The Awareness Angle: Cyber Security Awareness and Human Risk

This week on The Awareness Angle, we hit 1.2 million views on a single video across TikTok and Instagram, which is pretty wild for an independent podcast. Thank you to everyone who watched and shared.ADT gets breached for the third time in under a year and it all started with a phone call. An AI coding agent wipes a startup's entire database and all its backups in nine seconds, then writes its own incident report admitting it broke every safety rule it had. The supply chain attack that started with Trivy has now hit Checkmarx and Bitwarden, with three criminal groups teaming up to turn supply chain access into ransomware. And the UK government's annual cyber report says 43% of businesses were breached last year, phishing was behind 85% of them, and despite M&S, Co-op and JLR making national headlines, nothing's really changed. Plus Instructure's Canvas LMS breached again, Itron's smart meters filing quietly on a Friday night, Microsoft Teams helpdesk impersonation going wild, 610,000 Roblox accounts stolen by three lads in Ukraine, QR code scams in Toronto, and a toaster with a touchscreen that nobody asked for.The Awareness Angle is an independent cybersecurity podcast covering cyber news, data breaches, phishing, social engineering, and security awareness. New episodes every week.Chapters:00:00 Intro01:30 Welcome01:52 ADT Breached Again by ShinyHunters Vishing Attack07:23 Instructure / Canvas LMS Hit by Another Cyber Attack13:38 Critical Infrastructure Giant Itron Confirms Cyberattack17:56 AI Coding Agent Deletes Startup Database in 9 Seconds25:28 Supply Chain Attack Hits Checkmarx and Bitwarden28:40 Roblox Account Theft: 610,000 Accounts Stolen36:56 UK Cyber Security Breaches Survey 2025-2643:06 Microsoft Teams Helpdesk Impersonation Attacks52:21 QR Code Scams in Toronto57:03 Smart Toasters and Unnecessary IoT1:01:09 Hannah Fry on AI Agents Going RogueSubscribe to the newsletter at riskycreative.comOur Intro and Outro Song © 16 by Falling Foreverhttps://fallingforever.bandcamp.com/track/16Licensed under Creative Commons Attribution 4.0https://creativecommons.org/licenses/by/4.0/

Nearly 800 Hungarian government passwords found in breach databases — including one from a colonel in charge of information security who used "FrankLampard". We break down how it happened, why it keeps happening, and what it means for anyone responsible for security culture at work.Also this week: Rockstar Games hacked for the second time in three years through a third-party supplier. Basic-Fit gym breach exposes bank details of around one million members across Europe. Booking.com customers scammed using their own stolen reservation data before the company even told them about the breach.On the news side: Microsoft's biggest ever Patch Tuesday with 165 fixes including an actively exploited SharePoint flaw, France ditching Windows across government, a UK energy company loses £700,000 in a payment redirection attack, Google cracking down on back button hijacking, and an emergency Adobe Acrobat patch for a flaw being quietly exploited since December.Cybersecurity news explained in plain English. No jargon. Just the stories that matter and why they matter to real people.New episodes every week. Subscribe wherever you listen.SpotifyApple PodcastsLinkedIn NewsletterYouTubeInstagramTikTokOur Intro and Outro Song © 16 by Falling Forever — https://fallingforever.bandcamp.com/track/16

Chinese hackers just broke into the system the FBI uses to track its own surveillance targets. The White House released an app that security researchers took apart and didn't like what they found. LinkedIn has been secretly scanning your browser extensions without telling you. And a Carnegie Mellon professor says app privacy labels are the nutrition labels of the internet — which tells you everything.This week on The Awareness Angle: cybersecurity news explained in plain English, no jargon, no technical degree required. Anthony and Luke break down the biggest cyber stories of the week including a major FBI data breach, WhatsApp malware targeting Windows users, Google Drive's new ransomware protection, Apple blocking ClickFix attacks, and why AI-generated slop is quietly making all of us easier to scam.New episode every week. Subscribe so you don't miss one.Chapters00:00 Intro01:40 Breach of the Week: Chinese Hackers