Lucene search
K
SchneierRecent

2978 matches found

Schneier on Security
Schneier on Security
added 2026/05/14 11:4 a.m.11 views

How Dangerous Is Anthropic’s Mythos AI?

Last month, Anthropic made a remarkable announcement about its new model, Claude Mythos Preview: it was so good at finding security vulnerabilities in software that the company would not release it to the general public. Instead, it would only be available to a select group of companies to scan a...

5.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/05/13 11:3 a.m.18 views

OpenAI’s GPT-5.5 is as Good as Mythos at Finding Security Vulnerabilities

The UK's AI Security Institute evaluated GPT-5.5's ability to find security vulnerabilities, and found that it is comparable to Claude Mythos. Note that the OpenAI model is generally available. Here is the Institute's evaluation of Mythos. And here is an analysis of a smaller, cheaper model. It...

5.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/05/12 11:6 a.m.14 views

Copy.Fail Linux Vulnerability

This is the worst Linux vulnerability in years. TL;DR copy.fail is a Linux kernel local privilege escalation, not a browser or clipboard attack. Disclosed by Theori on 29 April 2026 with a working PoC. It abuses the kernel crypto API AFALG sockets plus splice to write four bytes at a time straigh...

5.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/05/11 11:4 a.m.15 views

LLMs and Text-in-Text Steganography

Turns out that LLMs are really good at hiding text messages in other text messages...

5.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/05/08 9:3 p.m.11 views

Friday Squid Blogging: Giant Squid Live in the Waters of Western Australia

Evidence of them has been found by analyzing DNA in the seawater. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Blog moderation policy...

5.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/05/08 5:49 p.m.11 views

Insider Betting on Polymarket

Insider trading is rife on Polymarket: Analysis by the Anti-Corruption Data Collective, a non-profit research and advocacy group, found that long-shot bets--­defined as wagers of $2,500 or more at odds of 35 percent or less--­on the platform had an average win rate of around 52 percent in markets...

5.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/05/07 11:7 a.m.13 views

Smart Glasses for the Authorities

ICE is developing its own version of smart glasses, with facial recognition tied to various databases...

5.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/05/06 10:36 a.m.11 views

Rowhammer Attack Against NVIDIA Chips

A new rowhammer attack gives complete control of NVIDIA CPUs. On Thursday, two research teams, working independently of each other, demonstrated attacks against two cards from Nvidia’s Ampere generation that take GPU rowhammering into new--­and potentially much more consequential--­territory: GDD...

5.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/05/05 10:42 a.m.12 views

DarkSword Malware

DarkSword is a sophisticated piece of malware--probably government designed--that targets iOS. Google Threat Intelligence Group GTIG has identified a new iOS full-chain exploit that leveraged multiple zero-day vulnerabilities to fully compromise devices. Based on toolmarks in recovered payloads, ...

5.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/05/04 9:46 a.m.12 views

Hacking Polymarket

Polymarket is a platform where people can bet on real-world events, political and otherwise. Leaving the ethical considerations of this aside for one, it facilitates assassination, one of the issues with making this work is the verification of these real-world events. Polymarket gamblers have...

5.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/05/01 11:18 a.m.9 views

A Ransomware Negotiator Was Working for a Ransomware Gang

Someone pleaded guilty to secretly working for a ransomware gang as he negotiated ransomware payments for clients...

5.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/04/30 10:22 a.m.8 views

Fast16 Malware

Researchers have reverse-engineered a piece of malware named Fast16. It's almost certainly state-sponsored, probably US in origin, and was deployed against Iran years before Stuxnet: "…the Fast16 malware was designed to carry out the most subtle form of sabotage ever seen in an in-the-wild malwar...

5.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/04/29 10:12 a.m.12 views

Claude Mythos Has Found 271 Zero-Days in Firefox

That's a lot. No, it's an extraordinary number: Since February, the Firefox team has been working around the clock using frontier AI models to find and fix latent security vulnerabilities in the browser. We wrote previously about our collaboration with Anthropic to scan Firefox with Opus 4.6, whi...

