How a Right-Wing Controversy Could Sabotage US Election Security

Republicans who run elections are split over whether to keep working with the Cybersecurity and Infrastructure Security Agency to fight hackers, online falsehoods, and polling-place threats.

A Mysterious Leak Exposed Chinese Hacking Secrets

Plus: Scammers try to dupe Apple with 5,000 fake iPhones, Avast gets fined for selling browsing data, and researchers figure out how to clone fingerprints from your phone screen.

Apple iOS 17.4: iMessage Gets Post-Quantum Encryption in New Update

Useful quantum computers aren’t a reality—yet. But in one of the biggest deployments of post-quantum encryption so far, Apple is bringing the technology to iMessage.

Anne Neuberger, a Top White House Cyber Official, Sees the 'Promise and Peril' in AI

Anne Neuberger, the Biden administration’s deputy national security adviser for cyber, tells WIRED about emerging cybersecurity threats—and what the US plans to do about them.

How to Not Get Scammed Out of $50,000

Plus: State-backed hackers test out generative AI, the US takes down a major Russian military botnet, and 100 hospitals in Romania go offline amid a major ransomware attack.

The Hidden Injustice of Cyberattacks

Cyberattacks and criminal scams can impact anyone. But communities of color and other marginalized groups are often disproportionately impacted and lack the support to better protect themselves.

How 3 Million ‘Hacked’ Toothbrushes Became a Cyber Urban Legend

Plus: China’s Volt Typhoon hackers lurked in US systems for years, the Biden administration’s crackdown on spyware vendors ramps up, and a new pro-Beijing disinformation campaign gets exposed.

I Stopped Using Passwords. It's Great—and a Total Mess

Passkeys are here to replace passwords. When they work, it’s a seamless vision of the future. But don’t ditch your old logins just yet.

Ransomware Payments Hit a Record $1.1 Billion in 2023

After a slowdown in payments to ransomware gangs in 2022, last year saw total ransom payouts jump to their highest level yet, according to a new report from crypto-tracing firm Chainalysis.

The Mystery of the $400 Million FTX Heist May Have Been Solved

An indictment against three Americans suggests that at least some of the culprits behind the theft of an FTX crypto fortune may be in custody.

A Startup Allegedly ‘Hacked the World.’ Then Came the Censorship—and Now the Backlash

A loose coalition of anti-censorship voices is working to highlight reports of one Indian company’s hacker-for-hire past—and the legal threats aimed at making them disappear.

Apple and Google Just Patched Their First Zero-Day Flaws of the Year

Plus: Google fixes dozens of Android bugs, Microsoft rolls out nearly 50 patches, Mozilla squashes 15 Firefox flaws, and more.

Big-Name Targets Push Midnight Blizzard Hacking Spree Back Into the Limelight

Newly disclosed breaches of Microsoft and Hewlett-Packard Enterprise highlight the persistent threat posed by Midnight Blizzard, a notorious Russian cyber-espionage group.

How a Group of Israel-Linked Hackers Has Pushed the Limits of Cyberwar

From repeatedly crippling thousands of gas stations to setting a steel mill on fire, Predatory Sparrow’s offensive hacking has now targeted Iranians with some of history's most aggressive cyberattacks.

Notorious Spyware Maker NSO Group Is Quietly Plotting a Comeback

NSO Group, creator of the infamous Pegasus spyware, is spending millions on lobbying in Washington while taking advantage of the crisis in Gaza to paint itself as essential for global security.

US Agencies Urged to Patch Ivanti VPNs That Are Actively Being Hacked

Plus: Microsoft says attackers accessed employee emails, Walmart fails to stop gift card fraud, “pig butchering” scams fuel violence in Myanmar, and more.

MFA Spamming and Fatigue: When Security Measures Go Wrong

In today's digital landscape, traditional password-only authentication systems have proven to be vulnerable to a wide range of cyberattacks. To safeguard critical business resources, organizations are increasingly turning to multi-factor authentication (MFA) as a more robust security measure. MFA requires users to provide multiple authentication factors to verify their identity, providing an

A Flaw in Millions of Apple, AMD, and Qualcomm GPUs Could Expose AI Data

Patching every device affected by the LeftoverLocals vulnerability—which includes some iPhones, iPads, and Macs—may prove difficult.

