A developer at an AI startup wanted to cheat at Roblox. They downloaded a dodgy script on their work laptop. That one decision triggered a cascade of failures that ended with a $2 million data breach affecting hundreds of thousands of organisations. All for some free in-game currency.

Meanwhile, there’s a 1980s phone protocol called SS7 that lets shadowy surveillance companies track anyone, anywhere, via their mobile phone. Governments know about it. Telecoms know about it. Nobody’s fixing it.

All this and more in episode 465 of the “Smashing Security” podcast with cybersecurity keynote speaker and industry veteran Graham Cluley, joined this week by special guest James Ball.

Plus! Don’t miss our featured interview with Rob Edmondson of CoreView, discussing how to lock down Microsoft 365 before it’s too late.

[Episode 465 not found in RSS feed.]

Host:

Graham Cluley:

Guest:

James Ball:

Episode links:

• Burglar alarm biz gets burgled, ShinyHunters pursues ransom – The Register.
• Ransomware negotiator pleads guilty after leaking victims’ insurance details to ‘BlackCat’ hackers – Tom’s Hardware.
• Grok tells researchers pretending to be delusional ‘drive an iron nail through the mirror while reciting Psalm 91 backwards’ – The Guardian.
• Vercel April 2026 security incident – Vercel.
• App host Vercel says it was hacked and customer data stolen – TechCrunch.
• Vercel Breach Tied to Context AI Hack Exposes Limited Customer Credentials – Hacker News.
• Sorry for the Nazi spam from my Twitter account – Graham Cluley.
• Bad Connection: Uncovering Global Telecom Exploitation by Covert Surveillance Actors – Citizen Lab.
• Surveillance vendors caught abusing access to telcos to track people’s phone locations, researchers say – TechCrunch.
• The rapid rise of phone surveillance firms – The Bureau of Investigative Journalism.
• Please shut up about your Spotify Wrapped – The New World.
• Think For Yourself – Beatles Song Identification Game.
• Nodes: Free Connection Puzzle & Vertex Game Alternative.
• Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Sponsored by:

• Elastic – AI is transforming security operations, but security is still a data problem. Learn how context-rich data drives faster, more reliable defence.
• Vanta – Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get $1000 off!
• Coreview – Download “Total Tenant Takeover”, a white paper about the Microsoft 365 Disaster No One Is Ready For.

Support the show:

You can help the podcast by telling your friends and colleagues about “Smashing Security”, and leaving us a review on Apple Podcasts or Podchaser.

Join Smashing Security PLUS for ad-free episodes and our early-release feed!

Follow us:

Follow the show on Bluesky, or join us on the Smashing Security subreddit, or visit our website for more episodes.

Thanks:

Theme tune: “Vinyl Memories” by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.

---