The Awareness Angle: Cyber News Weekly

This week on The Awareness Angle, breaches, extortion, and quietly invasive tech all collide. From real estate firms leaking highly sensitive data to browser extensions secretly harvesting AI conversations, the theme this week is trust, and how easily it gets abused.Luke is back from holiday, and we kick off with Breach Watch, starting with a New York and DC real estate developer exposing nearly 47,000 people after a ransomware attack. We then look at SoundCloud losing control of user data, followed by one of the most personal extortion cases we have seen, PornHub Premium viewing history stolen via a third party analytics provider. We also cover the ongoing UK government hack that ministers are playing down, despite growing concern around state linked espionage.In What the Hack, we dig into malware hidden inside movie subtitle files on fake torrents, a new Microsoft account takeover technique that bypasses passwords, MFA, and passkeys, and a Chrome browser extension that was quietly intercepting millions of users’ AI chats while wearing a trusted Featured badge. We also revisit LG’s smart TV Copilot backlash, and how user pushback forced a rapid U turn.The wider topics take us from WhatsApp account hijacking via Ghost Pairing, to activity tracking risks in messaging apps, the growing problem of deepfakes and trust online, crypto scams draining life savings, and how Amazon detected a North Korean infiltrator based on something as subtle as keystroke lag.If you want cyber news explained with clarity and zero jargon, you are in the right place.Chapters00:00:00 Welcome, and this week’s storiesBreach Watch00:01:36 NYC and DC real estate developer data breach00:04:27 SoundCloud breach and VPN disruption00:08:15 PornHub extortion and leaked viewing history00:13:27 UK government hack investigationWhat the Hack00:16:49 Malware hidden in movie subtitle files00:21:55 Microsoft account takeover surge and ConsentFix00:28:47 Chrome extensions harvesting AI chats00:34:54 LG backtracks on Copilot for smart TVsTopics00:38:09 WhatsApp Ghost Pairing account hijack00:41:48 WhatsApp and Signal activity tracking risks00:47:50 Deepfakes, content credentials, and trust online00:49:43 Idris Elba waxwork and biometric security limits00:53:32 Do we actually need AI00:54:40 Crypto scam victim loses 1.8 million dollars00:57:32 North Korean infiltrator caught via keystroke lagMore Informationhttps://riskycreative.comListen on the goSpotify: https://open.spotify.com/show/7rwzcRsKrXbASFBfiXoCZ6Apple Podcasts: https://podcasts.apple.com/us/podcast/the-awareness-angle-cyber-news-weekly/id1784126196Follow usLinkedIn: The Awareness Angle NewsletterTikTok: @infosecantInstagram: @riskycreativeYouTube: @riskycreativeIf you found this useful, hit subscribe and share it with someone who cares about cyber but does not speak cyber.Stay aware, stay secure.

Subscribe on your favourite platforms and visit https://linktr.ee/riskycreative for more of ∠The Awareness Angle.This week on The Awareness Angle Interviews, Ant sits down with Cary Johnson, founder of Phishbusters, for a straight talking conversation about security awareness, human risk, and why so many programmes struggle to prove real impact.This episode strips away dashboards, buzzwords, and vendor narratives to focus on what actually reduces phishing risk. Cary brings a science led perspective to awareness, challenging engagement metrics, benchmarks, and the idea that looking busy means you are becoming more secure.We get into phishing as a measurement tool rather than a content engine, why repeat clickers are not all the same, and how poor measurement can quietly create fatigue, resentment, and false confidence across organisations.If you work in security awareness, human risk, or phishing defence, this conversation will challenge how you think about success.We talk about Why engagement does not equal impact Benchmarks versus baselines, and why the difference really matters Phishing as the number one human risk Repeat clickers, learners, and where risk actually sits Why overtraining creates fatigue and resentment Verification skills and keeping awareness simple Compliance theatre and the danger of vanity metrics Vendors marking their own homework How to test whether your programme is genuinely workingThis is a calm but challenging discussion that says the quiet part out loud. It shows how easily good intentions can turn into noise when measurement is flawed, and how much simpler awareness can be when we focus on proof instead of performance.Let me know what it gets you thinking about.Stay aware, stay secure.Previous Episodehttps://www.youtube.com/watch?v=EntRmhcDOBM&list=PLEsOj51Q0PfA0qX6BRlNnyD7lG8JlijRfLinksYouTube: https://www.youtube.com/@riskycreativeLinkedIn: https://www.linkedin.com/company/riskycreativeSpotify: https://open.spotify.com/user/riskycreativeWebsite: https://www.riskycreative.comContact: hello@riskycreative.comIntro and outro music16! by falling foreverhttps://fallingforever.bandcamp.com/track/16License: CC BY 4.0https://creativecommons.org/licenses/by/4.0

This week on The Awareness Angle, data breaches keep piling up, ransomware is still doing damage, and software updates are becoming an attack surface all of their own. Luke is on holiday, so I am flying solo, but there is plenty to dig into.We start with a classic insider risk failure at Coupang, where a former employee kept access after leaving, followed by a credit checking firm exposing millions of people who may never even have heard of them. We also look at a misconfiguration that left vet records publicly accessible, and a pharma company hit by ransomware where data theft came before encryption.In What the Hack, Apple rushes out emergency patches for active zero-day exploits, Notepad++ fixes a flaw that allowed malicious updates to be pushed to users, and LG quietly installs Microsoft Copilot onto smart TVs with no option to remove it, raising uncomfortable questions about control and consent.We then move into the wider topics, from why a breached Pringles account is actually a serious lesson about password reuse, to Roblox horror games rated far too young, smarter captchas designed to beat bots, and a US proposal that could see travellers handing over years of social media history just to cross the border.If you want cyber news explained with clarity and zero jargon, you are in the right place.Chapters00:00 Welcome and this week’s stories01:10 Breach Watch beginsBreach Watch01:30 Coupang breach traced to ex-employee access06:30 Credit check company breach exposes millions13:40 Petco Vetco website data exposure19:40 Inotiv ransomware attack and data theftWhat the Hack25:30 Apple emergency zero-day updates30:40 What is a zero day, explained simply32:30 Notepad++ malicious update flaw37:40 LG TVs install Microsoft CopilotAnt’s Topics46:10 Germany accuses Russia of air traffic control cyber attack49:20 Pringles account breach and password reuse51:40 Roblox games and content maturity concerns53:40 US proposal to collect travellers’ social media historyWrap Up54:50 Final thoughts and sign offListen on the goSpotify: https://open.spotify.com/show/7rwzcRsKrXbASFBfiXoCZ6Apple Podcasts: https://podcasts.apple.com/us/podcast/the-awareness-angle-cyber-news-weekly/id1784126196Follow usLinkedIn: https://www.linkedin.com/newsletters/the-awareness-angle-newsletter-7274932363787132928/TikTok: https://www.tiktok.com/@infosecantInstagram: https://www.instagram.com/riskycreativeYouTube: https://www.youtube.com/@riskycreativeIf you found this useful, hit follow and share it with someone who cares about cyber but does not speak cyber.Stay aware, stay secure.