Breach the FBI's Wiretap System07:15 Trivy Supply Chain Attack Hits the European Commission11:45 The White House App Security Concerns Explained18:15 Apple Blocks ClickFix Paste Attacks in macOS23:35 App Privacy Labels vs Food Nutrition Labels28:40 Google Drive Ransomware Detection Now Available35:51 LinkedIn Secretly Scanning Your Browser Extensions41:11 WhatsApp Used to Deliver Malware to Windows PCs44:54 Phish of the Week: QR Code Salary Scam and Device Code Phishing50:42 SMS Delivery Scam in the Wild57:06 Sloppypasta and Why AI Content Is a Security Risk1:02:04 Artemis II Has Two Broken Instances of Outlook in Space1:03:54 Artemis II is Running Microsoft 365 in Space1:04:43 Artemis II Astronaut Enters PIN on Live Stream1:06:43 Apple Passwords App Ad1:09:58 Nice Looking TikTok Video📩 New episode every week. Get the newsletter at riskycreative.com🌐 Website: https://www.riskycreative.com🎙️ Spotify: https://open.spotify.com/show/7rwzcRsKrXbASFBfiXoCZ6🍎 Apple Podcasts: https://podcasts.apple.com/us/podcast/the-awareness-angle-cyber-news-weekly/id1784126196💼 LinkedIn: https://www.linkedin.com/newsletters/the-awareness-angle-newsletter-7274932363787132928/🎵 TikTok: @infosecant📸 Instagram: https://www.instagram.com/riskycreative▶️ YouTube: https://www.youtube.com/@riskycreative🎵 Intro/outro music: "16" by Falling Forever -- Licensed under Creative Commons Attribution 4.0 International (CC BY 4.0).Track: https://fallingforever.bandcamp.com/track/16License: https://creativecommons.org/licenses/by/4.0/

This week's human cybersecurity news . A US general leaves classified military documents on a train, over 8 million anonymous crime tips are exposed in a major data breach, and a Chrome extension with a million users and Google's Featured badge was silently hijacking shopping commissions for months. This week's cyber news explained in plain English.Also covered this week: the FBI seizes websites belonging to Handala, the Iran-linked hacker group behind the devastating Stryker wiper attack that wiped 200,000 devices and shut down hospitals. Companies House exposes UK company directors' home addresses, email addresses and dates of birth for five months, through a bug that required nothing more than pressing the browser back button. A new Android malware called Perseus hides inside IPTV streaming apps and targets your notes app to steal passwords, financial details and account recovery phrases. And Japan officially legalises offensive cyber operations, or "proactive cyber defence", from October 2026, a major shift away from its post-war defensive-only stance.This week's phishing example: a convincing Emirates loyalty reward scam sent through legitimate Eventbrite infrastructure to bypass email security filters, and how to spot it.We're The Awareness Angle, a weekly cybersecurity podcast and newsletter that explains the biggest cyber threats, data breaches and online scams in plain English, with a focus on the human side of security. No jargon. No technical background needed.New episode every week. Get the newsletter at riskycreative.comFull episode on YouTube: https://youtu.be/9n-ewD0zZuUChapters0:00 Intro1:47 Breach of the Week: US General leaves classified maps on a train7:23 Crime Stoppers data breach: 8 million anonymous tips exposed12:22 Android malware Perseus: hiding in streaming apps, targeting your notes17:29 Handala update: FBI seizes hacker websites after Stryker attack20:58 Marquis ransomware: 672,000 bank customers' data stolen26:37 Companies House: five months of exposed director data, fixed with a back button31:34 Chrome extension malware: Save Image as Type removed after stealing commissions38:18 Phish of the Week: Emirates loyalty scam via Eventbrite43:05 SANS Security Awareness Summit 2026: call for presentations45:18 Topics: Idris Elba's wax model unlocks his iPhone46:30 Pete Tong reads out a URL like it's 199548:40 Tinder wants to scan your camera roll with AI50:07 Japan legalises hacking backFind UsWebsiteSpotifyApple PodcastsLinkedInTikTokInstagramYouTubeMusicIntro/outro music: "16" by Falling Forever, licensed under Creative Commons Attribution 4.0 International (CC BY 4.0).Track: https://fallingforever.bandcamp.com/track/16License: https://creativecommons.org/licenses/by/4.0/

