Tag: grahamcluley
-
Smashing Security podcast #470: This AI security flaw might be impossible to fix
Smashing Security podcast #470: This AI security flaw might be impossible to fix A website called “UK visa portal” has been quietly collecting passport scans, selfies, and personal data from thousands of travellers who thought they were applying through official channels. They weren’t. And when a journalist tried to warn the company, it was lawyers…
-
Police arrest man following hack of Ajax football club
Police arrest man following hack of Ajax football club Dutch police have arrested a 35-year-old man suspected of hacking into the computer systems of Amsterdam football giant Ajax, after the personal data of hundreds of thousands of supporters was put at risk. Read more in my article on the Hot for Security blog. Graham Cluley…
-
MyPillow listed on ransomware gang’s leak site, but denies it has been breached
MyPillow listed on ransomware gang’s leak site, but denies it has been breached A notorious ransomware gang claims to have stolen MyPillow’s private data, but CEO Mike Lindell calls it a politically motivated “hit job.” With the countdown ticking toward a massive dark web leak, who is telling the truth? Read more in my article…
-
Smashing Security podcast #469: What your Oura ring won’t tell you
Smashing Security podcast #469: What your Oura ring won’t tell you CISA, the US government agency whose entire job is keeping America’s critical infrastructure safe from hackers, has had a contractor publish dozens of plain-text credentials to a public GitHub profile. Meanwhile, your Oura ring is quietly transmitting some of its data unencrypted – and…
-
FBI warns of Kali365 phishing kit that breaks into Microsoft 365 accounts – no password required
FBI warns of Kali365 phishing kit that breaks into Microsoft 365 accounts – no password required So, you’ve enabled multi-factor authentication. You’ve taught your staff never to type their passwords into dodgy-looking login pages. Surely your Microsoft 365 accounts are safe now? Well, think again. Read more in my article on the Hot for Security…
-
Defenders fall behind, as AI rewrites the rules of a data breach
Defenders fall behind, as AI rewrites the rules of a data breach For almost 20 years, stolen credentials have been the most common route for attackers into organizations, according to the Verizon Data Breach Investigations Report (DBIR). But that’s no longer the case. Read more in my article on the Fortra blog. Graham Cluley Go…
-
Smashing Security podcast #468: High-speed train hacks and homicidal lawnmowers
Smashing Security podcast #468: High-speed train hacks and homicidal lawnmowers A 23-year-old radio enthusiast spent £300 on a piece of kit from the internet, and used it to bring four packed high-speed trains to a screeching halt. His defence in court? Possibly the most creative excuse we’ve heard all year. Meanwhile, owners of $4,000 robot…
-
FBI warns students and staff that ShinyHunters may come knocking after Canvas breach
FBI warns students and staff that ShinyHunters may come knocking after Canvas breach Having receive a ransom payment for its attack on Canvas, ShinyHunters and other extortion gangs are only likely to be further incentivised to launch similar attacks in future. Read more in my article on the Hot for Security blog. Graham Cluley Go…
-
Suspected Dream Market kingpin arrested after gold bars sent to his home address
Suspected Dream Market kingpin arrested after gold bars sent to his home address Lesson one for aspiring dark web kingpins: don’t have your laundered gold bars shipped to your home address. Read more in my article on the Hot for Security blog. Graham Cluley Go to grahamcluley
-
When ransomware gets physical: cybercriminals turn to threats of violence
When ransomware gets physical: cybercriminals turn to threats of violence Pay up, or we’ll pay someone to pay you a visit. Cybercrime gangs are increasingly turning to real-world threats – and even hiring local muscle to deliver the message. Read more in my article on the Hot for Security blog. Graham Cluley Go to grahamcluley
-
Smashing Security podcast #467: How ShinyHunters hacked the world’s biggest universities
Smashing Security podcast #467: How ShinyHunters hacked the world’s biggest universities Welcome to the largest educational data breach in history – affecting nearly 9,000 institutions, every Ivy League university, and 30 million students mid-finals. When Canvas’s parent company refused to pay and announced they had deployed “security patches” instead, the hackers were less than impressed.…
-
Inside Department 4: Russia’s secret school for hackers
Inside Department 4: Russia’s secret school for hackers Most universities have a careers fair. At Bauman Moscow State Technical University, however, an elite group of students appear to have something rather more unusual: a direct pipeline into some of the world’s most notorious state-sponsored hacking groups. Read more in my article on the Hot for…
-
One in eight UK workers has sold their company passwords, and bosses think it’s fine
One in eight UK workers has sold their company passwords, and bosses think it’s fine One in eight UK workers admits to selling their company login credentials – or knowing someone who has – in the past 12 months. The really alarming bit? Their bosses are even more relaxed about it. Read more in my…
