Poisoned Calendar invites, ChatGPT, and Bromide

A poisoned Google Calendar invite that can hijack your smart home, a man is hospitalised after ChatGPT told him to season his food with… pesticide, and some thoughts on Superman’s latest cinematic outing.

All this and more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley, joined this week by special guest Dave Bittner from The Cyberwire.

Warning: This podcast may contain nuts, adult themes, and rude language.

Episode links:

• Invitation Is All You Need: Invoking Gemini for Workspace Agents with a Simple Google Calendar Invite - SafeBreach.
• Invitation attack curses - YouTube.
• Invitation attack opens shutters - YouTube.
• Guy Gives Himself 19th Century Psychiatric Illness After Consulting With ChatGPT - 404 Media.
• Superman (2025) trailer - YouTube.
• Billy Joel: And so it goes - HBO Max.
• Billy Joel: And so it goes trailer - YouTube.
• Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Sponsored by:

• Proton - Break free from Gmail. You should be able to choose what happens to your data. With Proton, only you can read your emails.

SUPPORT THE SHOW:

Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.

Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!

FOLLOW US:

Follow us on Bluesky or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.

THANKS:

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

ENJOYED THE SHOW?

Make sure to check out our sister podcast, "The AI Fix".