A hacker didn't need a team of experts. They just needed to convince an AI chatbot they were a penetration tester. What followed was the systematic breach of ten Mexican government agencies, 150GB of stolen data, and records touching 195 million people — more than the entire population of Mexico. That's just one of the stories this week on The Awareness Angle — the weekly cyber news podcast that focuses on the human side of security.This week we also cover:The LastPass phishing campaign that doesn't ask for your password — it warns you someone else is stealing it, then harvests it anywayHow the TfL hack in 2024 actually affected 10 million people, despite "some customers" being the official line for over a yearThe Odido data breach that triggered AI-voiced compensation scams within days of the data going publicWhy Meta Ray-Ban glasses may have captured intimate moments that ended up reviewed by contractors in KenyaHow North Korea is using voice changers, Face Swap and AI-generated CVs to get hired by Western companiesA QR code phishing email so well crafted it uses your company logo and a unique code tied to your email addressTimestamps00:00:00 Intro00:01:01 Podcast Intro00:02:15 Breach of the Week – Star Citizen Data Breach00:06:28 Hackers Use Claude AI to Breach Mexican Government00:11:32 Fake LastPass Support Email Phishing Campaign00:17:33 TfL Hack Affected 10 Million People00:22:57 Odido Breach Triggers AI Scam Calls00:27:57 Meta Ray-Ban Glasses Contractor Review00:36:48 North Korea Using AI to Fake Job Interviews00:40:51 Phish of the Week – QR Code Unlogged Work Hours00:45:48 The Admin Password That Wasn't00:47:22 Free PDF Converters and the 637 Cookies You Didn't Agree To00:52:36 Dunning-Kruger and Why Users Click00:55:26 The PayPal Two-Step ScamMore informationhttps://riskycreative.comListen on the goSpotifyhttps://open.spotify.com/show/7rwzcRsKrXbASFBfiXoCZ6Apple Podcastshttps://podcasts.apple.com/us/podcast/the-awareness-angle-cyber-news-weekly/id1784126196Follow usLinkedInhttps://www.linkedin.com/newsletters/the-awareness-angle-newsletter-7274932363787132928/TikTokhttps://www.tiktok.com/@infosecantInstagramhttps://www.instagram.com/riskycreativeYouTubehttps://www.youtube.com/@riskycreativeOur Intro and Outro Song © 16 by falling foreverhttps://fallingforever.bandcamp.com/track/16Licensehttps://creativecommons.org/licenses/by/4.0/

This week on The Awareness Angle, Breach Watch is busy.We cover 73,000 patients hit in an Arizona healthcare breach, stolen Eurail traveller data now up for sale, a phishing led incident at fintech firm Figure, 600,000 Canada Goose customer records leaked, and fresh claims from ShinyHunters around CarGurus.In the news, we unpack the US plan for a freedom.gov portal designed to bypass content bans in Europe and elsewhere, plus new research finding vulnerabilities in popular password managers, and the first real world case of infostealer malware targeting OpenClaw AI agent secrets.In Awareness, we talk about why AI generated passwords might not be as random as they look, why “strong looking” does not always mean secure, and what to do instead. We also end on a strong discussion point, online review blackmail, and why reputation is now part of your attack surface.If you want cyber news explained with clarity, context, and a few strong opinions along the way, you are in the right place.Timestamps00:02:03 73,000 Patients Hit in Arizona Urology Data Breach00:06:51 Eurail Traveller Data for Sale on the Dark Web00:11:28 Fintech Firm Figure Breach After Phishing Attack00:14:17 Canada Goose 600,000 Customer Records Leaked00:18:25 ShinyHunters Claims CarGurus Breach00:18:44 US “freedom.gov” Portal to Bypass Content Bans00:22:50 Password Manager Vulnerabilities Exposed00:26:21 Infostealer Malware Targeting OpenClaw AI Agents00:32:44 AI Generated Passwords May Be Predictable00:39:15 The 90 Day Password Rule Regret00:44:30 Online Review Blackmail Scam00:49:18 SSD Destruction FailMore Informationriskycreative.comFollow usLinkedIn: The Awareness Angle NewsletterTikTok: @infosecantInstagram: @riskycreativeYouTube: @riskycreativeListen on the goSpotify: The Awareness Angle on SpotifyApple Podcasts: The Awareness Angle on Apple PodcastsMusicIntro and Outro Song © 16 by falling foreverTrack linkLicense: CC BY 4.0

