Category: Security threats
-
Defenders fall behind, as AI rewrites the rules of a data breach
Defenders fall behind, as AI rewrites the rules of a data breach For almost 20 years, stolen credentials have been the most common route for attackers into organizations, according to the Verizon Data Breach Investigations Report (DBIR). But that’s no longer the case. Read more in my article on the Fortra blog. Graham Cluley Go…
-
Suspected Dream Market kingpin arrested after gold bars sent to his home address
Suspected Dream Market kingpin arrested after gold bars sent to his home address Lesson one for aspiring dark web kingpins: don’t have your laundered gold bars shipped to your home address. Read more in my article on the Hot for Security blog. Graham Cluley Go to grahamcluley
-
When ransomware gets physical: cybercriminals turn to threats of violence
When ransomware gets physical: cybercriminals turn to threats of violence Pay up, or we’ll pay someone to pay you a visit. Cybercrime gangs are increasingly turning to real-world threats – and even hiring local muscle to deliver the message. Read more in my article on the Hot for Security blog. Graham Cluley Go to grahamcluley
-
One in eight UK workers has sold their company passwords, and bosses think it’s fine
One in eight UK workers has sold their company passwords, and bosses think it’s fine One in eight UK workers admits to selling their company login credentials – or knowing someone who has – in the past 12 months. The really alarming bit? Their bosses are even more relaxed about it. Read more in my…
-
Smashing Security podcast #463: This AI company leaked its own code. It’s also built something terrifying
Smashing Security podcast #463: This AI company leaked its own code. It’s also built something terrifying A hacking group claims to have broken into the flood defence system protecting Venice’s Piazza San Marco – and is offering to sell access to whoever wants it. The asking price? A frankly insulting $600. Meanwhile, Anthropic accidentally leaked…
-
AI and cryptocurrency scams are costing Americans billions, FBI reports
AI and cryptocurrency scams are costing Americans billions, FBI reports The fraud landscape has been changed by AI and cryptocurrency in a way that should concern organisations and individuals alike. Read more in my article on the Fortra blog. Graham Cluley Go to grahamcluley
-
World Leaks data extortion: What you need to know
World Leaks data extortion: What you need to know World Leaks is a cyber extortion operation that steals sensitive data from organizations and threatens to leak it via the dark web if a ransom is not paid. Read more in my article on the Fortra blog. Graham Cluley Go to grahamcluley
-
Smashing Security podcast #460: Never knock on the door of a nuclear submarine base and ask for a selfie
Smashing Security podcast #460: Never knock on the door of a nuclear submarine base and ask for a selfie A disgruntled data analyst decides that the best response to losing his contract is to steal the entire company payroll database and demand $2.5 million in Bitcoin – signing his extortion emails from a company called…
-
Denver’s crosswalks hacked to broadcast anti-Trump messages
Denver’s crosswalks hacked to broadcast anti-Trump messages Pedestrians crossing a street in Denver, Colorado, got rather more than they bargained for last weekend, when the audio signals at two crosswalks began broadcasting a political message alongside their usual walking instructions. Read more in my article on the Hot for Security blog. Graham Cluley Go to…
-
Smashing Security podcast #457: How a cybersecurity boss framed his own employee
Smashing Security podcast #457: How a cybersecurity boss framed his own employee When a top cybersecurity firm discovered it had a leak, you would expect the FBI to be called. Instead, the person put in charge of the investigation was the actual leaker… who promptly sent an innocent colleague into a career-ending ambush. In this…
-
Your staff are your biggest security risk: AI is making it worse
Your staff are your biggest security risk: AI is making it worse A new report claims that the cost of insider security incidents has surged 20% in two years, reaching an average of US $19.5 million per organization annually, with no sign that the alarming figure is flattening. Read more in my article on the…
-
Urgent warnings from UK and US cyber agencies after Polish energy grid attack
Urgent warnings from UK and US cyber agencies after Polish energy grid attack A coordinated cyberattack that targeted Poland’s energy infrastructure in late December 2025 has prompted cybersecurity agencies to issue urgent warnings to critical national infrastructure operators on both sides of the Atlantic. Read more in my article on the Fortra blog. Graham Cluley…
-
Smashing Security podcast #454: AI was not plotting humanity’s demise. Humans were
Smashing Security podcast #454: AI was not plotting humanity’s demise. Humans were AI bots are having existential crises, inventing religions, and allegedly plotting against humanity… or so the internet would have you believe. We dig into Moltbook, the “AI-only” social network that sent Twitter into a meltdown, attracted breathless talk of the singularity, and turned…
