Flaw in Diksha App Exposed the Data of Millions of Indian Students

A mandatory app exposed the personal information of students and teachers across the country for over a year.

The Biggest US Surveillance Program You Didn’t Know About

Plus: A leaked US “no fly” list, the SCOTUS leaker slips investigators, and PayPal gets stuffed.

T-Mobile's New Data Breach Shows Its $150 Million Security Investment Isn't Cutting It

The mobile operator just suffered at least its fifth data breach since 2018, despite promising to spend a fortune shoring up its systems.

Welcome to the Era of Internet Blackouts

New research from Cloudflare shows that connectivity disruptions are becoming a problem around the globe, pointing toward a troubling new normal.

A Sneaky Ad Scam Tore Through 11 Million Phones

Some 1,700 spoofed apps, 120 targeted publishers, 12 billion false ad requests per day—Vastflux is one of the biggest ad frauds ever discovered.

Russian Ransomware Gang Attack Destabilizes UK Royal Mail

Plus: Joe Biden’s classified-documents scandal, the end of security support for Windows 7, and more.

In the Fight Against Scams, ‘Cyber Ambassadors’ Enter the Chat

Police in the Indian state of Telangana have found a novel way to help people avoid getting swindled online: grassroots education.

A Siemens S7-1500 Logic Controller Flaw Raises the Specter of Stuxnet

More than 120 models of Siemens' S7-1500 PLCs contain a serious vulnerability—and no fix is on the way.

Slack Discloses Breach of Its Github Code Repository

Plus: Russian spies uncovered in Europe, face recognition leads to another wrongful arrest, a new porn ID law, and more.

Twitter Data Leak: What the Exposure of 200 Million User Emails Means for You

The exposure of hundreds of millions of email addresses puts pseudonymous users of the social network at risk.

Turla, a Russian Espionage Group, Piggybacked on Other Hackers' USB Infections

The infamous, FSB-connected Turla group took over other hackers' servers, exploiting their USB drive malware for targeted espionage.

Cops Hacked Thousands of Phones. Was It Legal?

When police infiltrated the EncroChat phone system in 2020, they hit an intelligence gold mine. But subsequent legal challenges have spread across Europe.

What Is a Pig Butchering Scam?

This type of devastating scheme ensnares victims and takes them for all they’re worth—and the threat is only growing.

Update Android Right Now to Fix a Scary Remote-Execution Flaw

Plus: Patches for Apple iOS 16, Google Chrome, Windows 10, and more.

The Worst Hacks of 2022

The year was marked by sinister new twists on cybersecurity classics, including phishing, breaches, and ransomware attacks.

LastPass Data Breach: It’s Time to Ditch This Password Manager

The password manager’s most recent data breach is so concerning, users need to take immediate steps to protect themselves.

Russia’s Cyberwar Foreshadowed Deadly Attacks on Civilians

The Kremlin’s aggression in Ukraine is following a dangerous playbook that began to unfold years ago.

Hacktivism Is Back and Messier Than Ever

Throughout 2022, geopolitics has given rise to a new wave of politically motivated attacks with an undercurrent of state-sponsored meddling.

The Most Dangerous People on the Internet in 2022

From SBF to the GRU, these were the most disruptive forces of online chaos this year.

Russians Hacked JFK Airport Taxi Dispatch in Line-Skipping Scheme

Plus: An offensive US hacking operation, swatters hacking Ring cameras, a Netflix password-sharing crackdown, and more.

What Is Flipper Zero? The Hacker Tool Going Viral on TikTok, Explained

Don’t be fooled by its fun name and Tamagotchi-like interface—this do-everything gadget is trouble waiting to happen and a whole lot more.

Iran’s Internet Blackouts Are Sabotaging Its Own Economy

A new US State Department assessment highlights the stark economic toll of Tehran’s recent shutdowns and platform control.

An Alleged Russian Smuggling Ring Was Uncovered in New Hampshire

Plus: An FBI platform got hacked, an ex-Twitter employee is sentenced for espionage, malicious Windows 10 installers circulate in Ukraine, and more.

Meta’s Tricky Quest to Protect Your Account

How do you keep Facebook easy to use without being trivial to exploit? The company is trying to chart a middle ground.

GPS Signals Are Being Disrupted in Russian Cities

Navigation system monitors have seen a recent uptick in interruptions since Ukraine began launching long-range drone attacks.

Cuba Ransomware Gang Abused Microsoft Certificates to Sign Malware

The company has taken measures to mitigate the risks, but security researchers warn of a broader threat.

Hackers Planted Files to Frame Indian Priest Who Died in Custody

And new evidence suggests those hackers may have collaborated with the police who investigated him.

Attackers Keep Targeting the US Electric Grid

Plus: Chinese hackers stealing US Covid relief funds, a cyberattack on the Met Opera website, and more.

Log4j’s Log4Shell Vulnerability: One Year Later, It’s Still Lurking

Despite mitigation, one of the worst bugs in internet history is still prevalent—and being exploited.

Popular HR and Payroll Company Sequoia Discloses a Data Breach

The company, which works with hundreds of startups, said it detected unauthorized access to personal data, including Social Security numbers.

Apple Expands End-to-End Encryption to iCloud Backups

The company will also soon support the use of physical authentication keys with Apple ID, and is adding contact verification for iMessage in 2023.

