The Awareness Angle: Cyber News Weekly

Risky Creative
  • 4.6 (5)
  • TECH NEWS
  • UPDATED WEEKLY

The Awareness Angle makes cybersecurity make sense. Hosted by Anthony and Luke, we break down the biggest cyber stories of the week. From phishing scams and AI fraud to major data breaches and the sneaky ways people get hacked, we explain what’s going on and why it matters. But this isn’t just another tech podcast. We focus on the human side of cybersecurity. How scams actually work, why people fall for them, and what we can all do to stay safer online. You’ll get practical tips, real-world examples, and relatable stories that show how cyber threats affect everyday people, not just big busin

  1. 4 DAYS AGO

    Supply Chain Hacks. Fake Encryption. Phones That Track You - The Awareness Angle: Cyber News Weekly

    This week on The Awareness Angle, trust keeps breaking in places it was assumed to be solid. From a state linked supply chain attack slipping malware into trusted software updates, to ransomware actors claiming access to airport systems, and even cybercrime forums being breached themselves, the pattern this week is confidence collapsing across the stack.We start with Breach Watch, unpacking how Notepad++ users were targeted through compromised update infrastructure rather than the software itself, why supply chain attacks remain so effective, and what selective targeting really tells us. We also look at ransomware claims against a US airport, the growing tactic of dumping sensitive files as proof, and what it means when critical infrastructure gets dragged into extortion.In the news, we cover the FBI seizure of a major ransomware forum, and why takedowns rarely end criminal ecosystems. We dig into claims that WhatsApp encryption is a lie, why cryptographers are sceptical, and how trust in closed source security tools keeps getting tested. We also discuss Spain announcing a ban on social media for under 16s, the wider regulatory trend this fits into, and the difficult reality of enforcement. Then we break down how mobile phones can silently share GPS level location with carriers at the network level, without app permissions or user awareness.In Awareness and Topics, we look at ransomware rising sharply in early 2026, why recovery matters more than negotiation, and how extortion gangs are shifting from data theft into personal harassment and psychological pressure. We also talk about McDonald’s calling out weak password habits using breached credential data, why predictable passwords still dominate, and what organisations can learn from simple, well executed awareness campaigns. We finish with a discussion on breaking into cybersecurity, mentorship, community, and why there is no single path into the industry.Chapters00:00 Intro01:11 Breach Watch, Notepad++ supply chain attack06:52 Ransomware group claims airport breach10:28 BreachForums breached, criminals exposed13:02 FBI seizes RAMP hacking forum16:18 WhatsApp encryption lawsuit explained19:33 Spain plans social media ban for under 16s25:20 Phones silently sharing GPS with carriers30:12 Scattered Lapsus ShinyHunters harassment tactics35:21 Ransomware activity up in 202639:45 McDonald’s calls out weak passwords45:06 Getting your first job in cybersecurity51:39 Real or phishing, campaign emails analysedMore Informationhttps://riskycreative.comFollowLinkedIn: https://www.linkedin.com/newsletters/the-awareness-angle-newsletter-7274932363787132928/TikTok: https://www.tiktok.com/@infosecantInstagram: https://www.instagram.com/riskycreativeYouTube: https://www.youtube.com/@riskycreativeIf you found this useful, share it with someone who cares about cyber but does not speak cyber.Stay aware, stay secure.Intro and Outro Music (© 16 by falling forever)https://fallingforever.bandcamp.com/track/16License: CC BY 4.0https://creativecommons.org/licenses/by/4.0