This week on The Awareness Angle, trust keeps breaking in places it was assumed to be solid. From a state linked supply chain attack slipping malware into trusted software updates, to ransomware actors claiming access to airport systems, and even cybercrime forums being breached themselves, the pattern this week is confidence collapsing across the stack.We start with Breach Watch, unpacking how Notepad++ users were targeted through compromised update infrastructure rather than the software itself, why supply chain attacks remain so effective, and what selective targeting really tells us. We also look at ransomware claims against a US airport, the growing tactic of dumping sensitive files as proof, and what it means when critical infrastructure gets dragged into extortion.In the news, we cover the FBI seizure of a major ransomware forum, and why takedowns rarely end criminal ecosystems. We dig into claims that WhatsApp encryption is a lie, why cryptographers are sceptical, and how trust in closed source security tools keeps getting tested. We also discuss Spain announcing a ban on social media for under 16s, the wider regulatory trend this fits into, and the difficult reality of enforcement. Then we break down how mobile phones can silently share GPS level location with carriers at the network level, without app permissions or user awareness.In Awareness and Topics, we look at ransomware rising sharply in early 2026, why recovery matters more than negotiation, and how extortion gangs are shifting from data theft into personal harassment and psychological pressure. We also talk about McDonald’s calling out weak password habits using breached credential data, why predictable passwords still dominate, and what organisations can learn from simple, well executed awareness campaigns. We finish with a discussion on breaking into cybersecurity, mentorship, community, and why there is no single path into the industry.Chapters00:00 Intro01:11 Breach Watch, Notepad++ supply chain attack06:52 Ransomware group claims airport breach10:28 BreachForums breached, criminals exposed13:02 FBI seizes RAMP hacking forum16:18 WhatsApp encryption lawsuit explained19:33 Spain plans social media ban for under 16s25:20 Phones silently sharing GPS with carriers30:12 Scattered Lapsus ShinyHunters harassment tactics35:21 Ransomware activity up in 202639:45 McDonald’s calls out weak passwords45:06 Getting your first job in cybersecurity51:39 Real or phishing, campaign emails analysedMore Informationhttps://riskycreative.comFollowLinkedIn: https://www.linkedin.com/newsletters/the-awareness-angle-newsletter-7274932363787132928/TikTok: https://www.tiktok.com/@infosecantInstagram: https://www.instagram.com/riskycreativeYouTube: https://www.youtube.com/@riskycreativeIf you found this useful, share it with someone who cares about cyber but does not speak cyber.Stay aware, stay secure.Intro and Outro Music (© 16 by falling forever)https://fallingforever.bandcamp.com/track/16License: CC BY 4.0https://creativecommons.org/licenses/by/4.0

This week on The Awareness Angle, security failures show how quickly everyday systems can tip from background noise into real world disruption. From ransomware knocking a major IT distributor offline, to schools closing after cyber attacks, and criminals selling voice phishing kits like a product, the theme this week is scale. Small failures, trusted platforms, and familiar channels being used to create outsized impact.We start with Breach Watch, looking at the Ingram Micro ransomware attack and what it reveals about supply chain fragility when a single distributor goes dark. We then cover a breach at Grubhub caused by access to a third party support system, exposing customer, driver, and merchant data. We also look at the Minnesota Department of Human Services breach affecting nearly 304,000 people, and a UK secondary school forced to close after cyber disruption took critical systems offline.In the news, Microsoft releases emergency out of band Windows updates after patching issues prevent systems from shutting down properly. We look at criminals openly selling ready made voice phishing kits, making vishing easier to run at scale, and a malicious Chrome extension that deliberately crashes browsers to push fake fixes in a new ClickFix variant. We also discuss the EU launching a new vulnerability database as an alternative to CVE, a phishing campaign targeting LastPass users with fake security alerts, the UK government consulting on banning social media for under 16s, and TikTok finalising a deal to split its US operations into a new joint venture.In Topics, we talk about