Category: grahamcluley
-
AiLock ransomware: What you need to know
AiLock ransomware: What you need to know The AiLock ransomware gang gives its victims just 72 hours to respond and five days to pay up… or else. If you don’t comply? They will grass you up to regulators, email your competitors, and leak your data for good measure. What a lovely bunch of cybercriminals… Read…
-
The AI Fix #58: An AI runs a shop into the ground, and AI’s obsession with the number 27
The AI Fix #58: An AI runs a shop into the ground, and AI’s obsession with the number 27 In episode 58 of “The AI Fix” podcast, our hosts discover a pair of AI headphones that don’t electrocute you, Microsoft invents “medical superintelligence”, Chucky opens a hotel, some robot footballers fall over, Jony Ive invents…
-
Employee arrested after Brazil’s central bank service provider hacked for US $140 million
Employee arrested after Brazil’s central bank service provider hacked for US $140 million This month could barely have started any worse for some financial institutions in Brazil. Approximately US $140 million was stolen from the reserve accounts of six financial institutions after a cyber attack hit a service provider. Read more in my article on…
-
Technical difficulties or cyber attack? Ingram Micro’s website goes down just in time for the holiday weekend
Technical difficulties or cyber attack? Ingram Micro’s website goes down just in time for the holiday weekend Nothing says “Holiday Weekend” like a mysterious IT outage. Graham Cluley Go to grahamcluley
-
Hunters International ransomware group shuts down – but will it regroup under a new guise?
Hunters International ransomware group shuts down – but will it regroup under a new guise? The notorious Hunters International ransomware-as-a-service operation has announced that it has shut down, in a message posted on its dark web leak site. In a statement on its extortion site, the ransomware group says that it has not only “decided…
-
Catwatchful stalkerware app spills secrets of 62,000 users – including its own admin
Catwatchful stalkerware app spills secrets of 62,000 users – including its own admin Another scummy stalkerware app has spilled its guts, revealing the details of its 62,000 users – and data from thousands of victims’ infected devices. Graham Cluley Go to grahamcluley
-
Smashing Security podcast #424: Surveillance, spyware, and self-driving snafus
Smashing Security podcast #424: Surveillance, spyware, and self-driving snafus A Mexican drug cartel spies on the FBI using traffic cameras and spyware — because “ubiquitous technical surveillance” is no longer just for dystopian thrillers. Graham digs into a chilling new US Justice Department report that shows how surveillance tech was weaponised to deadly effect. Meanwhile,…
-
Swiss government warns attackers have stolen sensitive data, after ransomware attack at Radix
Swiss government warns attackers have stolen sensitive data, after ransomware attack at Radix The Swiss government has issued a warning after a third-party service provider suffered a ransomware attack, which saw sensitive information stolen from its systems and leaked onto the dark web. Read more in my article on the Fortra blog. Graham Cluley Go…
-
The AI Fix #57: AI is the best hacker in the USA, and self-learning AI
The AI Fix #57: AI is the best hacker in the USA, and self-learning AI In episode 57 of The AI Fix, our hosts discover an AI “dream recorder”, Mark Zuckerberg tantalises OpenAI staff with $100 million signing bonuses, Graham finds out why robot butlers sit in chairs, Wikipedia holds the line against AI slop,…
-
50 customers of French bank hit after insider helped SIM swap scammers
50 customers of French bank hit after insider helped SIM swap scammers French police have arrested a business student interning at the bank Société Générale who is accused of helping SIM-swapping scammers to defraud 50 of its clients. Read more in my article on the Hot for Security blog. Graham Cluley Go to grahamcluley
-
When hackers become hitmen
When hackers become hitmen So, you think hacking is just about stealing information, extorting ransoms, or wiping out company data? The truth is, sometimes it’s about killing people too… Graham Cluley Go to grahamcluley
-
BreachForums broken up? French police arrest five members of notorious cybercrime site
