Graham Cluley

1. Smashing Security podcast #440: How to hack a prison, and the hidden threat of online checkouts

   A literal insider threat: we head to a Romanian prison where “self-service” web kiosks allowed inmates to run wild. Then we head to the checkout aisle to ask why JavaScript on payment pages went feral, and how new PCI DSS rules are finally muzzling Magecart-style skimmers. Plus: Graham reveals his new-found superpower with Keyboard Maestro, and Scott describes a slick new way to whip up beautiful how-to videos with Screen Studio. All this and more is discussed in episode 440 of "Smashing Security" podcast with cybersecurity veteran Graham Cluley, and special guest Scott Helme.

2. Cybercriminals turn on each other: the story of Lumma Stealer’s collapse

   Normally when we write about a malware operation being disrupted, it's because it has been shut down by law enforcement. But in the case of Lumma Stealer, a notorious malware-as-a-service (MaaS) operation used to steal passwords and sensitive data, it appears to have been sabotaged by other cybercriminals. Read more in my article on the Fortra blog.

3. The AI Fix #73: Google Gemini is a gambling addict, and how to poison an AI

   In episode 73 of The AI Fix, AI now writes more web content than humans and more books by ex-British prime ministers than ex-British prime ministers. Mark eats a dodgy prawn, Google discovers a new pathway to treating cancer, a lawyer gets skewered for using AI over and over again, and a US general declares that he's outsourced his brain to ChatGPT. Also in this episode, Graham discovers that LLMs show all the characteristics of pathological gambling, and Mark explains why AI training is like eating a prawn buffet. All this and much more is discussed in the latest edition of "The AI Fix" podcast by Graham Cluley and Mark Stockley.

4. John Bolton charged over classified emails after Iranian hack of his AOL account

   Former US national security adviser John Bolton is the latest in a line of Donald Trump's critics to find themselves on the sharp end of charges from the US Department of Justice. Bolton, who left the White Hose in 2021 and wrote a tell-all memoir describing Trump as unfit for office and "stunningly uninformed," has been charged with mishandling classified information. Specifically, prosecutors allege that Bolton improperly retained and transmitted classified information to members of his family, via an AOL account. Read more in my article on the Hot for Security blog.

5. Hundreds of masked ICE agents doxxed by hackers, as personal details posted on Telegram

   Hundreds of US government officials working for the FBI, ICE, and Department of Justice have had their personal data leaked by a notorious hacking group. Read more in my article on the Hot for Security blog.

6. Operation Heracles strikes blow against massive network of fraudulent crypto trading sites

   In a significant crackdown against online cybercriminals, German authorities have successfully dismantled a network of fraudulent cryptocurrency investment sites that has targeted millions of unsuspecting people across Europe. Read more in my article on the Hot for Security blog.

7. Smashing Security podcast #439: A breach, a burnout, and a bit of Fleetwood Mac

   A critical infrastructure hack hits the headlines - involving default passwords, boasts on Telegram, and a finale that will make a few cyber-crooks wish the ground would swallow them whole. Meanwhile we dig into the bit we don't talk about enough: the human cost of defending companies from hackers - stress, burnout, and how better leadership culture can help security ake teams safer and saner. All this and more is discussed in episode 439 of "Smashing Security" podcast with cybersecurity veteran Graham Cluley, and his special guest Annabel Berry.

8. NCSC warns companies to prepare for a day when your screens go dark

   The UK’s National Cyber Security Centre warns that the country now faces four nationally significant cyberattacks every week - a 129% jump in a year. Some headlines claim the NCSC is urging organisations to “go back to pen and paper,” but the full report tells a more practical story about resilience, preparedness, and surviving a cyber attack. Here’s what the report really says, and why a printed plan might still save your business. Read more in my article on the Fortra blog.

9. The AI Fix #72: The AI hype train, space data centers, and lifelike robot heads

   In episode 72 of The AI Fix, GPT-5's "secret sauce" turns out to be phrases from adult websites, Irish police beg TikTokers to stop faking AI home intruders, Jeff Bezos pitches gigawatt data centers in space, OpenAI rolls out Agent Kit for drag-and-drop agents, and a Chinese startup unveils the creepiest robot head ever. Meanwhile, Graham looks askance at corporate America’s AI obsession - earning calls full of sunshine, SEC filings full of dread - while 95% of AI pilots flop. Mark then takes you down the wire to see where your prompt actually goes: tokens, tensors, rivers of cooling water, and a billion GPU multiplications.. all to tell you there are "two r’s in strawberry." All this and much more is discussed in the latest edition of "The AI Fix" podcast by Graham Cluley and Mark Stockley.

