Smashing Security podcast #465: This developer wanted to cheat at Roblox. It cost millions

This episode details multiple active cybersecurity incidents: a Vercel breach caused by an employee-infected Lumma infostealer that stole OAuth tokens and customer secrets which are now being offered for sale; systemic mobile-network vulnerabilities (SS7 and 2G/3G fallbacks) and clandestine operators enabling location tracking of targets; and Iranian-linked threat actors conducting campaigns against critical infrastructure and Microsoft 365 environments (including password spraying and abuse of Intune to wipe devices). The discussion highlights attacker TTPs, high-impact consequences for victims, and the difficulty of remediation.