BreachForums broken up? French police arrest five members of notorious cybercrime site Suspected high-ranking members of one of the world’s largest online marketplaces for leaked data have been arrested by French police. Read more in my article on the Hot for Security blog. Graham Cluley Go to grahamcluley
-
SafePay ransomware: What you need to know
SafePay ransomware: What you need to know SafePay is a relatively new ransomware that is making a big impact. Find out how it is different from other ransomware, and read more in my article on the Fortra blog. Graham Cluley Go to grahamcluley
-
Smashing Security podcast #423: Operation Endgame, deepfakes, and dead slugs
Smashing Security podcast #423: Operation Endgame, deepfakes, and dead slugs In this episode of the “Smashing Security” podcast, Graham unravels Operation Endgame – the surprisingly stylish police crackdown that is seizing botnets, mocking malware authors with anime videos, and taunting cybercriminals via Telegram. And BBC cyber correspondent Joe Tidy joins us to talk about “Ctrl-Alt-Chaos”,…
-
Cybercrime is surging across Africa
Cybercrime is surging across Africa A new INTERPOL report has sounded the alarm over a dramatic increase in cybercrime across Africa, with digital crime now accounting for a significant proportional of all criminal activity across the continent. Read more in my article on the Hot for Security blog. Graham Cluley Go to grahamcluley
-
The AI Fix #56: ChatGPT traps man in a cult of one, and AI is actually stupid
The AI Fix #56: ChatGPT traps man in a cult of one, and AI is actually stupid In episode 56 of The AI Fix, Anthropic and Apple have a bar fight, a woman describes her husband falling in love with ChatGPT as “not ideal”, WhatsApp’s AI helper isn’t helpful, Graham serenades a pack of headless…
-
Aflac, one of the USA’s largest insurers, is the latest to fall “under siege” to hackers
Aflac, one of the USA’s largest insurers, is the latest to fall “under siege” to hackers The Wall Street Journal reports that Aflac is investigating a breach that may have exposed claims information, health details, Social Security numbers, and other personal data. Graham Cluley Go to grahamcluley
-
Twitter refuses to explain what it’s doing about hate speech and misinformation, sues New York State for asking
Twitter refuses to explain what it’s doing about hate speech and misinformation, sues New York State for asking Elon Musk’s Twitter is suing New York State. Why? Because apparently being asked to explain how your social media platform handles hate speech and misinformation is an unconstitutional burden. Graham Cluley Go to grahamcluley
-
Marks & Spencer ransomware attack was good news for other retailers
Marks & Spencer ransomware attack was good news for other retailers When Marks & Spencer paused online orders after it was hit by ransomware, it was bad news for them… but GOOD news for other big online retailers. Fashion rivals like Next, John Lewis, and Zara saw a nice little bump while M&S sales floundered.…
-
Qilin offers “Call a lawyer” button for affiliates attempting to extort ransoms from victims who won’t pay
Qilin offers “Call a lawyer” button for affiliates attempting to extort ransoms from victims who won’t pay Imagine for one moment that you are a cybercriminal. You have compromised an organisation’s network, you have stolen their data, you have encrypted their network, and you are now knee-deep in the ransomware negotiation. However, there’s a problem.…
-
Krispy Kreme hack exposed sensitive data of over 160,000 people
Krispy Kreme hack exposed sensitive data of over 160,000 people Krispy Kreme, the dispenser of delectable doughnuts, has revealed that an astonishingly wide range of personal information belonging to past and present employees, as well as members of their families, was accessed by hackers during a cyber attack last year. Read more in my article…
-
Smashing Security podcast #422: The curious case of the code copier
Smashing Security podcast #422: The curious case of the code copier A GCHQ intern forgets the golden rule of spy school — don’t take the secrets home with you — and finds himself swapping Cheltenham for a cell. Meanwhile, an Australian hacker flies too close to the sun, hacks his way into a US indictment,…
