Smashing Security

Confusion reigns after claims that data linked to 17.5 million Instagram accounts is up for sale - sparked by a vague post, contradictory statements, and a flood of password reset emails nobody asked for.And we dig into Grok, Elon Musk’s AI chatbot, after it started generating sexualised images of women and children - raising uncomfortable questions about guardrails, accountability, and why playing the censorship card doesn’t make the problem go away.All this, and much more, in this episode of the "Smashing Security" podcast with Graham Cluley, and special guest Monica Verma.EPISODE LINKS:Free Speech Union website down after alleged funders exposed by trans hackers - Pink News.Illinois Man Charged in Snapchat Hacking Investigation - US Dept of Justice.Hackers get hacked, as BreachForums database is leaked - Hot for Security.Post by Malwarebytes - Bluesky.Post by Instagram - Twitter.Instagram denies breach amid claims of 17 million account data leak - Bleeping Computer.Ofcom asks X about reports its Grok AI makes sexualised images of children - BBC News.Musk’s Grok blocked by Indonesia, Malaysia over sexualized images in world first - CNN.Elon Musk shares AI images of Starmer in bikini in row over grim Grok deepfakes - Mirror.Soul Music - BBC Sounds.Smashing Security merchandise (t-shirts, mugs, stickers and stuff)SPONSORS:Vanta - Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get $1000 off!Meter - Network infrastructure for the enterprise. Get a free personalised demo.SUPPORT THE SHOW:Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.Become a supporter! Join Smashing Security PLUS via Patreon or Apple Podcasts for ad-free episodes on our early-release feed!FOLLOW THE SHOW:Follow us on Bluesky or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.THANKS:Theme tune: "Vinyl Memories" by Mikael Manvelyan.Assorted sound effects: AudioBlocks.ENJOYED THE SHOW?Make sure to check out our sister podcast, "The AI Fix".Privacy & Opt-Out: https://redcircle.com/privacy

Romance scammers have apparently discovered astrology... and Taurus is their secret weapon.In episode 449 of "Smashing Security", we take a look inside an actual romance-fraud handbook - complete with scripts, personality “types”, corporate jargon, and a seven-day plan to get victims from hello to hand over the crypto.Then Lesley "hacks4pancakes" Carhart delivers a reality check on the dire cybersecurity jobs market for juniors: why entry-level roles are evaporating, how automated CV screening is chewing candidates up, and what hopeful newcomers (and weary veterans) can do about it.Plus, Graham talks to ThreatLocker CEO Danny Jenkins about why misconfigurations are behind an uncomfortable number of breaches, how default-deny security actually works in practice, and why detecting attacks after they’ve started is already too late.All this, and much more, in this episode of the "Smashing Security" podcast with Graham Cluley, and special guest Lesley Carhart.EPISODE LINKS:Millions of Android Powered TVs and Streaming Devices Infected by Kimwolf Botnet - Hackread.Ilya Lichtenstein, Bitcoin hacker behind massive crypto theft, credits Trump for early prison release - CNBC.How Fake BSODs and Trusted Build Tools Are Used to Construct a Malware Infection - Securonix.A scammer's guide: How cybercriminals plot to rob a target in a week - Reuters.Game of Wool: Britian’s Best Knitter - Channel 4.Game of Wool trailer - YouTube.Earthrise One: Melbourne's Premier Sci-Fi Escape Room Adventure.Smashing Security merchandise (t-shirts, mugs, stickers and stuff)SPONSORS:Vanta - Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get $1000 off!ThreatLocker - Start your free trial and book a demo of ThreatLocker today to see how you can implement Zero Trust in your environment.Meter - Network infrastructure for the enterprise. Get a free personalised demo.SUPPORT THE SHOW:Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.Become a supporter! Join Smashing Security PLUS via Patreon or Apple Podcasts for ad-free episodes on our early-release feed!FOLLOW THE SHOW:Follow us on Bluesky or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.THANKS:Theme tune: "Vinyl Memories" by Mikael Manvelyan.Assorted sound effects: AudioBlocks.ENJOYED THE SHOW?Make sure to check out our sister podcast, "The AI Fix".Privacy & Opt-Out: https://redcircle.com/privacy

Think your Kindle is harmless? Think again! In this episode, Graham and special guest Danny Palmer unpack a Black Hat Europe talk revealing how a boobytrapped audiobook could exploit the Amazon eBook reader - potentially letting an attacker break into your account and seize control of your credit card.Plus a blast from 2021's "summer of ransomware" returns to haunt Ireland's Health Service Executive, as victims are offered €750 each.And because it's the last show before the Christmas break, there's also a Pick of the Week that veers from cosy rom-com comfort to pointy-polygon nostalgia. All this, and more, in episode 448 of the "Smashing Security" podcast with Graham Cluley, and special guest Danny Palmer.🎅 🎄 Thanks to everyone for listening to "Smashing Security" during 2025 - we look forward to being back in your ear'oles in early January. Stay safe! 🎅 🎄EPISODE LINKS:Password manager provider fined £1.2m by ICO for data breach affecting up to 1.6 million people in the UK - ICO.Trump Administration Turning to Private Firms in Cyber Offensive - Bloomberg.Russian ban on Roblox gaming platform sparks rare protest - Reuters.Once upon an exploit: how fake audiobook led to Kindle takeover - Cybernews.Four years later, Irish health service offers €750 to victims of ransomware attack - Bitdefender.When Harry Met Sally - Wikipedia.When Harry Met Sally trailer - YouTube.Tomb Raider 1-3 Remastered review - you were never going to smooth these games out - Eurogamer.Smashing Security merchandise (t-shirts, mugs, stickers and stuff)SPONSORS:Vanta - Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get $1000 off!ThreatLocker - Start your free trial and book a demo of ThreatLocker today to see how you can implement Zero Trust in your environment.SUPPORT THE SHOW:Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.Become a supporter! Join Smashing Security PLUS via Patreon or Apple Podcasts for ad-free episodes on our early-release feed!FOLLOW THE SHOW:Follow us on Bluesky or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.THANKS:Theme tune: "Vinyl Memories" by Mikael Manvelyan.Assorted sound effects: AudioBlocks.ENJOYED THE SHOW?Make sure to check out our sister podcast, "The AI Fix".Privacy & Opt-Out: https://redcircle.com/privacy