A Bloody Pig Mask Is Just Part of a Wild New Criminal Charge Against eBay

Plus: Chinese officials tracked people using AirDrop, Stuxnet mole’s identity revealed, AI chatbot hacking, and more.

How to Stop Your X Account From Getting Hacked Like the SEC's

The US Securities and Exchange Commission and security firm Mandiant both had their X accounts breached, possibly due to changes to X’s two-factor authentication settings. Here’s how to fix yours.

The SEC’s Official X Account Was ‘Compromised’ and Used to Post Fake Bitcoin News

The US financial regulator says its official @SECGov account was “compromised,” resulting in an “unauthorized” post about the status of Bitcoin ETFs.

23andMe Blames Users for Recent Data Breach as It's Hit With Dozens of Lawsuits

Plus: Russia hacks surveillance cameras as new details emerge of its attack on a Ukrainian telecom, a Google contractor pays for videos of kids to train AI, and more.

What It’s Like to Use Apple’s Lockdown Mode

If you're at high risk of being targeted by mercenary spyware, or just don't mind losing iOS features for extra security, the company's restricted mode is surprisingly usable.

Google Fixes Nearly 100 Android Security Issues

Plus: Apple shuts down a Flipper Zero Attack, Microsoft patches more than 30 vulnerabilities, and more critical updates for the last month of 2023.

The Worst Hacks of 2023

It was a year of devastating cyberattacks around the globe, from ransomware attacks on casinos to state-sponsored breaches of critical infrastructure.

The Most Dangerous People on the Internet in 2023

From Sam Altman and Elon Musk to ransomware gangs and state-backed hackers, these are the individuals and groups that spent this year disrupting the world we know it.

Facebook Marketplace Is Being Ruined by Zelle Scammers

I tried to sell a futon on Facebook Marketplace and nearly all I got were scammers.

A Major Ransomware Takedown Suffers a Strange Setback

After an 18-month rampage, global law enforcement finally moved against the notorious Alphv/BlackCat ransomware group. Within hours, the operation faced obstacles.

Google Just Denied Cops a Key Surveillance Tool

Plus: Apple tightens anti-theft protections, Chinese hackers penetrate US critical infrastructure, and the long-running rumor of eavesdropping phones crystallizes into more than an urban legend.

McDonald’s Ice Cream Machine Hackers Say They Found the ‘Smoking Gun’ That Killed Their Startup

Kytch, the company that tried to fix McDonald’s broken ice cream machines, has unearthed a 3-year-old email it says proves claims of an alleged plot to undermine their business.

Microsoft’s Digital Crime Unit Goes Deep on How It Disrupts Cybercrime

Ten years in, Microsoft’s DCU has honed its strategy of using both unique legal tactics and the company’s technical reach to disrupt global cybercrime and state-backed actors.

Hacker Group Linked to Russian Military Claims Credit for Cyberattack on Kyivstar

A hacker group calling itself Solntsepek—previously linked to Russia’s notorious Sandworm hackers—says it carried out a disruptive breach of Kyivstar, a major Ukrainian mobile and internet provider.

The 23andMe Data Breach Keeps Spiraling

23andMe has provided more information about the scope and scale of its recent breach, but with these details come more unanswered questions.

A New Trick Uses AI to Jailbreak AI Models—Including GPT-4

Adversarial algorithms can systematically probe large language models like OpenAI’s GPT-4 for weaknesses that can make them misbehave.

ChatGPT Spit Out Sensitive Data When Told to Repeat ‘Poem’ Forever

Plus: A major ransomware crackdown, the arrest of Ukraine’s cybersecurity chief, and a hack-for-hire entrepreneur charged with attempted murder.

Google Fixes a Seventh Zero-Day Flaw in Chrome—Update Now

Plus: Major security patches from Microsoft, Mozilla, Atlassian, Cisco, and more.

North Korea's Lazarus Group Rakes in $3 Billion from Cryptocurrency Hacks

Threat actors from the Democratic People's Republic of Korea (DPRK) are increasingly targeting the cryptocurrency sector as a major revenue generation mechanism since at least 2017 to get around sanctions imposed against the country. "Even though movement in and out of and within the country is heavily restricted, and its general population is isolated from the rest of the world, the

Okta Breach Impacted All Customer Support Users—Not 1 Percent

Okta upped its original estimate of customer support users affected by a recent breach from 1 percent to 100 percent, citing a “discrepancy.”