Scammers Are Scamming Other Scammers Out of Millions of Dollars

On cybercrime forums, user complaints about being duped may accidentally expose their real identities.

China’s Police State Targets Zero-Covid Protesters

Plus: ICE accidentally doxes asylum seekers, Google fails to uphold a post-Roe promise, and LastPass suffers the second breach this year.

Android Phone Makers’ Encryption Keys Stolen and Used in Malware

Device manufacturers use “platform certificates” to verify an app’s authenticity, making them particularly dangerous in the wrong hands.

Google Moves to Block Invasive Spanish Spyware Framework

The Heliconia hacking tool exploited vulnerabilities in Chrome, Windows Defender, and Firefox, according to company security researchers.

The Hunt for the Kingpin Behind AlphaBay, Part 6: Endgame

With AlphaBay shuttered, Operation Bayonet enters its final phase: driving the site’s refugees into a giant trap. But one refugee hatched his own plan.

The Hunt for the Dark Web’s Biggest Kingpin, Part 5: Takedown

After months of meticulous planning, investigators finally move in to catch AlphaBay’s mastermind red-handed. Then the case takes a tragic turn.

A Destabilizing Hack-and-Leak Operation Hits Moldova

Plus: Google’s location snooping ends in a $391 million settlement, Russian code sneaks into US government apps, and the World Cup apps set off alarms.

Here’s How Bad a Twitter Mega-Breach Would Be

Elon Musk laid off half the staff, and mass resignations seem likely. If nobody’s there to protect the fort, what’s the worst that could happen?

The Hunt for the Dark Web’s Biggest Kingpin, Part 4: Face to Face

The team uses a secret technique to locate AlphaBay’s server. But just as the operation heats up, the agents have an unexpected run-in with their target.

Twitter’s SMS Two-Factor Authentication Is Melting Down

Problems with the important security feature may be some of the first signs that Elon Musk’s social network is fraying at the edges.

The Hunt for the FTX Thieves Has Begun

Mysterious crooks took hundreds of millions of dollars from FTX just as it collapsed. Crypto-tracing blockchain analysis may provide an answer.

Elon Musk Introduces Twitter Mayhem Mode

Plus: US midterms survive disinformation efforts, the government names the alleged Lockbit ransomware attacker, and the Powerball drawing hits a security snag.

Russia’s Sway Over Criminal Ransomware Gangs Is Coming Into Focus

Questions about the Kremlin’s relationships with these groups remain. But researchers are finally getting some answers.

Elon Musk's Twitter Blue Verification Is a Gift to Scammers

Anyone can get a blue tick on Twitter without proving who they are. And it’s already causing a ton of problems.

Russia’s New Cyberwarfare in Ukraine Is Fast, Dirty, and Relentless

Security researchers see updated tactics and tools—and a tempo change—in the cyberattacks Russia’s GRU military intelligence agency is inflicting on Ukraine.

IRS Seizes Another Silk Road Hacker’s $3.36 Billion Bitcoin Stash

A year after a billion-dollar seizure of the dark web market's crypto, the same agency found a giant trove hidden under a different hacker's floorboards.

TikTok Admits Staff in China Can Access Europeans’ Data

Plus: Liz Truss’ phone-hacking trouble, Cash App’s sex-trafficking problem, and the rising cost of ransomware.

The Rise of Rust, the ‘Viral’ Secure Programming Language That’s Taking Over Tech

Rust makes it impossible to introduce some of the most common security vulnerabilities. And its adoption can’t come soon enough.

The Most Vulnerable Place on the Internet

Underwater cables keep the internet online. When they congregate in one place, things get tricky.

You Need to Update Google Chrome, Windows, and Zoom Right Now

Plus: Important patches from Apple, VMWare, Cisco, Zimbra, SAP, and Oracle.

China Operates Secret ‘Police Stations’ in Other Countries

Plus: The New York Post gets hacked, a huge stalkerware network is exposed, and the US claims China interfered with its Huawei probe.

If Musk Starts Firing Twitter's Security Team, Run

What's next for the social network is anyone's guess—but here's what to watch as you wade through the privacy and security morass.

Apple MacOS Ventura Bug Breaks Third-Party Security Tools

Your anti-malware software may not work if you upgraded to the new operating system. But Apple says a fix is on the way.

The Hunt for the Kingpin Behind AlphaBay, Part 1: The Shadow

AlphaBay was the largest online drug bazaar in history, run by a technological mastermind who seemed untouchable—until his tech was turned against him.

TikTok’s Security Threat Comes Into Focus

Plus: A Microsoft cloud leak exposed potential customers, new IoT security labels come to the US, and details emerge about Trump’s document stash.

Your Microsoft Exchange Server Is a Security Liability

Endless vulnerabilities. Massive hacking campaigns. Slow and technically tough patching. It's time to say goodbye to on-premise Exchange.

How Vice Society Got Away With a Global Ransomware Spree

Vice Society has a superpower that’s allowed it to quietly carry out attacks on schools and hospitals around the world: mediocrity.

Elon Musk’s SpaceX Bails on Starlink Funding for Ukraine

Plus: Hackers hit the Mormon Church, Signal plans to ditch SMS for Android, and a Fat Bear election erupts in scandal.

Google’s Pixel 7 and Pixel 7 Pro Pack New Android VPN and Tensor G2, Titan M2 Chips

The company says it hardened the security of its new flagship phones—and plans to release a built-in Android VPN.