The Cheap Radio Hack That Disrupted Poland's Railway System

The sabotage of more than 20 trains in Poland by apparent supporters of Russia was carried out with a simple “radio-stop” command anyone could broadcast with $30 in equipment.

The Low-Stakes Race to Crack an Encrypted German U-Boat Message

A ramshackle team of American scientists scrambled to decode the Nazi cipher before the time ran out. Luckily, they had a secret weapon.

This Tool Lets Hackers Dox Almost Anyone in the US

The US Secret Service’s relationship with the Oath Keepers gets revealed, Tornado Cash cofounders get indicted, and a UK court says a teen is behind a Lapsus$ hacking spree.

Why The Chainsmokers Invest in—and Party With—Niche Cybersecurity Companies

Musician Alex Pall spoke with WIRED about his VC firm, the importance of raising cybersecurity awareness in a rapidly digitizing world, and his surprise that hackers know how to go hard.

New Supply Chain Attack Hit Close to 100 Victims—and Clues Point to China

The hackers, who mostly targeted victims in Hong Kong, also hijacked Microsoft’s trust model to make their malware harder to detect.

HHS Launches 'Digiheals' Project to Better Protect US Hospitals From Ransomware

An innovation agency within the US Department of Health and Human Services will fund research into better defenses for the US health care system’s digital infrastructure.

A Huge Scam Targeting Kids With Roblox and Fortnite 'Offers' Has Been Hiding in Plain Sight

The wide-ranging scams, often disguised as game promotions, can all be linked back to one network.

An Apple Malware-Flagging Tool Is ‘Trivially’ Easy to Bypass

The macOS Background Task Manager tool is supposed to spot potentially malicious software on your machine. But a researcher says it has troubling flaws.

GitHub’s Hardcore Plan to Roll Out Two-Factor Authentication (2FA)

GitHub has spent two years researching and slowly rolling out its multifactor authentication system. Soon it will be mandatory for all 100 million users—with no opt-out.

Teens Hacked Boston Subway’s CharlieCard to Get Infinite Free Rides—and This Time Nobody Got Sued

In 2008, Boston’s transit authority sued to stop MIT hackers from presenting at the Defcon hacker conference on how to get free subway rides. Today, four teens picked up where they left off.

Panasonic Warns That IoT Malware Attack Cycles Are Accelerating

The legacy electronics manufacturer is creating IoT honeypots with its products to catch real-world threats and patch vulnerabilities in-house.

Hackers Rig Casino Card-Shuffling Machines for ‘Full Control’ Cheating

Security researchers accessed an internal camera inside the Deckmate 2 shuffler to learn the exact deck order—and the hand of every player at a poker table.

A Clever Honeypot Tricked Hackers Into Revealing Their Secrets

Security researchers set up a remote machine and recorded every move cybercriminals made—including their login details.

New ‘Downfall’ Flaw Exposes Valuable Data in Generations of Intel Chips

The vulnerability could allow attackers to take advantage of an information leak to steal sensitive details like private messages, passwords, and encryption keys.

Microsoft’s AI Red Team Has Already Made the Case for Itself

Since 2018, a dedicated team within Microsoft has attacked machine learning systems to make them safer. But with the public release of new generative AI tools, the field is already evolving.

Criminals Have Created Their Own ChatGPT Clones

Cybercriminals are touting large language models that could help them with phishing or creating malware. But the AI chatbots could just be their own kind of scam.

Security News This Week: The Cloud Company at the Center of a Global Hacking Spree

Plus: A framework for encrypting social media, Russia-backed hacking through Microsoft Teams, and the Bitfinex Crypto Couple pleads guilty.

Free Airline Miles, Hotel Points, and User Data Put at Risk by Flaws in Points Platform

Flaws in the Points.com platform, which is used to manage dozens of major travel rewards programs, exposed user data—and could have let an attacker snag some extra perks.

"Mysterious Team Bangladesh" Targeting India with DDoS Attacks and Data Breaches

A hacktivist group known as Mysterious Team Bangladesh has been linked to over 750 distributed denial-of-service (DDoS) attacks and 78 website defacements since June 2022. "The group most frequently attacks logistics, government, and financial sector organizations in India and Israel," Singapore-headquartered cybersecurity firm Group-IB said in a report shared with The Hacker News. "The group is

A New Attack Impacts ChatGPT—and No One Knows How to Stop It

Researchers found a simple way to make ChatGPT, Bard, and other chatbots misbehave, proving that AI is hard to tame.