-
Ransomware gang busted in Thailand hotel raid
Ransomware gang busted in Thailand hotel raid In a dramatic raid at a hotel in central Pattaya this week, Thai police have unearthed a criminal gang that was operating a ransomware and illicit gambling operation. Read more in my article on the Hot for Security blog. Graham Cluley Go to grahamcluley
-
The AI Fix #55: Atari beats ChatGPT at chess, and Apple says AI “thinking” is an illusion
The AI Fix #55: Atari beats ChatGPT at chess, and Apple says AI “thinking” is an illusion In episode 55 of The AI Fix, Gemini thinks a little meth won’t hurt, Mark realises what a terrifying 45mph “robot bird” is really for, Graham finds a surprising number of TikTokers in the bible, an AI discovers…
-
Bert ransomware: what you need to know
Bert ransomware: what you need to know Bert is a recently-discovered strain of ransomware that encrypts victims’ files and demands a payment for the decryption key. Read more in my article on the Fortra blog. Graham Cluley Go to grahamcluley
-
Dutch police identify users as young as 11-year-old on Cracked.io hacking forum
Dutch police identify users as young as 11-year-old on Cracked.io hacking forum Dutch police have announced that they have identified 126 individuals linked to the now dismantled Cracked.io cybercrime forum. Read more in my article on the Hot for Security blog. Graham Cluley Go to grahamcluley
-
Why Denmark is breaking up with Microsoft
Why Denmark is breaking up with Microsoft Relying too heavily on a US tech giant for your nation’s digital infrastructure is starting to feel a bit… well, risky. Graham Cluley Go to grahamcluley
-
Sweden says it is under cyber attack
Sweden says it is under cyber attack Swedish Prime Minister Ulf Kristersson says his country is under attack, after days of hard-hitting DDoS attacks against SVT Sweden’s public TV broadcaster, government websites, and other key organisations. Graham Cluley Go to grahamcluley
-
South African man imprisoned after ransom demand against his former employer
South African man imprisoned after ransom demand against his former employer Lucky Erasmus and a company insider installed software without authorisation on Ecentric’s systems which granted them remote access, enabling them to steal sensitive data and make unauthorised changes to senior managers’ passwords. Read more in my article on the Hot for Security blog. Graham…
-
Empty shelves after US’s largest natural and organic food distributor suffers cyber attack
Empty shelves after US’s largest natural and organic food distributor suffers cyber attack The spate of cyber attacks impacting the retail industry continues, with the latest victim being United Natural Foods (UNFI), which supplies organic produce to Whole Foods, Amazon, Target, and Walmart, amongst many others. Read more in my article on the Hot for…
-
Smashing Security podcast #421: Toothpick flirts, Google leaks, and ICE ICE scammers
Smashing Security podcast #421: Toothpick flirts, Google leaks, and ICE ICE scammers What do a sleazy nightclub carpet, Google’s gaping privacy hole, and an international student conned by fake ICE agents have in common? This week’s episode of the “Smashing Security” podcast obviously. Graham explains how a Singaporean bug-hunter cracked Google’s defences and could brute-force…
-
The AI Fix #54: Will AI collapse under its own garbage, and AI charity “Hunger Games”
The AI Fix #54: Will AI collapse under its own garbage, and AI charity “Hunger Games” In episode 54 of The AI Fix, Graham saves humanity with a CAPTCHA, Mark wonders whether AI can suffer, ChatGPT throws shade at Abba’s Björn Ulvaeus, an AI called Jack ask if you want fries with that, an artist…
-
Smashing Security podcast #420: Fake Susies, flawed systems, and fruity fixes for anxiety
Smashing Security podcast #420: Fake Susies, flawed systems, and fruity fixes for anxiety A bizarre case of political impersonation, where Trump’s top aide Susie Wiles is cloned (digitally, not biologically — we think), and high-ranking Republicans start getting invitations to link up with “her” on Telegram to share their Trump pardon wishlists. Was it a…
-
US offers $10 million reward for tips about state-linked RedLine hackers
