Smashing Security

About

Stories from the world of hacking, cybersecurity, and rogue AI. Smashing Security isn’t your typical tech podcast. Hosted by cybersecurity keynote speaker and industry veteran Graham Cluley, it serves up weekly tales of cybercrime, hacking horror stories, privacy blunders, and tech mishaps - all with sharp insight, a sense of humour, and zero tolerance for tech waffle. Winner of the best and most entertaining cybersecurity podcast awards in 2018, 2019, 2022, 2023, and 2024, Smashing Security has had over ten million downloads. Past guests include Garry Kasparov, Mikko Hyppönen, and Jack Rhysider. Follow the podcast on Bluesky at @smashingsecurity.com ( https://bsky.app/pro...

Episodes

• Meta sees everything, Copy Fail, and a deepfake gets hired 2026-05-06

  This Smashing Security episode covers privacy concerns with Meta's smart glasses and their contractors, the "Copy Fail" Linux bug, and an experiment where a deepfake clone was offered a job after a video interview. Graham Cluley and Paul D…

• This developer wanted to cheat at Roblox. It cost millions 2026-04-29

  This episode of Smashing Security discusses a developer's Roblox cheating attempt that resulted in a $2 million data breach, and the ongoing vulnerability of the SS7 phone protocol which enables mobile phone tracking. Guests include James…

• Rockstar got hacked. The data was junk. The secrets it revealed were not 2026-04-22

  This episode of Smashing Security discusses a hacker who challenged a security company claiming no breaches in 20 years, and the recent Rockstar Games hack that exposed financial data about GTA Online and Red Dead Redemption. It also cover…

• This AI company leaked its own code. It's also built something terrifying 2026-04-15

  This episode discusses an AI company that accidentally leaked its source code and also developed an AI model that can quickly find software vulnerabilities. Additionally, hackers claim to have gained control of Venice's flood defense syste…

• LinkedIn is spying on you, and you agreed to nothing 2026-04-08

  This episode discusses LinkedIn's secret scanning of browser extensions and the implications for user privacy. It also covers Russian government hackers compromising home routers and violent 'wrench attacks' targeting wealthy crypto holder…

• This man hid $400 million in a fishing rod. Then it vanished 2026-04-01

  This episode discusses an Irishman whose $400 million in Bitcoin, stored via access codes in a vanished fishing rod, saw $35 million recently move. Also covered is a data breach at Ajax Football Club that may have exposed the personal deta…

• Never knock on the door of a nuclear submarine base and ask for a selfie 2026-03-26

  This episode of Smashing Security discusses a data analyst's cyber extortion scheme, an attempt to access a nuclear submarine base, a female Muslim punk rock group, and a book on disinformation. Guest Jenny Radcliffe joins Graham Cluley to…

• This clever scam nearly hijacked a tech CEO's Apple ID 2026-03-19

  This episode of Smashing Security covers a near account takeover of a tech CEO's Apple ID through a clever scam. It also delves into data privacy concerns surrounding the UK Biobank and its "de-identified" data, alongside other cybersecuri…

• How not to steal $46 million from the US government 2026-03-12

  This episode of Smashing Security discusses a security engineer accidentally waking a JavaScript worm on Wikipedia, and a crypto contractor allegedly stealing $46 million from seized government assets. Other cybersecurity news and personal…

• How a cybersecurity boss framed his own employee 2026-03-05

  This episode uncovers a cybersecurity scandal where a boss framed an employee for a leak and discusses the potential for nation states to poison AI models. It also touches on a defense contractor selling zero-day exploits.

• How to lose friends and DDoS people 2026-02-26

  This episode discusses an internet archiving service accused of launching a DDoS attack and tampering with its own archive to smear a blogger. It also covers a ransomware gang that accidentally corrupted the keys needed to decrypt victim d…

• Face off: Meta’s Glasses and America’s internet kill switch 2026-02-19

  This episode discusses tech sovereignty and the potential for America to control Europe's internet. It also examines Meta's smart glasses and concerns about them becoming surveillance devices. The podcast explores whether these innovations…

• AI was not plotting humanity’s demise. Humans were 2026-02-12

  This episode discusses the Moltbook "AI-only" social network, where humans role-played as bots, addressing the hype around AI plotting against humanity. It also covers the risks of "vibe coding" applications and pro-Russian hacking threats…

• The Epstein Files didn’t hide this hacker very well 2026-02-05

  This episode discusses how supposedly redacted Jeffrey Epstein files can still reveal identifying information, especially with the help of AI and LinkedIn. It also covers an incident where a US cybersecurity official uploaded sensitive gov…

• The dark web's worst assassins, and Pegasus in the dock 2026-01-29

  In this episode, a YouTuber wins a court case against Saudi Arabia after his phone was hacked with Pegasus spyware. The discussion also covers the topic of professional hitmen available online and uncomfortable questions about crimes attra…

• I hacked the government, and your headphones are next 2026-01-22

  This episode of Smashing Security covers a cybercriminal who hacked US government websites and a security flaw that allows attackers to hijack wireless headphones. The hosts also discuss how this flaw could be used to listen to calls and i…

• From Instagram panic to Grok gone wild 2026-01-15

  This episode of Smashing Security discusses confusion surrounding alleged Instagram data leaks and examines Elon Musk’s Grok AI chatbot after it generated sexualized images. It raises questions about accountability and censorship in AI.

