What do a sleazy nightclub carpet, Google’s gaping privacy hole, and an international student conned by fake ICE agents have in common? This week’s episode of the "Smashing Security" podcast obviously.

Graham explains how a Singaporean bug-hunter cracked Google’s defences and could brute-force your full phone number. Meanwhile, Carole dives into a chilling scam where ICE impersonators used fear, spoofed numbers, and... Apple gift cards to extort terrified migrants.

Plus: Nazis, door safety, and the age-old struggle of telling Ralph Fiennes from Liam Neeson.

All this and more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault.

Warning: This podcast may contain nuts, adult themes, and rude language.

Episode links:

• Bruteforcing the phone number of any Google user - Brutecat.
• Leaking the phone number of any Google user - YouTube.
• Researcher Found Flaw to Discover Phone Numbers Linked to Any Google Account - The Hacker News.
• Google fixes flaw that could unmask YouTube users' email addresses - Bleeping Computer.
• ICE Scammers Are On The Rise: What To Do - Newsweek.
• Student visa holder tricked by fake ICE agent scam, loses thousands - Newsweek.
• Conspiracy - IMDB.
• Schindler’s List - IMDB.
• Dutch Reach car door opening method - The AA.
• Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Sponsored by:

• Drata - The world’s most advanced Trust Management platform – making risk and compliance management accessible, continuous, and 10x more automated than ever before.
• Vanta – Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get $1000 off!
• Flare - Uncover the latest threats across the dark web and Telegram. Start your free trial today.

SUPPORT THE SHOW:

Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.

Become a supporter via

A bizarre case of political impersonation, where Trump’s top aide Susie Wiles is cloned (digitally, not biologically — we think), and high-ranking Republicans start getting invitations to link up with "her" on Telegram to share their Trump pardon wishlists. Was it a deepfake? Or just someone with a halfway decent impression and access to a shady data broker?

Meanwhile, we take a worryingly familiar journey into the mental health crisis in the UK — and how TikTok is stepping in with advice like “eat an orange in the shower” to cure your anxiety. Spoiler: it won’t. But it might make your bathroom smell nice.

Plus: a nostalgic tech support tale involving a CRT monitor, a wooden door, and an unexpected shade of brown.

All this and more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault.

Warning: This podcast may contain nuts, adult themes, and rude language.

Episode links:

• Federal Authorities Probe Effort to Impersonate White House Chief of Staff - Wall Street Journal.
• FBI probes effort to impersonate White House chief of staff Susie Wiles, sources say - CBS News.
• The Trump Administration Accidentally Texted Me Its War Plans - The Atlantic.
• The Trump campaign is still being hacked - Popular Information.
• The Big Mental Health Report - Mind.
• Mental Health Pressures - British Medical Association.
• More than half of top 100 mental health TikToks contain misinformation, study finds - The Guardian.
• ‘They thought they were doing good but it made people worse’: why mental health apps are under scrutiny - The Guardian.
• How to find therapy or counselling - Mind.
• Carole in the shower with an orange? - Twitter.
• Matter - modern read-later app for iPhone, iPad, and web.
• Techie fixed a ‘brown monitor’ by closing a door - The Register.
• Smashing Security merchandise (t-shirts, mugs, stickers and...

Why is a cute Star Wars fan website now redirecting to the CIA? How come Cambodia has become the world's hotspot for scam call centres? And can a WhatsApp image really drain your bank account with a single download, or is it just a load of hacker hokum?

All this and much more is discussed in the latest edition of the award-winning "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Allan Liska.

Warning: This podcast may contain nuts, adult themes, and rude language.

Episode links:

• How I found a Star Wars website made by the CIA - Ciro Santilli on YouTube.
• How the CIA failed Iranian informants in its secret war with Tehran - Reuters.
• Isis and al-Qaeda sending coded messages through eBay, pornography and Reddit - Independent.
• Games Without Frontiers: Investigating Video Games as a Covert Channel - IEEE.
• General David Petraeus used clever Gmail trick during affair - Network World.
• Cambodia is home to world’s most powerful criminal network: report - SCMP.
• How to protect yourself from suspicious messages and scams- WhatsApp.
• Is WhatsApp Safe? Tips for Staying Secure - WhatsApp.
• Hacked on WhatsApp – how to stay safe when using the messaging app - BBC.
• Just a GIF Image Could Have Hacked Your Android Phone Using WhatsApp - The Hacker News.
• Kon-Tiki: The Epic Raft Journey Across the Pacific - YouTube.
• Still Standing with Jonny Harris - CBC.
• Niki de Saint Phalle & Jean Tinguely - Myths & Machines - Hauser & Wirth.
• Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Sponsored by:

• Vanta– Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get $1000 off!

