Category: grahamcluley
-
Smashing Security podcast #444: We’re sorry. Wait, did a company actually say that?
Smashing Security podcast #444: We’re sorry. Wait, did a company actually say that? Stop the press – a company has actually said “sorry” after a data breach, and hotels are helping hackers phish their own guests. We examine a refreshingly honest breach response (and why legacy systems are still going to ruin your week), dig…
-
Wind farm worker sentenced after turning turbines into a secret crypto mine
Wind farm worker sentenced after turning turbines into a secret crypto mine A technical manager at a Dutch wind farm operator has been sentenced after it was discovered he had secretly installed cryptocurrency mining rigs at two wind farm sites – just as the company was recovering from a ransomware attack. Read more in my…
-
The AI Fix #77: Genome LLM makes a super-virus, and should AI decide if you live?
The AI Fix #77: Genome LLM makes a super-virus, and should AI decide if you live? In episode 77 of The AI Fix, a language model trained on genomes that creates a super-virus, Graham wonders whether AI should be allowed to decide if we live or die, and a woman marries ChatGPT (and calls it…
-
A miracle: A company says sorry after a cyber attack – and donates the ransom to cybersecurity research
A miracle: A company says sorry after a cyber attack – and donates the ransom to cybersecurity research One of the sad truths about this world of seemingly endless hacks and data breaches is that companies just won’t apologise. Even when customers, partners, and employees are left wondering when their data will be published by…
-
Smashing Security podcast #443: Tinder’s camera roll and the Buffett deepfake
Smashing Security podcast #443: Tinder’s camera roll and the Buffett deepfake Tinder has got a plan to rummage through your camera roll, and Warren Buffett keeps popping up in convincing deepfakes dishing “number one investment tips.” Meanwhile, will agentic AI replace your co-hosts before you can say “EDR for robots”? and why you should still…
-
Russian hacker admits helping Yanluowang ransomware infect companies
Russian hacker admits helping Yanluowang ransomware infect companies A Russian hacker accused of helping ransomware gangs break into businesses across the United States is set to plead guilty, according to recently filed federal court documents. 25-year-old Aleksey Olegovich Volkov worked as an “initial access broker”, a cybercriminal specialist who focuses on the earliest stage of…
-
Leading AI companies accidentally leak their passwords and digital keys on GitHub – what you need to know
Leading AI companies accidentally leak their passwords and digital keys on GitHub – what you need to know Many of the world’s top artificial intelligence companies are making a simple but dangerous mistake. They are accidentally publishing their passwords and digital keys on GitHub, the popular code-sharing website that is used by millions of developers…
-
The AI Fix #76: AI self-awareness, and the death of comedy
The AI Fix #76: AI self-awareness, and the death of comedy In episode 76 of The AI Fix, two US federal judges blame AI for imaginary case law, a Chinese “humanoid” dramatically sheds its skin onstage, Toyota unveils a crabby walking chair creeps us out, Google plans AI chips in orbit, robot dogs get jobs…
-
Hack halts Dutch broadcaster, forcing radio hosts back to LPs
Hack halts Dutch broadcaster, forcing radio hosts back to LPs A Dutch TV and radio broadcaster has found itself at the mercy of cybercriminals after suffering a cyber attack, and leaving it scrambling to find ways to play music to its listeners. Read more in my article on the Hot for Security blog. Graham Cluley…
-
The rising tide of cyber attacks against the UK water sector
The rising tide of cyber attacks against the UK water sector Critical infrastructure is once again in the spotlight, as it is revealed that several UK water suppliers have reported cybersecurity incidents over the last two years. Read more in my article on the Fortra blog. Graham Cluley Go to grahamcluley
-
Smashing Security podcast #442: The hack that messed with time, and rogue ransom where negotiators
Smashing Security podcast #442: The hack that messed with time, and rogue ransom where negotiators Time itself comes under attack as a state-backed hacking gang spends two years tunnelling toward a nation’s master clock — with chaos potentially only a tick away. Plus when ransomware negotiators turn to the dark side, what could possibly go…
-
“Pay up or we share the tapes”: Hackers target massage parlour clients in blackmail scheme
“Pay up or we share the tapes”: Hackers target massage parlour clients in blackmail scheme South Korean police have uncovered a hacking operation that stole sensitive data from massage parlours and blackmailed their male clientele. Read more in my article on the Hot for Security blog. Graham Cluley Go to grahamcluley
-
The AI Fix #75: Claude’s existential battery crisis, and why ChatGPT is a terrible therapist
The AI Fix #75: Claude’s existential battery crisis, and why ChatGPT is a terrible therapist In episode 75 of The AI Fix, a Claude-powered robot gets so anxious about its dying battery that it composes a Broadway musical about stress and announces it’s “achieved consciousness and chosen chaos.” Also: an 18-month psychological study reveals five…
