Graham Cluley

Good news: You seized millions of $$$ worth of cryptocurrency from bad guys!

Bad news: You put a photo of the crypto wallet's seed phrase in your press release...🤦

Read more in my article on the Bitdefender blog: https://www.bitdefender.com/en-us/blog/hotforsecurity/they-seized-4-8m-in-crypto-then-gave-the-master-key-to-the-internet

How much do insider security risks cost your company? A new report claims on average it costs firms an astonishing $19.5 million per year! And the figure is going up... because of AI.

Read more in my article on the Fortra blog: https://www.fortra.com/blog/your-staff-are-your-biggest-security-risk-ai-making-it-worse

#artificialintelligence #insiderrisk #cybersecurity #ai

There is a certain poetic justice in a cybersecurity-related story that has emerged from Moscow this week: A man has been accused of trying to extort money... from a notorious Russian ransomware gang.

Read more in my article on the Bitdefender blog: https://www.bitdefender.com/en-us/blog/hotforsecurity/ransomware-gang-blackmailed-fake-fsb-officer

When an internet archiving service turns its own CAPTCHA page into a weapon... you know it’s going to be one of /those/ episodes.

In the latest "Smashing Security" podcast, special guest Paul Ducklin and I dig into claims that the operator of a well-known archive site tried to silence a Finnish blogger - not just with angry emails, but with an alleged DDoS via their own infrastructure, threats of AI-generated smears, and archive tampering that raises serious questions about trust...

1/2

Imagine if you were able to book €1,000 hotel stays for just one cent? Spanish police say that they have just arrested a hacker who found a way to do just that...

Read more in my article on the Bitdefender blog: https://www.bitdefender.com/en-us/blog/hotforsecurity/spanish-police-say-they-have-arrested-hacker-who-booked-luxury-hotel-rooms-for-just-one-cent

#cybersecurity #hacking

DEF CON has banned a number of people from attending its hacking conference in Las Vegas, after they were named in the Epstein files.

Vincenzo Iozzo, Joichi Ito, and Pablos Holman have been added to the conference's public ban list. None of them have been charged by US authorities with offences, although documents released by the Department of Justice indicate they were in contact with Jeffrey Epstein.

The conference has not alleged criminal conduct, and the individuals have not been charged.

Here's the thing, if Jeffrey Epstein had simply set up a basic email filter - nothing fancy, just a little automated rule to permanently delete messages older than, say, thirty days — none of this would be happening. A man who some believe ran a global blackmail operation couldn't find time to click "empty trash."

Remarkable, really.

1/2

Passports and other ID documents of hundreds of attendees at the Abu Dhabi Finance Week (ADFW) conference have been exposed online. More than 700 identify documents were left on an unprotected cloud server that anyone could access via a browser.

Individuals affected include ex-UK PM David Cameron, former White House comms chief Anthony Scaramucci, and hedge fund billionaire Alan Howard.

This happens far far too often...

https://www.reuters.com/world/middle-east/data-leak-abu-dhabi-finance-summit-exposes-global-figures-ft-reports-2026-02-17/

Terrific to have James Ball join the "Smashing Security" podcast as we explore the threat of America cutting Europe off from the internet, and Meta's creepy and cynical plans to introduce facial recognition to its smart glasses.

Listen now in your favourite podcast app: https://pod.link/1195001633/episode/OWY2MzBlN2YtNjQ4Ny00M2RjLWI1ODMtZmEyN2NkOGRiZmY1

Dutch police have arrested a 40-year-old man on suspicion of hacking... after they accidentally sent him a link granting him access to their own confidential documents.

Who is the bigger plonker? The police for sharing a download link, or the guy who demanded a "reward" for the return of the files?

https://www.bitdefender.com/en-us/blog/hotforsecurity/dutch-police-arrest-man-hacking-accidentally-sending-confidential-files

The Swiss government has ended its contract with American analytics company Palantir, after federal agencies in the country rejected Palantir at least nine times over seven years. The reason? Security concerns that should make other countries think carefully:

- Risk of US intelligence gaining access to sensitive data
- Potential loss of national sovereignty
- Dependence upon foreign specialists in crisis situations

Swiss authorities won't touch their software with a bargepole.

1/2

🧠 AI-only social networks.
🕳 “Vibe-coded” apps with gaping security holes.
🇷🇺 And pro-Russian hackers poking at the Winter Olympics infrastructure.

In the latest "Smashing Security" podcast, we dig into MoltBook - the AI social platform that briefly convinced the internet the bots were forming a religion - and why the real story is less about the singularity and more about humans, hype, and some eye-watering security flaws.

https://pod.link/1195001633/episode/M2QzZWJlMTYtYmRjYS00OTgxLTljZjItNjg2NzNkYjM4NmZk

Cybercriminals should not assume that they have evaded justice just because years have passed since their offence. Polish police have charged a hacker seven YEARS after the Morele data breach.

Read more in my article on the Bitdefender blog: https://www.bitdefender.com/en-us/blog/hotforsecurity/polish-hacker-charged-seven-years-after-massive-morele-net-data-breach

The Jeffrey Epstein case continues to reveal disturbing and uncomfortable truths - not just about power and abuse, but also about how online reputations can be manipulated.

Thomas Brewster writes on Forbes about how Epstein, after his 2008 conviction, reportedly invested heavily in search engine manipulation, content placement, and even discussed HACKING INTO SITES to suppress negative press and spread news of his philanthropy instead.

https://www.forbes.com/sites/the-wiretap/2026/02/10/jeffrey-epstein-manipulated-google-search/

When a Romanian businesswoman fell for a fake Dubai Crown Prince in a $2.5 million romance scam, investigators tracked the fraudster to his Nigerian mansion - only to discover he was masquerading as a campaigning philanthropist.

