Ransomware doesn’t just freeze computers – it can silence alarms too. And when the Natural History Museum in Paris went dark, thieves helped themselves to €600,000 worth of gold in a daring late-night heist. Meanwhile, developers have a new headache: a worm dubbed “Shai Hulud” has wriggled its way through more than 180 npm packages, quietly stealing secrets.
But it’s not all doom and gloom – unless you count your kitchen appliances turning into ad billboards.
All this and more is discussed in episode 436 of the award-winning “Smashing Security” podcast with cybersecurity veteran Graham Cluley, and his special guest Zoë Rose.
Smashing Security #436:
The €600,000 gold heist, powered by ransomware
Host:
Graham Cluley:
@grahamcluley.com
@
/ grahamcluley
Guest:
Zoë Rose:
@rosesec.bsky.social
Episode links:
- EU cyber agency says airport software held to ransom by criminals – BBC News.
- Teenagers charged over cyber attack on TfL costing millions of pounds – Sky News.
- Teen arrested on suspicion of Vegas Strip attack that cost $100M – SF Gate.
- Paris: cyber-attack hits Natural History Museum, cancels exhibition – Sortira Paris.
- Cybersécurité : le Grand Palais et plusieurs musées dont le Louvre victimes d’une attaque par rançongiciel – Le Parisien.
- “Des pièces de collection nationale”: le directeur du Muséum d’histoire naturelle de Paris indique que les pépites d’or volées ont “une valeur inestimable” – BFMTV.
- Shai-Hulud Supply Chain Attack: Worm Used to Steal Secrets, 180+ NPM Packages Hit – Security Week.
- Shai-Hulud: Ongoing Package Supply Chain Worm Delivering Data-Stealing Malware – Wiz.
- 180+ NPM Packages Hit in Major Supply Chain Attack – Ox.
- Samsung confirms ads will now be shown on its $1,800+ fridges – UniLad.
- Bosch Cordless Multifunction Tool – Bosch.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
- Support us on Patreon!
Sponsored by:
- Vanta – Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get $1000 off!
- Trelica by 1Password – Access Governance for every SaaS app. Discover, manage, and optimize access for any of your SaaS apps – whether managed or unmanaged.
Support the show:
You can help the podcast by telling your friends and colleagues about “Smashing Security”, and leaving us a review on Apple Podcasts or Podchaser.
Become a Patreon supporter for ad-free episodes and our early-release feed!
Follow us:
Follow the show on Bluesky, or join us on the Smashing Security subreddit, or visit our website for more episodes.
Thanks:
Theme tune: “Vinyl Memories” by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