-
Sri Lanka makes 37 arrests as it raids another scam centre
Sri Lanka makes 37 arrests as it raids another scam centre You don’t need to live near a scam compound for it to wreck your life. Americans lost $5.8 billion to crypto investment scams last year alone – and a raid in Sri Lanka this month shows exactly how the operations behind them keep finding…
-
Teenager alleged to be Scattered Spider hacker arrested in Finland, faces US extradition
Teenager alleged to be Scattered Spider hacker arrested in Finland, faces US extradition Here’s a tip for you all. Unless you want to draw attention to yourself as a cybercriminal, don’t flaunt your diamond-encrusted “HACK THE PLANET” necklace on Snapchat, or pose as a Sopranos crime boss while the FBI is reportedly closing in. Read…
-
Iran-linked Handala hackers leak US Marines data, send chilling WhatsApp threats
Iran-linked Handala hackers leak US Marines data, send chilling WhatsApp threats US Marines stationed around the Persian Gulf have been receiving WhatsApp messages from strangers suggesting they call home and make their final goodbyes. Read more in my article on the Hot for Security blog. Graham Cluley Go to grahamcluley
-
Smashing Security podcast #465: This developer wanted to cheat at Roblox. It cost millions
Smashing Security podcast #465: This developer wanted to cheat at Roblox. It cost millions A developer at an AI startup wanted to cheat at Roblox. They downloaded a dodgy script on their work laptop. That one decision triggered a cascade of failures that ended with a $2 million data breach affecting hundreds of thousands of…
-
Alleged Silk Typhoon hacker extradited to the United States to face charges
Alleged Silk Typhoon hacker extradited to the United States to face charges A man accused of working as a hacker for China’s Ministry of State Security has been extradited to the USA from Italy, and faces – if found guilty – the prospect of decades behind bars. Read more in my article on the Hot…
-
French police arrest 21-year-old “HexDex” hacker over 100 alleged data breaches
French police arrest 21-year-old “HexDex” hacker over 100 alleged data breaches A 21-year-old man suspected of conducting approximately 100 data breaches since late 2025 – including a hack of the French Ministry of National Education that exposed records on almost a quarter of a million employees – has been arrested at his home in western…
-
Smashing Security podcast #464: Rockstar got hacked. The data was junk. The secrets it revealed were not
Smashing Security podcast #464: Rockstar got hacked. The data was junk. The secrets it revealed were not A company that ran anonymous tip lines for 35,000 American schools – handling reports of bullying, weapons, and self-harm – boasted on its website that it had suffered zero security breaches in over 20 years. A hacker called…
-
Sometimes changing the password on your email mailbox isn’t enough
Sometimes changing the password on your email mailbox isn’t enough Have you ever taken a look at your Microsoft 365 mailbox rules? If not, it might be worth a few minutes of your time. Because newly released research reveals that hackers may already have beaten you to it. Read more in my article on the…
-
Singer loses life savings to fake wallet downloaded from the Apple App Store
Singer loses life savings to fake wallet downloaded from the Apple App Store If you hold cryptocurrency, there’s a very simple golden rule that you should always follow. Never hand over your seed phrase. Garrett Dutton, better known as G. Love – the front man of blues-hip-hop outfit G. Love & Special Sauce – has…
-
Smashing Security podcast #463: This AI company leaked its own code. It’s also built something terrifying
Smashing Security podcast #463: This AI company leaked its own code. It’s also built something terrifying A hacking group claims to have broken into the flood defence system protecting Venice’s Piazza San Marco – and is offering to sell access to whoever wants it. The asking price? A frankly insulting $600. Meanwhile, Anthropic accidentally leaked…
-
108 malicious Chrome extensions caught stealing Google and Telegram data from 20,000 users
108 malicious Chrome extensions caught stealing Google and Telegram data from 20,000 users Cybersecurity researchers have revealed that 108 malicious Google Chrome extensions have been quietly stealing user credentials, hijacking Telegram sessions, and injecting unwanted ads and scripts into browsers – all reporting back to the same central point. Read more in my article on…
-
AI and cryptocurrency scams are costing Americans billions, FBI reports
AI and cryptocurrency scams are costing Americans billions, FBI reports The fraud landscape has been changed by AI and cryptocurrency in a way that should concern organisations and individuals alike. Read more in my article on the Fortra blog. Graham Cluley Go to grahamcluley
-
Smashing Security podcast #462: LinkedIn is spying on you, and you agreed to nothing
Smashing Security podcast #462: LinkedIn is spying on you, and you agreed to nothing LinkedIn has been secretly scanning your browser for over 6,000 installed extensions — on every single click you make. It can tell if you’re job hunting, what religion you are, and whether you have ADHD. And none of this is mentioned…
-
Life imprisonment for Cambodian scam compound operators – but will it make a difference?
