Cybersecurity news for humans, not just IT people
This week a dead airline's website is still letting people book flights that will never exist, and scammers are already circling the wreckage. Google Chrome has been silently downloading a 4GB AI model onto your computer without asking, and if you delete it, it comes back. And a $5,000 robot lawn mower can be hijacked by anyone on the internet, including overriding the emergency stop button. Oh, and it phones home to TikTok's parent company. You couldn't make it up.
We've also got two breaches linked to the same hacking group (ShinyHunters are back again), Instagram quietly killing encrypted DMs for two billion users, OpenAI adding a "trusted contact" feature to ChatGPT after a wave of self-harm lawsuits, and a student who stopped four high-speed trains with a radio he bought online.
It's a busy week on The Awareness Angle.
🎧 Listen on your favourite podcast platform - Spotify, Apple Podcasts and YouTube
Listen Now
Podcast · Risky Creative
SANS 2026 Security Awareness Report Survey - Now Open
This one's directly relevant to what we do. SANS Institute runs the biggest annual benchmark survey for security awareness and human risk management professionals, and the 2026 edition is now open. It's 24 questions, takes around eight minutes, and the findings feed into a free report that security awareness practitioners around the world use to benchmark their programmes, justify investment, and work out what actually moves the needle on human behaviour. It's been running for 11 years and it's one of the most credible data sets in the field. If you work in security awareness in any capacity, your voice belongs in this. To take part click here.
This Week's Stories...
Spirit Airlines Liquidation: Zombie Infrastructure, Open Payments, and $11.48 Phishing Domains
Spirit Airlines ceased operations on May 2nd. But nobody turned anything off.
A security researcher called Brayden Hustead, whose own sister was stranded by the shutdown, discovered that the entire booking flow on spirit[.]com was still fully functional days after the airline collapsed. You could search for flights, pick your seats, enter your personal details, and reach the payment screen for flights that will never take off. The Navitaire booking API on Azure was still active, issuing real record locators and attempting real payment transactions against a live gateway. The system returned a "payment declined" response, not a "provider unavailable" error. That means the payment processor was still connected. It hadn't been deactivated. It just rejected the test card. If someone had used a real card, there's a genuine question about whether the transaction would have gone through.
Spirit's IT team duct-taped a redirect onto the homepage and called it a day. But all the internal links, the API, the telemetry stack, the Azure endpoints, all of it was left running in the background with nobody monitoring it. As we discussed on the show, it's a bit like the last person leaving the office and not switching the lights off. Only these lights were processing $13 to $15 million in transactions a day just 48 hours earlier.
And then there's the domain situation. The most obvious phishing domains you could imagine, spiritrefunds[.]com, spiritrefund[.]com, spiritliquidation[.]com, were sitting there unregistered for $11.48 each. Hustead grabbed them defensively and redirected them to the official restructuring site. Within four hours, 43 real people had already hit spiritliquidation[.]com, typing URLs directly into their browsers looking for help. Those are real, panicking, non-tech-savvy people who would have been trivially easy to scam if someone malicious had got there first.
The Awareness Angles:
Zombie infrastructure is a real threat - When a company shuts down overnight, the systems don't magically switch off. Spirit's booking API, payment processor, and Azure endpoints were all still running with nobody watching. That's an open door for anyone who wants to poke around in systems that were handling millions daily.
Obvious phishing domains get left wide open - The most predictable scam domains were available for the price of a sandwich. In any corporate wind-down, someone needs to be thinking about domain defence. In this case, nobody was, and a student beat the scammers to it.
Desperation makes people vulnerable - 43 real people hit a defensive domain redirect within four hours. These are the exact people scammers target: stressed, confused, and willing to trust anything that looks official.
Google Chrome Silently Installs 4GB AI Model on Your Device Without Consent
Google Chrome, the world's most popular browser, has been silently downloading a 4GB AI model called Gemini Nano onto people's computers. No prompt. No notification. No consent checkbox. And if you find it and delete it, it comes back.
Security researcher Alexander Hanff discovered the file sitting in a folder called OptGuideOnDeviceModel. It appeared even on a completely fresh Chrome profile with zero human interaction. No one clicked anything. No one enabled anything. It just appeared. Snopes confirmed the finding across multiple staff machines on both macOS and Windows.
The kicker, as we talked about on the show, is that this 4GB model isn't even powering the AI features most people would notice. The big "AI Mode" button in Chrome's address bar actually sends your queries to Google's servers. The 4GB sitting on your hard drive powers minor writing assistance features that most people have never turned on and probably don't know exist. So Chrome is eating your storage for something you've never asked for and probably wouldn't use. And as we discussed, Google eventually added an opt-out setting, but it arrived months after the downloads started and it's buried in Chrome's flags backend, the kind of settings page that warns you things might break. Your mum isn't going to find that. Nobody's mum is going to find that.
