Here Come the AI Worms

By Matt Burgess — March 1^st 2024 at 09:00

Security researchers created an AI worm in a test environment that can automatically spread between generative AI agents—potentially stealing data and sending spam emails along the way.

The Hacker News

iOS Zero-Day Attacks: Experts Uncover Deeper Insights into Operation Triangulation

By Newsroom — October 24^th 2023 at 08:37

The TriangleDB implant used to target Apple iOS devices packs in at least four different modules to record microphone, extract iCloud Keychain, steal data from SQLite databases used by various apps, and estimate the victim's location. The new findings come from Kaspersky, which detailed the great lengths the adversary behind the campaign, dubbed Operation Triangulation, went to conceal and cover

Naked Security

NPM JavaScript packages abused to create scambait links in bulk

By Paul Ducklin — February 22^nd 2023 at 20:59

Free spins? Bonus game points? Cheap social media followers? What harm could it possibly do if you just take a tiny little look?!

WIRED

The Most Dangerous People on the Internet in 2022

By WIRED Staff — December 26^th 2022 at 12:00

From SBF to the GRU, these were the most disruptive forces of online chaos this year.

WIRED

How to Protect Yourself If Your School Uses Surveillance Tech

By Pia Ceres — October 10^th 2022 at 11:00

Colleges and K-12 campuses increasingly monitor student emails, social media, and more. Here’s how to secure your (or your child’s) privacy.

Naked Security

Mild monthly security update from Firefox – but update anyway

By Paul Ducklin — July 27^th 2022 at 00:41

You're probably thinking we're going to say, "Don't delay/Do it today"... and that's exactly what we are saying!

WIRED

A New Attack Can Unmask Anonymous Users on Any Major Browser

By Lily Hay Newman — July 14^th 2022 at 11:00

Researchers have found a way to use the web's basic functions to identify who visits a site—without the user detecting the hack.

The Hacker News

New Unpatched Bug Could Let Attackers Steal Money from PayPal Users

By Ravie Lakshmanan — May 23^rd 2022 at 09:08

A security researcher claims to have discovered an unpatched vulnerability in PayPal's money transfer service that could allow attackers to trick victims into unknowingly completing attacker-directed transactions with a single click. Clickjacking, also called UI redressing, refers to a technique wherein an unwitting user is tricked into clicking seemingly innocuous webpage elements like buttons

The Hacker News

Fake Clickjacking Bug Bounty Reports: The Key Facts

By The Hacker News — May 16^th 2022 at 10:45

Are you aware of fake clickjacking bug bounty reports? If not, you should be. This article will get you up to speed and help you to stay alert. What are clickjacking bug bounty reports? If we start by breaking up the term into its component parts, a bug bounty is a program offered by an organization, in which individuals are rewarded for finding and reporting software bugs. These programs are