Life imprisonment for Cambodian scam compound operators – but will it make a difference? Cambodia has taken a dramatic step in its fight against scam compounds that have imprisoned innocent people, and forced them to work as virtual slaves defrauding victims via the internet around the world with romance scams and dodgy investment schemes. Read…
-
Nigerian romance scammer jailed after being caught out by fellow fraudster
Nigerian romance scammer jailed after being caught out by fellow fraudster A Nigerian fraudster spent years posing as a woman online, romancing unsuspecting American men out of their savings – until he accidentally tried the same trick on a fellow scammer, who told him to “learn how to do a clean job.” The recovered chat…
-
Smashing Security podcast #461: This man hid $400 million in a fishing rod. Then it vanished
Smashing Security podcast #461: This man hid $400 million in a fishing rod. Then it vanished A cannabis-growing, beekeeping, gyrocopter-flying Irishman invested his drug money in Bitcoin back in 2011 – and now sits on a fortune worth $400 million. There’s just one small problem: the access codes were tucked inside his fishing rod case,…
-
Alleged RedLine malware developer extradited to United States
Alleged RedLine malware developer extradited to United States A man has appeared in federal court in Austin, Texas, after being extradited to the United States to face charges related to his alleged role as a key developer of the notorious RedLine malware. Read more in my article on the Hot for Security blog. Graham Cluley…
-
Iranian hackers breach FBI director’s personal email, and post his CV and photos online
Iranian hackers breach FBI director’s personal email, and post his CV and photos online It’s not every day that you read that the head of America’s top law enforcement agency has been hacked, but then – these aren’t ordinary times. Read more in my article on the Hot for Security blog. Graham Cluley Go to…
-
World Leaks data extortion: What you need to know
World Leaks data extortion: What you need to know World Leaks is a cyber extortion operation that steals sensitive data from organizations and threatens to leak it via the dark web if a ransom is not paid. Read more in my article on the Fortra blog. Graham Cluley Go to grahamcluley
-
Smashing Security podcast #460: Never knock on the door of a nuclear submarine base and ask for a selfie
Smashing Security podcast #460: Never knock on the door of a nuclear submarine base and ask for a selfie A disgruntled data analyst decides that the best response to losing his contract is to steal the entire company payroll database and demand $2.5 million in Bitcoin – signing his extortion emails from a company called…
-
How one man used 10,000 bots to steal $8,000,000 from music artists
How one man used 10,000 bots to steal $8,000,000 from music artists A man has pleaded guilty to defrauding online music streaming platforms out of more than US $8 million, after creating hundreds of thousands of songs with AI, and then using bots to play them billions of times. Read more in my article on…
-
LeakNet ransomware: what you need to know
LeakNet ransomware: what you need to know A ransomware gang that claims to be a group of “investigative journalists”? Meet LeakNet – the group using fake CAPTCHA pages to trick employees into hacking themselves. Read more in my article on the Fortra blog. Graham Cluley Go to grahamcluley
-
Denver’s crosswalks hacked to broadcast anti-Trump messages
Denver’s crosswalks hacked to broadcast anti-Trump messages Pedestrians crossing a street in Denver, Colorado, got rather more than they bargained for last weekend, when the audio signals at two crosswalks began broadcasting a political message alongside their usual walking instructions. Read more in my article on the Hot for Security blog. Graham Cluley Go to…
-
Smashing Security podcast #459: This clever scam nearly hijacked a tech CEO’s Apple ID
Smashing Security podcast #459: This clever scam nearly hijacked a tech CEO’s Apple ID In episode 459 of Smashing Security, we dive into a chillingly clever account takeover attempt targeting WordPress co-founder Matt Mullenweg – involving MFA fatigue, real Apple alerts, a convincing support call, and a phishing page that oh-so-nearly worked. If a famous…
-
Free parking in Russia after Distributed Denial-of-Service attack knocks city’s parking system offline
Free parking in Russia after Distributed Denial-of-Service attack knocks city’s parking system offline Drivers in the Russian city of Perm have been enjoying an unexpected bonus this week: free parking. Not because the city council suddenly decided to embrace generosity – but rather because hackers succeeded in knocking the city’s payment system offline. Read more…
-
