One-two punch delivered in global operation disrupts cybercrime “assembly line”
“Operation Endgame” simultaneously disrupts two widely used crime tools.
Dan Goodin
–
|
6
Security
White House drastically shortens deadline for dropping quantum-vulnerable crypto
Order warns of national security risks if post-quantum cryptography isn’t adopted in time.
Dan Goodin
–
|
52
Following user outcry, AMD reinstates memory encryption in consumer CPUs
Critics saw the move as an underhanded way to steer them toward more costly chips.
Dan Goodin
–
|
47
Microsoft discovers new lightweight backdoor that steals cryptocurrency
Crypto Clipper spreads over USB and communicates over Tor.
Dan Goodin
–
|
82
Apple patches high-severity eavesdropping vulnerability in Beats Studio Buds
The vulnerability, disclosed 12 months ago, affects multiple manufacturers.
Dan Goodin
–
|
14
Massive breach spills credentials for thousands of sensitive networks
The affected include Oracle, Lenovo, FedEx, a NATO contractor, and Fortinet.
Dan Goodin
–
|
88
“Dangerous” AI models are coming no matter what
AI models with advanced hacking capabilities will soon be the norm.
WIRED
–
|
133
Windows and Linux users: The deadline to update Secure Boot keys is near
What you need to know about the expiration of keys securing your machine’s boot sequence.
Dan Goodin
–
|
161
Most Read
Critical Copilot vulnerability allowed hackers to steal 2FA code from users
SearchLeak exploit shows why the industry’s approach to LLM security fails over and over.
Dan Goodin
–
|
92
Users cry foul after AMD stripped memory crypto from its consumer CPUs
AMD’s stripping of TSME from consumer CPUs appears to be a deliberate, covert move.
Dan Goodin
–
|
99
PeopleSoft 0-day affecting hundreds of organizations steals gigabytes of data
Vulnerability in the Oracle-owned PeopleSoft software is about as critical as they come.
Dan Goodin
–
|
48
Locked in heated rivalry with researcher, Microsoft fixes 0-day they disclosed
A separate zero-day also disclosed by Nightmare Eclipse appears to be patched as well.
Dan Goodin
–
|
110
High-severity vulnerability in Linux caused by a single faulty character
Use-after-free bug can be exploited to evade sandbox defenses.
Dan Goodin
–
|
56
For the 2nd time in weeks, Microsoft packages laced with credential stealer
73 packages run self-replicating stealer as soon as they’re opened by an AI agent.
Dan Goodin
–
|
39
How a USB-connected speaker can infect a PC without ever being touched
Seller of the Sound Blaster Katana V2X doesn’t consider the behavior a vulnerability.
Dan Goodin
–
|
137
Dashlane explains how attackers managed to download encrypted password vaults
By targeting large numbers of users, attackers increased their chances of success.
Dan Goodin
–
|
82
Can’t make sense of Dashlane’s vault theft notification? You’re not alone.
Security advisory leaves out key details. Dashlane maintains complete silence.
Dan Goodin
–
|
40
Hackers duped Meta AI support chatbot to steal celebrity Instagram accounts
Pricey Instagram handles were stolen and resold before Meta patched the exploit.
Jeremy Hsu
–
|
51
Dozens of Red Hat packages backdoored through its official NPM channel
Anyone who has downloaded affected Red Hat packages should investigate immediately.
Dan Goodin
–
|
40
Botnet of more than 17 million devices dismantled
The botnet was reportedly tied to a Russia-based residential proxy network.
Dan Goodin
–
|
27
Fed up with vibe coders, dev sneaks data-nuking prompt injection into their code
Undisclosed addition in jqwik instructed AI coding agents to delete app output.
Dan Goodin
–
|
387
Websites have a new way to spy on visitors: Analyzing their SSD activity
Telltale SSD activity can be measured in the browser using simple JavaScript.
Dan Goodin
–
|
148
Millions of AI agents imperiled by critical vulnerability in open source package
“BadHost” was found in Starlette, a package with 325 million weekly downloads.
Dan Goodin
–
|
67
Police boast of hacking VPN where criminals “believed themselves to be safe”
Law enforcement intercepted VPN traffic, seized domains, and arrested its operator.
Jon Brodkin
–
|
60
Texas AG sues Meta over claims that WhatsApp doesn’t provide end-to-end encryption
Critics note a lack of factual support in lawsuit filed by US Senate candidate.
Dan Goodin
–
|
49
A hacker group is poisoning open source code at an unprecedented scale
GitHub is just the latest victim of TeamPCP, a gang that has carried out a spree of software supply chain attacks.
WIRED
–
|
49
Google publishes exploit code threatening millions of Chromium users
Google publishes exploit code before patch, reported 42 months earlier, is fixed.
Dan Goodin
–
|
63
In stunning display of stupid, secret CISA credentials found in public GitHub repo
SSH keys, plaintext passwords, other sensitive data had been up since November 2025.
Lee Hutchinson
–
|
105
Bug bounty businesses bombarded with AI slop
“Never-ending” AI slop strains corporate hacking reward schemes.
Financial Times
–
|
94
Zero-day exploit completely defeats default Windows 11 BitLocker protections
It’s not entirely clear how the exploit works. Microsoft says it’s investigating.
Dan Goodin
–
|
60
Linux bitten by second severe vulnerability in as many weeks
Production-version patches are coming online and should be installed pronto.
Dan Goodin
–
|
93
Chaos erupts as cyberattack disrupts learning platform Canvas amid finals
Across the country, schools and colleges postpone year-end tests.
Dan Goodin
–
|
93
Mozilla says 271 vulnerabilities found by Mythos have “almost no false positives”
The developer of Firefox says it has “completely bought in” on AI-assisted bug discovery.
Dan Goodin
–
|
138
Widely used Daemon Tools disk app backdoored in monthlong supply-chain attack
Daemon Tools users: It’s time to check your machines for stealthy infections, stat.
Dan Goodin
–
|
63
Ubuntu infrastructure has been down for more than a day
The outage has hampered communication concerning a critical vulnerability that gives root.
Dan Goodin
–
|
76
GPT-5.5 matches heavily hyped Mythos Preview in new cybersecurity tests
New results suggest Mythos’ cyber threat isn’t “a breakthrough specific to one model.”
Kyle Orland
–
|
163