Graham Cluley

Will you be shedding a tear for the cybercriminals? Read more in my article on the Tripwire blog.

QR codes are being weaponised by scammers — so maybe think twice before scanning that parking meter. And in a blunder so dumb it makes autocorrect look smart, the White House explains how it leaked war plans on Signal because an iPhone mistook a journalist for a government insider. Plus! Don’t miss our featured interview with Josh Donelson of Material and Tony Albano of Google, about detection and response in today’s AI-driven world. All this and more is discussed in the latest edition of the “Smashing Security” podcast by cybersecurity veterans Graham Cluley and Carole Theriault.

In episode 45 of The AI Fix, our hosts discover that ChatGPT is running the world, Mark learns that mattress companies have scientists, Gen Z has nightmares about AI, OpenAI gets a bag, Graham eats too many cheese sandwiches, and too much training makes AIs over-sensitive. Mark reveals why he’s got beef with cows, GPT-4.5 beats the Turing test, and Anthropic’s brain scanner reveals how AIs really think. All this and much more is discussed in the latest edition of “The AI Fix” podcast by Graham Cluley and Mark Stockley.

Internet users in Romania are finding their social media posts and online news articles bombarded with comments promoting blatant propaganda, inciting hatred towards the EU and NATO, and support for Vladimir Putin’s Russia. Read more in my article on the Hot for Security blog.

A Florida man, linked to the notorious Scattered Spider hacking gang, has pleaded guilty to charges related to cryptocurrency thefts which have netted hundreds of thousands of dollars. Read more in my article on the Hot for Security blog.

HellCat – the ransomware gang that has been known to demand payment… in baguettes! Are they rolling in the dough? Bread it and weep in my article on the Tripwire State of Security blog.

Renowned cybersecurity expert Troy Hunt falls victim to a phishing attack, resulting in the exposure of thousands of subscriber details, and don’t lose your life savings in a whisky scam… All this and more is discussed in the latest edition of the “Smashing Security” podcast by cybersecurity veterans Graham Cluley and Carole Theriault. Plus! Don’t miss our featured interview with Alastair Paterson, CEO and co-founder of Harmonic Security, discussing how companies can adopt Generative AI without putting their sensitive data at risk.

In episode 44 of The AI Fix, ChatGPT won’t build a crystal meth lab, GPT-4o improves the show’s podcast art, some students manage to screw in a lightbulb, Google releases Gemini 2.5 Pro Experimental and nobody notices, and Mark invents a clock for measuring AI time. Graham explains how ChatGPT’s love for Young Adult fiction can be used to turn it into an evil malware developer, and Mark looks at the ARC-AGI-2 benchmark and a staggering leap forward in AI intelligence. All this and much more is discussed in the latest edition of “The AI Fix” podcast by Graham Cluley and Mark Stockley.

A new security issue is putting WordPress-powered websites at risk. Hackers are abusing the “Must-Use” plugins (MU-plugins) feature to hide malicious code and maintain long-term access on hacked websites. Read more in my article on the Hot for Security blog.

A UK firm has been hit by a £3.07 million fine after being hit by a ransomware attack that exposed sensitive data related to almost 80,000 people, and disrupted NHS services. Read more in my article on the Exponential-e blog.

First reported earlier in March 2025, VanHelsing is a new ransomware-as-a-service operation. Read more in my article on the Tripwire State of Security blog.

According to some reports, Kuala Lumpur International Airport had to resort to using whiteboards to communicate with passengers. Read more in my article on the Hot for Security blog.

A YouTuber has unleashed an innovative AI bot army to disrupt and outwit the world of online scammers, and a New York Times investigation looks into the intricate web of global money laundering. All this and more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault.

In episode 43 of The AI Fix, our hosts discover a robot that isn’t terrifying, a newspaper shuns journalists in favour of AI, Graham watches a robot dog learn to stand, an AI computer programmer develops a familiar attitude, and New York tries to stop its humans arming their robots. Graham worries about AI vomit, a Norwegian man is falsely accused of murder by ChatGPT, and Mark looks at why we’re suddenly surrounded by news about robots. All this and much more is discussed in the latest edition of “The AI Fix” podcast by Graham Cluley and Mark Stockley.

BlackLock has become a big deal, very quickly. It has been predicted to be one of the biggest ransomware-as-a-service operations of 2025. Read more in my article on the Tripwire State of Security blog.

In episode 409 of the “Smashing Security” podcast, we uncover the curious case of the Chinese cyber-attack on Littleton’s Electric Light Company, and a California landlord’s hidden camera scandal. Find out about this, and more, in the latest edition of the “Smashing Security” podcast by cybersecurity veterans Graham Cluley and Carole Theriault.

A security researcher has discovered that the websites of over 100 car dealerships have been compromised in a supply-chain attack that attempted to infect the PCs of internet visitors. Read more in my article on the Hot for Security blog.

In episode 42 of the AI Fix, our hosts discover why ads for the Neo Gamma robot are so sinister, Graham plays peek-a-boo with a crow, humans give up writing, an AI designs a drug, an upstart AI agent gets everyone’s attention, and a talking fish offers our hosts some sage advice. Graham wonders if AIs have feelings, and Mark introduces Graham to the reversal curse and explains why AIs don’t know what happened. All this and much more is discussed in the latest edition of “The AI Fix” podcast by Graham Cluley and Mark Stockley.

An ingenious phishing scam is targeting cryptocurrency investors, by posing as a mandatory wallet migration. Read more in my article on the Hot for Security blog.

Whether you’re downloading a video from YouTube or converting a Word document into a PDF file, there’s a chance that you might be unwittingly handing control of your PC straight into the hands of cybercriminals. Read more in my article on the Hot for Security blog.