Fraudsters are using public planning records to target permit applicants
Fraudsters are using public planning records to target permit applicants If you’re in the middle of applying for a planning or zoning permit, there is some unwelcome news: cyber-criminals have found a way to exploit the bureaucratic tedium of the process against you. Read more in my article on the Fortra blog. Graham Cluley Go…
-
Your Signal account is safe – unless you fall for this trick
Your Signal account is safe – unless you fall for this trick Signal, the encrypted messaging app trusted by security-savvy users around the world, has confirmed that hackers have managed to takeover accounts – with government officials and journalists among those being targeted. Read more in my article on the Hot for Security blog. Graham…
-
Smashing Security podcast #458: How not to steal $46 million from the US government
Smashing Security podcast #458: How not to steal $46 million from the US government A Wikipedia security engineer accidentally wakes a dormant JavaScript worm that hadn’t stirred since 2024 – and within minutes, giant woodpecker images are plastered across the internet’s favourite encyclopaedia. Meanwhile, a crypto contractor hired to help the US Marshals manage seized…
-
Twitter suspended 800 million accounts last year – so why does manipulation remain so rampant?
Twitter suspended 800 million accounts last year – so why does manipulation remain so rampant? Elon Musk’s social media site says it suspended 800 million accounts in a year for spam and manipulation – but with state-backed campaigns still flooding the platform, the real question is how many fake accounts remain. Read more in my…
-
How hackers bypassed MFA with a $120 phishing kit – until a global takedown shut it down
How hackers bypassed MFA with a $120 phishing kit – until a global takedown shut it down In a co-ordinated public-private operation between law enforcement agencies and cybersecurity industry partners, Tycoon 2FA – one of the world’s most prolific phishing-as-a-service platforms – has been dismantled. Read more in my article on the Hot for Security…
-
Smashing Security podcast #457: How a cybersecurity boss framed his own employee
Smashing Security podcast #457: How a cybersecurity boss framed his own employee When a top cybersecurity firm discovered it had a leak, you would expect the FBI to be called. Instead, the person put in charge of the investigation was the actual leaker… who promptly sent an innocent colleague into a career-ending ambush. In this…
-
They seized $4.8m in crypto… then gave the master key to the internet
They seized $4.8m in crypto… then gave the master key to the internet South Korea’s National Tax Service (NTS) has found itself in the middle of a deeply embarrassing – and costly – blunder after accidentally handing thieves the master key to a seized cryptocurrency wallet. Read more in my article on the Hot for…
-
Notorious ransomware gang allegedly blackmailed by fake FSB officer
Notorious ransomware gang allegedly blackmailed by fake FSB officer There is a certain poetic justice in a cybersecurity-related story that has emerged from Moscow this week: A man has been accused of trying to extort money… from a notorious Russian ransomware gang. Read more in my article on the Hot for Security blog. Graham Cluley…
-
Your staff are your biggest security risk: AI is making it worse
Your staff are your biggest security risk: AI is making it worse A new report claims that the cost of insider security incidents has surged 20% in two years, reaching an average of US $19.5 million per organization annually, with no sign that the alarming figure is flattening. Read more in my article on the…
-
Smashing Security podcast #456: How to lose friends and DDoS people
Smashing Security podcast #456: How to lose friends and DDoS people When the mysterious operator of an internet archiving-service decided to silence a curious Finnish blogger, they didn’t just send a stroppy email – they allegedly weaponised their own CAPTCHA page to launch a DDoS attack, threatened to invent an entirely new genre of AI…
-
$10,000 bounty offered if you can hack Ring cameras to stop them sharing your data with Amazon
$10,000 bounty offered if you can hack Ring cameras to stop them sharing your data with Amazon Amid a privacy backlash, a US $10,000 reward has been offered for anyone who can find a way to run Ring doorbell cameras locally, cutting off the flow of video data to Amazon’s servers. Read more in my…
-
Spanish police say they have arrested hacker who booked luxury hotel rooms for just one cent
Spanish police say they have arrested hacker who booked luxury hotel rooms for just one cent Spain’s police force has announced that it has arrested a 20-year-old man who they claim managed to book luxury hotel rooms worth up to €1,000 a night for just one euro cent. Read more in my article on the…