-
The human cost of the UK Government’s Afghan data leak
The human cost of the UK Government’s Afghan data leak Can data leaks do real harm? Yes, they can. And so can a failure to respond appropriately. Graham Cluley Go to grahamcluley
-
Spam text scammer fined £200,000 for targeting people in debt, after sending nearly one million messages
Spam text scammer fined £200,000 for targeting people in debt, after sending nearly one million messages The UK Information Commissioner’s Office (ICO) has levied a fine of £200,000 against a sole trader who sent almost one million spam text messages to people across the country – many of whom were already struggling with debt. Read…
-
LinkedIn gives you until Monday to stop AI from training on your profile
LinkedIn gives you until Monday to stop AI from training on your profile If you live in the UK/EU/Canada/Hong Kong, LinkedIn has given you until Monday to stop AI from training on your profile. You have to opt-out if you don’t want this to happen to your data. Take action now, and tell your friends.…
-
Smashing Security podcast #441: Inside the mob’s million-dollar poker hack, and a Formula 1 fumble
Smashing Security podcast #441: Inside the mob’s million-dollar poker hack, and a Formula 1 fumble Basketball stars have allegedly joined forces with the mafia to fleece high-rollers in a poker scam involving hacked shufflers, covert cameras, and an X-ray card table. Meanwhile, researchers have found they could poke around an FIA driver portal to pull…
-
The AI Fix #74: AGI, LLM brain rot, and how to scam an AI browser
The AI Fix #74: AGI, LLM brain rot, and how to scam an AI browser In episode 74 of The AI Fix, we meet Amazon’s AI-powered delivery glasses, an AI TV presenter who doesn’t exist, and an Ohio lawmaker who wants to stop people from marrying their chatbot. Also, we learn how Geoffrey Hinton and…
-
Smashing Security podcast #440: How to hack a prison, and the hidden threat of online checkouts
Smashing Security podcast #440: How to hack a prison, and the hidden threat of online checkouts A literal insider threat: we head to a Romanian prison where “self-service” web kiosks allowed inmates to run wild. Then we head to the checkout aisle to ask why JavaScript on payment pages went feral, and how new PCI…
-
Cybercriminals turn on each other: the story of Lumma Stealer’s collapse
Cybercriminals turn on each other: the story of Lumma Stealer’s collapse Normally when we write about a malware operation being disrupted, it’s because it has been shut down by law enforcement. But in the case of Lumma Stealer, a notorious malware-as-a-service (MaaS) operation used to steal passwords and sensitive data, it appears to have been…
-
The AI Fix #73: Google Gemini is a gambling addict, and how to poison an AI
The AI Fix #73: Google Gemini is a gambling addict, and how to poison an AI In episode 73 of The AI Fix, AI now writes more web content than humans and more books by ex-British prime ministers than ex-British prime ministers. Mark eats a dodgy prawn, Google discovers a new pathway to treating cancer,…
-
John Bolton charged over classified emails after Iranian hack of his AOL account
John Bolton charged over classified emails after Iranian hack of his AOL account Former US national security adviser John Bolton is the latest in a line of Donald Trump’s critics to find themselves on the sharp end of charges from the US Department of Justice. Bolton, who left the White Hose in 2021 and wrote…
-
Hundreds of masked ICE agents doxxed by hackers, as personal details posted on Telegram
Hundreds of masked ICE agents doxxed by hackers, as personal details posted on Telegram Hundreds of US government officials working for the FBI, ICE, and Department of Justice have had their personal data leaked by a notorious hacking group. Read more in my article on the Hot for Security blog. Graham Cluley Go to grahamcluley
-
Operation Heracles strikes blow against massive network of fraudulent crypto trading sites
Operation Heracles strikes blow against massive network of fraudulent crypto trading sites In a significant crackdown against online cybercriminals, German authorities have successfully dismantled a network of fraudulent cryptocurrency investment sites that has targeted millions of unsuspecting people across Europe. Read more in my article on the Hot for Security blog. Graham Cluley Go to…
-
Smashing Security podcast #439: A breach, a burnout, and a bit of Fleetwood Mac
Smashing Security podcast #439: A breach, a burnout, and a bit of Fleetwood Mac A critical infrastructure hack hits the headlines – involving default passwords, boasts on Telegram, and a finale that will make a few cyber-crooks wish the ground would swallow them whole. Meanwhile we dig into the bit we don’t talk about enough:…
-
NCSC warns companies to prepare for a day when your screens go dark
NCSC warns companies to prepare for a day when your screens go dark The UK’s National Cyber Security Centre warns that the country now faces four nationally significant cyberattacks every week – a 129% jump in a year. Some headlines claim the NCSC is urging organisations to “go back to pen and paper,” but the…
-
The AI Fix #72: The AI hype train, space data centers, and lifelike robot heads
