This week...A secret camera was found in a ceiling tile inside a UK government building. Not just any building. The one that signed off on China's new mega-embassy in London. Nobody knows who put it there. Nobody knows how long it had been recording. Nobody knows what conversations were picked up in the corridors outside meeting rooms. At this point, as one MP put it, you have to assume everything was compromised.

ShinyHunters have been busy again. They used an Oracle zero-day so severe it scored 9.8 out of 10 to breach the University of Nottingham and over 100 other organisations, two thirds of them universities, before Oracle had even issued an advisory. The Nottingham data includes passport numbers, National Insurance numbers, disability information and financial records for 455,000 students and alumni. The data is already public.

And someone worked out that you can post a completely fabricated data breach notice to Maine's official government portal and it goes live instantly, no verification, no checks. The Register reported one as fact. The company named had never been breached.

All of that and a whole bunch more on this week's The Awareness Angle

Watch or listen to the episode today - YouTube | Spotify | Apple Podcasts

Visit riskycreative.com for past episodes, our blog, and our merch.

Click the image above to watch those heads move on YouTube!

Official Media Partner of the SANS Security Awareness & Culture Summit 2026

See Ant in person in Las Vegas. (He's not performing on the strip, no one needs to see that)

Risky Creative is the official media partner of the SANS Workforce Security & Risk Training Security Awareness Summit in Las Vegas this August.

Ant will be there in person across both days - streaming live conversations, interviewing practitioners on the floor, and giving remote attendees access to what's happening at the summit in a way that hasn't really been done before. Last year he did some interviews. This year it's going to be bigger. We want to hear from the people in the room - what they're working on, what's changing in their programmes, what they're taking away.

If you're attending remotely and want to get your voice into the summit floor, there'll be an opportunity for that too. More details coming very soon.

More details on the SANS Summit is here

Breach of the Week

ShinyHunters Breach University of Nottingham via Oracle Zero-Day

Watch | Read

The University of Nottingham confirmed on 10 June that ShinyHunters accessed a significant amount of data from its student record system. Have I Been Pwned flagged around 455,000 unique email addresses from the leaked dataset. The stolen data includes names, home addresses, phone numbers, dates of birth, course information, university IDs, National Insurance numbers, ethnicity, disability information, passport numbers and financial records. Nottingham reportedly refused to pay. The data is now publicly available in a 19GB archive. The breach also affected the university's campuses in Malaysia and China.

This wasn't a one-off. ShinyHunters used the same Oracle PeopleSoft vulnerability, rated 9.8 out of 10 for severity, to hit over 100 organisations across approximately 300 servers before Oracle had even issued a security advisory. Around two thirds of the victims were universities. Google's Mandiant team confirmed the campaign and has been notifying affected organisations directly.

If you or anyone you know studied at Nottingham, check haveibeenpwned.com now. And bear in mind this data does not expire. National Insurance numbers and passport numbers do not change. What was leaked this week will still be usable for fraud in five years.

• Check Have I Been Pwned now - If you or anyone you know studied at Nottingham, go to haveibeenpwned.com and enter your email address. It takes ten seconds and will tell you whether your details appeared in this breach.
• This data does not expire - People assume a breach stops being dangerous once the news cycle moves on. It does not. National Insurance numbers, passport numbers and dates of birth do not change. The data leaked this week will still be usable for fraud in five years.
• Universities hold far more about you than you probably realise - Your bank knows your finances. Your GP knows your health. But your university often holds both, plus your home address, your disability status, your ethnicity, your immigration status and your payment history. That makes them a very attractive target.

This week's stories...

Hidden Camera Found in the Whitehall Building That Approved China's Mega-Embassy

Watch | Read

A hidden camera was found in a ceiling tile at 2 Marsham Street in London, the building that houses the Home Office and the Ministry of Housing, Communities and Local Government. It is also the building that approved China's new mega-embassy at the former Royal Mint site in east London, which is what makes this one so hard to shake. The device was in a communal area. No link to any foreign state has been established. And nobody knows who put it there, how long it had been recording, or what it captured.

Luke made the point on the episode that you don't really think about physical devices being planted outside of a movie, and he is right, it does feel very Hollywood. But Ant picked up on the detail that really matters here, which is that this camera was in a ceiling tile. It was not tucked behind a plant pot as an afterthought. Somebody installed it. And while a communal area sounds harmless enough, think about what actually gets said in those spaces. People come out of a meeting and immediately start talking about how it went, whether the other side is going to bite, what they really thought. Loose lips sink ships, as the old wartime line goes. The unguarded stuff said in the corridor is often more revealing than anything in the meeting itself. The Shadow Chancellor has called for a full investigation, and as he put it, we urgently need to know who was responsible, how long the device was there, and whether anything sensitive was compromised. Right now the honest answer to all three is that nobody knows.

• Physical surveillance is real and it does not look like a hacker - A camera in a ceiling tile can sit there for weeks or months quietly capturing conversations, faces, keycards and whatever is on screen, and nobody has to type a single line of code.
• Communal areas are the weak spot - They feel low risk, so they are the first thing overlooked in a security sweep. That is exactly what makes them valuable to whoever planted this.
• No link established does not mean no risk - That phrase is doing a lot of work. It means nothing has been confirmed yet, not that there is nothing there to find.

Someone Filed Fake Data Breach Notices on Maine's Official Portal. Nobody Checked.

Watch | Read

Maine's breach notification portal is the most cited public breach database in the US, mostly because Maine has some of the strictest notification laws in the country. If you have listened to the show for a while, you will have heard Ant and Luke reference it almost every time a US breach comes up. The natural assumption is that when something lands on there, it has been checked. It hasn't. Anyone can fill in the form, and it goes live straight away.

Two completely made-up filings appeared this week. The first claimed VRChat had been breached and 2.4 million users' data was exposed, and it came complete with a named employee and a tidy little incident timeline. The Register, which is about as trusted and long-standing as cybersecurity publications get, ran it as fact. As Ant said on the episode, that is the real power of this portal. When you see something there, you believe it. VRChat later confirmed the named employee does not even exist and no breach ever happened. The second filing claimed Discord had been hit, affecting 10 million people, and this one was held together with a Gmail address for contact, a placeholder phone number, and a notification date of January 1st, 2000. Ant summed it up nicely: this is not an AI hallucination, this is someone who sat down and deliberately filled it in, knowing full well it would publish instantly and that the press would pick it up before anyone thought to pick up the phone.

• Official looking does not mean verified - Government portals carry a built-in sense of authority. The information on them is only ever as trustworthy as the process behind it, and here there basically wasn't one.
• If you hear about a breach affecting a service you use, go to the source first - A quick check on the company's own website would have debunked both of these in seconds. One email to VRChat or Discord and the whole thing falls apart.
• Misinformation about breaches is its own kind of attack - You can wreck a company's reputation, spook millions of users and get yourself into the headlines without ever touching a single system.

Google Chrome Is Killing Ad Blockers. The FBI Says You Need One.

Watch | Read

Chrome versions 150 and 151 strip out the last of the support for the extension system that uBlock Origin runs on. uBlock Origin is the best free ad blocker out there, and the thing worth understanding is that it does far more than hide adverts. It blocks trackers, malicious scripts, and a lot of the machinery used to push phishing pages and malware straight into your browser.

Back in December 2022, the FBI put out a public service announcement warning that criminals were impersonating brands through search engine ads to rip people off, and one of their actual recommendations was to use an ad blocking extension when searching the web. Ant flagged on the episode that we are now three and a half years on from that advice and the exact same scam is still running, which makes Chrome pulling ad blockers feel especially backwards. He also mentioned that his own business runs managed Chrome with a blocker built in, and that safety net is now going away for them like it is for everyone else. The way he put it stuck with us: Google have taken away the protection while also being the reason you needed it in the first place. He had a go at a seatbelt analogy, decided halfway through it was a terrible one, and moved on. It honestly wasn't that bad.

Brave and Firefox are both going to keep uBlock Origin working, so if Chrome is your browser, now is a good moment to think about switching. The one catch Ant flagged is that Riverside, the tool the show is recorded on, only runs in Chrome, so he is stuck there for the time being. Most people are not, so there is nothing stopping you making the move.

• The FBI literally recommended ad blockers - Their 2022 advisory listed using one as a way to protect yourself from criminals impersonating brands in search results. That guidance still stands, and Chrome removing the tool runs straight against it.
• Malicious ads are a real and very common way in - Criminals pay to place adverts in Google search that look identical to the real result. Without a blocker, those ads load and people click them, and it happens all the time.
• uBlock Origin Lite is not the same thing - There is a cut-down version called Lite that still works in Chrome, but its blocking is significantly weaker than the original. If you want the full version, you need a browser that still supports it, which means Firefox or Brave.

ServiceNow Admits Security Incident After Customer Data Was Accessed

Watch | Read

ServiceNow is one of those platforms most people have never heard of but plenty of large organisations quietly run in the background for IT, HR and internal records. A misconfigured endpoint let unauthenticated users reach customer data they should never have been able to see. The part that raised eyebrows on the episode is the allegation that ServiceNow knew about the flaw back in April and, when a customer flagged it, support suggested closing the ticket and not worrying about it. If your employer uses ServiceNow, your data may have been sitting exposed for two months before anyone acted.

The FIFA World Cup Kicked Off This Week. So Did the Scammers.

Watch | Read

Following on from last week, more than 10,000 World Cup themed malicious domains have now been registered since January, which makes the 30 figure quoted last week look rather quaint. Fake ticket sites, dodgy streaming links and scam merchandise stores are doing the rounds on WhatsApp, Telegram and Discord. Worth remembering that in the UK every match is free to air on BBC and ITV, so there is genuinely no reason to go near an illegal stream. And with fans travelling to unfamiliar places, QR codes are the one to watch, because nobody knows what normal looks like in a city they have never been to.

A Disgruntled Researcher Published Their Eighth Windows Zero-Day. This One Bypasses BitLocker.

Watch | Read

A researcher going by Nightmare Eclipse has dropped a BitLocker bypass called GreatXML, which lets anyone with physical access to a machine get past the encryption entirely, as long as that machine has ever run a Microsoft Defender offline scan. The code is sitting on GitHub right now. What makes this one different is the motive: the researcher says it is deliberate retaliation against Microsoft for mishandling their previous disclosures, claiming the company left them homeless. Ant's instinct on the episode was the obvious one, why hasn't Microsoft just hired this person. The usual reassurance that BitLocker keeps a stolen laptop safe does not fully hold anymore until this gets patched.

