Graham Cluley
@grahamcluley.com
Award-winning #cybersecurity and #AI keynote speaker, writer, podcaster | Host of @theaifix.show and @smashingsecurity.com podcasts
❤️ #DoctorWho, #Beatles, #Chess
🌐 https://grahamcluley.com
🎙️ https://theaifix.show
🎙️ https://www.smashingsecurity.com
❤️ #DoctorWho, #Beatles, #Chess
🌐 https://grahamcluley.com
🎙️ https://theaifix.show
🎙️ https://www.smashingsecurity.com
In entirely predictable news, it has been found that portions of the newly-released Jeffrey Epstein files - intended to be redacted - can be effectively *UN-redacted* by using simple techniques... including highlight text and pasting it into a word processor!! 🤦♂️
www.theguardian.com/us-news/2025...
www.theguardian.com/us-news/2025...
Some Epstein file redactions are being undone with hacks
Un-redacted text from released documents began circulating on social media on Monday evening
www.theguardian.com
December 24, 2025 at 10:28 AM
In entirely predictable news, it has been found that portions of the newly-released Jeffrey Epstein files - intended to be redacted - can be effectively *UN-redacted* by using simple techniques... including highlight text and pasting it into a word processor!! 🤦♂️
www.theguardian.com/us-news/2025...
www.theguardian.com/us-news/2025...
Is Santa Claus real? 🎅 This Christmas special of "The AI Fix podcast" sets out to answer that question in the most sensible way possible: by consulting chatbots, Google's festive killjoys, and the laws of relativistic physics.
grahamcluley.com/the-ai-fix-8...
grahamcluley.com/the-ai-fix-8...
The AI Fix #82: Santa Claus doesn’t exist (according to AI)
Is Santa Claus real? This Christmas special of The AI Fix podcast sets out to answer that question in the most sensible way possible: by consulting chatbots, Google’s festive killjoys, and the laws of...
grahamcluley.com
December 23, 2025 at 3:38 PM
Is Santa Claus real? 🎅 This Christmas special of "The AI Fix podcast" sets out to answer that question in the most sensible way possible: by consulting chatbots, Google's festive killjoys, and the laws of relativistic physics.
grahamcluley.com/the-ai-fix-8...
grahamcluley.com/the-ai-fix-8...
📚Think your Kindle is harmless? Think again! @dannypalmer.bsky.social and I unpack how a boobytrapped audiobook could exploit the Amazon eBook reader - potentially letting an attacker break into your account - in the latest episode of the "Smashing Security" podcast
grahamcluley.com/smashing-sec...
grahamcluley.com/smashing-sec...
Smashing Security podcast #448: The Kindle that got pwned
Think your Kindle is harmless? Think again! In this episode, we unpack a Black Hat Europe talk revealing how a boobytrapped audiobook could exploit the Amazon eBook reader – potentially letting an…
grahamcluley.com
December 18, 2025 at 5:03 PM
📚Think your Kindle is harmless? Think again! @dannypalmer.bsky.social and I unpack how a boobytrapped audiobook could exploit the Amazon eBook reader - potentially letting an attacker break into your account - in the latest episode of the "Smashing Security" podcast
grahamcluley.com/smashing-sec...
grahamcluley.com/smashing-sec...
Ahoy! 👨✈️ A cruise line firm has banned the use of smart glasses (like Meta Ray-Bans and Google Glass) onboard in public areas. And apparently some people aren't happy about it!
www.bitdefender.com/en-us/blog/h...
www.bitdefender.com/en-us/blog/h...
Surveillance at sea: Cruise firm bans smart glasses to curb covert recording
If you're planning a cruise for your holidays, and cannot bear the idea of being parted from your Ray-Ban Meta smart glasses, you may want to avoid sailing with MSC Cruises.
www.bitdefender.com
December 17, 2025 at 1:43 PM
Ahoy! 👨✈️ A cruise line firm has banned the use of smart glasses (like Meta Ray-Bans and Google Glass) onboard in public areas. And apparently some people aren't happy about it!
www.bitdefender.com/en-us/blog/h...
www.bitdefender.com/en-us/blog/h...
A 49-year-old man has been jailed for 5½ years after admitting to creating detailed video tutorials that showed members of a criminal gang how to infect Android phones with spyware and drain bank accounts.
