Scientology Breach, Windows Chaos and a Live ChatGPT Scam

Scientology hit by the Qilin ransomware gang

The Church of Scientology has confirmed a ransomware attack after the Qilin gang claimed they stole 190 gigabytes of internal files. Samples posted online appear to include recent operational documents from its UK base. It is an unusual breach of a very private organisation, and it raises the question of what happens when a group built on secrecy loses control of its own information.

The Awareness Angle

Backups protect choices - Good backups take the pressure out of ransom negotiations and limit long-term damage.
Reputation does not reduce risk - Attackers care about opportunity and leverage, not public profile.
Fast isolation contains fallout - Stopping the spread early makes the difference between a bad day and a full crisis.

Westminster Council still struggling after last month’s attack

Watch | Read

Westminster Council is weeks into its recovery and still cannot process repairs, housing payments, children’s services referrals or even simple online requests. Residents are being pushed to offline workarounds while the council rebuilds systems and investigates the source of the attack. It is a clear reminder that cyber incidents do not just affect networks. They affect people and entire communities.

The Awareness Angle

Critical services need manual fallbacks - When systems fail, people need clear alternative paths.
Local impact is wide and immediate - Councils hold sensitive data and support essential services, so downtime hits real lives fast.
Shared platforms multiply the damage - When multiple councils share systems, one breach becomes everyone’s problem.

Windows 10 becomes a 500,000,000 device security problem

Watch | Read

More than five hundred million people are still on Windows 10. Support has ended, updates have stopped, and new vulnerabilities are now left open for attackers to use. This is not a user failure. This is a Microsoft-created problem. They made the upgrade path difficult. They set hardware requirements that millions of perfectly good devices cannot meet. They pushed people toward machines that need new chips and new components, even when the old ones still work.

This week’s Windows LNK zero-day proves the point. A simple shortcut file could run hidden code. Windows 11 users will get a fix. Windows 10 users are on their own. When half a billion people are stuck on an unsupported system, it is not a natural result of poor user behaviour. It is the result of a forced upgrade strategy that people cannot afford, cannot justify or simply cannot complete.

Microsoft says it is about progress and security. But creating a security crisis by ending support for a product that half the world still uses should not be called progress. It should be called what it is. A company decision that shifted risk from Microsoft to everyone else.

The Awareness Angle

Unsupported devices become easy targets - Once a product is abandoned, every new hole stays open. Attackers know exactly where to look.
Upgrade friction is a business problem, not a user flaw - People did not reject security. They rejected the cost and complexity of replacing hardware that still works.
Lifecycle planning beats last-minute panic - Organisations need clear plans for device refresh long before support ends. People should never be forced into insecure choices by a vendor.

This Week's Discussion Points...

This one was wild because it unfolded in real time while we were recording. A sponsored Google search result appeared, claiming to offer a Mac install of something called “ChatGPT Atlas.” At first glance, it looked legitimate. Clean branding, a simple landing page, and a Google Sites address that many people would trust without thinking twice.

But the moment you clicked the download button, the trap appeared. The page told users to open their terminal, copy a command that had already been placed on the clipboard, paste it in, and press enter. That single instruction would have handed attackers full access to the device, likely including passwords and authentication tokens. No malware file, no pop-up, just social engineering wrapped inside “tech support” style instructions. Classic ClickFix.

The most alarming part came when we dug deeper. The Google ad promoting the fake installer was not placed by the attackers using their own domain. It was placed through a compromised Google Ads account belonging to a genuine charity. This gave the malicious site extra credibility because it came from a trusted advertiser with a history of clean campaign activity. It also explains why it climbed so high in search results.

This is what modern attacks look like. No broken English. No dodgy popups. Just familiarity, big brand names, borrowed trust and a single "copy and paste" that does the damage.

The Awareness Angle

Trust is being borrowed from real brands - Attackers know people search for “ChatGPT app” or “ChatGPT browser” and click the first result. They do not need to fool the platform. They only need to fool the user.
Terminal commands are the new phishing link - Tech-savvy staff are often the easiest to catch here. If you are used to running commands, you stop questioning the source.
Platform trust signals are fading fast - Google sites, sponsored results, clean pages, even verified advertiser accounts. None of these guarantees safety anymore. The only safe rule is this. Never paste a command into your terminal unless you know exactly who wrote it.