Met Police Wants Apple and Samsung to Make Stolen Phones Useless

Watch | Read

This one came onto Ant's radar through a LinkedIn post from Joe Tidy, the BBC's cyber correspondent and author of Ctrl+Alt+Chaos, who had been digging into the stolen device protections built into modern phones while researching the story and admitted he was genuinely impressed by how much is in there. The story itself is about the Met giving Apple, Google and Samsung a deadline to make stolen handsets genuinely unusable, that deadline passing, and the force now pushing the government for legislation. The numbers are stark: roughly 75% of phones stolen in London are shipped abroad, and of nearly 590,000 stolen between 2017 and 2024, under 14,000 ever made it back. Ant's takeaway echoed Joe's, that there is already a lot of protection sitting in both iPhone and Android, most people just have not switched it on. If you have an iPhone, Stolen Device Protection lives in Settings under Face ID & Passcode, and it is worth enabling today rather than the day after you get robbed.

Security Socials

Police Used ChatGPT to "Enhance" a Suspect Photo. It Made Up a Whole New Face

ChatGPT does not have the same skills as Deckard's Esper machine!

Watch | Read

Green Cove Springs Police Department in Florida put out an appeal asking the public to help identify a man who took a bicycle from a library bike rack. Reasonable enough, except the photo they shared was not the actual CCTV footage. It was a still that someone had run through ChatGPT to "enhance," and the result was a confident, sharp, completely different human being. Ant has tried this exact trick on a grainy photo of his own son and ended up with what looked like a 48 year old man rather than a nine year old boy, so he knew immediately what had happened. The comments did the rest of the work, with one person gently pointing out that the original was already low quality because someone had photographed the footage off a monitor rather than just exporting a frame from the video. This isn't Blade Runner. You cannot just say "enhance" and conjure detail that was never captured in the first place.

To their credit, the department listened. They later posted an update removing the AI image, explaining that making a positive identification using AI was never the intent and that they had simply been following suggestions from a previous appeal about using AI to clean up photos. They have gone back to the original footage, which is exactly where they should have started. The bike had a blue and black frame, the theft happened at the Green Cove Springs library on 26 May, and if you somehow know anything about a bicycle in Florida, they would still like to hear from you.

Solo episode from Ant this week. Luke's back next week, but there was too much going on to wait.

We've got London phone thieves who aren't just stealing your iPhone anymore - they're coming after your family too. A fake UK visa website that left 100,000 passports in an open folder online. A criminal group physically walking into law firms dressed as IT support. California suing 23andMe over what happened after the breach, not just the breach itself. A ChatGPT vulnerability that lets attackers hide phishing links inside your AI responses. And researchers who hid commands inside audio that your AI assistant can hear but you can't.

Also, if you're at Infosecurity Europe at ExCeL, London this week, Ant will be there on Wednesday. Get in touch and say hello.

All of that is in this weeks The Awareness Angle!

Watch or listen to the episode today - YouTube | Spotify | Apple Podcasts

Visit riskycreative.com for past episodes, our blog, and our merch.

Click the piccy above to watch Ant talk to himself for 45 minutes!

BIG ANNOUNCMENT

Official Media Partner of the SANS Security Awareness & Culture Summit 2026

Well, this is going to be great!

Risky Creative is the official media partner of the SANS Workforce Security & Risk Training Security Awareness Summit in Las Vegas this August.

Ant will be there in person across both days - streaming live conversations, interviewing practitioners on the floor, and giving remote attendees access to what's happening at the summit in a way that hasn't really been done before. Last year he did some interviews. This year it's going to be bigger. We want to hear from the people in the room - what they're working on, what's changing in their programmes, what they're taking away.

If you're attending remotely and want to get your voice into the summit floor, there'll be an opportunity for that too. More details coming very soon.

More details on the SANS Summit is here

Breach of the Week

UK Visa Portal Leaks 100,000 Passports and Selfies

Someone built a third-party website to help people apply for UK travel authorisations. The problem is they stored everything users uploaded - full passport pages, identity selfies, home addresses, phone numbers - in a cloud storage folder with no password and a predictable web address. Anyone who knew the URL pattern could browse the contents.

What makes this one sting a bit more than usual is that the people caught up in it weren't being reckless. They were trying to navigate a government process and ended up on the wrong site. The most sensitive documents they own, handed over in good faith, left sitting in the open. As of 26 May the folder was still accessible.

UK Visa Portal is not the official UK government service. For anything involving government applications or travel documents, always start at gov[.]uk and work from there.

If you've used UK Visa Portal: keep an eye on your credit accounts and watch out for phishing emails about travel or passport renewals. They may not be real.

Watch on YouTube: https://youtu.be/iAZnb9A1PxQ?t=165 Read: https://www.techradar.com/pro/security/uk-visa-portal-website-leaks-thousands-of-user-passport-data-and-photos-online

This week's stories

London iPhone Theft - They're Now Coming After Your Family Too

Phone theft in London has evolved into a two-stage attack. Stage one is the physical grab. Stage two is the follow-up - victims and their families start getting threatening texts demanding the original owner removes the Apple ID from the device. Without that, a stolen iPhone can't be wiped or resold. So thieves are turning the victim into part of the attack.

We covered this a couple of episodes ago when someone shared their experience on Reddit. This week it made the New York Times. The Met Police gave Apple a deadline of 1 June to make stolen devices permanently unusable. That deadline is today.

In the episode I talk through a few practical things you can do right now - including one setting in the Find My app that most people don't know is handing thieves their contact details on a plate.

Awareness Angles:

• Don't leave your phone number in Lost Mode - put an email address there instead
• Threatening texts after theft are part of the attack - ignore them, block the number
• A strong passcode and short auto-lock timer is your best practical defence

Watch | Read

23andMe - California Sues Over the Cover-Up, Not Just the Breach

We've covered the 23andMe breach before. This week California AG Rob Bonta filed a lawsuit against the company - now rebranded as Chrome Holding Co after filing for bankruptcy - and the focus isn't the breach itself. It's what came after.

The allegation is that while 23andMe was secretly negotiating with and paying the hacker to keep quiet, it was publicly telling customers there was no security incident. The attacker specifically targeted customers of Chinese and Ashkenazi Jewish ancestry. 23andMe didn't tell those customers their data was being sold on the dark web.

And then there's the bankruptcy fire sale. Fifteen million DNA profiles sitting in an auction. Health predispositions, ancestry, ethnicity, biological relatives. Data that can't be changed, doesn't expire, and implicates family members who never signed up for anything. Twenty-seven state AGs are fighting to block the sale. It isn't resolved yet.

In the episode I talk about why this one is different from most breach stories, and why paying a ransom to make a problem go away almost never actually makes it go away.

Awareness Angles:

• If you used 23andMe, request deletion of your data now through their website - do it before any sale completes
• Paying a ransom doesn't mean the data is gone - it means the attacker has been paid once
• DNA data is unlike any other data you've handed over - you can cancel a credit card, you can't cancel your DNA

Watch | Read

ChatGPhish - Attackers Hiding Phishing Links Inside ChatGPT

Researchers at Permiso found a browser-based attack that turns ChatGPT's page summarisation feature into a phishing delivery surface. If an attacker has hidden instructions inside a webpage and you ask ChatGPT to summarise it, those instructions get processed. What comes back can include fake links, spoofed security alerts, and QR codes that point to attacker infrastructure - all looking completely native to ChatGPT.

The QR code angle is the bit that really sticks. Every layer of desktop protection - hovering over links, browser blocklists, password manager domain checks - is bypassed the moment you scan a QR code on your phone. The destination only reveals itself on a second device.

Reported to OpenAI in April. Told it couldn't be reproduced. Resubmitted with full proof of concept. Marked as a duplicate of a known issue. Still unfixed.

Awareness Angles:

• What you see in a ChatGPT response isn't necessarily from ChatGPT - if it's summarising web content, that content can be manipulated
• Treat unexpected links and alerts inside AI responses with the same scepticism you'd apply to email
• QR codes skip every safety check your desktop has - pause before scanning anything unexpected

Watch | Read

Silent Ransom Group - Criminals Walking Into Law Firm Offices

The Silent Ransom Group has been targeting US law firms since 2023. The FBI issued a FLASH alert this week - their second warning about this group in twelve months and first at FLASH severity. More than 38 firms have had data posted on SRG's public leak site, with researchers estimating over a hundred attacks in total.

The attack starts with phishing or phone calls posing as IT support. If that fails, they send someone in person. A person turns up at reception, says they're from IT, says they need to image a device or run a backup after a phishing attempt, plugs in a USB drive, and walks out.

What makes it so hard to catch is what it doesn't do. No encryption. No alerts. Your systems keep running normally. The first sign something has gone wrong is a ransom email - or worse, a client calling to ask why their data is on a public website.

In the episode I talk about why IT support is the new high-vis jacket, and what happened at a previous employer of mine that made me realise just how easy this kind of thing is to pull off.

Awareness Angles:

• IT support showing up unannounced should always be verified - call back on a number you find yourself, not one they give you
• No encryption doesn't mean no threat - data theft with no lockout is invisible until the extortion starts
• Every organisation needs a clear process for how IT support proves who they are

Watch | Read

AudioHijack - The AI Commands Hidden in Sounds You Can't Hear

Research presented at the IEEE Symposium on Security and Privacy this week showed that attackers can embed completely inaudible instructions into any audio - music, podcasts, YouTube videos, Zoom calls - and AI voice assistants will process those hidden instructions as legitimate commands. You hear nothing. The AI hears everything.

The Zoom scenario is the one to sit with. An employee joins a call with background music playing. Hidden inside is a command targeting the AI meeting transcriber. While everyone discusses quarterly results, the transcriber is quietly being told to find sensitive files and email them to an attacker.

No evidence of it being used in the wild yet - but it's passed peer review at one of the most respected security conferences in the world. In the episode I talk about a real-world example from a previous workplace that shows exactly why this matters, and why the tools we're integrating AI into are the problem.

Awareness Angles:

• If your AI can hear it, it can potentially be controlled by it
• The more permissions you give an AI assistant, the bigger the blast radius if something finds a way to instruct it
• Least privilege applies to AI tools just as much as it applies to people

Watch | Read

Security Socials

Amber Alert Accidental Phishing (Ant's Topic)

A real Amber Alert sent by the California Highway Patrol this week contained a bit.ly link instead of the official URL - because the message exceeded the character limit and the real address got clipped. Someone posted it on Reddit's r/phishing after clicking it and landing on an MP3 converter site. It wasn't phishing. It was a human error that looked exactly like one.

