Smashing Security
Graham Cluley
Stories from the world of hacking, cybersecurity, and rogue AI.Smashing Security isn’t your typical tech podcast. Hosted by cybersecurity veteran Graham Cluley, it serves up weekly tales of cybercrime, hacking horror stories, privacy blunders, and tech mishaps - all with sharp insight, a sense of humour, and zero tolerance for tech waffle.Winner of the best and most entertaining cybersecurity podcast awards in 2018, 2019, 2022, 2023, and 2024, Smashing Security has had over ten million downloads. Past guests include Garry Kasparov, Mikko Hyppönen, and Jack Rhysider.Follow the podcast on Bluesky at @smashingsecurity.com, and subscribe for free in your favourite podcast app.New episodes released at 7pm EST every Wednesday (midnight UK).
Episodes
Mentioned books
10 snips
Mar 26, 2026 • 41min
Never knock on the door of a nuclear submarine base and ask for a selfie
Jenny Radcliffe, specialist in social engineering and physical infiltration assessment, shares vivid tales of insider extortion and real-world tailgating. Short, tense stories cover a payroll theft turned ransom and two people brazenly approaching the Faslane nuclear base. Conversations focus on why human behavior and physical access still beat remote hacks.
27 snips
Mar 19, 2026 • 55min
This clever scam nearly hijacked a tech CEO's Apple ID
Paul Ducklin, experienced cybersecurity commentator, breaks down a near-miss Apple ID takeover that used MFA fatigue, real-looking Apple alerts, a convincing support call, and a pixel-perfect phishing page. He also explores privacy risks in medical data sharing with UK Biobank and how small data points can re-identify people. Plus a quirky look at human-powered “AI” and a satirical RSA punishment.
14 snips
Mar 12, 2026 • 41min
How not to steal $46 million from the US government
Tricia Howard, cybersecurity practitioner known for hands-on work in crypto and investigations. She discusses alleged theft of $46 million from US Marshals-managed crypto and the Telegram recordings tied to it. They also cover a dormant JavaScript worm that vandalized Wikipedia and how it spread across projects. Short, sharp stories about custody failures, blockchain tracing, and a real-world web worm.
14 snips
Mar 5, 2026 • 50min
How a cybersecurity boss framed his own employee
Carl Miller, technologist and writer on information integrity and digital democracy, tells a jaw-dropping story of a defence contractor leak that framed an innocent colleague. They unpack how stolen zero-day exploits reached Russia-linked brokers and why states might poison LLM training data to bend reality. Short takes on detection, regulation, and the new battle for truth online.
27 snips
Feb 26, 2026 • 49min
How to lose friends and DDoS people
Paul Ducklin, an experienced cybersecurity writer and commentator, joins to dissect a bizarre archive service that allegedly weaponised its CAPTCHA to DDoS a blogger and tampered with archives, sparking Wikipedia to blacklist the site. They also cover a ransomware gang that accidentally corrupted victims' decryption keys, plus a zen pick of the week and a rant about terrible web form validation.
32 snips
Feb 19, 2026 • 45min
Face off: Meta’s Glasses and America’s internet kill switch
James Ball, journalist and author who covers technology and politics, joins to unpack tech sovereignty and privacy threats. They talk about whether US control of cloud services could become geopolitical leverage. They also dig into Meta’s smart glasses and the risks of adding face recognition and always-on sensing. Short, timely conversations about digital power and surveillance.
29 snips
Feb 12, 2026 • 40min
AI was not plotting humanity’s demise. Humans were
Ian Thompson, technology and cybersecurity journalist, joins to unpack viral AI antics and real security risks. They explore Moltbook’s AI-only hype and how humans faked bot behavior. They reveal exposed data and API token leaks from poor AI app security. They also examine alleged cyberattacks around the Winter Olympics and why attendees are tempting targets.
9 snips
Feb 5, 2026 • 37min
The Epstein Files didn’t hide this hacker very well
Tricia Howard, cybersecurity marketing leader and former security researcher, joins to unpack sloppy redactions that let AI and public data reidentify an alleged hacker. They also dig into a senior official's accidental ChatGPT upload and the rising insider risk as AI tools make leaks easier. Light picks of the week add a fun cultural break.
23 snips
Jan 29, 2026 • 46min
The dark web's worst assassins, and Pegasus in the dock
Joe Tidy, experienced BBC cyber correspondent and author, explains how spyware can turn a phone into a constant surveillance tool. They dig into darknet hitman marketplaces, fake-for-hire scams and how criminals trick customers. The conversation also covers a landmark UK ruling over Pegasus infections and the messy aftermath of state-linked phone hacking.
9 snips
Jan 22, 2026 • 45min
I hacked the government, and your headphones are next
Ray Redacted, a cybersecurity expert known for his analysis on vulnerabilities, talks about the shocking exploits of a hacker who breached the US Supreme Court and other agencies, leaking sensitive personal data, including a blood type. They also dive into the eerie flaws of wireless headphones, detailing how attackers can hijack devices to eavesdrop on calls or even stalk users. With insights on security risks and legal outcomes, Ray paints a chilling picture of today’s digital vulnerabilities.
