The US government warns encryption chipmaker Hualan has suspicious ties to China’s military. Yet US agencies still use one of its subsidiary’s chips, raising fears of a backdoor.
Plus: Instagram’s CSAM network gets exposed, Clop hackers claim credit for MOVEit Transfer exploit, and a $35 million crypto heist has North Korean ties.
While the company’s new top-level domains could be used in phishing attacks, security researchers are divided on how big of a problem they really pose.
Plus: The FBI gets busted abusing a spy tool, an ex-Apple engineer is charged with corporate espionage, and collection of airborne DNA raises new privacy risks.
From USB worms to satellite-based hacking, Russia’s FSB hackers, known as Turla, have spent 25 years distinguishing themselves as “adversary number one.”
Kaspersky researchers have uncovered clues that further illuminate the hackers’ activities, which appear to have begun far earlier than originally believed.
An explosion of interest in OpenAI’s sophisticated chatbot means a proliferation of “fleeceware” apps that trick users with sneaky in-app subscriptions.
The unidentified attackers have targeted people on both sides of Russia’s war against Ukraine, carrying out espionage operations that suggest state funding.
For a decade, a group called Big Pipes has worked behind the scenes with the FBI to target the worst cybercriminal “booter” services plaguing the internet.
The company is adding new tools as bad actors use ChatGPT-themed lures and mask their infrastructure in an attempt to trick victims and elude defenders.
The attackers were in thousands of corporate and government networks. They might still be there now. Behind the scenes of the SolarWinds investigation.
In May 2020, the US Department of Justice noticed Russian hackers in its network but did not realize the significance of what it had found for six months.
The cybercriminals behind the Gootloader malware have found clever ways to avoid detection. But researchers are using those same mechanisms to stop them.
The mass compromise of the VoIP firm's customers is the first confirmed incident where one software-supply-chain attack enabled another, researchers say.
The breach of the right-wing provocateur was simply a way of “stirring up some drama,” the attacker tells WIRED. But the damage could have been much worse.
More than half of the enterprise routers researchers bought secondhand hadn’t been wiped, exposing sensitive info like login credentials and customer data.
To beat back fake accounts, the professional social network is rolling out new tools to prove you work where you say you do and are who you say you are.
The threat of scammers using voice deepfakes in their cons is real, but researchers say old-school voice-impersonation attacks are still the more pressing concern.
Russia, North Korea, Iran, and China have been caught using fake profiles to gather information. But the platform’s tools to weed them out only go so far.