Graham Cluely

The ransomware negotiator who was working for the other side

Graham Cluely Security Blog - 18 hours 52 min ago
When a company falls victim to a ransomware attack, it is not uncommon for it to turn to experts for help. Specialist ransomware negotiation firms handle communications with criminal gangs on a victim's behalf. What victims don't expect is that their trusted negotiator might be separately sharing details of the victim's cyber-insurance policy and negotiation strategy directly with the attackers themselves. Read more in my article on the Hot for Security blog.
Categories: Graham Cluely

Invited to a “job interview” with Netflix or OpenAI? Beware! Your Google password could be at risk

Graham Cluely Security Blog - Thu, 07/09/2026 - 9:17am
Have you received an email from a recruiter at Adobe, Netflix, or OpenAI offering you an exciting new marketing role? Well, before you start brushing up your interview technique, take a closer look at who is really behind it. Read more in my article on the Hot for Security blog.
Categories: Graham Cluely

Smashing Security podcast #475: JadePuffer – the AI that ran a ransomware attack all by itself

Graham Cluely Security Blog - Wed, 07/08/2026 - 7:19pm
A 15-year-old boy asked a chatbot for help - and cancelled nearly 47,000 anime streaming subscriptions in under four hours. Meanwhile, researchers have documented the first fully autonomous, agentic AI-driven ransomware attack, "JadePuffer". What does this tell us about the future of cybersecurity? Also, Apple's "Hide My Email" feature turns out to hide rather less than it promises - despite Apple knowing it has a problem for over a year. All this and more in this episode of the "Smashing Security" podcast with cybersecurity expert and keynote speaker Graham Cluley, and special guest Zoë Rose.
Categories: Graham Cluely

Two arrested over credit card phishing – as the Netherlands is named Europe’s worst for payment fraud

Graham Cluely Security Blog - Tue, 07/07/2026 - 8:56am
Two young men have been arrested in the Netherlands on suspicion of running a phishing operation that harvested the credit card details of unsuspecting victims. Read more in my article on the Hot for Security blog.
Categories: Graham Cluely

The Gentlemen ransomware: what you need to know

Graham Cluely Security Blog - Thu, 07/02/2026 - 12:50pm
Who Are The Gentlemen? Despite the impeccably polite name, there is nothing polite or refined about this particular gang of cybercriminals. Read more in my article on the Fortra blog.
Categories: Graham Cluely

Smashing Security podcast #474: Polymarket can predict the future. So how did it miss this hack?

Graham Cluely Security Blog - Wed, 07/01/2026 - 7:12pm
Polymarket has built an entire business on predicting the future. So how did it manage to spectacularly fail to predict its own hack? Plus, the Google engineer with a million-dollar secret, and the curious case of the airport hairdryer. Meanwhile, "FortiBleed" sees 75,000 Fortinet firewalls thrown wide open - and the real damage is going to roll on for years. All this and more in episode 474 of the "Smashing Security" podcast with cybersecurity expert and keynote speaker Graham Cluley, and special guest Quentyn Taylor.
Categories: Graham Cluely

Scammers race to cash in on Venezuelan earthquake disaster

Graham Cluely Security Blog - Tue, 06/30/2026 - 5:04pm
Scammers wasted no time exploiting Venezuela's devastating earthquake, with researchers uncovering 212 newly-registered relief-themed domains in just five days. Read more in my article on the Hot for Security blog.
Categories: Graham Cluely

USB drives carrying China-linked malware infected Japanese military networks for nearly a year

Graham Cluely Security Blog - Tue, 06/30/2026 - 6:25am
Read more in my article on the Hot for Security blog.
Categories: Graham Cluely

Smashing Security podcast #473: How a hacker could have Rickrolled the entire World Cup

Graham Cluely Security Blog - Wed, 06/24/2026 - 7:10pm
A polite caller from your bank says there is a problem with your account. Don't worry - they'll send someone round to help. They'll even take your cards away to keep them safe. The scam has run rampant, until Dutch police plastered blurred photos of 100 suspects across billboards, supermarkets, and TikTok, with a two-week ultimatum to turn themselves in... or else. Meanwhile, a security researcher called Bob DaHacker got her hands on the live broadcast controls for every match of the 2026 FIFA World Cup. She could have Rickrolled the entire planet, but actually spent days trying to find anyone at FIFA who would pick up the phone. Plus! Don't miss our featured interview with Black Kite's Jeffrey Wheatman explores ransomware and extortion attacks across Europe. All this and more in episode 473 of the "Smashing Security" podcast with cybersecurity expert and keynote speaker Graham Cluley, and special guest Danny Palmer.
Categories: Graham Cluely

Hacker hijacks Brazil’s national alert system, sending “misanthropy” to millions of phones

Graham Cluely Security Blog - Tue, 06/23/2026 - 8:16am
Emergency alert systems work because people believe them. Every time one of these systems issues a false alert - whether through negligence or a deliberate attack - trust erodes. Read more in my article on the Hot for Security blog.
Categories: Graham Cluely

Apple’s Hide My Email tweak leaves privacy fans fuming

Graham Cluely Security Blog - Fri, 06/19/2026 - 11:47am
Apple has long marketed itself as the privacy-first tech giant. So why is it making a change to Hide My Email that will make it easier for websites to block anonymous sign-ups - and harder for you to stay private online? Read more in my article on the Hot for Security blog.
Categories: Graham Cluely

Imposter scams cost Americans $3.5 billion in 2025 – and it’s getting worse

Graham Cluely Security Blog - Fri, 06/19/2026 - 9:51am
Someone is pretending to be your bank, your government, or your local planning office. And according to the FTC, they're making billions doing it. Read more in my article on the Fortra blog.
Categories: Graham Cluely

Smashing Security podcast #472: AI gets hacked, and BitLocker gets bypassed

Graham Cluely Security Blog - Wed, 06/17/2026 - 7:10pm
What if your AI coding assistant could be tricked into stealing your own company's secrets - by reading a single booby-trapped bug report? No phishing email. No malware. No password ever stolen. Just an AI doing exactly what it was told. Meanwhile, someone themselves Nightmare Eclipse has decided to teach Microsoft a lesson. The result? Three zero-days dropped on the internet, one of which lets a thief with a USB stick walk straight past BitLocker. Microsoft is furious. Plus don't miss our featured interview with Son Nguyen Kim of Proton Pass, who explains why plugging AI agents into your email and calendar without thinking twice is rather like hiring a new employee with the keys to everything - and skipping the background check. All this and more in episode 472 of the "Smashing Security" podcast with cybersecurity expert and keynote speaker Graham Cluley, and special guest Paul Ducklin.
Categories: Graham Cluely