Smashing Security merchandise (t-shirts, mugs, stickers and stuff)Sponsored...

In episode 403 of "Smashing Security" we dive into the mystery of $65 million vanishing from Coinbase users faster than J-Lo slipped into Graham's DMs, Geoff gives a poor grade for PowerSchool's security, and Carole takes a curious look at QR codes.All this and more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault, joined this week by The Lazarus Heist's Geoff White.Warning: This podcast may contain nuts, adult themes, and rude language.Episode links:ZachXBT’s thread - Twitter.Coinbase employee tells users not to use a VPN or ad blocker - Twitter.What PowerSchool won’t say about its data breach affecting millions of students - TechCrunch.QR code - Wikipedia.Reed–Solomon error correction - Wikipedia.Urgent warning over QR code scam tricking drivers out of £100s at popular car parks - Express.Scam alert: QR code on an unexpected package - Consumer AdviceNew Star Blizzard spear-phishing campaign targets WhatsApp accounts - Microsoft Security Blog.What You Must Know Before Scanning a QR Code - AARP.“More” - Niall Conlon.“Money Men” by Dan McCrum - Penguin Books.Bitter Orange Marmalade Recipe - Ballymaloe Cooking School.Smashing Security merchandise (t-shirts, mugs, stickers and stuff)Sponsored by:Tailscale – Tailscale is perfect for work or personal projects, making networking simple. Its free plan covers up to 100 devices and 3 users. Get started at tailscale.com and be up and running in less than 10 minutes!1Password – Secure every app, device, and identity – even the unmanaged ones at 1password.com/smashing.Cortex Symphony 2025 -...

What happens when eager computer enthusiasts unknowingly download a trojanized hacking tool and find themselves on the wrong side of cybersecurity? A former employee's actions led to chaos and raise urgent questions about the security of cultural treasures. And join us as we explore the alarming trend of social media influencers staging fake kidnappings.All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault, joined this week by Lianne Potter from the "Compromising Positions" podcast.Warning: This podcast may contain nuts, adult themes, and rude language.Episode links:No Honour Among Thieves: Uncovering a Trojanized XWorm RAT Builder Propagated by Threat Actors and Disrupting Its Operations - CloudSEK.British Museum forced to partly close after alleged IT attack by former employee - The Guardian.Chart: What Do You Want to be When You Grow Up?- Statista.Tikked off: What happens when TikTok fame fades - Vox.Influencer burnout is real - Vox.Influencer slammed for staging fake kidnapping plot because she was ‘bored’ - Mirror Online."Mom influencer" Katie Sorensen sentenced to jail for falsely claiming couple tried to kidnap her kids at a crafts store - CBS News.Stock market influencer on the way to Coldplay concert kidnapped by data theft gang - The New Indian Express.Raycast.“Thank Goodness You’re Here” video game.The We Society Podcast - Academy of Social Sciences. Smashing Security merchandise (t-shirts, mugs, stickers and stuff)Sponsored by:Tailscale – Tailscale is perfect for work or personal projects, making networking simple. Its free plan covers up to 100 devices and 3 users. Get started at tailscale.com and be up and running in less than 10 minutes!1Password – Secure every app, device, and identity – even the...

