Privacy own-goal: World Cup blunder leaks Lionel Messi’s passport details
Argentina's World Cup squad had their passport numbers leaked before a ball was kicked - not by hackers, but by someone who failed to redact a document prope...
Graham Cluley
20 articles
Silent Ransom Group: what you need to know
Most extortion gangs hide behind a keyboard. Silent Ransom Group will phone your staff pretending to be IT support - and if that fails, send someone to your ...
Smashing Security podcast #471: This AI worm just rewrote its own rules
Researchers at the University of Toronto have built a worm that thinks for itself. Using free off-the-shelf AI models it works out how to break into each new...
Why schools remain one of cybercriminals’ favourite targets
Schools on both sides of the Atlantic have been revealed in recent days to have been hit by hackers, reminding all of us that ransomware gangs see educationa...
Got a LinkedIn message from a recruiter? It might be Chinese intelligence, warn FBI and MI5
If you've ever received an out-of-the-blue message via LinkedIn from a recruiter offering some well-paid consultancy work, intelligence agencies have a messa...
Meta’s own AI chatbot to blame for Instagram accounts being stolen in seconds
Hackers have been hijacking Instagram accounts at scale by exploiting Meta's AI support chatbot. And, as if that weren't bad enough, the technique required n...
Smashing Security podcast #470: This AI security flaw might be impossible to fix
A website called "UK visa portal" has been quietly collecting passport scans, selfies, and personal data from thousands of travellers who thought they were a...
Police arrest man following hack of Ajax football club
Dutch police have arrested a 35-year-old man suspected of hacking into the computer systems of Amsterdam football giant Ajax, after the personal data of hund...
MyPillow listed on ransomware gang’s leak site, but denies it has been breached
A notorious ransomware gang claims to have stolen MyPillow's private data, but CEO Mike Lindell calls it a politically motivated "hit job." With the countdow...
Smashing Security podcast #469: What your Oura ring won’t tell you
CISA, the US government agency whose entire job is keeping America's critical infrastructure safe from hackers, has had a contractor publish dozens of plain-...
FBI warns of Kali365 phishing kit that breaks into Microsoft 365 accounts – no password required
So, you've enabled multi-factor authentication. You've taught your staff never to type their passwords into dodgy-looking login pages.
Defenders fall behind, as AI rewrites the rules of a data breach
For almost 20 years, stolen credentials have been the most common route for attackers into organizations, according to the Verizon Data Breach Investigations...
Smashing Security podcast #468: High-speed train hacks and homicidal lawnmowers
A 23-year-old radio enthusiast spent £300 on a piece of kit from the internet, and used it to bring four packed high-speed trains to a screeching halt. His d...
FBI warns students and staff that ShinyHunters may come knocking after Canvas breach
Having receive a ransom payment for its attack on Canvas, ShinyHunters and other extortion gangs are only likely to be further incentivised to launch similar...
FBI warns students and staff that ShinyHunters may come knocking after Canvas breach
Having receive a ransom payment for its attack on Canvas, ShinyHunters and other extortion gangs are only likely to be further incentivised to launch similar...
Suspected Dream Market kingpin arrested after gold bars sent to his home address
Lesson one for aspiring dark web kingpins: don't have your laundered gold bars shipped to your home address. Read more in my article on the Hot for Security ...
When ransomware gets physical: cybercriminals turn to threats of violence
Pay up, or we'll pay someone to pay you a visit. Cybercrime gangs are increasingly turning to real-world threats - and even hiring local muscle to deliver th...
Smashing Security podcast #467: How ShinyHunters hacked the world’s biggest universities
Welcome to the largest educational data breach in history - affecting nearly 9,000 institutions, every Ivy League university, and 30 million students mid-fin...
One in eight UK workers has sold their company passwords, and bosses think it’s fine
One in eight UK workers admits to selling their company login credentials - or knowing someone who has - in the past 12 months. The really alarming bit?
Inside Department 4: Russia’s secret school for hackers
Most universities have a careers fair. At Bauman Moscow State Technical University, however, an elite group of students appear to have something rather more ...