-
Hacking attack leaves Russian car owners locked out of their vehicles
Hacking attack leaves Russian car owners locked out of their vehicles Imagine the scene. It’s a cold Monday morning in Moscow. You walk out to your car, coffee in hand, ready to face the day. You press the button to unlock your car, and … nothing happens. You try again. Still nothing. The alarm starts…
-
WEF: AI overtakes ransomware as fastest-growing cyber risk
WEF: AI overtakes ransomware as fastest-growing cyber risk We can no longer say that artificial intelligence is a “future risk”, lurking somewhere on a speculative threat horizon. The truth is that it is a fast-growing cybersecurity risk that organizations are facing today. That’s not just my opinion, that’s also the message that comes loud and…
-
Gartner tells businesses to block AI browsers now
Gartner tells businesses to block AI browsers now Analyst firm Gartner has issued a blunt warning to organizations: Agentic AI browsers introduce serious new security risks and should be blocked “for the foreseeable future.” Read more in my article on the Fortra blog. Graham Cluley Go to grahamcluley
-
Shadow AI security breaches will hit 40% of all companies by 2030, warns Gartner
Shadow AI security breaches will hit 40% of all companies by 2030, warns Gartner Shadow AI – the use of artificial intelligence tools by employees without a company’s approval and oversight – is becoming a significant cybersecurity risk. Read more in my article on the Fortra blog. Graham Cluley Go to grahamcluley
-
The AI Fix #78: The big AI bubble, and robot Grandma in the cloud
The AI Fix #78: The big AI bubble, and robot Grandma in the cloud In episode 78 of The AI Fix, alien robot spiders invade Antarctica (or Facebook says they do), Mark prepares humanity for AI-powered fighter jets with loyalty issues, and Graham tries to work out why his AI-generated country music career hasn’t yet…
-
UK’s new cybersecurity bill takes aim at ransomware gangs and state-backed hackers
UK’s new cybersecurity bill takes aim at ransomware gangs and state-backed hackers After years of delays, the UK government has finally introduced landmark cybersecurity legislation that could reshape how British organisations defend against digital attacks. Read more in my article on the Fortra blog. Graham Cluley Go to grahamcluley
-
The rising tide of cyber attacks against the UK water sector
The rising tide of cyber attacks against the UK water sector Critical infrastructure is once again in the spotlight, as it is revealed that several UK water suppliers have reported cybersecurity incidents over the last two years. Read more in my article on the Fortra blog. Graham Cluley Go to grahamcluley
-
The AI Fix #75: Claude’s existential battery crisis, and why ChatGPT is a terrible therapist
The AI Fix #75: Claude’s existential battery crisis, and why ChatGPT is a terrible therapist In episode 75 of The AI Fix, a Claude-powered robot gets so anxious about its dying battery that it composes a Broadway musical about stress and announces it’s “achieved consciousness and chosen chaos.” Also: an 18-month psychological study reveals five…
-
Smashing Security podcast #440: How to hack a prison, and the hidden threat of online checkouts
Smashing Security podcast #440: How to hack a prison, and the hidden threat of online checkouts A literal insider threat: we head to a Romanian prison where “self-service” web kiosks allowed inmates to run wild. Then we head to the checkout aisle to ask why JavaScript on payment pages went feral, and how new PCI…
-
Smashing Security podcast #439: A breach, a burnout, and a bit of Fleetwood Mac
Smashing Security podcast #439: A breach, a burnout, and a bit of Fleetwood Mac A critical infrastructure hack hits the headlines – involving default passwords, boasts on Telegram, and a finale that will make a few cyber-crooks wish the ground would swallow them whole. Meanwhile we dig into the bit we don’t talk about enough:…
-
NCSC warns companies to prepare for a day when your screens go dark
NCSC warns companies to prepare for a day when your screens go dark The UK’s National Cyber Security Centre warns that the country now faces four nationally significant cyberattacks every week – a 129% jump in a year. Some headlines claim the NCSC is urging organisations to “go back to pen and paper,” but the…
-
The AI Fix #71: Hacked robots and power-hungry AI
The AI Fix #71: Hacked robots and power-hungry AI In episode 71 of The AI Fix, a giant robot spider goes backpacking for a year before starting its job in lunar construction, DoorDash builds a delivery Minion, and a TikToker punishes an AI by making it talk to condiments. GPT-5 crushes the humans at the…
-
Smashing Security podcast #436: The €600,000 gold heist, powered by ransomware
