Russia’s New Cyberwarfare in Ukraine Is Fast, Dirty, and Relentless

Security researchers see updated tactics and tools—and a tempo change—in the cyberattacks Russia’s GRU military intelligence agency is inflicting on Ukraine.

IRS Seizes Another Silk Road Hacker’s $3.36 Billion Bitcoin Stash

A year after a billion-dollar seizure of the dark web market's crypto, the same agency found a giant trove hidden under a different hacker's floorboards.

TikTok Admits Staff in China Can Access Europeans’ Data

Plus: Liz Truss’ phone-hacking trouble, Cash App’s sex-trafficking problem, and the rising cost of ransomware.

The Rise of Rust, the ‘Viral’ Secure Programming Language That’s Taking Over Tech

Rust makes it impossible to introduce some of the most common security vulnerabilities. And its adoption can’t come soon enough.

The Most Vulnerable Place on the Internet

Underwater cables keep the internet online. When they congregate in one place, things get tricky.

You Need to Update Google Chrome, Windows, and Zoom Right Now

Plus: Important patches from Apple, VMWare, Cisco, Zimbra, SAP, and Oracle.

China Operates Secret ‘Police Stations’ in Other Countries

Plus: The New York Post gets hacked, a huge stalkerware network is exposed, and the US claims China interfered with its Huawei probe.

If Musk Starts Firing Twitter's Security Team, Run

What's next for the social network is anyone's guess—but here's what to watch as you wade through the privacy and security morass.

Apple MacOS Ventura Bug Breaks Third-Party Security Tools

Your anti-malware software may not work if you upgraded to the new operating system. But Apple says a fix is on the way.

The Hunt for the Kingpin Behind AlphaBay, Part 1: The Shadow

AlphaBay was the largest online drug bazaar in history, run by a technological mastermind who seemed untouchable—until his tech was turned against him.

TikTok’s Security Threat Comes Into Focus

Plus: A Microsoft cloud leak exposed potential customers, new IoT security labels come to the US, and details emerge about Trump’s document stash.

Your Microsoft Exchange Server Is a Security Liability

Endless vulnerabilities. Massive hacking campaigns. Slow and technically tough patching. It's time to say goodbye to on-premise Exchange.

How Vice Society Got Away With a Global Ransomware Spree

Vice Society has a superpower that’s allowed it to quietly carry out attacks on schools and hospitals around the world: mediocrity.

Elon Musk’s SpaceX Bails on Starlink Funding for Ukraine

Plus: Hackers hit the Mormon Church, Signal plans to ditch SMS for Android, and a Fat Bear election erupts in scandal.

Google’s Pixel 7 and Pixel 7 Pro Pack New Android VPN and Tensor G2, Titan M2 Chips

The company says it hardened the security of its new flagship phones—and plans to release a built-in Android VPN.

How to Protect Yourself If Your School Uses Surveillance Tech

Colleges and K-12 campuses increasingly monitor student emails, social media, and more. Here’s how to secure your (or your child’s) privacy.

Binance Hackers Minted $569M in Crypto—Then It Got Complicated

Plus: The US warns of a mysterious military contractor breach, a "poisoned" version of the Tor Browser is tracking Chinese users, and more.

The Uber Data Breach Conviction Shows Security Execs What Not to Do

Former Uber security chief Joe Sullivan’s conviction is a rare criminal consequence for an executive’s handling of a hack.

Swatted: A Shooting Hoax Spree Is Terrorizing Schools Across the US

Sixteen states collectively suffered more than 90 false reports of school shooters during three weeks in September—and many appear to be connected.

Microsoft Exchange Server Has a Zero-Day Problem

Plus: CIA failures allegedly got US informants killed, a former NSA worker is charged under the Espionage Act, and more.

The Challenge of Cracking Iran’s Internet Blockade

People around the world are rallying to subvert Iran's internet shutdown, but actually pulling it off is proving difficult and risky.

A Matrix Update Patches Serious End-to-End Encryption Flaws

The messenger protocol had gained popularity for its robust security, but vulnerabilities allowed attackers to decrypt messages and impersonate users.

Mystery Hackers Are ‘Hyperjacking’ Targets for Insidious Spying

For decades, security researchers warned about techniques for hijacking virtualization software. Now one group has put them into practice.

This Chatbot Aims to Steer People Away From Child Abuse Material

Pornhub is trialing a new automated tool that pushes CSAM-searchers to seek help for their online behavior. Will it work?

The Dire Warnings in the Lapsus$ Hacker Joyride

The fun-loving cybercriminals blamed for breaches of Uber and Rockstar are exposing weaknesses in ways others aren't.

Slack’s and Teams’ Lax App Security Raises Alarms

New research shows how third-party apps could be exploited to infiltrate these sensitive workplace tools.

A New Linux Tool Aims to Guard Against Supply Chain Attacks

Security firm Chainguard has created a simple, open source way for organizations to defend the cloud against some of the most insidious attacks.

The Deep Roots of Nigeria’s Cybersecurity Problem

Despite having one of the strongest data-protection policies in Africa, the country’s enforcement and disclosure practices remain dangerously broken.

US Border Agents May Have a Copy of Your Text Messages

Plus: An AI artist exposes surveillance of Instagram users, the US charges Iranians over a ransomware campaign, and more.