In this week’s episode, Graham investigates the mysterious Iberian Peninsula blackout (aliens? toaster? cyberattack?), Carole dives in the UK legal aid hack that exposed deeply personal data of society's most vulnerable, and Dinah Davis recounts how Instagram scammers hijacked her daughter’s account - and how a parental control accidentally saved the day.

All this and more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault, joined this week by special guest Dinah Davis.

Warning: This podcast may contain nuts, adult themes, and rude language.

Episode links:

• 418 - I’m a teapot - MDN Web Docs.
• 2025 Iberian Peninsula blackout - Wikipedia.
• What could have caused the major power outage in Spain and Portugal? Experts weigh in - Euro News.
• Spain investigates cyber weaknesses in blackout probe - Financial Times.
• Report on Working Conditions at INCIBE, the company Investigating the blackout - El Cierre Digital.
• My Teen's Instagram Account was Hacked - Dinah Davis.
• We Got Her Account Back, Here’s What the Forensics Revealed - Dinah Davis.
• 'Significant amount' of private data stolen in Legal Aid hack - BBC News.
• Civil legal aid: millions still without access to justice - The Law Society.
• Civil representation - Legal aid data - GOV.UK.
• Legal aid statistics England and Wales bulletin Oct to Dec 2024 - GOV.UK.
• Funding for justice down 22% since 2010 - Bar Council.
• The Assembly - ITV.
• The Assembly review – this celebrity interview show is going to be massive - The Guardian.

Don't get duped, doxxed, or drained! In this episode of "Smashing Security" we dive into the creepy world of sextortion scams, and investigate how crypto wallet firm Ledger's Discord server was hijacked in an attempt to phish for cryptocurrency recovery phrases.

All this and more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault.

Plus! Don't miss our featured interview with Drata's Matt Hillary.

Warning: This podcast may contain nuts, adult themes, and rude language.

Episode links:

• Ledger secures Discord after hacker bot tried to steal seed phrases - CoinTelegraph.
• Binance Founder CZ Warns: Ledger Discord Hack Targets Recovery Phrases - CoinPedia.
• Ledger confirms physical scam letters requesting seed phrase in fake security upgrade - The Block.
• Physical addresses of 270K Ledger owners leaked on hacker forum - Bleeping Computer.
• Criminals are mailing altered Ledger devices to steal cryptocurrency - Bleeping Computer.
• New Hello Pervert Email Attack Warning — ‘I Know Where You Live’ - Forbes.
• ‘Hello pervert’: the sextortion scam claiming to have videoed you - The Guardian.
• "Hello Pervert" Email Is A Total Scam - What You Need To Know - Malware Tips.
• Scam email sent from my own email address - Microsoft Community.
• Thunderbolts* review: 'The greatest Marvel offering in years' - BBC.
• Limelight, Exemplar - BBC Radio 4.
• Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Sponsored by:

• Drata - The world’s most advanced Trust Management platform – making risk and compliance management accessible, continuous, and 10x more automated than ever before.
• Dashlane - Protect against the #1 cause of data breaches - poor password habits. Save 25% off a new business plan, or 35% off a personal Premium plan!

Brits face empty shelves and suspended meal deals as cybercriminals hit major high street retailers, and a terminated Disney employee gets revenge with a little help with Wingdings. Plus Graham challenges Carole to a game of "Malware or metal?", and we wonder just happens when you have sex on top of a piano?

All this and more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault.

Plus! Don't miss our featured interview with Jon Cho of Dashlane.

Warning: This podcast may contain nuts, adult themes, and rude language.