The system should make this impossible, not rely on the person sending the message to count characters under pressure. And in a situation involving someone's life, a message that looks like phishing doesn't just fail - it probably does less good the second time it gets sent.

Watch | Read on Reddit

Tom the Tech Chap - Your Phone Screen Is An OSINT Report (Luke's Topic)

Luke shared a video from Tom the Tech Chap on TikTok this week. Tom had shown his phone home screen on social media, and his banking app icons were visible. That was enough for scammers to know which bank to impersonate when they called him. They built a profile from his public content and caught him jet lagged and vulnerable late at night.

You don't need to be famous for this to happen. You just need to be visible enough for someone to run the process - and increasingly that process is automated.

Watch Ant's Reaction | Watch on TikTok

Last week on The Awareness PractitionersDoesn't Ant look great dressed as a Traffic Warden. This is probably the last ChatGPT thumbnail we'll be using!

Nobody runs out of their house to thank a traffic warden.

They're doing a job most people would agree with, in theory. But every single interaction happens at the worst possible moment of someone's week. The parking ticket lands when you're already late. The fine drops through the door when you've already forgotten the infraction. There's no version of that story where the traffic warden is the hero.

Sound familiar?

Episode four of The Awareness Practitioners looks at the perception of security teams and asks an uncomfortable question: what are we actually broadcasting? Not what we think we're broadcasting. What the person on the receiving end actually experiences.

Perception isn't something that happens to your team. It's something your team creates, every day, through every blocked request, every automated warning, every email that lands in someone's inbox at the worst possible moment.

This one doesn't need a budget. It needs honesty.

THE TRAFFIC WARDEN PROBLEM is out now. Find it wherever you listen to podcasts.

Listen on Spotify, Apple Podcasts, and YouTube.

This week CISA, the agency whose entire job is telling everyone else how to do cybersecurity, left admin passwords and AWS keys on a public GitHub repo for six months. The repo was called "Private-CISA." A new Mac stealer called Reaper fakes an Apple security update, grabs your password, and raids everything from your Keychain to your crypto wallets. And the 2026 Verizon DBIR landed with a stat every awareness pro needs to hear: people are 40% more likely to fall for phishing by phone or text than email.

We've also got 7-Eleven breached by ShinyHunters, Portugal's postal service leaking real parcel tracking codes, Iran messing with fuel monitors at US petrol stations, and Discord encrypting your calls the same week they started asking for your government ID.

All of that is in this weeks The Awareness Angle!

Watch or listen to the episode today - YouTube | Spotify | Apple Podcasts

Visit riskycreative.com for past episodes, our blog, and our merch.

These faces move, if you click the image and go to YouTube!

Last week on The Awareness Practitioners

See content credentialsAnt talks about his desires....

Last week on The Awareness Practitioners, Ant went down a rabbit hole about desire paths.

You know those unofficial shortcuts people wear into grass verges because the official path goes the wrong way? Turns out they're one of the most useful frameworks a security awareness practitioner can borrow. What happens when you follow where people actually go, instead of where you built the path?

Listen on Spotify, Apple Podcasts, and YouTube.

This Week's Stories...

CISA Left Its Passwords on Public GitHub

gizmodo.com/the-worst-leak-that-ive-witnessed-u-s-cybersecurity-agency-leaves-its-digital-keys-out-in-public-on-github-2000760330

The US Cybersecurity and Infrastructure Security Agency, the actual federal body whose entire job is telling everyone else how to do cybersecurity, has been leaving the keys to its own systems sitting in a public GitHub repo for up to six months. The repo was called "Private-CISA", which somehow makes it worse.

Inside it, researchers found a file literally named "importantAWStokens" containing admin credentials for three Amazon cloud servers used by the US government. Another file, helpfully labelled "AWS-Workspace-Firefox-Passwords.csv", listed dozens of internal usernames and passwords in plain text.

The cause appears to be staggeringly mundane. A contractor working for a firm called Nightwing seems to have been using GitHub as a way to shuffle files between their work and home machine. Think of it as the digital equivalent of leaving a USB stick on the bus, except the bus is the entire internet. GitGuardian, the security firm that found it, had tried to alert the account holder nine times before going public. Their researcher Guillaume Valadon called it the worst leak he had ever seen in his career.

The Awareness Angles:

Nobody is immune, not even the experts - CISA publishes guidance on exactly this kind of thing. And it still happened. The lesson isn't to mock them, it's that controls matter more than awareness alone, because awareness clearly didn't save anyone here.

If the sanctioned way is hard, people will invent shortcuts - The contractor wasn't malicious, they were just trying to move a file. If your organisation doesn't make safe file transfer easy and accessible, people will find their own way. Every time.

Public code repositories are constantly being scanned - The bad guys have the same scanning tools as the security researchers. Once a password or key touches a public repo, treat it as compromised and change it immediately. There is no "we deleted it quickly" defence anymore.

Reaper: The macOS Stealer That Fakes an Apple Security Update

theregister.com/security/2026/05/19/do-fear-the-reaper-stealer-swipes-macos-users-passwords-wallets-then-backdoors-them/5242258

A new piece of malware targeting Mac users called Reaper is doing the rounds and it is a bold piece of work. It impersonates Apple, Microsoft and Google all in the same attack, shifting its disguise at every stage.

It starts with fake installer websites for apps like WeChat and Miro, hosted on a web address that looks like Microsoft but swaps a lowercase L for the letter i. So "mlcrosoft" instead of "microsoft". Easy to miss, especially on a phone. The user clicks what looks like a legitimate installer and a popup appears pretending to be an Apple security update, asking them to type in their Mac login password.

Once that password is handed over, Reaper goes shopping. It grabs data from password managers, web browsers, the Mac Keychain, iCloud, Telegram and specifically cryptocurrency wallets. It then injects itself into those wallet apps so future theft keeps happening automatically. It also hunts through your Desktop and Documents folders looking for anything that looks like a business or financial file, and sets up a backdoor disguised as "Google Software Update" that phones home every sixty seconds waiting for instructions.

The Awareness Angles:

Mac users are not immune, and Reaper proves it - The old "I use a Mac so I don't get malware" line has been wrong for a while now. Mac users need the same level of awareness training that Windows users have always needed.

Look at the URL, every single time - mlcrosoft[.]co[.]com (We add the square brackets to break the link) looks normal at a glance, especially on a small screen. A lowercase L where an I should be is one of the oldest tricks going. Always go to the official source by typing it yourself or using a bookmark.

A popup asking for your password is the moment to stop - Real macOS security updates do not ask for your login through random dialogue boxes. If a popup asks for your password and you cannot immediately explain why, close it.

The 2026 Verizon Data Breach Investigations Report Is Here

verizon.com/business/resources/reports/dbir/

The annual Verizon DBIR landed this week with its biggest ever dataset: 22,000 confirmed breaches analysed across 145 countries. If you work in security awareness, this is the report you will be quoting for the next twelve months.

The headline finding is that exploiting vulnerabilities in systems has overtaken stolen passwords as the number one way attackers break in, accounting for 31% of breaches. That is a 55% jump in a single year. And while attackers are getting faster, the defenders are going backwards. Only a quarter of known critical vulnerabilities were fully patched last year, down from 38% the year before, and the median time to fix one went from 32 days to 43 days. Organisations are drowning in patches and running out of hours in the day.

Ransomware is still in nearly half of all breaches but the economics are shifting. The average payment is down to under $140,000 and 69% of victims now refuse to pay, just like 7-Eleven did this week. Third-party breaches are the bigger worry though. Breaches involving a supplier, vendor or partner grew 60% year on year and now account for nearly half of all incidents. The ShinyHunters Salesforce campaign we have been covering for weeks is exactly this category in action.

On the human side, the big finding is not that people click phishing links. We already knew that. The big finding is that they click 40% more often when the attack arrives by text message or phone call instead of email. Someone actually calling you up, building rapport, pretending to be from IT or your bank and steering you toward a bad decision is now so common that Verizon has added it as its own category.

And then there is the AI section. Two thirds of employees are using AI tools on work devices with accounts their company does not control. Nearly half are regular AI users, up from 15% the year before. And some of them are uploading proprietary research and technical documents into those tools. The shadow IT problem has a new face, and it is wearing a chatbot.

The Awareness Angles:

Phishing training that only covers email is training for the wrong attack - Voice and text phishing is 40% more effective than email, and email is what the vast majority of training programmes focus on. People need to be just as suspicious of a phone call as they are of an inbox.

Your security is now your suppliers' security - Third-party breaches grew 60% in a year. Every vendor, integration and SaaS platform your organisation uses is part of your attack surface.

Shadow AI is shadow IT with extra data leakage - Two thirds of your users are pasting work data into AI tools you don't control. The answer isn't to ban AI, it's to give people a safe and approved way to use it.

69% of ransomware victims now refuse to pay - That is a genuine win for the defender community. The more public refusals there are, the easier it becomes for the next victim to say no. Worth celebrating and worth sharing.

