The video game Path of Exile 2 suffers a security breach, we explore the issues of using predictive algorithms in travel surveillance systems, and the very worst IoT devices are put on show in Las Vegas. Oh, and has Elon Musk accidentally revealed he cheats at video games?

All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault, joined this week by The Cyberwire's Dave Bittner.

Warning: This podcast may contain nuts, adult themes, and rude language.

Episode links:

• Player of Games - Grimes.
• ‘Path of Exile 2’ Players Call Bulls**t on Elon Musk’s Video Game Stream - Gizmodo.
• Elon Musk "Playing" Path of Exile 2 - YouTube.
• Elon Musk is Lying About Being Good at Video Games - YouTube.
• Elon Musk Streams His ”Totally Not Boosted” ‘Path of Exile 2’ Character, Proves He Has No Idea What He’s Doing - Vice.
• Hacker Broke into ‘Path of Exile 2’ Admin Account, Hijacked Wave of Characters - 404 Media.
• Inside the Black Box of Predictive Travel Surveillance - WIRED.
• Average Number of Smart Devices in a Home 2025 - Consumer Affairs.
• Global IoT and non-IoT connections 2010-2025 - Statista.
• U.S. Cyber Trust Mark: New Label for IoT Devices - National Law Review. 
• How the Internet of Things will be good for the planet - Thales Group.
• The ‘Worst in Show’ CES products put your data at risk and cause waste, privacy advocates say - AP News.
• The CES worst in show awards lampoon AI everthing - The Register.
• The Worst Devices of CES 2025!! - YouTube. 
• This Could Be Your AI Robot Girlfriend - For $175,000 - Forbes.
• Pick of the week! archive - Smashing Security.
• Elton John: Never too late - Disney Plus.
• Apple News.
• Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Sponsored by:

• 1Password Extended Access Management – Secure every sign-in for every app on every device.
• Tripwire Enterprise - Set up a demo of Tripwire Enterprise to see how you can simultaneously harden your systems and automate compliance.

SUPPORT THE SHOW:

Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.

Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!

FOLLOW US:

Follow us on Bluesky or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.

THANKS:

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Ever wonder how those "free" browser extensions that promise to save you money actually work? We dive deep into the controversial world of Honey, the coupon-finding tool owned by PayPal, and uncover a scheme that might be leaving you with less savings and your favorite YouTubers with empty pockets.

Plus, we take a look at Kagi, the search engine you pay not to show you adverts, and discuss what you should do with your old, no-longer-wanted technology.

All this and more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault.

Warning: This podcast may contain nuts, adult themes, and rude language.

Episode links:

• Exposing the Honey Influencer Scam - MegaLag on YouTube.
• The Honey Scam: Explained - Marques Brownlee on YouTube.
• 14 million people don’t know how to erase their data from an old device - ICO. 
• Electronics hoarding habit among Brits and Americans - SellCell.
• Practical advice for online and electronic devices - ICO. 
• How to factory reset your Google Pixel phone - Google. 
• How to factory reset your iPhone, iPad, or iPod touch - Apple. 
• Reset your Android device to factory settings - Google. 
• Erase your Mac and reset it to factory settings  - Apple.
• Reset your PC - Microsoft.
• How do I perform a factory reset on my Samsung mobile device? -  Samsung.
• Kagi search engine.
• Battery Heated Clothing - Fieldsheer.
• Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Sponsored by:

• 1Password Extended Access Management – Secure every sign-in for every app on every device.
• BigID - Start protecting your sensitive data wherever it lives with BigID. Get a free demo to how your organization can reduce data risk and accelerate the adoption of generative AI.

SUPPORT THE SHOW:

Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.

Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!

FOLLOW US:

Follow us on Bluesky or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.

THANKS:

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

This week, we delve into the dark world of fake CAPTCHAs designed to hijack your computer. Plus, the AI safety clock is ticking down – is doomsday closer than we think? And to top it off, we uncover the sticky situation of Krispy Kreme facing a ransomware attack.

All this and more is discussed in the latest jam-packed edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault, joined this week by Mark Stockley of "The AI Fix" podcast.

Warning: This podcast may contain nuts, adult themes, and rude language.

Episode links:

• CAPTCHAs from hell - Reddit.
• “DeceptionAds” — Fake Captcha Driving Infostealer Infections and a Glimpse to the Dark Side of Internet Advertising - Guardio.
• AI Safety Clock Ticks Closer To ‘Midnight,’ Signifying Rising Risk - Forbes.
• Krispy Kreme admits there's a hole in its security - The Register. 
• Nutritional and Allergen Information - Krispy Kreme. 
• &UDM=14.
• Does one line fix Google? - Tedium.
• ElevenLabs.
• The GCHQ Christmas Challenge 2024 - GCHQ.
• Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Sponsored by:

• 1Password Extended Access Management – Secure every sign-in for every app on every device.
• BigID - Start protecting your sensitive data wherever it lives with BigID. Get a free demo to how your organization can reduce data risk and accelerate the adoption of generative AI.
• ThreatLocker - the Zero Trust endpoint protection platform that provides enterprise-level cybersecurity to organizations globally. Start your 30-day free trial today!