    53 min

  2. 2 FEB

    From Dating App Leaks to AI Agent Risks - The Awareness Angle: Weekly Cyber News

    This week on The Awareness Angle, trust keeps breaking in places people expect it to hold. From exposed AI agent infrastructure and phishing malware slipping into the Chrome Web Store, to sensitive government data being uploaded to ChatGPT, the theme this week is misplaced confidence. Tools designed to help, automate, and protect are being misused, misconfigured, or trusted too far. We start with Breach Watch, looking at claims that ShinyHunters accessed data linked to major dating platforms, and what exposure through analytics providers and contractor access really means. We then cover reports that the acting head of the US cybersecurity agency uploaded internal government documents to ChatGPT, raising uncomfortable questions about AI use at the highest levels of security leadership. In the news, we break down Clawdbot, also known as Moltbot, an open source AI agent that promises automation but has left hundreds of exposed gateways leaking credentials, API keys, and private conversations. We look at why autonomous AI agents expand attack surfaces, how third party add ons turn convenience into risk, and why hardening these systems is not optional. We also cover phishing capable Chrome extensions bypassing store review, Google improving ransomware protection in Drive, and France fast tracking plans to ban social media for under 15s. In Topics, we talk about exposed admin panels in AI powered toys and what happens when children’s conversations and profiles are stored behind weak controls. We also discuss phishing awareness in the real world, misleading breach headlines, fake profiles, and why simple in store warnings on gift cards can be surprisingly effective. If you want cyber news explained with clarity, context, and zero jargon, you are in the right place. Episode timestamps 00:00 Intro01:11 Breach Watch, ShinyHunters dating app data claims06:52 US cybersecurity chief uploads documents to ChatGPT10:28 What is Clawdbot and why it matters13:02 Hundreds of exposed Clawdbot gateways16:18 The AI agent craze and growing security risks19:33 Phishing malware sold as Chrome extensions25:20 Google Drive ransomware protection improvements30:12 France moves to ban social media for under 15s35:21 Exposed admin panel found in AI toy43:31 Awareness, spotting phishing and AI content49:45 Misleading breach headlines and fake panic51:39 Reverse image search exposing fake profiles53:06 Gift card scam warnings in store54:31 Covering phone cameras as a security habit56:12 Free WIFI on Flight QR Code Prank57:57 TikTok Argos MacBook Retail Discount Code01:00:36 Real world phishing and family account compromise More Informationhttps://riskycreative.com Listen on the goSpotify: https://open.spotify.com/show/7rwzcRsKrXbASFBfiXoCZ6Apple Podcasts: https://podcasts.apple.com/us/podcast/the-awareness-angle-cyber-news-weekly/id1784126196 Follow usLinkedIn: https://www.linkedin.com/newsletters/the-awareness-angle-newsletter-7274932363787132928/TikTok: https://www.tiktok.com/@infosecantInstagram: https://www.instagram.com/riskycreativeYouTube: https://www.youtube.com/@riskycreative If you found this useful, hit subscribe and share it with someone who cares about cyber but does not speak cyber. Stay aware, stay secure. 🎵 Our Intro and Outro Song (© 16 by falling forever)https://fallingforever.bandcamp.com/track/16 License: CC BY 4.0https://creativecommons.org/licenses/by/4.0 ``

    1h 12m

  3. 26 JAN

    Voice Phishing Kits, CrashFix Malware, and Schools Forced Offline

    This week on The Awareness Angle, security failures show how quickly everyday systems can tip from background noise into real world disruption. From ransomware knocking a major IT distributor offline, to schools closing after cyber attacks, and criminals selling voice phishing kits like a product, the theme this week is scale. Small failures, trusted platforms, and familiar channels being used to create outsized impact. We start with Breach Watch, looking at the Ingram Micro ransomware attack and what it reveals about supply chain fragility when a single distributor goes dark. We then cover a breach at Grubhub caused by access to a third party support system, exposing customer, driver, and merchant data. We also look at the Minnesota Department of Human Services breach affecting nearly 304,000 people, and a UK secondary school forced to close after cyber disruption took critical systems offline. In the news, Microsoft releases emergency out of band Windows updates after patching issues prevent systems from shutting down properly. We look at criminals openly selling ready made voice phishing kits, making vishing easier to run at scale, and a malicious Chrome extension that deliberately crashes browsers to push fake fixes in a new ClickFix variant. We also discuss the EU launching a new vulnerability database as an alternative to CVE, a phishing campaign targeting LastPass users with fake security alerts, the UK government consulting on banning social media for under 16s, and TikTok finalising a deal to split its US operations into a new joint venture. In Topics, we talk about password hints that are completely useless, the ongoing debate around the phrase human risk, and the Action Fraud rebrand to Report Fraud, including why its sign in experience raises some uncomfortable trust questions. We also look at how AI generated content is flooding social platforms, and share practical ways to spot fake accounts and videos before they fool you. If you want cyber news explained with clarity, context, and zero jargon, you are in the right place. 0:00 Introduction and Overview1:25 Ingram Micro Ransomware Attack5:38 Grubhub Third Party Breach9:41 Minnesota Department of Human Services Data Breach12:39 UK School Forced to Close After Cyber Attack18:52 Microsoft Emergency Windows Updates20:45 Voice Phishing Kits for Sale25:25 Malicious Chrome Extension and ClickFix Variant30:34 EU Vulnerability Database Alternative to CVE34:19 LastPass Phishing Campaign39:29 UK Consultation on Social Media Ban for Under 16s45:10 TikTok Splits US Operations48:30 Password Hints and Human Risk Discussion53:19 Action Fraud Rebrand and Trust Issues1:01:26 AI Generated Content and Spotting Fakes More Informationhttps://riskycreative.com Listen on the goSpotify: https://open.spotify.com/show/7rwzcRsKrXbASFBfiXoCZ6Apple Podcasts: https://podcasts.apple.com/us/podcast/the-awareness-angle-cyber-news-weekly/id1784126196 Follow usLinkedIn: https://www.linkedin.com/newsletters/the-awareness-angle-newsletter-7274932363787132928/TikTok: https://www.tiktok.com/@infosecantInstagram: https://www.instagram.com/riskycreativeYouTube: https://www.youtube.com/@riskycreative If you found this useful, hit subscribe and share it with someone who cares about cyber but does not speak cyber. Stay aware, stay secure. 🎵 Our Intro and Outro Song (© 16 by falling forever)https://fallingforever.bandcamp.com/track/16 License: https://creativecommons.org/licenses/by/4.0