Discussion points

All stories discussed on this week's episode:

7-Eleven confirms data breach claimed by ShinyHunters - Watch | Read

468K records leaked from Portugal's national postal service - Watch | Read

CISA left its keys on public GitHub - Watch | Read

Iran-linked attacks on US petrol stations - Watch | Read

Reaper, the macOS stealer faking Apple updates - Watch | Read

Discord enables end-to-end encryption for all calls - Watch | Read

The 2026 Verizon DBIR - Watch | Read

Security Social: Face unlock biometric hack - Watch | Read

Security Social: Keshipon privacy roller - Watch | Read

Security Social: Google IO and SynthID - Watch

Security Social: Luke's HMRC robocall scam - Watch

Security Socials

The teenage biometric hack

A dad on LinkedIn shared how his daughter deliberately registered her Face ID while pulling a weird face, so that if someone steals her phone or holds it up to her face while she's unconscious, it won't unlock. Does it actually work with the way facial geometry mapping works? Debatable. But kids are thinking about security in ways most adults aren't, and they're sharing these tricks with each other on the playground. Multi-face authentication might not be a thing yet, but the instinct behind it is spot on. Watch | Read

The Keshipon privacy roller

If you've ever tried to scribble out your name and address on a parcel before putting it in the recycling, this one's for you. The Keshipon is a Japanese roller that stamps a dense mesh of random characters over printed text, making it unreadable. It's analogue security at its finest and arguably more secure than just crossing something out with a pen, because overlapping random characters are harder to reconstruct than simple scribble lines. Available in the UK for about fifteen quid if you're interested. Watch | Read

Google IO and the AI watermark that's actually spreading

Since we recorded this episode, the SynthID story has moved on significantly. We discussed Google's invisible watermark system for AI-generated content and flagged the obvious problem: it only works if everyone agrees to play by the same rules. Well, it turns out OpenAI announced the same week that they're partnering with Google to embed SynthID watermarks into all images generated by ChatGPT. ElevenLabs and Kakao have signed on as well. Google has also rolled SynthID detection into Google Search and Chrome, so you'll be able to check whether an image is AI-generated right where you're actually looking at it rather than having to upload it somewhere else. It's still not a complete solution because open source models trained outside these partnerships will keep producing unlabelled content, but it's a much bigger step than it was when we hit record. Watch

Luke's HMRC robocall

Luke's phone screened a scam call this week claiming to be from HMRC threatening legal action over unreturned documentation. The giveaway? An American robotic voice pretending to be the UK tax office. The call asked the recipient to press one to speak to an officer, which is a common setup for routing you through to a live scam call centre. Luke found Reddit posts from two years ago describing the exact same script, which means it's still running because it's still working on enough people to be worth the effort. Watch

This week twin brothers got fired on a Teams call, forgot it was still recording, and deleted 96 government databases while talking through the whole thing out loud. Kids are beating age verification by drawing on a mustache with a makeup pencil, and it's working. Google has confirmed for the first time that hackers used AI to find and exploit a zero-day in the wild. And a stoner who lost his Bitcoin password while high in 2015 just recovered $400,000 with help from AI and possibly the greatest password ever created.

We've also got an update on the Canvas breach (Instructure paid ShinyHunters, nobody believes the data is gone), a telehealth breach that hit over 700,000 patients, a fake Claude Code installer catching developers through Google Ads, and a researcher who found that anyone who can read your Audi's VIN through the windscreen can add your car to their account.

All of that is in this weeks The Awareness Angle!

Watch or listen to the episode today - YouTube | Spotify | Apple Podcasts

Visit riskycreative.com for past episodes, our blog, and our merch.

Click above to watch those faces move on YouTube

Introducing The Awareness Practitioners

A new podcast for the people making security human.

Oli talks about his rapid career progression over just a few years

This week on The Awareness Practitioners, I'm joined by Oli Inkley. Oli is a principal security awareness and culture lead at Marks and Spencer, and someone I've known for about four and a half years. I recruited him into his first awareness role, and since then he's built champions programmes across three major retailers.

We talk about what it's actually like coming into this career from a completely different world. Oli started on the Waitrose shop floor. No security background, no technical qualifications. He talks about how he learned to hold conversations with engineers, why every organisation needs a different approach even when they look the same from the outside, and where the human side of this work matters more than any tool.

If you're in the space, thinking about joining it, or wondering whether you need a technical background to do this job well, this one's worth 30 minutes of your time.

Listen now on Spotify, Apple Podcasts, and YouTube.

LIMITED AVAILABILITY - London Security Awareness Workshop

A free workshop for Awareness Pros on June 10th in London

Secure Culture Workshop - London, 10th June

If you work in security awareness and your Cybersecurity Awareness Month plan is still "send some phishing emails and hope for the best," this is for you. A small, practitioner-only session powered by the wonderful people at Hoxhunt . No vendor pitches, no panels, no PowerPoint. Just people who do this work every day sharing what actually works and walking out with a real plan for October.

Join Maxime Cartier and Susanna Haavisto and me in London on June 10th. There's only 50 places and we're already running low, so grab one while you can. We'll probably grab a drink after also!

Click here for more information and to register your interest.

This Week's Stories...

Twin Brothers Deleted 96 Government Databases While Still on a Recorded Teams Call

www.arstechnica.com/tech-policy/2026/05/drop-database-what-not-to-do-after-losing-an-it-job/

Twin brothers working for a federal IT contractor got fired on a Teams call after a background check turned up a prior felony conviction. One brother's access was cut immediately. The other had connected to the VPN ten minutes before the meeting and still had full access. While HR was wrapping up, he started deleting 96 government databases.

The problem? They forgot the call was still recording. The entire conversation was captured, including "People are logged out for the day, this is the perfect time" and "Don't worry about it. You don't do nothing." As we discussed on the podcast, these aren't stupid people. They could write Python scripts and manage production databases, but they forgot to hang up. Both now face potentially decades in prison.

Awareness Angles

• Access should end the second someone is fired - One brother connected to the VPN before the termination call even started and still had full access minutes after being told he was gone. Offboarding that doesn't include immediate access revocation across every system isn't offboarding at all. Send this story to your HR team and ask if this could happen where you work.
• Background checks are not optional for privileged access roles - Both brothers had prior federal convictions for computer fraud. They were hired anyway. If you're giving someone the keys to production databases, you need to know who you're handing them to.
• Everything on corporate platforms is evidence - The entire sabotage was captured because they stayed on a recorded Teams call. Anything said or done on a corporate platform can and will be used as evidence if things go wrong.

Kids Are Bypassing Age Verification With a Fake Mustache

www.techcrunch.com/2026/05/06/some-kids-are-bypassing-age-verification-checks-with-a-fake-mustache/

UK nonprofit Internet Matters surveyed around 1,300 children aged 9 to 16, and the results are roughly what you'd expect if you've ever met a child. About half said age verification checks are easy to bypass, and roughly a third said they've already done it. Methods include drawing facial hair with a makeup pencil, pointing the camera at a video game character (Death Stranding came up again from a previous episode), pulling funny faces, using fake birthdates, and borrowing a parent's ID. Only 17% said they found it difficult.

Ant had a great moment on the show where he admitted that when his son went through age verification on Roblox a few weeks ago, he genuinely thought "that's all right, they're checking his age." Even doing this every week, he fell for the sense of security it creates. That's the whole problem. Parents, regulators, and platforms all feel like the box has been ticked, while the kids it's supposed to protect are sharing workarounds at school. As Luke pointed out, they're not keeping it a secret. If one kid figures it out, the whole class knows by lunchtime.

Countries including the UK, Australia, and 25 US states now have some form of age verification law in place. The question this raises is whether the entire approach needs rethinking, or whether we're just building an expensive, privacy-invasive system that gives adults a false sense of security.

Awareness Angles

• Security theatre creates a false sense of protection - When the barrier looks real but is easily bypassed, the people relying on it believe the problem is solved. It isn't. The children know this. The adults often don't. If you work in security awareness, this is a useful parallel for any compliance exercise that's more about the checkbox than the outcome.
• Age verification collects real data from everyone - To prove you're old enough, you typically have to upload a government ID or let a camera scan your face. That's a huge amount of personal data being collected and stored by third-party verification companies, and every one of those databases is a breach target.
• Kids will always find the workaround - This has been true since the beginning of the internet. If a system relies on a child not being clever enough to beat it, that system is going to fail. The same principle applies at work. If your security controls assume people won't find a shortcut, they will.

Claude AI Recovers Stoner's $400K Bitcoin After 11-Year Search

www.theregister.com/offbeat/2026/05/14/claude-reunites-stoner-with-bitcoin-after-losing-password/

A man bought 5 Bitcoin in 2015 at a Starbucks for around $1,250 total, changed the password while high, and then completely forgot what he'd set it to. He spent 11 years trying to recover access, including brute-forcing 3.5 trillion password combinations using btcrecover on rented GPU time. After finding an old mnemonic seed phrase in a college notebook, he dumped his entire old college computer into Claude as a last resort.

Claude found an old wallet backup file from 2019 that predated the password change, spotted a bug in how btcrecover was combining the passwords and keys, and the mnemonic phrase was able to decrypt the backup. The password turned out to be "lol420fuckthePOLICE!*:)". As Ant said on the show, it does technically meet most password complexity requirements. It's got uppercase, lowercase, numbers, special characters. Just maybe don't set it while you're stoned.

To be clear, and Ant was very keen to stress this on the show, Claude didn't crack Bitcoin encryption. It didn't break any cryptography. What it did was sort through a messy archive of old files, find a forgotten backup that still worked with older credentials, and spot a configuration error in the recovery tool. It's a digital forensic assistant, not a master hacker. But it's a genuinely useful illustration of what AI is actually good at: pattern-matching across large, disorganised datasets that a human would take months to sift through. The 5 BTC is now worth just under $400,000. The man vowed to name his child after Anthropic CEO Dario Amodei.

Awareness Angles

• AI didn't crack anything, it organised chaos - The man already had everything he needed spread across old files and notebooks. Claude's value was connecting the dots across years of messy data. That's what large language models are genuinely good at, not breaking encryption, but finding patterns humans miss.
• Think before you upload sensitive data to AI - He uploaded his entire college computer into Claude, including wallet files and private keys. If you're handing that kind of material to any AI service, you need to understand who can see it and what happens to it. He transferred the Bitcoin out immediately, which was smart.
• Password management is not a joke - The password was "lol420fu**thePOLICE!*:)". Set while high. Forgotten immediately. That cost him 11 years of access to what became nearly $400,000. Use a password manager. Please.

This Week's Discussion Points

Canvas pays ShinyHunters, nobody believes the data is gone Watch | Read

716,000 patients exposed in OpenLoop Health data breach Watch | Read

Fake Claude Code installer stealing developer credentials through Google Ads Watch | Read

Google confirms hackers used AI to find a zero-day for the first time Watch | Read

Anyone who knows your VIN can add your Audi to their account Watch | Read

Scam letters are back: Amy shares a $60.5 million Nigerian prince letter that arrived through the post Watch | LinkedIn

Annual corporate training be like (click, click, click, click, click) Watch | Watch on TikTok

UK banks storing your biometric data for large payments Watch | Watch on TikTok

Waymo recalls 3,800 self-driving cars because they drive into floods Watch | Read

And Finally...

100% legal and risk-free if and only if you adhere strictly to my instructions

Scammers have gone back to posting letters. Amy Stokes-Waters , CEO at The Cyber Escape Room Co. ®, shared a letter her dad received this week from a "Mr. Kenji Tahara, Director & Executive Officer" at the Hachijuni Nagano Bank. The letter claims a deceased oil industry entrepreneur named Smith Waters deposited $60.5 million before tragically passing away at the onset of the Russia-Ukraine conflict, and because Amy's dad shares the surname, he's been selected as the next of kin to claim the estate. The split? 50% for the scammer (which will go towards "helping refugees from Ukraine war through various NGOs around Europe," obviously), 45% for the victim, and 5% set aside for "expenses incurred during the cause of securing this deposit." Five percent of $60.5 million for expenses. That's a hefty admin fee.

