Episode Details

A developer at an AI startup wanted to cheat at Roblox. They downloaded a dodgy script on their work laptop. That one decision triggered a cascade of failures that ended with a $2 million data breach affecting hundreds of thousands of organisations. All for some free in-game currency.

Meanwhile, there's a 1980s phone protocol called SS7 that lets shadowy surveillance companies track anyone, anywhere, via their mobile phone. Governments know about it. Telecoms know about it. Nobody's fixing it.

All this and more in episode 465 of the "Smashing Security" podcast with cybersecurity keynote speaker and industry veteran Graham Cluley, joined this week by special guest James Ball.

Plus! Don't miss our featured interview with Rob Edmondson of CoreView, discussing how to lock down Microsoft 365 before it's too late.

EPISODE LINKS:

• Burglar alarm biz gets burgled, ShinyHunters pursues ransom - The Register.
• Ransomware negotiator pleads guilty after leaking victims' insurance details to 'BlackCat' hackers - Tom’s Hardware.
• Grok tells researchers pretending to be delusional ‘drive an iron nail through the mirror while reciting Psalm 91 backwards’ - The Guardian.
• Vercel April 2026 security incident - Vercel.
• App host Vercel says it was hacked and customer data stolen - TechCrunch.
• Vercel Breach Tied to Context AI Hack Exposes Limited Customer Credentials - Hacker News.
• Sorry for the Nazi spam from my Twitter account - Graham Cluley.
• Bad Connection: Uncovering Global Telecom Exploitation by Covert Surveillance Actors - Citizen Lab.
• Surveillance vendors caught abusing access to telcos to track people's phone locations, researchers say - TechCrunch.
• The rapid rise of phone surveillance firms - The Bureau of Investigative Journalism.
• Please shut up about your Spotify Wrapped - The New World.
• Think For Yourself - Beatles Song Identification Game.
• Nodes: Free Connection Puzzle & Vertex Game Alternative.
• Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

SPONSORS:

• Elastic – AI is transforming security operations, but security is still a data problem. L