-
Dutch police arrest man for “hacking” after accidentally sending him confidential files
Dutch police arrest man for “hacking” after accidentally sending him confidential files Police in The Netherlands say they have arrested a 40-year-old man on suspicion of hacking… after police officers accidentally sent him a link granting him access to their own confidential documents Read more in my article on the Hot for Security blog. Graham…
-
Urgent warnings from UK and US cyber agencies after Polish energy grid attack
Urgent warnings from UK and US cyber agencies after Polish energy grid attack A coordinated cyberattack that targeted Poland’s energy infrastructure in late December 2025 has prompted cybersecurity agencies to issue urgent warnings to critical national infrastructure operators on both sides of the Atlantic. Read more in my article on the Fortra blog. Graham Cluley…
-
Polish hacker charged seven years after massive Morele.net data breach
Polish hacker charged seven years after massive Morele.net data breach A 29-year-old Polish man has been charged in connection with a data breach that exposed the personal details of around 2.5 million customers of the popular Polish e-commerce website Morele.net. Read more in my article on the Hot for Security blog. Graham Cluley Go to…
-
Smashing Security podcast #454: AI was not plotting humanity’s demise. Humans were
Smashing Security podcast #454: AI was not plotting humanity’s demise. Humans were AI bots are having existential crises, inventing religions, and allegedly plotting against humanity… or so the internet would have you believe. We dig into Moltbook, the “AI-only” social network that sent Twitter into a meltdown, attracted breathless talk of the singularity, and turned…
-
Fake Dubai Crown Prince tracked to Nigerian mansion after $2.5M romance scam
Fake Dubai Crown Prince tracked to Nigerian mansion after $2.5M romance scam When a Romanian businesswoman fell for a fake Dubai Crown Prince in a $2.5 million romance scam, investigators tracked the fraudster to his Nigerian mansion – only to discover he was masquerading as a campaigning philanthropist. Read more in my article on the…
-
Incognito Market admin sentenced to 30 years for running $105 million dark web drug empire
Incognito Market admin sentenced to 30 years for running $105 million dark web drug empire He promised “the best security there is” to hundreds of thousands of drug buyers, while quietly making the kind of mistake that guaranteed a 30-year sentence. And maybe training police on cryptocurrency while running a running a vast Tor-hidden drug…
-
Smashing Security podcast #453: The Epstein Files didn’t hide this hacker very well
Smashing Security podcast #453: The Epstein Files didn’t hide this hacker very well Supposedly redacted Jeffrey Epstein files can still reveal exactly who they’re talking about – especially when AI, LinkedIn, and a few biographical breadcrumbs do the heavy lifting. Sloppy redaction leads to explosive claims, and difficult reputational consequences for cybersecurity vendors, and we…
-
FBI takes notorious RAMP ransomware forum offline
FBI takes notorious RAMP ransomware forum offline The FBI has seized control of RAMP, a notorious cybercrime online forum that bragged to be the only place that allowed ransomware, and boasted over 14,000 active users. Now some of those users’ details are likely to be in the hands of the police… Read more in my…
-
Hacking attack leaves Russian car owners locked out of their vehicles
Hacking attack leaves Russian car owners locked out of their vehicles Imagine the scene. It’s a cold Monday morning in Moscow. You walk out to your car, coffee in hand, ready to face the day. You press the button to unlock your car, and … nothing happens. You try again. Still nothing. The alarm starts…
-
Smashing Security podcast #452: The dark web’s worst assassins, and Pegasus in the dock
Smashing Security podcast #452: The dark web’s worst assassins, and Pegasus in the dock In episode 452, a London-based YouTuber wins a landmark court case against Saudi Arabia after his phone was hacked with Pegasus spyware — exposing how a single, seemingly harmless text message can turn a smartphone into a round-the-clock surveillance device. Plus,…
-
Beware! Fake ChatGPT browser extensions are stealing your login credentials
Beware! Fake ChatGPT browser extensions are stealing your login credentials If you’ve installed a browser extension to enhance your ChatGPT experience, you might want to think again. Read more in my article on the Hot for Security blog. Graham Cluley Go to grahamcluley
-
Four arrested in crackdown on Discord-based SWATting and doxing
