Smashing Security Podcast #463: This AI Company Leaked Its Own Code. It’s Also Built Something Terrifying
In the Smashing Security #463 episode, host Graham Cluley and guest Tanya Janca discuss Anthropic’s accidental leak of the Claude Code CLI source via a mis‑published source‑map and the company’s new AI model, Mythos, which can autonomously discover and chain vulnerabilities. They also explore how compromised developer credentials can hijack CI/CD pipelines, enabling silent supply‑chain attacks, and cite the low‑cost Venice flood‑defense hack as a warning that critical infrastructure is increasingly exposed. Janca highlights her new DevSecStation mini‑podcast aimed at teaching developers secure coding practices in an AI‑driven world.
Smashing Security Podcast #460: Never Knock on the Door of a Nuclear Submarine Base and Ask for a Selfie
In episode 460 of the Smashing Security podcast, host Graham Cluley and guest Jenny Radcliffe dissect a cyber‑extortion case where a disgruntled data analyst stole a company payroll database and demanded $2.5 million in Bitcoin. The show also covers the arrest of an Iranian...
Denver’s Crosswalks Hacked to Broadcast Anti-Trump Messages
In Denver, two newly installed pedestrian‑crossing audio units were hacked to broadcast profanity‑laden anti‑Trump messages, startling commuters. The intrusion leveraged factory‑default passwords, a vulnerability previously exploited in crosswalk systems in California and Seattle. City officials confirmed the devices were activated...
LeakNet Ransomware: What You Need to Know
LeakNet, a ransomware group posing as investigative journalists, uses counterfeit CAPTCHA pages to lure employees into installing malware. The gang distributes malicious links that appear as security checks, prompting users to enter credentials that grant the attackers system access. Once...
Fraudsters Are Using Public Planning Records to Target Permit Applicants
Cyber‑criminals are exploiting publicly available planning and zoning permit records to launch targeted scams against applicants. By harvesting applicant names, addresses, and project details, fraudsters craft convincing phishing emails that appear to come from municipal offices. Victims are prompted to...
Twitter Suspended 800 Million Accounts Last Year – so Why Does Manipulation Remain so Rampant?
X, now rebranded as X, reported suspending 800 million accounts in 2024 for violating its platform manipulation and spam rules. With roughly 300 million monthly active users, the suspensions amount to three times its active user base. The company identified Russia, followed...
$10,000 Bounty Offered if You Can Hack Ring Cameras to Stop Them Sharing Your Data with Amazon
Ring’s new “Search Party” AI feature sparked privacy outrage after a Super Bowl ad, prompting a backlash against the company’s data‑sharing practices. In response, the nonprofit Fulu Foundation announced a $10,000 bounty for anyone who can modify Ring doorbells to...
Smashing Security Podcast #455: Face Off: Meta’s Glasses and America’s Internet Kill Switch
In episode 455 of the Smashing Security podcast, host Graham Cluley and journalist James Ball examine the growing threat of tech sovereignty, questioning whether the United States could effectively shut down Europe’s internet by leveraging Gmail, cloud services, and critical infrastructure. They also...
