Dead Airline Still Taking Bookings, Chrome's Secret AI Download & The Hackable Killer Lawn Mower
Spirit Airlines shut down on May 2nd but nobody turned anything off. A security researcher discovered the entire booking system is still running, you can still search flights, pick seats, enter your details, and reach the payment screen for flights that will never take off. The payment processor is still connected. The Azure API is still issuing real booking records. And the most obvious phishing domains like spiritrefunds.com were sitting there unregistered for $11.48. A student grabbed them before the scammers did, and within four hours 43 real people had already visited looking for help.
Google Chrome has been silently downloading a 4GB AI model called Gemini Nano onto people's computers without telling them. No prompt, no notification, no consent. If you find it and delete it, it comes back. The model isn't even used for Chrome's main AI features. Those run on Google's servers. The 4GB on your hard drive powers minor writing tools most people have never enabled. Google added an opt-out months later, buried deep in the settings backend where most people will never find it.
A $5,000 robot lawn mower called Yarbo can be hijacked by anyone on the internet. Every device shares the same hardcoded root password that resets with every update. Attackers can control the blades, access the cameras, steal Wi-Fi passwords, read GPS coordinates, and override the emergency stop button. The 200-pound machine routes its telemetry through ByteDance, TikTok's parent company. The company claims to be based in New York but is actually Hangang Tech from Shenzhen, China.
Also this week: Zara and Cushman & Wakefield both breached by ShinyHunters, one through a third-party analytics vendor and the other through a single phone call. A phishing technique called ConsentFix v3 that bypasses MFA by abusing Microsoft's own OAuth login flow. Instagram quietly removes end-to-end encryption on DMs for two billion users. Anthropic's Mythos AI model finds tens of thousands of software vulnerabilities and the CEO warns there's a 6 to 12 month window before adversaries catch up. OpenAI adds a "trusted contact" feature to ChatGPT after a wave of self-harm lawsuits. And a 23-year-old student in Taiwan stopped four high-speed trains carrying 80 million passengers a year using a radio he bought online and encryption keys that hadn't been changed in 19 years.
Cybersecurity news explained in plain English. No jargon, no technical degree required. New episode every week. Subscribe so you don't miss one.
Cybersecurity news 2026 | data breach explained | Spirit Airlines liquidation | Google Chrome AI download | robot lawn mower hack | ShinyHunters | vishing attack | Instagram encryption | MFA bypass | IoT security | cyber awareness | security awareness training
⏱️ CHAPTERS
00:00 Intro
01:43 Breach Watch: Zara Data Breach via Third-Party Vendor
03:43 Breach Watch: Cushman & Wakefield Vishing Attack
08:34 ConsentFix v3 Bypasses MFA via Microsoft OAuth
12:18 Spirit Airlines Zombie Infrastructure Still Taking Bookings
19:04 Google Chrome Secretly Installs 4GB AI Model
24:31 Instagram Drops End-to-End Encryption on DMs
29:22 Anthropic Mythos Exposes Thousands of Vulnerabilities
35:25 OpenAI Trusted Contact Feature
40:14 Student Hacks Taiwan High-Speed Rail
44:25 Yarbo Robot Lawn Mower Hack
51:20 Security Socials
1:00:00 Outro
📰 SUBSCRIBE TO THE NEWSLETTER
/ the-awareness-angle-newsletter-72749323637...
📺 YouTube: / @riskycreative
🎧 Spotify: https://open.spotify.com/show/7rwzcRs...
🎧 Apple Podcasts: https://podcasts.apple.com/us/podcast...
📱 TikTok: / infosecant
📸 Instagram: / riskycreative
🌐 Website: https://riskycreative.com
🎵 Our Intro and Outro Song © 16 by Falling Forever
https://fallingforever.bandcamp.com/t...
Licensed under CC BY 4.0: https://creativecommons.org/licenses/...