Read more in my article on the Bitdefender blog: https://www.bitdefender.com/en-us/blog/hotforsecurity/fake-dubai-crown-prince-tracked-to-nigerian-mansion-after-2-5m-romance-scam

Fab to have Tricia Howard join me on the latest "Smashing Security" podcast, where we discussed how supposedly-redacted Epstein files can still reveal exactly who they’re talking about - especially when AI, LinkedIn, and a few biographical breadcrumbs do the heavy lifting.

PLUS, we chat about how a senior US cybersecurity official uploaded sensitive government material into the public version of ChatGPT. Oops.

https://open.spotify.com/episode/5hCrkGJSnLVdyNeFVEAB6q?si=eec58e03430d41e2

Maybe training police on cryptocurrency while running a running a vast Tor-hidden drug bazaar wasn't such a good idea...

Read more in my article on the Bitdefender blog about the man who promised "the best security there is" to hundreds of thousands of drug buyers, while quietly making a basic mistake that ensured his arrest.

https://www.bitdefender.com/en-us/blog/hotforsecurity/incognito-market-admin-sentenced-30-years-105-million-dark-web-drug-empire

Great to have Monica Verma join me on episode 450 of the "Smashing Security" podcast, where we explored the spiral of confusion caused by claims 17.5 million Instagram accounts were up for sale, and reports of unrequested password reset emails.

PLUS, we looked at Grok, after it generated sexualised images of women and children – raising uncomfortable questions about guardrails, accountability, and why playing the censorship card doesn’t make the problem go away.

https://open.spotify.com/episode/6k95BSEiww2xhnfPLud4vY?si=5c185d37294f41fc

📚Think your Kindle is harmless? Think again! @dannyjpalmer@infosec.exchange and I unpack a Black Hat Europe talk revealing how a boobytrapped audiobook could exploit the Amazon eBook reader - potentially letting an attacker break into your account - in the latest episode of the "Smashing Security" podcast.

Plus a blast from 2021's "summer of ransomware" returns to haunt Ireland's Health Service Executive, as victims are offered €750 each.

https://open.spotify.com/episode/3JQ4Ul21LNU2W9kzxQN4xp?si=ae7d2c3bb6ff444c

Fab to have Tricia Howard as a special guest on the latest "Smashing Security" podcast where we discussed the firm that has actually said "sorry" after a data breach, and how hotels are helping hackers phish their own guests.

We also chat about how legacy systems are a risk, and chat about autonomous pen testing, AI-turbocharged cybercrime, and what CISOs should really be asking on Monday morning with our other guest Snehal Antani of Horizon 3 AI.

How fabulous to have Danny Palmer as a guest on the latest "Smashing Security" podcast. We discuss the ingenious way in which the Mafia (and high-profile NBA stars) allegedly hacked high-stake poker games, and how a Formula 1 megastar had his passport stolen due to lax website security.

Check out the comments to find links to listen to the podcast. It's not your typical cybersecurity podcast...

#cybersecurity #poker #databreach #formulaone #nba #podcast

Great to be joined by Scott Helme on episode 440 of the "Smashing Security" podcast, where we looked at a different kind of insider threat - a Romanian prison inmate who found a way to game the system.

Then we head to the checkout aisle to ask why JavaScript on online payment pages went feral, and how new PCI DSS rules are finally muzzling Magecart-style skimmers.

https://www.smashingsecurity.com/440

Sometimes the biggest vulnerability in your organisation isn’t an unpatched server. It’s a tired human being.

In this week’s episode of the "Smashing Security" podcast, Annabel Berry joins me to discuss:

💥 A “critical infrastructure” hack with a difference (and a few very red-faced crooks)

💬 How stress, fatigue, and poor leadership culture are quietly eroding security teams from the inside

Thanks to Annabel for sharing her advice for building a healthier, more resilient security workforce

Great to have industry legend Paul Ducklin join me on the latest episode of the "Smashing Security" podcast.

In it we discussed how researchers had found a Salesforce security hole. Yes, another one! This one is dubbed "ForcedLeak", and let attackers smuggle AI-read instructions in via humble Web-to-Lead form... and ended up spilling data for the low, low price of five dollars. Double check what domains you have whitelisted folks!

https://podcasts.apple.com/us/podcast/salesforces-trusted-domain-of-doom/id1195001633?i=1000729559738

What a delight it was to have Zoë Rose join the "Smashing Security" #podcast this week, as we discussed how ransomware can silence burglar alarms, allowing thieves to help themselves to €600,000 worth of gold in a daring late-night heist.

Plus - a worm dubbed “Shai Hulud” has wriggled its way through more than 180 npm packages, quietly stealing secrets.

But it’s not all doom and gloom – unless you count your kitchen appliances turning into ad billboards.

https://open.spotify.com/episode/7EwrnsOKi91I4bMGE55EJg?si=056ef0a946504223

Fabulous to have the wonderful Jenny Radcliffe on the latest "Smashing Security" podcast, where we discussed when "bad actors" stop being hackers and start being... actual actors.

Plus! How the UK's ICO says students are increasingly hacking their own schools..

Meanwhile, Jenny investigates the Wirral’s mysterious "Catman".

https://open.spotify.com/episode/1yoofQ5AI4zCUWvKKbgLyT?si=960ff3e685ce458f

Last week, the BreachForums hacking forum was used to sell data stolen from a Europol law enforcement portal.

Today... the FBI has seized control of BreachForums.

#cybersecurity #databreach