Microsoft catches Russian hackers targeting foreign embassies
End goal is the installation of a malicious TLS root certificate for use in intel gathering.
Dan Goodin
–
|
25
Security
Blame the governor! Oklahoma’s “board meeting porn” scandal goes gonzo.
Also, a cybersecurity firm analyzes the smart TV in question.
Nate Anderson
–
|
241
In search of riches, hackers plant 4G-enabled Raspberry Pi in bank network
Sophisticated group also used novel means to disguise their custom malware.
Dan Goodin
–
|
89
St. Paul, MN, was hacked so badly that the National Guard has been deployed
"A deliberate, coordinated digital attack."
Nate Anderson
–
|
175
Flaw in Gemini CLI coding tool could allow hackers to run nasty commands
Beware of coding agents that can access your command window.
Dan Goodin
–
|
63
Pro-Ukrainian hackers take credit for attack that snarls Russian flight travel
State-owned Aeroflot cancels dozens of flights, stranding travelers throughout Russia.
Dan Goodin
–
|
60
Microsoft to stop using China-based teams to support Department of Defense
The tech giant has relied on global workforce to support federal clients.
ProPublica
–
|
128
After BlackSuit is taken down, new ransomware group Chaos emerges
As BlackSuit's dark web site goes dark, Chaos is already around to pick up the slack.
Dan Goodin
–
|
12
Most Read
North Korean hackers ran US-based “laptop farm” from Arizona woman’s home
North Korea made millions from the scheme.
Nate Anderson
–
|
110
Supply-chain attacks on open source software are getting out of hand
Attacks affected packages, including one with ~2.8 million weekly downloads.
Dan Goodin
–
|
56
Hackers—hope to defect to Russia? Don’t Google “defecting to Russia.”
Criminals who get caught are, unsurprisingly, not always great at opsec.
Nate Anderson
–
|
116
What to know about ToolShell, the SharePoint threat under mass exploitation
Easy to exploit. Unauthenticated access. Massive reach. ToolShell has it all.
Dan Goodin
–
|
44
After $380M hack, Clorox sues its “service desk” vendor for simply giving out passwords
Massive 2023 hack was easily preventable, Clorox says.
Nate Anderson
–
|
209
A power utility is reporting suspected pot growers to cops. EFF says that’s illegal.
EFF says the "mass surveillance scheme" violates constitutional protections.
Dan Goodin
–
|
197
SharePoint vulnerability with 9.8 severity rating under exploit across globe
Ongoing attacks are allowing hackers to steal credentials giving privileged access.
Dan Goodin
–
|
70
Phishers have found a way to downgrade—not bypass—FIDO MFA
Contrary to recent reports, phishing sleight-of-hand doesn't defeat FIDO.
Dan Goodin
–
|
70
GitHub abused to distribute payloads on behalf of malware-as-a-service
The repository offered the MaaS a distribution channel not blocked in many networks.
Dan Goodin
–
|
10
Google finds custom backdoor being installed on SonicWall network devices
Overstep backdoor nukes key log entries, making detection hard.
Dan Goodin
–
|
24
Hackers exploit a blind spot by hiding malware inside DNS records
Technique transforms the Internet DNS into an unconventional file storage system.
Dan Goodin
–
|
71
Nvidia chips become the first GPUs to fall to Rowhammer bit-flip attacks
GPUhammer is the first to flip bits in onboard GPU memory. It likely won't be the last.
Dan Goodin
–
|
53
New Windows 11 build adds self-healing “quick machine recovery” feature
New recovery mode lets Microsoft fix "widespread boot issues" affecting PCs.
Andrew Cunningham
–
|
71
Pro basketball player and 4 youths arrested in connection to ransomware crimes
Suspects were allegedly involved in a string of ransomware breaches.
Dan Goodin
–
|
19
Browser extensions turn nearly 1 million browsers into website-scraping bots
Extensions load unknown sites into invisible Windows. What could go wrong?
Dan Goodin
–
|
57
Critical CitrixBleed 2 vulnerability has been under active exploit for weeks
Exploits allow hackers to bypass 2FA and commandeer vulnerable devices.
Dan Goodin
–
|
37
Unless users take action, Android will let Gemini access third-party apps
Important changes to Android devices took effect starting Monday.
Dan Goodin
–
|
218
“No honor among thieves”: M&S hacking group starts turf war
A clash between criminal ransomware groups could result in victims being extorted twice.
Financial Times
–
|
29
Provider of covert surveillance app spills passwords for 62,000 users
Creators say app is intended for parental monitoring. So why the emphasis on stealth?
Dan Goodin
–
|
83
AT&T rolls out Wireless Account Lock protection to curb the SIM-swap scourge
Move is aimed at curbing a form of abuse that costs subscribers dearly.
Dan Goodin
–
|
61
US critical infrastructure exposed as feds warn of possible attacks from Iran
Agencies warn that some US targets may be needlessly exposed.
Dan Goodin
–
|
75
Drug cartel hacked FBI official’s phone to track and kill informants, report says
Official was connected to FBI probe of cartel kingpin Joaquín “El Chapo” Guzmán.
Dan Goodin
–
|
53
Microsoft changes Windows in attempt to prevent next CrowdStrike-style catastrophe
AV vendors have worried that this could advantage Microsoft's security software.
Andrew Cunningham
–
|
82
Actively exploited vulnerability gives extraordinary control over server fleets
AMI MegaRAC used in servers from AMD, ARM, Fujitsu, Gigabyte, and Qualcomm.
Dan Goodin
–
|
46
Ubuntu disables Intel GPU security mitigations, promises 20% performance boost
Overtime defenses for Spectre-based attacks have taken their toll.
Dan Goodin
–
|
31
Canadian telecom hacked by suspected China state group
Maximum-security Cisco vulnerability was patched Oct. 2023 and exploited Feb. 2025.
Dan Goodin
–
|
53
Record DDoS pummels site with once-unimaginable 7.3Tbps of junk traffic
Attacker rained down the equivalent of 9,300 full-length HD movies in just 45 seconds.
Dan Goodin
–
|
128
Israel-tied Predatory Sparrow hackers are waging cyberwar on Iran’s financial system
The hacker group has destroyed more than $90 million held at an Iranian crypto exchange.
WIRED
–
|
190