What Is a Supply Chain Attack?

From NotPetya to SolarWinds, it’s a problem that’s not going away any time soon...

Apple’s M1 Chip Has a Fascinating Flaw

The covert channel bug is harmless, but it demonstrates that even new CPUs have mistakes in them...

US Soldiers Exposed Nuclear Secrets on Digital Flash Ccards

Plus: A major hack in Japan, Citizen app run amok, and more of the week’s top security news...

The Bizarro Streaming Site That Hackers Built From Scratch

BravoMovies isn’t real. But it goes to a remarkable amount of trouble to convince you that it is...

The SolarWinds Hackers Aren’t ‘Back.’ They Never Went Away

A new phishing campaign from Russian spies targeted USAID, among others. But it’s less an escalation than a regression to the mean...

Blurred Satellite Images Make Rebuilding Palestine Harder

Digital researchers and aid groups say free mapping tools like Google Earth are too imprecise...

WhatsApp’s Fight With India Has Global Implications

The country’s “traceability” requirement would undermine the privacy of the encrypted messaging app’s users far beyond its borders...

A Never-Before-Seen Wiper Malware Is Hitting Israeli Targets

The malicious code, which masquerades as ransomware, appears to come from a hacking group with ties to Iran...

As Chips Shrink, Rowhammer Attacks Get Harder to Stop

A full fix for the “Half-Double” technique will require rethinking how memory semiconductors are designed...

How to Avoid App Store Scams

Apple’s and Google’s approval guidelines are notoriously lax—and they won’t keep out apps that are after your money and data. Here’s how to sniff them out...

Apple Exec Calls Mac Malware Levels Unacceptable Under Oath

Ireland's ransomware crisis continues, a Russian scammer gets sentenced, and more of the week's top security news...

How to Avoid Those Infuriating Cookie Pop-Ups

Cookie consent notices are everywhere, and opting out of tracking is a pain. It doesn’t have to be this way...

Goodbye Internet Explorer—and Good Riddance

Microsoft will finally put the venerated, vulnerability-ridden browser out to pasture, but it's still got a year to cause some trouble...

The Full Story of the Stunning RSA Hack Can Finally Be Told

In 2011, Chinese spies stole the crown jewels of cybersecurity—stripping protections from firms and government agencies worldwide. Here’s how it happened...

I’m Not a Robot! So Why Won’t Captchas Believe Me?

If clicking crosswalks makes your blood boil, you’re not alone. Fortunately, there are some tips that make solving those challenges way less frustrating...

Android 12 Will Let You Fine-Tune Permissions for Apps

A new privacy dashboard and “app hibernation” are coming to Google's mobile operating system...

Ransomware’s Dangerous New Trick: Double-Encrypting Your Data

Even when you pay for a decryption key, your files may still be locked up by another strain of malware...

WhatsApp’s New Privacy Policy Just Kicked In

Instead of a hard cutoff, the messaging app will gradually degrade and eventually cease to function if you don’t accept the changes...

The Real Cost of Colonial Pipeline's $5 Million Ransom

Stopping payments would go a long way to stopping ransomware. But the choice is never quite so easy...

Decades-Old 'Frag Attack' Flaws Affect Almost Every Wi-Fi Device

The so-called Frag Attack vulnerabilities could let hackers steal data or compromise connected gadgets...

GameStop FOMO Inspires a New Wave of Crypto Pump-and-Dumps

Thousands of would-be investors are joining Discord groups that promise big earnings by manipulating the crypto market...

How Amazon Sidewalk Works—and Why You May Want to Turn It Off

The premise is convenient. But the ecommerce giant’s record on privacy isn't exactly inspiring...

DarkSide Hit Colonial Pipeline—and Created an Unholy Mess

As the White House gets involved in the response, the group behind the malware is scrambling...

Apple Execs Chose to Keep a Hack of 128 Million iPhones Quiet

Emails from the Epic Games lawsuit show Apple brass discussing how to handle a 2015 iOS hack. The company never directly notified affected users...

What’s Google FLoC? And How Does It Affect Your Privacy?

There’s a battle raging over how advertisers can target us on the web—or whether they should be able to target us at all...

