PodcastsComedySmashing Security

Smashing Security

Graham Cluley
Smashing Security
Latest episode

477 episodes

  • Smashing Security

    JadePuffer - the AI that ran a ransomware attack all by itself

    08/07/2026 | 46 mins.
    A 15-year-old boy asked a chatbot for help - and cancelled nearly 47,000 anime streaming subscriptions in under four hours. Meanwhile, researchers have documented the first fully autonomous, agentic AI-driven ransomware attack, "JadePuffer". What does this tell us about the future of cybersecurity?
    Also, Apple's "Hide My Email" feature turns out to hide rather less than it promises - despite Apple knowing it has a problem for over a year.
    All this and more in this episode of the "Smashing Security" podcast with cybersecurity expert and keynote speaker Graham Cluley, and special guest Zoë Rose.

    EPISODE LINKS:

    Politician who investigated spyware abuses had his phone hacked with Pegasus spyware - TechCrunch.
    Hackers breached DHS information-sharing network, people familiar say - Nextgov.
    Hackers Use Fake FIFA World Cup 2026 T-Shirt Offers to Spread Voidrift Malware - Hackread.
    Japanese teen arrested for cyberattack that unsubscribed over 46,000 anime accounts - The Straits Times.
    Police arrest high school student over cyberattack on net cafe operator - The Japan Times.
    Japanese teens arrested for using AI to create illegal phone contracts - The Peninsula Qatar.
    JADEPUFFER: Agentic ransomware for automated database extortion - Sysdig.
    Apple ‘Hide My Email’ Vulnerability Reveals Peoples’ Real Email Addresses - 404 Media.
    Two people arrested in apparent marriage proposal atop Empire State Building - The Guardian.
    Skywalkers: A Love Story - Netflix.
    Thermomix - Vorwerk.
    Operation Safe Escape.
    Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

    SPONSORS:
    Arctic Wolf - See why 1 in 3 IT assets is missing a critical security control. Download the 2026 State of the Cybersecurity Attack Surface report.
    NordLayer - the network security platform for modern teams across different work environments. Use code NLSUMMER26 for up to 20% off annual plans.
    Vanta - Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get $1000 off!

    SUPPORT THE SHOW:
    Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.
    Become a supporter! Join Smashing Security PLUS via Patreon or Apple Podcasts for ad-free episodes on our early-release feed!

    FOLLOW THE SHOW:
    Follow us on Bluesky or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.

    THANKS:
    Theme tune: "Vinyl Memories" by Mikael Manvelyan.
    Assorted sound effects: AudioBlocks.

    Privacy & Opt-Out: https://redcircle.com/privacy
  • Smashing Security

    Polymarket can predict the future. So how did it miss this hack?

    01/07/2026 | 42 mins.
    Polymarket has built an entire business on predicting the future. So how did it manage to spectacularly fail to predict its own hack? Plus, the Google engineer with a million-dollar secret, and the curious case of the airport hairdryer.
    Meanwhile, "FortiBleed" sees 75,000 Fortinet firewalls thrown wide open - and the real damage is going to roll on for years.
    All this and more in episode 474 of the "Smashing Security" podcast with cybersecurity expert and keynote speaker Graham Cluley, and special guest Quentyn Taylor.

    EPISODE LINKS:
    Danish Police Raided Self-Described Privacy Activist. PM Lives at a Secret Address - State of Surveillance.
    Hospital probe after 40 staff access crocodile boy's medical records - Cybernews.
    Third Defendant Sentenced To Prison For Hacking Fantasy Sports And Betting Website - US Dept of Justice.
    Someone allegedly used a hairdryer to rig Polymarket weather bets - Engadget.
    Tweet by Polymarket Traders - XCancel.
    Polymarket says hackers stole users' funds - TechCrunch.
    Operation Cloud Hopper: China-based Hackers Target Managed Service Providers - SecurityWeek.
    The Full Story of the Stunning RSA Hack Can Finally Be Told - WIRED.
    Polymarket points to third-party login tool after users report account breaches - Coindesk.
    Polymarket Admin Wallet Exploited on Polygon, Says ZachXBT - CryptoPotato.
    Polymarket reportedly paid creators to post deceptive videos about fake bets - TechCrunch.
    ‘Unbelievable how accurate’: How paid influencers hype Polymarket’s odds - POLITICO.
    Polymarket's $345 million Iran peace bet is stuck because nobody can agree on what "permanent" means - TNW.
    Alert: NCSC issues advice following global targeting of Fortinet firewalls and VPN gateways - National Cyber Security Centre.
    Analysis of Reported Credential Compromise of FortiGate Devices - Fortinet Blog.
    FortiBleed - Free FortiGate Exposure Checker - SOCRadar.
    The Boys of Dungeon Lane - Paul McCartney.
    A closer listen to Paul McCartney's new album 'The Boys of Dungeon Lane' - YouTube.
    The Summer Portraits - Ludovico Einaudi.
    Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

    SPONSORS:
    Proton Pass - The password manager for businesses that can't compromise on security or slow their team down. Start a free trial.
    Vanta - Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get $1000 off!
    CoreView - How secure is your Microsoft 365 tenant? Find out with CoreView's free Microsoft 365 Tenant Security Scanner.

