My pleasure Phil! Thanks for supporting the podcast all these years. :)

This AI company leaked its own code. It's also built something terrifying Podcast Episode · Smashing Security · April 15 · 45m

Another great episode of @smashingsecurity.com featuring @shehackspurple.bsky.social!

Singer loses life savings to fake wallet downloaded from the Apple App Store If you hold cryptocurrency, there's a very simple golden rule that you should always follow.

A fake Ledger Live app sat in Apple's App Store long enough to steal $9.5 million from more than 50 victims - including a certain G. Love of G. Love & Special Sauce, who lost 5.9 Bitcoin he'd held for ten years as his retirement fund.

All it took was a seed phrase...

Great to have @shehackspurple.bsky.social join me on the latest episode of "Smashing Security", where we talked about hackers targeting Venice's flood defence systems, Anthropic's latest exploits, and even some of our favourite TV shows..

www.smashingsecurity.com/463

Malicious Chrome Extensions Steal Google & Telegram Data These Chrome extensions looked harmless - but secretly stole data and hijacked accounts. Here’s what you need to know.

Do you know what Chrome browser extensions you're running right now?

108 malicious Chrome extensions that were quietly stealing Google account data, hijacking Telegram sessions, and injecting gambling ads have just been found. They clocked up around 20,000 installs.

Rapid7 2026 Global Cybersecurity Summit | Virtual Event Join Rapid7’s 2026 Global Cybersecurity Summit, a two-day virtual event on preemptive security operations, cyber resilience, MDR, and AI-driven defense.

I'm speaking at Rapid7's 2026 Global Cybersecurity Summit, May 12-13.

Come hear me chat about how modern attacks actually start, and the reality of running a SOC in 2026 - alongside @racheltobac.bsky.social, @rajsamani.bsky.social, and @brianhonan.bsky.social

rapid7.brighttalk.com?utm_source=r...

Ha. I wonder if i was subconsciously remembering this when i was speaking about "-gate" on the podcast!?

Tom Baker has regenerated into Miriam Margolyes

Season 18 of Doctor Who has always had a special place in my heart...

EFF is Leaving X After almost twenty years on the platform, EFF is logging off of X. This isn’t a decision we made lightly, but it might be overdue.

After almost twenty years on the platform, EFF is logging off of X.

This isn’t a decision we made lightly, but it might be overdue. 🧵 (1/5)
www.eff.org/deeplinks/2...

DOCTOR WHO New Series Trailer 2027 - KIONIC YouTube video by KIONIC

Hey BBC, if you're looking for someone new to make Doctor Who, I think you'll find them on YouTube:

www.youtube.com/watch?v=ARdZ...

Plus, a look at why California's crypto millionaires are suddenly very nervous about answering the door for pizza deliveries.

Give "Smashing Security" episode 462 a listen wherever you digest podcasts, or at pod.link/1195001633/e...

Smashing Security episode 462: LinkedIn is spying on you, and you agreed to nothing

A huge thank you to The Cyberwire's Dave Bittner for joining me on this week's Smashing Security podcast!

This week we reveal what LinkedIn really knows about you (it's rather more than you might expect - and rather more than they're letting on).

1/2

Have I missed the statements from all the world readers condemning Trump‘s comments today?

Life imprisonment for Cambodian scam compound operators - but will it make a difference? Cambodia has taken a dramatic step in its fight against scam compounds that have imprisoned innocent people, and forced them to work as virtual slaves defrauding victims via the internet around the wo...

But with alleged government complicity, state-licensed casinos linked to trafficking, and gangs still recruiting on Telegram... is the threat of life in prison a sign of real change or just for show?

I have my doubts.

Check out my article: www.bitdefender.com/en-us/blog/h...

2/2

Life imprisonment for Cambodian scam compound operators - but will it make a difference? Cambodia has taken a dramatic step in its fight against scam compounds that have imprisoned innocent people, and forced them to work as virtual slaves defrauding victims via the internet around the wo...

Cambodia has passed a landmark law targeting scam compounds that have enslaved up to 150,000 people... forcing them to run romance scams and fake crypto schemes or be beaten and tortured.

Penalties are severe. Up to LIFE IMPRISONMENT for the worst offenders.

1/2

Nigerian romance scammer jailed after being caught out by fellow fraudster A Nigerian man who posed as a woman online to swindle men out of their savings has been sentenced to 15 years in a US prison.

A Nigerian fraudster spent years posing as a woman online, romancing unsuspecting American men out of their savings - until he accidentally tried the same trick on a fellow scammer, who told him to "learn how to do a clean job."

The recovered chat logs helped put him behind bars for 15 years.