Google Gets Serious About Two-Factor Authentication. Good!

The tech giant wants to push its billions of users—and the rest of the industry—to enable multifactor authentication by default...

The Colonial Pipeline Hack Is a New Extreme for Ransomware

An attack has crippled the company’s operations—and cut off a large portion of the East Coast’s fuel supply—in an ominous development for critical infrastructure...

ISPs Funded 8.5 Million Fake Comments Opposing Net Neutrality

The secret campaign, backed by major broadband companies, used real people’s names without their consent...

Microsoft Will Soon Kill Flash on Windows 10 for Good

Plus: A Peloton data leak, Russian hacker details, and more of the week’s top security news...

Twitter's Tip Jar Privacy Fiasco Was Entirely Avoidable

Sending its users to PayPal has created all sorts of problems that Twitter should have caught ahead of time...

How a Former Netflix Exec Built a Brazen Bribery Scheme

The company’s ex-vice president of IT faces 20 years in prison for creating a pay-to-play environment with technology vendors...

They Told Their Therapists Everything. Hackers Leaked It All

A mental health startup built its business on easy-to-use technology. Patients joined in droves. Then came a catastrophic data breach...

Don’t Buy Into Facebook’s Ad-Tracking Pressure on iOS 14.5

The company tells Apple users that tracking helps keep those platforms “free of charge,” but opting out now doesn't mean paying up later...

A Ransomware Group Hit DC Police—Then Pivoted to Extortion

Warrantless searches, tracking troops, and more of the week’s top security news...

Google's Grand Plan to Eradicate Cookies Is Crumbling

Regulators in the EU and competitors have raised concerns about the company's proposals to rewrite the rules of online advertising...

An Ambitious Plan to Tackle Ransomware Faces Long Odds

A task force counting Amazon, Cisco, and the FBI among its members has proposed a framework to solve one of cybersecurity's biggest problems. Good luck...

Feds Arrest an Alleged $336M Bitcoin-Laundering Kingpin

The alleged administrator of Bitcoin Fog kept the dark web service running for 10 years before the IRS caught up with him...

AirDrop Is Leaking Email Addresses and Phone Numbers

Apple has known about the flaw since 2019 but has yet to acknowledge or fix it...

Hackers Used ‘Mind-Blowing’ Bug to Dodge macOS Safeguards

The vulnerability was patched Monday, but hackers had already used it to spread malware...

The New iOS Update Lets You Stop Ads From Tracking You

Facebook and other advertisers fought the move, but App Tracking Transparency is finally here...

VPN Hacks Are a Slow-Motion Disaster

Recent spying attacks against Pulse Secure VPN are just the latest example of a long-simmering cybersecurity meltdown...

Signal's Founder Hacked a Notorious Phone-Cracking Device

Plus: App Store scams, an anti-surveillance bill, and more of the week’s top security news...

Apple’s Ransomware Mess Is the Future of Online Extortion

This week, hackers stole confidential schematics from a third-party supplier and demanded $50 million not to release them...

A New Facebook Bug Exposes Millions of Email Addresses

A recently discovered vulnerability discloses user email addresses even when they’re set to private...

Palestinian Hackers Tricked Victims to Install iOS Spyware

The groups used social engineering techniques on Facebook to direct targets to a wide range of malware, including custom tools...

A Clubhouse Bug Let People Lurk in Rooms Invisibly

The vulnerabilities opened the door to “ghosts” hiding in and disrupting rooms, where moderators would be unable to mute them...

They Hacked McDonald’s Ice Cream Machines—and Started a Cold War

Secret codes. Legal threats. Betrayal. How one couple built a device to fix McDonald’s notoriously broken soft-serve machines—and how the fast-food giant froze them out...

How the FBI Got Into the San Bernardino Shooter’s iPhone

Plus: Russian sanctions, Europe’s SolarWinds fallout, and more of this week’s top security news...

US Sanctions on Russia Rewrite Cyberespionage's Rules

The US has sent a loud message to Moscow—though what it's saying isn’t exactly clear...

The Biggest Security Threats to the US Are the Hardest to Define

In a Senate briefing, the heads of the major intelligence agencies warned the public about dangers that offer no easy solutions...