Lightnews — Scholar-powered news

Graham Cluley @grahamcluley.com · 11h

This is extraordinary. Someone built a small language model out of redstone in Minecraft...

www.youtube.com/watch?v=VaeI...

Hear what we thought about it in episode 71 of the award-winning podcast I produce with @ai-fix-mark.bsky.social each week, "The AI Fix": theaifix.show/71

#ai

I built ChatGPT with Minecraft redstone!

YouTube video by sammyuri

www.youtube.com

1 1 3

Graham Cluley @grahamcluley.com · 12h

Welcome aboard the good ship @theaifix.show!

And yes, we love our theme tune too!

1

Graham Cluley @grahamcluley.com · 15h

After exfiltrating almost 1 BILLION records from ~40 organisations using Salesforce, hackers have set a deadline of this Friday for a ransom to be paid.

And, with less than 48 hours to go, Salesforce is refusing to pay up.

Here's what you need to know: www.fortra.com/blog/salesfo...

Salesforce Data Breach: What You Need to Know

The Scattered LAPSUS$ Hunters hacking group claims to have accessed data from around 40 customers of Salesforce.

www.fortra.com

1 5

Graham Cluley @grahamcluley.com · 2d

Aww shucks! Thanks Robin!

1

Graham Cluley @grahamcluley.com · 2d

In some cases even govt-issued IDs (passports and driving licences) have also been stolen by hackers, who are now demanding a ransom be paid by Discord.

Learn more in my article on the Bitdefender blog: www.bitdefender.com/en-us/blog/h...

Discord users' data stolen by hackers in third-party data breach

Discord has confirmed that users who contacted its customer support service have had their data stolen by hackers, who have attempted to extort a ransom from the company.

www.bitdefender.com

1 4

Graham Cluley @grahamcluley.com · 2d

Not for the first time, hackers have breached a third-party service provider used by Discord, stealing personal information belonging to an unknown number of users - including email addresses, billing data, IP addresses, limited payment details, and more.

Discord users' data stolen by hackers in third-party data breach

Discord has confirmed that users who contacted its customer support service have had their data stolen by hackers, who have attempted to extort a ransom from the company.

www.bitdefender.com

1 5 6

Graham Cluley @grahamcluley.com · 5d

Beer lovers will be sobbing into their pints at news that ransomware has brought Japan's largest brewer to its knees and left the country days away from running out of Asahi Super Dry

Read more about the attack on Asahi beer in my article on the Bitdefender blog: www.bitdefender.com/en-us/blog/h...

Japan running dry: Ransomware attack leaves nation days away from Asahi beer shortage

Beer lovers will be sobbing into their pints at the news that a ransomware attack has brought Japan's largest brewer to its knees and left the country days away from running out of its most popul...

www.bitdefender.com

2 1 7

Graham Cluley @grahamcluley.com · 6d

Plus, we take a look at ITV's phone-hacking drama with David Tennant, and take a crack at decoding the history of the Rosetta Stone.

Hear all this and more in episode 437 of the "Smashing Security" podcast. Find it in all good podcast apps or at www.smashingsecurity.com/437

Enjoy!

437: Salesforce's trusted domain of doom

Researchers uncovered a security flaw in Salesforce’s shiny new Agentforce. The vulnerability, dubbed "ForcedLeak", let them smuggle AI-read instructions in via humble Web-to-Lead form... and ended up...

www.smashingsecurity.com

4

Graham Cluley @grahamcluley.com · 6d

This vuln is called "ForcedLeak", and let attackers smuggle AI-read instructions in via humble Web-to-Lead form... and ended up spilling data for the low, low price of five dollars. Double check what domains you have whitelisted folks!

1 4

Graham Cluley @grahamcluley.com · 6d

Great to have industry legend Paul "Duck" Ducklin join me on the latest episode of the "Smashing Security" podcast.

In it we discussed how researchers had found a Salesforce security hole. Yes, another one!

podcasts.apple.com/us/podcast/s...

Salesforce's trusted domain of doom

Podcast Episode · Smashing Security · 10/01/2025 · 39m

podcasts.apple.com

1 1 8

Graham Cluley @grahamcluley.com · 6d

Urk!! Not sure why Fortra is doing that!

Graham Cluley @grahamcluley.com · 7d

Thanks for buying an AI Fix t-shirt!!

1

Graham Cluley @grahamcluley.com · 7d

...🤖 1 in 400 Android devices is rooted (with security restrictions removed) 1 in 2,500 iOS devices is jailbroken, opening the door for attacks
📱 3 out of every 1,000 mobile devices are already compromised.

Something needs to be done about this. Read more in my article on the Fortra blog.

Your Favourite Phone Apps Might be Leaking Your Company's Secrets

Securing APIs isn't just about protecting servers, it's also about protecting the apps that use them.

www.fortra.com

1 2 7

Graham Cluley @grahamcluley.com · 7d

New research from Zimperium reveals the scale of the problem:

📱 Nearly 50% of mobile apps contain hardcoded secrets like API keys embedded directly in the code
🤖 1 in 3 Android apps leak sensitive data
🍏 More than half of iOS apps leak sensitive data...