SUPPORT THE SHOW:

Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.

Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!

FOLLOW US:

Follow us on Bluesky or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.

THANKS:

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

A Canadian man is arrested in relation to the Snowflake hacks from earlier this year - after a cybersecurity researcher managed to track his identity, and a cryptocurrency-trading Instagram influencer is in trouble with the law.

All this and more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault.

Warning: This podcast may contain nuts, adult themes, and rude language.

Episode links:

• Accused Kitchener hacker unmasked after threatening woman online - The Waterloo Region Record.
• Canadian Man Arrested in Snowflake Data Extortions - Krebs on Security.
• Who wants to be next? - Bluesky post by Allison Nixon.
• Crypto Trader Kills His Mum For £500k After Going Into Debt To Maintain 'Perfect Lifestyle' - IB Times. 
• Autopsy reveals injuries on body of Colleen Rebelo’s body after alleged murder - Australia News.
• Influencer Marketing Statistics 2024 - Artios.
• BLACKkKLANSMAN trailer - YouTube.
• A Soft Murmur.
• Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Sponsored by:

• 1Password Extended Access Management – Secure every sign-in for every app on every device.
• BigID - Start protecting your sensitive data wherever it lives with BigID. Get a free demo to how your organization can reduce data risk and accelerate the adoption of generative AI.
• ThreatLocker - the Zero Trust endpoint protection platform that provides enterprise-level cybersecurity to organizations globally. Start your 30-day free trial today!

SUPPORT THE SHOW:

Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.

Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!

FOLLOW US:

Follow us on Bluesky or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.

THANKS:

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

A CEO is arrested for turning satellite receivers into DDoS attack weapons, and we journey into the world of bossware and "affective computing" and explore how AI is learning to read our emotions – is this the future of work, or a recipe for dystopia?

All this and more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault.

Warning: This podcast may contain nuts, adult themes, and rude language.

Episode links:

• Korea arrests CEO for adding DDoS feature to satellite receivers - Bleeping Computer.
• Data on our minds: affective computing at work - IFOW. 
• How Much Does 'Bossware' Really Curb Remote Work Slacking? - Inc. 
• MN8 – 2 Channel EEG Headphones - Emotiv.
• Commercial EEG Headsets for Enterprises - Emotiv.
• ‘Bossware’ computer tracking devices harm workers’ wellbeing, says report - The Times.
• Your Company’s Bossware Could Get You in Legal Trouble - 1Password.
• The Abandoned, Apocalyptic Architecture of One Bold 1970s Retail Chain - Atlas Obscura.
• Bankrupt - BEST Products Co. - YouTube.
• Defunct BEST Products Store Architecture Documentary - YouTube.
• Play Winning Cribbage - Amazon.
• Cribbage Classic - iOS App Store.
• Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Sponsored by:

• 1Password Extended Access Management – Secure every sign-in for every app on every device.
• BlackBerry - Tune in and empower your team with the knowledge to stay connected, no matter what crisis. Learn more about BlackBerry's critical event management solutions.
• ThreatLocker - the Zero Trust endpoint protection platform that provides enterprise-level cybersecurity to organizations globally. Start your 30-day free trial today!

SUPPORT THE SHOW:

Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.

Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!

FOLLOW US:

Follow us on Twitter Bluesky or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.

THANKS:

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

A Kansas City man is accused of hacking into local businesses, not to steal money, but to... get a cheaper gym membership? A DNA-testing firm has vanished, leaving customers in the dark about what's happened to their sensitive genetic data. And Australia mulls a social media ban for youngsters.

All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault, joined this week by Anna Brading.

Warning: This podcast may contain nuts, adult themes, and rude language.

Episode links:

• KC Man Indicted for Computer Hacking - Department of Justice.
• DNA testing company vanishes along with its customers’ genetic data - Malwarebytes.
• DNA firm holding highly sensitive data 'vanishes' without warning - BBC News.
• Australia proposes 'world-leading' ban on social media for children under 16 - Reuters.
• The government has introduced laws for its social media ban. But key details are still missing - The Conversation.
• Australia's under-16 social media age ban legislation excludes messaging apps - YouTube.
• Australia’s plan to ban children from social media popular but problematic - PBS News.
• Which Countries Are Considering Social Media Bans For Teens? - Newsweek.
• Graham’s previous encounter with hobs with knobs - Smashing Security.
• “The Day of the Jackal” trailer - YouTube.
• "Anora” trailer  - YouTube. 
• Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Sponsored by:

• 1Password Extended Access Management – Secure every sign-in for every app on every device.
• Vanta – Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get $1000 off!
• ThreatLocker - the Zero Trust endpoint protection platform that provides enterprise-level cybersecurity to organizations globally. Start your 30-day free trial today!

