A Security Team Is Turning This Malware Gang’s Tricks Against It

The cybercriminals behind the Gootloader malware have found clever ways to avoid detection. But researchers are using those same mechanisms to stop them.

Google’s Authenticator App Now Lets You Sync 2FA Codes Across Devices

You can now sync sign-in codes across devices—but they aren’t end-to-end encrypted.

Intel Let Google Cloud Hack Its New Secure Chips and Found 10 Bugs

To protect its Confidential Computing cloud infrastructure and gain critical insights, Google leans on its relationships with chipmakers.

Hacker Group Names Are Now Absurdly Out of Control

Pumpkin Sandstorm. Spandex Tempest. Charming Kitten. Is this really how we want to name the hackers wreaking havoc worldwide?

Criminals Are Using Tiny Devices to Hack and Steal Cars

Apple thwarts NSO’s spyware, the rise of a GPT-4 black market, Russia targets Starlink internet connections, and more.

The Huge 3CX Breach Was Actually 2 Linked Supply Chain Attacks

The mass compromise of the VoIP firm's customers is the first confirmed incident where one software-supply-chain attack enabled another, researchers say.

The Hacker Who Hijacked Matt Walsh’s Twitter Was Just ‘Bored’

The breach of the right-wing provocateur was simply a way of “stirring up some drama,” the attacker tells WIRED. But the damage could have been much worse.

Used Routers Often Come Loaded With Corporate Secrets

More than half of the enterprise routers researchers bought secondhand hadn’t been wiped, exposing sensitive info like login credentials and customer data.

Apple’s Macs Have Long Escaped Ransomware. That May Be Changing

The discovery of malicious encryptors for Apple computers could herald new risks for macOS users if the malware continues to evolve.

Security Roundup: Leak of Top-Secret US Intel Risks a New Wave of Mass Surveillance

Plus: Hackers claim to have stolen 10 TB from Western Digital, a new spyware has emerged, and WhatsApp gets a fresh security feature.

The Hacking of ChatGPT Is Just Getting Started

Security researchers are jailbreaking large language models to get around safety rules. Things could get much worse.

LinkedIn Verification Now Lets You Verify Your Job and Account

To beat back fake accounts, the professional social network is rolling out new tools to prove you work where you say you do and are who you say you are.

Pinduoduo, a Top Chinese Shopping App, Is Laced With Malware

Plus: 119 arrested during a sting on the Genesis dark-web market, the IRS aims to buy an online mass surveillance tool, and more.

The Dangerous Weak Link in the US Food Chain

Without an information sharing and analysis center, the country’s food and agriculture sector is uniquely vulnerable to hackers.

Massive 3CX Supply-Chain Hack Targeted Cryptocurrency Firms

North Korean hackers appear to have used the corrupted VoIP software to go after just a handful of crypto firms with “surgical precision.”

‘Vulkan’ Leak Offers a Peek at Russia’s Cyberwar Playbook

Plus: A major new supply chain attack, Biden’s spyware executive order, and a hacking campaign against Exxon’s critics.

Apple's iOS 16.4: Security Updates Are Better Than New Emoji

Plus: Microsoft Outlook and Android patch serious flaws, Chrome and Firefox get fixes, and much more.

The US Is Sending Money to Countries Devastated by Cyberattacks

The White House is providing $25 million to Costa Rica, after giving Albania similar aid following aggression by hackers linked to Iran.

Microsoft's ‘Security Copilot’ Sics ChatGPT on Security Breaches

The new tool aims to deliver the network insights and coordination that “AI” security systems have long promised.

North Korea Is Now Mining Crypto to Launder Its Stolen Loot

A spy group working for the Kim regime has been feeding stolen coins into crypto mining services in an effort to throw tracers off their trail.

India Shut Down Mobile Internet in Punjab Amid Manhunt for Amritpal Singh

Plus: The “Clop” gang's ransomware spree, the DC Health Link breach comes into focus, and more.

The Scorched-Earth Tactics of Iran’s Cyber Army

Amid ongoing protests, the Iranian regime has lost control of its image, pushing it to employ increasingly drastic tactics where everyone loses.

This Is the New Leader of Russia's Infamous Sandworm Hacking Unit

Evgenii Serebriakov now runs the most aggressive hacking team of Russia’s GRU military spy agency. To Western intelligence, he’s a familiar face.

AI-Generated Voice Deepfakes Aren’t Scary Good—Yet

The threat of scammers using voice deepfakes in their cons is real, but researchers say old-school voice-impersonation attacks are still the more pressing concern.

The World’s Real ‘Cybercrime’ Problem

From US state laws to the international stage, definitions of “cybercrime” remain vague, broad, and increasingly entrenched in our legal systems.

A Spy Wants to Connect With You on LinkedIn

Russia, North Korea, Iran, and China have been caught using fake profiles to gather information. But the platform’s tools to weed them out only go so far.

Ransomware Attacks Have Entered a ‘Heinous’ New Phase

With victims refusing to pay, cybercriminal gangs are now releasing stolen photos of cancer patients and sensitive student records.

How a Catholic Group Doxed Gay Priests

Plus: A data breach exposes Washington, Ring camera footage has a new problem, and the George Santos scandal slips into the world of cybercrime.

‘Pig Butchering’ Scams Are Now a $3 Billion Threat

The FBI’s latest Internet Crime Report highlights the stunning rise of investment-themed crimes over the past 18 months.