password hints that are completely useless, the ongoing debate around the phrase human risk, and the Action Fraud rebrand to Report Fraud, including why its sign in experience raises some uncomfortable trust questions. We also look at how AI generated content is flooding social platforms, and share practical ways to spot fake accounts and videos before they fool you.If you want cyber news explained with clarity, context, and zero jargon, you are in the right place.0:00 Introduction and Overview1:25 Ingram Micro Ransomware Attack5:38 Grubhub Third Party Breach9:41 Minnesota Department of Human Services Data Breach12:39 UK School Forced to Close After Cyber Attack18:52 Microsoft Emergency Windows Updates20:45 Voice Phishing Kits for Sale25:25 Malicious Chrome Extension and ClickFix Variant30:34 EU Vulnerability Database Alternative to CVE34:19 LastPass Phishing Campaign39:29 UK Consultation on Social Media Ban for Under 16s45:10 TikTok Splits US Operations48:30 Password Hints and Human Risk Discussion53:19 Action Fraud Rebrand and Trust Issues1:01:26 AI Generated Content and Spotting FakesMore Informationhttps://riskycreative.comListen on the goSpotify: https://open.spotify.com/show/7rwzcRsKrXbASFBfiXoCZ6Apple Podcasts: https://podcasts.apple.com/us/podcast/the-awareness-angle-cyber-news-weekly/id1784126196Follow usLinkedIn: https://www.linkedin.com/newsletters/the-awareness-angle-newsletter-7274932363787132928/TikTok: https://www.tiktok.com/@infosecantInstagram: https://www.instagram.com/riskycreativeYouTube: https://www.youtube.com/@riskycreativeIf you found this useful, hit subscribe and share it with someone who cares about cyber but does not speak cyber.Stay aware, stay secure.🎵 Our Intro and Outro Song (© 16 by falling forever)https://fallingforever.bandcamp.com/track/16License: https://creativecommons.org/licenses/by/4.0

This week on The Awareness Angle, everyday systems, subscriptions, and trusted tools keep showing how easily they can be turned against us. From major data breaches affecting millions to phishing tactics designed to look like system failures, the theme this week is familiarity, and how attackers exploit what people already trust.We kick off with Breach Watch, starting with Condé Nast, where a breach claim could affect millions of subscribers across brands like Wired, Vogue, and GQ. We then look at Covenant Health in the US, where a breach initially disclosed as small has grown to nearly half a million people, exposing highly sensitive medical data. We also cover a US gas station operator running more than 150 locations, where attackers accessed payment card data, bank details, and government issued IDs, with customers only notified months later. We round out Breach Watch with Tokyo FM in Japan and the European Space Agency, now under criminal investigation after sensitive systems were compromised.In What the Hack, we break down one of the most worrying phishing techniques we have seen recently. Fake Blue Screen of Death pop ups are being used to panic hotel staff into installing malware, using Booking.com themed emails and ClickFix style attacks. We also dig into how password managers were unexpectedly pulled into a mobile banking security decision, and why sideloaded apps are becoming a growing point of confusion for users.The wider topics include a deep dive into Equifax’s security culture years after its breach, OpenAI’s move to connect health data to ChatGPT and why that changes the value of accounts, the UK government’s new cyber action plan, and why outdated, box ticking cyber training continues to miss the mark. We also look at scam texts, SMS trust problems, and even cyber exclusions quietly appearing in home insurance policies.If you want cyber news explained with clarity, context, and zero jargon, you are in the right place.Chapters00:00:00 Welcome, and this week’s storiesBreach Watch00:01:01 Breach Watch begins00:01:22 Condé Nast breach claims and subscriber data risk00:04:41 Covenant Health breach grows to nearly half a million people00:07:18 Tokyo FM breach and why radio stations hold so much data00:10:13 US gas station operator breach, payment cards and delayed notification00:12:31 European Space Agency breach under criminal investigationWhat the Hack00:22:52 Fake Blue Screen of Death attacks targeting hotel staff00:26:37 ClickFix techniques and why panic keeps working00:34:49 HSBC, Bitwarden, sideloaded