This week we’ve got leaks, lawsuits, and legislation. From Elon’s Grok chatbot spilling hundreds of thousands of private chats into Google search results, to Mac users being tricked by a fake “fix” that hides an info-stealer, to a developer jailed for sabotaging his ex-employer with a kill switch. Add in a major telecoms breach, Android’s new plan to verify every app developer, and Denmark pushing bold new deepfake laws, and there’s plenty to talk about.

Listen on your favourite podcast platform - Spotify, Apple Podcasts and YouTube

Listen Now

Podcast · Risky Creative

Hundreds of thousands of Grok chats exposed in Google results

Watch the discussion - https://youtu.be/v64EH9pK_w8?t=127

Elon Musk’s Grok chatbot was caught up in a major privacy incident after more than 370,000 user conversations were found in Google search results. A flaw in the Share button meant chats that were supposed to be private were being indexed, making them accessible to anyone searching. The leaked conversations were not harmless either. They included medical information, passwords, and even instructions on making explosives. It follows similar incidents with other AI platforms earlier this year, raising serious questions about how much we can trust these tools with sensitive information.

Read more - https://www.bbc.co.uk/news/articles/cdrkmk00jy0o

∠The Awareness Angle

• Privacy is not guaranteed – AI chats may appear private but unless privacy is designed into the platform, they can leak just like a public post.

• Sensitive data at risk – Health details, credentials, and personal secrets were all exposed, showing how valuable this information is.

• Think before you share – Treat AI chats like social media and never share anything you would not want to end up online.

Fake Mac fixes trick users into installing new Shamos infostealer

Watch the discussion - https://youtu.be/v64EH9pK_w8?t=267

A new malware strain called Shamos is targeting Mac users by posing as a system fix. Attackers are using malvertising and fake websites like mac-safer.com to trick people into pasting commands into Terminal. Instead of solving a problem, the code installs an infostealer that grabs browser data, passwords, Keychain items, Apple Notes, and even crypto wallets. Since June more than 300 Mac environments have been hit.

Read more - https://www.bleepingcomputer.com/news/security/fake-mac-fixes-trick-users-into-installing-new-shamos-infostealer/

∠The Awareness Angle

• Looks helpful, ends harmful – Fake fixes prey on people desperate to solve a problem quickly.

• High-value data stolen – Shamos can access passwords, notes, and financial accounts, making it highly damaging.

• Safe support routes – Never run commands from random sites. Always go directly to Apple’s official support channels.

Dev gets 4 years for creating kill switch on ex-employer’s systems

Watch the discussion - https://youtu.be/v64EH9pK_w8?t=548

Former software developer Davis Lu was sentenced to four years in prison after sabotaging his ex-employer’s network. Lu had secretly embedded malicious code into Eaton Corporation’s systems that triggered when his account was disabled. The “kill switch” crashed servers, deleted profiles, and locked out thousands of users, costing the company hundreds of thousands of dollars.

Read more - https://www.bleepingcomputer.com/news/security/dev-gets-4-years-for-creating-kill-switch-on-ex-employers-systems/

∠The Awareness Angle

• Insider risk is real – While most insider incidents are accidental, malicious acts can cause devastating damage.

• Planned sabotage – Lu named his code after himself, showing how brazen and deliberate insider threats can be.

• Controls matter – Monitoring for unusual code, enforcing separation of duties, and regular audits can reduce this risk.

Do you have something you would like us to talk about? Are you struggling to solve a problem, or have you had an awesome success? Reply to this email telling us your story, and we might cover it in the next episode!

This Week's Discussion Points...

Hundreds of thousands of Grok chats exposed in Google results
Watch | Read

Fake Mac fixes trick users into installing new Shamos infostealer
Watch | Read

Dev gets 4 years for creating kill switch on ex-employer's systems
Watch | Read

Orange Belgium discloses data breach impacting 850,000 customers
Watch | Read

You Won’t Be Able to Install Apps from Unverified Android Developers Soon
Watch | Read

4chan launches legal case against Ofcom in US federal court
Watch | Read

How 16 billion becomes 231 million, then 9 million
Watch | Read

MoD staff warned not to share hidden data before Afghan leak
Watch | Read

Denmark’s bold move to protect citizens from deepfakes
Watch | Read

Why are hackers always shown in hoodies?
Watch | Read

WiFi signals reveal human movement indoors
Watch | Read

Gmail unsubscribe hack
Watch | Read

 Subscribe to the Newsletter

https://www.riskycreative.com

The Gmail unsubscribe hack you might not know about

Watch - https://youtu.be/v64EH9pK_w8?t=2418

A TikTok clip revealed a simple Gmail trick to clear out unwanted emails. In the left-hand menu under “More,” there’s a Manage Subscriptions option. It lists every newsletter and marketing email you’re signed up to, with a one-click unsubscribe button. It even shows how often you receive them, making it much easier to tidy your inbox.

∠The Awareness Angle

• Hidden feature – Gmail has a built-in tool to manage and cancel subscriptions in bulk.

• Time saver – Instead of hunting through emails, you can unsubscribe directly in one place.

• Inbox hygiene – Keeping clutter under control reduces the risk of missing important security messages.

 

Watch it at - https://vm.tiktok.com/ZNd4NNg1V/

Thanks for reading! If you’ve spotted something interesting in the world of cyber this week — a breach, a tool, or just something a bit weird — let us know at hello@riskycreative.com. We’re always learning, and your input helps shape future episodes.