Twitter Scammers Stole $1,000 From My Friend—So I Hunted Them Down

After scammers duped a friend with a hacked Twitter account and a “deal” on a MacBook, I enlisted the help of a fellow threat researcher to trace the criminals’ offline identities.

TETRA Radio Code Encryption Has a Flaw: A Backdoor

A secret encryption cipher baked into radio systems used by critical infrastructure workers, police, and others around the world is finally seeing sunlight. Researchers say it isn’t pretty.

China’s Breach of Microsoft Cloud Email May Expose Deeper Problems

Plus: Microsoft expands access to premium security features, AI child sexual abuse material is on the rise, and Netflix’s password crackdown has its intended effect.

Satellites Are Rife With Basic Security Flaws

German researchers gained rare access to three satellites and found that they're years behind normal cybersecurity standards.

How a Cloud Flaw Gave Chinese Spies a Key to Microsoft’s Kingdom

Microsoft says hackers somehow stole a cryptographic key, perhaps from its own network, that let them forge user identities and slip past cloud defenses.

Ransomware Attacks Are on the Rise, Again

Ransomware attacks tumbled in 2022, offering hope that the tide was turning against the criminal gangs behind them. Then things got a whole lot worse.

Silk Road’s Second-in-Command, Variety Jones, Gets 20 Years in Prison

Roger Thomas Clark, also known as Variety Jones, will spend much of the rest of his life in prison for his key role in building the world’s first dark-web drug market.

Russia’s Notorious Troll Farm Disbands

Plus: A French bill would allow spying via phone cameras, ATM skimmers target welfare families, and Japan’s largest cargo port gets hit with ransomware.

EV Charger Hacking Poses a ‘Catastrophic’ Risk

Vulnerabilities in electric vehicle charging stations and a lack of broad standards threaten drivers—and the power grid.

US Supreme Court Hands Cyberstalkers a First Amendment Victory

Plus: Hackers knock out Russian military satellite communications, a spyware maker gets breached, and the SEC targets a victim company's CISO.

Apple, Google, and MOVEit Just Patched Serious Security Flaws

Plus: Microsoft fixes 78 vulnerabilities, VMWare plugs a flaw already used in attacks, and more critical updates from June.

How Your Real Flight Reservation Can Be Used to Scam You

Scammers use a booking technicality, traveler confusion, and promises of dirt-cheap tickets to offer hot deals that are anything but.

Update Your iPhone Right Now to Fix 2 Apple Zero Days

Plus: Discord has a child predator problem, fears rise of China spying from Cuba, and hackers try to blackmail Reddit.

A Newly Named Group of GRU Hackers is Wreaking Havoc in Ukraine

Plus: The arrest of an alleged Lockbit ransomware hacker, the wild tale of a problematic FBI informant, and one of North Korea’s biggest crypto heists.

Clop Hacking Rampage Hits US Agencies and Exposes Data of Millions

The ransomware gang Clop exploited a vulnerability in a file transfer service. The flaw is now patched, but the damage is still coming into focus.

The US Navy, NATO, and NASA Are Using a Shady Chinese Company’s Encryption Chips

The US government warns encryption chipmaker Hualan has suspicious ties to China’s military. Yet US agencies still use one of its subsidiary’s chips, raising fears of a backdoor.

A Massive Vaccine Database Leak Exposes IDs of Millions of Indians

Personal information, including ID documents and phone numbers, have been released on Telegram.

9 Years After the Mt. Gox Hack, Feds Indict Alleged Culprits

Plus: Instagram’s CSAM network gets exposed, Clop hackers claim credit for MOVEit Transfer exploit, and a $35 million crypto heist has North Korean ties.

The Bold Plan to Create Cyber 311 Hotlines

UT-Austin will join a growing movement to launch cybersecurity clinics for cities and small businesses that often fall through the cracks.

Hacks Against Ukraine's Emergency Response Services Rise During Bombings

Data from Cloudflare's free digital defense service, Project Galileo, illuminates new links between online and offline attacks.