apps, and mobile trust decisionsTopics00:37:52 OpenAI, ChatGPT health data, and account value00:42:03 UK government cyber action plan00:44:48 NCSC cyber training for school staff and why delivery matters00:49:00 Parking fine scams, bank texts, and SMS trust issues00:57:07 Cyber events appearing in home insurance policies01:02:54 Closing thoughts and wrap upMore Informationhttps://riskycreative.comListen on the goSpotify: https://open.spotify.com/show/7rwzcRsKrXbASFBfiXoCZ6Apple Podcasts: https://podcasts.apple.com/us/podcast/the-awareness-angle-cyber-news-weekly/id1784126196Follow usLinkedIn: https://www.linkedin.com/newsletters/the-awareness-angle-newsletter-7274932363787132928/TikTok: https://www.tiktok.com/@infosecantInstagram: https://www.instagram.com/riskycreativeYouTube: https://www.youtube.com/@riskycreativeIf you found this useful, hit subscribe and share it with someone who cares about cyber but does not speak cyber.Stay aware, stay secure.🎵 Our Intro and Outro Song (© 16 by falling forever)https://fallingforever.bandcamp.com/track/16License: CC BY 4.0https://creativecommons.org/licenses/by/4.0

This week on The Awareness Angle, trusted platforms are being abused at scale, and the damage often starts with things that look completely legitimate. From Spotify facing claims of a massive torrent based scrape to phishing emails abusing real Google services, the theme this week is misplaced trust, and how attackers keep exploiting it.We kick off with Breach Watch, starting with claims that Anna’s Archive scraped huge volumes of Spotify audio and metadata and redistributed it via torrents. We then move to Ubisoft taking Rainbow Six Siege offline after attackers appear to gain deep backend control, triggering mass bans and in game chaos. We also cover Korean Air disclosing a passenger data exposure linked to a supplier breach, and an update on the Coupang incident where investigators recovered customer data from a laptop that had been smashed and dumped in an attempt to destroy evidence.In What the Hack, we break down a phishing campaign abusing real Google services to send convincing emails before stealing Microsoft logins, a British security researcher who secured an Australian visa after responsibly hacking a government website, and a new ClickFix service selling fake browser glitch pages at scale. We also dig into a long running browser extension malware campaign that has quietly infected millions of users across Chrome, Edge, and Firefox, Meta’s reported internal playbook for managing scam ad scrutiny, and why Flipper Zero and Raspberry Pi devices were banned from a major public event in New York.The wider topics look at loan scams thriving on social platforms, why scam ads keep slipping through despite reporting, and the quiet loss of one of the most important public resources for tracking AI jailbreaks in the wild.If you want cyber news explained with clarity and zero jargon, you are in the right place.Chapters00:00:00 Welcome, and this week’s storiesBreach Watch00:01:16 Spotify scrape claims and torrent distribution00:05:25 Rainbow Six Siege hack forces Ubisoft shutdown00:10:57 Korean Air passenger data exposed via supplier breach00:12:59 Coupang update, smashed laptop data recoveredWhat the Hack00:15:53 Google services abused for phishing Microsoft logins00:20:47 British hacker wins Australian visa after responsible disclosure00:23:34 ClickFix attacks sold via fake browser glitch pages00:28:46 Browser extensions infect millions over seven years00:34:28 NYC bans Flipper Zero and Raspberry Pi devicesTopics00:39:02 Loan scams spreading through social platforms00:42:10 Meta and the management of scam ad scrutiny00:44:59 Reddit bans r slash ChatGPTJailbreak and why it matters00:48:06 Closing thoughtsMore Informationhttps://riskycreative.comListen on the goSpotify: https://open.spotify.com/show/7rwzcRsKrXbASFBfiXoCZ6?si=1bbe58c9be6c462bApple Podcasts: https://podcasts.apple.com/us/podcast/the-awareness-angle-cyber-news-weekly/id1784126196Follow usLinkedIn: https://www.linkedin.com/newsletters/the-awareness-angle-newsletter-7274932363787132928/TikTok: https://www.tiktok.com/@infosecantInstagram: https://www.instagram.com/riskycreativeYouTube: https://www.youtube.com/@riskycreativeIf you found this useful, hit subscribe and share it with someone who cares about cyber but does not speak cyber.Stay aware, stay secure.

