Graham Cluley

We can no longer say that artificial intelligence is a “future risk”, lurking somewhere on a speculative threat horizon. The truth is that it is a fast-growing cybersecurity risk that organizations are facing today. That’s not just my opinion, that’s also the message that comes loud and clear from the World Economic Forum’s newly-published “Global Cybersecurity Outlook 2026.” Read more in my article on the Fortra blog.

Confusion reigns after claims that data linked to 17.5 million Instagram accounts is up for sale – sparked by a vague post, contradictory statements, and a flood of password reset emails nobody asked for. And we dig into Grok, Elon Musk’s AI chatbot, after it started generating sexualised images of women and children – raising uncomfortable questions about guardrails, accountability, and why playing the censorship card doesn’t make the problem go away. All this, and much more, in episode 450 of the “Smashing Security” podcast with Graham Cluley, and special guest Monica Verma.

In episode 83 of The AI Fix, Graham reveals he’s taken up lying to LLMs, and shows how a journalist exposed AI bluffers with a made-up idiom. Meanwhile Mark invents a “Godwin’s Law” for AI, and explains how to ruin any LLM with humus. Also in this episode, a marriage is declared invalid thanks to ChatGPT, an AI barman looks for a job in a quiet pub, OpenAI finally unveils ChatGPT Health, and why news of the death of Stack Overflow may be greatly exaggerated. All this and much more is discussed in the latest edition of “The AI Fix” podcast by Graham Cluley and Mark Stockley.

Have you ever stolen data, traded a hacking tool, or just lurked on a dark web forum believing that you are anonymous? If so, I might have some unsettling news for you. Read more in my article on the Hot for Security blog.

The founder of a spyware company that encouraged customers to secretly monitor their romantic partners has pleaded guilty to federal charges – marking one of the few successful US prosecutions of a stalkerware operator. Read more in my article on the Hot for Security blog.

Romance scammers have apparently discovered astrology… and Taurus is their secret weapon. In episode 449 of “Smashing Security”, we take a look inside an actual romance-fraud handbook – complete with scripts, personality “types”, corporate jargon, and a seven-day plan to get victims from hello to hand over the crypto. Then Lesley “hacks4pancakes” Carhart delivers a reality check on the dire cybersecurity jobs market for juniors: why entry-level roles are evaporating, how automated CV screening is chewing candidates up, and what hopeful newcomers (and weary veterans) can do about it. Plus, Graham talks to ThreatLocker CEO Danny Jenkins about why misconfigurations are behind an uncomfortable number of breaches, how default-deny security actually works in practice, and why detecting attacks after they’ve started is already too late.

Police in India have arrested a former Coinbase customer service agent who is believed to have been bribed by cybercriminal gangs to access sensitive customer information. Read more in my article on the Hot for Security blog.

Is Santa Claus real? This Christmas special of The AI Fix podcast sets out to answer that question in the most sensible way possible: by consulting chatbots, Google’s festive killjoys, and the laws of relativistic physics. Your hosts unwrap a festive grab-bag of AI absurdity as Waymo self-driving taxis run over a beloved San Francisco cat, then stage several fresh PR disasters by refusing to cross bridges, block holiday parades, and apparently chauffeur a man hiding in the trunk. Meanwhile, Microsoft’s Copilot struggles to find anyone who actually wants to use it, while new research suggests the programmers of the future won’t need coding skills at all – just the ability to psychologically profile an AI. All this and much more is discussed in the latest edition of “The AI Fix” podcast by Graham Cluley and Mark Stockley.

Think your Kindle is harmless? Think again! In this episode, we unpack a Black Hat Europe talk revealing how a boobytrapped audiobook could exploit the Amazon eBook reader – potentially letting an attacker break into your account and seize control of your credit card. Plus a blast from 2021’s “summer of ransomware” returns to haunt Ireland’s Health Service Executive, as victims are offered €750 each. And because it’s the last show before the Christmas break, there’s also a Pick of the Week that veers from cosy rom-com comfort to pointy-polygon nostalgia. All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast with computer security veteran Graham Cluley, joined this week by special guest Danny Palmer.