US offers $10 million reward for tips about state-linked RedLine hackers How would you like to earn yourself millions of dollars? Well, it may just be possible – if you have information which could help expose the identities of cybercriminals involved with the notorious RedLine information-stealing malware. Read more in my article on the Tripwire…
-
Marks & Spencer’s ransomware nightmare – more details emerge
Marks & Spencer’s ransomware nightmare – more details emerge Over Easter, retail giant Marks & Spencer (M&S) discovered that it had suffered a highly damaging ransomware attack that left some shop shelves empty, shut down online ordering, some staff unable to clock in and out, and caused some of its major suppliers to resort to…
-
The AI Fix #53: An AI uses blackmail to save itself, and threats make AIs work better
The AI Fix #53: An AI uses blackmail to save itself, and threats make AIs work better In episode 53 of The AI Fix, our hosts suspect the CEO of Duolingo has been kidnapped by an AI, Sergey Brin says AIs work better if you threaten them with physical violence, Graham wonders how you put…
-
Interlock ransomware: what you need to know
Interlock ransomware: what you need to know “We don’t just want payment; we want accountability.” The malicious hackers behind the Interlock ransomware try to justify their attacks. Learn more about what you need to know about Interlock in my article on the Tripwire State of Security blog. Graham Cluley Go to grahamcluley
-
Damascened Peacock: Russian hackers targeted UK Ministry of Defence
Damascened Peacock: Russian hackers targeted UK Ministry of Defence The UK’s Ministry of Defence has revealed that it was the target of a sophisticated cyber attack that saw Russia-linked hackers pose as journalists. Read more in my article on the Hot for Security blog. Graham Cluley Go to grahamcluley
-
Adidas customers’ personal information at risk after data breach
Adidas customers’ personal information at risk after data breach Lovers of Adidas clothes would be wise to be on their guard against phishing attacks, after the German sportswear giant revealed that a cyber attack had exposed the personal information of customers. Read more in my article on the Hot for Security blog. Graham Cluley Go…
-
The AI Fix #52: AI adopts its own social norms, and AI DJ creates diversity scandal
The AI Fix #52: AI adopts its own social norms, and AI DJ creates diversity scandal In episode 52 of The AI Fix, our hosts watch a non-existent musical about garlic bread, Graham shares a summer reading list of books that don’t exist, Mark feels nauseous after watching a video of Sam Altman and Jony…
-
3AM ransomware attack poses as a call from IT support to compromise networks
3AM ransomware attack poses as a call from IT support to compromise networks Cybercriminals are getting smarter. Not by developing new types of malware or exploiting zero-day vulnerabilities, but by simply pretending to be helpful IT support desk workers. Find out how they do it in my article on the Tripwire State of Security blog.…
-
Smashing Security podcast #418: Grid failures, Instagram scams, and Legal Aid leaks
Smashing Security podcast #418: Grid failures, Instagram scams, and Legal Aid leaks In this week’s episode, Graham investigates the mysterious Iberian Peninsula blackout (aliens? toaster? cyberattack?), Carole dives in the UK legal aid hack that exposed deeply personal data of society’s most vulnerable, and Dinah Davis recounts how Instagram scammers hijacked her daughter’s account –…
-
The AI Fix #51: Divorce by coffee grounds, and why AI robots need your brain
The AI Fix #51: Divorce by coffee grounds, and why AI robots need your brain In episode 51 of The AI Fix, a Greek man’s marriage is destroyed after ChatGPT reads his coffee, a woman dumps her husband to marry an AI called Leo, and Graham wonders whether it’s time to upload his brain into…
-
SEC Twitter hack: Man imprisoned for role in attack that caused Bitcoin’s price to soar.
SEC Twitter hack: Man imprisoned for role in attack that caused Bitcoin’s price to soar. Eric Council Jr. pleaded guilty to charges related to the January 2024 hack of the US Securities and Exchange Commission’s (SEC) Twitter account, which saw a fake announcement about the Bitcoin cryptocurrency posted to its followers. Read more in my…
-
The AI Fix nominated for top podcast award. Vote now!
