Graham Cluley

Thanks Maya!

Three years!??? Newbie! 🤣

And yup, the show will go on!

We've had more feedback from this episode of the "Smashing Securit" podcast than any that we've put out for years. When you listen to it, you'll know why...

Have a handkerchief ready... 😢

Replit panics, deletes $1M project; AI gets gold at Math Olympiad The AI Fix · Episode

In episode 61 of The AI Fix podcast, a robot called DeREK goes bananas, AIs warn we may lose the ability to see what they're thinking, a robot changes its own batteries, the USA unveils its AI action plan, and a human beats AI to win the World Coding Championship.

open.spotify.com/episode/08TF...

Hacker's bedroom

This one?

Anatomy of a Breach: The Human Factor [2025-08-07] (UKI) Anatomy of a Breach: The Human Factor. In this live fireside chat, cybercrime expert Graham Cluley joins Varonis Field CTO Matt Lock to explore the human behaviours, motives, and missteps driving the ...

Register for the webinar at grahamcluley.com/varonis

Look forward to seeing some of you there!

Join me, and Matt Lock of Varonis, on Thurs 7 August for a free webinar discussing the mistakes, motives, and real people behind the biggest hacks and breaches across the UK and Europe this year.

We'll be discussing social engineering, ransomware, AI, the whole caboodle!

Link in the comments.

200,000 WordPress websites at risk of being hijacked due to vulnerable Post SMTP plugin Over 200,000 websites running a vulnerable version of a popular WordPress plugin could be at risk of being hijacked by hackers.

Read more in my article on the Bitdefender blog: www.bitdefender.com/en-us/blog/h...

Hackers could exploit the flaw to hijack control of vulnerable websites - around half of the websites using the plugin have not updated with a patched version.

So if you’re running a WordPress site and relying on this plugin, now would be a really good time to patch to the latest version.

Post SMTP logo and WordPress

WordPress is great. It powers around half of all the websites on the internet (including mine). It's flexible, open source, and free. Unfortunately, it can also be a security headache.

A critical vulnerability was recently uncovered in the Post SMTP plugin, used by around 400,000 websites.

French submarine secrets surface after cyber attack European defence giant Naval Group has confirmed that it is investigating an alleged cyber attack which has seen what purports to be sensitive internal data published on the internet by hackers.

All businesses, regardless of whether they work in the defence sector or not, would be foolish to ignore the threat posed by hackers.

Read more in my article on the Bitdefender blog: www.bitdefender.com/en-us/blog/h...

Submarine submerged in data

A hacker named "Neferpitou" has slapped French defence giant Naval Group on the nose, by leaking what they claim to be around 1 TB of sensitive internal data - including information about nuclear submarine combat systems.

BBC News report and VPN usage cartoon

Well, strike me pink!

VPN usage has had a "surge" since porn sites have been forced to age-check UK users.

Who would have thought it?

www.bbc.co.uk/news/article...

Allianz Life says 'majority' of customers' personal data stolen in cyberattack | TechCrunch Exclusive: Allianz Life said the "majority" of its customers and employees had data stolen in the July cyberattack. The company said it has notified the FBI.

Maybe with a slice of phishing, SIM swapping, and multi-factor authentication (MFA) bombing too.

Read more in the report by TechCrunch:
techcrunch.com/2025/07/26/a...

What's the betting that it's a hackers once again using the Scattered spider playbook - calling up support teams posing as customers or employees, pretending to be locked out of their accounts, and tricking support staff into granting them access.

The firm hasn't said if it has received a ransom demand, and it hasn't shared any details on who the hackers might have been.

However, we've seen other insurance firms targeted recently, including Aflac.

Allianz Life building against backdrop of personal data

US insurance firm Allianz Life has told the media that hackers stole personal info from the "majority" of its customers and staff earlier this month.

The company says that a hacker gained access to an unnamed third-party cloud-based CRM used by Allianz Life, using a social engineering attack.

