Meta Moves to Counter New Malware and Repeat Account Takeovers

The company is adding new tools as bad actors use ChatGPT-themed lures and mask their infrastructure in an attempt to trick victims and elude defenders.

Doctors Behind Mifepristone Ban Called ‘Christians’ a Top Threat

Leaked documents reveal that the American College of Pediatricians viewed “mainstream medicine” and “nominal Christians” as its opposition.

American College of Pediatricians Leak Exposes 10,000 Confidential Files

A Google Drive left public on the American College of Pediatricians’ website exposed detailed financial records, sensitive member details, and more.

Cops Just Revealed a Record-Breaking Dark Web Dragnet

Operation SpecTor likely drew on leads from multiple dark web market busts, including the secret takedown of Monopoly Market in 2021.

SolarWinds: The Untold Story of the Boldest Supply-Chain Hack

The attackers were in thousands of corporate and government networks. They might still be there now. Behind the scenes of the SolarWinds investigation.

Apple, Google, and Microsoft Just Fixed Zero-Day Security Flaws

Firefox gets a needed tune-up, SolarWinds squashes two high-severity bugs, Oracle patches 433 vulnerabilities, and more updates you should make now.

DOJ Detected SolarWinds Breach Months Before Public Disclosure

In May 2020, the US Department of Justice noticed Russian hackers in its network but did not realize the significance of what it had found for six months.

NSA Cybersecurity Director Says ‘Buckle Up’ for Generative AI

The security issues raised by ChatGPT and similar tech are just beginning to emerge, but Rob Joyce says it’s time to prepare for what comes next.

A Security Team Is Turning This Malware Gang’s Tricks Against It

The cybercriminals behind the Gootloader malware have found clever ways to avoid detection. But researchers are using those same mechanisms to stop them.

Google’s Authenticator App Now Lets You Sync 2FA Codes Across Devices

You can now sync sign-in codes across devices—but they aren’t end-to-end encrypted.

New SLP Vulnerability Could Let Attackers Launch 2200x Powerful DDoS Attacks

Details have emerged about a high-severity security vulnerability impacting Service Location Protocol (SLP) that could be weaponized to launch volumetric denial-of-service attacks against targets. "Attackers exploiting this vulnerability could leverage vulnerable instances to launch massive Denial-of-Service (DoS) amplification attacks with a factor as high as 2,200 times, potentially making it

Intel Let Google Cloud Hack Its New Secure Chips and Found 10 Bugs

To protect its Confidential Computing cloud infrastructure and gain critical insights, Google leans on its relationships with chipmakers.

Hacker Group Names Are Now Absurdly Out of Control

Pumpkin Sandstorm. Spandex Tempest. Charming Kitten. Is this really how we want to name the hackers wreaking havoc worldwide?

Criminals Are Using Tiny Devices to Hack and Steal Cars

Apple thwarts NSO’s spyware, the rise of a GPT-4 black market, Russia targets Starlink internet connections, and more.

The Huge 3CX Breach Was Actually 2 Linked Supply Chain Attacks

The mass compromise of the VoIP firm's customers is the first confirmed incident where one software-supply-chain attack enabled another, researchers say.

The Hacker Who Hijacked Matt Walsh’s Twitter Was Just ‘Bored’

The breach of the right-wing provocateur was simply a way of “stirring up some drama,” the attacker tells WIRED. But the damage could have been much worse.

Used Routers Often Come Loaded With Corporate Secrets

More than half of the enterprise routers researchers bought secondhand hadn’t been wiped, exposing sensitive info like login credentials and customer data.

Apple’s Macs Have Long Escaped Ransomware. That May Be Changing

The discovery of malicious encryptors for Apple computers could herald new risks for macOS users if the malware continues to evolve.

Security Roundup: Leak of Top-Secret US Intel Risks a New Wave of Mass Surveillance

Plus: Hackers claim to have stolen 10 TB from Western Digital, a new spyware has emerged, and WhatsApp gets a fresh security feature.

The Hacking of ChatGPT Is Just Getting Started

Security researchers are jailbreaking large language models to get around safety rules. Things could get much worse.

LinkedIn Verification Now Lets You Verify Your Job and Account

To beat back fake accounts, the professional social network is rolling out new tools to prove you work where you say you do and are who you say you are.

Hackers Flood NPM with Bogus Packages Causing a DoS Attack

Threat actors flooded the npm open source package repository for Node.js with bogus packages that briefly even resulted in a denial-of-service (DoS) attack. "The threat actors create malicious websites and publish empty packages with links to those malicious websites, taking advantage of open-source ecosystems' good reputation on search engines," Checkmarx's Jossef Harush Kadouri said in a

Pinduoduo, a Top Chinese Shopping App, Is Laced With Malware

Plus: 119 arrested during a sting on the Genesis dark-web market, the IRS aims to buy an online mass surveillance tool, and more.

The Dangerous Weak Link in the US Food Chain

Without an information sharing and analysis center, the country’s food and agriculture sector is uniquely vulnerable to hackers.

Massive 3CX Supply-Chain Hack Targeted Cryptocurrency Firms

North Korean hackers appear to have used the corrupted VoIP software to go after just a handful of crypto firms with “surgical precision.”

‘Vulkan’ Leak Offers a Peek at Russia’s Cyberwar Playbook

Plus: A major new supply chain attack, Biden’s spyware executive order, and a hacking campaign against Exxon’s critics.

Apple's iOS 16.4: Security Updates Are Better Than New Emoji

Plus: Microsoft Outlook and Android patch serious flaws, Chrome and Firefox get fixes, and much more.

The US Is Sending Money to Countries Devastated by Cyberattacks

The White House is providing $25 million to Costa Rica, after giving Albania similar aid following aggression by hackers linked to Iran.