Your Favourite Phone Apps Might be Leaking Your Company's Secrets

Securing APIs isn't just about protecting servers, it's also about protecting the apps that use them.

www.fortra.com

1 3 7

Graham Cluley @grahamcluley.com · 7d

Most of the apps on your phone are talking to a server somewhere - sending and receiving data through messages sent through APIs.

And here's the problem - hackers have determined that the APIs of mobile apps, when left visible and exploitable, can be a goldmine.

Your Favourite Phone Apps Might be Leaking Your Company's Secrets

Securing APIs isn't just about protecting servers, it's also about protecting the apps that use them.

www.fortra.com

2 8 16

Graham Cluley @grahamcluley.com · 8d

From fake lovers to sextortionists: 260 scammers arrested in Africa.

Read more about the surge in African cybercrime in my article on the Bitdefender blog

www.bitdefender.com/en-us/blog/h...

From fake lovers to sextortionists: 260 scammers arrested in Africa

INTERPOL has announced the arrest of 260 alleged romance scammers, sextortionists, and online fraudsters as part of an operation across Africa.

www.bitdefender.com

4

Reposted by Graham Cluley

The AI Fix podcast @theaifix.show · 8d

Rescue robot or hungry hippo? You decide.

Check out the latest episode of "The AI Fix" podcast with @grahamcluley.com and @ai-fix-mark.bsky.social

theaifix.show/70

Definitely nothing to worry about.

1 2 7

Graham Cluley @grahamcluley.com · 8d

For Russia, it’s low-risk outsourcing. For the teenagers, it’s a potential life-altering criminal record.

It’s a sobering reminder that not every “side hustle” on Telegram leads to easy money. Sometimes it leads straight into the hands of the police.

Read more: www.bitdefender.com/en-us/blog/h...

Dutch teens recruited on Telegram, accused of Russia-backed hacking plot

According to local media reports, two 17-year-olds have been arrested by Dutch authorities on suspicion of spying for pro-Russian hackers.

www.bitdefender.com

4

Graham Cluley @grahamcluley.com · 8d

One teen has been remanded in custody, the other is under home supervision. Authorities are keeping tight-lipped because of the suspects’ age, but the case highlights a growing problem: minors being used as disposable assets by state-linked hacking groups.

Dutch teens recruited on Telegram, accused of Russia-backed hacking plot

According to local media reports, two 17-year-olds have been arrested by Dutch authorities on suspicion of spying for pro-Russian hackers.

www.bitdefender.com

1 3

Graham Cluley @grahamcluley.com · 8d

Two Dutch teenagers have been arrested, accused of spying on behalf of pro-Russian hackers.

Prosecutors say the 17-year-olds were recruited over Telegram and allegedly asked to carry a wifi-sniffer past sensitive buildings in The Hague — including Europol HQ, Eurojust, and embassies.

Dutch teens recruited on Telegram, accused of Russia-backed hacking plot

According to local media reports, two 17-year-olds have been arrested by Dutch authorities on suspicion of spying for pro-Russian hackers.

www.bitdefender.com

1 4 16

Reposted by Graham Cluley

Joe Tidy BBC News @joetidy.bsky.social · 10d

'You'll never need to work again': Criminals offer reporter money to hack BBC.
I recently got offered millions of pounds to give cyber criminals from the Medusa gang my BBC login. I played along to learn about how these 'insider threat' deals work.
www.bbc.co.uk/news/article...

'You'll never need to work again': Criminals offer reporter money to hack BBC

Reporter Joe Tidy was offered money if he would help cyber criminals access BBC systems.

www.bbc.co.uk

7 71 110

Graham Cluley @grahamcluley.com · 10d

Love it!!! ❤️

1 1

Reposted by Graham Cluley

Smashing Security podcast @smashingsecurity.com · 13d

What a delight it was to have @rosesec.bsky.social join the "Smashing Security" podcast this week, as we discussed how ransomware can silence burglar alarms, allowing thieves to help themselves to €600,000 worth of gold in a daring late-night heist.

open.spotify.com/episode/7Ewr...

#ransomware

The €600,000 gold heist, powered by ransomware

open.spotify.com

1 3 11

Graham Cluley @grahamcluley.com · 14d

Hey @skylight.social, is your "unbannable short-form video platform" going to be available in the UK app store?

This app is currently not available in your country or region.

6

Reposted by Graham Cluley

The AI Fix podcast @theaifix.show · 15d

In episode 69 of The AI Fix, a shark wears trainers, an AI writes an awful J-Pop song, Graham learns that ants don’t care about AI, Mark predicts the precise date of Graham’s demise, Norway trusts $1.9 trillion to an AI investor, and Florida fights snakes using laughably bad robot rabbits.

How we really use ChatGPT, and will AI agents crash the economy?

open.spotify.com

1 1 4