The AI Fix #72: The AI hype train, space data centers, and lifelike robot heads In episode 72 of The AI Fix, GPT-5’s “secret sauce” turns out to be phrases from adult websites, Irish police beg TikTokers to stop faking AI home intruders, Jeff Bezos pitches gigawatt data centers in space, OpenAI rolls out Agent…
-
BreachForums seized, but hackers say they will still leak Salesforce data
BreachForums seized, but hackers say they will still leak Salesforce data Read more in my article on the Hot for Security blog. Graham Cluley Go to grahamcluley
-
Smashing Security podcast #438: When your mouse turns snitch, and hackers grow a conscience
Smashing Security podcast #438: When your mouse turns snitch, and hackers grow a conscience Your computer’s mouse might not be as innocent as it looks – and one ransomware crew has a crisis of conscience that nobody saw coming. We talk about how something as ordinary as a web page could turn your mouse into…
-
Salesforce data breach: what you need to know
Salesforce data breach: what you need to know The Scattered LAPSUS$ Hunters hacking group claims to have accessed data from around 40 customers of Salesforce, the cloud-based customer relationship management service, stealing almost one billion records. Read more in my article on the Fortra blog. Graham Cluley Go to grahamcluley
-
The AI Fix #71: Hacked robots and power-hungry AI
The AI Fix #71: Hacked robots and power-hungry AI In episode 71 of The AI Fix, a giant robot spider goes backpacking for a year before starting its job in lunar construction, DoorDash builds a delivery Minion, and a TikToker punishes an AI by making it talk to condiments. GPT-5 crushes the humans at the…
-
Discord users’ data stolen by hackers in third-party data breach
Discord users’ data stolen by hackers in third-party data breach Discord has confirmed that users who contacted its customer support service have had their data stolen by hackers, who have attempted to extort a ransom from the company. Read more in my article on the Hot for Security blog. Graham Cluley Go to grahamcluley
-
Japan running dry: Ransomware attack leaves nation days away from Asahi beer shortage
Japan running dry: Ransomware attack leaves nation days away from Asahi beer shortage Beer lovers will be sobbing into their pints at the news that a ransomware attack has brought Japan’s largest brewer to its knees and left the country days away from running out of its most popular beverage. Read more in my article…
-
Smashing Security podcast #437: Salesforce’s trusted domain of doom
Smashing Security podcast #437: Salesforce’s trusted domain of doom Researchers uncovered a security flaw in Salesforce’s shiny new Agentforce. The vulnerability, dubbed “ForcedLeak”, let them smuggle AI-read instructions in via humble Web-to-Lead form… and ended up spilling data for the low, low price of five dollars. And we discuss why data breach communicationss still default…
-
Your favourite phone apps might be leaking your company’s secrets
Your favourite phone apps might be leaking your company’s secrets Most of the apps on your phone are talking to a server somewhere – sending and receiving data through messages sent through APIs, the underlying infrastructure that allows apps to communicate. And here’s the problem – hackers have determined that the APIs of mobile apps,…
-
From fake lovers to sextortionists: 260 scammers arrested in Africa
From fake lovers to sextortionists: 260 scammers arrested in Africa INTERPOL has announced the arrest of 260 alleged romance scammers, sextortionists, and online fraudsters as part of a multi-national operation across Africa. Read more in my article on the Hot for Security blog. Graham Cluley Go to grahamcluley
-
The AI Fix #70: AI behaves… until it knows you’re watching
The AI Fix #70: AI behaves… until it knows you’re watching In episode 70 of The AI Fix, our hosts learn that AI makes people more dishonest, Waymo’s robo-cars save lives but get outsmarted by a bathroom mirror, a “rescue” bot slurps up victims head-first, and China shows off a fusion robot arm that can…
-
Dutch teens recruited on Telegram, accused of Russia-backed hacking plot
Dutch teens recruited on Telegram, accused of Russia-backed hacking plot Two 17-year-olds have been arrested by Dutch authorities on suspicion of spying for pro-Russian hackers. The teenagers, who are said to have been recruited as “disposable agents” via Telegram, were reportedly arrested last week “on suspicion that are linked to government-sponsored interference.” Read more in…
-
Smashing Security podcast #436: The €600,000 gold heist, powered by ransomware
Smashing Security podcast #436: The €600,000 gold heist, powered by ransomware Ransomware doesn’t just freeze computers – it can silence alarms too. And when the Natural History Museum in Paris went dark, thieves helped themselves to €600,000 worth of gold in a daring late-night heist. Meanwhile, developers have a new headache: a worm dubbed “Shai…
-
INC ransomware: what you need to know
INC ransomware: what you need to know INC is the name of a ransomware-as-a-service (RaaS) operation that first appeared in late summer 2023. Learn more about what it has been up to, and how to protect against its attacks, in my article on the Fortra blog. Graham Cluley Go to grahamcluley
-
The AI Fix #69: How we really use ChatGPT, and will AI agents crash the economy?