Microsoft's ‘Security Copilot’ Sics ChatGPT on Security Breaches

The new tool aims to deliver the network insights and coordination that “AI” security systems have long promised.

North Korea Is Now Mining Crypto to Launder Its Stolen Loot

A spy group working for the Kim regime has been feeding stolen coins into crypto mining services in an effort to throw tracers off their trail.

India Shut Down Mobile Internet in Punjab Amid Manhunt for Amritpal Singh

Plus: The “Clop” gang's ransomware spree, the DC Health Link breach comes into focus, and more.

The Scorched-Earth Tactics of Iran’s Cyber Army

Amid ongoing protests, the Iranian regime has lost control of its image, pushing it to employ increasingly drastic tactics where everyone loses.

This Is the New Leader of Russia's Infamous Sandworm Hacking Unit

Evgenii Serebriakov now runs the most aggressive hacking team of Russia’s GRU military spy agency. To Western intelligence, he’s a familiar face.

AI-Generated Voice Deepfakes Aren’t Scary Good—Yet

The threat of scammers using voice deepfakes in their cons is real, but researchers say old-school voice-impersonation attacks are still the more pressing concern.

The World’s Real ‘Cybercrime’ Problem

From US state laws to the international stage, definitions of “cybercrime” remain vague, broad, and increasingly entrenched in our legal systems.

A Spy Wants to Connect With You on LinkedIn

Russia, North Korea, Iran, and China have been caught using fake profiles to gather information. But the platform’s tools to weed them out only go so far.

Ransomware Attacks Have Entered a ‘Heinous’ New Phase

With victims refusing to pay, cybercriminal gangs are now releasing stolen photos of cancer patients and sensitive student records.

How a Catholic Group Doxed Gay Priests

Plus: A data breach exposes Washington, Ring camera footage has a new problem, and the George Santos scandal slips into the world of cybercrime.

‘Pig Butchering’ Scams Are Now a $3 Billion Threat

The FBI’s latest Internet Crime Report highlights the stunning rise of investment-themed crimes over the past 18 months.

The LastPass Hack Somehow Gets Worse

Plus: The US Marshals disclose a “major” cybersecurity incident, T-Mobile has gotten pwned so much, and more.

The High-Stakes Blame Game in the White House Cybersecurity Plan

The Biden administration’s new strategy would shift the liability for security failures to a controversial target: the companies that caused them.

This Hacker Tool Can Pinpoint a DJI Drone Operator's Exact Location

Every DJI quadcopter broadcasts its operator's position via radio—unencrypted. Now, a group of researchers has learned to decode those coordinates.

China Is Relentlessly Hacking Its Neighbors

New details reveal that Beijing-backed hackers targeted the Association of Southeast Asian Nations, adding to a string of attacks in the region.

Security News This Week: Sensitive US Military Emails Exposed

Plus: Iran’s secret torture black sites, hacking a bank account with AI-generated voice, and Lance Bass’ unhinged encounter in Russia.

Ukraine Suffered More Wiper Malware in 2022 Than Anywhere, Ever

As Russia has accelerated its cyberattacks on its neighbor, it's barraged the country with an unprecedented volume of different data-destroying programs.

A New Kind of Bug Spells Trouble for iOS and macOS Security

Security researchers found a class of flaws that, if exploited, would allow an attacker to access people’s messages, photos, and call history.

Hackers Ran Amok Inside GoDaddy for Nearly 3 Years

Plus: The FBI got (at least a little bit) hacked, an election-disruption firm gets exposed, Russia mulls allowing “patriotic hacking,” and more.

Pig Butchering Scams Are Evolving Fast

Investment schemes are ensnaring victims with increasingly compelling narratives and believable tech.

North Korean Hackers Are Attacking US Hospitals

Plus: Deepfake disinformation spotted in the wild, Android privacy problems in China, Reddit gets phished, and more.

Meet the Creator of North Korea’s Favorite Crypto Privacy Service

The world’s most prolific crypto thieves have used Sinbad.io to launder tens of millions. Its creator, “Mehdi,” answers WIRED’s questions.

Russia’s Ransomware Gangs Are Being Named and Shamed

Members of the Trickbot and Conti cybercrime gangs have been sanctioned in an unprecedented wave of action against the country’s hackers.

Googling for Software Downloads Is Extra Risky Right Now

Plus: The FTC cracks down on GoodRx, Microsoft boots “verified” phishing scammers, researchers disclose EV charger vulnerabilities, and more.

You Really Need to Update Firefox and Android Right Now

January saw a slew of security patches for iOS, Chrome, Windows, and more.

The Untold Story of a Crippling Ransomware Attack

More than two years ago, criminals crippled the systems of London’s Hackney Council. It's still fighting to recover.

A Link to News Site Meduza Can (Technically) Land You in Russian Prison

Plus: Hive ransomware gang gets knocked offline, FBI confirms North Korea stole $100 million, and more.

Most Criminal Cryptocurrency Funnels Through Just 5 Exchanges

The crypto money-laundering market is tighter than at any time in the past decade, and the few big players are moving a “shocking” amount of currency.

The Unrelenting Menace of the LockBit Ransomware Gang

The notorious Russian-speaking cybercriminals grew successful by keeping a low profile. But now they have a target on their backs.

Flaw in Diksha App Exposed the Data of Millions of Indian Students

A mandatory app exposed the personal information of students and teachers across the country for over a year.

The Biggest US Surveillance Program You Didn’t Know About

Plus: A leaked US “no fly” list, the SCOTUS leaker slips investigators, and PayPal gets stuffed.

T-Mobile's New Data Breach Shows Its $150 Million Security Investment Isn't Cutting It

The mobile operator just suffered at least its fifth data breach since 2018, despite promising to spend a fortune shoring up its systems.