This week on The Awareness Angle, things get lively. We break down the Scientology ransomware attack, the ongoing chaos at Westminster Council, the five hundred million Windows 10 devices now left unsupported, and the ClickFix scam impersonating ChatGPT that we discovered live during the recording.We dig into what the Qilin gang claims to have taken from Scientology, why Westminster is still struggling to deliver basic services, and how Microsoft has created a global security problem by forcing users onto hardware they cannot afford. We also look at the Windows LNK zero day, Microsoft’s new activity tracking in Teams, and India’s decision to drop its mandatory cyber safety app.The big moment this week is the fake ChatGPT Atlas installer. A live ClickFix scam pushed through a compromised Google Ads account, designed to steal passwords simply by tricking people into pasting a command into their terminal. It is a clear example of how modern attacks borrow trust from real brands.We finish with AI fakery, deepfake claims and a Japanese game studio that now asks applicants to draw live to prove their portfolios are human made.If you want cyber news explained with clarity and zero jargon, you are in the right place.Chapters00:00:00 Welcome back and Luke returns00:00:29 Overview of this week’s stories00:01:19 Breach Watch beginsBreach Watch00:01:19 Scientology hit by Qilin ransomware00:03:28 Westminster Council attack update00:07:03 Freedom Mobile breach in Canada00:09:08 Brsk breach in the UK00:11:38 Marquis breach impacts seventy four US banks00:13:24 Wrap up of this week’s Breach WatchWhat the Hack00:14:25 Windows 10 crisis and unsupported devices00:16:07 Windows LNK zero day explained00:20:30 Teams location and activity reporting backlash00:22:20 India scraps mandatory cyber safety appClickFix Discovery00:25:50 Fake ChatGPT Atlas browser and ClickFix attack00:31:10 Live discovery of active scam through Google Ads00:33:54 Reporting the malicious ad and account takeoverAnt’s Topics00:41:20 Reddit story: employee clicks phishing link00:43:03 Why reporting quickly matters more than the click00:45:33 AI used to fake street footage and misinformationLuke’s Topics00:48:03 AI generated behind the scenes Home Alone footage00:53:52 Debunking viral AI content and misinformation00:55:14 Japanese studio now testing applicants live to stop AI cheatingWrap Up00:58:03 Final thoughts and sign off00:58:51 OutroListen on the goSpotify: https://open.spotify.com/show/7rwzcRs...Apple Podcasts: https://podcasts.apple.com/us/podcast...Follow usLinkedIn: https://www.linkedin.com/newsletters/the-awareness-angleTikTok: https://www.tiktok.com/@infosecantInstagram: https://www.instagram.com/riskycreativeYouTube: https://www.youtube.com/@riskycreativeIf you found this useful, hit subscribe and share it with someone who cares about cyber but does not speak cyber.Stay aware, stay secure.

📢 Subscribe on your favourite platforms and visit https://linktr.ee/riskycreative for more of ∠The Awareness Angle.📢 This Week on The Awareness AngleA council incident affecting thousands of residents, emergency alerts taken offline, a vishing breach at Harvard, fake Windows updates, AI voice scam stories, and an industrial scale Black Friday campaign tricking shoppers everywhere. Luke is off sick, so Ant takes you through a busy week in cyber on his own.We dive into AI generated shopping scams, a password trick that had Reddit arguing for hours, and a correction to a widely shared Gmail story that shows why verifying details still matters.In this episode: London councils hit by a cyber incident that slowed services Emergency alert systems in the United States disrupted after a cyber attack Harvard alumni data exposed after a vishing breach A SIM swap case that led to financial loss and emotional pressure The UK budget leak caused by a predictable URL Fake Windows update screens used to deliver malware through ClickFix Black Friday and Cyber Monday scams using hundreds of fake brand sites AI voice scams and how criminals can copy a voice with seconds of audio AI generated shopping scams and fake Etsy style listings A password trick involving colons that confused stealer logs The Gmail smart features correction and what really happened A preview of Ant’s session with Layer Eight on Champions programmesIf you work in cyber, tech, IT, risk or you simply want to stay ahead of common scams, this episode gives you clear context that helps you protect yourself and the people around you.👋 About usAnt Davis helps people make sense of the human side of cybersecurity through Kindred Cyber, a people centred security service that focuses on behaviour, culture and clear communication.Luke Pettigrew is an experienced security professional with a strong background in user education for one of the UK’s largest online retailers. Together they turn complex cyber news into simple stories and practical advice.👍 Support the showIf you enjoy the episode, follow the podcast, rate it, and share it with someone who would find it useful.Timestamps00:00 Intro and Luke is off sick01:02 London Councils cyber incident03:15 OnSolve Code Red emergency alert breach06:55 Harvard vishing breach10:25 What the Hack SIM swap case from Joe Tidy16:33 OBR Budget leak caused by a predictable URL21:18 ClickFix fake Windows update malware27:55 Black Friday fake brand giveaways35:40 CIISec Live event recap42:38 TikTok default password coffee machine44:18 TikTok AI kidnap scam voice cloning48:35 Corridor Crew AI shopping scams52:00 Password tip using a colon53:02 Gmail smart features correction55:10 Layer 8 champions report preview56:30 Closing🔗 LinksYouTube: https://www.youtube.com/@riskycreativeLinkedIn: https://www.linkedin.com/company/riskycreativeSpotify: https://open.spotify.com/user/riskycreativeWebsite: https://www.riskycreative.com🎵 MusicIntro and outro song: https://fallingforever.bandcamp.com/track/16