Four arrested in crackdown on Discord-based SWATting and doxing How badly do you want to win an online argument? I certainly hope it’s not enough to put the life of the other person at risk. Police in Hungary and Romania have arrested four young men suspected of making hoax bomb threats and terrorising internet users…
-
European Space Agency’s cybersecurity in freefall as yet another breach exposes spacecraft and mission data
European Space Agency’s cybersecurity in freefall as yet another breach exposes spacecraft and mission data It has just been a few weeks since reports emerged of the Christmas cyber attack suffered by the European Space Agency (ESA), and the situation has already become worse. Read more in my article on the Hot for Security blog.…
-
Smashing Security podcast #451: I hacked the government, and your headphones are next
Smashing Security podcast #451: I hacked the government, and your headphones are next In episode 451 of “Smashing Security,” we meet the cybercriminal who hacked the US Supreme Court, Veterans Affairs, and more – and then helpfully posted screenshots (and even someone’s blood type) on an account called “I hacked the government.” Plus we discuss…
-
Pro-Russian denial-of-service attacks target UK, NCSC warns
Pro-Russian denial-of-service attacks target UK, NCSC warns The UK’s National Cyber Security Centre (NCSC) has issued a warning about the threat posed by distributed denial-of-service (DDoS) attacks from Russia-linked hacking groups who are reported to be continuing to target British organisations. Are you prepared? Read more in my article on the Hot for Security blog.…
-
The AI Fix #84: A hungry ghost trapped in a jar gains access to the Pentagon’s network
The AI Fix #84: A hungry ghost trapped in a jar gains access to the Pentagon’s network In episode 84 of The AI Fix, Graham and Mark stare straight into the digital abyss and ask the most important question of our age: “Is AI just a hungry ghost trapped in a jar?” Also this week,…
-
Smashing Security podcast #450: From Instagram panic to Grok gone wild
Smashing Security podcast #450: From Instagram panic to Grok gone wild Confusion reigns after claims that data linked to 17.5 million Instagram accounts is up for sale – sparked by a vague post, contradictory statements, and a flood of password reset emails nobody asked for. And we dig into Grok, Elon Musk’s AI chatbot, after…
-
WEF: AI overtakes ransomware as fastest-growing cyber risk
WEF: AI overtakes ransomware as fastest-growing cyber risk We can no longer say that artificial intelligence is a “future risk”, lurking somewhere on a speculative threat horizon. The truth is that it is a fast-growing cybersecurity risk that organizations are facing today. That’s not just my opinion, that’s also the message that comes loud and…
-
The AI Fix #83: ChatGPT Health, Victorian LLMs, and the biggest AI bluffers
The AI Fix #83: ChatGPT Health, Victorian LLMs, and the biggest AI bluffers In episode 83 of The AI Fix, Graham reveals he’s taken up lying to LLMs, and shows how a journalist exposed AI bluffers with a made-up idiom. Meanwhile Mark invents a “Godwin’s Law” for AI, and explains how to ruin any LLM…
-
Hackers get hacked, as BreachForums database is leaked
Hackers get hacked, as BreachForums database is leaked Have you ever stolen data, traded a hacking tool, or just lurked on a dark web forum believing that you are anonymous? If so, I might have some unsettling news for you. Read more in my article on the Hot for Security blog. Graham Cluley Go to…
-
pcTattletale founder pleads guilty in rare stalkerware prosecution
pcTattletale founder pleads guilty in rare stalkerware prosecution The founder of a spyware company that encouraged customers to secretly monitor their romantic partners has pleaded guilty to federal charges – marking one of the few successful US prosecutions of a stalkerware operator. Read more in my article on the Hot for Security blog. Graham Cluley…
-
Smashing Security podcast #449: How to scam someone in seven days
Smashing Security podcast #449: How to scam someone in seven days Romance scammers have apparently discovered astrology… and Taurus is their secret weapon. In episode 449 of “Smashing Security”, we take a look inside an actual romance-fraud handbook – complete with scripts, personality “types”, corporate jargon, and a seven-day plan to get victims from hello…
-
Coinbase insider who sold customer data to criminals arrested in India
Coinbase insider who sold customer data to criminals arrested in India Police in India have arrested a former Coinbase customer service agent who is believed to have been bribed by cybercriminal gangs to access sensitive customer information. Read more in my article on the Hot for Security blog. Graham Cluley Go to grahamcluley
-
The AI Fix #82: Santa Claus doesn’t exist (according to AI)