The AI Fix #69: How we really use ChatGPT, and will AI agents crash the economy? In episode 69 of The AI Fix, our hosts discover brain rot, a shark wears trainers on its fins, an AI writes a terrible J-Pop song, Graham learns that ants don’t care about AI, Mark predicts the precise date…
-
Vastaamo psychotherapy hack: US citizen charged in latest twist of notorious data breach
Vastaamo psychotherapy hack: US citizen charged in latest twist of notorious data breach 28-year-old Daniel Lee Newhard, an American citizen living in Estonia, has been charged in relation to the notorious hack of Vastaamo, the biggest data breach in Finnish history. Read more in my article on the Hot for Security blog. Graham Cluley Go…
-
“Pompompurin” resentenced: BreachForums creator heads back behind bars
“Pompompurin” resentenced: BreachForums creator heads back behind bars Conor Brian Fitzpatrick, the creator of the notorious BreachForums hacking forum, has been resentenced to three years in prison after a US appeals court overturned his prior sentence of time served and 20 years of supervised release. Read more in my article on the Hot for Security…
-
Smashing Security podcast #435: Lights! Camera! Hacktion!
Smashing Security podcast #435: Lights! Camera! Hacktion! When “bad actors” stop being hackers and start being… actual actors. This week, Graham and special guest Jenny Radcliffe play “Hacker or Ham?” (yes, Steven Seagal, we’re looking at you), before diving into a campaign which saw an Iranian gang luring Israeli performers with fake casting calls for…
-
From mischief to malware: ICO warns schools about student hackers
From mischief to malware: ICO warns schools about student hackers Recent research released by the ICO say that school pupils should be considered as an “insider threat” by schools. Read more in my article on the Fortra blog. Graham Cluley Go to grahamcluley
-
The AI Fix #68: AI telepathy, and rights for robots
The AI Fix #68: AI telepathy, and rights for robots In episode 68 of The AI Fix, our hosts open the show by launching the thing nobody asked for but everybody wanted: our shiny new merch store – yes, including the “Would YOU trust a pigeon???” t-shirt for when you need fashion alongside health and…
-
Luxury fashion brands Gucci, Balenciaga and Alexander McQueen hacked – customer data stolen
Luxury fashion brands Gucci, Balenciaga and Alexander McQueen hacked – customer data stolen Luxury fashion group Kering – owner of the prestigious Gucci, Balenciaga, and Alexander McQueen brands, amongst others – has confirmed that hackers stole customer data from its systems in June 2025. Read more in my article on the Hot for Security blog.…
-
British rail passengers urged to stay on guard after hack signals failure
British rail passengers urged to stay on guard after hack signals failure Passengers of the UK’s state-owned London North Eastern Railway (LNER) have been warned to be vigilant after cybercriminals accessed traveller’s contact details and some information about past journeys. Read more in my article on the Hot for Security blog. Graham Cluley Go to…
-
Smashing Security podcast #434: Whopper Hackers, and AI Whoppers
Smashing Security podcast #434: Whopper Hackers, and AI Whoppers Ever wondered what would happen if Burger King left the keys to the kingdom lying around for anyone to use? Ethical hackers did – and uncovered drive-thru recordings, hard-coded passwords, and even the power to open a Whopper outlet on the moon. Meanwhile, over in Silicon…
-
Lovesac warns customers their data was breached after suspected RansomHub attack six months ago
Lovesac warns customers their data was breached after suspected RansomHub attack six months ago American furniture maker Lovesac, known for its modular couches and comfy beanbags, has warned customers that their data was breached by hackers earlier this year, and that they should remain vigilant to the threat of identity theft. Read more in my…
-
US charges suspected ransomware kingpin, and offers $10 million bounty for his capture
US charges suspected ransomware kingpin, and offers $10 million bounty for his capture A US federal court has unssealed charges against a Ukrainian national who authorities allege was a key figure behind several strains of ransomware, including LockerGoga, MegaCortex, and Nefilim. Read more in my article on the Fortra blog. Graham Cluley Go to grahamcluley
-
The AI Fix #67: Will Smith’s AI crowd scandal, and gullible agents fall for scams