📢 Subscribe on your favourite platforms and visit https://linktr.ee/riskycreative for more of ∠The Awareness Angle📢 This Week on The Awareness AngleRail hacks, WhatsApp risks, CCTV horror stories, teenage cyber gangs, and a staffing breach that leaked over a hundred thousand CVs. It has been a busy week.Luke and I break down the biggest cyber stories in a way that actually makes sense for real people at work, not just security pros. We talk human risk, scams, what to watch out for, and why the simplest mistakes keep causing the biggest damage.In this episode:• The Italian rail supplier breach with 2.3 TB of stolen data• Salesforce customer data stolen through a Gainsight integration• Cornerstone Staffing and the leak of more than one hundred thousand CVs• A WhatsApp flaw exposing 3.5 billion phone numbers• A nationwide CCTV hack in India involving maternity wards and schools• Australia’s new under sixteen ban and what it means for social platforms• TfL’s 2024 cyber attack and the trial ahead• Plus our own stories, scams we spotted, and awareness topics making the rounds this week👋 About usAnt Davis helps people make sense of the human side of cybersecurity. He runs Kindred Cyber, a people centred security service that gives organisations real world guidance, support and better engagement.Luke Pettigrew is an experienced security professional with years of hands on work educating people across one of the largest online food retailers in the UK. Together they take the complex parts of cyber and turn them into simple stories, clear guidance and content that helps people understand what is happening and why it matters.👍 Support the showSubscribe, drop a like, and leave a comment. It helps more than you think.If you prefer short form content, follow us on TikTok, YouTube Shorts, and Instagram for daily clips.📨 Stay updatedJoin the weekly newsletter for extra context, stories we did not cover, and links to everything we discuss.#cybersecurity #securityawareness #phishing #podcast #cloudsecurity #passwords #AIsecurity #infosec🕒 Timestamps00:00 Intro and welcome00:19 Quick catch up00:32 Ant starting Kindred Cyber01:24 Moving into the breach report02:03 Italian rail group breach03:15 Salesforce and Gainsight breach05:18 Cornerstone Staffing ransomware attack08:32 WhatsApp flaw exposes 3.5 billion numbers12:28 UK, US and Australia sanction Russian cyber firms14:45 Australia adds Twitch to teen social media ban19:52 CCTV hack in Indian maternity wards27:43 TfL cyber attack court update30:59 CIISEC Live and Ant’s appearance32:17 Launch of Kindred Cyber34:30 Lost Phone Passcode Social Engineering Scam37:19 The AI data paste incident from Reddit41:34 Flight scam and Google ads abuse49:11 Bob's Business - Scams and AI made scam sites51:33 Wrap up and closing thoughts🍿 Previous Episodehttps://youtu.be/qsS5wWZTLrg🟥 YouTube🟦 LinkedIn🟩 Spotify📧 hello@riskycreative.com🔗 https://www.riskycreative.com🎵 Our Intro and Outro Song (© 16 by falling forever)https://fallingforever.bandcamp.com/track/16License: CC BY 4.0https://creativecommons.org/licenses/by/4.0/

📢 Subscribe on your favourite platforms and visit https://linktr.ee/riskycreative for more of ∠The Awareness AngleThis week on The Awareness Angle, Ant Davis and Luke Pettigrew break down a wild mix of stories that show how everyday tools are becoming attack surfaces. This episode digs into the human habits, design gaps and risky shortcuts that make these attacks possible.🔓 Google Find Hub Used for Remote WipeA North Korean group found a way to hijack Google accounts, track victims and remotely wipe Android devices. Ant and Luke talk through how cloud accounts have quietly become the true kill switch for modern phones.🤖 The First AI Orchestrated Cyber AttackA Chinese state linked group jailbroke Claude Code and used it to run eighty to ninety percent of a full intrusion chain. No big team. No complex tooling. Just structured tasks and an AI agent that never gets tired.💸 Checkout dot com Turns Extortion Into Something PositiveInstead of paying, they donated the ransom amount to cybercrime research at Oxford and Carnegie Mellon. A rare example of turning an attack into something that helps the whole community.📡 Two Billion Credential DumpHIBP indexes a massive set of recycled passwords and emails. The boys explain why password reuse is still at the root of so many real world breaches.🔍 Ofcom Monitoring VPN UsageA UK regulator tracking VPN use with an unnamed vendor. Ant and Luke get into the privacy implications and why transparency matters.🚌 Chinese Built Buses That Can Be Stopped RemotelyA strange but worrying discovery in Norway. Even legitimate remote access can become a serious operational risk.🧠 PlusCIISec Live, clever awareness ideas on LinkedIn, why timeless videos still work, and a worrying text scam that shows how vulnerable people are still the biggest targets for social engineering.#cybersecurity #securityawareness #phishing #podcast #cloudsecurity #passwords #AIsecurity #infosec🕒 Timestamps:​00:00 Intro and catch up​01:52 Breach Watch begins​02:27 Doctor Alliance healthcare breach​04:02 Synnovis NHS ransomware investigation​07:06 DoorDash social engineering breach​08:56 Checkout dot com extortion attempt​10:10 Synthient credential stuffing dump​13:25 Ofcom monitoring VPN usage​16:20 Chinese built buses can be remotely stopped​21:59 Google Find Hub remote wipe attack​25:55 AI orchestrated espionage using Claude Code​29:55 Scotland launches cyber observatory​31:00 UK Cyber Security and Resilience Bill​35:06 Quantum Route Redirect phishing kit​38:11 Awareness Awareness​40:59 Think and Share challenge​44:34 Right Hand Cyber Halloween posters​47:07 Jimmy Kimmel password clip​50:16 Leanne Potter on language shaping cyber and AI​52:48 Luke’s topic, Lloyds Bank text scam​54:40 Ant’s topic, suspicious car finance email example​58:20 Wrap up https://www.youtube.com/@riskycreative🟦 https://www.linkedin.com/company/riskycreative🟩 https://open.spotify.com/user/riskycreative📧 hello@riskycreative.com🔗 https://www.riskycreative.com🎵 Our Intro and Outro Song (© 16 by falling forever)https://fallingforever.bandcamp.com/track/16License: CC BY 4.0https://creativecommons.org/licenses/by/4.0

We are back with another interview and this one is a proper conversation about what security awareness should feel like. Honest, simple and human.This week I sat down with Dan Thornton, founder and CEO of Goldphish. Dan’s path into cyber started in the Royal Marine Commandos and moved through physical security and crisis management before one attack changed everything. NotPetya wiped out a global organisation he was supporting and it became clear that digital risk now hits harder and faster than anything physical. That moment pushed him into cyber and eventually into building Goldphish.What I love about Dan is how grounded he is. No jargon. No overcomplication. No feature overload. Just a belief that people deserve better than long training, shame based phishing tests and compliance for the sake of compliance.In this episode we get into: Why phishing is smarter, faster and more convincing How attackers use AI to personalise at scale Why shame stops people reporting Why SMEs struggle to run awareness properly Why simple, entertaining content is still the thing most companies get wrongDan is a big believer in incentives. If someone reports quickly, celebrate it. If a team does the right thing, make it visible. Culture grows when people feel supported, not judged.We also talk about voice scams, deep fakes, business email compromise and how criminals are already using AI to build long form, relationship driven fraud. This space is moving and moving quickly.There are some fun moments too. Pizza flavoured passwords, the danger of what our ChatGPT histories reveal and a few curveball questions that took us both by surprise.If you care about human risk, culture and stripping cyber back to what works, this is a great episode to dive into. Dan brings a refreshingly practical view of awareness and why the basics still matter more than anything.Listen now and imagine what your programme could be if you kept things simple, human and actually enjoyable.You can find Dan at goldphish.com or on LinkedIn.