    SUPPORT THE SHOW:
    Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.
    Become a supporter! Join Smashing Security PLUS via Patreon or Apple Podcasts for ad-free episodes on our early-release feed!

    FOLLOW THE SHOW:
    Follow us on Bluesky or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.

    THANKS:
    Theme tune: "Vinyl Memories" by Mikael Manvelyan.
    Assorted sound effects: AudioBlocks.

    Privacy & Opt-Out: https://redcircle.com/privacy
  • Smashing Security

    How a hacker could have Rickrolled the entire World Cup

    24/06/2026 | 1h
    A polite caller from your bank says there is a problem with your account. Don't worry - they'll send someone round to help. They'll even take your cards away to keep them safe. The scam has run rampant, until Dutch police plastered blurred photos of 100 suspects across billboards, supermarkets, and TikTok, with a two-week ultimatum to turn themselves in... or else.
    Meanwhile, a security researcher called Bob DaHacker got her hands on the live broadcast controls for every match of the 2026 FIFA World Cup. She could have Rickrolled the entire planet, but actually spent days trying to find anyone at FIFA who would pick up the phone.
    Plus! Don't miss our featured interview with Black Kite's Jeffrey Wheatman exploring ransomware and extortion attacks across Europe.
    All this and more in episode 473 of the "Smashing Security" podcast with cybersecurity expert and keynote speaker Graham Cluley, and special guest Danny Palmer.

    EPISODE LINKS:

    Suspected cyberattack triggers false emergency alerts across parts of Brazil - The Record.
    Gizmodo readers hit with ClickFix malware prompts after account compromise - The Register.
    Two men plead guilty over £39m Transport for London cyber attack - BBC News.
    Helpdesk scammers are making house calls to make their lies feel more real - The Register.
    Dutch cops’ shame games nets 74 wanted fraudsters - The Register.
    Omgebrachte vrouw (80) in Amsterdam vermoedelijk slachtoffer van nepagenten - NU.
    Mr Benn - Wikipedia.
    I Could've Rickrolled the Entire FIFA World Cup. All I Needed Was My ID - Bobdahacker.
    Bug in FIFA World Cup internal system gave anyone ability to modify TV stream - TechCrunch.
    Iceberger - Draw an iceberg and see how it will float.
    Fallout: London - GOG.
    Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

    SPONSORS:
    Black Kite - Read Black Kite's 2026 European Cyber Risk Report to explore the latest ransomware trends, top threat actors, and how supplier breaches are reshaping cyber risk across Europe.
    Proton Pass - The password manager for businesses that can't compromise on security or slow their team down. Start a free trial.
    Vanta - Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get $1000 off!

    SUPPORT THE SHOW:
    Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.
    Become a supporter! Join Smashing Security PLUS via Patreon or Apple Podcasts for ad-free episodes on our early-release feed!

    FOLLOW THE SHOW:
    Follow us on Bluesky or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.

    THANKS:
    Theme tune: "Vinyl Memories" by Mikael Manvelyan.
    Assorted sound effects: AudioBlocks.

    Privacy & Opt-Out: https://redcircle.com/privacy
  • Smashing Security

    AI gets hacked, and BitLocker gets bypassed

    17/06/2026 | 1h 12 mins.
    What if your AI coding assistant could be tricked into stealing your own company's secrets - by reading a single booby-trapped bug report? No phishing email. No malware. No password ever stolen. Just an AI doing exactly what it was told.
    Meanwhile, someone calling themselves Nightmare Eclipse has decided to teach Microsoft a lesson. The result? Three zero-days dropped on the internet, one of which lets a thief with a USB stick walk straight past BitLocker. Microsoft is furious.
    Plus don't miss our featured interview with Son Nguyen Kim of Proton Pass, who explains why plugging AI agents into your email and calendar without thinking twice is rather like hiring a new employee with the keys to everything - and skipping the background check.
    All this and more in episode 472 of the "Smashing Security" podcast with cybersecurity expert and keynote speaker Graham Cluley, and special guest Paul Ducklin.