10. BreachForums seized, but hackers say they will still leak Salesforce data

    Law enforcement agencies in the United States and France have seized control of domains linked to the notorious BreachForums hacking forum, commonly used for the leaking of stolen data, and the sale of hacked credentials. Read more in my article on the Hot for Security blog.

11. Smashing Security podcast #438: When your mouse turns snitch, and hackers grow a conscience

    Your computer's mouse might not be as innocent as it looks - and one ransomware crew has a crisis of conscience that nobody saw coming. We talk about how something as ordinary as a web page could turn your mouse into a surprisingly nosey neighbour, and why ransomware gangs need to think carefully about their reputation. All this and more is discussed in episode 436 of the "Smashing Security" podcast with cybersecurity veteran Graham Cluley, and his special guest Geoff White.

12. Salesforce data breach: what you need to know

    The Scattered LAPSUS$ Hunters hacking group claims to have accessed data from around 40 customers of Salesforce, the cloud-based customer relationship management service, stealing almost one billion records. Read more in my article on the Fortra blog.

13. The AI Fix #71: Hacked robots and power-hungry AI

    In episode 71 of The AI Fix, a giant robot spider goes backpacking for a year before starting its job in lunar construction, DoorDash builds a delivery Minion, and a TikToker punishes an AI by making it talk to condiments. GPT-5 crushes the humans at the ICPC World Finals, Claude Sonnet 4.5 codes for 30 hours straight, and someone builds a 5-million-parameter transformer entirely inside Minecraft. Plus: Graham investigates how a simple security flaw left fleets of Unitree robots wide open to hackers, and Mark learns that we’re going to need five nuclear power plants to train just one frontier model by 2028. All this and much more is discussed in the latest edition of "The AI Fix" podcast by Graham Cluley and Mark Stockley.

14. Discord users’ data stolen by hackers in third-party data breach

    Discord has confirmed that users who contacted its customer support service have had their data stolen by hackers, who have attempted to extort a ransom from the company. Read more in my article on the Hot for Security blog.

15. Japan running dry: Ransomware attack leaves nation days away from Asahi beer shortage

    Beer lovers will be sobbing into their pints at the news that a ransomware attack has brought Japan's largest brewer to its knees and left the country days away from running out of its most popular beverage. Read more in my article on the Hot for Security blog.

16. Smashing Security podcast #437: Salesforce’s trusted domain of doom

    Researchers uncovered a security flaw in Salesforce’s shiny new Agentforce. The vulnerability, dubbed "ForcedLeak", let them smuggle AI-read instructions in via humble Web-to-Lead form... and ended up spilling data for the low, low price of five dollars. And we discuss why data breach communicationss still default to "we take security seriously" while quietly implying "assume no breach" - until the inevitable walk-back. Plus, we take a look at ITV's phone-hacking drama with David Tennant, and take a crack at decoding the history of the Rosetta Stone. Hear all this and more in episode 437 of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley, joined this week by special guest Paul Ducklin.

17. Your favourite phone apps might be leaking your company’s secrets

    Most of the apps on your phone are talking to a server somewhere - sending and receiving data through messages sent through APIs, the underlying infrastructure that allows apps to communicate. And here's the problem - hackers have determined that the APIs of mobile apps, when left visible and exploitable, can be a goldmine. Read more in my article on the Fortra blog.

18. From fake lovers to sextortionists: 260 scammers arrested across Africa

    INTERPOL has announced the arrest of 260 alleged romance scammers, sextortionists, and online fraudsters as part of a multi-national operation across Africa. Read more in my article on the Hot for Security blog.

19. The AI Fix #70: AI behaves… until it knows you’re watching

    In episode 70 of The AI Fix, our hosts learn that AI makes people more dishonest, Waymo's robo-cars save lives but get outsmarted by a bathroom mirror, a "rescue" bot slurps up victims head-first, and China shows off a fusion robot arm that can lift ten elephants (or 200,000 pigeons, if you’re scientific about it). Meanwhile Graham reveals how AIs are tricked into solving CAPTCHAs with fake mouse wiggles, and Mark explains how OpenAI’s “deliberative alignment” works perfectly - until the AI realises it is being watched. So, nothing to worry about there then... All this and much more is discussed in the latest edition of "The AI Fix" podcast by Graham Cluley and Mark Stockley.

20. Dutch teens recruited on Telegram, accused of Russia-backed hacking plot

    Two 17-year-olds have been arrested by Dutch authorities on suspicion of spying for pro-Russian hackers. The teenagers, who are said to have been recruited as "disposable agents" via Telegram, were reportedly arrested last week "on suspicion that are linked to government-sponsored interference." Read more in my article on the Hot for Security blog.