Read more in my article on the Bitdefender blog:
www.bitdefender.com/en-us/blog/h...
Read more in my article on the Bitdefender blog:
www.bitdefender.com/en-us/blog/h...
Man jailed for teaching criminals how to use malware
Regular readers of Hot for Security will have read plenty of articles about cybercriminals who have created malware, or malicious hackers who have used malware to infect the systems of victims.
www.bitdefender.com
December 15, 2025 at 10:30 AM
A 49-year-old man has been jailed for 5½ years after admitting to creating detailed video tutorials that showed members of a criminal gang how to infect Android phones with spyware and drain bank accounts.
Read more in my article on the Bitdefender blog:
www.bitdefender.com/en-us/blog/h...
Read more in my article on the Bitdefender blog:
www.bitdefender.com/en-us/blog/h...
Reposted by Graham Cluley
I keep having to justify why I want to go to conferences outside the USA and the simple answer is "Many of the people it would be helpful to talk to are no longer able to enter the USA"
December 10, 2025 at 7:49 AM
I keep having to justify why I want to go to conferences outside the USA and the simple answer is "Many of the people it would be helpful to talk to are no longer able to enter the USA"
A security researcher has found a vulnerability on a photo booth company’s website.
A tiny flaw... as in anyone on the internet could browse and download customers of Hama Film’s booths’ photos and videos by exploiting the simple flaw.
🤦♂️
A tiny flaw... as in anyone on the internet could browse and download customers of Hama Film’s booths’ photos and videos by exploiting the simple flaw.
🤦♂️
December 14, 2025 at 9:40 PM
A security researcher has found a vulnerability on a photo booth company’s website.
A tiny flaw... as in anyone on the internet could browse and download customers of Hama Film’s booths’ photos and videos by exploiting the simple flaw.
🤦♂️
A tiny flaw... as in anyone on the internet could browse and download customers of Hama Film’s booths’ photos and videos by exploiting the simple flaw.
🤦♂️
Agentic AI browsers introduce serious new security risks and should be blocked "for the foreseeable future." That's the opinion of a new report from analyst firm Gartner.
What do you think? Would you trust an AI browser inside your company?
www.fortra.com/blog/gartner...
What do you think? Would you trust an AI browser inside your company?
www.fortra.com/blog/gartner...
Gartner Tells Businesses to Block AI Browsers Now
Gartner has warned that Agentic AI browsers introduce serious new security risks and should be blocked "for the foreseeable future."
www.fortra.com
December 12, 2025 at 12:56 PM
Agentic AI browsers introduce serious new security risks and should be blocked "for the foreseeable future." That's the opinion of a new report from analyst firm Gartner.
What do you think? Would you trust an AI browser inside your company?
www.fortra.com/blog/gartner...
What do you think? Would you trust an AI browser inside your company?
www.fortra.com/blog/gartner...
Great to have @jennyradcliffe.bsky.social on the latest episode of the "Smashing Security" podcast!
📍 How Grok can doxx members of the public, and aid stalkers
👑 What the Louvre heist teaches us about social engineering
🧑💻 Why misconfigurations and over-privileged accounts can make M365 a nightmare
📍 How Grok can doxx members of the public, and aid stalkers
👑 What the Louvre heist teaches us about social engineering
🧑💻 Why misconfigurations and over-privileged accounts can make M365 a nightmare
Smashing Security podcast #447: Grok the stalker, the Louvre heist, and Microsoft 365 mayhem
On this week’s show we learn that AI really can be a stalker’s best friend, as we explore a strange tale that starts with a manatee-shaped mailbox on a millionaire’s lawn and ends with Grok happily…
grahamcluley.com
December 11, 2025 at 10:53 AM
Great to have @jennyradcliffe.bsky.social on the latest episode of the "Smashing Security" podcast!
📍 How Grok can doxx members of the public, and aid stalkers
👑 What the Louvre heist teaches us about social engineering
🧑💻 Why misconfigurations and over-privileged accounts can make M365 a nightmare
📍 How Grok can doxx members of the public, and aid stalkers
👑 What the Louvre heist teaches us about social engineering
🧑💻 Why misconfigurations and over-privileged accounts can make M365 a nightmare
A new report from the United States's Financial Crimes Enforcement Network (FinCEN) has shone a revealing light on the state of the criminal industry of ransomware.