AI Is Being Used to ‘Turbocharge’ Scams

Plus: Amazon’s Ring was ordered to delete algorithms, North Korea’s failed spy satellite, and a rogue drone “attack” isn’t what it seems.

How AI Protects (and Attacks) Your Inbox

Criminals may use artificial intelligence to scam you. Companies, like Google, are looking for ways AI and machine learning can help prevent phishing.

Kaspersky Says New Zero-Day Malware Hit iPhones—Including Its Own

On the same day, Russia’s FSB intelligence service launched wild claims of NSA and Apple hacking thousands of Russians.

Apple's iOS 16.5 Fixes 3 Security Bugs Already Used in Attacks

Plus: Microsoft patches two zero-day flaws, Google’s Android and Chrome get some much-needed updates, and more.

Millions of Gigabyte Motherboards Were Sold With a Firmware Backdoor

Hidden code in hundreds of models of Gigabyte motherboards invisibly and insecurely downloads programs—a feature ripe for abuse, researchers say.

Bcrypt, a Popular Password Hashing Algorithm, Starts Its Long Goodbye

The coinventor of “bcrypt” is reflecting on the ubiquitous function’s 25 years and channeling cybersecurity’s core themes into electronic dance music.

The Security Hole at the Heart of ChatGPT and Bing

Indirect prompt-injection attacks can leave people vulnerable to scams and data theft when they use the AI chatbots.

China Hacks US Critical Networks in Guam, Raising Cyberwar Fears

Researchers say the state-sponsored espionage operation may also lay the groundwork for disruptive cyberattacks.

There’s Finally a Way to Improve Cloud Container Registry Security

“Container registries” are ubiquitous software clearinghouses, but they’ve been exposed for years. Chainguard says it now has a solution.

The Real Risks in Google’s New .Zip and .Mov Domains

While the company’s new top-level domains could be used in phishing attacks, security researchers are divided on how big of a problem they really pose.

A TikTok ‘Car Theft’ Challenge Is Costing Hyundai $200 Million

Plus: The FBI gets busted abusing a spy tool, an ex-Apple engineer is charged with corporate espionage, and collection of airborne DNA raises new privacy risks.

The Underground History of Turla, Russia's Most Ingenious Hacker Group

From USB worms to satellite-based hacking, Russia’s FSB hackers, known as Turla, have spent 25 years distinguishing themselves as “adversary number one.”

A Mysterious Group Has Ties to 15 Years of Ukraine-Russia Hacks

Kaspersky researchers have uncovered clues that further illuminate the hackers’ activities, which appear to have begun far earlier than originally believed.

Critical Flaws in Cisco Small Business Switches Could Allow Remote Attacks

Cisco has released updates to address a set of nine security flaws in its Small Business Series Switches that could be exploited by an unauthenticated, remote attacker to run arbitrary code or cause a denial-of-service (DoS) condition. "These vulnerabilities are due to improper validation of requests that are sent to the web interface," Cisco said, crediting an unnamed external researcher for

ChatGPT Scams Are Infiltrating Apple's App Store and Google Play

An explosion of interest in OpenAI’s sophisticated chatbot means a proliferation of “fleeceware” apps that trick users with sneaky in-app subscriptions.

Toyota Leaked Vehicle Data of 2 Million Customers

The FBI disables notorious Russia-linked malware, the EU edges toward a facial recognition ban, and security firm Dragos has an intrusion of its own.

A Republican-Led Lawsuit Threatens Critical US Cyber Protections

Three states are suing to block security rules for water facilities. If they win, it may open the floodgates for challenges to other cyber rules.

A Mysterious New Hacker Group, Red Stinger, Is Lurking in Ukraine’s Cyberspace

The unidentified attackers have targeted people on both sides of Russia’s war against Ukraine, carrying out espionage operations that suggest state funding.

The Team of Sleuths Quietly Hunting Cyberattack-for-Hire Services

For a decade, a group called Big Pipes has worked behind the scenes with the FBI to target the worst cybercriminal “booter” services plaguing the internet.

Russian ‘Ghost Ships’ Identified Near the Nord Stream Blasts

Plus: Apple and Google plan to stop AirTag stalking, Meta violated the FTC’s privacy order, and how to tell if your car is tracking you.