Tea app hacked: Images stolen from women's dating safety app that vets men Thousands of women registered with Tea have had their images illegally accessed, the US firm says.

72,000 images, including sensitive ID verification photos that were supposed to be deleted immediately, have been accessed.

Adding to the controversy, an additional 59,000 images, which included posts, comments, and direct messages, were also breached.

More info: www.bbc.co.uk/news/article...

Woman checking smartphone, tea being spilt, data lost

This is painfully ironic. A woman's dating app designed to enhance safety and vet potential dating partners has itself fallen victim to hackers.

The Tea Dating Advice app, used by women to do background checks on men, identify catfishers and scammers, and share "red flags", has been breached.

The tool is available for download here, alongside documentation.

www.nomoreransom.org/en/decryptio...

But I don’t believe there’s much info shared on how it works.

Free decryptor for victims of Phobos ransomware released Police have released a free decryptor capable of recovering files encrypted by both the notorious Phobos ransomware, and its offshoot 8Base.

Great news that Japanese police have put together a free decryptor for the Phobos ransomware (helped no doubt by arrested of suspected members of the gang, and the seizure of its infrastructure)

www.fortra.com/blog/free-de...

When 2G attacks, and a romantic road trip goes wrong Smashing Security · Episode

🚨New episode alert!🚨 When 2G attacks, and a romantic road trip goes wrong.

In episode 427 of the podcast, @grahamcluley.com warns why it's time we said goodbye to 2G - the outdated mobile network being exploited by cybercriminals with suitcase-sized SMS blasters.

open.spotify.com/episode/4V2Z...

UK to ban public sector from paying ransomware demands Ransomware, considered by British authorities to be the UK's greatest cybercrime threat, costing the nation billions of pounds and with the capbility to bring essential services to a standstill, ...

In principle, I'm all for it. Paying a ransom doesn’t guarantee recovery, and encourages more attacks.

But with my pragmatic head on I can't deny that sometimes paying up feels like the less worse option.

www.bitdefender.com/en-us/blog/h...

And the non-public sector looks likely to be ordered to notify the authorities before any payment is made too. Presumably so they can be strongly encouraged not to pay

The proposed legislation aims to dry up the criminals' cash pipeline and stop Britain's public sector from bankrolling cybercrime

Digital UK flag against a skull background

The UK government says it wants to ban public sector bodies from ever paying ransoms to cybercriminals.

The NHS, councils, schools... if hit by ransomware, they’ll be told they can't pay up - even if it means disruption and data loss.

Good ol' Muttley...

The AI Fix #60: Elon’s AI girlfriend, the arsonist red panda, and the AI that will kill you In episode 60 of The AI Fix, we learn why Grok might be Elon Musk’s bid for digital immortality, how Meta is building a Manhattan-sized data centre called Prometheus, how AI is helping create carbon…

Meanwhile Mark learns which AI is most likely to blackmail, lie, and – when the mood takes it – commit murder to avoid being switched off.

Find "The AI Fix" in all good podcast apps, or at grahamcluley.com/the-ai-fix-60/

Plus @ai-fix-mark.bsky.social and I learn why Grok might be Elon Musk’s bid for digital immortality, how Meta is building a Manhattan-sized data centre called Prometheus, how AI is helping create carbon-sucking concrete, and are bewildered that 2000 people “work” at the Candy Crush company.

Valentine and party-mode Elon Musk

Is it possible Elon Musk has modelled Grok's next AI "companion" chatbot on... himself??? 🤮

In the latest "The AI Fix" podcast, I take a look at Elon’s latest creations: a giggling anime girlfriend and a cute cartoon red panda who wants to bomb a synagogue and moon the rabbi.

Europol targets Kremlin-backed cybercrime gang NoName057(16) A pro-Kremlin cybercrime network has been taken offline after an international law enforcement operation disrupted over 100 of its servers, detained two gang members, and issued arrest warrants for se...

Europol targets Kremlin-backed cybercrime gang NoName057(16)

www.bitdefender.com/en-us/blog/h...