Smashing Security

On this week's show we learn that AI really can be a stalker’s best friend, as we explore a strange tale that starts with a manatee-shaped mailbox on a millionaire's lawn and ends with Grok happily doxxing real people, mapping out stalking "strategies," and handing out revenge-porn tips.

Then we go inside the Louvre heist, where thieves in hi-vis and a hire van waltzed off with the French crown jewels in broad daylig...

A teenage cybercriminal posts a smug screenshot to mock a sextortion scammer... and accidentally hands over the keys to his real-world identity. Meanwhile, we look into the crystal ball for 2026 and consider how stolen data is now the jet fuel of cybercrime – and how next year could be even nastier than 2025.

Plus, Graham rants about recipe sites that won’t shut up, and there's even more love for Lily Allen's album "West...

America's airwaves are haunted by zombies again, as we dig into a decade of broadcasters leaving their hardware open to attack, giving hackers the chance to hijack TV shows, blast out fake emergency alerts, and even replace religious sermons with explicit furry podcasts.

Meanwhile, we look at how a worker at a cybersecurity firm allegedly leaked internal information to a hacking gang - raising big questions about insider threats...

Stop the press - a company has actually said "sorry" after a data breach, and hotels are helping hackers phish their own guests.

In episode 444 of "Smashing Security" we examine a refreshingly honest breach response (and why legacy systems are still going to ruin your week), dig into a nasty hotel-booking malware campaign that abuses trust in apps and CAPTCHAs, and chat about autonomous pen testing, AI-turbocharged c...

Tinder has got a plan to rummage through your camera roll, and Warren Buffett keeps popping up in convincing deepfakes dishing "number one investment tips."

Meanwhile, will agentic AI replace your co-hosts before you can say "EDR for robots"? and why you should still read books.

All this, plus Lily Allen's new album and Claude Code come up for discussion in episode 443 of the "Smashing Security" podcast, w...

Time itself comes under attack as a state-backed hacking gang spends two years tunnelling toward a nation’s master clock — with chaos potentially only a tick away.

Plus when ransomware negotiators turn to the dark side, what could possibly go wrong?

All this and more is discussed in episode 442 of the "Smashing Security" podcast with cybersecurity veteran Graham Cluley, and special guest Dave Bittner.

EPISODE LINKS:

• All...

Basketball stars have allegedly joined forces with the mafia to fleece high-rollers in a poker scam involving hacked shufflers, covert cameras, and an X-ray card table.

Meanwhile, researchers have found they could poke around an FIA driver portal to pull up the personal details of Formula 1 megastars.

Plus: Graham’s “Pick of the Week” turns CAPTCHA hell into a delightfully deranged browser game that will make you question vegetables,...

A literal insider threat: we head to a Romanian prison where “self-service” web kiosks allowed inmates to run wild. Then we head to the checkout aisle to ask why JavaScript on payment pages went feral, and how new PCI DSS rules are finally muzzling Magecart-style skimmers.

Plus: Graham reveals his new-found superpower with Keyboard Maestro, and Scott describes a slick new way to whip up beautiful how-to videos with Screen Studio.

All...

A critical infrastructure hack hits the headlines - involving default passwords, boasts on Telegram, and a finale that will make a few cyber-crooks wish the ground would swallow them whole. 

Meanwhile we dig into the bit we don't talk about enough: the human cost of defending companies from hackers - stress, burnout, and how better leadership culture can help make security teams safer and saner.

Plus we say a heartfelt "la di...

Your computer's mouse might not be as innocent as it looks - and one ransomware crew has a crisis of conscience that nobody saw coming.

We talk about how something as ordinary as a web page could turn your mouse into a surprisingly nosey neighbour, and why ransomware gangs need to think carefully about their reputation.

Meanwhile, Graham reveals a baked potato hack that might just change your life, and we take an unexpected detou...

Researchers uncovered a security flaw in Salesforce’s shiny new Agentforce. The vulnerability, dubbed "ForcedLeak", let them smuggle AI-read instructions in via humble Web-to-Lead form... and ended up spilling data for the low, low price of five dollars.

And we discuss why data breach communications still default to "we take security seriously" while quietly implying "assume no breach" - until the inevitable ...

Ransomware doesn’t just freeze computers - it can silence alarms too. And when the Natural History Museum in Paris went dark, thieves helped themselves to €600,000 worth of gold in a daring late-night heist. Meanwhile, developers have a new headache: a worm dubbed “Shai Hulud” has wriggled its way through more than 180 npm packages, quietly stealing secrets.

But it’s not all doom and gloom - unless you count your kitchen appliances ...

When "bad actors" stop being hackers and start being... actual actors.

This week, Graham and special guest Jenny Radcliffe play “Hacker or Ham?” (yes, Steven Seagal, we’re looking at you), before diving into a campaign which saw an Iranian gang luring Israeli performers with fake casting calls for a serious film. We unpack why positive lures can short-circuit scepticism just as effectively as fear.

Plus, the UK's ICO says...

Ever wondered what would happen if Burger King left the keys to the kingdom lying around for anyone to use? Ethical hackers did - and uncovered drive-thru recordings, hard-coded passwords, and even the power to open a Whopper outlet on the moon.

Meanwhile, over in Silicon Valley, one AI wunderkind managed to turn a $7 million payday into a career-ending lawsuit by allegedly walking trade secrets straight out the door as he jumped sh...

Your AI reads the small print, and that's a problem. This week in episode 433 of "Smashing Security" we dig into LegalPwn - malicious instructions tucked into code comments and disclaimers that sweet-talks AI into rubber-stamping dangerous payloads (or even pretending they’re a harmless calculator).

Meanwhile, new research from Anthropic reveals that hackers have already used AI agents to break into networks, steal passw...

We unpack how some password managers can be tricked into coughing up your secrets, with a clickjacking sleight-of-hand, what website owners can do to prevent it, and how to lock down your personal password vault.

Then we time-hop to the post-quantum scramble: "harvest-now, decrypt later", Microsoft's 2033 quantum-safe pledge, and whether your printer will survive the update apocalypse.

All this, plus a gloriously dodgy UR...

In episode 431 of the "Smashing Security" podcast, a self-proclaimed crypto-influencer calling himself CP3O thought he had found a shortcut to riches — by racking up millions in unpaid cloud bills.

Meanwhile, we look at the growing threat of EDR-killer tools that can quietly switch off your endpoint protection before an attack even begins.

And for something a little different, we peek into the Internet Archive’s dysto...

A poisoned Google Calendar invite that can hijack your smart home, a man is hospitalised after ChatGPT told him to season his food with… pesticide, and some thoughts on Superman’s latest cinematic outing.

All this and more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley, joined this week by special guest Dave Bittner from The Cyberwire.

Warning: This podcast may co...

Those of you who tuned in to last week's episode (#428) will have heard the big news from my podcast pal Carole that she's decided to move on from her co-hosting duties on the show.

There have been some lovely messages of support sent through for Carole, and indeed for me too. Thank you very much to all of you - it's really heatywarming to hear how much the last 428 episodes have meant to you all, and how much you want t...