    1h 7m

  4. 19 JAN

    Instagram Passwords, Ransomware Claims, and AI Controls

    This week on The Awareness Angle, confusion, control, and credibility sit at the centre of the cyber news. From password reset emails triggering panic at global scale, to ransomware groups shaping the narrative without releasing data, the theme this week is trust, who controls it, and how quickly it can unravel. We start with Breach Watch, looking at ransomware claims against Nissan and how screenshots and file listings are increasingly used to apply pressure without publishing stolen data. We then move to a confirmed breach at Spanish energy giant Endesa, where customer data linked to energy contracts and payment details was exposed, and compare two very different approaches to communication and incident handling. We also cover BreachForums leaking its own user database, a reminder that even criminal platforms are not immune to basic security failures. In What the Hack, we break down the Instagram password reset email saga that left millions of users unsure whether they were under attack. We look at Meta’s explanation, Malwarebytes’ claims of leaked data, and why old scraped information keeps coming back to cause fresh concern. We also cover Microsoft’s Patch Tuesday, including an actively exploited zero day, and why severity scores often miss the real risk story. The wider topics include Microsoft potentially allowing Copilot to be fully removed from managed devices, growing pushback against forced AI adoption at work, and why major PC manufacturers are now saying AI is confusing customers rather than selling devices. We also look at a hacker jailed for attacks on the ports of Rotterdam and Antwerp, showing how cyber access directly enables real world organised crime, and a foiled cyber attack targeting Poland’s energy infrastructure. We wrap up with two very human stories, a classic scam email that knows your password and why it still works, and a look at eye scanning being pitched as proof that you are human, complete with crypto incentives, biometric risk, and some uncomfortable questions about where identity is heading. If you want cyber news explained with clarity, context, and zero jargon, you are in the right place. More informationhttps://riskycreative.com Listen on the goSpotify: https://open.spotify.com/show/7rwzcRsKrXbASFBfiXoCZ6Apple Podcasts: https://podcasts.apple.com/us/podcast/the-awareness-angle-cyber-news-weekly/id1784126196 Follow usLinkedIn: The Awareness Angle NewsletterTikTok: @infosecantInstagram: @riskycreativeYouTube: @riskycreative If you found this useful, follow the show and share it with someone who cares about cyber but does not speak cyber. Stay aware, stay secure. 🎵 Our Intro and Outro Song (© 16 by falling forever)https://fallingforever.bandcamp.com/track/16License: CC BY 4.0

