‘Sinkclose’ Flaw in Hundreds of Millions of AMD Chips Allows Deep, Virtually Unfixable Infections

Researchers warn that a bug in AMD’s chips would allow attackers to root into some of the most privileged portions of a computer—and that it has persisted in the company’s processors for decades...

How Hackers Extracted the ‘Keys to the Kingdom’ to Clone HID Keycards

A team of researchers have developed a method for extracting authentication keys out of HID encoders, which could allow hackers to clone the types of keycards used to secure offices and other areas worldwide...

Computer Crash Reports Are an Untapped Hacker Gold Mine

One hacker solved the CrowdStrike outage mystery with simple crash reports, illustrating the wealth of detail about potential bugs and vulnerabilities those key documents hold...

Tricky Web Timing Attacks Are Getting Easier to Use—and Abuse

New research shows how known techniques for finding weaknesses in websites are actually practical in uncovering vulnerabilities, for better or worse...

Microsoft’s AI Can Be Turned Into an Automated Phishing Machine

Attacks on Microsoft’s Copilot AI allow for answers to be manipulated, data extracted, and security protections bypassed, new research shows...

USPS Text Scammers Duped His Wife, So He Hacked Their Operation

The Smishing Triad network sends up to 100,000 scam texts per day globally. One of those messages went to Grant Smith, who infiltrated their systems and exposed them to US authorities...

Watch How a Hacker’s Infrared Laser Can Spy on Your Laptop’s Keystrokes

Hacker Samy Kamkar is debuting his own open source version of a laser microphone—a spy tool that can invisibly pick up the sounds inside your home through a window, and even the text you’re typing...

Inside the Dark World of Doxing for Profit

From tricking companies into handing over victims’ personal data to offering violence as a service, the online doxing ecosystem is not just still a problem—it’s getting more extreme...

A Flaw in Windows Update Opens the Door to Zombie Exploits

A researcher found a vulnerability that would let hackers strategically downgrade a target’s Windows version to reexpose patched vulnerabilities. Microsoft is working on fixes for the issue...

A New Plan to Break the Cycle of Destructive Critical Infrastructure Hacks

As digital threats against US water, food, health care, and other vital sectors loom large, a new project called UnDisruptable27 aims to help fix cybersecurity weaknesses where other efforts have failed...

How Project 2025 Would Put US Elections at Risk

Experts say the “nonsensical” policy proposal, which largely aligns with Donald Trump’s agenda, would weaken the US agency tasked with protecting election integrity, critical infrastructure, and more...

US Hands Over Russian Cybercriminals in WSJ Reporter Prisoner Swap

Plus: Meta pays $1.4 million in a historic privacy settlement, Microsoft blames a cyberattack for a major Azure outage, and an artist creates a face recognition system to reveal your NYPD “coppelganger.”...

Sensitive Illinois Voter Data Exposed by Contractor’s Unsecured Databases

Social Security numbers, death certificates, voter applications, and other personal data were accessible on the open internet, highlighting the ongoing challenges in election security...

He Was an FBI Informant—and Inspired a Generation of Violent Extremists

Joshua Caleb Sutter infiltrated far-right extremist organizations as a confidential FBI informant, all while promoting hateful ideologies that influenced some of the internet's most violent groups...

A $500 Open Source Tool Lets Anyone Hack Computer Chips With Lasers

The RayV Lite will make it hundreds of times cheaper for anyone to carry out physics-bending feats of hardware hacking...

Can GPT-4o Be Trusted With Your Private Data?

OpenAI’s newest model is “a data hoover on steroids,” says one expert—but there are still ways to use it while minimizing risk...

A Senate Bill Would Radically Improve Voting Machine Security

This year’s Intelligence Authorization Act would mandate penetration testing for federally certified voting machines and allow independent researchers to work on exposing vulnerabilities...

Saboteurs Cut Internet Cables in Latest Disruption During Paris Olympics

Long-distance cables were severed across France in a move that disrupted internet connectivity...

How Infostealers Pillaged the World’s Passwords

Infostealer malware is swiping millions of passwords, cookies, and search histories. It’s a gold mine for hackers—and a disaster for anyone who becomes a target...

Stop X’s Grok AI From Training on Your Tweets

Plus: More Pegasus spyware controversy, a major BIOS controversy, and more of the week’s top security news...

A North Korean Hacker Tricked a US Security Vendor Into Hiring Him—and Immediately Tried to Hack Them

KnowBe4 detailed the incident in a recent blog post as a warning for other potential targets...

Europe Is Pumping Billions Into New Military Tech

The European Commission is allocating €7.3 billion for defense research over the next seven years. From drones and tanks of the future to battleships and space intelligence, here's what it funds...

At the Olympics, AI Is Watching You

A controversial new surveillance system in Paris foreshadows a future where there are too many CCTV cameras for humans to physically watch...

A Hacker ‘Ghost’ Network Is Quietly Spreading Malware on GitHub

Cybersecurity researchers have spotted a 3,000-account network on GitHub that is manipulating the platform and spreading ransomware and info stealers...

This Machine Exposes Privacy Violations

A former Google engineer has built a search engine, webXray, that aims to find illicit online data collection and tracking—with the goal of becoming “the Henry Ford of tech lawsuits.”...

How Russia-Linked Malware Cut Heat to 600 Ukrainian Buildings in Deep Winter

The code, the first of its kind, was used to sabotage a heating utility in Lviv at the coldest point in the year—what appears to be yet another innovation in Russia’s torment of Ukrainian civilians...