The LastPass Hack Somehow Gets Worse

Plus: The US Marshals disclose a “major” cybersecurity incident, T-Mobile has gotten pwned so much, and more.

The High-Stakes Blame Game in the White House Cybersecurity Plan

The Biden administration’s new strategy would shift the liability for security failures to a controversial target: the companies that caused them.

This Hacker Tool Can Pinpoint a DJI Drone Operator's Exact Location

Every DJI quadcopter broadcasts its operator's position via radio—unencrypted. Now, a group of researchers has learned to decode those coordinates.

China Is Relentlessly Hacking Its Neighbors

New details reveal that Beijing-backed hackers targeted the Association of Southeast Asian Nations, adding to a string of attacks in the region.

Security News This Week: Sensitive US Military Emails Exposed

Plus: Iran’s secret torture black sites, hacking a bank account with AI-generated voice, and Lance Bass’ unhinged encounter in Russia.

Ukraine Suffered More Wiper Malware in 2022 Than Anywhere, Ever

As Russia has accelerated its cyberattacks on its neighbor, it's barraged the country with an unprecedented volume of different data-destroying programs.

A New Kind of Bug Spells Trouble for iOS and macOS Security

Security researchers found a class of flaws that, if exploited, would allow an attacker to access people’s messages, photos, and call history.

Hackers Ran Amok Inside GoDaddy for Nearly 3 Years

Plus: The FBI got (at least a little bit) hacked, an election-disruption firm gets exposed, Russia mulls allowing “patriotic hacking,” and more.

Pig Butchering Scams Are Evolving Fast

Investment schemes are ensnaring victims with increasingly compelling narratives and believable tech.

North Korean Hackers Are Attacking US Hospitals

Plus: Deepfake disinformation spotted in the wild, Android privacy problems in China, Reddit gets phished, and more.

Meet the Creator of North Korea’s Favorite Crypto Privacy Service

The world’s most prolific crypto thieves have used Sinbad.io to launder tens of millions. Its creator, “Mehdi,” answers WIRED’s questions.

Russia’s Ransomware Gangs Are Being Named and Shamed

Members of the Trickbot and Conti cybercrime gangs have been sanctioned in an unprecedented wave of action against the country’s hackers.

Googling for Software Downloads Is Extra Risky Right Now

Plus: The FTC cracks down on GoodRx, Microsoft boots “verified” phishing scammers, researchers disclose EV charger vulnerabilities, and more.

You Really Need to Update Firefox and Android Right Now

January saw a slew of security patches for iOS, Chrome, Windows, and more.

The Untold Story of a Crippling Ransomware Attack

More than two years ago, criminals crippled the systems of London’s Hackney Council. It's still fighting to recover.

A Link to News Site Meduza Can (Technically) Land You in Russian Prison

Plus: Hive ransomware gang gets knocked offline, FBI confirms North Korea stole $100 million, and more.

Most Criminal Cryptocurrency Funnels Through Just 5 Exchanges

The crypto money-laundering market is tighter than at any time in the past decade, and the few big players are moving a “shocking” amount of currency.

The Unrelenting Menace of the LockBit Ransomware Gang

The notorious Russian-speaking cybercriminals grew successful by keeping a low profile. But now they have a target on their backs.

Flaw in Diksha App Exposed the Data of Millions of Indian Students

A mandatory app exposed the personal information of students and teachers across the country for over a year.

The Biggest US Surveillance Program You Didn’t Know About

Plus: A leaked US “no fly” list, the SCOTUS leaker slips investigators, and PayPal gets stuffed.

T-Mobile's New Data Breach Shows Its $150 Million Security Investment Isn't Cutting It

The mobile operator just suffered at least its fifth data breach since 2018, despite promising to spend a fortune shoring up its systems.

Welcome to the Era of Internet Blackouts

New research from Cloudflare shows that connectivity disruptions are becoming a problem around the globe, pointing toward a troubling new normal.

A Sneaky Ad Scam Tore Through 11 Million Phones

Some 1,700 spoofed apps, 120 targeted publishers, 12 billion false ad requests per day—Vastflux is one of the biggest ad frauds ever discovered.

Russian Ransomware Gang Attack Destabilizes UK Royal Mail

Plus: Joe Biden’s classified-documents scandal, the end of security support for Windows 7, and more.

In the Fight Against Scams, ‘Cyber Ambassadors’ Enter the Chat

Police in the Indian state of Telangana have found a novel way to help people avoid getting swindled online: grassroots education.

A Siemens S7-1500 Logic Controller Flaw Raises the Specter of Stuxnet

More than 120 models of Siemens' S7-1500 PLCs contain a serious vulnerability—and no fix is on the way.

Slack Discloses Breach of Its Github Code Repository

Plus: Russian spies uncovered in Europe, face recognition leads to another wrongful arrest, a new porn ID law, and more.

Twitter Data Leak: What the Exposure of 200 Million User Emails Means for You

The exposure of hundreds of millions of email addresses puts pseudonymous users of the social network at risk.

Turla, a Russian Espionage Group, Piggybacked on Other Hackers' USB Infections

The infamous, FSB-connected Turla group took over other hackers' servers, exploiting their USB drive malware for targeted espionage.

Cops Hacked Thousands of Phones. Was It Legal?

When police infiltrated the EncroChat phone system in 2020, they hit an intelligence gold mine. But subsequent legal challenges have spread across Europe.

What Is a Pig Butchering Scam?

This type of devastating scheme ensnares victims and takes them for all they’re worth—and the threat is only growing.