    32 min

  5. 12 JAN

    Subscriber Data Exposed and Hotels ClickFix Phished

    This week on The Awareness Angle, everyday systems, subscriptions, and trusted tools keep showing how easily they can be turned against us. From major data breaches affecting millions to phishing tactics designed to look like system failures, the theme this week is familiarity, and how attackers exploit what people already trust. We kick off with Breach Watch, starting with Condé Nast, where a breach claim could affect millions of subscribers across brands like Wired, Vogue, and GQ. We then look at Covenant Health in the US, where a breach initially disclosed as small has grown to nearly half a million people, exposing highly sensitive medical data. We also cover a US gas station operator running more than 150 locations, where attackers accessed payment card data, bank details, and government issued IDs, with customers only notified months later. We round out Breach Watch with Tokyo FM in Japan and the European Space Agency, now under criminal investigation after sensitive systems were compromised. In What the Hack, we break down one of the most worrying phishing techniques we have seen recently. Fake Blue Screen of Death pop ups are being used to panic hotel staff into installing malware, using Booking.com themed emails and ClickFix style attacks. We also dig into how password managers were unexpectedly pulled into a mobile banking security decision, and why sideloaded apps are becoming a growing point of confusion for users. The wider topics include a deep dive into Equifax’s security culture years after its breach, OpenAI’s move to connect health data to ChatGPT and why that changes the value of accounts, the UK government’s new cyber action plan, and why outdated, box ticking cyber training continues to miss the mark. We also look at scam texts, SMS trust problems, and even cyber exclusions quietly appearing in home insurance policies. If you want cyber news explained with clarity, context, and zero jargon, you are in the right place. Chapters 00:00:00 Welcome, and this week’s stories Breach Watch 00:01:01 Breach Watch begins00:01:22 Condé Nast breach claims and subscriber data risk00:04:41 Covenant Health breach grows to nearly half a million people00:07:18 Tokyo FM breach and why radio stations hold so much data00:10:13 US gas station operator breach, payment cards and delayed notification00:12:31 European Space Agency breach under criminal investigation What the Hack 00:22:52 Fake Blue Screen of Death attacks targeting hotel staff00:26:37 ClickFix techniques and why panic keeps working00:34:49 HSBC, Bitwarden, sideloaded apps, and mobile trust decisions Topics 00:37:52 OpenAI, ChatGPT health data, and account value00:42:03 UK government cyber action plan00:44:48 NCSC cyber training for school staff and why delivery matters00:49:00 Parking fine scams, bank texts, and SMS trust issues00:57:07 Cyber events appearing in home insurance policies01:02:54 Closing thoughts and wrap up More Informationhttps://riskycreative.com Listen on the goSpotify: https://open.spotify.com/show/7rwzcRsKrXbASFBfiXoCZ6Apple Podcasts: https://podcasts.apple.com/us/podcast/the-awareness-angle-cyber-news-weekly/id1784126196 Follow usLinkedIn: https://www.linkedin.com/newsletters/the-awareness-angle-newsletter-7274932363787132928/TikTok: https://www.tiktok.com/@infosecantInstagram: https://www.instagram.com/riskycreativeYouTube: https://www.youtube.com/@riskycreative If you found this useful, hit subscribe and share it with someone who cares about cyber but does not speak cyber. Stay aware, stay secure. 🎵 Our Intro and Outro Song (© 16 by falling forever)https://fallingforever.bandcamp.com/track/16 License: CC BY 4.0https://creativecommons.org/licenses/by/4.0

    1h 4m

  6. 9 JAN

    Interview Special - Why Security Awareness Is a Social Responsibility - With Ishmael Pennino and Liam Stock-Rabbat

