It Was a Good Month for Fighting Cybercrime—Don’t Get Comfortable

Even as police and tech companies get better at shutting down illicit operations, cybercrime is worse than ever.

Hackers Are Getting Caught Exploiting New Bugs More Than Ever

A pair of reports from Mandiant and Google found a spike in zero-day vulnerabilities in 2021. The question is, why?

North Koreans Are Jailbreaking Phones to Access Forbidden Media

A new report suggests that a small but vibrant group of smartphones hackers may be challenging the world's most digitally restrictive regime.

Russia Is Being Hacked at an Unprecedented Scale

From “IT Army” DDoS attacks to custom malware, the country has become a target like never before.

You Need to Update iOS, Android, and Chrome Right Now

Plus: Microsoft patched some 100 flaws, while Oracle issued more than 500 security fixes.

One of the Most Powerful DDoS Attacks Ever Hits a Crypto Platform

The onslaught was delivered through HTTPS, which puts more strain on a target, and it suggests that attackers are getting more powerful.

Android 13 Tries to Make Privacy and Security a No-Brainer

With its latest mobile OS update, Google aims to simplify the adoption of Android’s protective features for users and developers alike.

The Case for War Crimes Charges Against Russia’s Sandworm Hackers

A group of human rights lawyers and investigators has called on the Hague to bring the first-ever “cyber war crimes” charges against Russia’s most dangerous hackers.

The Hidden Race to Protect the US Bioeconomy From Hacker Threats

A biotech threat intelligence group is gaining supporters as urgency mounts around an overlooked vulnerable sector.

Your iPhone Is Vulnerable to a Malware Attack Even When It’s Off

Researchers found a way to exploit the tech that enables Apple’s Find My feature, which could allow attackers to track location when a device is powered down.

This Hacktivist Site Lets You Prank Call Russian Officials

To protest the war in Ukraine, WasteRussianTime.today auto-dials Russian government officials, connects them to each other, and lets you listen in to their confusion.

Spyware Vendors Target Android With Zero-Day Exploits

New research from Google's Threat Analysis Group outlines the risks Android users face from the surveillance-for-hire industry.

North Korean IT Workers Are Infiltrating Tech Companies

Plus: The Conti ransomware gang shuts down, Canada bans Huawei and ZTE, and more of the week’s top security news.

‘Tough to Forge’ Digital Driver’s Licenses Are—Yep—Easy to Forge

Researchers found a litany of security flaws that allow simple, quick, and cheap forgeries in Australia.

The Mystery of China’s Sudden Warnings About US Hackers

The Chinese government recently began saber-rattling about American cyberespionage. The catch? It’s all old news.

DuckDuckGo Isn’t as Private as You Think

Plus: A $150 million Twitter fine, a massive leak from a Chinese prison in Xinjiang, and an ISIS plot to assassinate George W. Bush.

An Actively Exploited Microsoft Zero-Day Flaw Still Has No Patch

The company continues to downplay the severity of the Follina vulnerability, which remains present in all supported versions of Windows.

Google May Owe You a Chunk of $100 Million

Plus: The US admits to cyber operations supporting Ukraine, SCOTUS investigates its own, and a Michael Flynn surveillance mystery is solved.

The Hacker Gold Rush That's Poised to Eclipse Ransomware

As governments crack down on ransomware, cybercriminals may soon shift to business email compromise—already the world's most profitable type of scam.

AlphaBay Is Taking Over the Dark Web—Again

Five years after it was torn offline, the resurrected dark web marketplace is clawing its way back to the top of the online underworld.

A Long-Awaited Defense Against Data Leaks May Have Just Arrived

MongoDB claims its new “Queryable Encryption” lets users search their databases while sensitive data stays encrypted. Oh, and its cryptography is open source.

Hackers Can Steal Your Tesla by Creating Their Own Personal Keys

A researcher found that a recent update lets anyone enroll their own key during the 130-second interval after the car is unlocked with an NFC card.

Conti's Attack Against Costa Rica Sparks a New Ransomware Era

A pair of ransomware attacks crippled parts of the country—and rewrote the rules of cybercrime.

Russia Is Taking Over Ukraine’s Internet

In occupied Ukraine, people’s internet is being routed to Russia—and subjected to its powerful censorship and surveillance machine.

Police Linked to Hacking Campaign to Frame Indian Activists

New details connect police in India to a plot to plant evidence on victims' computers that led to their arrest.

Here’s Why You’re Still Stuck in Robocall Hell

Despite major progress fighting spam and scams, the roots of the problem go far deeper than your phone company’s defenses.

An Alleged Russian Spy Was Busted Trying to Intern at The Hague

Plus: Firefox adds new privacy protections, a big Intel and AMD chip flaw, and more of the week’s top security news.

The Ghost of Internet Explorer Will Haunt the Web for Years

Microsoft's legacy browser may be dead—but its remnants are not going anywhere, and neither are its lingering security risks.

Google Warns of New Spyware Targeting iOS and Android Users

The spyware has been used to target people in Italy, Kazakhstan, and Syria, researchers at Google and Lookout have found.

The Post-Roe Privacy Nightmare Has Arrived

Plus: Microsoft details Russia’s Ukraine hacking campaign, Meta’s election integrity efforts dwindle, and more.

