Episode 259 - AI Support Goes Rogue, Silent Ransom, Loud Consequences, Apple's Password Reset Roulette, Nuking the Malware Scanner, UK's New Blackout Protocol

Welcome to this week's episode of the PEBCAK Podcast!  We’ve got four amazing stories this week so sit back, relax, and keep being awesome!  Be sure to stick around for our Dad Joke of the Week. (DJOW)

Follow us on Instagram @pebcakpodcast

 

Please share this podcast with someone you know!  It helps us grow the podcast and we really appreciate it!

 

Simple 6 signup link

• https://simple6.co/r/CFUR98

 

Meta confirms 20,225 Instagram accounts were hijacked after attackers exploited a bug in its AI-powered High Touch Support tool to reset passwords without verifying email ownership.

• https://www.bleepingcomputer.com/news/security/meta-ai-support-data-breach-affects-20-000-instagram-accounts/

The Silent Ransom Group is targeting U.S. law firms with fake IT help desk calls, moving from first contact to data exfiltration in hours and sending ransom demands within 30 minutes of leaving the network.

• https://www.bleepingcomputer.com/news/security/silent-ransom-group-targets-law-firms-with-fake-it-support-calls/

Weil Gotshal reportedly paid $18–20 million to prevent hackers from publishing stolen client data after a Silent Ransom Group attack.

• https://www.legalcheek.com/2026/06/weil-reportedly-pays-up-to-20-million-after-hackers-steal-client-data/

Jones Day confirms a cyberattack that gave hackers access to client files, also attributed to the Silent Ransom Group campaign targeting BigLaw.

• https://www.legalcheek.com/2026/04/jones-day-confirms-cyber-attack-after-hackers-access-client-files/

Dark Reading's breakdown of how Silent Ransom Group's law firm extortion campaign operates at scale.

• https://www.darkreading.com/cyberattacks-data-breaches/silent-ransom-us-law-firms-extortion-attacks

 

Apple announces that iOS 27's Passwords app will use agentic AI to automatically detect and replace weak or compromised passwords in the background, no user effort required.

• https://www.bleepingcomputer.com/news/apple/new-apple-feature-automatically-changes-your-compromised-passwords/
• https://www.macrumors.com/2026/06/08/apple-passwords-can-now-automatically-fix-passwords-with-agentic-ai/

 

Citizen Lab researcher John Scott-Railton flags a new attacker technique: malware developers are embedding nuclear and biological weapons text inside their spyware to deliberately trigger AI safety refusals, preventing LLM-based security tools from analyzing the malicious code — a real-world demonstration of how over-tuned safety guardrails create exploitable blind spots.

• https://x.com/jsrailton/status/2064661778978533571

 

UK Prime Minister Starmer gives Apple and Google a three-month deadline to install device-level software that detects and blocks explicit images on consumer hardware, with privacy advocates and Signal already calling the mandate a blueprint for mass surveillance.

• https://metro.co.uk/2026/06/08/phone-will-change-new-government-rules-explicit-images-28694073/

 

Dad Joke of the Week (DJOW)

 

Find the hosts on LinkedIn:

Chris - https://www.linkedin.com/in/chlouie/

Brian - https://www.linkedin.com/in/briandeitch-sase/

Ben - https://www.linkedin.com/in/benjamincorll/