The Pentagon Wants to Spend $141 Billion on a Doomsday Machine

The DOD wants to refurbish ICBM silos that give it the ability to end civilization. But these missiles are useless as weapons, and their other main purpose—attracting an enemy’s nuclear strikes—serves no end...

The Feds Say These Are the Russian Hackers Who Attacked US Water Utilities

Plus: The FBI unlocks the Trump shooter’s phone, a security researcher gets legal threats for exposing hackable traffic lights, and more...

Don’t Fall for CrowdStrike Outage Scams

Swindlers are spinning up bogus websites in an attempt to dupe people with “CrowdStrike support” scams following the security firm's catastrophic software update...

How One Bad CrowdStrike Update Crashed the World’s Computers

A defective CrowdStrike update sent computers around the globe into a reboot death spiral, taking down air travel, hospitals, banks, and more with it. Here’s how that’s possible...

Huge Microsoft Outage Linked to CrowdStrike Takes Down Computers Around the World

A software update from cybersecurity company CrowdStrike appears to have inadvertently disrupted IT systems globally...

J.D. Vance Left His Venmo Public. Here’s What It Shows

The Republican VP nominee's Venmo network reveals connections ranging from the architects of Project 2025 to enemies of Donald Trump—and the populist's close ties to the very elites he rails against...

Alleged ‘Maniac Murder Cult’ Leader Indicted Over Plot to Kill Jews

US prosecutors have charged Michail Chkhikvishvili, also known as “Commander Butcher,” with a litany of crimes, including alleged attempts to poison Jewish children in NYC...

The US Supreme Court Kneecapped US Cyber Strategy

After the Supreme Court limited the power of federal agencies to craft regulations, it’s likely up to Congress to keep US cybersecurity policy intact...

Hackers Claim to Have Leaked 1.1 TB of Disney Slack Messages

A hacker group called “NullBulge” says it stole more than a terabyte of Disney’s internal Slack messages and files from nearly 10,000 channels in an apparent protest over AI-generated art...

US Senators Secretly Work to Block Safeguards Against Surveillance Abuse

Senator Mark Warner is trying to pass new limits on when the government can wiretap Americans. At least two senators are quietly trying to stop him...

AT&T Paid a Hacker $370,000 to Delete Stolen Phone Records

A security researcher who assisted with the deal says he believes the only copy of the complete dataset of call and text records of “nearly all” AT&T customers has been wiped—but some risks may remain...

Spyware Users Exposed in Major Data Breach

Plus: The Heritage Foundation gets hacked over Project 2025, a car dealership software provider seems to have paid $25 million to a ransomware gang, and authorities disrupt a Russian bot farm...

The Sweeping Danger of the AT&T Phone Records Breach

Telecom giant AT&T says a major data breach has exposed the call and text records of “nearly all” of its customers, epitomizing the dire state of data security...

Pressure Grows in Congress to Treat Crypto Investigator Tigran Gambaryan, Jailed in Nigeria, as a Hostage

A new resolution echoes what 16 members of Congress have already said to the White House: It must do more to free one of the most storied crypto-focused federal agents in history...

Notorious Hacker Kingpin ‘Tank’ Is Finally Going to Prison

The cybercrime boss, who helped lead the prolific Zeus malware gang and was on the FBI’s “most wanted” list for years, has been sentenced to 18 years and ordered to pay more than $73 million...

Google Is Adding Passkey Support for Its Most Vulnerable Users

Google is bringing the password-killing “passkey” tech to its Advanced Protection Program users more than a year after rolling them out broadly...

The $11 Billion Marketplace Enabling the Crypto Scam Economy

Deepfake scam services. Victim data. Electrified shackles for human trafficking. Crypto tracing firm Elliptic found all were available for sale on an online marketplace linked to Cambodia’s ruling family...

AI-Powered Super Soldiers Are More Than Just a Pipe Dream

The US military has abandoned its half-century dream of a suit of powered armor in favor of a “hyper enabled operator,” a tactical AI assistant for special operations forces...

Hackers Leaking Taylor Swift Tickets? Don’t Get Your Hopes Up

Plus: Researchers uncover a new way to expose CSAM peddlers, OpenAI suffered a secret cyberattack, cryptocurrency thefts jump in 2024, and Twilio confirms hackers stole 33 million phone numbers...

The World’s Most Popular 3D-Printed Gun Was Designed by an Aspiring Terrorist

Growing numbers of insurgents and extremists use the FGC-9. Forensic analysis of online platforms reveals the dark world of the man who created it—a self-described incel who supported the German far right...

How Apple Intelligence’s Privacy Stacks Up Against Android’s ‘Hybrid AI’

Generative AI is seeping into the core of your phone, but what does that mean for privacy? Here’s how Apple’s unique AI architecture compares to the “hybrid” approach adopted by Samsung and Google...

Proton Is Launching Encrypted Documents to Take On Google Docs

Proton is adding an end-to-end encrypted documents editor to its privacy tools, boosting its competition with Google’s suite of productivity apps...

The Tech Crash Course That Trains US Diplomats to Spot Threats

The US State Department is training diplomats in cybersecurity, privacy, telecommunications, and other technology issues, allowing them to advance US policy abroad...

The Problem the US TikTok Crackdown and Kaspersky Ban Have in Common

While Kaspersky and TikTok make very different kinds of software, the US has targeted both over national security concerns. But the looming bans have larger implications for internet freedom...