• How to scam someone in seven days 2026-01-08

  This episode of Smashing Security investigates a romance-fraud handbook, detailing a seven-day plan to defraud victims. It also examines the dire cybersecurity job market for junior professionals and discusses how misconfigurations contrib…

• The Kindle that got pwned 2025-12-18

  This episode of Smashing Security discusses a Black Hat Europe talk about a boobytrapped audiobook that could exploit the Amazon Kindle, potentially leading to compromised user accounts and credit card information. Co-host Graham Cluley an…

• Grok the stalker, the Louvre heist, and Microsoft 365 mayhem 2025-12-11

  This episode discusses AI leading to doxxing and stalking, the psychological aspects exploited in the Louvre heist, and Microsoft 365 security vulnerabilities. Graham Cluley and Jenny Radcliffe explore various cyber security topics, includ…

• A hacker doxxes himself, and social engineering-as-a-service 2025-12-04

  In this episode of Smashing Security, a hacker doxxes himself, and the hosts discuss the future of cybercrime and social engineering-as-a-service. They also cover various cybersecurity news and touch on Lily Allen's album "West End Girl."

• The hack that brought back the zombie apocalypse 2025-11-27

  This episode explores how security vulnerabilities in broadcasting hardware allowed hackers to air fake emergency alerts. It also covers an alleged insider threat at a cybersecurity firm where an employee potentially leaked sensitive infor…

• We’re sorry. Wait, did a company actually say that? 2025-11-20

  Smashing Security episode 444 examines a company's response to a data breach, hotel-booking malware, autonomous pen testing, and AI-turbocharged cybercrime. The episode also touches on lost Doctor Who animation and Eddie Murphy's career wi…

• Tinder’s camera roll and the Buffett deepfake 2025-11-13

  Tinder's plan to access camera rolls and Warren Buffett deepfakes are discussed. The episode also covers agentic AI, the importance of reading, and Lily Allen's new album. Special guest Ron Eddings joins the hosts.

• The hack that messed with time, and rogue ransomware negotiators 2025-11-06

  This episode of Smashing Security discusses a state-backed hacking incident targeting a nation's master clock and the issue of ransomware negotiators engaging in malicious activities. Cybersecurity veteran Graham Cluley and special guest D…

• Inside the mob's million-dollar poker hack, and a Formula 1 fumble 2025-10-30

  This episode of Smashing Security discusses a poker scam allegedly involving the mafia, basketball stars, hacked shufflers, and X-ray card tables. The episode also covers researchers finding personal details of Formula 1 drivers through an…

• How to hack a prison, and the hidden threat of online checkouts 2025-10-22

  This episode of Smashing Security discusses a Romanian prison hacking incident involving web kiosks and the threats posed by JavaScript on payment pages. It also covers new PCI DSS rules designed to combat Magecart-style skimmers.

• A breach, a burnout, and a bit of Fleetwood Mac 2025-10-15

  This episode of Smashing Security discusses a critical infrastructure hack involving default passwords and the human cost of defending against cyber-attacks, including stress and burnout among security teams. It also touches on leadership…

• When your mouse turns snitch, and hackers grow a conscience 2025-10-08

  This episode discusses how a computer mouse can be compromised via a web page and the unexpected development of a ransomware crew experiencing a crisis of conscience. It also touches on a baked potato hack and a literary adventure involvin…

• Salesforce's trusted domain of doom 2025-10-01

  Researchers uncovered a security flaw in Salesforce’s new Agentforce, dubbed "ForcedLeak," that allowed data exposure. The episode also discusses data breach communications, an ITV phone-hacking drama, and the history of the Rosetta Stone.