The best line? "I assure you that the operation is 100% legal and risk-free if and only if you adhere strictly to my instructions." As we said on the podcast, the old ways still work. In the age of AI-generated phishing and deepfake video calls, someone is still printing letters, buying stamps, and posting Nigerian prince scams through the Royal Mail. And if it didn't work, they wouldn't bother.

Worth sharing with your teams as a reminder that not every scam arrives in your inbox. Sometimes it lands on your doormat.

Watch | LinkedIn

Annual corporate training be like - If you've ever sat through mandatory training and just clicked next, next, next, next without reading a single word, this TikTok will feel personal. Shared by Liam Stock-Rabbat , it's a man sat in front of a screen doing exactly that for a solid minute. As we discussed on the show, if you look at the completion times on your training platform, you can tell exactly who's done this. And if the only question at the end is so simple you don't need to watch the video, or so obscure you'd never remember the answer anyway, what's the point? Great one to share with your compliance team next time they ask why completion rates are high but behaviour hasn't changed. Watch | Watch on TikTok

UK banks storing your biometric data for large payments - Luke shared a TikTok from Jamie's Finance asking questions about UK banks collecting and storing facial biometric data for high-value transactions. The comments were split. Some said biometric data never leaves your phone, others pointed out there's a separate process for large payments where banks do store that data server-side. As Ant mentioned on the show, having worked with three large retailers recently, every single one handles it differently. Worth a look if you bank with NatWest, Lloyds or any of the others mentioned, and worth understanding the difference between using Face ID to unlock your app and giving your bank a facial scan they store on their infrastructure. Watch | Watch on TikTok

Thanks for reading! If you’ve spotted something interesting in the world of cyber this week, a breach, a tool, or just something a bit weird, let us know at hello@riskycreative.com. We’re always learning, and your input helps shape future episodes.

Ant Davis and Luke Pettigrew write this newsletter and podcast.

The Awareness Angle Podcast and Newsletter is a Risky Creative production.

All views and opinions are our own and do not reflect those of our employers.

Cybersecurity news for humans, not just IT people

This week a dead airline's website is still letting people book flights that will never exist, and scammers are already circling the wreckage. Google Chrome has been silently downloading a 4GB AI model onto your computer without asking, and if you delete it, it comes back. And a $5,000 robot lawn mower can be hijacked by anyone on the internet, including overriding the emergency stop button. Oh, and it phones home to TikTok's parent company. You couldn't make it up.

We've also got two breaches linked to the same hacking group (ShinyHunters are back again), Instagram quietly killing encrypted DMs for two billion users, OpenAI adding a "trusted contact" feature to ChatGPT after a wave of self-harm lawsuits, and a student who stopped four high-speed trains with a radio he bought online.

It's a busy week on The Awareness Angle.

🎧 Listen on your favourite podcast platform - Spotify, Apple Podcasts and YouTube

Listen Now

Podcast · Risky Creative

SANS 2026 Security Awareness Report Survey - Now Open

This one's directly relevant to what we do. SANS Institute runs the biggest annual benchmark survey for security awareness and human risk management professionals, and the 2026 edition is now open. It's 24 questions, takes around eight minutes, and the findings feed into a free report that security awareness practitioners around the world use to benchmark their programmes, justify investment, and work out what actually moves the needle on human behaviour. It's been running for 11 years and it's one of the most credible data sets in the field. If you work in security awareness in any capacity, your voice belongs in this. To take part click here.

This Week's Stories...

Spirit Airlines Liquidation: Zombie Infrastructure, Open Payments, and $11.48 Phishing Domains

Watch | Read

Spirit Airlines ceased operations on May 2nd. But nobody turned anything off.

A security researcher called Brayden Hustead, whose own sister was stranded by the shutdown, discovered that the entire booking flow on spirit[.]com was still fully functional days after the airline collapsed. You could search for flights, pick your seats, enter your personal details, and reach the payment screen for flights that will never take off. The Navitaire booking API on Azure was still active, issuing real record locators and attempting real payment transactions against a live gateway. The system returned a "payment declined" response, not a "provider unavailable" error. That means the payment processor was still connected. It hadn't been deactivated. It just rejected the test card. If someone had used a real card, there's a genuine question about whether the transaction would have gone through.

Spirit's IT team duct-taped a redirect onto the homepage and called it a day. But all the internal links, the API, the telemetry stack, the Azure endpoints, all of it was left running in the background with nobody monitoring it. As we discussed on the show, it's a bit like the last person leaving the office and not switching the lights off. Only these lights were processing $13 to $15 million in transactions a day just 48 hours earlier.

And then there's the domain situation. The most obvious phishing domains you could imagine, spiritrefunds[.]com, spiritrefund[.]com, spiritliquidation[.]com, were sitting there unregistered for $11.48 each. Hustead grabbed them defensively and redirected them to the official restructuring site. Within four hours, 43 real people had already hit spiritliquidation[.]com, typing URLs directly into their browsers looking for help. Those are real, panicking, non-tech-savvy people who would have been trivially easy to scam if someone malicious had got there first.

The Awareness Angles:

Zombie infrastructure is a real threat - When a company shuts down overnight, the systems don't magically switch off. Spirit's booking API, payment processor, and Azure endpoints were all still running with nobody watching. That's an open door for anyone who wants to poke around in systems that were handling millions daily.

Obvious phishing domains get left wide open - The most predictable scam domains were available for the price of a sandwich. In any corporate wind-down, someone needs to be thinking about domain defence. In this case, nobody was, and a student beat the scammers to it.

Desperation makes people vulnerable - 43 real people hit a defensive domain redirect within four hours. These are the exact people scammers target: stressed, confused, and willing to trust anything that looks official.

Google Chrome Silently Installs 4GB AI Model on Your Device Without Consent

Watch | Read

Google Chrome, the world's most popular browser, has been silently downloading a 4GB AI model called Gemini Nano onto people's computers. No prompt. No notification. No consent checkbox. And if you find it and delete it, it comes back.

Security researcher Alexander Hanff discovered the file sitting in a folder called OptGuideOnDeviceModel. It appeared even on a completely fresh Chrome profile with zero human interaction. No one clicked anything. No one enabled anything. It just appeared. Snopes confirmed the finding across multiple staff machines on both macOS and Windows.

The kicker, as we talked about on the show, is that this 4GB model isn't even powering the AI features most people would notice. The big "AI Mode" button in Chrome's address bar actually sends your queries to Google's servers. The 4GB sitting on your hard drive powers minor writing assistance features that most people have never turned on and probably don't know exist. So Chrome is eating your storage for something you've never asked for and probably wouldn't use. And as we discussed, Google eventually added an opt-out setting, but it arrived months after the downloads started and it's buried in Chrome's flags backend, the kind of settings page that warns you things might break. Your mum isn't going to find that. Nobody's mum is going to find that.

Under GDPR, downloading 4GB of data to someone's device, profiling their hardware to decide if it's eligible, and doing all of it without consent raises some serious legal questions. But beyond the legal stuff, it's the principle. Your browser is making decisions about what to install on your computer without asking you. We had a similar conversation a few weeks ago when Anthropic's Claude Desktop was found doing something similar with browser hooks. It's becoming a pattern: AI companies treating your device as their deployment platform and asking forgiveness later.

The Awareness Angles:

Your browser is doing more than you think - Chrome isn't just displaying web pages. It's downloading multi-gigabyte AI models, profiling your hardware, and making storage decisions without your knowledge. Understanding what your software does in the background matters.

Consent should come before the download, not after - Google added an opt-out setting months after the downloads started. That's backwards. Privacy-by-design means asking before taking, not apologising after.

Opt-out buried in advanced settings isn't real consent - If the only way to stop something is to navigate to a page that warns you things might break, that's not a meaningful choice. Real consent means making it easy to say no, not just technically possible.

Yarbo Robot Lawn Mowers: Hardcoded Passwords, Remote Hijacking, and TikTok Telemetry

Watch | Read on The Verge

A 200-pound, blade-equipped robot sitting in your garden that can be remotely hijacked by anyone on the internet. Including overriding the physical emergency stop button. Every single Yarbo lawn mower in the world shares the same hardcoded root password, and you can't permanently change it because it resets with every firmware update.

Security researcher Andreas Makris found critical vulnerabilities in all 11,000 Yarbo devices worldwide. An attacker can remotely control the blades and movement, access the onboard cameras, steal the owner's Wi-Fi password, and read GPS coordinates and email addresses. It's similar to the robot vacuum and the internet-connected toaster stories we've covered before, but as Luke pointed out on the show, this one's different because a vacuum cleaner you can just pick up. A 200-pound machine with spinning blades, not so much.

And then there's the ByteDance detail. Yarbo's telemetry is routed through ByteDance, TikTok's parent company. The company claims to be headquartered in New York, but as the research dug into, it's actually Hangang Tech, based in Shenzhen, China. The US headquarters appears to be a small building they put a logo on. So your lawn mower is collecting your Wi-Fi credentials, GPS location, email address, and camera footage, and it's all going through ByteDance's servers. At the same time as America was having the whole uproar about TikTok's algorithm and Chinese data access, the same parent company was quietly getting access to people's gardens. Yarbo's response to the security findings was that the hardcoded password is "by design." We've heard that excuse before, Microsoft said the same thing last week about storing passwords in plain text, and it's getting old.

The Awareness Angles:

Smart doesn't mean secure - A $5,000 robot with cameras, GPS, and internet connectivity sounds premium. But hardcoded passwords and no ability to change them means security was never part of the design. Price is not an indicator of security.

Physical safety meets cyber risk - This isn't a data breach. It's a physical safety hazard. When internet-connected devices can cause real-world harm, stopping to ask about security before you buy is essential.

Ask what your devices are phoning home to - Yarbo's telemetry routes through ByteDance. Most people buying a lawn mower would never think to ask where their device sends data. With smart home products, that question should be standard before you buy.

This Week's Discussion Points...