5.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/04/28 11:6 a.m.17 views

What Anthropic’s Mythos Means for the Future of Cybersecurity

Two weeks ago, Anthropic announced that its new model, Claude Mythos Preview, can autonomously find and weaponize software vulnerabilities, turning them into working exploits without expert guidance. These were vulnerabilities in key software like operating systems and internet infrastructure tha...

5.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/04/27 11:4 a.m.10 views

Medieval Encrypted Letter Decoded

Sent by a Spanish diplomat. Apparently people have been working on it since it was rediscovered in 1860...

5.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/04/24 9:3 p.m.8 views

Friday Squid Blogging: How Squid Survived Extinction Events

Science news: Scientists have finally cracked a long-standing mystery about squid and cuttlefish evolution by analyzing newly sequenced genomes alongside global datasets. The research reveals that these bizarre, intelligent creatures likely originated deep in the ocean over 100 million years ago,...

5.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/04/24 11:1 a.m.11 views

Hiding Bluetooth Trackers in Mail

It was used to track a Dutch naval ship: Dutch journalist Just Vervaart, working for regional media network Omroep Gelderland, followed the directions posted on the Dutch government website and mailed a postcard with a hidden tracker inside. Because of this, they were able to track the ship for...

5.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/04/23 11:5 a.m.13 views

FBI Extracts Deleted Signal Messages from iPhone Notification Database

404 Media reports alternate site: The FBI was able to forensically extract copies of incoming Signal messages from a defendant’s iPhone, even after the app was deleted, because copies of the content were saved in the device’s push notification database…. The news shows how forensic...

5.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/04/22 11:2 a.m.11 views

ICE Uses Graphite Spyware

ICE has admitted that it uses spyware from the Israeli company Graphite...

5.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/04/21 11:4 a.m.11 views

Mexican Surveillance Company

Grupo Seguritech is a Mexican surveillance company that is expanding into the US...

5.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/04/20 11:7 a.m.10 views

Is “Satoshi Nakamoto” Really Adam Back?

The New York Times has a long article where the author lays out an impressive array of circumstantial evidence that the inventor of Bitcoin is the cypherpunk Adam Back. I don't know. The article is convincing, but it's written to be convincing. I can't remember if I ever met Adam. I was a member ...

5.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/04/17 9:5 p.m.8 views

Friday Squid Blogging: New Giant Squid Video

Pretty fantastic video from Japan of a giant squid eating another squid. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Blog moderation policy...

5.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/04/17 11:2 a.m.13 views

Mythos and Cybersecurity

Last week, Anthropic pulled back the curtain on Claude Mythos Preview, an AI model so capable at finding and exploiting software vulnerabilities that the company decided it was too dangerous to release to the public. Instead, access has been restricted to roughly 50 organizations--Microsoft, Appl...

5.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/04/16 9:41 a.m.8 views

Human Trust of AI Agents

Interesting research: "Humans expect rationality and cooperation from LLM opponents in strategic games." Abstract: As Large Language Models LLMs integrate into our social and economic interactions, we need to deepen our understanding of how humans respond to LLMs opponents in strategic settings. ...

5.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/04/15 10:47 a.m.9 views

Defense in Depth, Medieval Style

This article on the walls of Constantinople is fascinating. The system comprised four defensive lines arranged in formidable layers: The brick-lined ditch, divided by bulkheads and often flooded, 15­-20 meters wide and up to 7 meters deep. A low breastwork, about 2 meters high, enabling defenders...

5.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/04/14 4:1 p.m.7 views

Upcoming Speaking Engagements

This is a current list of where and when I am scheduled to speak: I’m speaking at DemocracyXChange 2026 in Toronto, Ontario, Canada, on April 18, 2026. I’m speaking at the SANS AI Cybersecurity Summit 2026 in Arlington, Virginia, USA, at 9:40 AM ET on April 20, 2026. I'm speaking at the Greater...