We also dig into Ajax Football Club's data breach - which the club claimed affected a few hundred fans, but may actually have exposed 300,000 supporters.

Think you know what happened to the fishing rod? Give episode 461 of "Smashing Security" a listen and let me know...

pod.link/1195001633/e...

Smashing Security 461

A huge thank you to @dannypalmer.bsky.social for joining me on this week's Smashing Security podcast!

We unravel the tale of an Irish beekeeper and cannabis farmer whose $400 million fortune is locked inside a missing fishing rod. Or is it? Because one of his cryptowallets just woke up...

Alleged RedLine malware developer extradited to United States A man has appeared in federal court in Austin, Texas, after being extradited to the United States to face charges related to his alleged role as a key developer of the notorious RedLine malware.

One of the alleged developers behind the notorious RedLine infostealer, malware which has stolen data from victims in over 150 countries, has been extradited to the US and faces up to 30 years in prison.

His alleged co-conspirator remains out of reach in Russia

www.bitdefender.com/en-us/blog/h...

They used Microsoft Intune to destroy a company - 200,000 devices wiped YouTube video by Graham Cluley

When hackers attacked global medtech giant Stryker, they didn't use ransomware.

Iran-linked group Handala simply logged into Microsoft Intune, and issued remote wipe commands. 200,000+ devices were wiped.

My chat with Rob Edmondson of CoreView about what happened

www.youtube.com/watch?v=4Q2h...

Iranian hackers breach FBI director's personal email, and post his CV and photos online It's not every day that you read that the head of America's top law enforcement agency has been hacked, but then - these aren't ordinary times.

It's not every day that you read that the head of America's top law enforcement agency has been hacked, but then - these aren't ordinary times.

Iranian hackers have breached FBI director Kash Patel's personal Gmail account, and posted his CV and photos online.
www.bitdefender.com/en-us/blog/h...

World Leaks logo

World Leaks is an extortion gang that doesn't encrypt your data. Just steals your data and threatens to leak it. Over 130 victims, including Nike, Dell, and UBS.

They even offer journalists early access to stolen data to crank up the pressure on victims. Charming.
www.fortra.com/blog/world-l...

Never knock on the door of a nuclear submarine base and ask for a selfie

On this week's episode of "Smashing Security":

⊙ a disgruntled contractor steals his ex-employer's payroll database and demands $2.5 million

⊙ two mysterious individuals drive up to a nuclear submarine base and ask to look around

open.spotify.com/episode/6Hry...

with guest Jenny Radcliffe!

📅 Delighted to announce that I'll be delivering the keynote at Cybercon Staffordshire on Weds 8 April, at the Wade Conference Centre, Stoke-on-Trent.

I'll be discussing how your AI workforce might actually be your biggest security risk.

Free tickets: www.grahamcluley.com/cybercon

Thanks for your support! Love to know that you're listening to the show in your longboat. :)

How one man used 10,000 bots to steal $8,000,000 from music artists A 54-year-old man has pleaded guilty to defrauding online music streaming platforms out of more than US $8 million, after creating hundreds of thousands of songs with AI, and then using bots to play t...

AI-generated songs. Bot-powered streams. $8 million stolen from real artists.

A North Carolina man just pleaded guilty.

Read the full story about how one man used 10,000 bots to steal $8,000,000 over on the Bitdefender blog: www.bitdefender.com/en-us/blog/h...

A wanted fugitive hides in a kitchen cabinet while police search the house around him - and decides to post about his whereabouts on Snapchat. Twice. 🤦

The lesson? If you don't want people to know where you are, don't post it on social media. Seems obvious, but apparently not to everyone...

Denver's crosswalks hacked to broadcast anti-Trump messages Pedestrians crossing a street in Denver, Colorado, got rather more than they bargained for last weekend, when the audio signals at two crosswalks began broadcasting a political message alongside their...

"Trump murders children!" Denver's crosswalks hacked to broadcast anti-Trump messages.

Read more in my article on the Bitdefender blog: www.bitdefender.com/en-us/blog/h...

Monitors floating in a sea coloured the shade of ransomware, with the word "Leaknet" ominously resonating from their screens.

A ransomware gang that claims to be a group of "investigative journalists"? Meet LeakNet - the group using fake CAPTCHA pages to trick employees into hacking themselves.

Check out my article on the Fortra blog: www.fortra.com/blog/leaknet...

This clever scam nearly hijacked a tech CEO's Apple ID

We also ask: would you donate your lifetime medical data to science in exchange for a promise of anonymity? We unpack why "de-identified" data from UK Biobank may offer far less privacy protection than donors were led to believe - and how frighteningly little it takes to re-identify someone.