An Italian hacker makes the grade and ends up in choppy waters, and hear true stories of title deed transfer scams.All this and more is discussed in the latest edition of the award-winning "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault.Plus - don't miss our featured interview with Avery Pennarun of Tailscale.Warning: This podcast may contain nuts, adult themes, and rude language.Episode links:Report from Corriere Di Bologna newspaper.Caro Musk, assumi subito l’hacker quindicenne di Cesena – Il Foglio.15-Year-Old Hacker Diverts Ships in Mediterranean Sea for Fun – Hot for Security.90-year-old immigrant could lose Brooklyn home after deed theft scam, family says – CBS News. Protect your home. Spot the signs of deed theft – Better Business Bureau. Woman Charged for Scheme to Defraud Elvis Presley’s Family – DOJ.Home Title Theft: How To Protect Yourself – Forbes Advisor.Here’s How Scammers in America Can Take the Title to Your Home Without You Knowing It – Moneywise.Could a Criminal Use Deed Fraud to Steal Your Entire Home? – AARP.Could Fraudsters Steal Your Home From Under Your Nose? – HomeOwners Alliance.Wizard Zines.Listen for the Lie – Amazon.Smashing Security merchandise (t-shirts, mugs, stickers and stuff)Sponsored by:Tailscale – Tailscale is perfect for work or personal projects, making networking simple. Its free plan covers up to 100 devices and 3 users. Get started at tailscale.com and be up and running in less than 10 minutes!1Password – Secure every app, device, and identity – even the unmanaged ones at a...

The video game Path of Exile 2 suffers a security breach, we explore the issues of using predictive algorithms in travel surveillance systems, and the very worst IoT devices are put on show in Las Vegas. Oh, and has Elon Musk accidentally revealed he cheats at video games?All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault, joined this week by The Cyberwire's Dave Bittner.Warning: This podcast may contain nuts, adult themes, and rude language.Episode links:Player of Games - Grimes.‘Path of Exile 2’ Players Call Bulls**t on Elon Musk’s Video Game Stream - Gizmodo.Elon Musk "Playing" Path of Exile 2 - YouTube.Elon Musk is Lying About Being Good at Video Games - YouTube.Elon Musk Streams His ”Totally Not Boosted” ‘Path of Exile 2’ Character, Proves He Has No Idea What He’s Doing - Vice.Hacker Broke into ‘Path of Exile 2’ Admin Account, Hijacked Wave of Characters - 404 Media.Inside the Black Box of Predictive Travel Surveillance - WIRED.Average Number of Smart Devices in a Home 2025 - Consumer Affairs.Global IoT and non-IoT connections 2010-2025 - Statista.U.S. Cyber Trust Mark: New Label for IoT Devices - National Law Review. How the Internet of Things will be good for the planet - Thales Group.The ‘Worst in Show’ CES products put your data at risk and cause waste, privacy advocates say - AP News.The CES worst in show awards lampoon AI everthing - The Register.The Worst Devices of CES 2025!! - YouTube. This Could Be Your AI Robot Girlfriend - For $175,000 - Forbes.

Ever wonder how those "free" browser extensions that promise to save you money actually work? We dive deep into the controversial world of Honey, the coupon-finding tool owned by PayPal, and uncover a scheme that might be leaving you with less savings and your favorite YouTubers with empty pockets.Plus, we take a look at Kagi, the search engine you pay not to show you adverts, and discuss what you should do with your old, no-longer-wanted technology.All this and more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault.Warning: This podcast may contain nuts, adult themes, and rude language.Episode links:Exposing the Honey Influencer Scam - MegaLag on YouTube.The Honey Scam: Explained - Marques Brownlee on YouTube.14 million people don’t know how to erase their data from an old device - ICO. Electronics hoarding habit among Brits and Americans - SellCell.Practical advice for online and electronic devices - ICO. How to factory reset your Google Pixel phone - Google. How to factory reset your iPhone, iPad, or iPod touch - Apple. Reset your Android device to factory settings - Google. Erase your Mac and reset it to factory settings  - Apple.Reset your PC - Microsoft.How do I perform a factory reset on my Samsung mobile device? -  Samsung.Kagi search engine.Battery Heated Clothing - Fieldsheer.Smashing Security merchandise (t-shirts, mugs, stickers and stuff)Sponsored by:1Password Extended Access Management – Secure every sign-in for every app on every device.BigID - Start protecting your sensitive data wherever it lives with BigID. Get a free demo to how your organization can reduce data risk and accelerate the adoption of generative AI.SUPPORT THE SHOW:Tell your friends and colleagues about “Smashing Security”, and leave us a review on