The report, which examines ransomware incidents from 2022 to 2024, reveals that attackers extorted more than $2.1 billion.
The report, which examines ransomware incidents from 2022 to 2024, reveals that attackers extorted more than $2.1 billion.
December 10, 2025 at 4:20 PM
A new report from the United States's Financial Crimes Enforcement Network (FinCEN) has shone a revealing light on the state of the criminal industry of ransomware.
The report, which examines ransomware incidents from 2022 to 2024, reveals that attackers extorted more than $2.1 billion.
The report, which examines ransomware incidents from 2022 to 2024, reveals that attackers extorted more than $2.1 billion.
Remember when a notorious ransomware gang hit the Irish Health Service back in May 2021?
Four years on from one of the biggest cyber attacks in Ireland's history, and victims who had their data exposed can finally expect to receive compensation.
€750!!!
www.bitdefender.com/en-us/blog/h...
Four years on from one of the biggest cyber attacks in Ireland's history, and victims who had their data exposed can finally expect to receive compensation.
€750!!!
www.bitdefender.com/en-us/blog/h...
Four years later, Irish health service offers €750 to victims of ransomware attack
Remember when a notorious ransomware gang hit the Irish Health Service back in May 2021? Four years on, and it seems victims who had their data exposed will finally receive compensation.
www.bitdefender.com
December 10, 2025 at 1:20 PM
Remember when a notorious ransomware gang hit the Irish Health Service back in May 2021?
Four years on from one of the biggest cyber attacks in Ireland's history, and victims who had their data exposed can finally expect to receive compensation.
€750!!!
www.bitdefender.com/en-us/blog/h...
Four years on from one of the biggest cyber attacks in Ireland's history, and victims who had their data exposed can finally expect to receive compensation.
€750!!!
www.bitdefender.com/en-us/blog/h...
When you spend half a million dollars in a single night at a nightclub, purchase exotic cars worth millions, and rent mansions under false names, you are risking drawing attention to yourself...
www.bitdefender.com/en-us/blog/h...
www.bitdefender.com/en-us/blog/h...
California man admits role in $263 million cryptocurrency theft that funded lavish lifestyle
A 22-year-old from Newport Beach, California has pleaded guilty to his role in a sophisticated criminal network that stole approximately US $263 million in cryptocurrency from victims.
www.bitdefender.com
December 9, 2025 at 1:31 PM
When you spend half a million dollars in a single night at a nightclub, purchase exotic cars worth millions, and rent mansions under false names, you are risking drawing attention to yourself...
www.bitdefender.com/en-us/blog/h...
www.bitdefender.com/en-us/blog/h...
Grok - Elon Musk's AI chatbot - has been caught handing out home addresses of ordinary individuals... on demand. 
When asked, Grok was willing to provide step-by-step instructions on how to stalk these people...
Read more in my article on the Bitdefender blog: www.bitdefender.com/en-us/blog/h...
When asked, Grok was willing to provide step-by-step instructions on how to stalk these people...
Read more in my article on the Bitdefender blog: www.bitdefender.com/en-us/blog/h...
Privacy concerns raised as Grok AI found to be a stalker's best friend
Grok, the AI chatbot developed by Elon Musk's xAI, has been found to exhibit more alarming behaviour - this time revealing the home addresses of ordinary people upon request.
www.bitdefender.com
December 8, 2025 at 4:35 PM
Grok - Elon Musk's AI chatbot - has been caught handing out home addresses of ordinary individuals... on demand. 
When asked, Grok was willing to provide step-by-step instructions on how to stalk these people...
Read more in my article on the Bitdefender blog: www.bitdefender.com/en-us/blog/h...
When asked, Grok was willing to provide step-by-step instructions on how to stalk these people...
Read more in my article on the Bitdefender blog: www.bitdefender.com/en-us/blog/h...
Very sad to hear that anti-virus veteran Vesselin Bontchev has cancer.
He's posted about it up here on LinkedIn: www.linkedin.com/posts/bontch...
Or you can read his blog post where he shares his recent experiences at the hospital:
bontchev.nlcv.bas.bg/bye.html
He's posted about it up here on LinkedIn: www.linkedin.com/posts/bontch...