You Need to Update Windows and Chrome Right Now

Plus: Google issues fixes for Android bugs. And Cisco, Citrix, SAP, WordPress, and more issue major patches for enterprise systems.

A New, Remarkably Sophisticated Malware Is Attacking Routers

Researchers say the remote-access Trojan ZuoRAT is likely the work of a nation-state and has infected at least 80 different targets.

The Worst Hacks and Breaches of 2022 So Far

From cryptocurrency thefts to intrusions into telecom giants, state-backed attackers have had a field day in the year’s first half.

How to Avoid the Worst Instagram Scams

Fake sellers. Competitions. Crypto cons. There are plenty of grifts on the platform, but you don’t have to get sucked in.

Apple’s Lockdown Mode Aims to Counter Spyware Threats

Starting with iOS 16, people who are at risk of being targeted with spyware will have some much-needed help.

Will These Algorithms Save You From Quantum Threats?

Quantum-proof encryption is here—decades before it can be put to the test.

Chinese Police Exposed 1B People's Data in Unprecedented Leak

Plus: A duplicitous bug bounty scheme, the iPhone's new “lockdown mode,” and more of the week's top security news.

New ‘Retbleed’ Attack Can Swipe Key Data From Intel and AMD CPUs

The exploit can leak password information and other sensitive material, but the chipmakers are rolling out mitigations.

A New Attack Can Unmask Anonymous Users on Any Major Browser

Researchers have found a way to use the web's basic functions to identify who visits a site—without the user detecting the hack.

Amazon Handed Ring Videos to Cops Without Warrants

Plus: A wild Indian cricket scam, an elite CIA hacker is found guilty of passing secrets to WikiLeaks, and more of the week's top security news.

Instagram Slow to Tackle Bots Targeting Iranian Women’s Groups

Despite alerting Meta months ago, feminist groups say tens of thousands of fake accounts continue to bombard them on the platform.

The 2022 US Midterm Elections' Top Security Issue: Death Threats

While cybersecurity and foreign meddling remain priorities, domestic threats against election workers have risen to the top of the list.

The January 6 Secret Service Text Scandal Turns Criminal

Plus: The FCC cracks down on car warranty robocalls, Thai activists get targeted by NSO's Pegasus, and the Russia-Ukraine cyberwar continues.

A New Attack Easily Knocked Out a Potential Encryption Algorithm

SIKE was a contender for post-quantum-computing encryption. It took researchers an hour and a single PC to break it.

The Microsoft Team Racing to Catch Bugs Before They Happen

What's it like to be responsible for a billion people's digital security? Just ask the company's Morse researchers.

An Attack on Albanian Government Suggests New Iranian Aggression

A Tehran-linked hack of a NATO member marks a significant escalation against the backdrop of US-Iran nuclear talks.

A Slack Bug Exposed Some Users’ Hashed Passwords for 5 Years

The exposure of cryptographically scrambled passwords isn’t a worst-case scenario—but it isn’t great, either.

The US Emergency Alert System Has Dangerous Flaws

Plus: A crypto-heist extravaganza, a peek at an NSO spyware dashboard, and more.

GitHub Moves to Guard Open Source Against Supply Chain Attacks

The popular Microsoft-owned code repository plans to roll out code signing, which will help beef up the security of open source projects.

One of 5G’s Biggest Features Is a Security Minefield

New research found troubling vulnerabilities in the 5G platforms carriers offer to wrangle embedded device data.

The Hacking of Starlink Terminals Has Begun

It cost a researcher only $25 worth of parts to create a tool that allows custom code to run on the satellite dishes.

Google's Android Red Team Had a Full Pixel 6 Pwn Before Launch

Before the flagship phone ever landed in users’ hands, the security team thoroughly hacked it by finding bugs and developing exploits.

Sloppy Software Patches Are a ‘Disturbing Trend’

The Zero Day Initiative has found a concerning uptick in security updates that fail to fix vulnerabilities.

The US Offers a $10M Bounty for Intel on Conti Ransomware Gang

The State Department organization has called for people to share details about five key members of the hacking group.

Zoom’s Auto-Update Feature Came With Hidden Risks on Mac

The popular video meeting app makes it easy to keep the software up to date—but it also introduced vulnerabilities.

A Single Flaw Broke Every Layer of Security in MacOS

An injection flaw allowed a researcher to access all files on a Mac. Apple issued a fix, but some machines may still be vulnerable.

Flaw in the VA Medical Records Platform May Put Patients at Risk

The Veterans Affairs’ VistA software has a vulnerability that could let an attacker “masquerade as a doctor,” a security researcher warns.

A New Tractor Jailbreak Rides the Right-to-Repair Wave

A hacker has formulated an exploit that provides root access to two popular models of the company’s farm equipment.

Spyware Hunters Are Expanding Their Tool Set

This invasive malware isn’t just for phones—it can target your PC too. But a new batch of algorithms aims to weed out this threat.

Janet Jackson’s ‘Rhythm Nation’ Can Crash Old Hard Drives

Plus: The Twilio hack snags a reporter, a new tool to check for spyware, and the Canadian weed pipeline gets hit by a cyberattack.