The AI Fix nominated for top podcast award. Vote now! Bloomin’ eck! I’m delighted to share with you that “The AI Fix” is up for an award! Graham Cluley Go to grahamcluley
-
Prescription for disaster: Sensitive patient data leaked in Ascension breach
Prescription for disaster: Sensitive patient data leaked in Ascension breach Ascension, one of the largest private healthcare companies in the United States, has confirmed that the personal data of some 437,329 patients has been exposed following an attack by cybercriminals. Read more in my article on the Fortra blog. Graham Cluley Go to grahamcluley
-
Smashing Security podcast #417: Hello, Pervert! – Sextortion scams and Discord disasters
Smashing Security podcast #417: Hello, Pervert! – Sextortion scams and Discord disasters Don’t get duped, doxxed, or drained! In this episode of “Smashing Security” we dive into the creepy world of sextortion scams, and investigate how crypto wallet firm Ledger’s Discord server was hijacked in an attempt to phish for cryptocurrency recovery phrases. All this…
-
The AI Fix #50: AI brings dead man back for killer’s trial, and the judge loves it
The AI Fix #50: AI brings dead man back for killer’s trial, and the judge loves it In episode 50 of The AI Fix, AI brings a slain man back from the dead so he can appear at his killer’s trial, Mark gets a mysterious phone call, Trump uses AI to become Pope Donald the…
-
Two years’ jail for down-on-his-luck man who sold ransomware online
Two years’ jail for down-on-his-luck man who sold ransomware online A man has been jailed in Ireland for two years after pleading guilty to offences related to his illegal online business that sold ransomware and other malware, as well as stolen credit card details, and false bank accounts. Read more in my article on the…
-
Hackers hit deportation airline GlobalX, leak flight manifests, and leave an unsubtle message for “Donnie” Trump
Hackers hit deportation airline GlobalX, leak flight manifests, and leave an unsubtle message for “Donnie” Trump GlobalX Airlines, a charter airline being used by the US government for deportation flights, has been attacked by hacktivists who have made off with what they claim are detailed flight records and passenger manifests. Read more in my article…
-
LockBit ransomware gang breached, secrets exposed
LockBit ransomware gang breached, secrets exposed Oh dear, what a shame, never mind. Read more in my article on the Tripwire State of Security blog. Graham Cluley Go to grahamcluley
-
Smashing Security podcast #416: High street hacks, and Disney’s Wingdings woe
Smashing Security podcast #416: High street hacks, and Disney’s Wingdings woe Brits face empty shelves and suspended meal deals as cybercriminals hit major high street retailers, and a terminated Disney employee gets revenge with a little help with Wingdings. Plus Graham challenges Carole to a game of “Malware or metal?”, and we wonder just happens…
-
NCSC warns of IT helpdesk impersonation trick being used by ransomware gangs after UK retailers attacked
NCSC warns of IT helpdesk impersonation trick being used by ransomware gangs after UK retailers attacked The UK’s National Cyber Security Centre (NCSC) has warned the IT helpdesks of retailers to be on their guard against bogus support calls they might receive from hackers pretending to be staff locked out of their accounts. Read more…
-
Smashing Security podcast #415: Hacking hijinks at the hospital, and WASPI scams
Smashing Security podcast #415: Hacking hijinks at the hospital, and WASPI scams He’s not a pop star, but Jeffrey Bowie is alleged to have toured staff areas of a hospital in Oklahoma, hunting for computers he could install spyware on. We dive into the bizarre case of the man accused of hacking medical networks and…
-
The AI Fix #48: AI Jesus, and is the AI Singularity almost upon us?
The AI Fix #48: AI Jesus, and is the AI Singularity almost upon us? In episode 48 of The AI Fix, OpenAI releases the first AI models capable of novel scientific discoveries, ChatGPT users are sick of its relentlessly positive tone, our hosts say “Alexa” a lot, OpenAI eyes a social network of its own,…
-
Ransomware attacks on critical infrastructure surge, reports FBI
Ransomware attacks on critical infrastructure surge, reports FBI The FBI is set to report that ransomware was the most pervasive cybersecurity threat to US critical infrastructure during the year of 2024, with complaints of ransomware attacks against critical sectors jumping 9% over the previous year. Read more in my article on the Tripwire State of…
-
21 million employee screenshots leaked in bossware breach blunder
21 million employee screenshots leaked in bossware breach blunder If you thought only your boss was peeking at your work screen, think again. Employee-monitoring tool Work Composer has committed a jaw-dropping blunder, leaving a treasure trove of millions of workplace screenshots openly accessible on the internet with no encryption in place, and no password required.…
-
Hackers access sensitive SIM card data at South Korea’s largest telecoms company
Hackers access sensitive SIM card data at South Korea’s largest telecoms company Mobile network operator SK Telecom, which serves approximately 34 million subscribers in South Korea, has confirmed that it suffered a cyber attack earlier this month that saw malware infiltrate its internal systems, and access data related to customers’ SIM cards. Read more in…
-
Smashing Security podcast #414: Zoom.. just one click and your data goes boom!
