Michigan man learns the hard way that “catch a cheater” spyware apps aren’t legal
Spying doesn’t become legal just because “cheaters” are the targets.
Nate Anderson
–
|
69
Security
ChatGPT falls to new data-pilfering attack as a vicious cycle in AI continues
Will LLMs ever be able to stamp out the root cause of these attacks? Possibly not.
Dan Goodin
–
|
55
The nation’s strictest privacy law just took effect, to data brokers’ chagrin
Californians can now submit demands requiring 500 brokers to delete their data.
Dan Goodin
–
|
96
Supply chains, AI, and the cloud: The biggest failures (and one success) of 2025
The past year has seen plenty of hacks and outages. Here are the ones topping the list.
Dan Goodin
–
|
17
Browser extensions with 8 million users collect extended AI conversations
The extensions, available for Chromium browsers, harvest full AI conversations over months.
Dan Goodin
–
|
75
Microsoft will finally kill obsolete cipher that has wreaked decades of havoc
The weak RC4 for administrative authentication has been a hacker holy grail for decades.
Dan Goodin
–
|
63
Admins and defenders gird themselves against maximum-severity server vuln
Open source React executes malicious code with malformed HTML—no authentication needed.
Dan Goodin
–
|
83
Fraudulent gambling network may actually be something more nefarious
Researchers say there’s more to the network, which has operated for 14 years.
Dan Goodin
–
|
19
Most Read
This hacker conference installed a literal antivirus monitoring system
Organizers had a way for attendees to track CO2 levels throughout the venue—even before they arrived.
WIRED
–
|
104
Oops. Cryptographers cancel election results after losing decryption key.
Voting system required three keys. One of them has been “irretrievably lost.”
Dan Goodin
–
|
181
How to know if your Asus router is one of thousands hacked by China-state hackers
So far, the hackers are laying low, likely for later use.
Dan Goodin
–
|
99
Critics scoff after Microsoft warns AI feature can infect machines and pilfer data
Integration of Copilot Actions into Windows is off by default, but for how long?
Dan Goodin
–
|
69
Bonkers Bitcoin heist: 5-star hotels, cash-filled envelopes, vanishing funds
Bitcoin mining hardware exec falls for sophisticated crypto scam to tune of $200k
WIRED
–
|
76
5 plead guilty to laptop farm and ID theft scheme to land North Koreans US IT jobs
Fleets of laptops run from US residences gave appearance workers were in the US.
Dan Goodin
–
|
43
Researchers question Anthropic claim that AI-assisted attack was 90% autonomous
The results of AI-assisted hacking aren’t as impressive as many might have us believe.
Dan Goodin
–
|
84
ClickFix may be the biggest security threat your family has never heard of
Relatively new technique can bypass many endpoint protections.
Dan Goodin
–
|
181
Commercial spyware “Landfall” ran rampant on Samsung phones for almost a year
Targeted attack could steal all of a phone’s data and activate camera or mic.
Ryan Whitwam
–
|
68
How to trade your $214,000 cybersecurity job for a jail cell
Ransomware doesn’t pay what it used to.
Nate Anderson
–
|
68
Wipers from Russia’s most cut-throat hackers rain destruction on Ukraine
Sandworm and other Russian-state hackers unleash data-destroying payloads on their neighbors.
Dan Goodin
–
|
42
Musk and Trump both went to Penn—now hacked by someone sympathetic to their cause
Social engineering strikes again.
Nate Anderson
–
|
222
5 AI-developed malware families analyzed by Google fail to work and are easily detected
You wouldn’t know it from the hype, but the results fail to impress.
Dan Goodin
–
|
31
Two Windows vulnerabilities, one a 0-day, are under active exploitation
Both vulnerabilities are being exploited in wide-scale operations.
Dan Goodin
–
|
86
FCC to rescind ruling that said ISPs are required to secure their networks
FCC chair to rely on ISPs’ voluntary commitments instead of Biden-era ruling.
Jon Brodkin
–
|
83
NPM flooded with malicious packages downloaded more than 86,000 times
Packages downloaded from NPM can fetch dependencies from untrusted sites.
Dan Goodin
–
|
64
New physical attacks are quickly diluting secure enclave defenses from Nvidia, AMD, and Intel
On-chip TEEs withstand rooted OSes but fall instantly to cheap physical attacks.
Dan Goodin
–
|
87
This browser claims “perfect privacies protection,” but it acts like malware
Researchers note links to Asia’s booming cybercrime and illegal gambling networks.
WIRED
–
|
38
Cache poisoning vulnerabilities found in 2 DNS resolving apps
At least one CVE could weaken defenses put in place following 2008 disclosure.
Dan Goodin
–
|
38
Jaguar Land Rover looking at $2.5 billion price tag from crippling cyberattack
Incident was likely the most economically damaging cyber event in UK history.
Financial Times
–
|
90
NSO permanently barred from targeting WhatsApp users with Pegasus spyware
Ruling holds that defeating end-to-end encryption in WhatsApp harms Meta’s business.
Dan Goodin
–
|
108
Nation-state hackers deliver malware from “bulletproof” blockchains
Malicious payloads stored on Ethereum and BNB blockchains are immune to takedowns.
Dan Goodin
–
|
107
Thousands of customers imperiled after nation-state ransacks F5’s network
Risks to BIG-IP users include supply-chain attacks, credential loss, and vulnerability exploits.
Dan Goodin
–
|
101
NATO boss mocks Russian navy, which is on the hunt for Red October “the nearest mechanic”
A Russian sub surfaces off of Western Europe. Is it damaged?
Nate Anderson
–
|
296
Hackers can steal 2FA codes and private messages from Android phones
Malicious app required to make “Pixnapping” attack work requires no permissions.
Dan Goodin
–
|
128
Why Signal’s post-quantum makeover is an amazing engineering achievement
New design sets a high standard for post-quantum readiness.
Dan Goodin
–
|
163
Apple ups the reward for finding major exploits to $2 million
With bonuses, maximum rewards can be as high as $5 million.
WIRED
–
|
46
Microsoft warns of new “Payroll Pirate” scam stealing employees’ direct deposits
Among other things, the scammers bypass multi-factor authentication.
Dan Goodin
–
|
53