This week’s episode has a bit of everything – classic vulnerabilities, connected car hacks, and some big questions about what we’re still teaching in security awareness.
We kick things off with WinRAR (yes, again). A new flaw means attackers can bypass the ‘Mark of the Web’ warning in Windows, and it’s probably still sitting quietly on machines that haven’t been touched in years. It’s a great example of how legacy tools slip under the radar.
Then we dig into the Europcar breach – attackers stole source code, credentials, and customer data from their GitLab repos. It looks like an infostealer was the likely cause, and it’s a reminder of how simple malware on one developer’s laptop can snowball into something much bigger.
The episode also features one of the most shocking stories we’ve seen in a while: researchers took remote control of a 2020 Nissan Leaf, including tracking, listening, and even steering. All through the infotainment system. We talk about what that means for connected devices, and where awareness fits in.
We also cover Lance Spitzner’s post on outdated awareness advice – like changing passwords too often, relying on HTTPS, and the classic ‘hover over the link’. It sparked a great discussion about what still works, and what we should probably leave behind.
And finally, a leaked internal memo from Shopify outlines a company-wide push for AI adoption – but with no mention of security, privacy, or data handling. It’s bold, but it also shows how easily security can be left out of big cultural shifts.
There’s more too – spyware apps flagged by GCHQ, Apple’s iCloud encryption battle going public, Oracle confirming their breach (eventually), and a very dodgy-looking NHS text message that turned out to be legit.
If you’re into security awareness, human risk, or just trying to make security make sense, give it a listen.
🧯 WinRAR vulnerability
https://www.bleepingcomputer.com/news/security/winrar-flaw-bypasses-windows-mark-of-the-web-security-alerts/
📦 WK Kellogg breached via Clop ransomware
https://www.bleepingcomputer.com/news/security/food-giant-wk-kellogg-discloses-data-breach-linked-to-clop-ransomware/
🔓 Europcar GitLab breach
https://www.bleepingcomputer.com/news/security/europcar-gitlab-breach-exposes-data-of-up-to-200-000-customers/
🚗 Nissan Leaf hacked
https://www.securityweek.com/nissan-leaf-hacked-for-remote-spying-physical-takeover/
🎵 TikTok ban delayed again
https://news.sky.com/story/us-tiktok-ban-delayed-again-after-china-stalls-on-deal-over-tariffs-13342163
📱 Spyware apps targeting phones – GCHQ
https://uk.news.yahoo.com/gchq-warns-spyware-accessing-phone-055226746.html
🛡️ Apple iCloud encryption case goes public
https://www.bbc.co.uk/news/articles/cvgn1lz3v4no
💽 Oracle breach confirmed
https://cybersecuritynews.com/oracle-confirms-that-hackers-broke-systems
🔐 Lance Spitzner’s LinkedIn post on outdated advice
https://www.linkedin.com/posts/lancespitzner_securityawareness-humanrisk-secuityculture-activity-7314999154957553666-myo0
🤖 Shopify’s leaked AI memo
https://www.linkedin.com/posts/sytaylor_this-leaked-ai-memo-from-the-shopify-ceo-activity-7315026181941006336-g01s
🎮 AI-generated retro gaming ads
https://www.reddit.com/r/ChatGPT/s/Fp5oWJr8WI
🎥 AI avatar used in court
https://youtu.be/gvbzd6zkqd0?si=xaes6rKzrpp9UtIF
👨👩👧 Maddy Moate on parental controls
https://www.instagram.com/reel/DH6DhqNorAj/?igsh=cm54OHh0dXVkMTh1