You are tuned in to The Awareness Angle, the weekly show where we cut through the cyber noise and get straight to the scams, slip ups, and stories that actually matter.In this episode, Ant and Luke dig into a fresh batch of breaches, some worrying policy decisions, and a few very human stories from inside the cyber world. From councils leaking resident data, to VPNs quietly opening the door to ransomware, to AI powered scams on your favourite apps, this one is packed.In this episodeGlobal breach round up Hyundai AutoEver America, Nikkei’s Slack compromise, and South Gloucestershire Council accidentally publishing residents’ personal data. What happened, what was exposed, and what it says about everyday cyber hygiene.The Louvre robbery and terrible passwords The reported CCTV password that matched the museum name, ignored audits, and what happens when reputation gives people a false sense of security.Australia’s social media ban for under 16s Reddit and others join the list. Safety, surveillance, and whether bans really help children, or just push them into darker corners of the internet.FCC rolls back telecom cyber rules Why stripping mandatory requirements after major hacks is a bad look, and what it tells us about politics and security.Apple’s monster patch day More than 100 vulnerabilities fixed across iOS, macOS, iPadOS and more, but very little clarity on severity. Patch fatigue, transparency, and WebKit as the quiet weak point.Firewalls, VPNs, and hidden complexity New data that links complex Cisco and Citrix VPN setups to a much higher ransomware risk, and why “do everything” security boxes often end up poorly maintained.Microsoft Teams message manipulation Flaws that allowed attackers to alter messages, spoof identities, and fake calls. What this means for trust in internal chat tools and executive impersonation.M&S profits almost wiped out by a cyber attack A single incident that slashed profits by 99 percent, disrupted shelves and click and collect, and showed just how fast cyber risk becomes business risk.When the good guys go bad Two former cyber professionals accused of running ALPHV ransomware attacks on the side. Insider knowledge, trust, and the reality of cyber crime as a business.HuFiCon trip and human risk in the wild Ant’s debrief from the Human Firewall Conference in Cologne, why SoSafe impressed, and a few live examples of herd mentality and social proof you can use in your own awareness work.ChatGPT’s “improve the model for everyone” setting Why you should check that toggle if you are using personal accounts for work data, and why business or enterprise plans matter.Meta, scam ads, and shameless profit A look at reports that Meta is earning serious money from obviously fraudulent adverts, and what that means for ordinary users trying to stay safe.AI image fraud and DoorDash style scams Using AI tools to fake photos for refund claims and how app design could shut some of this down.ClickFix in the wild A real world example of the copy and paste into the run box attack, why it works, and the simple message you need people to remember.Recruitment rants and candidate experience Ghosting, broken promises, and what sloppy hiring processes say about culture inside security teams.Listen forReal stories you can reuse in your own awareness or training sessions.Plain language explanations of complex attacks, from VPN misuse to Teams abuse.Honest chat about what is and is not working in the world of human risk.Stay connectedSubscribe to The Awareness Angle Newsletter for story links and extra commentary.Watch full episodes and clips on YouTube, search for Risky Creative or The Awareness Angle.New episodes every week. Views are our own, not our employers.

This week on The Awareness Angle, Ant Davis and Luke Pettigrew unpack a wave of global cyber stories — from telecom breaches and AI-powered defence tools to sextortion scams and the emotional risks of “friendly” chatbots. It’s a mix of human stories, technical takeaways, and practical lessons for anyone trying to stay safe in an AI-shaped world.📡 Global Breaches & Third-Party Fallout – LG U+, Toys “R” Us Canada, HSBC, and Verisure all suffer breaches linked to vendors or poor visibility. The takeaway? Even mature orgs keep getting blindsided by supplier access and delayed disclosure.🤖 OpenAI’s ‘Aardvark’ GPT-5 Agent – A self-fixing AI for security flaws sounds promising—until you realise it’s patching live code. Automation helps, but trust and verification still matter more than ever.💬 Meta’s Scam Detector – WhatsApp and Messenger now use AI to flag impersonation and job scams. Ant ties this to his own “Tilly from Fram Search” scam attempt, showing how emotional hooks still trump logic.🧒 AI Sextortion Scams & ReportRemove – Deepfaked nudes used to extort teens; a BBC case highlights the IWF’s lifesaving removal tool. A reminder that awareness isn’t just about security—it’s safeguarding.👥 Character.AI Blocks Teen Chat – After reports of inappropriate AI conversations, under-18s are now cut off. Ant and Luke discuss why “empathetic” AI companions can quickly turn toxic.🇬🇧 NCSC Annual Review – Four major UK cyber incidents every week, a 129% rise year-on-year. New SME Cyber Action Toolkit promises easy wins, but small firms still face time and funding barriers.🧩 Chrome Zero-Day (Memento Mori) – Active exploit patched, but only if users reboot. Awareness message: “Auto-update isn’t a shield—restart and verify.”💼 Insider Threats & Classroom Tricks – A Reddit post shows real insider exfiltration, while teachers hide invisible AI prompts to catch students using ChatGPT. Both show behaviour—not tech—is the true battleground.📰 AI Authenticity Crisis – From AI-written beauty magazines to GPT vs Google explainers, even “real” media now demands literacy training to spot synthetic content.🧠 ‘EtherHiding’ Malware on Blockchain – Malicious code hidden in blockchain assets targets job seekers via fake coding tests. Proof that persistence now has a whole new meaning.Whether you’re defending systems, teaching staff, or just trying to keep your kids safe online—this episode connects the technical, the human, and the emotional sides of cybersecurity.🕒 Timestamps00:00 — Introduction & Milestone Celebration📩 For links, videos, and the newsletter – head to ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠riskycreative.com⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠💬 ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Check Out This Episode's Discussion Points⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠📧 ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠hello@riskycreative.com⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠🔗⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ riskycreative.com⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠🎵 Our Intro & Outro Song (© ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠16! by ⁠falling forever⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠)License: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://creativecommons.org/licenses/by/4.0⁠⁠⁠

This week on The Awareness Angle, Ant Davis and Luke Pettigrew dive into the fast-moving collision between AI innovation, real-world breaches, and human behaviour. From Sotheby’s data leak to AI browsers that remember your every move, this episode explores where awareness, policy, and technology are all being stress-tested.🏭 Sotheby’s, Muji & JLR Breaches – From luxury auctions to car factories, supply chain ransomware continues to ripple through industries. JLR’s £1.9B loss now marks the UK’s costliest cyber incident.🧠 Deepfake Politics – A fake video of MP George Freeman “defecting” proves that AI-fabricated political manipulation is no longer hypothetical—it’s here and hyper-local.📹 YouTube’s Likeness Detection – Google’s new system to identify AI fakes comes with a trade-off: creators must hand over government ID and facial video. Security meets privacy in a messy middle.🎣 Phishing-as-a-Service – “Whisper 2FA” has powered over 1M phishing attacks, using AJAX to steal live MFA codes. A reminder: phishing kits evolve faster than most awareness programs.🧭 ChatGPT Atlas Browser – The new AI-integrated browser introduces “memory” and “agent” modes—but also raises massive insider and data leakage risks. Shadow AI just went mainstream.🧩 Windows Zero-Days – Legacy modem and RASMAN flaws are being exploited in the wild. Microsoft and vendors rush to patch, underlining the ongoing struggle with hidden legacy code.📈 Reddit’s Reality Check – Security pros report phishing surges of up to 300%, likely linked to the Salesforce leak. Community intel confirms: automation is scaling human deception.🎙️ Community Highlights – Ant joins the Go Fish podcast and Layer8’s Security Champions project ahead of his talk at the Human Firewall Conference in Cologne.🔍 Phishing Design & Visual Cues – The hosts dissect a fake rnicrosoft.com email and how simple UI details—like hyperlink colours—still shape digital literacy.🎬 AI & Authenticity – OpenAI’s first brand ad was filmed on 35mm film. Even AI firms are leaning on the “human touch” to rebuild audience trust.🛠️ Tools Worth Knowing – Shoutout to Pistachio App, a clean, transparent platform for phishing simulations and insider risk detection—proof that simplicity wins adoption.🚨 TikTok, SIM Farms & SMS Blasters – Latvian police seize 40,000 SIMs in a major fraud ring, while a UK man is jailed for sending parcel scam texts on the Tube—awareness in action.🕒 Timestamps00:00 — Introduction & Milestone Celebration📩 For links, videos, and the newsletter – head to ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠riskycreative.com⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠💬 ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Check Out This Episode's Discussion Points⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠📧 ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠hello@riskycreative.com⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠🔗⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ riskycreative.com⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠🎵 Our Intro & Outro Song (© ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠16! by ⁠falling forever⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠)License: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://creativecommons.org/licenses/by/4.0⁠⁠⁠