    In this episode of The Awareness Angle, I’m joined by two people who genuinely live and breathe community-led security awareness, Roberto Ishmael Pennino and Liam Stock Rabbat. This conversation goes well beyond phishing simulations and training slides. We talk openly about why community matters so much in security awareness, how loneliness and isolation are fuelling modern scams, and why human connection might be one of the most important defences we have right now. We dig into Ishmael and Liam’s joint initiative focused on cybersecurity awareness for everyone, not just people working in corporate roles, and why giving back to the wider community should matter to all of us in this space. We also explore the real-world impact of scams, shame, and silence, including why normalising these conversations can genuinely help people feel safer online. There’s plenty in here for awareness professionals, as well as for anyone interested in human risk, behaviour change, and making security feel more human. 🎙️ In this episode, we cover• Why community work matters in security awareness• The human cost of scams, beyond just financial loss• How awareness can genuinely help people feel safer• AI as both a challenge and an enabler for awareness teams• What needs to change to improve online safety for everyone If you care about people, culture, and doing security differently, this one’s for you. 👍 Like, subscribe, and share if this episode resonates💬 Let us know your thoughts in the comments In this episode, we discuss the "Shamrock Project", but we had that wrong. It's Operation Shamrock and more details on them and the great work that they do can be found at www.operationshamrock.org We also discussed my interview with Daisy Wong and her own personal experience witha romance scam. You can watch that video at https://youtu.be/T7rrOmGRAoU Stay aware, stay secure. The Awareness Angle: Interviews is our ongoing series of real, no-fluff conversations with the people rethinking how we approach security, risk, and human behaviour. Read The Episode Discussion Pointshttps://www.riskycreative.com YouTubehttps://www.youtube.com/@riskycreative LinkedInhttps://www.linkedin.com/company/riskycreative Contacthello@riskycreative.com Websitehttps://www.riskycreative.com About The Awareness AngleA CYBERSECURITY PODCAST where we talk about SECURITY AWARENESS and security education. We are professionals in HUMAN RISK and Information Security Awareness. We know PHISHING CAMPAIGNS. We know PHISH. We have done annual SECURITY TRAINING. We have sent NEWSLETTERS and made videos. We have created security awareness CULTURE STUDIES and are passionate about HUMAN BEHAVIOURS. Whether you're a Cyber Security Awareness professional or simply curious about human risk, this podcast is your go-to resource for fresh perspectives and creative solutions. Intro and outro music16! by falling foreverhttps://fallingforever.bandcamp.com/track/16 LicenseCreative Commons Attribution 4.0https://creativecommons.org/licenses/by/4.0

    1h 4m

  7. 5 JAN

    Spotify Scraped and Google Phish Steals Microsoft Logins

    This week on The Awareness Angle, trusted platforms are being abused at scale, and the damage often starts with things that look completely legitimate. From Spotify facing claims of a massive torrent based scrape to phishing emails abusing real Google services, the theme this week is misplaced trust, and how attackers keep exploiting it. We kick off with Breach Watch, starting with claims that Anna’s Archive scraped huge volumes of Spotify audio and metadata and redistributed it via torrents. We then move to Ubisoft taking Rainbow Six Siege offline after attackers appear to gain deep backend control, triggering mass bans and in game chaos. We also cover Korean Air disclosing a passenger data exposure linked to a supplier breach, and an update on the Coupang incident where investigators recovered customer data from a laptop that had been smashed and dumped in an attempt to destroy evidence. In What the Hack, we break down a phishing campaign abusing real Google services to send convincing emails before stealing Microsoft logins, a British security researcher who secured an Australian visa after responsibly hacking a government website, and a new ClickFix service selling fake browser glitch pages at scale. We also dig into a long running browser extension malware campaign that has quietly infected millions of users across Chrome, Edge, and Firefox, Meta’s reported internal playbook for managing scam ad scrutiny, and why Flipper Zero and Raspberry Pi devices were banned from a major public event in New York. The wider topics look at loan scams thriving on social platforms, why scam ads keep slipping through despite reporting, and the quiet loss of one of the most important public resources for tracking AI jailbreaks in the wild. If you want cyber news explained with clarity and zero jargon, you are in the right place. Chapters00:00:00 Welcome, and this week’s storiesBreach Watch00:01:16 Spotify scrape claims and torrent distribution00:05:25 Rainbow Six Siege hack forces Ubisoft shutdown00:10:57 Korean Air passenger data exposed via supplier breach00:12:59 Coupang update, smashed laptop data recoveredWhat the Hack00:15:53 Google services abused for phishing Microsoft logins00:20:47 British hacker wins Australian visa after responsible disclosure00:23:34 ClickFix attacks sold via fake browser glitch pages00:28:46 Browser extensions infect millions over seven years00:34:28 NYC bans Flipper Zero and Raspberry Pi devicesTopics00:39:02 Loan scams spreading through social platforms00:42:10 Meta and the management of scam ad scrutiny00:44:59 Reddit bans r slash ChatGPTJailbreak and why it matters00:48:06 Closing thoughts More Informationhttps://riskycreative.com Listen on the goSpotify: https://open.spotify.com/show/7rwzcRsKrXbASFBfiXoCZ6?si=1bbe58c9be6c462bApple Podcasts: https://podcasts.apple.com/us/podcast/the-awareness-angle-cyber-news-weekly/id1784126196 Follow usLinkedIn: https://www.linkedin.com/newsletters/the-awareness-angle-newsletter-7274932363787132928/TikTok: https://www.tiktok.com/@infosecantInstagram: https://www.instagram.com/riskycreativeYouTube: https://www.youtube.com/@riskycreative If you found this useful, hit subscribe and share it with someone who cares about cyber but does not speak cyber. Stay aware, stay secure.