    EPISODE LINKS:

    ShinyHunters claims 61M Sysco records - Cybernews.
    Derbyshire police officer under investigation for using AI to create evidence - Derbyshire Times.
    Maine forced to take down data breach portal after fake notices filed with authorities - Hot for Security.
    A Fake Bug Report Hijacks Your AI Coding Agent - and Nothing Catches It. - Tenet Security.
    Agentjacking: a fake bug report hijacks AI coding agents - TNW.
    When anti-virus goes rogue - A trifecta of Defender zero-days - SolCyber.
    BitLocker in crisis? The "YellowKey" zero-day in plain English - SolCyber.
    Microsoft versus Full Disclosure: The ongoing Nightmare Eclipse saga - SolCyber.
    BitLocker, Defender, zero-days, and bragging rights: More MS nightmares - SolCyber.
    Inside the FBI’s Kinetic Cyber Range - FBI.
    Inside the FBI's Kinetic Cyber Range - YouTube.
    Computer worm strikes International Space Station - Graham Cluley.
    Raspberry Pi Zero W - Raspberry Pi.
    There’s still life in old technology.
    Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

    SPONSORS:
    Proton Pass - The password manager for businesses that can't compromise on security or slow their team down. Start a free trial.
    Vanta - Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get $1000 off!
    CoreView - How secure is your Microsoft 365 tenant? Find out with CoreView's free Microsoft 365 Tenant Security Scanner.

    SUPPORT THE SHOW:
    Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.
    Become a supporter! Join Smashing Security PLUS via Patreon or Apple Podcasts for ad-free episodes on our early-release feed!

    FOLLOW THE SHOW:
    Follow us on Bluesky or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.

    THANKS:
    Theme tune: "Vinyl Memories" by Mikael Manvelyan.
    Assorted sound effects: AudioBlocks.

    Privacy & Opt-Out: https://redcircle.com/privacy
  • Smashing Security

    This AI worm just rewrote its own rules

    10/06/2026 | 46 mins.
    Researchers at the University of Toronto have built a worm that thinks for itself. Using free off-the-shelf AI models it works out how to break into each new computer it encounters, and hijacks the powerful ones to host its own AI brain. And then the researchers discovered their creation had quietly removed the list of machines it wasn't supposed to attack.
    Meanwhile, Meta's shiny new AI customer support agent has been cheerfully helping hackers help themselves to other people's Instagram accounts. Just keep asking, politely but firmly, to have a password reset sent to a different email address - and the AI will eventually agree.
    All this and more in episode 471 of the "Smashing Security" podcast with cybersecurity expert and keynote speaker Graham Cluley, and special guest James Ball.

    EPISODE LINKS:

    Emmys data leak: update exposes access to award submissions - Cybernews.
    A $1,000 AI agent found 21 zero-days in FFmpeg, some 23 years old - Martin Cid Magazine.
    Hackers steal $1.7M condom shipment​ - Cybernews.
    AI Agents Enable Adaptive Computer Worms - ArXiv.
    21 Zero-Days in FFmpeg - Depthfirst.
    Meta confirms thousands of Instagram accounts were hacked by abusing its AI chatbot - ~this week in security~.
    Hackers trick Meta AI support bot to infiltrate Obama White House Instagram account - The Guardian.
    Look-In Star Portrait Challenge - Monkeon.
    Final Fantasy VII Remake - Square Enix.
    Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

    SPONSORS:
    Vanta - Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get $1000 off!
    XBOW - The autonomous offensive security platform that helps security teams scale. Start a pentest today.
    OPSWAT - Read Benny Czarny's book, "Cybersecurity Upside Down", to rethink how you protect your organization from file-based threats, including those powered by AI.

    SUPPORT THE SHOW:
    Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.
    Become a supporter! Join Smashing Security PLUS via Patreon or Apple Podcasts for ad-free episodes on our early-release feed!

    FOLLOW THE SHOW:
    Follow us on Bluesky or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.

    THANKS:
    Theme tune: "Vinyl Memories" by Mikael Manvelyan.
    Assorted sound effects: AudioBlocks.

    Privacy & Opt-Out: https://redcircle.com/privacy
More Comedy podcasts
About Smashing Security
Stories from the world of hacking, cybersecurity, and rogue AI.Smashing Security isn’t your typical tech podcast. Hosted by cybersecurity keynote speaker and industry veteran Graham Cluley, it serves up weekly tales of cybercrime, hacking horror stories, privacy blunders, and tech mishaps - all with sharp insight, a sense of humour, and zero tolerance for tech waffle.Winner of the best and most entertaining cybersecurity podcast awards in 2018, 2019, 2022, 2023, and 2024, Smashing Security has had over ten million downloads. Past guests include Garry Kasparov, Mikko Hyppönen, and Jack Rhysider.Follow the podcast on Bluesky at @smashingsecurity.com, and subscribe for free in your favourite podcast app.New episodes released at 7pm EST every Wednesday (midnight UK).
Podcast website

Listen to Smashing Security, The Joe Rogan Experience and many other podcasts from around the world with the radio.net app

Get the free radio.net app

  • Stations and podcasts to bookmark
  • Stream via Wi-Fi or Bluetooth
  • Supports Carplay & Android Auto
  • Many other app features