Popular HR and Payroll Company Sequoia Discloses a Data Breach

The company, which works with hundreds of startups, said it detected unauthorized access to personal data, including Social Security numbers.

Apple Kills Its Plan to Scan Your Photos for CSAM. Here’s What’s Next

The company plans to expand its Communication Safety features, which aim to disrupt the sharing of child sexual abuse material at the source.

Apple Expands End-to-End Encryption to iCloud Backups

The company will also soon support the use of physical authentication keys with Apple ID, and is adding contact verification for iMessage in 2023.

Android Phone Makers’ Encryption Keys Stolen and Used in Malware

Device manufacturers use “platform certificates” to verify an app’s authenticity, making them particularly dangerous in the wrong hands.

Google Moves to Block Invasive Spanish Spyware Framework

The Heliconia hacking tool exploited vulnerabilities in Chrome, Windows Defender, and Firefox, according to company security researchers.

The US Has a Bomb-Sniffing Dog Shortage

Finding high-quality detection canines is hard enough—and the pandemic only dug a deeper hole.

A Destabilizing Hack-and-Leak Operation Hits Moldova

Plus: Google’s location snooping ends in a $391 million settlement, Russian code sneaks into US government apps, and the World Cup apps set off alarms.

Here’s How Bad a Twitter Mega-Breach Would Be

Elon Musk laid off half the staff, and mass resignations seem likely. If nobody’s there to protect the fort, what’s the worst that could happen?

Twitter’s SMS Two-Factor Authentication Is Melting Down

Problems with the important security feature may be some of the first signs that Elon Musk’s social network is fraying at the edges.

Russia’s Sway Over Criminal Ransomware Gangs Is Coming Into Focus

Questions about the Kremlin’s relationships with these groups remain. But researchers are finally getting some answers.

The Secret Ballot Is US Democracy’s Last Line of Defense

Voter intimidation has cropped up in places across the nation, but the voting booth remains the one place where nobody can get to you.

TikTok Admits Staff in China Can Access Europeans’ Data

Plus: Liz Truss’ phone-hacking trouble, Cash App’s sex-trafficking problem, and the rising cost of ransomware.

The Rise of Rust, the ‘Viral’ Secure Programming Language That’s Taking Over Tech

Rust makes it impossible to introduce some of the most common security vulnerabilities. And its adoption can’t come soon enough.

If Musk Starts Firing Twitter's Security Team, Run

What's next for the social network is anyone's guess—but here's what to watch as you wade through the privacy and security morass.

Apple MacOS Ventura Bug Breaks Third-Party Security Tools

Your anti-malware software may not work if you upgraded to the new operating system. But Apple says a fix is on the way.

TikTok’s Security Threat Comes Into Focus

Plus: A Microsoft cloud leak exposed potential customers, new IoT security labels come to the US, and details emerge about Trump’s document stash.

How Vice Society Got Away With a Global Ransomware Spree

Vice Society has a superpower that’s allowed it to quietly carry out attacks on schools and hospitals around the world: mediocrity.

How the World Will Know If Russia Is Preparing to Launch a Nuclear Attack

While tensions over a possible nuclear attack on Ukraine remain high, experts say surveillance will likely catch Russia if it plans to do the unthinkable.

Google’s Pixel 7 and Pixel 7 Pro Pack New Android VPN and Tensor G2, Titan M2 Chips

The company says it hardened the security of its new flagship phones—and plans to release a built-in Android VPN.

Binance Hackers Minted $569M in Crypto—Then It Got Complicated

Plus: The US warns of a mysterious military contractor breach, a "poisoned" version of the Tor Browser is tracking Chinese users, and more.

The Uber Data Breach Conviction Shows Security Execs What Not to Do

Former Uber security chief Joe Sullivan’s conviction is a rare criminal consequence for an executive’s handling of a hack.

Meta Says It Has Busted More Than 400 Login-Stealing Apps This Year

The company plans to alert 1 million Facebook users that their account credentials may have been compromised by malicious software.

Microsoft Exchange Server Has a Zero-Day Problem

Plus: CIA failures allegedly got US informants killed, a former NSA worker is charged under the Espionage Act, and more.

The Challenge of Cracking Iran’s Internet Blockade

People around the world are rallying to subvert Iran's internet shutdown, but actually pulling it off is proving difficult and risky.

Cloudflare Takes a Stab at a Captcha That Doesn’t Suck

The internet infrastructure company has an alternative tool to check whether you’re human—and it doesn’t force you to pick out buses in tiny boxes.

The Dire Warnings in the Lapsus$ Hacker Joyride

The fun-loving cybercriminals blamed for breaches of Uber and Rockstar are exposing weaknesses in ways others aren't.

Child Predators Mine Twitch to Prey on Kids

Plus: A leaked trove illuminates Russia’s internet regulator, a report finds Facebook and Instagram violated Palestinian rights, and more.

A New Linux Tool Aims to Guard Against Supply Chain Attacks

Security firm Chainguard has created a simple, open source way for organizations to defend the cloud against some of the most insidious attacks.