On this week's show we learn that AI really can be a stalker’s best friend, as we explore a strange tale that starts with a manatee-shaped mailbox on a millionaire's lawn and ends with Grok happily doxxing real people, mapping out stalking "strategies," and handing out revenge-porn tips.Then we go inside the Louvre heist, where thieves in hi-vis and a hire van waltzed off with the French crown jewels in broad daylight, exploiting our assumptions about what "looks normal" - the same kind of bias we’re now baking into security AIs.Plus, Graham chats with Rob Edmondson from CoreView about why misconfigurations and over-privileged accounts can make Microsoft 365 dangerously vulnerable.All this, and more, in episode 447 of the "Smashing Security" podcast with Graham Cluley, and special guest Jenny Radcliffe.EPISODE LINKS:Khashoggi widow files complaint in France alleging Saudi government infected devices with spyware - The Record.US Posts $10 Million Bounty for Iranian Hackers - Security Week.Infostealer has entered the chat - Kaspersky.Dave Portnoy posts a photo of his lawn (including a manatee-shaped mailbox) - Twitter.Elon Musk’s Grok AI Is Doxxing Home Addresses of Everyday People - Futurism.Elon Musk’s Grok Is Providing Extremely Detailed and Creepy Instructions for Stalking - Futurism.How the Louvre thieves exploited human psychology to avoid suspicion – and what it reveals about AI - The Conversation.Outrageous (TV series) - Wikipedia.Outrageous trailer - YouTube.Man charged with theft after allegedly swallowing Fabergé pendant in jewellery store - The Guardian.Free Microsoft 365 Tenant Security Scanner - CoreView.Smashing Security merchandise (t-shirts, mugs, stickers and stuff)SPONSORS:Vanta - Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get $1000 off!Horizon3.ai - Get an autonomous pentest demo and see your network the way attackers do. Visit Horizon3.ai.CoreView - Benchmark your Microsoft 365 tenant security against the Center for Internet Security (CIS) controls. SUPPORT THE SHOW:Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.Become a supporter! Join Smashing Security PLUS via Patreon or Apple Podcasts for ad-free episodes on our early-release feed!FOLLOW THE SHOW:Follow us on Bluesky or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.THANKS:Theme tune: "Vinyl Memories" by Mikael Manvelyan.Assorted sound effects: AudioBlocks.ENJOYED THE SHOW?Make sure to check out our sister podcast, "The AI Fix".Privacy & Opt-Out: https://redcircle.com/privacy

A teenage cybercriminal posts a smug screenshot to mock a sextortion scammer... and accidentally hands over the keys to his real-world identity. Meanwhile, we look into the crystal ball for 2026 and consider how stolen data is now the jet fuel of cybercrime – and how next year could be even nastier than 2025.Plus, Graham rants about recipe sites that won’t shut up, and there's even more love for Lily Allen's album "West End Girl" album.All this and more is discussed in episode 446 of the "Smashing Security" podcast with cybersecurity veteran Graham Cluley, and special guest Rik Ferguson.EPISODE LINKS:Europol nukes Cryptomixer laundering hub, seizing €25M in Bitcoin - The Register.4.3 Million Browsers Infected: Inside ShadyPanda's 7-Year Malware Campaign - Koi.Uncovering a Calendly-themed phishing campaign targeting business ad manager accounts - Push Security.Meet Rey, the Admin of ‘Scattered Lapsus$ Hunters’ - Krebs on Security.Jonathan Ross email goof highlights Twitter security issue - Graham Cluley.VIDEO: Mark Zuckerberg’s password choices are dadada-dumb! - Graham Cluley.Password to Louvre’s video surveillance system was 'Louvre', according to employee - ABC News.Just the Recipe.West End Girl - Wikipedia.West End Girl - Spotify.Smashing Security merchandise (t-shirts, mugs, stickers and stuff)SPONSORS:1Password - Take the first step to better security by securing your team’s credentials.Vanta - Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get $1000 off!Drata - The world’s most advanced Trust Management platform – making risk and compliance management accessible, continuous, and 10x more automated than ever before.SUPPORT THE SHOW:Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.Become a supporter! Join Smashing Security PLUS via Patreon or Apple Podcasts for ad-free episodes on our early-release feed!FOLLOW THE SHOW:Follow us on Bluesky or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.THANKS:Theme tune: "Vinyl Memories" by Mikael Manvelyan.Assorted sound effects: AudioBlocks.ENJOYED THE SHOW?Make sure to check out our sister podcast, "The AI Fix".Privacy & Opt-Out: https://redcircle.com/privacy