Notorious Iranian Hackers Have Been Targeting the Space Industry With a New Backdoor

In addition to its long-standing password spraying attacks, Microsoft says Iran-backed hacker group Peach Sandstorm—or APT 33—has developed custom malware dubbed “Tickler.”...

Notorious Hacker Kingpin ‘Tank’ Is Finally Going to Prison

The cybercrime boss, who helped lead the prolific Zeus malware gang and was on the FBI’s “most wanted” list for years, has been sentenced to 18 years and ordered to pay more than $73 million...

Inside a Violent Gang's Ruthless Crypto-Stealing Home Invasion Spree

More than a dozen men threatened, assaulted, tortured, or kidnapped 11 victims in likely the worst-ever crypto-focused serial extortion case of its kind in the US...

Deepfake Creators Are Revictimizing GirlsDoPorn Sex Trafficking Survivors

The most notorious deepfake sexual abuse website is hosting altered videos originally published as part of the GirlsDoPorn operation. Experts say this new low is only the beginning...

The Alleged LockBit Ransomware Mastermind Has Been Identified

Law enforcement officials say they’ve identified, sanctioned, and indicted the person behind LockBitSupp, the administrator at the heart of LockBit’s $500 million hacking rampage...

A New Surveillance Tool Invades Border Towns

Plus: An assassination plot, an AI security bill, a Project Nimbus revelation, and more of the week’s top security news...

The US Government Is Asking Big Tech to Promise Better Cybersecurity

The Biden administration is asking tech companies to sign a pledge, obtained by WIRED, to improve their digital security, including reduced default password use and improved vulnerability disclosures...

The Dangerous Rise of GPS Attacks

Thousands of planes and ships are facing GPS jamming and spoofing. Experts warn these attacks could potentially impact critical infrastructure, communication networks, and more...

Change Healthcare Finally Admits It Paid Ransomware Hackers—and Still Faces a Patient Data Leak

The company belatedly conceded both that it had paid the cybercriminals extorting it and that patient data nonetheless ended up on the dark web...

The Trump Jury Has a Doxing Problem

One juror in former US president Donald Trump’s criminal case in New York has been excused over fears she could be identified. It could get even messier...

Change Healthcare Faces Another Ransomware Threat—and It Looks Credible

Change Healthcare ransomware hackers already received a $22 million payment. Now a second group is demanding money, and it has sent WIRED samples of what they claim is the company's stolen data...

Trump Loyalists Kill Vote on US Wiretap Program

An attempt to reauthorize Section 702, the so-called crown jewel of US spy powers, failed for a third time in the House of Representatives after former president Donald Trump criticized the law...

‘Malicious Activity’ Hits the University of Cambridge’s Medical School

Multiple university departments linked to the Clinical School Computing Service have been inaccessible for a month. The university has not revealed the nature of the “malicious activity.”...

Apple Chip Flaw Leaks Secret Encryption Keys

Plus: The Biden administration warns of nationwide attacks on US water systems, a new Russian wiper malware emerges, and China-linked hackers wage a global attack spree...

Meta Abandons Hacking Victims, Draining Law Enforcement Resources, Officials Say

A coalition of 41 state attorneys general says Meta is failing to assist Facebook and Instagram users whose accounts have been hacked—and they want the company to take “immediate action.”...

Hackers Behind the Change Healthcare Ransomware Attack Just Received a $22 Million Payment

The transaction, visible on Bitcoin's blockchain, suggests the victim of one of the worst ransomware attacks in years may have paid a very large ransom...

The Privacy Danger Lurking in Push Notifications

Plus: Apple warns about sideloading apps, a court orders NSO group to turn over the code of its Pegasus spyware, and an investigation finds widely available security cams are wildly insecure...

The Mysterious Case of the Missing Trump Trial Ransomware Leak

The notorious LockBit gang promised a Georgia court leak "that could affect the upcoming US election.” It didn't materialize—but the story may not be over yet...

Biden Executive Order Bans Sale of US Data to China, Russia. Good Luck

The White House issued an executive order on Wednesday that aims to prevent the sale of Americans' data to “countries of concern,” including China and Russia. Its effectiveness may vary...

Elon Musk’s X Gave Check Marks to Terrorist Group Leaders, Report Says

A new report cited 28 “verified” accounts on X that appear to be tied to sanctioned groups or individuals...

Section 702 Surveillance Fight Pits the White House Opposite Reproductive Rights

Prominent advocates for the rights of pregnant people are urging members of Congress to support legislation that would ban warrantless access to sensitive data as the White House fights against it...

The Hidden Injustice of Cyberattacks

Cyberattacks and criminal scams can impact anyone. But communities of color and other marginalized groups are often disproportionately impacted and lack the support to better protect themselves...

How 3 Million ‘Hacked’ Toothbrushes Became a Cyber Urban Legend

Plus: China’s Volt Typhoon hackers lurked in US systems for years, the Biden administration’s crackdown on spyware vendors ramps up, and a new pro-Beijing disinformation campaign gets exposed...

The Pentagon Tried to Hide That It Bought Americans’ Data Without a Warrant

US spy agencies purchased Americans’ phone location data and internet metadata without a warrant but only admitted it after a US senator blocked the appointment of a new NSA director...

