Kaspersky Says New Zero-Day Malware Hit iPhones—Including Its Own

On the same day, Russia’s FSB intelligence service launched wild claims of NSA and Apple hacking thousands of Russians.

Netflix’s Password-Sharing Crackdown Has Hit the US

TikTok user data is exposed to Chinese ByteDance employees, a screen recording app goes rogue in Google Play, and privacy groups want Slack to expand encryption.

Bcrypt, a Popular Password Hashing Algorithm, Starts Its Long Goodbye

The coinventor of “bcrypt” is reflecting on the ubiquitous function’s 25 years and channeling cybersecurity’s core themes into electronic dance music.

China Hacks US Critical Networks in Guam, Raising Cyberwar Fears

Researchers say the state-sponsored espionage operation may also lay the groundwork for disruptive cyberattacks.

There’s Finally a Way to Improve Cloud Container Registry Security

“Container registries” are ubiquitous software clearinghouses, but they’ve been exposed for years. Chainguard says it now has a solution.

Leaked EU Document Shows Spain Wants to Ban End-to-End Encryption

In response to an EU proposal to scan private messages for illegal material, the country's officials said it is “imperative that we have access to the data.”

The Real Risks in Google’s New .Zip and .Mov Domains

While the company’s new top-level domains could be used in phishing attacks, security researchers are divided on how big of a problem they really pose.

A Mysterious Group Has Ties to 15 Years of Ukraine-Russia Hacks

Kaspersky researchers have uncovered clues that further illuminate the hackers’ activities, which appear to have begun far earlier than originally believed.

ChatGPT Scams Are Infiltrating Apple's App Store and Google Play

An explosion of interest in OpenAI’s sophisticated chatbot means a proliferation of “fleeceware” apps that trick users with sneaky in-app subscriptions.

A Mysterious New Hacker Group, Red Stinger, Is Lurking in Ukraine’s Cyberspace

The unidentified attackers have targeted people on both sides of Russia’s war against Ukraine, carrying out espionage operations that suggest state funding.

Google Is Rolling Out Passkeys, the Password-Killing Tech, to All Accounts

The tech industry’s transition to passkeys gets its first massive boost with the launch of the alternative login scheme for Google’s billions of users.

Meta Moves to Counter New Malware and Repeat Account Takeovers

The company is adding new tools as bad actors use ChatGPT-themed lures and mask their infrastructure in an attempt to trick victims and elude defenders.

NSA Cybersecurity Director Says ‘Buckle Up’ for Generative AI

The security issues raised by ChatGPT and similar tech are just beginning to emerge, but Rob Joyce says it’s time to prepare for what comes next.

A Security Team Is Turning This Malware Gang’s Tricks Against It

The cybercriminals behind the Gootloader malware have found clever ways to avoid detection. But researchers are using those same mechanisms to stop them.

Intel Let Google Cloud Hack Its New Secure Chips and Found 10 Bugs

To protect its Confidential Computing cloud infrastructure and gain critical insights, Google leans on its relationships with chipmakers.

The War on Passwords Enters a Chaotic New Phase

The transition from traditional logins to cryptographic passkeys is getting messy. But don’t worry—there’s a plan.

Used Routers Often Come Loaded With Corporate Secrets

More than half of the enterprise routers researchers bought secondhand hadn’t been wiped, exposing sensitive info like login credentials and customer data.

Apple’s Macs Have Long Escaped Ransomware. That May Be Changing

The discovery of malicious encryptors for Apple computers could herald new risks for macOS users if the malware continues to evolve.

Montana’s Looming TikTok Ban Is a Dangerous Tipping Point

The state is poised to be the first in the US to block downloads of the popular app, which could ignite a precarious chain reaction for digital rights.

Leaked Pentagon Documents May Herald a New Era of Revelations

The bizarre release of sensitive US government materials soon after their creation signals a potential shift to near-real-time unauthorized disclosures.

LinkedIn Verification Now Lets You Verify Your Job and Account

To beat back fake accounts, the professional social network is rolling out new tools to prove you work where you say you do and are who you say you are.

Pinduoduo, a Top Chinese Shopping App, Is Laced With Malware

Plus: 119 arrested during a sting on the Genesis dark-web market, the IRS aims to buy an online mass surveillance tool, and more.

Mullvad VPN and Tor Project Create New Privacy-Focused Mullvad Browser

Mullvad Browser, a collaboration between the nonprofit and Mullvad VPN, offers an anti-tracking browser designed to be used with a VPN.

The US Is Sending Money to Countries Devastated by Cyberattacks

The White House is providing $25 million to Costa Rica, after giving Albania similar aid following aggression by hackers linked to Iran.

Microsoft's ‘Security Copilot’ Sics ChatGPT on Security Breaches

The new tool aims to deliver the network insights and coordination that “AI” security systems have long promised.

India Shut Down Mobile Internet in Punjab Amid Manhunt for Amritpal Singh

Plus: The “Clop” gang's ransomware spree, the DC Health Link breach comes into focus, and more.

Bug in Google Markup, Windows Photo-Cropping Tools Exposes Removed Image Data

Image-editing tools from Google and Microsoft contain the “aCropalypse” bug, which can reveal information users intentionally removed.

AI-Generated Voice Deepfakes Aren’t Scary Good—Yet

The threat of scammers using voice deepfakes in their cons is real, but researchers say old-school voice-impersonation attacks are still the more pressing concern.

