A Single Flaw Broke Every Layer of Security in MacOS

An injection flaw allowed a researcher to access all files on a Mac. Apple issued a fix, but some machines may still be vulnerable.

Zoom’s Auto-Update Feature Came With Hidden Risks on Mac

The popular video meeting app makes it easy to keep the software up to date—but it also introduced vulnerabilities.

The US Offers a $10M Bounty for Intel on Conti Ransomware Gang

The State Department organization has called for people to share details about five key members of the hacking group.

Sloppy Software Patches Are a ‘Disturbing Trend’

The Zero Day Initiative has found a concerning uptick in security updates that fail to fix vulnerabilities.

Google's Android Red Team Had a Full Pixel 6 Pwn Before Launch

Before the flagship phone ever landed in users’ hands, the security team thoroughly hacked it by finding bugs and developing exploits.

The Hacking of Starlink Terminals Has Begun

It cost a researcher only $25 worth of parts to create a tool that allows custom code to run on the satellite dishes.

One of 5G’s Biggest Features Is a Security Minefield

New research found troubling vulnerabilities in the 5G platforms carriers offer to wrangle embedded device data.

GitHub Moves to Guard Open Source Against Supply Chain Attacks

The popular Microsoft-owned code repository plans to roll out code signing, which will help beef up the security of open source projects.

The US Emergency Alert System Has Dangerous Flaws

Plus: A crypto-heist extravaganza, a peek at an NSO spyware dashboard, and more.

A Slack Bug Exposed Some Users’ Hashed Passwords for 5 Years

The exposure of cryptographically scrambled passwords isn’t a worst-case scenario—but it isn’t great, either.

An Attack on Albanian Government Suggests New Iranian Aggression

A Tehran-linked hack of a NATO member marks a significant escalation against the backdrop of US-Iran nuclear talks.

The Microsoft Team Racing to Catch Bugs Before They Happen

What's it like to be responsible for a billion people's digital security? Just ask the company's Morse researchers.

A New Attack Easily Knocked Out a Potential Encryption Algorithm

SIKE was a contender for post-quantum-computing encryption. It took researchers an hour and a single PC to break it.

The January 6 Secret Service Text Scandal Turns Criminal

Plus: The FCC cracks down on car warranty robocalls, Thai activists get targeted by NSO's Pegasus, and the Russia-Ukraine cyberwar continues.

The 2022 US Midterm Elections' Top Security Issue: Death Threats

While cybersecurity and foreign meddling remain priorities, domestic threats against election workers have risen to the top of the list.

Instagram Slow to Tackle Bots Targeting Iranian Women’s Groups

Despite alerting Meta months ago, feminist groups say tens of thousands of fake accounts continue to bombard them on the platform.

Amazon Handed Ring Videos to Cops Without Warrants

Plus: A wild Indian cricket scam, an elite CIA hacker is found guilty of passing secrets to WikiLeaks, and more of the week's top security news.

A New Attack Can Unmask Anonymous Users on Any Major Browser

Researchers have found a way to use the web's basic functions to identify who visits a site—without the user detecting the hack.

New ‘Retbleed’ Attack Can Swipe Key Data From Intel and AMD CPUs

The exploit can leak password information and other sensitive material, but the chipmakers are rolling out mitigations.

Chinese Police Exposed 1B People's Data in Unprecedented Leak

Plus: A duplicitous bug bounty scheme, the iPhone's new “lockdown mode,” and more of the week's top security news.

Will These Algorithms Save You From Quantum Threats?

Quantum-proof encryption is here—decades before it can be put to the test.