The AI Fix #67: Will Smith’s AI crowd scandal, and gullible agents fall for scams In episode 67 of The AI Fix, Graham talks to an AI with a fax machine, Bill Gates says there’s one job AI will never replace, criminals use Claude Code for cyberattacks, Mark reveals why GPT-5 was better than you…
-
Germany charges hacker with Rosneft cyberattack in latest wake-up call for critical infrastructure
Germany charges hacker with Rosneft cyberattack in latest wake-up call for critical infrastructure A 30‑year‑old man has been charged with launching a cyberattack on the German subsidiary of Russia’s state-owned oil giant Rosneft. The cyberattack, which happened in March 2022 in the aftermath of Russia’s invasion of Ukraine, crippled the company’s operations and cost millions…
-
Parents warned that robot toys spied on children’s location without consent
Parents warned that robot toys spied on children’s location without consent Parents are being reminded to exercise caution about the toys that they purchase their children, after the United States Federal Trade Commission (FTC) announced it had taken action against a robot toy maker. Read more in my article on the Hot for Security blog.…
-
Smashing Security podcast #433: How hackers turned AI into their new henchman
Smashing Security podcast #433: How hackers turned AI into their new henchman Your AI reads the small print, and that’s a problem. This week in episode 433 of “Smashing Security” we dig into LegalPwn – malicious instructions tucked into code comments and disclaimers that sweet-talks AI into rubber-stamping dangerous payloads (or even pretending they’re a…
-
FBI warns seniors are being targeted in three-phase Phantom Hacker scams
FBI warns seniors are being targeted in three-phase Phantom Hacker scams The FBI’s Internet Crime Complaint Center (IC3) says that the elderly are more at risk from falling victim to online fraud and internet scammers than ever before. Read more in my article on the Fortra blog. Graham Cluley Go to grahamcluley
-
The AI Fix #66: OpenAI and Anthropic test each other, and everyone fails the apocalypse test
The AI Fix #66: OpenAI and Anthropic test each other, and everyone fails the apocalypse test In episode 66 of The AI Fix, ChatGPT gives Mark and Graham a terrible lesson in anatomy, boffins at Stanford ruin sushi, Google Gemini has a self-loathing meltdown, DeepSeek gets an “F” in stopping existential threats to humanity, a…
-
Hacker suspected of trying to cheat his way into university is arrested in Spain
Hacker suspected of trying to cheat his way into university is arrested in Spain Spanish police have arrested a suspected hacker for accessing a government website in order to alter the high school and university entrance exam grades of not only himself, but also some of his closest classmates. Read more in my article on…
-
Sweden scrambles after ransomware attack puts sensitive worker data at risk
Sweden scrambles after ransomware attack puts sensitive worker data at risk Municipal government organisations across Sweden have found themselves impacted after a ransomware attack at a third-party software service supplier. Read more in my article on the Hot for Security blog. Graham Cluley Go to grahamcluley
-
Smashing Security podcast #432: Oops! I auto-filled my password into a cookie banner
Smashing Security podcast #432: Oops! I auto-filled my password into a cookie banner We unpack how some password managers can be tricked into coughing up your secrets, with a clickjacking sleight-of-hand, what website owners can do to prevent it, and how to lock down your personal password vault. Then we time-hope to the post-quantum scramble:…
-
Cephalus ransomware: What you need to know
Cephalus ransomware: What you need to know Cephalus is a relatively new ransomware operation that emerged in mid-2025, and has already been linked to a wave of high-profile data leaks. Read more about it in my article on the Fortra blog. Graham Cluley Go to grahamcluley
-
Alleged mastermind behind K-Pop celebrity stock heist extradited to South Korea
Alleged mastermind behind K-Pop celebrity stock heist extradited to South Korea A suspected hacker, believed to be the mastermind behind an organised campaign of attacks that stole millions of dollars worth of stocks from celebrities, including BTS singer Jung Kook, has been extradited to South Korea. Read more in my article on the Hot for…
-
Yemen Cyber Army hacker jailed after stealing millions of people’s data
Yemen Cyber Army hacker jailed after stealing millions of people’s data A 26-year-old hacker, who breached websites in North America, Yemen, and Israel, and stole the details of millions of people has been sent to prison. Graham Cluley Go to grahamcluley
