What happens when eager computer enthusiasts unknowingly download a trojanized hacking tool and find themselves on the wrong side of cybersecurity? A former employee's actions led to chaos and raise urgent questions about the security of cultural treasures. And join us as we explore the alarming trend of social media influencers staging fake kidnappings.

All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault, joined this week by Lianne Potter from the "Compromising Positions" podcast.

Warning: This podcast may contain nuts, adult themes, and rude language.

Episode links:

• No Honour Among Thieves: Uncovering a Trojanized XWorm RAT Builder Propagated by Threat Actors and Disrupting Its Operations - CloudSEK.
• British Museum forced to partly close after alleged IT attack by former employee - The Guardian.
• Chart: What Do You Want to be When You Grow Up?- Statista.
• Tikked off: What happens when TikTok fame fades - Vox.
• Influencer burnout is real - Vox.
• Influencer slammed for staging fake kidnapping plot because she was ‘bored’ - Mirror Online.
• "Mom influencer" Katie Sorensen sentenced to jail for falsely claiming couple tried to kidnap her kids at a crafts store - CBS News.
• Stock market influencer on the way to Coldplay concert kidnapped by data theft gang - The New Indian Express.
• Raycast.
• “Thank Goodness You’re Here” video game.
• The We Society Podcast - Academy of Social Sciences.
• Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Sponsored by:

• Tailscale – Tailscale is perfect for work or personal projects, making networking simple. Its free plan covers up to 100 devices and 3 users. Get started at tailscale.com and be up and running in less than 10 minutes!
• 1Password – Secure every app, device, and identity – even the...

An Italian hacker makes the grade and ends up in choppy waters, and hear true stories of title deed transfer scams.

All this and more is discussed in the latest edition of the award-winning "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault.

Plus - don't miss our featured interview with Avery Pennarun of Tailscale.

Warning: This podcast may contain nuts, adult themes, and rude language.

Episode links:

• Report from Corriere Di Bologna newspaper.
• Caro Musk, assumi subito l’hacker quindicenne di Cesena – Il Foglio.
• 15-Year-Old Hacker Diverts Ships in Mediterranean Sea for Fun – Hot for Security.
• 90-year-old immigrant could lose Brooklyn home after deed theft scam, family says – CBS News.
• Protect your home. Spot the signs of deed theft – Better Business Bureau.
• Woman Charged for Scheme to Defraud Elvis Presley’s Family – DOJ.
• Home Title Theft: How To Protect Yourself – Forbes Advisor.
• Here’s How Scammers in America Can Take the Title to Your Home Without You Knowing It – Moneywise.
• Could a Criminal Use Deed Fraud to Steal Your Entire Home? – AARP.
• Could Fraudsters Steal Your Home From Under Your Nose? – HomeOwners Alliance.
• Wizard Zines.
• Listen for the Lie – Amazon.
• Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Sponsored by:

• Tailscale – Tailscale is perfect for work or personal projects, making networking simple. Its free plan covers up to 100 devices and 3 users. Get started at tailscale.com and be up and running in less than 10 minutes!
• 1Password – Secure every app, device, and identity – even the unmanaged ones at

The video game Path of Exile 2 suffers a security breach, we explore the issues of using predictive algorithms in travel surveillance systems, and the very worst IoT devices are put on show in Las Vegas. Oh, and has Elon Musk accidentally revealed he cheats at video games?

All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault, joined this week by The Cyberwire's Dave Bittner.

Warning: This podcast may contain nuts, adult themes, and rude language.

Episode links:

• Player of Games - Grimes.
• ‘Path of Exile 2’ Players Call Bulls**t on Elon Musk’s Video Game Stream - Gizmodo.
• Elon Musk "Playing" Path of Exile 2 - YouTube.
• Elon Musk is Lying About Being Good at Video Games - YouTube.
• Elon Musk Streams His ”Totally Not Boosted” ‘Path of Exile 2’ Character, Proves He Has No Idea What He’s Doing - Vice.
• Hacker Broke into ‘Path of Exile 2’ Admin Account, Hijacked Wave of Characters - 404 Media.
• Inside the Black Box of Predictive Travel Surveillance - WIRED.
• Average Number of Smart Devices in a Home 2025 - Consumer Affairs.
• Global IoT and non-IoT connections 2010-2025 - Statista.
• U.S. Cyber Trust Mark: New Label for IoT Devices - National Law Review.
• How the Internet of Things will be good for the planet - Thales Group.
• The ‘Worst in Show’ CES products put your data at risk and cause waste, privacy advocates say - AP News.
• The CES worst in show awards lampoon AI everthing - The Register.
• The Worst Devices of CES 2025!! - YouTube.
• This Could Be Your AI Robot Girlfriend - For $175,000 - Forbes.

Ever wonder how those "free" browser extensions that promise to save you money actually work? We dive deep into the controversial world of Honey, the coupon-finding tool owned by PayPal, and uncover a scheme that might be leaving you with less savings and your favorite YouTubers with empty pockets.

Plus, we take a look at Kagi, the search engine you pay not to show you adverts, and discuss what you should do with your old, no-longer-wanted technology.

All this and more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault.

Warning: This podcast may contain nuts, adult themes, and rude language.

