🧠 AI-only social networks.
🕳 “Vibe-coded” apps with gaping security holes.
🇷🇺 And pro-Russian hackers poking at the Winter Olympics infrastructure.

In the latest "Smashing Security" podcast, we dig into MoltBook - the AI social platform that briefly convinced the internet the bots were forming a religion - and why the real story is less about the singularity and more about humans, hype, and some eye-watering security flaws.

https://pod.link/1195001633/episode/M2QzZWJlMTYtYmRjYS00OTgxLTljZjItNjg2NzNkYjM4NmZk

Fab to have Tricia Howard join me on the latest "Smashing Security" podcast, where we discussed how supposedly-redacted Epstein files can still reveal exactly who they’re talking about - especially when AI, LinkedIn, and a few biographical breadcrumbs do the heavy lifting.

PLUS, we chat about how a senior US cybersecurity official uploaded sensitive government material into the public version of ChatGPT. Oops.

https://open.spotify.com/episode/5hCrkGJSnLVdyNeFVEAB6q?si=eec58e03430d41e2

Great to have Monica Verma join me on episode 450 of the "Smashing Security" podcast, where we explored the spiral of confusion caused by claims 17.5 million Instagram accounts were up for sale, and reports of unrequested password reset emails.

PLUS, we looked at Grok, after it generated sexualised images of women and children – raising uncomfortable questions about guardrails, accountability, and why playing the censorship card doesn’t make the problem go away.

https://open.spotify.com/episode/6k95BSEiww2xhnfPLud4vY?si=5c185d37294f41fc

Huge thanks to @hacks4pancakes for joining us on the "Smashing Security" podcast, where we discuss a romance scammer's handbook for stealing dollars (and hearts), and chat about the cybersecurity career crisis.

Plus don't miss our featured interview with ThreatLocker founder Danny Jenkins.

Find "Smashing Security" in all good podcast apps, or at https://grahamcluley.com/smashing-security-podcast-449/

📚Think your Kindle is harmless? Think again! @dannyjpalmer and I unpack a Black Hat Europe talk revealing how a boobytrapped audiobook could exploit the Amazon eBook reader - potentially letting an attacker break into your account - in the latest episode of the "Smashing Security" podcast.

Plus a blast from 2021's "summer of ransomware" returns to haunt Ireland's Health Service Executive, as victims are offered €750 each.

https://open.spotify.com/episode/3JQ4Ul21LNU2W9kzxQN4xp?si=ae7d2c3bb6ff444c

Thanks to Vanta, Horizon3 AI, and CoreView for their support in this episode.

Listen at
https://grahamcluley.com/smashing-security-podcast-447/ or follow Smashing Security in all good podcast apps:

🟢 Spotify: https://open.spotify.com/episode/1l9iBKE4Rdod1Budz3a2dq?si=eca7807b75d64e51

🟣 Apple Podcasts: https://www.smashingsecurity.com/applepodcasts

🛑 Pocket Casts: https://pca.st/itunes/1195001633

Everywhere else: https://www.smashingsecurity.com/subscribe/

Great fun having Jenny Radcliffe on the latest episode of the "Smashing Security" podcast. We discussedL

📍 How Grok AI can doxx members of the public, and be a stalker's best friend
👑 What the Louvre heist in Paris can teach us about social engineering
🧑‍💻 Why misconfigurations and over-privileged accounts can make Microsoft 365 dangerously vulnerable.

All this, and more, in episode 447 of the "Smashing Security" podcast with me, Jenny, and a featured interview with Rob Edmondson

How fabulous to have Danny Palmer as a guest on the latest "Smashing Security" podcast. We discuss the ingenious way in which the Mafia (and high-profile NBA stars) allegedly hacked high-stake poker games, and how a Formula 1 megastar had his passport stolen due to lax website security.

Check out the comments to find links to listen to the podcast. It's not your typical cybersecurity podcast...

#cybersecurity #poker #databreach #formulaone #nba #podcast

Great to be joined by Scott Helme on episode 440 of the "Smashing Security" podcast, where we looked at a different kind of insider threat - a Romanian prison inmate who found a way to game the system.

Then we head to the checkout aisle to ask why JavaScript on online payment pages went feral, and how new PCI DSS rules are finally muzzling Magecart-style skimmers.

https://www.smashingsecurity.com/440

Sometimes the biggest vulnerability in your organisation isn’t an unpatched server. It’s a tired human being.