Ransomware Attacks Have Entered a ‘Heinous’ New Phase

With victims refusing to pay, cybercriminal gangs are now releasing stolen photos of cancer patients and sensitive student records.

How a Catholic Group Doxed Gay Priests

Plus: A data breach exposes Washington, Ring camera footage has a new problem, and the George Santos scandal slips into the world of cybercrime.

‘Pig Butchering’ Scams Are Now a $3 Billion Threat

The FBI’s latest Internet Crime Report highlights the stunning rise of investment-themed crimes over the past 18 months.

The LastPass Hack Somehow Gets Worse

Plus: The US Marshals disclose a “major” cybersecurity incident, T-Mobile has gotten pwned so much, and more.

The High-Stakes Blame Game in the White House Cybersecurity Plan

The Biden administration’s new strategy would shift the liability for security failures to a controversial target: the companies that caused them.

You Can’t Trust App Developers’ Privacy Claims on Google Play

Mozilla researchers found that apps often provide inaccurate data use disclosures, giving people “a false sense of security.”

Twitter’s Two-Factor Authentication Change ‘Doesn't Make Sense’

The company will soon require users to pay for a Twitter Blue subscription to get sign-in codes via SMS. Security experts are baffled.

Data Breaches: The Complete WIRED Guide

Everything you need to know about the past, present, and future of data security—from Equifax to Yahoo—and the problem with Social Security numbers.

US Border Protection Is Finally Able to Check E-Passport Data

After 16 years, the agency has implemented the software to cryptographically verify digital passport data—and it’s already caught a dozen alleged fraudsters.

The More You Look for Spy Balloons, the More UFOs You’ll Find

No, there’s not a sudden influx of unidentified objects in the skies above the US—but the government is paying closer attention.

Pig Butchering Scams Are Evolving Fast

Investment schemes are ensnaring victims with increasingly compelling narratives and believable tech.

North Korean Hackers Are Attacking US Hospitals

Plus: Deepfake disinformation spotted in the wild, Android privacy problems in China, Reddit gets phished, and more.

Russia’s Ransomware Gangs Are Being Named and Shamed

Members of the Trickbot and Conti cybercrime gangs have been sanctioned in an unprecedented wave of action against the country’s hackers.

Biden’s SOTU: Data Privacy Is Now a Must-Hit US State of the Union Topic

Biden’s speech proves that protecting personal info is no longer a fringe issue. Now, Congress just needs to do something about it.

Googling for Software Downloads Is Extra Risky Right Now

Plus: The FTC cracks down on GoodRx, Microsoft boots “verified” phishing scammers, researchers disclose EV charger vulnerabilities, and more.

The Chinese Spy Balloon Shows the Downsides of Spy Balloons

A popular military tool during the Cold War, spy balloons have since fallen out of favor—for good reason.

Netflix’s US Password-Sharing Crackdown Isn’t Happening—Yet

Accidental revisions to a US Help Center page sparked confusion about the streamer's next moves. But restrictions on account sharing are still coming soon.

The Unrelenting Menace of the LockBit Ransomware Gang

The notorious Russian-speaking cybercriminals grew successful by keeping a low profile. But now they have a target on their backs.

T-Mobile's New Data Breach Shows Its $150 Million Security Investment Isn't Cutting It

The mobile operator just suffered at least its fifth data breach since 2018, despite promising to spend a fortune shoring up its systems.

Welcome to the Era of Internet Blackouts

New research from Cloudflare shows that connectivity disruptions are becoming a problem around the globe, pointing toward a troubling new normal.

Russian Ransomware Gang Attack Destabilizes UK Royal Mail

Plus: Joe Biden’s classified-documents scandal, the end of security support for Windows 7, and more.

A Siemens S7-1500 Logic Controller Flaw Raises the Specter of Stuxnet

More than 120 models of Siemens' S7-1500 PLCs contain a serious vulnerability—and no fix is on the way.

Twitter Data Leak: What the Exposure of 200 Million User Emails Means for You

The exposure of hundreds of millions of email addresses puts pseudonymous users of the social network at risk.

What Is a Pig Butchering Scam?

This type of devastating scheme ensnares victims and takes them for all they’re worth—and the threat is only growing.

The Password Isn’t Dead Yet. You Need a Hardware Key

Any multifactor authentication adds protection, but a physical token is the best bet when it really counts.

The Worst Hacks of 2022

The year was marked by sinister new twists on cybersecurity classics, including phishing, breaches, and ransomware attacks.

LastPass Data Breach: It’s Time to Ditch This Password Manager

The password manager’s most recent data breach is so concerning, users need to take immediate steps to protect themselves.

Iran’s Internet Blackouts Are Sabotaging Its Own Economy

A new US State Department assessment highlights the stark economic toll of Tehran’s recent shutdowns and platform control.

An Alleged Russian Smuggling Ring Was Uncovered in New Hampshire

Plus: An FBI platform got hacked, an ex-Twitter employee is sentenced for espionage, malicious Windows 10 installers circulate in Ukraine, and more.

Meta’s Tricky Quest to Protect Your Account

How do you keep Facebook easy to use without being trivial to exploit? The company is trying to chart a middle ground.

Cuba Ransomware Gang Abused Microsoft Certificates to Sign Malware

The company has taken measures to mitigate the risks, but security researchers warn of a broader threat.

Log4j’s Log4Shell Vulnerability: One Year Later, It’s Still Lurking

Despite mitigation, one of the worst bugs in internet history is still prevalent—and being exploited.