Ukraine’s Cyberwar Chief Sounds Like He’s Winning

Yurii Shchyhol gives WIRED a rare interview about running the country’s Derzhspetszviazok and the state of the online conflict with Russia.

iOS 16 Has 2 New Security Features for Worst-Case Scenarios

Safety Check and Lockdown Mode give people in vulnerable situations ways to quarantine themselves from acute risks.

Police Across US Bypass Warrants With Mass Location-Tracking Tool

Plus: An unsecured database exposed face recognition data in China, ‘Cuba’ ransomware knocks out Montenegro, and more.

TikTok Users Were Vulnerable to a Single-Click Attack

Microsoft disclosed the flaw in the Android app’s deep link verification process, which has since been fixed.

A Windows 11 Automation Tool Can Easily Be Hijacked

Hackers can use Microsoft’s Power Automate to push out ransomware and key loggers—if they get machine access first.

Apple Fixed a Serious iOS Security Flaw—Have You Updated Yet?

Plus: Chrome patches another zero-day flaw, Microsoft closes up 100 vulnerabilities, Android gets a significant patch, and more.

Why the Twilio Breach Cuts So Deep

The phishing attack on the SMS giant exposes the dangers of B2B companies to the entire tech ecosystem.

Inside the World’s Biggest Hacker Rickroll

As a graduation prank, four high school students hijacked 500 screens across six school buildings to troll their classmates and teachers.

Janet Jackson’s ‘Rhythm Nation’ Can Crash Old Hard Drives

Plus: The Twilio hack snags a reporter, a new tool to check for spyware, and the Canadian weed pipeline gets hit by a cyberattack.

Spyware Hunters Are Expanding Their Tool Set

This invasive malware isn’t just for phones—it can target your PC too. But a new batch of algorithms aims to weed out this threat.

A New Tractor Jailbreak Rides the Right-to-Repair Wave

A hacker has formulated an exploit that provides root access to two popular models of the company’s farm equipment.

Flaw in the VA Medical Records Platform May Put Patients at Risk

The Veterans Affairs’ VistA software has a vulnerability that could let an attacker “masquerade as a doctor,” a security researcher warns.

A Single Flaw Broke Every Layer of Security in MacOS

An injection flaw allowed a researcher to access all files on a Mac. Apple issued a fix, but some machines may still be vulnerable.

Zoom’s Auto-Update Feature Came With Hidden Risks on Mac

The popular video meeting app makes it easy to keep the software up to date—but it also introduced vulnerabilities.

The US Offers a $10M Bounty for Intel on Conti Ransomware Gang

The State Department organization has called for people to share details about five key members of the hacking group.

Sloppy Software Patches Are a ‘Disturbing Trend’

The Zero Day Initiative has found a concerning uptick in security updates that fail to fix vulnerabilities.

Google's Android Red Team Had a Full Pixel 6 Pwn Before Launch

Before the flagship phone ever landed in users’ hands, the security team thoroughly hacked it by finding bugs and developing exploits.

The Hacking of Starlink Terminals Has Begun

It cost a researcher only $25 worth of parts to create a tool that allows custom code to run on the satellite dishes.

One of 5G’s Biggest Features Is a Security Minefield

New research found troubling vulnerabilities in the 5G platforms carriers offer to wrangle embedded device data.

GitHub Moves to Guard Open Source Against Supply Chain Attacks

The popular Microsoft-owned code repository plans to roll out code signing, which will help beef up the security of open source projects.

The US Emergency Alert System Has Dangerous Flaws

Plus: A crypto-heist extravaganza, a peek at an NSO spyware dashboard, and more.

An ISP Settled Piracy Lawsuits. Could Users Take the Hit?

Now that Charter has reached settlements with major record labels, it’s unclear whether the cable provider will pull the plug on users who pirate music.

A Slack Bug Exposed Some Users’ Hashed Passwords for 5 Years

The exposure of cryptographically scrambled passwords isn’t a worst-case scenario—but it isn’t great, either.

An Attack on Albanian Government Suggests New Iranian Aggression

A Tehran-linked hack of a NATO member marks a significant escalation against the backdrop of US-Iran nuclear talks.

The Microsoft Team Racing to Catch Bugs Before They Happen

What's it like to be responsible for a billion people's digital security? Just ask the company's Morse researchers.

A New Attack Easily Knocked Out a Potential Encryption Algorithm

SIKE was a contender for post-quantum-computing encryption. It took researchers an hour and a single PC to break it.

The January 6 Secret Service Text Scandal Turns Criminal

Plus: The FCC cracks down on car warranty robocalls, Thai activists get targeted by NSO's Pegasus, and the Russia-Ukraine cyberwar continues.

The 2022 US Midterm Elections' Top Security Issue: Death Threats

While cybersecurity and foreign meddling remain priorities, domestic threats against election workers have risen to the top of the list.

Instagram Slow to Tackle Bots Targeting Iranian Women’s Groups

Despite alerting Meta months ago, feminist groups say tens of thousands of fake accounts continue to bombard them on the platform.

Amazon Handed Ring Videos to Cops Without Warrants

Plus: A wild Indian cricket scam, an elite CIA hacker is found guilty of passing secrets to WikiLeaks, and more of the week's top security news.

A New Attack Can Unmask Anonymous Users on Any Major Browser

Researchers have found a way to use the web's basic functions to identify who visits a site—without the user detecting the hack.