SUPPORT THE SHOW:

Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.

Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!

FOLLOW US:

Follow us on Bluesky or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.

THANKS:

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

In our latest episode we discuss how a woman hid under the bed after scammers told her she was under "digital arrest", how hackers are hijacking YouTube channels through malicious sponsorship deals, and how one phone company is turning the tables on fraudsters through deepfake AI.

All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault, joined this week by special guest Maria Varmazis.

Warning: This podcast may contain nuts, adult themes, and rude language.

Episode links:

• 'You are under digital arrest': Inside a scam looting millions from Indians - BBC News.
• Digital Arrest Scam: How You Can Stay Safe - YouTube.
• Tamil Nadu Professor Placed Under Digital Arrest, Duped of Rs 10 Lakh - YouTube.
• 'Mann Ki Baat' episode 115 - India Prime Minister Narendra Modi.
• “My YouTube Channel Got Deleted Last Night..” - Bitz on YouTube.
• NCA shuts down major fraud platform responsible for 1.8 million scam calls - National Crime Agency.
• O2 launches free anti-scam caller identification for millions of customers - O2. 
• AI Scambaiters: O2 creates AI Granny to waste scammers’ time - YouTube.
• “StreamJacking” - Hijacking Hundreds of YouTube Channels Per Day Propagating Elon Musk Branded Crypto Giveaway Scams - Guardio.
• Graham Cluley on Bluesky.
• Maria Varmazis on Bluesky.
• Dan Da Dan - Netflix.
• Butter by Asako Yuzuki - Harper Collins.
• 'Butter' book review: Meditations on murders - The Guardian.
• Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Sponsored by:

• 1Password Extended Access Management – Secure every sign-in for every app on every device.
• Vanta – Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get $1000 off!
• ThreatLocker - the Zero Trust endpoint protection platform that provides enterprise-level cybersecurity to organizations globally. Start your 30-day free trial today!

SUPPORT THE SHOW:

Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.

Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!

FOLLOW US:

Follow us on Bluesky, or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.

THANKS:

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Arion Kurtaj, a teenager from the UK, amassed a fortune through audacious cybercrimes. From stealing Grand Theft Auto 6 secrets to erasing Brazil's COVID vaccination data, his exploits were legendary. But his hacking spree took a bizarre turn when he was placed under police protection... in a Travelodge outside Oxford.

Plus Bengal cat lovers in Australia should be on their guard, as your furry feline friends might be leading you into a dangerous trap., and there's yet more headaches for troubled 23andMe.

All this and much more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault, joined this week by Thom Langford.

Plus don't miss our featured interview with Paul Fryer from BlackBerry.

Warning: This podcast may contain nuts, adult themes, and rude language.

Episode links:

• FBI issues warning as crooks ramp up emergency data request scams - The Register.
• Optimistic father of LAPSUS$ hacking suspect says he’s going to try to stop him using computers - Graham Cluley.
• LAPSUS$: GTA 6 hacker handed indefinite hospital order - BBC News.
• This Teenage Hacker Became a Legend Attacking Companies. Then His Rivals Attacked Him - Wall Street Journal.
• Bengal cat lovers in Australia get psspsspss’d in Google-driven Gootloader campaign - Sophos.
• Struggling DNA-testing site 23andMe to lay off 40% of its workers - BBC News.
• Remember That DNA You Gave 23andMe? - The Atlantic.
• Big Pharma Would Like Your DNA - The Atlantic.
• Addressing Data Security Concerns - Action Plan - 23andMe Blog.
• YTCH - YouTube-like cable TV.
• Space: 1999 opening titles - YouTube.
• Space: 1999 - Wikipedia.
• Wicked movie: Mattel 'deeply regrets' porn site misprint on dolls - BBC News.
• The Wicked Movie - Official Wicked Movie site.
• Mattel's 'Wicked' Movie Dolls Mistakenly List Porn Site on Packaging - Variety.
• Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Sponsored by:

• BlackBerry - Tune in and empower your team with the knowledge to stay connected, no matter what crisis. Learn more about BlackBerry's critical event management solutions.
• 1Password Extended Access Management – Secure every sign-in for every app on every device.
• Vanta – Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get $1000 off!

SUPPORT THE SHOW:

Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.

Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!