The Uber Hack’s Devastation Is Just Starting to Reveal Itself

An alleged teen hacker claims to have gained deep access to the company’s systems, but the full picture of the breach is still coming into focus.

iOS 16 Has 2 New Security Features for Worst-Case Scenarios

Safety Check and Lockdown Mode give people in vulnerable situations ways to quarantine themselves from acute risks.

It’s Time to Get Real About TikTok’s Risks

US lawmakers keep warning about the popular app. But until they can explain what makes it uniquely dangerous, it’s difficult to tailor a resolution.

Police Across US Bypass Warrants With Mass Location-Tracking Tool

Plus: An unsecured database exposed face recognition data in China, ‘Cuba’ ransomware knocks out Montenegro, and more.

Careless Errors in Hundreds of Apps Could Expose Troves of Data

Researchers found that mobile applications contain keys that could provide access to both user information and private files from unconnected apps.

Why the Twilio Breach Cuts So Deep

The phishing attack on the SMS giant exposes the dangers of B2B companies to the entire tech ecosystem.

The Twitter Whistleblower Report’s Most Damning Allegation

Peiter “Mudge” Zatko’s claims about the company’s lax security are all bad. But one clearly captures the extent of systemic issues.

Janet Jackson’s ‘Rhythm Nation’ Can Crash Old Hard Drives

Plus: The Twilio hack snags a reporter, a new tool to check for spyware, and the Canadian weed pipeline gets hit by a cyberattack.

Spyware Hunters Are Expanding Their Tool Set

This invasive malware isn’t just for phones—it can target your PC too. But a new batch of algorithms aims to weed out this threat.

A New Tractor Jailbreak Rides the Right-to-Repair Wave

A hacker has formulated an exploit that provides root access to two popular models of the company’s farm equipment.

Flaw in the VA Medical Records Platform May Put Patients at Risk

The Veterans Affairs’ VistA software has a vulnerability that could let an attacker “masquerade as a doctor,” a security researcher warns.

Zoom’s Auto-Update Feature Came With Hidden Risks on Mac

The popular video meeting app makes it easy to keep the software up to date—but it also introduced vulnerabilities.

Sloppy Software Patches Are a ‘Disturbing Trend’

The Zero Day Initiative has found a concerning uptick in security updates that fail to fix vulnerabilities.

Meta Just Happens to Expand Messenger’s End-to-End Encryption

The company says an expansion of privacy features in Messenger is unrelated to a high-profile Nebraska abortion case.

Google's Android Red Team Had a Full Pixel 6 Pwn Before Launch

Before the flagship phone ever landed in users’ hands, the security team thoroughly hacked it by finding bugs and developing exploits.

A Long-Awaited IoT Reverse Engineering Tool Is Finally Here

Ten years after it was first unveiled, the powerful firmware analysis platform Ofrak is now available to anyone.

One of 5G’s Biggest Features Is a Security Minefield

New research found troubling vulnerabilities in the 5G platforms carriers offer to wrangle embedded device data.

GitHub Moves to Guard Open Source Against Supply Chain Attacks

The popular Microsoft-owned code repository plans to roll out code signing, which will help beef up the security of open source projects.

A Phone Carrier That Doesn’t Track Your Browsing or Location

The new Pretty Good Phone Privacy service for Android hides the data linking you to your mobile device.

A Slack Bug Exposed Some Users’ Hashed Passwords for 5 Years

The exposure of cryptographically scrambled passwords isn’t a worst-case scenario—but it isn’t great, either.

An Attack on Albanian Government Suggests New Iranian Aggression

A Tehran-linked hack of a NATO member marks a significant escalation against the backdrop of US-Iran nuclear talks.

The Microsoft Team Racing to Catch Bugs Before They Happen

What's it like to be responsible for a billion people's digital security? Just ask the company's Morse researchers.

Bitcoin Fog Case Could Put Cryptocurrency Tracing on Trial

Roman Sterlingov, accused of laundering $336 million, is proclaiming his innocence—and challenging a key investigative tool.

The January 6 Secret Service Text Scandal Turns Criminal

Plus: The FCC cracks down on car warranty robocalls, Thai activists get targeted by NSO's Pegasus, and the Russia-Ukraine cyberwar continues.

The 2022 US Midterm Elections' Top Security Issue: Death Threats

While cybersecurity and foreign meddling remain priorities, domestic threats against election workers have risen to the top of the list.

Instagram Slow to Tackle Bots Targeting Iranian Women’s Groups

Despite alerting Meta months ago, feminist groups say tens of thousands of fake accounts continue to bombard them on the platform.

A New Attack Can Unmask Anonymous Users on Any Major Browser

Researchers have found a way to use the web's basic functions to identify who visits a site—without the user detecting the hack.

Chinese Police Exposed 1B People's Data in Unprecedented Leak

Plus: A duplicitous bug bounty scheme, the iPhone's new “lockdown mode,” and more of the week's top security news.