Episode links:

• Exposing the Honey Influencer Scam - MegaLag on YouTube.
• The Honey Scam: Explained - Marques Brownlee on YouTube.
• 14 million people don’t know how to erase their data from an old device - ICO.
• Electronics hoarding habit among Brits and Americans - SellCell.
• Practical advice for online and electronic devices - ICO.
• How to factory reset your Google Pixel phone - Google.
• How to factory reset your iPhone, iPad, or iPod touch - Apple.
• Reset your Android device to factory settings - Google.
• Erase your Mac and reset it to factory settings - Apple.
• Reset your PC - Microsoft.
• How do I perform a factory reset on my Samsung mobile device? - Samsung.
• Kagi search engine.
• Battery Heated Clothing - Fieldsheer.
• Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Sponsored by:

• 1Password Extended Access Management – Secure every sign-in for every app on every device.
• BigID - Start protecting your sensitive data wherever it lives with BigID. Get a free demo to how your organization can reduce data risk and accelerate the adoption of generative AI.

SUPPORT THE SHOW:

Tell your friends and colleagues about “Smashing Security”, and leave us a review on

A Canadian man is arrested in relation to the Snowflake hacks from earlier this year - after a cybersecurity researcher managed to track his identity, and a cryptocurrency-trading Instagram influencer is in trouble with the law.

All this and more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault.

Warning: This podcast may contain nuts, adult themes, and rude language.

Episode links:

• Accused Kitchener hacker unmasked after threatening woman online - The Waterloo Region Record.
• Canadian Man Arrested in Snowflake Data Extortions - Krebs on Security.
• Who wants to be next? - Bluesky post by Allison Nixon.
• Crypto Trader Kills His Mum For £500k After Going Into Debt To Maintain 'Perfect Lifestyle' - IB Times.
• Autopsy reveals injuries on body of Colleen Rebelo’s body after alleged murder - Australia News.
• Influencer Marketing Statistics 2024 - Artios.
• BLACKkKLANSMAN trailer - YouTube.
• A Soft Murmur.
• Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Sponsored by:

• 1Password Extended Access Management – Secure every sign-in for every app on every device.
• BigID - Start protecting your sensitive data wherever it lives with BigID. Get a free demo to how your organization can reduce data risk and accelerate the adoption of generative AI.
• ThreatLocker - the Zero Trust endpoint protection platform that provides enterprise-level cybersecurity to organizations globally. Start your 30-day free trial today!

SUPPORT THE SHOW:

Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.

Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!

FOLLOW US:

Follow us on

A CEO is arrested for turning satellite receivers into DDoS attack weapons, and we journey into the world of bossware and "affective computing" and explore how AI is learning to read our emotions – is this the future of work, or a recipe for dystopia?

All this and more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault.

Warning: This podcast may contain nuts, adult themes, and rude language.

Episode links:

• Korea arrests CEO for adding DDoS feature to satellite receivers - Bleeping Computer.
• Data on our minds: affective computing at work - IFOW.
• How Much Does 'Bossware' Really Curb Remote Work Slacking? - Inc.
• MN8 – 2 Channel EEG Headphones - Emotiv.
• Commercial EEG Headsets for Enterprises - Emotiv.
• ‘Bossware’ computer tracking devices harm workers’ wellbeing, says report - The Times.
• Your Company’s Bossware Could Get You in Legal Trouble - 1Password.
• The Abandoned, Apocalyptic Architecture of One Bold 1970s Retail Chain - Atlas Obscura.
• Bankrupt - BEST Products Co. - YouTube.
• Defunct BEST Products Store Architecture Documentary - YouTube.
• Play Winning Cribbage - Amazon.
• Cribbage Classic - iOS App Store.
• Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Sponsored by:

• 1Password Extended Access Management – Secure every sign-in for every app on every device.
• BlackBerry - Tune in and empower your team with the knowledge to stay connected, no matter what crisis. Learn more about BlackBerry's critical event management solutions.
• ThreatLocker - the Zero Trust endpoint protection platform that provides enterprise-level cybersecurity to organizations globally. Start your 30-day free trial today!

SUPPORT THE SHOW:

Tell your friends and colleagues about “Smashing Security”, and leave us a review on

A Kansas City man is accused of hacking into local businesses, not to steal money, but to... get a cheaper gym membership? A DNA-testing firm has vanished, leaving customers in the dark about what's happened to their sensitive genetic data. And Australia mulls a social media ban for youngsters.

All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault, joined this week by Anna Brading.

Warning: This podcast may contain nuts, adult themes, and rude language.

Episode links:

• KC Man Indicted for Computer Hacking - Department of Justice.
• DNA testing company vanishes along with its customers’ genetic data - Malwarebytes.
• DNA firm holding highly sensitive data 'vanishes' without warning - BBC News.
• Australia proposes 'world-leading' ban on social media for children under 16 - Reuters.
• The government has introduced laws for its social media ban. But key details are still missing - The Conversation.
• Australia's under-16 social media age ban legislation excludes messaging apps - YouTube.
• Australia’s plan to ban children from social media popular but problematic - PBS News.
• Which Countries Are Considering Social Media Bans For Teens? - Newsweek.
• Graham’s previous encounter with hobs with knobs - Smashing Security.
• “The Day of the Jackal” trailer - YouTube.
• "Anora” trailer - YouTube.
• Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Sponsored by:

• 1Password Extended Access Management – Secure every sign-in for every app on every device.
• Vanta – Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get $1000 off!
• ThreatLocker - the Zero Trust endpoint protection platform that provides enterprise-level cybersecurity to organizations globally....