    49 min

  8. 22/12/2025

    Microsoft Account Hacks, WhatsApp Ghost Pairing, and Extensions Spy On AI

    This week on The Awareness Angle, breaches, extortion, and quietly invasive tech all collide. From real estate firms leaking highly sensitive data to browser extensions secretly harvesting AI conversations, the theme this week is trust, and how easily it gets abused. Luke is back from holiday, and we kick off with Breach Watch, starting with a New York and DC real estate developer exposing nearly 47,000 people after a ransomware attack. We then look at SoundCloud losing control of user data, followed by one of the most personal extortion cases we have seen, PornHub Premium viewing history stolen via a third party analytics provider. We also cover the ongoing UK government hack that ministers are playing down, despite growing concern around state linked espionage. In What the Hack, we dig into malware hidden inside movie subtitle files on fake torrents, a new Microsoft account takeover technique that bypasses passwords, MFA, and passkeys, and a Chrome browser extension that was quietly intercepting millions of users’ AI chats while wearing a trusted Featured badge. We also revisit LG’s smart TV Copilot backlash, and how user pushback forced a rapid U turn. The wider topics take us from WhatsApp account hijacking via Ghost Pairing, to activity tracking risks in messaging apps, the growing problem of deepfakes and trust online, crypto scams draining life savings, and how Amazon detected a North Korean infiltrator based on something as subtle as keystroke lag. If you want cyber news explained with clarity and zero jargon, you are in the right place. Chapters 00:00:00 Welcome, and this week’s storiesBreach Watch00:01:36 NYC and DC real estate developer data breach00:04:27 SoundCloud breach and VPN disruption00:08:15 PornHub extortion and leaked viewing history00:13:27 UK government hack investigationWhat the Hack00:16:49 Malware hidden in movie subtitle files00:21:55 Microsoft account takeover surge and ConsentFix00:28:47 Chrome extensions harvesting AI chats00:34:54 LG backtracks on Copilot for smart TVsTopics00:38:09 WhatsApp Ghost Pairing account hijack00:41:48 WhatsApp and Signal activity tracking risks00:47:50 Deepfakes, content credentials, and trust online00:49:43 Idris Elba waxwork and biometric security limits00:53:32 Do we actually need AI00:54:40 Crypto scam victim loses 1.8 million dollars00:57:32 North Korean infiltrator caught via keystroke lag More Informationhttps://riskycreative.com Listen on the goSpotify: https://open.spotify.com/show/7rwzcRsKrXbASFBfiXoCZ6Apple Podcasts: https://podcasts.apple.com/us/podcast/the-awareness-angle-cyber-news-weekly/id1784126196 Follow usLinkedIn: The Awareness Angle NewsletterTikTok: @infosecantInstagram: @riskycreativeYouTube: @riskycreative If you found this useful, hit subscribe and share it with someone who cares about cyber but does not speak cyber. Stay aware, stay secure.

    1h 2m
See All (74)

Ratings & Reviews

4.6
out of 5
5 Ratings

About

The Awareness Angle makes cybersecurity make sense. Hosted by Anthony and Luke, we break down the biggest cyber stories of the week. From phishing scams and AI fraud to major data breaches and the sneaky ways people get hacked, we explain what’s going on and why it matters. But this isn’t just another tech podcast. We focus on the human side of cybersecurity. How scams actually work, why people fall for them, and what we can all do to stay safer online. You’ll get practical tips, real-world examples, and relatable stories that show how cyber threats affect everyday people, not just big busin

Information