If you’re planning a cruise for your holidays, and cannot bear the idea of being parted from your Ray-Ban Meta smart glasses, you may want to avoid sailing with MSC Cruises. The cruise line has updated its list of prohibited items, specifically banning smart glasses and similar wearable devices from public areas. Read more in my article on the Hot for Security blog.

In episode 81 of The AI Fix, Graham discovers that deepfakes are already marking your kids’ homework, while Mark glimpses the future when he discovers AI agents that can communicate by reading each other’s minds. Also in this episode, a Chinese robot called Miro U proves six arms are better than two; Mark discovers a well known prompting technique doesn’t work unless you want to make your AI dumber; Network Rail delays 32 trains because of an AI photo of a wonky bridge; and our hosts ponder the explosion of progress on the ARC-AGI-2 reasoning benchmark. All this and much more is discussed in the latest edition of “The AI Fix” podcast by Graham Cluley and Mark Stockley.

A 49-year-old man has received a five-and-a-half year jail sentence after admitting to creating detailed video tutorials that showed members of a criminal gang how to infect Android phones with spyware and drain their bank accounts. Read more in my article on the Hot for Security blog.

Analyst firm Gartner has issued a blunt warning to organizations: Agentic AI browsers introduce serious new security risks and should be blocked “for the foreseeable future.” Read more in my article on the Fortra blog.

On this week’s show we learn that AI really can be a stalker’s best friend, as we explore a strange tale that starts with a manatee-shaped mailbox on a millionaire’s lawn and ends with Grok happily doxxing real people, mapping out stalking “strategies,” and handing out revenge-porn tips. Then we go inside the Louvre heist, where thieves in hi-vis and a hire van waltzed off with the French crown jewels in broad daylight, exploiting our assumptions about what “looks normal” – the same kind of bias we’re now baking into security AIs. Plus, Graham chats with Rob Edmondson from CoreView about why misconfigurations and over-privileged accounts can make Microsoft 365 dangerously vulnerable. All this, and more, in episode 447 of the “Smashing Security” podcast with Graham Cluley, and special guest Jenny Radcliffe.

A new report from the United States’s Financial Crimes Enforcement Network (FinCEN) has shone a revealing light on the state of the criminal industry of ransomware. The report, which examines ransomware incidents from 2022 to 2024, reveals that attackers extorted more than $2.1 billion over the three-year period. Yes, that number is enormous – but it hides a more interesting story beneath it: that after peaking in 2023, ransomware payments actually started to decline. Read more in my article on the Fortra blog.

Remember when a notorious ransomware gang hit the Irish Health Service back in May 2021? Four years on, and it seems victims who had their data exposed will finally receive compensation. Read more in my article on the Hot for Security blog.

When you spend half a million dollars in a single night at a nightclub, purchase exotic cars worth millions, and rent mansions under false names, you are risking drawing attention to yourself… Read more in my article on the Hot for Security blog.

In episode 80 of The AI Fix, your hosts look at DeepSeek 3.2 “Speciale”, the bargain-basement model that claims GPT-5-level brains at 10% of the price, Jensen Huang’s reassuring vision of a robot fashion industry, and a 75kg T-800 style humanoid that can do flying kicks because robot-marketing departments have clearly learned nothing from Terminator. Meanwhile in Miami, flesh-coloured robot dogs with hyper-realistic billionaire heads wander around pooping NFT “excrement samples” out of their rear ends. Plus – Graham tells a cautionary tale of Google’s Antigravity IDE enthusiastically “clearing the cache” – and asks what happens when we hand real power to agentic AIs. And Mark digs into new research that suggests LLMs perform better when you’re rude to them, and wonders what it says about the fragile, deeply weird way these systems actually work. All this and much more is discussed in the latest edition of “The AI Fix” podcast by Graham Cluley and Mark Stockley.

Grok, the AI chatbot developed by Elon Musk’s xAI, has been found to exhibit more alarming behaviour – this time revealing the home addresses of ordinary people upon request. Read more in my article on the Hot for Security blog.

A new warning about the threat posed by Distributed Denial of Service (DDoS) attacks should make you sit up and listen. Read more in my article on the Fortra blog.