Subscribe on your favourite platforms and visit https://linktr.ee/riskycreative for more of ∠The Awareness Angle.This week on The Awareness Angle Interviews, Ant sits down with Cary Johnson, founder of Phishbusters, for a straight talking conversation about security awareness, human risk, and why so many programmes struggle to prove real impact.This episode strips away dashboards, buzzwords, and vendor narratives to focus on what actually reduces phishing risk. Cary brings a science led perspective to awareness, challenging engagement metrics, benchmarks, and the idea that looking busy means you are becoming more secure.We get into phishing as a measurement tool rather than a content engine, why repeat clickers are not all the same, and how poor measurement can quietly create fatigue, resentment, and false confidence across organisations.If you work in security awareness, human risk, or phishing defence, this conversation will challenge how you think about success.We talk about Why engagement does not equal impact Benchmarks versus baselines, and why the difference really matters Phishing as the number one human risk Repeat clickers, learners, and where risk actually sits Why overtraining creates fatigue and resentment Verification skills and keeping awareness simple Compliance theatre and the danger of vanity metrics Vendors marking their own homework How to test whether your programme is genuinely workingThis is a calm but challenging discussion that says the quiet part out loud. It shows how easily good intentions can turn into noise when measurement is flawed, and how much simpler awareness can be when we focus on proof instead of performance.Let me know what it gets you thinking about.Stay aware, stay secure.Previous Episodehttps://www.youtube.com/watch?v=EntRmhcDOBM&list=PLEsOj51Q0PfA0qX6BRlNnyD7lG8JlijRfLinksYouTube: https://www.youtube.com/@riskycreativeLinkedIn: https://www.linkedin.com/company/riskycreativeSpotify: https://open.spotify.com/user/riskycreativeWebsite: https://www.riskycreative.comContact: hello@riskycreative.comIntro and outro music16! by falling foreverhttps://fallingforever.bandcamp.com/track/16License: CC BY 4.0https://creativecommons.org/licenses/by/4.0

This week on The Awareness Angle, things get lively. We break down the Scientology ransomware attack, the ongoing chaos at Westminster Council, the five hundred million Windows 10 devices now left unsupported, and the ClickFix scam impersonating ChatGPT that we discovered live during the recording.We dig into what the Qilin gang claims to have taken from Scientology, why Westminster is still struggling to deliver basic services, and how Microsoft has created a global security problem by forcing users onto hardware they cannot afford. We also look at the Windows LNK zero day, Microsoft’s new activity tracking in Teams, and India’s decision to drop its mandatory cyber safety app.The big moment this week is the fake ChatGPT Atlas installer. A live ClickFix scam pushed through a compromised Google Ads account, designed to steal passwords simply by tricking people into pasting a command into their terminal. It is a clear example of how modern attacks borrow trust from real brands.We finish with AI fakery, deepfake claims and a Japanese game studio that now asks applicants to draw live to prove their portfolios are human made.If you want cyber news explained with clarity and zero jargon, you are in the right place.Chapters00:00:00 Welcome back and Luke returns00:00:29 Overview of this week’s stories00:01:19 Breach Watch beginsBreach Watch00:01:19 Scientology hit by Qilin ransomware00:03:28 Westminster Council attack update00:07:03 Freedom Mobile breach in Canada00:09:08 Brsk breach in the UK00:11:38 Marquis breach impacts seventy four US banks00:13:24 Wrap up of this week’s Breach WatchWhat the Hack00:14:25 Windows 10 crisis and unsupported devices00:16:07 Windows LNK zero day explained00:20:30 Teams location and activity reporting backlash00:22:20 India scraps mandatory cyber safety appClickFix Discovery00:25:50 Fake ChatGPT Atlas browser and ClickFix attack00:31:10 Live discovery of active scam through Google Ads00:33:54 Reporting the malicious ad and account takeoverAnt’s Topics00:41:20 Reddit story: employee clicks phishing link00:43:03 Why reporting quickly matters more than the click00:45:33 AI used to fake street footage and misinformationLuke’s Topics00:48:03 AI generated behind the scenes Home Alone footage00:53:52 Debunking viral AI content and misinformation00:55:14 Japanese studio now testing applicants live to stop AI cheatingWrap Up00:58:03 Final thoughts and sign off00:58:51 OutroListen on the goSpotify: https://open.spotify.com/show/7rwzcRs...Apple Podcasts: https://podcasts.apple.com/us/podcast...Follow usLinkedIn: https://www.linkedin.com/newsletters/the-awareness-angleTikTok: https://www.tiktok.com/@infosecantInstagram: https://www.instagram.com/riskycreativeYouTube: https://www.youtube.com/@riskycreativeIf you found this useful, hit subscribe and share it with someone who cares about cyber but does not speak cyber.Stay aware, stay secure.

