Supply-chain attack using invisible code hits GitHub and other repositories
Unicode that’s invisible to the human eye was largely abandoned—until attackers took notice.
Dan Goodin
–
|
74
Security
The who, what, and why of the attack that has shut down Stryker’s Windows network
Company says it doesn’t know how long it will take to restore its Microsoft environment.
Dan Goodin
–
|
76
14,000 routers are infected by malware that’s highly resistant to takedowns
Most of the devices are made by Asus and are located in the US.
Dan Goodin
–
|
36
From Iran to Ukraine, everyone’s trying to hack security cameras
Research shows apparent Iranian state hackers trying to hijack consumer-grade cameras.
WIRED
–
|
104
Feds take notice of iOS vulnerabilities exploited under mysterious circumstances
The long, strange trip of a large assembly of advanced iOS exploits.
Dan Goodin
–
|
37
LLMs can unmask pseudonymous users at scale with surprising accuracy
Pseudonymity has never been perfect for preserving privacy. Soon it may be pointless.
Dan Goodin
–
|
219
Google quantum-proofs HTTPS by squeezing 15kB of data into 700-byte space
Merkle Tree Certificate support is already in Chrome. Soon, it will be everywhere.
Dan Goodin
–
|
94
New AirSnitch attack bypasses Wi-Fi encryption in homes, offices, and enterprises
That guest network you set up for your neighbors may not be as secure as you think.
Dan Goodin
–
|
166
Most Read
Password managers’ promise that they can’t see your vaults isn’t always true
Contrary to what password managers say, a server compromise can mean game over.
Dan Goodin
–
|
168
Once-hobbled Lumma Stealer is back with lures that are hard to resist
ClickFix bait, combined with advanced Castleloader malware, is installing Lumma “at scale.”
Dan Goodin
–
|
20
Windows’ original Secure Boot certificates expire in June—here’s what you need to do
PCs without the new certificates could eventually have trouble booting new OSes.
Andrew Cunningham
–
|
139
Malicious packages for dYdX cryptocurrency exchange empties user wallets
Incident is at least the third time the exchange has been targeted by thieves.
Dan Goodin
–
|
35
Microsoft releases urgent Office patch. Russian-state hackers pounce.
The window to patch vulnerabilities is shrinking rapidly.
Dan Goodin
–
|
77
The rise of Moltbook suggests viral AI prompts may be the next big security threat
We don’t need self-replicating AI models to have problems, just self-replicating prompts.
Benj Edwards
–
|
116
Notepad++ users take note: It’s time to check if you’re hacked
Suspected China-state hackers used update infrastructure to deliver backdoored version.
Dan Goodin
–
|
113
Web portal leaves kids’ chats with AI toy open to anyone with Gmail account
Just about anyone with a Gmail account could access Bondu chat transcripts.
WIRED
–
|
45
County pays $600,000 to pentesters it arrested for assessing courthouse security
Settlement comes more than 6 years after Gary DeMercurio and Justin Wynn’s ordeal began.
Dan Goodin
–
|
96
Site catering to online criminals has been seized by the FBI
One of the last holdouts for ransomware discussions, RAMP is taken down.
Dan Goodin
–
|
40
There’s a rash of scam spam coming from a real Microsoft address
Abusing Microsoft’s reputation may make scam harder to spot.
Dan Goodin
–
|
49
Why has Microsoft been routing example.com traffic to a company in Japan?
Company’s autodiscover caused users’ test credentials to be sent outside Microsoft networks.
Dan Goodin
–
|
70
How to encrypt your PC’s disk without giving the keys to Microsoft
Storing recovery keys with Microsoft allows the company to unlock your disk.
Andrew Cunningham
–
|
157
Poland’s energy grid was targeted by never-before-seen wiper malware
Destructive payload unleashed on tenth anniversary of Russia’s attack on Ukraine’s grid.
Dan Goodin
–
|
188
Overrun with AI slop, cURL scraps bug bounties to ensure “intact mental health”
The onslaught includes LLMs finding bogus vulnerabilities and code that won’t compile.
Dan Goodin
–
|
90
Hacker who stole 120,000 bitcoins wants a second chance—and a security job
Crypto theft was “the worst thing I had ever done.”
Cyrus Farivar
–
|
66
Millions of people imperiled through sign-in links sent by SMS
Even well-known services with millions of users are exposing sensitive data.
Dan Goodin
–
|
70
Mandiant releases rainbow table that cracks weak admin password in 12 hours
Windows laggards still using the vulnerable hashing function: Your days are numbered.
Dan Goodin
–
|
24
Why I’m withholding certainty that “precise” US cyber-op disrupted Venezuelan electricity
NYT says US hackers were able to turn off power and then quickly turn it back on.
Dan Goodin
–
|
72
Many Bluetooth devices with Google Fast Pair vulnerable to “WhisperPair” hack
Even Google’s own earbuds are vulnerable to the Fast Pair hack.
Ryan Whitwam
–
|
42
A single click mounted a covert, multistage attack against Copilot
Exploit exfiltrating data from chat histories worked even after users closed chat windows.
Dan Goodin
–
|
69
US gov’t: House sysadmin stole 200 phones, caught by House IT desk
Scheme allegedly cost taxpayers $150,000.
Nate Anderson
–
|
65
Never-before-seen Linux malware is “far more advanced than typical”
VoidLink includes an unusually broad and advanced array of capabilities.
Dan Goodin
–
|
48
Signal creator Moxie Marlinspike wants to do for AI what he did for messaging
Introducing Confer, an end-to-end AI assistant that just works.
Dan Goodin
–
|
113
Rocket Report: A new super-heavy launch site in California; 2025 year in review
SpaceX opened its 2026 launch campaign with a mission for the Italian government.
Stephen Clark
–
|
196
Michigan man learns the hard way that “catch a cheater” spyware apps aren’t legal
Spying doesn’t become legal just because “cheaters” are the targets.
Nate Anderson
–
|
166
ChatGPT falls to new data-pilfering attack as a vicious cycle in AI continues
Will LLMs ever be able to stamp out the root cause of these attacks? Possibly not.
Dan Goodin
–
|
65
The nation’s strictest privacy law just took effect, to data brokers’ chagrin
Californians can now submit demands requiring 500 brokers to delete their data.
Dan Goodin
–
|
98