Dead Airline Still Taking Bookings, Chrome's Secret AI Download & The Hackable Killer Lawn Mower

Spirit Airlines shut down on May 2nd but nobody turned anything off. A security researcher discovered the entire booking system is still running, still taking personal details, and still attempting payment transactions for flights that will never exist. Google Chrome has been silently downloading a 4GB AI model onto your computer without consent, and if you delete it, it comes back. And a $5,000 robot lawn mower can be hijacked by anyone on the internet, including overriding the emergency stop button. It phones home to TikTok's parent company.Also this week: Zara and Cushman & Wakefield both breached by ShinyHunters, a phishing attack that bypasses MFA using Microsoft's own login flow, Instagram quietly removes encrypted DMs, Anthropic's Mythos AI finds tens of thousands of vulnerabilities, OpenAI adds a trusted contact feature after self-harm lawsuits, and a student stops four high-speed trains with a radio he bought online.Chapters00:00 Intro01:43 Breach Watch: Zara Data Breach via Third-Party Vendor03:43 Breach Watch: Cushman & Wakefield Vishing Attack08:34 ConsentFix v3 Bypasses MFA via Microsoft OAuth12:18 Spirit Airlines Zombie Infrastructure Still Taking Bookings19:04 Google Chrome Secretly Installs 4GB AI Model24:31 Instagram Drops End-to-End Encryption on DMs29:22 Anthropic Mythos Exposes Thousands of Vulnerabilities35:25 OpenAI Trusted Contact Feature40:14 Student Hacks Taiwan High-Speed Rail44:25 Yarbo Robot Lawn Mower Hack51:20 Security Socials1:00:00 OutroSubscribe to the weekly newsletter at riskycreative.com for the full breakdown of every story.📺 YouTube🎧 Spotify🎧 Apple Podcasts📰 Newsletter📸 Instagram📱 TikTok: @infosecant🌐 Website🎵 Our Intro and Outro Song © 16 by Falling ForeverLicensed under CC BY 4.0