Episode links:

• Why is the M&S cyber attack chaos taking so long to resolve? - BBC News.
• M&S 'had no plan' for cyber attacks, insider claims, with 'staff left sleeping in the office amid paranoia and chaos' - Sky News.
• Hackers target the Co-op as police probe M&S cyber attack - BBC News.
• Harrods latest retailer to be hit by cyber attack - BBC News.
• Alleged ‘Scattered Spider’ Member Extradited to US - Krebs on Security.
• British 'ringleader' of hacking group 'behind M&S cyber attack' fled his home after 'masked thugs burst in and threatened him with blowtorches' - Daily Mail.
• Incidents impacting retailers – recommendations - NCSC.
• Ex-Disney employee gets 3 years in the clink for goofy attacks on mousey menus - The Register.
• United States of America V Michael Sheuer - Plea Agreement - US District Court PDF.
• At 99, David Attenborough shares strongest message for the ocean - Oceanographic magazine.
• Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Sponsored by:

• Dashlane - Protect against the #1 cause of data breaches - poor password habits. Save 25% off a new business plan, or 35% off a personal Premium plan!
• Vanta – Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get $1000 off!
• Material - Email security that covers the full threat landscape – stopping new flavors of phishing and pretexting attacks in

He's not a pop star, but Jeffrey Bowie is alleged to have toured staff areas of a hospital in Oklahoma, hunting for computers he could install spyware on. We dive into the bizarre case of the man accused of hacking medical networks and then sharing how he did it on LinkedIn.

Plus! Move over Nigerian princes — the WASPI scams are here. Fraudsters are now targeting UK women born in the 1950s, exploiting pension injustice for phishing gain.

All this and more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault.

Warning: This podcast may contain nuts, adult themes, and rude language.

Episode links:

• Cybersecurity Firm CEO Charged with Installing Malware on a Hospital Computer - HIPAA Journal.
• Edmond cybersecurity CEO accused in major hack at hospital - YouTube.
• Jeffrey Bowie’s post on LinkedIn - Wayback Machine.
• Martin Lewis issues scam warning as fraudsters use him to target WASPI women - Metro News.
• ‘Waspi’ women warned over fake compensation websites - The Guardian.
• WASPI campaigners warn of "dangerous" spike in fake compensation scams - Financial Reporter.
• National Trust.
• Wallet Creator - iOS App Store.
• DIY Dubai chocolate: Ravneet Gill’s recipe for crunchy pistachio chocolate - The Guardian.
• Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Sponsored by:

• Vanta – Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get $1000 off!
• 1Password Extended Access Management – Secure every sign-in for every app on every device.

SUPPORT THE SHOW:

Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.

Become a supporter via Patreon or Apple Podcasts for ad-free...

Graham explores how the Elusive Comet cybercrime gang are using a sneaky trick of stealing your cryptocurrency via an innocent-appearing Zoom call, and Carole goes under the covers to explore the extraordinary lengths bio-hacking millionaire Bryan Johnson is attempting to extend his life.

All this and more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault.

Warning: This podcast may contain nuts, adult themes, and rude language.

Episode links:

• Elusive Comet advisory - Security Alliance.
• Mitigating Elusive Comet Zoom remote control attacks - Trail of Bits.
• Aureon Capital: The Fake VCs who Almost Hacked Me - David Z Morris.
• Requesting or giving Remote Control - Zoom knowledgebase article.
• Has Bryan Johnson’s anti-aging experiment backfired? Biohacker spending $2 million-a-year admits to a costly misstep - Economic Times.
• How Blueprint Founder Bryan Johnson Sought Control Via Confidentiality Agreements - The New York Times.
• Anti-aging mogul Bryan Johnson claims NY Times preparing ‘hit piece’ about alleged use of prostitutes, drugs - NY Post.
• KOReader - document reader for E Ink devices.
• Killing Thatcher: The IRA, the Manhunt and the Long War on the Crown - Bookshop.org.
• The Urge - Our history of addiction by Carl Erik Fisher.
• Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Sponsored by:

• Vanta – Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get $1000 off!
• 1Password Extended Access Management – Secure every sign-in for every app on every device.

SUPPORT THE SHOW:

Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.

Become a supporter via