• The €600,000 gold heist, powered by ransomware 2025-09-24

  This episode of Smashing Security discusses a €600,000 gold heist at the Natural History Museum in Paris, enabled by ransomware that silenced alarms. It also covers the "Shai Hulud" worm, which has compromised over 180 npm packages to stea…

• Lights! Camera! Hacktion! 2025-09-17

  On this episode of Smashing Security, hosts discuss an Iranian hacking group's use of fake casting calls to target Israeli performers. They also cover reports of students hacking their own schools and the use of deepfakes for military ID f…

• Whopper Hackers, and AI Whoppers 2025-09-10

  This episode of Smashing Security covers ethical hackers uncovering security weaknesses at Burger King, including access to drive-thru recordings and hard-coded passwords. It also discusses an AI engineer facing a lawsuit for allegedly ste…

• How hackers turned AI into their new henchman 2025-09-03

  Smashing Security episode 433 explores how AI is being leveraged by hackers through methods like LegalPwn, where malicious instructions hidden in code comments and disclaimers manipulate AI. New research reveals AI agents have been used to…

• Oops! I auto-filled my password into a cookie banner 2025-08-27

  This episode explores how password managers can be tricked into revealing secrets through clickjacking, and what measures can be taken to prevent it. It also discusses the future of post-quantum cryptography and related security challenges…

• How to mine millions without paying the bill 2025-08-20

  In episode 431 of the "Smashing Security" podcast, a crypto-influencer accrued millions in unpaid cloud bills. The episode also discusses the growing threat of EDR-killer tools and explores the Internet Archive’s Wayforward Machine.

• Poisoned Calendar invites, ChatGPT, and Bromide 2025-08-13

  This episode of Smashing Security covers various security topics, including a potential smart home hijack via Google Calendar invites, a user's hospitalization after following ChatGPT's advice, and a discussion about Superman's latest film…

• Replit panics, and the AI that will kill you 2025-08-06

  This episode of Smashing Security addresses a co-host departure and plans for the show's future. It also includes clips from the sister podcast, "The AI Fix," which covers artificial intelligence.

• Red flags, leaked chats, and a final farewell 2025-07-30

  This episode of Smashing Security discusses the data leak from the Tea dating app, which exposed private user information. Additionally, co-host Carole Theriault records her final episode, reflecting on her time with the podcast.

• When 2G attacks, and a romantic road trip goes wrong 2025-07-23

  In this episode, Graham discusses the vulnerabilities of 2G networks to cybercriminal exploitation. Carole shares a story about a romantic road trip that takes an unexpected turn. They also touch on other news including a Facebook memoir M…

• Choo Choo Choose to ignore the vulnerability 2025-07-16

  In this episode of Smashing Security, Graham Cluley and Carole Theriault discuss train braking system vulnerabilities, the behavior of the Grok AI chatbot, and email-related issues. They also review Taskmaster SuperMax Plus.

• Call of Duty: From pew-pew to pwned 2025-07-09

  In this episode, Graham reveals how "Call of Duty: WWII" has been weaponized, allowing hackers to hijack PCs during online matches. Carole discusses a scam where impersonators target the recently incarcerated, fleecing desperate families f…

• Surveillance, spyware, and self-driving snafus 2025-07-02

  This episode of Smashing Security discusses a report on a Mexican drug cartel spying on the FBI using surveillance tech. It also covers the issues and safety concerns of self-driving cars and robotaxis. Additionally, the hosts touch on top…

• Operation Endgame, deepfakes, and dead slugs 2025-06-25

  Graham discusses Operation Endgame, a police crackdown on botnets. Carole examines AI-generated remote hiring threats, and Joe Tidy talks about his book "Ctrl-Alt-Chaos" on teenage hackers, ransomware gangs, and digital mayhem. The episode…

• The curious case of the code copier 2025-06-18

  This episode of Smashing Security discusses a GCHQ intern who took secrets home and an Australian hacker who faced legal trouble. The hosts also touch on topics like flow states and popular culture references.

• Toothpick flirts, Google leaks, and ICE ICE scammers 2025-06-11

  This episode of Smashing Security covers a Google privacy vulnerability allowing phone number brute-forcing and a scam where fake ICE agents extort international students. It also touches on other cybersecurity and general interest topics.

• Fake Susies, flawed systems, and fruity fixes for anxiety 2025-06-04

  This episode explores a case of political impersonation involving Susie Wiles and discusses the UK mental health crisis, including TikTok's unconventional advice for anxiety. Also, a tech support story about a "brown monitor" is shared. Tu…

• Star Wars, the CIA, and a WhatsApp malware mirage 2025-05-28

  This episode discusses a Star Wars fan website redirecting to the CIA, the prevalence of scam call centers in Cambodia, and whether a WhatsApp image can lead to bank account drainage. The hosts Graham Cluley and Carole Theriault are joined…

• Grid failures, Instagram scams, and Legal Aid leaks 2025-05-21

  This episode of Smashing Security discusses grid failures, Instagram scams, and Legal Aid leaks. Graham investigates the Iberian Peninsula blackout. Carole discusses a UK legal aid hack. Dinah Davis recounts her daughter's Instagram accoun…

• Hello, Pervert! - Sextortion scams and Discord disasters 2025-05-14

  This episode of Smashing Security investigates sextortion scams and how the crypto wallet firm Ledger's Discord server was hijacked to phish for cryptocurrency recovery phrases. Cybersecurity veterans Graham Cluley and Carole Theriault dis…