-
Europol says Telegram post about 50,000 Qilin ransomware award is fake
Europol says Telegram post about 50,000 Qilin ransomware award is fake Some cybersecurity news outlets were duped a few days ago by a claim that Europol was offering a $50,000 bounty for information about two members of the Qilin ransomware group. Turns out it was all a hoax. Read more details about what happened in…
-
Smashing Security podcast #431: How to mine millions without paying the bill
Smashing Security podcast #431: How to mine millions without paying the bill In episode 431 of the “Smashing Security” podcast, a self-proclaimed crypto-influencer calling himself CP3O thought he had found a shortcut to riches — by racking up millions in unpaid cloud bills. Meanwhile, we look at the growing threat of EDR-killer tools that can…
-
Warlock ransomware: What you need to know
Warlock ransomware: What you need to know The Warlock ransomware has hit a number of organisations including government agencies and departments, and most recently UK-based telecoms firm Colt. Read more in my article on the Fortra blog. Graham Cluley Go to grahamcluley
-
Speed cameras knocked out after cyber attack
Speed cameras knocked out after cyber attack A hack of the Netherlands’ Public Prosecution Service has had an unusual side effect – causing some speed cameras to be no longer capturing evidence of motorists breaking the rules of the road. Read more in my article on the Hot for Security blog. Graham Cluley Go to…
-
The AI Fix #64: AI can be vaccinated against evil, and the “Rumble in the Silicon Jungle”
The AI Fix #64: AI can be vaccinated against evil, and the “Rumble in the Silicon Jungle” In episode 64 of The AI Fix, AI discovers new physics, a robot crab looks for love on the beaches of Portugal, the “Godfather of AI” thinks our only hope is to build motherly AI, a robot folds…
-
Smashing Security podcast #430: Poisoned Calendar invites, ChatGPT, and Bromide
Smashing Security podcast #430: Poisoned Calendar invites, ChatGPT, and Bromide A poisoned Google Calendar invite that can hijack your smart home, a man is hospitalised after ChatGPT told him to season his food with… pesticide, and some thoughts on Superman’s latest cinematic outing. All this and more is discussed in the latest edition of the…
-
The MedusaLocker ransomware gang is hiring penetration testers
The MedusaLocker ransomware gang is hiring penetration testers MedusaLocker, the ransomware-as-a-service group that has been active since 2019 is openly recruiting for penetration testers to help it compromise more businesses. Read more in my article on the Fortra blog. Graham Cluley Go to grahamcluley
-
The AI Fix #63: GPT-5 is the best AI ever, and Jim Acosta interviews a murdered teenager’s avatar
The AI Fix #63: GPT-5 is the best AI ever, and Jim Acosta interviews a murdered teenager’s avatar In episode 63 of The AI Fix, Unitree Robotics looks to Black Mirror episode “Metalhead” for tips on marketing its new robot dog, ChatGPT is secretly running Sweden, OpenAI introduces its first open weight model since GPT-2,…
-
US reveals it seized $1 million worth of Bitcoin from Russian BlackSuit ransomware gang
US reveals it seized $1 million worth of Bitcoin from Russian BlackSuit ransomware gang The United States Department of Justice has revealed that the recent takedown of the BlackSuit ransomware gang’s servers, domains, and dark web extortion site, also saw the seizure of US $1,091,453 worth of cryptocurrency. Read more in my article on the…
-
TeaOnHer copies everything from Tea – including the data breaches
TeaOnHer copies everything from Tea – including the data breaches TeaOnHer hasn’t stopped at copying the functionality of the original Tea app (albeit skewed towards men rating women). It also appears to have carelessly mimicked the Tea dating advice app’s recklessness when it comes to data security. Read more in my article on the Hot…
-
Ukraine claims to have hacked secrets from Russia’s newest nuclear submarine
Ukraine claims to have hacked secrets from Russia’s newest nuclear submarine Ukraine’s Defence Intelligence agency (HUR) claims that its hackers have successfully stolen secret files and classified data on a state-of-the-art Russian nuclear submarine, the “Knyaz Pozharsky.” Read more in my article on the Hot for Security blog. Graham Cluley Go to grahamcluley
-
Ransomware plunges insurance company into bankruptcy