📢 Subscribe on your favourite platforms and visit https://linktr.ee/riskycreative for more of ∠The Awareness Angle📢 This Week on The Awareness AngleRail hacks, WhatsApp risks, CCTV horror stories, teenage cyber gangs, and a staffing breach that leaked over a hundred thousand CVs. It has been a busy week.Luke and I break down the biggest cyber stories in a way that actually makes sense for real people at work, not just security pros. We talk human risk, scams, what to watch out for, and why the simplest mistakes keep causing the biggest damage.In this episode:• The Italian rail supplier breach with 2.3 TB of stolen data• Salesforce customer data stolen through a Gainsight integration• Cornerstone Staffing and the leak of more than one hundred thousand CVs• A WhatsApp flaw exposing 3.5 billion phone numbers• A nationwide CCTV hack in India involving maternity wards and schools• Australia’s new under sixteen ban and what it means for social platforms• TfL’s 2024 cyber attack and the trial ahead• Plus our own stories, scams we spotted, and awareness topics making the rounds this week👋 About usAnt Davis helps people make sense of the human side of cybersecurity. He runs Kindred Cyber, a people centred security service that gives organisations real world guidance, support and better engagement.Luke Pettigrew is an experienced security professional with years of hands on work educating people across one of the largest online food retailers in the UK. Together they take the complex parts of cyber and turn them into simple stories, clear guidance and content that helps people understand what is happening and why it matters.👍 Support the showSubscribe, drop a like, and leave a comment. It helps more than you think.If you prefer short form content, follow us on TikTok, YouTube Shorts, and Instagram for daily clips.📨 Stay updatedJoin the weekly newsletter for extra context, stories we did not cover, and links to everything we discuss.#cybersecurity #securityawareness #phishing #podcast #cloudsecurity #passwords #AIsecurity #infosec🕒 Timestamps00:00 Intro and welcome00:19 Quick catch up00:32 Ant starting Kindred Cyber01:24 Moving into the breach report02:03 Italian rail group breach03:15 Salesforce and Gainsight breach05:18 Cornerstone Staffing ransomware attack08:32 WhatsApp flaw exposes 3.5 billion numbers12:28 UK, US and Australia sanction Russian cyber firms14:45 Australia adds Twitch to teen social media ban19:52 CCTV hack in Indian maternity wards27:43 TfL cyber attack court update30:59 CIISEC Live and Ant’s appearance32:17 Launch of Kindred Cyber34:30 Lost Phone Passcode Social Engineering Scam37:19 The AI data paste incident from Reddit41:34 Flight scam and Google ads abuse49:11 Bob's Business - Scams and AI made scam sites51:33 Wrap up and closing thoughts🍿 Previous Episodehttps://youtu.be/qsS5wWZTLrg🟥 YouTube🟦 LinkedIn🟩 Spotify📧 hello@riskycreative.com🔗 https://www.riskycreative.com🎵 Our Intro and Outro Song (© 16 by falling forever)https://fallingforever.bandcamp.com/track/16License: CC BY 4.0https://creativecommons.org/licenses/by/4.0/