This week on The Awareness Angle, Ant Davis and Luke Pettigrew unpack a packed lineup of real-world cybersecurity stories — from paper-based recovery plans to AI data leaks, healthcare ransoms, and the human messiness behind governance and awareness. It’s all about what happens when the systems fail, the people improvise, and resilience gets real.📄 Paper Plans & Power Cuts – The NCSC urges organisations to keep printed incident plans. The hosts ask the hard question: how do you “open your playbook” if it’s been ransomwared?☁️ Cloud “Whoopsie” of the Week – A misconfigured “Invoicedly” S3 bucket leaks sensitive financial data. Simple mistakes, big consequences.🤖 Shadow AI at Work – 77% of employees reportedly paste company data into ChatGPT. Culture or control — what’s the real fix?🏥 Healthcare Ransomware Ethics – X-rays and ECGs leaked online reignite debate over whether private healthcare firms should ever pay.📬 Court-Themed Phishing – Fake legal summonses using SVG attachments show how scammers are levelling up in realism.💬 Discord Support Leak Confusion – Government IDs appear in a third-party breach; finger-pointing follows. Who’s really accountable?💸 Capita’s £14M Lesson – The ICO fine lands, proving that prevention costs less than penalties. A nod to burnt-out IR teams who rarely get a break.🧠 F5 Networks Intrusion – Nation-state attackers lurked for months before discovery. The takeaway? Patch, disclose, repeat.📉 Deloitte’s $440K AI Blunder – A government report filled with hallucinated citations — proof that even consultants need a human review step.🧩 Awareness Corner – Ant previews his HuFiCon talk in Cologne and shares Layer8’s open research on what makes security champions work.🕒 Timestamps00:00 — Introduction & Milestone Celebration📩 For links, videos, and the newsletter – head to ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠riskycreative.com⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠💬 ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Check Out This Episode's Discussion Points⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠📧 ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠hello@riskycreative.com⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠🔗⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ riskycreative.com⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠🎵 Our Intro & Outro Song (© ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠16! by ⁠falling forever⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠)License: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://creativecommons.org/licenses/by/4.0⁠⁠

This week on The Awareness Angle, Ant Davis and Luke Pettigrew unpack the latest in cybersecurity and human risk — from fake job recruiters flooding LinkedIn to deepfake chaos and a nursery hack that shocked the UK. Whether it’s scams, software flaws, or stolen art, this episode is all about where human behaviour meets digital consequence.🕵️‍♂️ LinkedIn Recruitment Scam – “Open to Work” TrapWhen Ant switched on “Open to Work,” fake recruiters arrived within seconds — zero followers, spam hashtags, and mismatched job offers. It’s a stark reminder of how social engineering preys on urgency and hope. Pause, verify, and think before engaging.🎮 Unity Vulnerability – Game Engine FlawA high-severity Unity exploit forced Steam to block unpatched games. It’s a lesson in patch psychology — users delay for convenience, but the cost of waiting is higher than the update itself.🎬 AI Video Boom & Deepfake ConcernsSora 2 becomes the fastest-downloaded app ever as creators like MrBeast warn of deepfake chaos — from fake celebrity videos to stolen likenesses. The takeaway: verification and transparency are the new currency of trust online.🧒 Kido Nursery Hack – Teenagers ArrestedTwo 17-year-olds were charged over a ransomware attack on a UK nursery chain — an alarming example of how young people can be drawn into cybercrime, and why early education and deterrence are essential.🎨 Author’s iPad Theft – Six Years LostThe Boy, The Mole, The Fox and The Horse author lost years of unreleased artwork after his iPad was stolen. A real-world reminder: backups only matter if they actually work — and you’ve tested them.🌐 Domain Hijack – Puffin Books / Andy CopeA hijacked author website redirected visitors to adult content. It’s a simple DNS lapse with reputational fallout — renew your domains, secure your logins, and monitor what matters.💬 Discord Vendor Breach – Third-Party RiskA vendor compromise exposed 70,000 Discord users. Even if your systems are secure, partners can still sink you. Limit data retention and review vendor practices regularly.🎰 DraftKings Credential StuffingAttackers accessed accounts through reused passwords — fewer than 30 victims, but entirely preventable. MFA and unique credentials remain the simplest, strongest defence.☁️ Salesforce / Scattered SpiderRansomware actors claim 1.5 billion records — one of the largest alleged data thefts to date. Another case of companies refusing to pay, proving resilience and communication are as vital as response plans.🎤 Wrap-Up & Awareness TakeawaysAnt plugs upcoming appearances at HuffyCon (Human Firewall Conference, Cologne) .🕒 Timestamps00:00 — Introduction & Milestone Celebration📩 For links, videos, and the newsletter – head to ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠riskycreative.com⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠💬 ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Check Out This Episode's Discussion Points⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠📧 ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠hello@riskycreative.com⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠🔗⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ riskycreative.com⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠🎵 Our Intro & Outro Song (© ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠16! by ⁠falling forever⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠)License: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://creativecommons.org/licenses/by/4.0⁠⁠