The AI Fix #82: Santa Claus doesn’t exist (according to AI) Is Santa Claus real? This Christmas special of The AI Fix podcast sets out to answer that question in the most sensible way possible: by consulting chatbots, Google’s festive killjoys, and the laws of relativistic physics. Your hosts unwrap a festive grab-bag of AI…
-
Smashing Security podcast #448: The Kindle that got pwned
Smashing Security podcast #448: The Kindle that got pwned Think your Kindle is harmless? Think again! In this episode, we unpack a Black Hat Europe talk revealing how a boobytrapped audiobook could exploit the Amazon eBook reader – potentially letting an attacker break into your account and seize control of your credit card. Plus a…
-
The AI Fix #81: ChatGPT is the last AI you’ll understand, and your teacher is a deepfake
The AI Fix #81: ChatGPT is the last AI you’ll understand, and your teacher is a deepfake In episode 81 of The AI Fix, Graham discovers that deepfakes are already marking your kids’ homework, while Mark glimpses the future when he discovers AI agents that can communicate by reading each other’s minds. Also in this…
-
Surveillance at sea: Cruise firm bans smart glasses to curb covert recording
Surveillance at sea: Cruise firm bans smart glasses to curb covert recording If you’re planning a cruise for your holidays, and cannot bear the idea of being parted from your Ray-Ban Meta smart glasses, you may want to avoid sailing with MSC Cruises. The cruise line has updated its list of prohibited items, specifically banning…
-
Man jailed for teaching criminals how to use malware
Man jailed for teaching criminals how to use malware A 49-year-old man has received a five-and-a-half year jail sentence after admitting to creating detailed video tutorials that showed members of a criminal gang how to infect Android phones with spyware and drain their bank accounts. Read more in my article on the Hot for Security…
-
Gartner tells businesses to block AI browsers now
Gartner tells businesses to block AI browsers now Analyst firm Gartner has issued a blunt warning to organizations: Agentic AI browsers introduce serious new security risks and should be blocked “for the foreseeable future.” Read more in my article on the Fortra blog. Graham Cluley Go to grahamcluley
-
Four years later, Irish health service offers €750 to victims of ransomware attack
Four years later, Irish health service offers €750 to victims of ransomware attack Remember when a notorious ransomware gang hit the Irish Health Service back in May 2021? Four years on, and it seems victims who had their data exposed will finally receive compensation. Read more in my article on the Hot for Security blog.…
-
Ransomware may have extorted over $2.1 billion between 2022-2024, but it’s not all bad news, claims FinCEN report
Ransomware may have extorted over $2.1 billion between 2022-2024, but it’s not all bad news, claims FinCEN report A new report from the United States’s Financial Crimes Enforcement Network (FinCEN) has shone a revealing light on the state of the criminal industry of ransomware. The report, which examines ransomware incidents from 2022 to 2024, reveals…
-
The AI Fix #80: DeepSeek’s cheap GPT-5 rival, Antigravity fails, and your LLM likes it when you’re rude
The AI Fix #80: DeepSeek’s cheap GPT-5 rival, Antigravity fails, and your LLM likes it when you’re rude In episode 80 of The AI Fix, your hosts look at DeepSeek 3.2 “Speciale”, the bargain-basement model that claims GPT-5-level brains at 10% of the price, Jensen Huang’s reassuring vision of a robot fashion industry, and a…
-
Privacy concerns raised as Grok AI found to be a stalker’s best friend
Privacy concerns raised as Grok AI found to be a stalker’s best friend Grok, the AI chatbot developed by Elon Musk’s xAI, has been found to exhibit more alarming behaviour – this time revealing the home addresses of ordinary people upon request. Read more in my article on the Hot for Security blog. Graham Cluley…
-
Why the record-breaking 30 Tbps DDoS attack should concern every business
Why the record-breaking 30 Tbps DDoS attack should concern every business A new warning about the threat posed by Distributed Denial of Service (DDoS) attacks should make you sit up and listen. Read more in my article on the Fortra blog. Graham Cluley Go to grahamcluley
-
FBI warns of surge in account takeover (ATO) fraud schemes – what you need to know
FBI warns of surge in account takeover (ATO) fraud schemes – what you need to know The FBI has recently issued a public service announcement that warns that since January 2025 there have been more than 5,100 complaints of account takeover fraud, and total reported losses in excess of US $262 million. Read more in…
-
The AI Fix #79: Gemini 3, poetry jailbreaks, and do we even need safe robots?