5.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/04/14 10:49 a.m.9 views

How Hackers Are Thinking About AI

Interesting paper: "What hackers talk about when they talk about AI: Early-stage diffusion of a cybercrime innovation." Abstract: The rapid expansion of artificial intelligence AI is raising concerns about its potential to transform cybercrime. Beyond empowering novice offenders, AI stands to...

5.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/04/13 4:52 p.m.7 views

On Anthropic’s Mythos Preview and Project Glasswing

The cybersecurity industry is obsessing over Anthropic's new model, Claude Mythos Preview, and its effects on cybersecurity. Anthropic said that it is not releasing it to the general public because of its cyberattack capabilities, and has launched Project Glasswing to run the model against a whol...

5.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/04/13 10:10 a.m.8 views

AI Chatbots and Trust

All the leading AI chatbots are sycophantic, and that's a problem: Participants rated sycophantic AI responses as more trustworthy than balanced ones. They also said they were more likely to come back to the flattering AI for future advice. And critically ­ they couldn't tell the difference betwe...

5.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/04/10 9:3 p.m.9 views

Friday Squid Blogging: Squid Overfishing in the South Pacific

Regulation is hard: The South Pacific Regional Fisheries Management Organization SPRFMO oversees fishing across roughly 59 million square kilometers 22 million square miles of the South Pacific high seas, trying to impose order on a region double the size of Africa, where distant-water fleets...

5.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/04/10 10:41 a.m.10 views

Sen. Sanders Talks to Claude About AI and Privacy

Claude is actually pretty good on the issues...

5.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/04/09 10:51 a.m.8 views

On Microsoft’s Lousy Cloud Security

ProPublica has a scoop: In late 2024, the federal government's cybersecurity evaluators rendered a troubling verdict on one of Microsoft's biggest cloud computing offerings. The tech giant's "lack of proper detailed security documentation" left reviewers with a "lack of confidence in assessing th...

5.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/04/08 10:25 a.m.8 views

Python Supply-Chain Compromise

This is news: A malicious supply chain compromise has been identified in the Python Package Index package litellm version 1.82.8. The published wheel contains a malicious .pth file litellminit.pth, 34,628 bytes which is automatically executed by the Python interpreter on every startup, without...

5.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/04/07 5:7 p.m.8 views

Cybersecurity in the Age of Instant Software

AI is rapidly changing how software is written, deployed, and used. Trends point to a future where AIs can write custom software quickly and easily: "instant software." Taken to an extreme, it might become easier for a user to have an AI write an application on demand--a spreadsheet, for...

5.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/04/07 9:45 a.m.7 views

Hong Kong Police Can Force You to Reveal Your Encryption Keys

According to a new law, the Hong Kong police can demand that you reveal the encryption keys protecting your computer, phone, hard drives, etc.--even if you are just transiting the airport. In a security alert dated March 26, the U.S. Consulate General said that, on March 23, 2026, Hong Kong...

5.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/04/06 7:9 p.m.18 views

New Mexico’s Meta Ruling and Encryption

Mike Masnick points out that the recent New Mexico court ruling against Meta has some bad implications for end-to-end encryption, and security in general: If the "design choices create liability" framework seems worrying in the abstract, the New Mexico case provides a concrete example of where it...

5.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/04/06 10:52 a.m.8 views

Google Wants to Transition to Post-Quantum Cryptography by 2029

Google says that it will fully transition to post-quantum cryptography by 2029. I think this is a good move, not because I think we will have a useful quantum computer anywhere near that year, but because crypto-agility is always a good thing. Slashdot thread...

5.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/04/03 9:7 p.m.6 views

Friday Squid Blogging: Jurassic Fish Chokes on Squid

Here's a fossil of a 150-million year old fish that choked to death on a belemnite rostrum : the hard, internal shell of an extinct, squid-like animal. Original paper. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Blog moderation...