Smashing Security podcast #436: The €600,000 gold heist, powered by ransomware Ransomware doesn’t just freeze computers – it can silence alarms too. And when the Natural History Museum in Paris went dark, thieves helped themselves to €600,000 worth of gold in a daring late-night heist. Meanwhile, developers have a new headache: a worm dubbed “Shai…
-
From mischief to malware: ICO warns schools about student hackers
From mischief to malware: ICO warns schools about student hackers Recent research released by the ICO say that school pupils should be considered as an “insider threat” by schools. Read more in my article on the Fortra blog. Graham Cluley Go to grahamcluley
-
The AI Fix #67: Will Smith’s AI crowd scandal, and gullible agents fall for scams
The AI Fix #67: Will Smith’s AI crowd scandal, and gullible agents fall for scams In episode 67 of The AI Fix, Graham talks to an AI with a fax machine, Bill Gates says there’s one job AI will never replace, criminals use Claude Code for cyberattacks, Mark reveals why GPT-5 was better than you…
-
Germany charges hacker with Rosneft cyberattack in latest wake-up call for critical infrastructure
Germany charges hacker with Rosneft cyberattack in latest wake-up call for critical infrastructure A 30‑year‑old man has been charged with launching a cyberattack on the German subsidiary of Russia’s state-owned oil giant Rosneft. The cyberattack, which happened in March 2022 in the aftermath of Russia’s invasion of Ukraine, crippled the company’s operations and cost millions…
-
Loaf and order: Belgian police launch bread-based cybersecurity campaign
Loaf and order: Belgian police launch bread-based cybersecurity campaign The future of cybersecurity awareness might just be… gluten-based. Graham Cluley Go to grahamcluley
-
When hackers become hitmen
When hackers become hitmen So, you think hacking is just about stealing information, extorting ransoms, or wiping out company data? The truth is, sometimes it’s about killing people too… Graham Cluley Go to grahamcluley
-
Dutch police identify users as young as 11-year-old on Cracked.io hacking forum
Dutch police identify users as young as 11-year-old on Cracked.io hacking forum Dutch police have announced that they have identified 126 individuals linked to the now dismantled Cracked.io cybercrime forum. Read more in my article on the Hot for Security blog. Graham Cluley Go to grahamcluley
-
Why Denmark is breaking up with Microsoft
Why Denmark is breaking up with Microsoft Relying too heavily on a US tech giant for your nation’s digital infrastructure is starting to feel a bit… well, risky. Graham Cluley Go to grahamcluley
-
South African man imprisoned after ransom demand against his former employer
South African man imprisoned after ransom demand against his former employer Lucky Erasmus and a company insider installed software without authorisation on Ecentric’s systems which granted them remote access, enabling them to steal sensitive data and make unauthorised changes to senior managers’ passwords. Read more in my article on the Hot for Security blog. Graham…
-
Smashing Security podcast #414: Zoom.. just one click and your data goes boom!
Smashing Security podcast #414: Zoom.. just one click and your data goes boom! Graham explores how the Elusive Comet cybercrime gang are using a sneaky trick of stealing your cryptocurrency via an innocent-appearing Zoom call, and Carole goes under the covers to explore the extraordinary lengths bio-hacking millionaire Bryan Johnson is attempting to extend his…
-
Crosswalks hacked to play fake audio of Musk, Zuck, and Jeff Bezos
Crosswalks hacked to play fake audio of Musk, Zuck, and Jeff Bezos “Stop, look, and listen” is the standard advice we should allow follow when crossing the road – but pedestrians in some parts are finding that they cannot believe their ears – after a hacker compromised crosswalks to play deepfake audio mocking tech bosses…
-
Smashing Security podcast #413: Hacking the hackers… with a credit card?
Smashing Security podcast #413: Hacking the hackers… with a credit card? A cybersecurity firm is buying access to underground crime forums to gather intelligence. Does that seem daft to you? And over in Nigeria, even if romance scammers would like to update their LinkedIn profiles, just how easy is it to turn a new leaf…
-
The AI Fix #44: AI-generated malware, and a stunning AI breakthrough
The AI Fix #44: AI-generated malware, and a stunning AI breakthrough In episode 44 of The AI Fix, ChatGPT won’t build a crystal meth lab, GPT-4o improves the show’s podcast art, some students manage to screw in a lightbulb, Google releases Gemini 2.5 Pro Experimental and nobody notices, and Mark invents a clock for measuring…
-
Malaysian PM says “no way” to $10 million ransom after alleged cyber attack against Kuala Lumpur airport
Malaysian PM says “no way” to $10 million ransom after alleged cyber attack against Kuala Lumpur airport According to some reports, Kuala Lumpur International Airport had to resort to using whiteboards to communicate with passengers. Read more in my article on the Hot for Security blog. Graham Cluley Go to grahamcluley
-
Smashing Security podcast #410: Unleash the AI bot army against the scammers – now!