The AI Fix #79: Gemini 3, poetry jailbreaks, and do we even need safe robots? In episode 79 of The AI Fix, Gemini 3 roasts the competition, scares Nvidia, and can’t remember what year it is. Meanwhile, Graham investigates a fight between a fridge and robot, and Mark discovers that poetry could be a universal…
-
Asahi cyber attack spirals into massive data breach impacting almost 2 million people
Asahi cyber attack spirals into massive data breach impacting almost 2 million people Asahi Group Holdings, the makers of the popular Japanese beer Asahi Super Dry, has confirmed that the ransomware attack that disrupted its operations in late September also saw a significant data breach that affects more than 1.5 million customers and approximately 275,000…
-
State-backed spyware attacks are targeting Signal and WhatsApp users, CISA warns
State-backed spyware attacks are targeting Signal and WhatsApp users, CISA warns CISA, the US Cybersecurity and Infrastructure Security Agency, has issued a new warning that cybercriminals and state-backed hacking groups are using spyware to compromise smartphones belonging to users of popular encrypted messaging apps such as Signal, WhatsApp, and Telegram. Read more in my article…
-
Smashing Security podcast #445: The hack that brought back the zombie apocalypse
Smashing Security podcast #445: The hack that brought back the zombie apocalypse America’s airwaves are haunted by zombies again, as we dig into a decade of broadcasters leaving their hardware open to attack, giving hackers the chance to hijack TV shows, blast out fake emergency alerts, and even replace religious sermons with explicit furry podcasts.…
-
Shadow AI security breaches will hit 40% of all companies by 2030, warns Gartner
Shadow AI security breaches will hit 40% of all companies by 2030, warns Gartner Shadow AI – the use of artificial intelligence tools by employees without a company’s approval and oversight – is becoming a significant cybersecurity risk. Read more in my article on the Fortra blog. Graham Cluley Go to grahamcluley
-
The AI Fix #78: The big AI bubble, and robot Grandma in the cloud
The AI Fix #78: The big AI bubble, and robot Grandma in the cloud In episode 78 of The AI Fix, alien robot spiders invade Antarctica (or Facebook says they do), Mark prepares humanity for AI-powered fighter jets with loyalty issues, and Graham tries to work out why his AI-generated country music career hasn’t yet…
-
Operation Endgame disrupts Rhadamanthys information-stealing malware
Operation Endgame disrupts Rhadamanthys information-stealing malware International cybercrime-fighting agencies, co-ordinated by Europol, took down over 1000 servers and seized 20 domains earlier this month as part of Operation Endgame 3.0. Their target? Three major malware platforms: the infostealer known as Rhadamanthys, the VenomRAT remote access trojan, and the Elysium botnet. Read more in my article…
-
UK’s new cybersecurity bill takes aim at ransomware gangs and state-backed hackers
UK’s new cybersecurity bill takes aim at ransomware gangs and state-backed hackers After years of delays, the UK government has finally introduced landmark cybersecurity legislation that could reshape how British organisations defend against digital attacks. Read more in my article on the Fortra blog. Graham Cluley Go to grahamcluley