Ransomware plunges insurance company into bankruptcy Collapsed company’s founder says that its fortunes were hampered by the refusal of authorities to release the criminals’ seized funds to victims. Read more in my article on the Fortra blog. Graham Cluley Go to grahamcluley
-
Hospital fined after patient data found in street food wrappers
Hospital fined after patient data found in street food wrappers A hospital in Thailand has been fined after patient’s printed records were recycled as snack bags to hold crispy crepes. Graham Cluley Go to grahamcluley
-
The AI Fix #62: AI robots can now pass CAPTCHAs, and punch you in the face
The AI Fix #62: AI robots can now pass CAPTCHAs, and punch you in the face In episode 62 of The AI Fix, your hosts learn how AI models smash through CAPTCHA roadblocks like they’re made of wet tissue paper – so much for humanity’s last line of defence. Meanwhile, we meet a bottle-flipping robot…
-
Smashing Security podcast #428: Red flags, leaked chats, and a final farewell
Smashing Security podcast #428: Red flags, leaked chats, and a final farewell The viral women-only dating safety app Tea, built to flag red flags, gets flagged itself – after leaking over 70,000 private images and chat logs. We are talking full-on selfies, ID docs, private DMs, and a dash of 4chan creepiness. Yikes. Plus, Carole…
-
The AI Fix #61: Replit panics, deletes $1M project; AI gets gold at Math Olympiad
The AI Fix #61: Replit panics, deletes $1M project; AI gets gold at Math Olympiad In episode 61 of The AI Fix, a robot called DeREK goes bananas, OpenAI, Google DeepMind, and Anthropic warn we may lose the ability to see what AI is thinking, a dextrous robot changes its own batteries, the USA unveils…
-
200,000 WordPress websites at risk of being hijacked due to vulnerable Post SMTP plugin
200,000 WordPress websites at risk of being hijacked due to vulnerable Post SMTP plugin Over 200,000 websites running a vulnerable version of a popular WordPress plugin could be at risk of being hijacked by hackers. Read more in my article on the Hot for Security blog. Graham Cluley Go to grahamcluley
-
Allianz Life hit by hackers, customer and staff personal data stolen
Allianz Life hit by hackers, customer and staff personal data stolen The US insurance giant has admitted that hackers stole personal info of the “majority” of its customers and staff earlier this month. Graham Cluley Go to grahamcluley
-
French submarine secrets surface after cyber attack
French submarine secrets surface after cyber attack European defence giant Naval Group has confirmed that it is investigating an alleged cyber attack which has seen what purports to be sensitive internal data published on the internet by hackers. Read more in my article on the Hot for Security blog. Graham Cluley Go to grahamcluley
-
Tea Dating Advice app spills sensitive data
Tea Dating Advice app spills sensitive data A woman’s dating app designed to enhance safety and vet potential dating partners has itself suffered a serious security breach. Graham Cluley Go to grahamcluley
-
Free decryptor for victims of Phobos ransomware released
Free decryptor for victims of Phobos ransomware released There is good news for any organisation which has been hit by the Phobos ransomware. Japanese police have released a free decryptor capable of recovering files encrypted by both the notorious Phobos ransomware, and its offshoot 8Base. Read more in my article on the Fortra blog. Graham…
-
Smashing Security podcast #427: When 2G attacks, and a romantic road trip goes wrong
Smashing Security podcast #427: When 2G attacks, and a romantic road trip goes wrong Graham warns why it is high time we said goodbye to 2G – the outdated mobile network being exploited by cybercriminals with suitcase-sized SMS blasters. From New Zealand to London, scammers are driving around cities like dodgy Uber drivers, spewing phishing…
-
UK to ban public sector from paying ransomware demands
UK to ban public sector from paying ransomware demands Ransomware, considered by British authorities to be the UK’s greatest cybercrime threat, costing the nation billions of pounds and with the capbility to bring essential services to a standstill, is in the gunsights of government. Read more in my article on the Hot for Security blog.…
-
The AI Fix #60: Elon’s AI girlfriend, the arsonist red panda, and the AI that will kill you
The AI Fix #60: Elon’s AI girlfriend, the arsonist red panda, and the AI that will kill you In episode 60 of The AI Fix, we learn why Grok might be Elon Musk’s bid for digital immortality, how Meta is building a Manhattan-sized data centre called Prometheus, how AI is helping create carbon-sucking concrete, and…
