Two Awards, Ten Breaches, and One Periwinkle Tempest – What a Week in Cybersecurity

This episode is packed with cybersecurity stories, clever phishing scams, and some big questions about security awareness.

We kick things off with a celebration. The Awareness Angle is now an award-winning podcast. We picked up two wins at the European Cybersecurity Blogger Awards: Best Back to Basics Podcast, and Ant was named Contributor of the Year. It was an incredible night full of brilliant people, unexpected selfies, and some very questionable cyber-themed cocktails. Graham Cluley even took our photo, and KnowBe4 handed over Lego fishermen for the kids. Definitely one for the scrapbook.

But it wasn’t all glitter and swag. The retail sector is still under attack, with both The North Face and Cartier reporting recent cyber incidents. Credential stuffing, unauthorised access, and exposed customer data are all part of the story. We also dig into the Marks & Spencer breach, where a class action lawsuit is now underway. Over 350 customers have joined the claim, with compensation being sought for the fallout. It’s a strong reminder that third-party risk and transparency still need serious attention.

We also talk about Microsoft’s big move to delete saved passwords from the Authenticator app starting in August. It’s part of the shift to a passwordless future, but are users ready for it? And are organisations supporting that transition clearly enough?

On the privacy front, Signal has taken a stand by blocking Windows Recall from taking screenshots of private chats. This is one of the first concrete moves we’ve seen against Recall, and it raises important questions about consent, AI tools, and how much visibility users really have over what’s captured on their screens.

We also highlight new research from NordPass showing how shockingly weak password practices are still common in the automotive industry. Passwords like “123456” and “P@ssw0rd” are being used to secure connected vehicle systems, often without any multi-factor authentication in place. It’s a worrying glimpse into a part of the industry that often flies under the radar.

Meanwhile, Australia has introduced new rules requiring large businesses to report ransomware payments within 72 hours. Rather than banning ransom payments outright, they’re pushing for transparency. It’s a bold step, and one that other countries may be watching closely.

We also explore Microsoft and CrowdStrike’s new effort to simplify threat actor naming. Instead of multiple vendors calling the same group by different names, they’re trying to align terms to reduce confusion. Say goodbye to Wizard Spider. Say hello to Periwinkle Tempest.

There’s also a quick heads-up for creative teams. A malicious Blender file disguised as a free 3D chair model has been spotted spreading malware. If your team uses Blender, now is a good time to review auto-run settings and safe file practices.

And finally, we break down a scam that’s making the rounds via WhatsApp and iMessage. It promises thousands of pounds a month for less than an hour a day. It’s clearly a scam, but with the right timing and the wrong circumstances, people are still getting caught out. It’s a reminder that even old tricks still work.

This episode has a bit of everything. Real stories, important lessons, and a few good laughs along the way. Whether you’re deep in the world of cybersecurity or just trying to stay safer online, this one’s worth a listen.

🎉 Blogger Awards Win
Watch – https://youtu.be/0w38e9hdtZU?t=129

🧥 The North Face & 💍 Cartier Breaches
Watch – https://youtu.be/0w38e9hdtZU?t=851
Read – https://www.digit.fyi/the-north-face-and-cartier-latest-to-face-cyber-attacks/

📉 M&S Class Action Lawsuit
Watch – https://youtu.be/0w38e9hdtZU?t=983
Read – https://www.itv.com/news/2025-06-03/m-and-s-faces-unprecedented-customer-lawsuit-over-cyberattack-data-breach

🔐 Microsoft Authenticator Password Deletion
Watch – https://youtu.be/0w38e9hdtZU?t=1081
Read – https://www.forbes.com/sites/zakdoffman/2025/05/31/microsoft-confirms-password-deletion-now-just-8-weeks-away/

🚫 Signal Blocks Windows Recall
Watch – https://youtu.be/0w38e9hdtZU?t=1241
Read – https://www.theverge.com/news/672210/signal-desktop-app-microsoft-recall-block-windows-11-ai

🚗 Smart Cars, Dumb Passwords
Watch – https://youtu.be/0w38e9hdtZU?t=1411
Read – https://hackread.com/smart-cars-dumb-passwords-auto-industry-weak-passwords/

🇦🇺 Australia Ransomware Disclosure Law
Watch – https://youtu.be/0w38e9hdtZU?t=1688
Read – https://www.darkreading.com/threat-intelligence/australia-ransomware-payment-disclosure-rules

🧑‍💻 Gen Z and Passkey Adoption
Watch – https://youtu.be/0w38e9hdtZU?t=1779
Read – https://www.androidauthority.com/google-scams-survey-gen-z-passkey-3563937/

🌪️ Threat Actor Naming – Periwinkle Tempest
Watch – https://youtu.be/0w38e9hdtZU?t=2100
Read – https://www.microsoft.com/en-us/security/blog/2025/06/02/announcing-a-new-strategic-collaboration-to-bring-clarity-to-threat-actor-naming/

🪑 Blender File Malware Warning
Watch – https://youtu.be/0w38e9hdtZU?t=2497
Read – https://www.reddit.com/r/blender/s/FSyggEQlic

💸 WhatsApp £8k Job Scam
Watch – https://youtu.be/0w38e9hdtZU?t=2680
Read – https://www.reddit.com/r/Scams/comments/1koqxhw/uk_unfamiliar_scam/

📱 Meta AI on WhatsApp
Watch – https://youtu.be/0w38e9hdtZU?t=2856
Read – https://www.meta.com/blog/whatsapp/introducing-meta-ai-in-whatsapp/