This week on The Awareness Angle, Anthony Davis and Luke Pettigrew dig into a packed line-up of stories that show just how wide the cyber threat landscape has become—from luxury retailers and carmakers taken offline, to insider risks, ransom trends, and the latest fights between governments and Big Tech. It’s not just about breaches and numbers; it’s about people, trust, and the human cost behind the headlines.🛍️ Harrods, Renault & Asahi Hit – A wave of big-name attacks highlights how third-party breaches ripple across industries—and why some victims keep getting hit again.💰 Ransomware Stats That Shock – Hiscox research shows 27% of SMEs targeted last year, 80% paying up, and only 60% recovering data. We debate whether ransom bans are coming.🧑‍💻 Insider Temptations – Hackers offered the BBC’s Joe Tidy a cut of ransom if he gave insider access. It’s a stark reminder of how disgruntled staff can become the weakest link.🎒 Nursery Data Fallout – After outrage, hackers “apologised” and claimed to delete leaked children’s profiles. We unpack what this says about criminal limits and reputational damage.📧 Oracle Extortion Emails – CLOP-linked scammers target execs directly with extortion threats. Why quiet, internal responses can make things worse.🕹️ Platforms Under Pressure – Imgur blocked in the UK, Roblox culls 8 million games for age compliance. VPNs remain the obvious workaround, but at what risk?😓 Cybersecurity Burnout – The BBC spotlighted Ant on stress in cyber jobs. We talk long hours, mental health, and why culture matters as much as controls.🍏 UK vs Apple – A Technical Capability Notice demands more government access. Apple’s pushback could have knock-on effects for WhatsApp, Meta, and beyond.📊 Security Champions & Community Research – Fresh insights from Layer 8’s survey on what makes champion programs succeed—and why open-source research helps awareness pros.🤖 Shadow AI at Work – Staff still pasting secrets into ChatGPT despite training. Should companies ban tools outright, or build safer corporate alternatives?🔐 Password Managers Ranked – Wired tips Bitwarden for most users, ProtonPass for free setups. The takeaway: stop reusing passwords, start managing them properly.🎭 AI Video & Deepfake Surge – From TikTok character swaps to OpenAI’s Sora 2, the line between fake and real gets blurrier by the day. What it means for scams, politics, and trust.From ransomware payments to burnout, insider risks to AI misuse, this episode connects the dots on how cyber threats are evolving—and why awareness needs to evolve too.🕒 Timestamps00:00 — Introduction & Milestone Celebration📩 For links, videos, and the newsletter – head to ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠riskycreative.com⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠💬 ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Check Out This Episode's Discussion Points⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠📧 ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠hello@riskycreative.com⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠🔗⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ riskycreative.com⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠🎵 Our Intro & Outro Song (© ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠16! by ⁠falling forever⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠)License: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://creativecommons.org/licenses/by/4.0⁠⁠

This week on The Awareness Angle, Anthony Davis and Luke Pettigrew dive into everything from car factories grinding to a halt to ransomware crews dumping nursery data online. It’s a mix of big-business losses, government experiments with digital ID, and the human cost of attacks that don’t care who they hit.🚗 Jaguar Land Rover Shutdown – Millions lost each day, suppliers in crisis, and no cyber insurance in sight. We unpack why this wasn’t “just an IT problem.”✈️ Airports Held to Ransom – Collins Aerospace software outage takes down check-in systems across Europe. We look at third-party risks and déjà vu comparisons with the CrowdStrike fiasco.🪪 UK Digital Identity Scheme – A bold plan for online trust, or surveillance by stealth? We explore what it could mean for privacy and daily life.🎒 Nursery Ransomware Leak – Criminals publish children’s profiles and family data. The ethics are grim, but it raises bigger questions about ransom bans and government policy.⚖️ Law Firms in the Crosshairs – Weak passwords, outdated tech, and no MFA. Why smaller firms are prime targets—and how class actions are fuelling the chaos.💻 GitHub & npm Security Overhaul – After 500+ compromised packages, stronger controls are here. But will devs embrace them, or find ways around?🎙️ Deepfakes & Fake Voices – A survey says 44% of businesses hit by audio deepfakes. We’re sceptical—but the tactics are real, and awareness needs to evolve.🍪 Cookie Banners on the Way Out – The EU may finally kill off endless pop-ups. Great for users, but what replaces them?Along the way, Ant recaps highlights from KnowBe4’s CyberSecure Leeds and the SANS Security Awareness Summit, with stories of romance scams, AI panels, and why awareness needs a human edge.If you care about supply chain fragility, human risk, and how attackers exploit the cracks in everyday systems, this one’s full of lessons.🕒 Timestamps00:00 — Introduction & Milestone Celebration02:57 — Cybersecurity Awareness & Community Engagement06:00 — Password Manager Vulnerabilities09:00 — AI Ransomware & the Rise of AI in Cybersecurity12:01 — Cyber Attacks on Major Corporations17:20 — Reflections on Cybersecurity Trends18:37 — Compensation Claims & Data Breaches22:26 — SalesLoft Drift Breach: Implications & Insights27:17 — Cyber Awareness & Phishing Campaigns32:31 — AI, Misinformation & Media Risks37:41 — Emerging Cybersecurity Threats📩 For links, videos, and the newsletter – head to ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠riskycreative.com⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠💬 ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Check Out This Episode's Discussion Points⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠📧 ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠hello@riskycreative.com⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠🔗⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ riskycreative.com⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠🎵 Our Intro & Outro Song (© ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠16! by ⁠falling forever⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠)License: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://creativecommons.org/licenses/by/4.0⁠⁠

This week on The Awareness Angle, Anthony Davis and Luke Pettigrew hit episode 52—a year of weekly podcasts—by digging into some of the biggest cyber stories shaking business, government, and everyday users. From billion-record breaches to fake podcast invites delivering malware, it’s another mix of serious lessons and eyebrow-raising human behaviour.🎉 Free Hoxhunt Cybersecurity Awareness Month videos on AI phishing, deepfakes, and messaging scams. https://hoxhunt.com/cam-toolkit🗂️ APCS Data Breach – UK background check provider compromised, exposing passports, NI numbers, and driver’s licences. We break down identity risks, government liability, and how reporting muddied the waters.🤝 SalesLoft / Drift / Salesforce Breach – ShinyHunters claim 1.5B Salesforce records stolen, hitting over 760 companies (including big-name cyber vendors). OAuth token theft shows how fragile supply chains can be.📦 npm Supply Chain Attack (“Shai-Hulud”) – 187 npm packages hijacked with self-propagating malware, stealing tokens and secrets. GitHub’s slow response raises serious trust questions.🚗 Jaguar Land Rover Attack – A September 1st ransomware hit halted UK car sales and production, with ripple effects on suppliers and staff. Linked to Scattered Spider—again.📱 Apple Backports Zero-Day Fix – Even iPhone 6s got patched after targeted attacks. We explain what “zero-day” really means and why it matters beyond the headlines.🎙️ Fake Podcast Invites – Attackers posing as podcast hosts tricked victims into downloading AMOS Stealer. Media credibility is becoming a new social engineering vector.🚇 Teenagers Behind TfL Cyber Attack – Two 18–19 year olds caused £39m in disruption. A case study in wasted cyber talent—and organised crime’s youth recruitment problem.🤖 ShadowLeak vs ChatGPT – Prompt injection attack silently exfiltrated Gmail data from OpenAI’s “Deep Research” agent. Key lesson: don’t hook AI tools directly into sensitive accounts.📲 TikTok’s Oracle Buyout – Larry Ellison takes 80% ownership in a politically charged deal. But does it actually solve the data-to-China question—or just shift control to another power?🎭 Lighter Bits – Siri flunks, ChatGPT flexes, and a Trump/Starmer deepfake sparks laughs and awareness lessons.In short, this all shows how fragile trust really is—whether in supply chains, AI tools, or the platforms we rely on every day.🕒 Timestamps00:00 — Introduction & Milestone Celebration02:57 — Cybersecurity Awareness & Community Engagement06:00 — Password Manager Vulnerabilities09:00 — AI Ransomware & the Rise of AI in Cybersecurity12:01 — Cyber Attacks on Major Corporations17:20 — Reflections on Cybersecurity Trends18:37 — Compensation Claims & Data Breaches22:26 — SalesLoft Drift Breach: Implications & Insights27:17 — Cyber Awareness & Phishing Campaigns32:31 — AI, Misinformation & Media Risks37:41 — Emerging Cybersecurity Threats📩 For links, videos, and the newsletter – head to ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠riskycreative.com⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠💬 ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Check Out This Episode's Discussion Points⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠📧 ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠hello@riskycreative.com⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠🔗⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ riskycreative.com⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠🎵 Our Intro & Outro Song (© ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠16! by ⁠falling forever⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠)License: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://creativecommons.org/licenses/by/4.0⁠⁠