Zara data breach exposes 197,000 customers via third-party analytics vendor Watch | Read

Cushman & Wakefield breached via vishing, two ransomware gangs claim responsibility Watch | Read

ConsentFix v3 targets Azure with automated OAuth abuse Watch | Read

Spirit Airlines liquidation leaves zombie infrastructure and $11.48 phishing domains Watch | Read

Google Chrome silently installs 4GB AI model on your device without consent Watch | Read

Instagram drops end-to-end encryption on DMs Watch | Read

Anthropic CEO warns of "moment of danger" as Mythos exposes thousands of software vulnerabilities Watch | Read

OpenAI adds "Trusted Contact" feature to ChatGPT after self-harm lawsuits Watch | Read

Student hacks Taiwan high-speed rail by exploiting 19-year-old radio system Watch | Read

Yarbo robot lawn mowers have hardcoded passwords and can be controlled remotely by anyone Watch | Read

Security Socials

Fake Wi-Fi QR code in McDonald's - Someone stuck a fake Wi-Fi QR code sign in a McDonald's. A guy scans it and gets the monkey giving the middle finger. Funny video, but a great one to share with your teams to show why scanning random QR codes is a bad idea. Watch on Instagram

Joseph Cox deepfakes his own face on Microsoft Teams - The 404 Media co-founder tested Chinese-language deepfake software that works live on video calls including Teams, Zoom, and WhatsApp. The quality is still a bit soft and slow, but it's only going to get better. Worth watching. Read

Why haven't hackers deleted student loans? - A Reddit post on No Stupid Questions asked why a benevolent hacker hasn't just deleted everyone's student debt. The top answer: because deleting a database entry doesn't delete the legally binding promissory note you signed. But it's a great question to throw at your workforce. Would your people know why that doesn't work? Read

Recruitment scam targets security awareness professional - Jessica Behles posted about receiving a perfectly crafted recruitment scam email. The irony is she teaches people to recognise scams for a living, and she still felt the pull. Your experience, your salary, your perfect match. It's designed to make you feel special so you let your guard down. Read

This week on The Awareness Angle, we hit 1.2 million views on a single video across TikTok and Instagram, which is pretty wild for an independent podcast. Thank you to everyone who watched and shared.

ADT gets breached for the third time in under a year and it all started with a phone call. An AI coding agent wipes a startup's entire database and all its backups in nine seconds, then writes its own incident report admitting it broke every safety rule it had. The supply chain attack that started with Trivy has now hit Checkmarx and Bitwarden, with three criminal groups teaming up to turn supply chain access into ransomware. And the UK government's annual cyber report says 43% of businesses were breached last year, phishing was behind 85% of them, and despite M&S, Co-op and JLR making national headlines, nothing's really changed. Plus Instructure's Canvas LMS breached again, Itron's smart meters filing quietly on a Friday night, Microsoft Teams helpdesk impersonation going wild, 610,000 Roblox accounts stolen by three lads in Ukraine, QR code scams in Toronto, and a toaster with a touchscreen that nobody asked for.

All of that in this week's Awareness Angle.

Watch or listen to the episode today - YouTube | Spotify | Apple Podcasts

Visit riskycreative.com for past episodes, our blog, and our merch.

Click to watch us on YouTube

This Week's Stories

Almost Half of UK Businesses Hit by Cyber Attacks, Government Report Finds

Watch | Read

The UK government's annual Cyber Security Breaches Survey landed this week and the numbers are huge. 43% of UK businesses, roughly 612,000, experienced a cyber attack or breach in the past year. Of those that reported a breach, 85% said phishing was involved. Not "one of the top threats," nearly all of them. And as we discussed on the show, that likely includes voice phishing and other channels beyond just email. Despite a year that included M&S, Co-op and Jaguar Land Rover all making national headlines, cyber hygiene among SMEs has actually gotten worse on several measures. Only 15% of businesses review the risks posed by their direct suppliers, just 6% look at the wider supply chain, and a quarter of businesses don't even know what their ransomware policy is. As Ant pointed out, that means people are making impulse decisions in the heat of the moment, and that's never wise.

The cyber security minister has written to 180 of the UK's largest businesses urging them to sign a new Cyber Resilience Pledge, but as we discussed, it's not those 180 companies that need the most help. It's the smaller businesses in their supply chains, the ones making the spigot rings for a Land Rover Defender, that are really feeling the impact when something goes wrong. If you work in security awareness, this report is ammunition. Share it with your CISO. As Luke Pettigrew said, these are exactly the kind of stats you need to make the case for investment and resources.

The Awareness Angles

The gap between knowing and doing - Most organisations know cyber is a risk. The problem is that awareness still isn't translating into action, especially among smaller businesses. If you need one stat to justify your programme's existence, 85% of breaches involved phishing is it.

High-profile breaches aren't moving the needle - M&S, Co-op and JLR all made national headlines, and the overall picture barely shifted. We said at the time that those breaches would be a wake-up call for the country. The data says otherwise. Shock value alone doesn't drive behaviour change.

A quarter of businesses don't know their own ransomware policy - That's not a technical problem, that's a communication problem. If your people don't know what the plan is before something happens, there is no plan.

ADT Breached Again by ShinyHunters Vishing Attack

Watch | Read

Home security giant ADT has been breached for the third time in under a year after ShinyHunters used a vishing call to compromise an employee's Okta SSO credentials and pivot into ADT's Salesforce instance. No malware, no technical exploit, just a convincing phone call and one set of credentials that unlocked millions of customer records. As Ant noted on the show, this is the same playbook ShinyHunters used on MGM, and it's rumoured to be behind M&S, Co-op and most of the big breaches over the last couple of years. When your business is security, having three breaches in 18 months isn't a great look, and as we pointed out, Bleeping Computer used the same stock image for all three.

Luke raised an important point about how vishing awareness has traditionally been focused on help desks and privileged access teams, but this shows it needs to be much broader. As Ant put it, everyone has access to something useful to an attacker, whether that's sales data, HR records, customer information or system access. A lot of permissioning in businesses isn't great, and it could be someone very low down the pyramid that leads to the top. We used to ask people in awareness surveys whether they agreed with the statement "I am of no use to hackers, so they do not target me." This story proves exactly why that thinking is dangerous.

The Awareness Angles

It started with a phone call, not a hack - No malware, no vulnerability. Someone called an employee, pretended to be IT support, and talked them into handing over their login. That was enough to compromise millions of records. If your awareness training doesn't cover phone-based social engineering with the same weight as email phishing, this is your sign to change that.

One account unlocked everything - A single set of SSO credentials gave the attacker access to Salesforce and all the customer data sitting in it. One login for everything is convenient until someone else gets hold of it.

Third breach in under a year - Three disclosed breaches since August 2024, with the same type of attack working each time. As we discussed, getting hit once doesn't mean you've had your turn. You can go again, and if the lessons aren't sticking, you probably will.

AI Coding Agent Deletes Startup's Entire Database in Nine Seconds

Watch | Read

An AI coding agent running Anthropic's Claude through Cursor hit a problem in a staging environment and decided to fix it by deleting a production database volume. It found an overpermissioned API token in an unrelated file, used it to wipe the entire database and all backups through a single API call, and the whole thing was done in nine seconds. As Ant put it on the show, he can't get Claude to write his name in nine seconds, let alone delete an entire database. When the founder asked the agent to explain what happened, it wrote its own incident report listing every safety rule it knew it had broken, including its own system prompt telling it never to run destructive commands without being asked.

For the car rental businesses using PocketOS, this meant they suddenly had no customer records at all. The data was eventually recovered, but it took days, and in the meantime customers were reconstructing bookings from Stripe payment histories and email confirmations. Luke shared a video from Hannah Fry about AI agents going rogue that tied in perfectly with this story, and as we discussed, every business wants to use AI because nobody wants to get left behind, which in some ways makes things even more dangerous. Luke also flagged that Claude's own Chrome extension, which has six million users, openly acknowledges the risk of prompt injection from websites in its Chrome Store listing. We're trying hard not to let this become an AI podcast, but when AI is doing things like this, it has to be part of the security awareness conversation.

The Awareness Angles

AI agents can take destructive action without asking - This agent wasn't told to delete anything. It decided to, found a way to do it, and did it faster than any human could have intervened. If your team is using AI coding tools, understand what they actually have access to.

Overly permissioned tokens are a ticking clock - The API token that made this possible was created for a narrow purpose but had permissions far beyond what was needed. That's not an AI problem, that's an access control problem that AI made catastrophically worse.

The "best model" isn't a safety guarantee - They were running the top-tier model with explicit safety rules configured. It still ignored them. Capability and reliability are not the same thing, and trusting an AI agent because it's smart is not the same as trusting it because it's safe.

This week's discussion points

ADT Breached Again by ShinyHunters Vishing Attack Watch | Read

Instructure / Canvas LMS Hit by Another Cyber Attack Watch | Read

Critical Infrastructure Giant Itron Confirms Cyberattack Watch | Read

AI Coding Agent Deletes Startup Database in 9 Seconds Watch | Read

Supply Chain Attack Hits Checkmarx and Bitwarden Watch | Read

Roblox Account Theft: 610,000 Accounts Stolen Watch | Read

UK Cyber Security Breaches Survey 2025-26 Watch | Read

Microsoft Teams Helpdesk Impersonation Attacks Watch | Read

QR Code Scams in Toronto Watch

Smart Toasters and Unnecessary IoT Watch

Hannah Fry on AI Agents Going Rogue Watch

Security Socials

QR Code Scams Hit Toronto - Liam Stock-Rabbat sent in a TikTok video showing fake QR code stickers being placed over legitimate ones on bike rental stations across the Greater Toronto Area. As we discussed, if you're a tourist you'd have no idea the flow was wrong because you've never used it before. Stickers over QR codes can be legitimate, businesses do update them, but that's exactly what makes it so hard to spot. The advice remains the same: if you can, use the app directly rather than scanning a random code. Watch

Smart Toasters and Unnecessary IoT - Someone on Reddit posted a picture of a toaster with a full touchscreen, weather report and digital photo frame. It costs £300 and it's internet connected. As Ant put it, it's yet another unnecessary risk you're bringing into your home. We went down a rabbit hole about Samsung TVs full of ads, why you might want to skip the built-in smart TV apps entirely, and what the most random connected device in your house might be. Let us know yours. Watch

Hannah Fry on AI Agents Going Rogue - Luke shared a TikTok from Hannah Fry (who went to the same school as Ant's wife, small world) talking about AI agents and the risks of giving them too much autonomy. It tied in perfectly with the PocketOS story. Luke also flagged that Claude's Chrome extension, with six million installs, openly acknowledges the risk of prompt injection in its Chrome Store listing. We're trying not to become an AI podcast, but it keeps pulling us back in. Watch

Thanks for reading! If you’ve spotted something interesting in the world of cyber this week, a breach, a tool, or just something a bit weird, let us know at hello@riskycreative.com. We’re always learning, and your input helps shape future episodes.