Smashing Security podcast #414: Zoom.. just one click and your data goes boom! Graham explores how the Elusive Comet cybercrime gang are using a sneaky trick of stealing your cryptocurrency via an innocent-appearing Zoom call, and Carole goes under the covers to explore the extraordinary lengths bio-hacking millionaire Bryan Johnson is attempting to extend his…
-
The AI Fix #47: An AI is the best computer programmer in the world
The AI Fix #47: An AI is the best computer programmer in the world In episode 47 of The AI Fix, o3 becomes the best competitive programmer in the world, hacked California crosswalks speak with the voice of Elon Musk and Mark Zuckerberg, Meta introduces a herd of Llamas, Graham explains what a “lollipop lady”…
-
Crosswalks hacked to play fake audio of Musk, Zuck, and Jeff Bezos
Crosswalks hacked to play fake audio of Musk, Zuck, and Jeff Bezos “Stop, look, and listen” is the standard advice we should allow follow when crossing the road – but pedestrians in some parts are finding that they cannot believe their ears – after a hacker compromised crosswalks to play deepfake audio mocking tech bosses…
-
Smashing Security podcast #413: Hacking the hackers… with a credit card?
Smashing Security podcast #413: Hacking the hackers… with a credit card? A cybersecurity firm is buying access to underground crime forums to gather intelligence. Does that seem daft to you? And over in Nigeria, even if romance scammers would like to update their LinkedIn profiles, just how easy is it to turn a new leaf…
-
Insurance firm Lemonade warns of breach of thousands of driving license numbers
Insurance firm Lemonade warns of breach of thousands of driving license numbers A data breach at insurance firm Lemonade left the details of thousands of drivers’ licenses exposed for 17 months. According to the company, on March 14 2025 Lemonade learnt that a vulnerability in its online car insurance application process contained a vulnerability that…
-
The AI Fix #46: AI can read minds now, and is your co-host a clone?
The AI Fix #46: AI can read minds now, and is your co-host a clone? In episode 46 of The AI Fix, China trolls US tariffs, a microscopic pogoing flea-bot makes a tiny leap forward for robotics, Google unveils the Agent2Agent protocol, a robot dog is so cute it ruins Graham’s entire day, and Europe…
-
RansomHouse ransomware: what you need to know
RansomHouse ransomware: what you need to know RansomHouse is a cybercrime operation that follows a Ransomware-as-a-Service (RaaS) business model, where affiliates (who do not require technical skills of their own) use the ransomware operator’s infrastructure to extort money from victims. Read more in my article on the Fortra blog. Graham Cluley Go to grahamcluley
-
Medusa ransomware gang claims to have hacked NASCAR
Medusa ransomware gang claims to have hacked NASCAR The Medusa ransomware-as-a-service (RaaS) claims to have compromised the computer systems of NASCAR, the United States’ National Association for Stock Car Auto Racing, and made off with more than 1TB of data. Read more in my article on the Hot for Security blog. Graham Cluley Go to…
-
Ransomware reaches a record high, but payouts are dwindling
Ransomware reaches a record high, but payouts are dwindling Will you be shedding a tear for the cybercriminals? Read more in my article on the Tripwire blog. Graham Cluley Go to grahamcluley
-
Smashing Security podcast #412: Signalgate sucks, and the quandary of quishing
Smashing Security podcast #412: Signalgate sucks, and the quandary of quishing QR codes are being weaponised by scammers — so maybe think twice before scanning that parking meter. And in a blunder so dumb it makes autocorrect look smart, the White House explains how it leaked war plans on Signal because an iPhone mistook a…
-
The AI Fix #45: The Turing test falls to GPT-4.5
The AI Fix #45: The Turing test falls to GPT-4.5 In episode 45 of The AI Fix, our hosts discover that ChatGPT is running the world, Mark learns that mattress companies have scientists, Gen Z has nightmares about AI, OpenAI gets a bag, Graham eats too many cheese sandwiches, and too much training makes AIs…
-
King Bob pleads guilty to Scattered Spider-linked cryptocurrency thefts from investors
King Bob pleads guilty to Scattered Spider-linked cryptocurrency thefts from investors A Florida man, linked to the notorious Scattered Spider hacking gang, has pleaded guilty to charges related to cryptocurrency thefts which have netted hundreds of thousands of dollars. Read more in my article on the Hot for Security blog. Graham Cluley Go to grahamcluley
-
HellCat ransomware: what you need to know
HellCat ransomware: what you need to know HellCat – the ransomware gang that has been known to demand payment… in baguettes! Are they rolling in the dough? Bread it and weep in my article on the Tripwire State of Security blog. Graham Cluley Go to grahamcluley