Under GDPR, downloading 4GB of data to someone's device, profiling their hardware to decide if it's eligible, and doing all of it without consent raises some serious legal questions. But beyond the legal stuff, it's the principle. Your browser is making decisions about what to install on your computer without asking you. We had a similar conversation a few weeks ago when Anthropic's Claude Desktop was found doing something similar with browser hooks. It's becoming a pattern: AI companies treating your device as their deployment platform and asking forgiveness later.
The Awareness Angles:
Your browser is doing more than you think - Chrome isn't just displaying web pages. It's downloading multi-gigabyte AI models, profiling your hardware, and making storage decisions without your knowledge. Understanding what your software does in the background matters.
Consent should come before the download, not after - Google added an opt-out setting months after the downloads started. That's backwards. Privacy-by-design means asking before taking, not apologising after.
Opt-out buried in advanced settings isn't real consent - If the only way to stop something is to navigate to a page that warns you things might break, that's not a meaningful choice. Real consent means making it easy to say no, not just technically possible.
Yarbo Robot Lawn Mowers: Hardcoded Passwords, Remote Hijacking, and TikTok Telemetry
A 200-pound, blade-equipped robot sitting in your garden that can be remotely hijacked by anyone on the internet. Including overriding the physical emergency stop button. Every single Yarbo lawn mower in the world shares the same hardcoded root password, and you can't permanently change it because it resets with every firmware update.
Security researcher Andreas Makris found critical vulnerabilities in all 11,000 Yarbo devices worldwide. An attacker can remotely control the blades and movement, access the onboard cameras, steal the owner's Wi-Fi password, and read GPS coordinates and email addresses. It's similar to the robot vacuum and the internet-connected toaster stories we've covered before, but as Luke pointed out on the show, this one's different because a vacuum cleaner you can just pick up. A 200-pound machine with spinning blades, not so much.
And then there's the ByteDance detail. Yarbo's telemetry is routed through ByteDance, TikTok's parent company. The company claims to be headquartered in New York, but as the research dug into, it's actually Hangang Tech, based in Shenzhen, China. The US headquarters appears to be a small building they put a logo on. So your lawn mower is collecting your Wi-Fi credentials, GPS location, email address, and camera footage, and it's all going through ByteDance's servers. At the same time as America was having the whole uproar about TikTok's algorithm and Chinese data access, the same parent company was quietly getting access to people's gardens. Yarbo's response to the security findings was that the hardcoded password is "by design." We've heard that excuse before, Microsoft said the same thing last week about storing passwords in plain text, and it's getting old.
The Awareness Angles:
Smart doesn't mean secure - A $5,000 robot with cameras, GPS, and internet connectivity sounds premium. But hardcoded passwords and no ability to change them means security was never part of the design. Price is not an indicator of security.
Physical safety meets cyber risk - This isn't a data breach. It's a physical safety hazard. When internet-connected devices can cause real-world harm, stopping to ask about security before you buy is essential.
Ask what your devices are phoning home to - Yarbo's telemetry routes through ByteDance. Most people buying a lawn mower would never think to ask where their device sends data. With smart home products, that question should be standard before you buy.
This Week's Discussion Points...
Zara data breach exposes 197,000 customers via third-party analytics vendor Watch | Read
Cushman & Wakefield breached via vishing, two ransomware gangs claim responsibility Watch | Read
ConsentFix v3 targets Azure with automated OAuth abuse Watch | Read
Spirit Airlines liquidation leaves zombie infrastructure and $11.48 phishing domains Watch | Read
Google Chrome silently installs 4GB AI model on your device without consent Watch | Read
Instagram drops end-to-end encryption on DMs Watch | Read
Anthropic CEO warns of "moment of danger" as Mythos exposes thousands of software vulnerabilities Watch | Read
OpenAI adds "Trusted Contact" feature to ChatGPT after self-harm lawsuits Watch | Read
Student hacks Taiwan high-speed rail by exploiting 19-year-old radio system Watch | Read
Yarbo robot lawn mowers have hardcoded passwords and can be controlled remotely by anyone Watch | Read
Security Socials
Fake Wi-Fi QR code in McDonald's - Someone stuck a fake Wi-Fi QR code sign in a McDonald's. A guy scans it and gets the monkey giving the middle finger. Funny video, but a great one to share with your teams to show why scanning random QR codes is a bad idea. Watch on Instagram
Joseph Cox deepfakes his own face on Microsoft Teams - The 404 Media co-founder tested Chinese-language deepfake software that works live on video calls including Teams, Zoom, and WhatsApp. The quality is still a bit soft and slow, but it's only going to get better. Worth watching. Read
Why haven't hackers deleted student loans? - A Reddit post on No Stupid Questions asked why a benevolent hacker hasn't just deleted everyone's student debt. The top answer: because deleting a database entry doesn't delete the legally binding promissory note you signed. But it's a great question to throw at your workforce. Would your people know why that doesn't work? Read
Recruitment scam targets security awareness professional - Jessica Behles posted about receiving a perfectly crafted recruitment scam email. The irony is she teaches people to recognise scams for a living, and she still felt the pull. Your experience, your salary, your perfect match. It's designed to make you feel special so you let your guard down. Read