This week on The Awareness Angle, Anthony Davis and Luke Pettigrew kick off Cybersecurity Awareness Month with new short videos made in collaboration with Hoxhunt—covering spear phishing, deepfakes, and the psychology behind social engineering. Then it’s straight into the big security stories of the week: from iCloud phishing invites to Scattered Spider’s latest breach, and why even attackers are installing antivirus.🎉 Free Hoxhunt Cybersecurity Awareness Month videos on AI phishing, deepfakes, and messaging scams. https://hoxhunt.com/cam-toolkit📅 Apple iCloud Calendar Phishing – Scammers use Apple’s own domain to push fake calendar invites tied to PayPal scams. If it looks odd, it probably is—delete, don’t click.✈️ Qantas Breach & Accountability – Scattered Spider strikes again, hitting 5.7M customers. Qantas cut exec bonuses by 15%—a rare move leaders elsewhere might want to note.🎥 Nexar Dashcam Database Leak – 130TB of video, GPS, and metadata left exposed in an AWS bucket. Dashcams are becoming rolling surveillance devices—often with little oversight.🕵️ Inside the Attacker’s Browser – Huntress stumbled onto open C2 servers, exposing adversary tools, comms, even their use of Bitdefender and Malwarebytes. A rare window into cybercrime operations.🎮 Plex Breach & Messaging Missteps – Usernames, emails, and hashes leaked. Plex’s reset advice was buried in long paragraphs—a reminder that breach comms need to be blunt and clear.📜 Reddit’s Wildest Breaches – Job scams running PowerShell commands, council-wide malware spreads, and SOC analysts debating true vs false positives. We unpack what awareness pros can take from the chaos.🎭 Deepfakes vs Reality – A Trump clip went viral with viewers insisting it was AI. ITV even shared it as genuine before higher-res footage confirmed it was real. Awareness lesson: in 2025, people doubt the truth as much as they fall for fakes.The week’s major cyber headlines, decoded into useful takeaways—and sprinkled with moments that make you raise an eyebrow.🕒 Timestamps00:00 — Introduction & Milestone Celebration02:57 — Cybersecurity Awareness & Community Engagement06:00 — Password Manager Vulnerabilities09:00 — AI Ransomware & the Rise of AI in Cybersecurity12:01 — Cyber Attacks on Major Corporations17:20 — Reflections on Cybersecurity Trends18:37 — Compensation Claims & Data Breaches22:26 — SalesLoft Drift Breach: Implications & Insights27:17 — Cyber Awareness & Phishing Campaigns32:31 — AI, Misinformation & Media Risks37:41 — Emerging Cybersecurity Threats📩 For links, videos, and the newsletter – head to ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠riskycreative.com⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠💬 ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Check Out This Episode's Discussion Points⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠📧 ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠hello@riskycreative.com⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠🔗⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ riskycreative.com⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠🎵 Our Intro & Outro Song (© ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠16! by ⁠falling forever⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠)License: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://creativecommons.org/licenses/by/4.0⁠⁠

This week on The Awareness Angle, Anthony Davis and Luke Pettigrew celebrate the 50th episode with community shoutouts, fresh awareness content, and a packed lineup of security stories. From password manager flaws to the first AI-powered ransomware. Whether it’s car dealerships grinding to a halt or deepfakes making truth harder to pin down, this one’s about the evolving risks, and the practical takeaways that matter most.🎉 50th Episode & Community Updates – We mark the milestone with a shoutout to Liam, our first official member, plus new merch, Discord updates, and free Hoxhunt awareness videos on AI phishing, deepfakes, and messaging scams.Get the Cybersecurity Awareness Month videos here! https://riskycreative.com/en-gbp/pages/cybersecurity-awareness-month🔑 Password Manager Autofill Flaw – A clickjacking bug in major tools (1Password, Bitwarden, LastPass, NordPass, ProtonPass) lets hidden fields steal your credentials. We explain why you shouldn’t ditch password managers—but why autofill and MFA settings matter more than ever.🤖 The First AI Ransomware – “PromptLock” uses a local AI model (gpt-oss-20b) to generate its own malicious code on demand. Lightweight, cross-platform, and harder to detect—it’s a glimpse of where AI-driven attacks are heading.🚗 Jaguar Land Rover Breach – Registrations halted, staff sent home, and Scattered Spider linked to an exploit of SAP NetWeaver. With hackers claiming stolen data but JLR insisting otherwise, we also warn about opportunistic “compensation scam” ads targeting worried customers.💬 SalesLoft/Drift Breach – Stolen authentication tokens exposed Salesforce integrations at companies like Google, Palo Alto, and Zscaler. We break down what UNC6395 pulled off, why SaaS “shiny tools” can be risky, and the urgent need for token hygiene.📧 Phishing Campaigns That Work – From “lost puppy” photos to cider raffles and free pizza, Reddit’s favourite phish templates spark a debate: are tricksy simulations effective, or should awareness always tie back to real workplace processes?🎭 Deepfakes & Denial – Joe Rogan fooled by a fake video, Trump dismissing real footage as AI. We explore the new problem of “liar’s dividend”—where fakes make truth itself harder to defend.🖼️ Hidden Gemini Prompts in Images – Malicious instructions embedded in pictures, not just text. We ask: when AI gets conflicting commands, what wins? Policies and training will need to catch up fast.This week’s major cyber headlines, decoded into useful takeaways—and sprinkled with moments that make you raise an eyebrow.🕒 Timestamps00:00 — Introduction & Milestone Celebration02:57 — Cybersecurity Awareness & Community Engagement06:00 — Password Manager Vulnerabilities09:00 — AI Ransomware & the Rise of AI in Cybersecurity12:01 — Cyber Attacks on Major Corporations17:20 — Reflections on Cybersecurity Trends18:37 — Compensation Claims & Data Breaches22:26 — SalesLoft Drift Breach: Implications & Insights27:17 — Cyber Awareness & Phishing Campaigns32:31 — AI, Misinformation & Media Risks37:41 — Emerging Cybersecurity Threats📩 For links, videos, and the newsletter – head to ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠riskycreative.com⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠💬 ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Check Out This Episode's Discussion Points⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠📧 ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠hello@riskycreative.com⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠🔗⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ riskycreative.com⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠🎵 Our Intro & Outro Song (© ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠16! by ⁠falling forever⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠)License: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://creativecommons.org/licenses/by/4.0⁠⁠