-
Smashing Security podcast #411: The fall of Troy, and whisky barrel scammers
Smashing Security podcast #411: The fall of Troy, and whisky barrel scammers Renowned cybersecurity expert Troy Hunt falls victim to a phishing attack, resulting in the exposure of thousands of subscriber details, and don’t lose your life savings in a whisky scam… All this and more is discussed in the latest edition of the “Smashing…
-
The AI Fix #44: AI-generated malware, and a stunning AI breakthrough
The AI Fix #44: AI-generated malware, and a stunning AI breakthrough In episode 44 of The AI Fix, ChatGPT won’t build a crystal meth lab, GPT-4o improves the show’s podcast art, some students manage to screw in a lightbulb, Google releases Gemini 2.5 Pro Experimental and nobody notices, and Mark invents a clock for measuring…
-
Hackers exploit little-known WordPress MU-plugins feature to hide malware
Hackers exploit little-known WordPress MU-plugins feature to hide malware A new security issue is putting WordPress-powered websites at risk. Hackers are abusing the “Must-Use” plugins (MU-plugins) feature to hide malicious code and maintain long-term access on hacked websites. Read more in my article on the Hot for Security blog. Graham Cluley Go to grahamcluley
-
£3 million fine for healthcare MSP with sloppy security after it was hit by ransomware attack
£3 million fine for healthcare MSP with sloppy security after it was hit by ransomware attack A UK firm has been hit by a £3.07 million fine after being hit by a ransomware attack that exposed sensitive data related to almost 80,000 people, and disrupted NHS services. Read more in my article on the Exponential-e…
-
VanHelsing ransomware: what you need to know
VanHelsing ransomware: what you need to know First reported earlier in March 2025, VanHelsing is a new ransomware-as-a-service operation. Read more in my article on the Tripwire State of Security blog. Graham Cluley Go to grahamcluley
-
Malaysian PM says “no way” to $10 million ransom after alleged cyber attack against Kuala Lumpur airport
Malaysian PM says “no way” to $10 million ransom after alleged cyber attack against Kuala Lumpur airport According to some reports, Kuala Lumpur International Airport had to resort to using whiteboards to communicate with passengers. Read more in my article on the Hot for Security blog. Graham Cluley Go to grahamcluley
-
Smashing Security podcast #410: Unleash the AI bot army against the scammers – now!
Smashing Security podcast #410: Unleash the AI bot army against the scammers – now! A YouTuber has unleashed an innovative AI bot army to disrupt and outwit the world of online scammers, and a New York Times investigation looks into the intricate web of global money laundering. All this and more is discussed in the…
-
The AI Fix #43: I, for one, welcome our new robot overlords!
The AI Fix #43: I, for one, welcome our new robot overlords! In episode 43 of The AI Fix, our hosts discover a robot that isn’t terrifying, a newspaper shuns journalists in favour of AI, Graham watches a robot dog learn to stand, an AI computer programmer develops a familiar attitude, and New York tries…
-
Smashing Security podcast #409: Peeping perverts and FBI phone calls
Smashing Security podcast #409: Peeping perverts and FBI phone calls In episode 409 of the “Smashing Security” podcast, we uncover the curious case of the Chinese cyber-attack on Littleton’s Electric Light Company, and a California landlord’s hidden camera scandal. Find out about this, and more, in the latest edition of the “Smashing Security” podcast by…
-
BlackLock ransomware: What you need to know
BlackLock ransomware: What you need to know BlackLock has become a big deal, very quickly. It has been predicted to be one of the biggest ransomware-as-a-service operations of 2025. Read more in my article on the Tripwire State of Security blog. Graham Cluley Go to grahamcluley
-
Supply-chain CAPTCHA attack hits over 100 car dealerships
Supply-chain CAPTCHA attack hits over 100 car dealerships A security researcher has discovered that the websites of over 100 car dealerships have been compromised in a supply-chain attack that attempted to infect the PCs of internet visitors. Read more in my article on the Hot for Security blog. Graham Cluley Go to grahamcluley
-
The AI Fix #42: AIs with anxiety, and why AIs don’t know what happened
The AI Fix #42: AIs with anxiety, and why AIs don’t know what happened In episode 42 of the AI Fix, our hosts discover why ads for the Neo Gamma robot are so sinister, Graham plays peek-a-boo with a crow, humans give up writing, an AI designs a drug, an upstart AI agent gets everyone’s…
-
Mandatory Coinbase wallet migration? It’s a phishing scam!