In this week’s episode of the "Smashing Security" podcast, Annabel Berry joins me to discuss:

💥 A “critical infrastructure” hack with a difference (and a few very red-faced crooks)

💬 How stress, fatigue, and poor leadership culture are quietly eroding security teams from the inside

Thanks to Annabel for sharing her advice for building a healthier, more resilient security workforce

Great to have industry legend Paul Ducklin join me on the latest episode of the "Smashing Security" podcast.

In it we discussed how researchers had found a Salesforce security hole. Yes, another one! This one is dubbed "ForcedLeak", and let attackers smuggle AI-read instructions in via humble Web-to-Lead form... and ended up spilling data for the low, low price of five dollars. Double check what domains you have whitelisted folks!

https://podcasts.apple.com/us/podcast/salesforces-trusted-domain-of-doom/id1195001633?i=1000729559738

What a delight it was to have Zoë Rose join the "Smashing Security" #podcast this week, as we discussed how ransomware can silence burglar alarms, allowing thieves to help themselves to €600,000 worth of gold in a daring late-night heist.

Plus - a worm dubbed “Shai Hulud” has wriggled its way through more than 180 npm packages, quietly stealing secrets.

But it’s not all doom and gloom – unless you count your kitchen appliances turning into ad billboards.

https://open.spotify.com/episode/7EwrnsOKi91I4bMGE55EJg?si=056ef0a946504223

Fabulous to have the wonderful Jenny Radcliffe on the latest "Smashing Security" podcast, where we discussed when "bad actors" stop being hackers and start being... actual actors.

Plus! How the UK's ICO says students are increasingly hacking their own schools..

Meanwhile, Jenny investigates the Wirral’s mysterious "Catman".

https://open.spotify.com/episode/1yoofQ5AI4zCUWvKKbgLyT?si=960ff3e685ce458f

Thanks to special guest Lianne Potter, of the "Compromising Positions" podcast, for joining me for this episode.

Find episode 434 of "Smashing Security" in your favourite podcast app, or follow the show:

🟢 Spotify: https://open.spotify.com/show/3J7pBxEu43nCnRTSXaan8S

🟣 Apple Podcasts: https://www.smashingsecurity.com/applepodcasts

🛑 Pocket Casts: https://pca.st/itunes/1195001633

Everywhere else: https://www.smashingsecurity.com/subscribe/

Burger King left the keys to the kingdom lying around for anyone to use. Ethical hackers grabbed them - and uncovered drive-thru recordings, hard-coded passwords, and even the power to open a Whopper outlet on the moon.

Meanwhile, an AI wunderkind managed to turn a $7 million payday into a career-ending lawsuit by allegedly walking trade secrets straight out the door as he left for a rival firm.

Check out the latest "Smashing Security" podcast

https://open.spotify.com/episode/4rMySLli5AYypj4jJtl0rC?si=jDTTMc_0TI22EDa7J6I-Hw

@Cyberoutsider 🤣

PLUS... a joyous geek detour into keyboard history, and the most diabolically annoying, fully functional AI-generated CAPTCHA that you will love to inflict on your friends.

All discussed on the latest episode of the award-winning "Smashing Security" podcast, with yours truly and special guest Mark Stockley.

Find "Smashing Security" in your favourite podcast app, including:

🟢 Spotify: https://open.spotify.com/show/3J7pBxEu43nCnRTSXaan8S
🟣 Apple Podcasts: https://www.smashingsecurity.com/applepodcasts

🚨 New podcast alert!! 🚨

🥸 LegalPwn - malicious instructions tucked into code comments and disclaimers that sweet-talks AI into rubber-stamping dangerous payloads

☠️ New research reveals hackers are already used AI agents to break into networks, steal passwords, sift through stolen data, and even write custom ransom notes. In other words, one hacker with an AI helper can work like an entire team of cybercriminals.

https://www.smashingsecurity.com/433

A self-proclaimed crypto-influencer calling himself CP3O thought he had found a shortcut to riches - by racking up millions in unpaid cloud bills.

Meanwhile, we explore the growing threat of EDR-killer tools that can quietly switch off your endpoint protection.

And for something a little different, we peek into the Wayforward Machine and take a detour to Mary Shelley’s resting place in Bournemouth.

All this and more in the latest "Smashing Security" podcast!

https://open.spotify.com/episode/42hlMTA1aYsqDNwouULPWa?si=kubDEoU6Rr26xENHcOyjoQ

We've had more feedback from this episode of the "Smashing Security" podcast than any that we've put out for years. When you listen to it, you'll know why...

Have a handkerchief ready... 😢

https://mastodon.green/@gcluley/114958677385997181