FOLLOW US:

Follow us on Twitter at @SmashinSecurity, Bluesky, or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.

THANKS:

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Mamma Mia! A major hacking scandal in Italy has expanded to include alleged involvement from Israel and the Vatican, and just why are companies advertising jobs that don't exist?

All this and more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault.

Warning: This podcast may contain nuts, adult themes, and rude language.

Episode links:

• Massive hack-for-hire scandal rocks Italian political elites - Politico.
• Dossieraggi, i contatti con il Mossad e i dati passati al Vaticano. “Aiutiamo la Chiesa contro la Russia o no?” - La Repubblica.
• That position you just applied for might be a 'ghost job' that'll never be filled - The Register.
• Ghost jobs: why do 40% of companies advertise positions that don’t exist? - The Guardian.
• Job boards are still rife with 'ghost jobs'. What's the point? - BBC.
• How To Spot Ghost Jobs And Make Your Job Search More Efficient - Forbes.
• What Are Ghost Jobs and How Can You Avoid Them? - Tech.co
• That job you applied for might not exist. Here's what's behind a boom in "ghost jobs." - CBS News.
• The Coming Storm - BBC Radio 4.
• Things fell apart - BBC Sounds.
• Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Sponsored by:

• 1Password Extended Access Management – Secure every sign-in for every app on every device.
• Vanta – Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get $1000 off!
• Flashpoint - Access the industry’s best threat data and intelligence.

SUPPORT THE SHOW:

Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.

Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!

FOLLOW US:

Follow us on Twitter at @SmashinSecurity, or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.

THANKS:

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

In this week's episode your hosts practice standing on one leg, Carole gives Graham a deepfake quiz, and we investigate how Strava may be exposing the movements of world leaders.

All this and more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault.

Warning: This podcast may contain nuts, adult themes, and rude language.

Episode links:

• Smashing Security #063: Carole’s back.
• Privacy of fitness tracking apps in the spotlight after soldiers' exercise routes shared online - We Live Security.
• Smashing Security #330: Deepfake Martin Lewis, and a deadly jog in the park.
• How Emmanuel Macron can be tracked - Le Monde.
• How Emmanuel Macron can be tracked - YouTube.
• The Pentagon Wants to Use AI to Create Deepfake Internet Users - Intercept.
• Is AI eroding democracy ahead of the US election? - BBC News.
• Fooled twice: People cannot detect deepfakes but think they can - PMC.
• Detect Fakes - Kellogg Northwestern.
• DON'T LET AI STEAL YOUR VOTE! - YouTube.
• Deepfakes fool more than half of Americans, UVU study shows - KLS News radio.
• Crocodiles Of The World.
• Here's How Long You Should Be Able To Stand On 1 Leg By Age - Huffington Post.
• Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Sponsored by:

• BlackBerry - Tune in and empower your team with the knowledge to stay connected, no matter what crisis. Learn more about BlackBerry's critical event management solutions.
• 1Password Extended Access Management – Secure every sign-in for every app on every device.
• Vanta – Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get $1000 off!

SUPPORT THE SHOW:

Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.

Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!

FOLLOW US:

Follow us on Twitter at @SmashinSecurity, or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.

THANKS:

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

The SolarWinds have returned to haunt four cybersecurity companies who tried to hide their breaches and ended up with their trousers around their ankles, and North Korea succeeds in getting one of its IT workers hired... but what's their plan?

All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault.

Warning: This podcast may contain nuts, adult themes, and rude language.

Episode links:

• SolarWinds Sunburst supply chain attack - Wikipedia.
• Rep. Katie Porter slams SolarWinds for its poor passwords - Twitter.
• SEC Charges Four Companies With Misleading Cyber Disclosures - SEC.
• Western firm hacked by North Korean cybercriminal hired as remote IT worker - Computing.
• Engaging with a Remote Workforce: Statistics and Strategies for Success - Government Events.
• 67% Of U.S. Employers To Lose Employees To Remote Work In 2024 - Forbes.
• A company's remote-working hire turns out to be in North Korea. He tried to hold it to ransom - Business Insider.
• US company accidentally hires North Korean for remote work, gets blackmailed when they try to fire him - IBTimes.
• Watch “Undercover: Exposing the Far Right” - Channel 4.
• Undercover film exposing UK far-right activists pulled from London festival - The Guardian.
• Kermode and Mayo’s Take - YouTube.
• The Fear of God: 25 Years of the Exorcist – BBC iPlayer.
• Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Sponsored by:

• 1Password Extended Access Management – Secure every sign-in for every app on every device.
• Vanta – Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get $1000 off!

SUPPORT THE SHOW:

Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.

Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!

FOLLOW US:

Follow us on Twitter at @SmashinSecurity, or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.

THANKS:

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.