In episode 459 of Smashing Security, we dive into a chillingly clever account takeover attempt targeting WordPress co-founder Matt Mullenweg - involving MFA fatigue, real Apple alerts, a convincing support call, and a phishing page that oh-so-nearly worked. If a famous techie could have this happen to you, can you be sure you're immune?Plus: would you donate your lifetime medical history to science if you were promised anonymity? We unpack serious concerns around UK Biobank, where “de-identified” data may not be as anonymous as you think — and how surprisingly little information it takes to reveal everything.And! Human-powered “AI”, and a punishment worse than prison: eight hours on the RSA expo floor...All this, and much more, in episode 459 of the "Smashing Security" podcast with cybersecurity veteran Graham Cluley, and special guest Paul Ducklin.EPISODE LINKS:DOGE employee stole Social Security data and put it on a thumb drive, report says - TechCrunch.Foreign hacker in 2023 compromised Epstein files held by FBI, source and documents show - Reuters.New font-rendering trick hides malicious commands from AI tools - Bleeping Computer.Lockdown Mode - Apple support.Gone (Almost) Phishin’ - Matt Mullenweg.Listen to the Live Scam Call Targeting Matt Mullenweg’s Apple Account - YouTube.Confidential health records from UK BioBank project exposed online - The Guardian.A message from Professor Sir Rory Collins, Chief Executive and Principal Investigator of UK Biobank - UK BioBank.Psychotherapy data breach blackmailer sent to prison - Paul Ducklin.Your AI slop bores me.Post by Vaughan Shanks - LinkedIn.Judge Sentences CISO to 8 Consecutive Hours on RSA Expo Floor as Formal Punishment for Security Breach - The Exploit.Smashing Security merchandise (t-shirts, mugs, stickers and stuff)SPONSORS:Vanta - Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get $1000 off!Adaptive Security - requ