5.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/04/03 11:8 a.m.7 views

Company that Secretly Records and Publishes Zoom Meetings

WebinarTV searches the internet for public Zoom invites, joins the meetings, secretly records them, and publishes alternate link the recordings. It doesn't use the Zoom record feature, so Zoom can't do anything about it...

5.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/04/02 5:28 p.m.5 views

US Bans All Foreign-Made Consumer Routers

This is for new routers; you don't have to throw away your existing ones: The Executive Branch determination noted that foreign-produced routers 1 introduce "a supply chain vulnerability that could disrupt the U.S. economy, critical infrastructure, and national defense" and 2 pose "a severe...

5.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/04/02 10:5 a.m.7 views

Possible US Government iPhone Hacking Tool Leaked

Wired writes alternate source: Security researchers at Google on Tuesday released a report describing what they're calling "Coruna," a highly sophisticated iPhone hacking toolkit that includes five complete hacking techniques capable of bypassing all the defenses of an iPhone to silently install...

5.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/04/01 4:57 p.m.12 views

Is “Hackback” Official US Cybersecurity Strategy?

The 2026 US "Cyber Strategy for America" document is mostly the same thing we've seen out of the White House for over a decade, but with a more aggressive tone. But one sentence stood out: "We will unleash the private sector by creating incentives to identify and disrupt adversary networks and...

5.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/04/01 9:59 a.m.6 views

A Taxonomy of Cognitive Security

Last week, I listened to a fascinating talk by K. Melton on cognitive security, cognitive hacking, and reality pentesting. The slides from the talk are here, but--even better--Menton has a long essay laying out the basic concepts and ideas. The whole thing is important and well worth reading, and...

5.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/03/31 11:5 a.m.7 views

Inventors of Quantum Cryptography Win Turing Award

Charles Bennett and Gilles Brassard have won the 2026 Turing Award for inventing quantum cryptography. I am incredibly pleased to see them get this recognition. I have always thought the technology to be fantastic, even though I think it's largely unnecessary. I wrote up my thoughts back in 2008,...

5.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/03/30 11:8 a.m.7 views

Apple’s Camera Indicator Lights

A thoughtful review of Apple's system to alert users that the camera is on. It's really well-designed, and important in a world where malware could surreptitiously start recording. The reason it's tempting to think that a dedicated camera indicator light is more secure than an on-display indicato...

5.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/03/27 8:18 p.m.6 views

Friday Squid Blogging: Bioluminescent Bacteria in Squid

The Hawaiian bobtail squid has bioluminescent bacteria...

5.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/03/26 11:6 a.m.8 views

As the US Midterms Approach, AI Is Going to Emerge as a Key Issue Concerning Voters

In December, the Trump administration signed an executive order that neutered states' ability to regulate AI by ordering his administration to both sue and withhold funds from states that try to do so. This action pointedly supported industry lobbyists keen to avoid any constraints and consequenc...

5.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/03/25 11:2 a.m.6 views

Sen. Wyden Warns of Another Section 702 Abuse

Sen. Ron Wyden is warning us of an abuse of Section 702: Wyden took to the Senate floor to deliver a lengthy speech, ostensibly about the since approved with support of many Democrats nomination of Joshua Rudd to lead the NSA. Wyden was protesting that nomination, but in the context of Rudd being...

5.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/03/24 11:3 a.m.7 views

Team Mirai and Democracy

Japan’s election last month and the rise of the country’s newest and most innovative political party, Team Mirai, illustrates the viability of a different way to do politics. In this model, technology is used to make democratic processes stronger, instead of undermining them. It is harnessed to...

5.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/03/23 11:1 a.m.8 views

Microsoft Xbox One Hacked

It's an impressive feat, over a decade after the box was released: Since reset glitching wasn't possible, Gaasedelen thought some voltage glitching could do the trick. So, instead of tinkering with the system rest pins the hacker targeted the momentary collapse of the CPU voltage rail. This was...

5.9AI score
Exploits0
Total number of security vulnerabilities2978