Or you can read his blog post where he shares his recent experiences at the hospital:
bontchev.nlcv.bas.bg/bye.html
Well, it's one of those good news/bad news moments, folks...
bontchev.nlcv.bas.bg
December 6, 2025 at 9:43 PM
Very sad to hear that anti-virus veteran Vesselin Bontchev has cancer.
He's posted about it up here on LinkedIn: www.linkedin.com/posts/bontch...
Or you can read his blog post where he shares his recent experiences at the hospital:
bontchev.nlcv.bas.bg/bye.html
He's posted about it up here on LinkedIn: www.linkedin.com/posts/bontch...
Or you can read his blog post where he shares his recent experiences at the hospital:
bontchev.nlcv.bas.bg/bye.html
🗓️ Join me on Weds December 10 for the virtual Qualys Cyber Risk Series event: "Cloud-native to AI-native".
I'll be introducing talks from experts examining how Agentic AI is redefining cloud defence - unifying visibility, risk, and response across code, apps, and multi-cloud environments
I'll be introducing talks from experts examining how Agentic AI is redefining cloud defence - unifying visibility, risk, and response across code, apps, and multi-cloud environments
December 5, 2025 at 11:37 PM
🗓️ Join me on Weds December 10 for the virtual Qualys Cyber Risk Series event: "Cloud-native to AI-native".
I'll be introducing talks from experts examining how Agentic AI is redefining cloud defence - unifying visibility, risk, and response across code, apps, and multi-cloud environments
I'll be introducing talks from experts examining how Agentic AI is redefining cloud defence - unifying visibility, risk, and response across code, apps, and multi-cloud environments
Reposted by Graham Cluley
Never a dull moment with Mister Cluley, and his Smashing Security podcast ❤️
Terrific to have @rikferguson.com join me on episode 446 of the Smashing Security podcast, where we discussed how a teenage cybercriminal's attempt to mock a sextortion scammer badly backfired, and take a crystal ball look ahead to what 2026 might have in store...
open.spotify.com/episode/0paB...
open.spotify.com/episode/0paB...
A hacker doxxes himself, and social engineering-as-a-service
open.spotify.com
December 5, 2025 at 11:04 AM
Never a dull moment with Mister Cluley, and his Smashing Security podcast ❤️
Why the record-breaking 30 Tbps DDoS attack should concern every business.
Learn more in my article on the Fortra blog: www.fortra.com/blog/why-rec...
Learn more in my article on the Fortra blog: www.fortra.com/blog/why-rec...
Why the Record-Breaking 30 Tbps DDoS Attack Should Concern Every Business
A new warning about the threat posed by Distributed Denial of Service (DDoS) attacks should make you sit up and listen.
www.fortra.com
December 4, 2025 at 5:43 PM
Why the record-breaking 30 Tbps DDoS attack should concern every business.
Learn more in my article on the Fortra blog: www.fortra.com/blog/why-rec...
Learn more in my article on the Fortra blog: www.fortra.com/blog/why-rec...
Terrific to have @rikferguson.com join me on episode 446 of the Smashing Security podcast, where we discussed how a teenage cybercriminal's attempt to mock a sextortion scammer badly backfired, and take a crystal ball look ahead to what 2026 might have in store...
open.spotify.com/episode/0paB...
open.spotify.com/episode/0paB...
A hacker doxxes himself, and social engineering-as-a-service
open.spotify.com
December 4, 2025 at 9:16 AM
Terrific to have @rikferguson.com join me on episode 446 of the Smashing Security podcast, where we discussed how a teenage cybercriminal's attempt to mock a sextortion scammer badly backfired, and take a crystal ball look ahead to what 2026 might have in store...
open.spotify.com/episode/0paB...
open.spotify.com/episode/0paB...
This would never have happened if it was still Jon Pertwee.
December 3, 2025 at 9:07 PM
This would never have happened if it was still Jon Pertwee.
The FBI has warned that since January 2025 there have been more than 5,100 complaints of account takeover fraud, and total reported losses in excess of US $262 million.
Learn what you can do about it, in my article on the Fortra blog: www.fortra.com/blog/fbi-war...
Learn what you can do about it, in my article on the Fortra blog: www.fortra.com/blog/fbi-war...