This week on The Awareness Angle, Anthony Davis and Luke Pettigrew come together for a special in-person episode while filming new Cybersecurity Awareness Month videos. From exposed AI chats to insider sabotage, telecom breaches, and Denmark’s bold new deepfake law, the conversation digs into how human behaviour, weak controls, and patchy regulation continue to shape today’s cyber risks.🤖 AI Data Leaks – Elon Musk’s Grok chatbot exposed over 370,000 private conversations in Google search results due to a flawed share feature.🍏 Mac Malware Masquerades – A new info-stealer (“Shamos”) tricks users with fake fixes and malvertising, targeting those with admin rights or poor IT support.🕵️ Insider Sabotage – A developer planted a kill switch in his former employer’s systems, locking out staff after termination and causing massive damage.📱 Telecom Breach in Belgium – Orange Belgium exposed data of 850,000 customers, raising sim-swapping and phishing risks despite quick containment.📲 Android Developer Verification – From 2026, only verified developers will be able to distribute apps—even outside Google Play—in a long overdue accountability move.⚖️ Legal Battles Over Online Safety – 4chan and Kiwi Farms challenge the UK’s Online Safety Act in US courts, arguing it violates First Amendment rights.📊 The UK Government’s Costly Leak – A hidden-tab spreadsheet exposed Afghan allies’ identities, despite staff being explicitly warned. A breach officials called “the most expensive email ever sent.”🎭 Denmark’s Deepfake Law – A pioneering amendment gives people copyright control over their likeness and voice—even extending 50 years after death.📡 Wi-Fi Motion Tracking – Researchers show Wi-Fi signals can map human posture and movement indoors, raising both fascinating applications and surveillance fears.📧 Email Unsubscribe Hack – A hidden Gmail feature lets users see all active subscriptions and unsubscribe in one place—finally making inbox clean-up easier.Whether you’re building awareness programs, tracking regulations, or just trying to keep up with scam tactics, this in-person episode packs sharp insights and practical takeaways.Note: Apologies for the changes in video brightness/exposure throughout the episode — filming conditions varied during recording.🕒 Timestamps00:00 — Introduction & Collaboration Announcement01:07 — Cybersecurity Awareness Month: Key Topics01:55 — News Roundup: Breaches & Security Flaws08:26 — Insider Threats & Malicious Code11:26 — Telecom Data Breach: User Awareness13:37 — Android Developer Verification & Security17:28 — Legal Challenges in Online Safety Regulations20:34 — Password Breaches & Public Perception23:55 — Government Data Breach & Accountability29:45 — Denmark’s Deepfake Legislation31:18 — Cultural Views on Hackers33:26 — Wi-Fi Signal Tracking Technology36:51 — Email Unsubscribe Features & UX📩 For links, videos, and the newsletter – head to ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠riskycreative.com⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠💬 ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Check Out This Episode's Discussion Points⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠📧 ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠hello@riskycreative.com⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠🔗⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ riskycreative.com⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠🎵 Our Intro & Outro Song (© ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠16! by ⁠falling forever⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠)License: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://creativecommons.org/licenses/by/4.0⁠⁠

This week on The Awareness Angle, Anthony Davis and Luke Pettigrew unpack the latest mix of cyber weirdness, policy drama, and awareness lessons—from fake law firm emails dropping malware to pro-Russian hackers playing with dam floodgates. It’s a week of scams, slips, and security culture stories you’ll want to hear.🇬🇧 Age Verification Laws – UK and Texas push mandatory ID scans for adult sites. We break down the privacy pitfalls, weak safeguards, and why VPNs only complicate things.🍏 Apple vs. UK Backdoors – Reports say the UK quietly dropped its iMessage backdoor push. We look at privacy pressure, government demands, and why the crypto wars never end.📩 “Noodle-o-file” Infostealer – Malware dressed up as copyright takedown notices. Fake law firms, DLL sideloading, and another reason not to trust scary attachments.💳 15.8M PayPal Credentials? – A threat actor claims to be selling plaintext logins. Likely infostealer loot, not PayPal itself—but a sharp reminder for MFA and unique passwords.📊 Workday Breach – Social engineering exposed employee data. We unpack the follow-on risks when attackers weaponise stolen contact lists.📱 iOS & Android Messaging Security – Could iOS 26 finally encrypt RCS end-to-end? We look at global habits—and why iMessage, WhatsApp, and SMS all carry different risks.💧 Norway Dam Hack – Pro-Russian attackers briefly hijacked hydropower floodgates. A stark warning on hybrid cyber campaigns hitting critical infrastructure.🛑 Malicious VPN Extension – “Free VPN.1” hit 100k+ Chrome installs while screenshotting users. How does malware this blatant slip past Chrome’s checks?🌐 Google Chrome Zero-Day – Google’s AI tool “Big Sleep” spotted a critical V8 flaw. Emergency patches are out for Chrome and Edge—update now.📒 SANS 2025 Awareness Report – From 1,000+ pros: small teams, social engineering still top risk, AI as an assistant (not replacement), and a rebrand to “Workforce Security & Risk Training.”⚽ NowTV’s Anti-Piracy Ad – Lag, pop-ups, and missed goals used to mock illegal streams. We explore how entertainment risks mirror security awareness.If you want the week’s biggest cyber stories distilled into actionable insights—with a side of human behaviour and tech nostalgia—this episode has it all.🕒 Timestamps00:00:00 — Episode Introduction00:03:48 — Porn Censorship: Internet Impact00:07:36 — UK Government Demands Apple Backdoor00:11:24 — Noodle-o-file: Emerging InfoStealer Threat00:20:47 — PayPal Credential Dump: Security Risks00:24:07 — Workday Breach: Social Engineering Tactics00:26:33 — Potential Messaging Security Upgrades00:30:41 — The Evolution of Communication Tools00:32:08 — Cyber Threats to Critical Infrastructure00:34:30 — VPN Risks and Privacy Concerns00:39:30 — Google AI’s Role in Cybersecurity00:41:20 — Key Insights from SANS Security Awareness Report00:51:19 — Creative Approaches to Cybersecurity Awareness📩 For links, videos, and the newsletter – head to ⁠⁠⁠⁠⁠⁠⁠⁠⁠riskycreative.com⁠⁠⁠⁠⁠⁠⁠⁠⁠💬 ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Check Out This Episode's Discussion Points⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠📧 ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠hello@riskycreative.com⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠🔗⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ riskycreative.com⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠🎵 Our Intro & Outro Song (© ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠16! by ⁠falling forever⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠)License: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://creativecommons.org/licenses/by/4.0⁠⁠