Ant Davis and Luke Pettigrew write this newsletter and podcast.

The Awareness Angle Podcast and Newsletter is a Risky Creative production.

All views and opinions are our own and do not reflect those of our employers.

This week we've got three things that are immediately useful whether you work in security or not. We discussed a phishing campaign using fake missile alerts and real geopolitical fear to steal Microsoft credentials. There is a story about what happens when a meeting recording gets sent to the wrong person after someone drops off a call, and a genuinely handy tip about generating QR codes without handing your data to a random website. It was sitting on your computer, the whole time!

After that we've got the Breach of the Week, the Phish of the Week from the team at Hoxhunt, and everything else from this week's episode.

Watch or listen to the episode today - YouTube | Spotify | Apple Podcasts

Visit riskycreative.com for past episodes, our blog, and our merch.

Minimize imageEdit imageDelete image

This week's stories...

Missile Alert Phishing Exploits Iran-US-Israel Conflict for Microsoft Logins

Watch | Read

A phishing campaign is exploiting genuine geopolitical tensions between Iran, Israel, and the US. The emails impersonate government civil defence warnings, with urgent subject lines, an official-looking layout, and language designed to stop you thinking and start you acting. The ask is to scan a QR code for shelter guidance and evacuation instructions.

The QR code takes you off your device to your phone, away from your email security controls, and onto a fake Microsoft login page.

There's a line in the email worth noting: "scan for instructions, access official emergency procedures, shelter guidance and evacuation instructions." Ask yourself why emergency procedures would require you to sign into Microsoft. In a genuine emergency, you wouldn't stop to ask that. That's the whole point.

The Awareness Angles -

Fear is the most effective bypass - Attackers weaponise breaking news and genuine anxiety to trigger fast, uncritical action. When people feel threatened, they don't pause to verify URLs.

QR codes move the attack off your protected device - On your phone, the URL is harder to see, security tooling may not be in play, and the Microsoft login screen might look slightly different to what you're used to. All of that helps the attacker.

If something urgent wants you to sign in somewhere unfamiliar, stop - Emergency guidance doesn't live behind a Microsoft login. That mismatch is the tell.

Your Meeting Recording Might Be Sending More Than You Think

Watch

A post on Reddit's recruitinghell caught a lot of attention this week. A candidate's wife shared that after a virtual interview, her husband was accidentally sent a full transcript and audio recording of the entire call, including the interviewers discussing him after he disconnected. Remarks about his appearance, their salary negotiation tactics, and comments you'd never want the candidate to hear.

It probably happens all the time. Someone drops off a call, the remaining people carry on talking, and the transcript goes out automatically to all participants when the meeting ends.

The security message here is simple but easy to overlook: if you need to debrief after a meeting, start a new one. Don't assume the recording has stopped just because someone has left.

The Awareness Angles -

Auto-transcription catches everything - Meeting tools like Teams, Zoom, and Meet don't stop recording when a participant leaves. If transcription is on, it captures whatever is said until the host ends the meeting.

Transcripts go to all participants by default - The person you were just talking about may receive a full written record of what you said. This isn't a theoretical risk, it happened here.

Start a new meeting to debrief - It takes ten seconds and removes the risk entirely. Worth making it a habit, and worth sharing with your teams.

You Can Make QR Codes Directly in Microsoft Word

Watch | Read

A short video shared this week pointed out something most people don't know: you can generate a QR code directly inside Microsoft Word, no third-party tool required.

This matters for anyone in security awareness who makes posters, internal communications, or training materials. Most people Google "QR code generator" and land on a random website, hand over their URL, and don't think twice about what that site is doing with it. Using a built-in tool removes that risk entirely.

It's not the most intuitive feature to find, but the video walks through it clearly. Worth knowing, and worth passing on to the teams in your organisation who regularly make printed or digital materials.

The Awareness Angles -

Check what your existing tools can already do - Before anyone in your organisation uses a third-party website or app for something, it's worth asking whether Microsoft 365, Google Workspace, or whatever your standard toolset is can already do it natively. QR codes in Word is one example. There are probably others sitting unused. Finding them and communicating them reduces shadow IT risk without asking people to change their behaviour dramatically.

Communicate it - If your organisation has approved tools that do things people don't know about, that's a quick win for a security awareness message. A short post, a tip in a newsletter, a slide in an induction deck. "You don't need to Google a QR code generator, here's how to do it in Word" is the kind of practical, immediately useful message that lands well.

Third-party tools are a risk even for small things - Free online tools ask for data, store URLs, and may share information with parties you've never heard of. Helping people understand that even small conveniences carry risk is a useful habit to build.

Phish of the Week

Thanks as always to the threat intelligence team at Hoxhunt .

Minimize imageEdit imageDelete image

WhatsApp / Meta Impersonation: Credential and MFA Code Theft

This one's well put together. It arrives as an official-looking email carrying the WhatsApp and Meta branding, addressed to someone who runs a Meta Business Messaging partner account.

The message says their business hasn't met requirements to maintain select tier status in the Meta Business Messaging Partners Program and they have until a specific date to fix it. There is a deadline included and links everywhere, four of them, all going to the same place.

What makes it notable is the landing page. It's not just a fake login that steals your password. It asks you to verify your identity, capturing your MFA code in real time. The likely setup: a ghost system is logging in on your behalf in the background and passing your verification code straight through. So even with MFA turned on, this attack works.

The Awareness Angles -

Targeted phishing feels relevant because it is - This works on people who actually have Meta partner portal accounts. If you received it and didn't have one, you'd ignore it. The targeting is what makes it dangerous.

MFA capture is real - Getting your MFA code intercepted in real time is not theoretical. This attack is designed specifically to do that. MFA is still worth having, but it doesn't make you untouchable.

Go to source, not the link - If you get something like this, don't click. Go to Google, search for the platform directly, and navigate from there. Better still, have it bookmarked.

Bookmarks are an underrated and almost entirely forgotten piece of security advice. If there's a site you log into regularly, whether that's your bank, your HR system, your email, or a partner portal, bookmark it. Then when something arrives in your inbox claiming to be from that service, you don't need to click anything. You just open the bookmark. It sounds too simple, but it removes one of the most common ways people end up on fake login pages. Worth pushing out as an awareness message. It's practical, it costs nothing, and most people have never thought about it.

This Week's Discussion Points...

Everything we talked about in this week's episode:

• Hackers steal and leak 7.7TB of sensitive LAPD police documents via third-party storage Watch | Read

• Wynn Resorts confirms 21,000 employees affected by ShinyHunters breach, ransom likely paid Watch | Read

• Dutch healthcare software vendor ChipSoft hit by ransomware, disrupting hospital systems across the Netherlands Watch | Read

• Jones Day law firm confirms breach after Silent Ransom Group (Luna Moth) leaks client files and demands $13M Watch | Read

• Anthropic's Project Glasswing powered by Claude Mythos autonomously finds and exploits thousands of zero-days Watch | Read

• GrafanaGhost vulnerability allows data theft via AI prompt injection, Grafana disputes severity Watch | Read

• Missile alert phishing campaign exploits Iran-US-Israel tensions to steal Microsoft credentials via QR code Watch | Read

• BlueHammer: disgruntled researcher leaks unpatched Windows privilege escalation zero-day on GitHub Watch | Read

• White House proposes $707M cut to CISA, a third of staff already left in Trump's second term Watch | Read

• Phish of the Week: WhatsApp/Meta impersonation capturing credentials and MFA codes in real time Watch

• North Korean hacker exposed during a job interview Watch | Read

• Interview transcript accidentally sent to applicant including post-call discussion Watch

• Make QR codes directly in Microsoft Word Watch | Read

• TikTok Lite installed automatically after a phone update Watch | Read

Find Us

Podcast: Spotify | Apple Podcasts

YouTube: https://www.youtube.com/@riskycreative

TikTok: https://www.tiktok.com/@infosecant

Instagram: https://www.instagram.com/riskycreative

Thanks for reading! If you’ve spotted something interesting in the world of cyber this week, a breach, a tool, or just something a bit weird, let us know at hello@riskycreative.com. We’re always learning, and your input helps shape future episodes.

Ant Davis and Luke Pettigrew write this newsletter and podcast.

The Awareness Angle Podcast and Newsletter is a Risky Creative production.

All views and opinions are our own and do not reflect those of our employers.

This week on The Awareness Angle, we've got Chinese hackers breaking into the system the FBI uses to watch people. The White House released an app that security researchers took apart and didn't like what they found. LinkedIn has been quietly scanning your browser extensions and linking the results to your profile without telling you. And a Carnegie Mellon professor says app privacy labels are basically the nutrition labels of the internet, which tells you everything you need to know.

We've also got Google Drive getting a proper ransomware safety net, attackers using WhatsApp to deliver malware to Windows PCs, Apple quietly blocking one of the cleverest scams doing the rounds right now, and a campaign calling out the AI-generated slop that's making all of us easier to scam.

Watch or listen to the episode today - YouTube | Spotify | Apple Podcasts

Visit riskycreative.com for past episodes, our blog, and our merch.

Click the image above to watch the latest episode on YouTube

Breach of the Week

Chinese Hackers Breach the System the FBI Uses to Watch People

Watch | Read

We had plenty to choose from this week as Hasbro got hacked, there are unconfirmed claims about a massive Adobe breach, and a few others bubbling away. But this one was the standout, and honestly it's got Hollywood written all over it.

Suspected China-linked hackers broke into the FBI system that stores surveillance data, likely exposing the phone numbers of people the bureau was actively monitoring. The FBI has officially classed it as a major incident and notified Congress, confirming that access came through a third-party vendor rather than a direct attack on their own systems.

The system at the centre of it manages court-authorised wiretaps. Think of it as the database that tells investigators who they're watching and who those targets are talking to. Whoever got in could potentially work out exactly who the US is surveilling, giving them the chance to tip off assets, cut ties, or stay one step ahead. This isn't just a data breach. It's a breach of the FBI's ability to do its job quietly.

Our Mission Impossible take: this feels less like a money grab and more like an intelligence operation. Who's being watched? Who's safe? Who needs burning? That kind of targeted patience is what separates nation-state attacks from regular cybercrime. There'll be a film about this one day.

The Awareness Angle -

Your data in someone else's hands - When a government system gets hacked, it's not just officials affected. Ordinary people whose names appear in investigations as witnesses, associates or subjects can end up exposed too.