Mandatory Coinbase wallet migration? It’s a phishing scam! An ingenious phishing scam is targeting cryptocurrency investors, by posing as a mandatory wallet migration. Read more in my article on the Hot for Security blog. Graham Cluley Go to grahamcluley
-
Free file converter malware scam “rampant” claims FBI
Free file converter malware scam “rampant” claims FBI Whether you’re downloading a video from YouTube or converting a Word document into a PDF file, there’s a chance that you might be unwittingly handing control of your PC straight into the hands of cybercriminals. Read more in my article on the Hot for Security blog. Graham…
-
Borked Chromecasts are beginning to receive their update – just hope you didn’t do a factory reset
Borked Chromecasts are beginning to receive their update – just hope you didn’t do a factory reset The news can’t have come too soon for the many Chromecast users who have found themselves unable to stream their favourite TV shows, movies, and other media. Read more in my article on the Hot for Security blog.…
-
Chromecast chaos – 2nd gen devices go belly-up as Google struggles to fix certificate issue
Chromecast chaos – 2nd gen devices go belly-up as Google struggles to fix certificate issue Has your old Chromecast suddenly developed a problem? You’re not alone it seems. Read more in my article on the Hot for Security blog. Graham Cluley Go to grahamcluley
-
Medusa ransomware: FBI and CISA urge organisations to act now to mitigate threat
Medusa ransomware: FBI and CISA urge organisations to act now to mitigate threat The Medusa ransomware gang continues to present a major threat to the critical infrastructure sector, according to a newly-released – with at least one organisation hit with a “triple-extortion” threat. Read more in my article on the Tripwire State of Security blog.…
-
Smashing Security podcast #408: A gag order backfires, and a snail mail ransom demand
Smashing Security podcast #408: A gag order backfires, and a snail mail ransom demand What happens when a healthcare giant’s legal threats ignite a Streisand Effect wildfire… while a ransomware gang appears to ditch the dark web for postage stamps? Find out about this, and more, in the latest edition of the “Smashing Security” podcast…
-
Man found guilty of planting infinite loop logic bomb on ex-employer’s system
Man found guilty of planting infinite loop logic bomb on ex-employer’s system Davis Lu had planted malicious Java code onto his employer’s network that would cause “infinite loops” that would ultimate result in the server crashing or hanging. Read more in my article on the Hot for Security blog. Graham Cluley Go to grahamcluley
-
The AI Fix #41: Can AIs be psychopaths, and why we should be AI optimists
The AI Fix #41: Can AIs be psychopaths, and why we should be AI optimists In episode 41 of the AI Fix, our hosts learn that society needs to be completely reordered by December, Grok accuses Trump of being a Russian asset, Graham discovers that parents were wrong about computer games all along, and Mark…
-
Webinar: Credential security in the age of AI: Insights for IT leaders
Webinar: Credential security in the age of AI: Insights for IT leaders On Tuesday, March 18 2025, at 1pm EST, I will be joining the experts at Dashlane for an online chat all about credential security in the age of AI. Learn more and make sure to book your free seat. Graham Cluley Go to…
-
Smashing Security podcast #407: HP’s hold music, and human trafficking
Smashing Security podcast #407: HP’s hold music, and human trafficking Journey with us to Myanmar’s shadowy scam factories, where trafficked workers are forced to run romance-baiting and fake tech support scams, and find out why a company’s mandatory hold time for tech support could lead to innocent users having their computers compromised. All this and…
-
Fake police call cryptocurrency investors to steal their funds
Fake police call cryptocurrency investors to steal their funds Have you had a phone call from police about your cryptocurrency wallet? Be on your guard – you could be about to be scammed. Read more in my article on the Hot for Security blog. Graham Cluley Go to grahamcluley
-
Cactus ransomware: what you need to know
Cactus ransomware: what you need to know Cactus is a ransomware-as-a-service (RaaS) group that encrypts victim’s data and demands a ransom for a decryption key. Read more about it in my article on the Tripwire State of Security blog. Graham Cluley Go to grahamcluley