FBI Warns of Surge in Account Takeover (ATO) Fraud Schemes - What You Need To Know
The FBI has recently issued a public service announcement that warns that since January 2025 there have been more than 5,100 complaints of account takeover fraud.
www.fortra.com
December 3, 2025 at 3:40 PM
The FBI has warned that since January 2025 there have been more than 5,100 complaints of account takeover fraud, and total reported losses in excess of US $262 million.
Learn what you can do about it, in my article on the Fortra blog: www.fortra.com/blog/fbi-war...
Learn what you can do about it, in my article on the Fortra blog: www.fortra.com/blog/fbi-war...
Reposted by Graham Cluley
users with similar passwords also liked:
December 2, 2025 at 9:18 PM
users with similar passwords also liked:
Hold my beer... Asahi cyber attack spirals into massive data breach impacting almost 2 million people.
Quite the spill... 🍺
Read more in my article on the Bitdefender blog: www.bitdefender.com/en-us/blog/h...
Quite the spill... 🍺
Read more in my article on the Bitdefender blog: www.bitdefender.com/en-us/blog/h...
Asahi cyber attack spirals into massive data breach impacting almost 2 million people
Asahi Group Holdings, the makers of the popular Japanese beer Asahi Super Dry, has confirmed that the ransomware attack that disrupted its operations in late September also saw a significant data brea...
www.bitdefender.com
December 2, 2025 at 11:26 PM
Hold my beer... Asahi cyber attack spirals into massive data breach impacting almost 2 million people.
Quite the spill... 🍺
Read more in my article on the Bitdefender blog: www.bitdefender.com/en-us/blog/h...
Quite the spill... 🍺
Read more in my article on the Bitdefender blog: www.bitdefender.com/en-us/blog/h...
Great to have @danraywood.bsky.social on the "Smashing Security" podcast!
We discussed how America’s broadcasters leaving their hardware open to attack, giving hackers the chance to hijack TV shows, blast out fake emergency alerts, and even replace religious sermons with explicit furry podcasts.
We discussed how America’s broadcasters leaving their hardware open to attack, giving hackers the chance to hijack TV shows, blast out fake emergency alerts, and even replace religious sermons with explicit furry podcasts.
November 27, 2025 at 10:02 AM
Great to have @danraywood.bsky.social on the "Smashing Security" podcast!
We discussed how America’s broadcasters leaving their hardware open to attack, giving hackers the chance to hijack TV shows, blast out fake emergency alerts, and even replace religious sermons with explicit furry podcasts.
We discussed how America’s broadcasters leaving their hardware open to attack, giving hackers the chance to hijack TV shows, blast out fake emergency alerts, and even replace religious sermons with explicit furry podcasts.
Although end-to-end encryption can secure messages on their journey between two devices, and prevents snooping by anyone intercepting your communications, it doesn't prevent anyone who has access to the device itself from reading your messages.
www.bitdefender.com/en-us/blog/h...
www.bitdefender.com/en-us/blog/h...
State-backed spyware attacks are targeting Signal and WhatsApp users, CISA warns
CISA, the US Cybersecurity and Infrastructure Security Agency, has issued a new warning that cybercriminals and state-backed hacking groups are using spyware to compromise smartphones belonging to users of popular encrypted messaging apps such as Signal, WhatsApp, and Telegram.
www.bitdefender.com
November 27, 2025 at 9:54 AM
Although end-to-end encryption can secure messages on their journey between two devices, and prevents snooping by anyone intercepting your communications, it doesn't prevent anyone who has access to the device itself from reading your messages.
www.bitdefender.com/en-us/blog/h...
www.bitdefender.com/en-us/blog/h...
Shadow AI - the use of artificial intelligence tools by employees without a company's approval and oversight - is becoming a significant cybersecurity risk, with Gartner predicting 40% of global organisations having suffered security breaches by 2030.
www.fortra.com/blog/shadow-...
www.fortra.com/blog/shadow-...
Shadow AI Security Breaches will hit 40% of all Companies by 2030, Warns Gartner
Shadow AI typically does not require more than visiting a website with a browser.
www.fortra.com
November 26, 2025 at 3:23 PM
Shadow AI - the use of artificial intelligence tools by employees without a company's approval and oversight - is becoming a significant cybersecurity risk, with Gartner predicting 40% of global organisations having suffered security breaches by 2030.
www.fortra.com/blog/shadow-...
www.fortra.com/blog/shadow-...