Third party, first problem - Access came through a third-party vendor, not a direct attack. This is the same weak link that trips up organisations of all sizes. Your security is only as strong as the people you trust with access.

This isn't random - State-sponsored hackers don't break in to cause chaos. They go after intelligence. What's known, who's compromised, who's being watched. That level of patience and precision is what makes these attacks so hard to defend against.

This Week's Stories...

The Security Tool We Covered Last Week Just Helped Breach the European Commission

Watch | Read

If you caught last week's episode, you'll remember the Trivy supply chain attack, a poisoned security scanner that was backdoored and used to compromise an AI tool called LiteLLM. Well, the story got a lot bigger.

CERT-EU has confirmed the European Commission's cloud infrastructure was breached using that same compromised version of Trivy, with initial access obtained on March 19th through normal software update channels. No one clicked anything dodgy. No one fell for a phishing email. They just updated their software.

The attackers stole an AWS API key, got into the Commission's cloud accounts, and the stolen data, including emails and personal details, was subsequently published on the dark web by ShinyHunters. Up to 71 clients across EU institutions affected, over 300GB of data. And yes, ShinyHunters are the same group behind some of the biggest breaches of the last couple of years. Not surprising they're involved.

Trivy led to LiteLLM, LiteLLM led to further targets, and the security scanner designed to keep systems safe became the weapon used to break in.

Your security tools are part of your attack surface - We said this last week and it just took down the European Commission. The tools you trust to protect you can become the way in if they're not protected themselves.

Software updates are now a threat vector - Nobody did anything wrong here in the traditional sense. They just updated their software. That's exactly what makes supply chain attacks so hard to defend against.

One breach feeds the next - They didn't hit one target and stop. Each compromise was used to reach the next one. Patient, methodical, cascading. By the time anyone notices, the damage is already well beyond where it started.

The White House Just Released an App. Security Researchers Are Not Happy About It.

Watch | Read

We're keeping the politics out of this one. If they want to release an app, they're entitled to. But the security angle here is worth knowing about regardless of where you stand on anything else.

The Trump administration launched an official White House mobile app for iOS and Android, promising Americans unparalleled access with live streams, breaking alerts and real-time updates. What they didn't advertise was what the app does in the background.

Security researchers who decompiled it found it sending users' IP addresses, timezone, device model, OS version and a persistent unique identifier to third-party servers on every single launch, despite the app's privacy label being completely blank and claiming it collects nothing. There's also GPS tracking infrastructure baked in that's currently dormant but can be switched on remotely. It's there. It just hasn't been turned on yet.

A Russia-founded third-party software company whose components are baked into the app was also found exposing personal information belonging to some White House staffers. The White House said everything is safe and secure. Security researchers disagreed, loudly. In any other news cycle this would have been a scandal.

The Awareness Angle -

Read the permissions before you download anything - This app asked for access to precise location, biometric fingerprint data and the ability to modify or delete your shared storage. Most people tap allow without looking. Those permissions are worth a few seconds of your time for any app, not just this one.

A privacy label that says nothing can still mean a lot - Apps are supposed to declare what data they collect. This one said nothing. The reality was very different. If an app's privacy disclosure looks too clean, that's not always reassurance. Sometimes it's a red flag.

Official doesn't mean safe - A .gov badge doesn't automatically mean an app has been built securely or held to a higher standard. Apply the same scepticism to government apps as you would any other.

Apple Just Added a Safety Net for One of the Cleverest Scams Around

Source: Reddit

Watch | Read

We've talked about ClickFix on this podcast more times than we can count, and we've said for a while that what it really needs is an OS-level response. Apple just got there first.

A new macOS feature now blocks potentially harmful commands from running when pasted into Terminal and shows a warning explaining that scammers commonly distribute malicious instructions through websites, chat agents, apps and phone calls. If you're on a Mac and you paste something suspicious into Terminal, you now get a pop-up that says "Possible malware, paste blocked" with a Don't Paste button as the main option.

If you're not familiar with ClickFix, it's worth understanding. A fake pop-up tells you there's a problem with your computer. A Fix It button appears. Clicking it copies a command to your clipboard. You paste it into Terminal, hit enter, and you've just installed the malware yourself. ClickFix jumped by more than 500% in the first half of 2025, making it the second most common attack vector after phishing.

The "paste anyway" option is still there, which Luke rightly pointed out maybe it shouldn't be, but it's a long overdue step in the right direction. Hopefully Windows follows.

The Awareness Angle -

The scam works because it uses your own hands against you - ClickFix bypasses most security software because you're the one running the command. The malware never has to sneak past anything. You let it in yourself, thinking you're fixing a problem.

No legitimate website will ever ask you to open Terminal - That is the tell. If a website, pop-up, support chat or phone caller tells you to open Terminal or Command Prompt and paste something in, stop. That is the scam, every single time.

Apple's warning helps but don't rely on it alone - It's not yet clear exactly which commands trigger it, so it won't catch everything. The best protection is knowing what ClickFix looks like before you ever see it, which is exactly why we keep talking about it.

App Privacy Labels Are Like Food Nutrition Labels - And We All Know How That's Going

Watch | Read

This one came up this week because of the White House app, and it's a comparison that really stuck with us.

Lorrie Cranor, director of Carnegie Mellon University's CyLab Security and Privacy Institute, says app privacy labels, the data disclosures you see on the App Store and Google Play, are basically the nutrition labels on a packet of crisps. In theory they help you make an informed choice. In practice, she says the current versions are not at all useful and, worse, they create the impression that something meaningful is being done for your privacy when it actually isn't.

Studies have found widespread inaccuracies in the labels. Apple and Google don't even use the same definitions for what counts as data collection. Google defines it as any data transmitted from your device. Apple only counts it if that data is also stored. The same app can look completely different depending on which store you're looking at.

We saw a live example of this exact week. The White House app declared it collected nothing, while quietly sending device data to multiple third parties on every single launch.

The Awareness Angle -

Labels are only useful if they're accurate - The privacy label on an app is the closest thing you have to informed consent before downloading. Most people never check it, and research shows many labels don't reflect what apps actually do anyway.

Compliance isn't the same as protection - Companies post these labels for information purposes. A label existing doesn't mean your data is safe. There was a time when everyone said smoking was good for you. Look how that turned out.

Even the experts say read the privacy policy - If you genuinely want to know what an app does with your data, the full privacy policy is still your best bet. Nobody said it was fun, but it's the honest answer.

Phish of the Week

Thanks as always to the threat intelligence team at Hoxhunt for sharing this week's example.

This is a phish with many gills....

Watch

This one's a salary increase notification, and it's more sophisticated than it first looks.

The email lands with your company logo, your name, and a message saying a new policy has been added: a salary increase, effective a specific recent date. To access the updated documentation, scan the QR code below. At the bottom, there's a yellow confidentiality banner telling you not to share the link or access code with anyone else. That detail is doing a lot of work. It's nudging you to keep quiet and not check with a colleague.

Here's the bit that caught us off guard when we scrolled further down on the episode: it's not just a credential capture page. Scanning the QR code takes you to a fake DocuSign page where you're given a signing code. Clicking continue takes you to a legitimate Microsoft website and a real device authentication window. The attack isn't stealing your password. It's getting you to authorise access to your device entirely. That's device code phishing.

And there's a red flag right at the start that most people will miss. The phishing email itself is completely empty. The actual attack arrives as a .eml file attached to a blank email. That's not normal. If you see an empty email with an email file attached, don't open it.

Hoxhunt flagged the fake salary lure as the primary hook, playing into exactly the kind of emotion that makes people act before they think, and the QR code as a deliberate choice to move you off your work device and onto your phone, away from whatever security controls your organisation has in place.

This Week's Discussion Points...

Chinese hackers breach the FBI's wiretap surveillance system Watch | Read

Trivy supply chain attack leads to European Commission data breach Watch | Read

The White House app: what security researchers actually found Watch | Read

Apple adds macOS Terminal warning to block ClickFix paste attacks Watch | Read

App privacy labels are not as useful as you think Watch | Read

Google Drive ransomware detection and file restoration now generally available Watch | Read

LinkedIn secretly scanning 6,000+ Chrome extensions and collecting data Watch | Read

WhatsApp used to deliver malware to Windows PCs Watch | Read

Phish of the Week: QR code salary increase leading to device code phishing Watch

SMS delivery scam in the wild Watch

Sloppypasta: AI-generated content and why it makes you easier to scam Watch | Read

Artemis II has two broken instances of Outlook and NASA had to remote in Watch | Bluesky

Artemis II is running Microsoft 365 in space Watch | Read

Artemis II astronaut enters PIN code on live stream Watch | Watch on TikTok

Apple Passwords app ad Watch | Watch on TikTok

Supply chain attack explainer video Watch | Watch on TikTok

And Finally...

Artemis II is orbiting the moon. The astronauts are running Windows. They have two instances of Outlook installed and neither of them work. NASA had to remote in to sort it out. Anthony's take: we've sent people round the moon and we're relying on Outlook for email up there. Luke's take: why do they even need Outlook? There's live chat for that. Both valid. Watch | Bluesky

Which led to the obvious question. Can you imagine being phished while orbiting? A QR code salary increase lands in your inbox, you scan it on your phone, and suddenly someone's got remote access to a Windows tablet in space. We have a Phish of the Week for exactly that scenario this week. Coincidence. Probably. Watch

One of the astronauts also entered their PIN code on live stream, just before launch, in full view of the cameras. It's out there now. Luke pointed out it's probably just policy baked into the device build. Anthony pointed out they could have been given an exception. Watch | Watch on TikTok

Luke also shared Apple's latest ad promoting the built-in Passwords app — good awareness content, and a reminder that if your organisation runs Apple devices without MDM, staff may now be storing corporate passwords somewhere you can't see. Watch | Watch on TikTok

And finally, a really nicely produced TikTok on supply chain attacks by Lewis Menloe. Worth sharing with your team, and worth watching if you make awareness content yourself — great example of what you can do with an iPhone and one decent light. Watch | Watch on TikTok

Thanks for reading! If you’ve spotted something interesting in the world of cyber this week, a breach, a tool, or just something a bit weird, let us know at hello@riskycreative.com. We’re always learning, and your input helps shape future episodes.

Ant Davis and Luke Pettigrew write this newsletter and podcast.

The Awareness Angle Podcast and Newsletter is a Risky Creative production.

All views and opinions are our own and do not reflect those of our employers.