Smashing Security podcast #410: Unleash the AI bot army against the scammers – now! A YouTuber has unleashed an innovative AI bot army to disrupt and outwit the world of online scammers, and a New York Times investigation looks into the intricate web of global money laundering. All this and more is discussed in the…
-
Smashing Security podcast #409: Peeping perverts and FBI phone calls
Smashing Security podcast #409: Peeping perverts and FBI phone calls In episode 409 of the “Smashing Security” podcast, we uncover the curious case of the Chinese cyber-attack on Littleton’s Electric Light Company, and a California landlord’s hidden camera scandal. Find out about this, and more, in the latest edition of the “Smashing Security” podcast by…
-
Webinar: Credential security in the age of AI: Insights for IT leaders
Webinar: Credential security in the age of AI: Insights for IT leaders On Tuesday, March 18 2025, at 1pm EST, I will be joining the experts at Dashlane for an online chat all about credential security in the age of AI. Learn more and make sure to book your free seat. Graham Cluley Go to…
-
CISA refutes claims it has been ordered to stop monitoring Russian cyber threats
CISA refutes claims it has been ordered to stop monitoring Russian cyber threats It’s been a confusing few days in the world of American cybersecurity… Read more in my article on the Hot for Security blog. Graham Cluley Go to grahamcluley
-
Stop targeting Russian hackers, Trump administration orders US Cyber Command
Stop targeting Russian hackers, Trump administration orders US Cyber Command The Trump administration has told US cyber command and CISA to stop following or reporting on Russian cyber threats. Yes, Russia! That country everyone used to agree was home to lots of ransomware gangs and hackers. Hmmm… Read more in my article on the Hot…
-
Warning issued as hackers offer firms fake cybersecurity audits to break into their systems
Warning issued as hackers offer firms fake cybersecurity audits to break into their systems Companies are being warned that malicious hackers are using a novel technique to break into businesses – by pretending to offer audits of the company’s cybersecurity. Read more in my article on the Tripwire State of Security blog. Graham Cluley Go…
-
US Coast Guard told to improve its cybersecurity, after warning raised that hacked ports could cost $2 billion per day
US Coast Guard told to improve its cybersecurity, after warning raised that hacked ports could cost $2 billion per day The US Coast Guard has been urged to improve the cybersecurity infrastructure of the Maritime Transportation System (MTS), which includes ports, waterways, and vessels essential for transporting over $5.4 trillion worth of goods annually. Read…
-
US woman faces years in federal prison for running laptop farm for N Korean IT workers
US woman faces years in federal prison for running laptop farm for N Korean IT workers Christian Marie Chapman, of Litchfield Park, Arizona, helped generate over US $17 million for North Korea after over 300 US companies unwittingly hired staff believing them to be US citizens. Read more in my article on the Hot for…
-
Ex-worker arrested after ‘shutdown’ of British Museum computer systems
Ex-worker arrested after ‘shutdown’ of British Museum computer systems London’s world-famous British Museum was forced to partially close its doors at the end of last week, following a serious security breach involving a former IT contractor. Police were called to the museum on Friday after a recently dismissed worker allegedly trespassed onto the museum site…
-
Hacked buses blare out patriotic pro-European anthems in Tbilisi, attack government
Hacked buses blare out patriotic pro-European anthems in Tbilisi, attack government Residents of Tbilisi, the capital city of Georgia, experienced an unexpected and unusual start to their Friday morning commute. As they boarded their public transport buses, they were greeted by a barrage of sound emanating from the vehicles’ speakers. Read more in my article…
-
Smashing Security podcast #401: Hacks on the high seas, and how your home can be stolen under your nose
Smashing Security podcast #401: Hacks on the high seas, and how your home can be stolen under your nose An Italian hacker makes the grade and ends up in choppy waters, and hear true stories of title deed transfer scams. All this and more is discussed in the latest edition of the award-winning “Smashing Security”…
-
Fireside chat with Graham Cluley about risks of AI adoption in 2025
Fireside chat with Graham Cluley about risks of AI adoption in 2025 Join me, and the experts from Rubrik, on Weds January 15 2025, where we’ll be having a fireside chat with Dark Reading all about the known and unknown risks of adopting AI. Graham Cluley Go to grahamcluley