Big-Name Targets Push Midnight Blizzard Hacking Spree Back Into the Limelight

Newly disclosed breaches of Microsoft and Hewlett-Packard Enterprise highlight the persistent threat posed by Midnight Blizzard, a notorious Russian cyber-espionage group...

23andMe Blames Users for Recent Data Breach as It's Hit With Dozens of Lawsuits

Plus: Russia hacks surveillance cameras as new details emerge of its attack on a Ukrainian telecom, a Google contractor pays for videos of kids to train AI, and more...

Congress Sure Made a Lot of Noise About Kids’ Privacy in 2023—and Not Much Else

Members of the US Congress touted improvements to children’s privacy protections as an urgent priority. So why didn’t they do anything about it?...

McDonald’s Ice Cream Machine Hackers Say They Found the ‘Smoking Gun’ That Killed Their Startup

Kytch, the company that tried to fix McDonald’s broken ice cream machines, has unearthed a 3-year-old email it says proves claims of an alleged plot to undermine their business...

A New Trick Uses AI to Jailbreak AI Models—Including GPT-4

Adversarial algorithms can systematically probe large language models like OpenAI’s GPT-4 for weaknesses that can make them misbehave...

Inside America's School Internet Censorship Machine

A WIRED investigation into internet censorship in US schools found widespread use of filters to censor health, identity, and other crucial information. Students say it makes the web entirely unusable...

Section 702 Surveillance Reauthorization May Get Slipped Into ‘Must-Pass’ NDAA

Congressional leaders are discussing ways to reauthorize Section 702 surveillance, including by attaching it to the National Defense Authorization Act, Capitol Hill sources tell WIRED...

Internet Blackouts in Gaza Are a New Weapon in the Israel-Hamas War

Israel has said it’s prepared to disrupt internet service in Gaza, signaling a new age of warfare. In the past two weeks, the Palestinian territory has already suffered three communications shutdowns...

The Team Helping Women Fight Digital Domestic Abuse

Location-enabled tech designed to make our lives easier is often exploited by domestic abusers. Refuge, a UK nonprofit, helps women to leave abusive relationships, secure their devices, and stay safe...

Satellite Images Show the Devastating Cost of Sudan’s Aerial War

As civil conflict continues in and above the streets of Khartoum, satellite images from the Conflict Observatory at Yale University have captured the catastrophic damage...

The Shocking Data on Kia and Hyundai Thefts in the US

Plus: MGM hackers hit more than just casinos, Microsoft researchers accidentally leak terabytes of data, and China goes on the PR offensive over cyberespionage...

How X Is Suing Its Way Out of Accountability

The social media giant filed a lawsuit against a nonprofit that researches hate speech online. It’s the latest effort to cut off the data needed to expose online platforms’ failings...

Twitter Scammers Stole $1,000 From My Friend—So I Hunted Them Down

After scammers duped a friend with a hacked Twitter account and a “deal” on a MacBook, I enlisted the help of a fellow threat researcher to trace the criminals’ offline identities...

How Threads' Privacy Policy Compares to Twitter's (and Its Rivals')

Want to try out Meta’s new social media app? Here’s more context on what personal data is collected by Threads and similar social media apps...

The US Senate Wants to Rein In AI. Good Luck With That

With a poor track record on tech regulation, do lawmakers stand a chance?...

Humans Aren’t Mentally Ready for an AI-Saturated ‘Post-Truth World’

The AI era promises a flood of disinformation, deepfakes, and hallucinated “facts.” Psychologists are only beginning to grapple with the implications...

9 Years After the Mt. Gox Hack, Feds Indict Alleged Culprits

Plus: Instagram’s CSAM network gets exposed, Clop hackers claim credit for MOVEit Transfer exploit, and a $35 million crypto heist has North Korean ties...

AI Is Being Used to ‘Turbocharge’ Scams

Plus: Amazon’s Ring was ordered to delete algorithms, North Korea’s failed spy satellite, and a rogue drone “attack” isn’t what it seems...

How to Use Google Authenticator

The two-factor authentication tool got some serious upgrades that can help you bolster security for your online accounts...

A Republican-Led Lawsuit Threatens Critical US Cyber Protections

Three states are suing to block security rules for water facilities. If they win, it may open the floodgates for challenges to other cyber rules...

The Team of Sleuths Quietly Hunting Cyberattack-for-Hire Services

For a decade, a group called Big Pipes has worked behind the scenes with the FBI to target the worst cybercriminal “booter” services plaguing the internet...

Apple, Google, and Microsoft Just Fixed Zero-Day Security Flaws

Firefox gets a needed tune-up, SolarWinds squashes two high-severity bugs, Oracle patches 433 vulnerabilities, and more updates you should make now...

Brace Yourself for the 2024 Deepfake Election

No matter what happens with generative AI, its disruptive forces are already beginning to play a role in the fast-approaching US presidential race...

Google’s Authenticator App Now Lets You Sync 2FA Codes Across Devices

You can now sync sign-in codes across devices—but they aren’t end-to-end encrypted...

Chinese Cops Ran Troll Farm and Secret NY Police Station, US Says

Three criminal cases detail China's alleged attempts to extend its security forces' influence online—and around the globe...

Apple’s Macs Have Long Escaped Ransomware. That May Be Changing

The discovery of malicious encryptors for Apple computers could herald new risks for macOS users if the malware continues to evolve...