Heads up, the guy in the opening story survives — realized in editing it's kind of stressful if you don't know where that's going. In this chat episode we start with a coin toss on which story to start with, which leads us on an adventure into the world of America's favourite private security camera network, Flock, searchable by law enforcement without a warrant. Cool stuff.

Learn more about your ad choices. Visit podcastchoices.com/adchoices

We start this chatty chat looking at the legacy of EternalBlue, an NSA-developed cyberweapon that leaked in 2017 and powered global disasters like WannaCry, to explain a new mobile threat called "Coruna." Just as EternalBlue likely escaped government chain of custody to become a tool for mass digital carnage, Coruna is a sophisticated iPhone exploit framework leveraging 23 vulnerabilities that has similarly migrated from elite surveillance into the hands of broader cybercriminal groups. This "EternalBlue moment" for mobile marks a shift where nation-state-grade tools, capable of silently hijacking devices via compromised websites, are now circulating freely in the wild.

Also, cute little Macbooks!

Learn more about your ad choices. Visit podcastchoices.com/adchoices

In this chatty chat episode, we kick things off with a primer on one of the oldest methods of stealing money—made new again in the age of crypto: the $5 wrench attack. It’s a simple tactic, but it has enabled some surprisingly significant damage.

We also cover recent incidents, including the DJI robot vacuum hack, and wrap up with an in-depth discussion on AI harnesses.

Learn more about your ad choices. Visit podcastchoices.com/adchoices

A lot of modern AI models have a kind of security guard layer that sits in front of them. Its job? A binary choice as to whether the prompt heading into the model is safe or not. Kasimir Schulz, a lead security researcher at HiddenLayer, has been researching how to trick these models. Their solution, a technique called "Echogram" involves words with such positive statistical sentiment — such overwhelming good vibes — that it flips that verdict.

Learn more about your ad choices. Visit podcastchoices.com/adchoices

Two FBI agents. One room. One of them is the most damaging spy in U.S. history.

Robert Hanssen told a lot of lies — including a really weird one about booking the Beach Boys for the FBI. That lie didn’t matter all that much, but the others did. For 22 years, Hanssen sold America’s deepest secrets while hunting moles inside the Bureau.

With retirement looming, the FBI set a trap: a fake department, a fake job, and a young agent named Eric O’Neill placed three feet from the suspected spy.

This episode is our conversation with Eric O’Neill — the man tasked with spying on the spy — about lies, tradecraft, psychological warfare, and the sting operation into what the DOJ later called “possibly the worst intelligence disaster in U.S. history.”

Learn more about your ad choices. Visit podcastchoices.com/adchoices

Pokémon cards became a billion-dollar market—and then a massive fraud target. This episode follows the rise of ultra-rare Pokémon prototypes, the grading systems meant to protect collectors, and the amateur investigator who used codebreaking and printer forensics to expose a modern forgery ring hiding in plain sight. All that plus a nice chatty chat after the break to kick off the year.

Learn more about your ad choices. Visit podcastchoices.com/adchoices

It’s the 2025 Chatty Chat year in review friends! We’re diving into a big old pile of stories from the past year and speculating on what’s to come in 2026. If you’re wondering where this sits on the "in-depth interview vs. casual chatting" spectrum, just know we spend a considerable amount of time talking about how rad the Switch 2 is. This is not a deep dive, just a good time.

Learn more about your ad choices. Visit podcastchoices.com/adchoices

A deep dive into Lighthouse, a phishing-as-a-service platform linked to millions of scam texts worldwide, and the sprawling “smishing triad” ecosystem built around it. With security researcher Ford Merrill, we unpack how modern scam operations work at industrial scale — from fake e-commerce sites and mass SMS campaigns to the wallet-provisioning techniques that let criminals turn stolen credit cards into tap-to-pay phones. 

Learn more about your ad choices. Visit podcastchoices.com/adchoices

For the last few years, Grindr has branded itself as the global gayborhood—a digital safe space for queer communities. But a series of European investigations raised serious questions about how the app handled user data. In this episode, we talk with Chaya Hanoomanjee of the law firm Austin Hayes, who is leading a major UK claim alleging that Grindr shared sensitive user information, including in some cases health data, without proper consent. We trace the story from Norway’s multimillion-euro fine to the 12,000-person UK action and unpack what “special category data” actually means, why these cases matter, and what we’re all really agreeing to when we tap “accept.”

Learn more about your ad choices. Visit podcastchoices.com/adchoices

It’s a chatty chat. I repeat, this one's a chatty chat. Today we’re digging into the big weird questions on our desk: what percentage of Meta’s revenue allegedly comes from knowingly running scam ads, what exactly recently pardoned Binance founder Changpeng Zhao did and why he walked free, and what happens when AWS—the concrete pad foundation of the modern internet—goes down. If long-form nerd talk isn’t your vibe, totally fine—we’ll catch you next time. For everyone else, here’s some good good chattin’ for your dishes, your commute, or whatever you’re up to right this second.

Learn more about your ad choices. Visit podcastchoices.com/adchoices

Hh hey maybe don't buy that $14 projector off amazon. In this episode, we dive into the sequel nobody asked for: BADBOX 2.0 — the return of last year’s botnet built out of bargain-bin Android gadgets. Google just filed a lawsuit in federal court alleging that millions of sketchy streaming boxes, projectors, and mystery electronics were shipped pre-infected from factories overseas. The moment someone plugs one in, it joins a global botnet used for ad fraud, click fraud, and even to rent out your home internet connection to criminals. We talk to the team at HUMAN Security, the researchers credited in Google’s suit, about how they traced this thing across 222 countries, why it came back bigger than before, and how you even begin to kill a botnet that ships itself directly to people’s living rooms.

Learn more about your ad choices. Visit podcastchoices.com/adchoices