A Wikipedia security engineer accidentally wakes a dormant JavaScript worm that hadn’t stirred since 2024 – and within minutes, giant woodpecker images are plastered across the internet’s favourite encyclopaedia.
Meanwhile, a crypto contractor hired to help the US Marshals manage seized digital assets allegedly decides to help himself to $46 million of it – and then brags about it on a recorded Telegram call.
Plus: Graham champions Asterix, Trisha discovers the fantasy novels of Robin Hobb, and someone called “Lick” ends up in the nick.
All this, and much more, in episode 458 of the “Smashing Security” podcast with cybersecurity veteran Graham Cluley, and special guest Tricia Howard.
Smashing Security #458:
How not to steal $46 million from the US government
Host:
Graham Cluley:
@grahamcluley.com
@
/ grahamcluley
Guest:
Tricia Howard:
/ triciakickssaas
Episode links:
- Major data leak forum dismantled in global action against cybercrime forum – Europol.
- Ericsson blames vendor vishing slip-up for breach exposing thousands of records – The Register.
- How hackers bypassed MFA with a $120 phishing kit – until law enforcement shut them down – Hot for Security.
- Wikipedia hit by self-propagating JavaScript worm that vandalized pages – Bleeping Computer.
- FBI arrests crypto thief accused of stealing $46 million from seized government wallet – Tom’s Hardware.
- Twitter thread by ZachXBT about John Daghita’s arrest – Twitter.
- Asterix – Wikipedia.
- Robin Hobb.
- The Complete Farseer trilogy – Harper Collins.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
Sponsored by:
- Vanta – Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get $1000 off!
- ThreatLocker – Start your free trial and book a demo of ThreatLocker today to see how you can implement Zero Trust in your environment.
- Meter – Network infrastructure for the enterprise. Get a free personalised demo.
Support the show:
You can help the podcast by telling your friends and colleagues about “Smashing Security”, and leaving us a review on Apple Podcasts or Podchaser.
Join Smashing Security PLUS for ad-free episodes and our early-release feed!
Follow us:
Follow the show on Bluesky, or join us on the Smashing Security subreddit, or visit our website for more episodes.
Thanks:
Theme tune: “Vinyl Memories” by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