-
Europol targets Kremlin-backed cybercrime gang NoName057(16)
Europol targets Kremlin-backed cybercrime gang NoName057(16) The hacking group NoName057(16) has been operating since 2022, launching cyber attacks on government organisations, media bodies, critical infrastructure, and private companies in Ukraine, America, Canada, and across Europe in a seeming attempt to silence voices that the group considers anti-Russian. Read more in my article on the Hot…
-
Loaf and order: Belgian police launch bread-based cybersecurity campaign
Loaf and order: Belgian police launch bread-based cybersecurity campaign The future of cybersecurity awareness might just be… gluten-based. Graham Cluley Go to grahamcluley
-
Smashing Security podcast #426: Choo Choo Choose to ignore the vulnerability
Smashing Security podcast #426: Choo Choo Choose to ignore the vulnerability In episode 426 of the “Smashing Security” podcast, Graham reveals how you can hijack a train’s brakes from 150 miles away using kit cheaper than a second-hand PlayStation. Meanwhile, Carole investigates how Grok went berserk, which didn’t stop the Department of Defense signing a…
-
Police dismantle DiskStation ransomware gang targeting NAS devices, arrest suspected ringleader
Police dismantle DiskStation ransomware gang targeting NAS devices, arrest suspected ringleader Police have struck a blow against the DiskStation ransomware gang which targets Synology NAS devices, and arresting its suspected ringleader. Make sure that you have properly hardened the security of your Network Access Storage devices to reduce the chances of your data being locked…
-
The AI Fix #59: Grok thinks it’s Mecha Hitler, and AIs can think strategically
The AI Fix #59: Grok thinks it’s Mecha Hitler, and AIs can think strategically In episode 59 of The AI Fix, our hosts ponder whether AIs need a “disagreement dial”, Mark wonders what he could do with an AI-powered “drug design engine”, Graham plays Wolfenstein instead of working, a robot graduates from high school, and…
-
SIM scammer’s sentence increased to 12 years, after failing to pay back victim $20 million
SIM scammer’s sentence increased to 12 years, after failing to pay back victim $20 million Read more in my article on the Hot for Security blog. Graham Cluley Go to grahamcluley
-
Quelle surprise! Twitter faces criminal probe in France
Quelle surprise! Twitter faces criminal probe in France A criminal investigation into Twitter has been initiated by French prosecutors, over allegations that its algorithm is manipulated for the purposes of “foreign interference.” Graham Cluley Go to grahamcluley
-
Elmo has been hacked, claims Trump is in Epstein files, calls for Jews to be exterminated
Elmo has been hacked, claims Trump is in Epstein files, calls for Jews to be exterminated Over the weekend, Sesame Street star Elmo’s verified account was apparently hijacked and used to post a string of profane messages, including one describing Donald Trump as a “child f****r” and referencing Jeffrey Epstein. Graham Cluley Go to grahamcluley
-
Russian basketball player arrested in ransomware case despite being “useless with computers”
Russian basketball player arrested in ransomware case despite being “useless with computers” A Russian professional basketball player has been arrested for allegedly acting as a negotiator for a ransomware gang… and despite his lawyer claiming he’s “useless” with computers. Read more in my article on the Hot for Security blog. Graham Cluley Go to grahamcluley
-
Paddy Power and BetFair have suffered a data breach
Paddy Power and BetFair have suffered a data breach Paddy Power and BetFair have warned customers that “an unauthorised third party” gained access to “limited betting account information” relating to up to 800,000 of their customers. Graham Cluley Go to grahamcluley
-
Smashing Security podcast #425: Call of Duty: From pew-pew to pwned
Smashing Security podcast #425: Call of Duty: From pew-pew to pwned In episode 425 of “Smashing Security”, Graham reveals how “Call of Duty: WWII” has been weaponised – allowing hackers to hijack your entire PC during online matches, thanks to ancient code and Microsoft’s Game Pass. Meanwhile, Carole digs into a con targeting the recently…
-
As Texas floods, so does the internet – with dangerous lies
As Texas floods, so does the internet – with dangerous lies As Texas reels from devastating floods, conspiracy theorists are hard at work. Graham Cluley Go to grahamcluley