OpenAI’s Custom Chatbots Are Leaking Their Secrets

Released earlier this month, OpenAI’s GPTs let anyone create custom chatbots. But some of the data they’re built on is easily exposed.

Cybersecurity Industry Baffled by FBI’s Lack of Action on Ransomware Gang

Plus: Hackers reveal flaws in crypto wallets holding $1 billion, a massive breach of Danish electric utilities, and more.

Inside the Race to Secure the F1 Las Vegas Grand Prix

Beyond the blinding speeds and sharp turns on new terrain, the teams at this weekend’s big F1 race are preparing for another kind of danger.

A Spy Agency Leaked People's Data Online—Then the Data Was Stolen

The National Telecommunication Monitoring Center in Bangladesh exposed a database to the open web. The types of data leaked online are extensive.

Google’s New Titan Security Key Adds Another Piece to the Password-Killing Puzzle

The new generation of hardware authentication key includes support for cryptographic passkeys as Google pushes adoption of the more secure login alternative.

CISA Has a New Road Map for Handling Weaponized AI

In its plans to implement a White House executive order, CISA aims to strike a balance between promoting AI adoption for national security and defending against its malicious use.

The Mirai Confessions: Three Young Hackers Who Built a Web-Killing Monster Finally Tell Their Story

Netflix, Spotify, Twitter, PayPal, Slack. All down for millions of people. How a group of teen friends plunged into an underworld of cybercrime and broke the internet—then went to work for the FBI.

Sandworm Hackers Caused Another Blackout in Ukraine—During a Missile Strike

Russia's most notorious military hackers successfully sabotaged Ukraine's power grid for the third time last year. And in this case, the blackout coincided with a physical attack.

This Cheap Hacking Device Can Crash Your iPhone With Pop-Ups

Plus: SolarWinds is charged with fraud, New Orleans police face recognition has flaws, and new details about Okta’s October data breach emerge.

Microsoft Does Damage Control With Its New 'Secure Future Initiative'

Following a string of serious security incidents, Microsoft says it has a plan to deal with escalating threats from cybercriminals and state-backed hackers.

This Cryptomining Tool Is Stealing Secrets

Plus: Details emerge of a US government social media-scanning tool that flags “derogatory” speech, and researchers find vulnerabilities in the global mobile communications network.

Okta's Latest Security Breach Is Haunted by the Ghost of Incidents Past

A recent breach of authentication giant Okta has impacted nearly 200 of its clients. But repeated incidents and the company’s delayed disclosure have security experts calling foul.

They Cracked the Code to a Locked USB Drive Worth $235 Million in Bitcoin. Then It Got Weird

Stefan Thomas lost the password to an encrypted USB drive holding 7,002 bitcoins. One team of hackers believes they can unlock it—if they can get Thomas to let them.

The 23andMe User Data Leak May Be Far Worse Than Believed

Plus: IT workers secretly funnel money to North Korea, a court in the US upholds keyword search warrants, and WhatsApp gets a passwordless upgrade on Android

HTTP/2 Rapid Reset: A New Protocol Vulnerability Will Haunt the Web for Years

Dubbed “HTTP/2 Rapid Reset,” the flaw requires issuing patches to virtually every web server around the world before the problem can be eradicated.

New Clues Suggest Stolen FTX Funds Went to Russia-Linked Money Launderers

Whoever looted FTX on the day of its bankruptcy has now moved the stolen money through a long string of intermediaries—and eventually some that look Russian in origin.

Activist Hackers Are Racing Into the Israel-Hamas War—for Both Sides

Since the conflict escalated, hackers have targeted dozens of government websites and media outlets with defacements and DDoS attacks, and attempted to overload targets with junk traffic to bring them down.

Inside FTX’s All-Night Race to Stop a $1 Billion Crypto Heist

The same chaotic day FTX declared bankruptcy, someone began stealing hundreds of millions of dollars from its coffers. A WIRED investigation reveals the company’s “very crazy night” trying to stop them.

Apple's Encryption Is Under Attack by a Mysterious Group

Plus: Sony confirms a breach of its networks, US federal agents get caught illegally using phone location data, and more.

23andMe User Data Stolen in Targeted Attack on Ashkenazi Jews

At least a million data points from 23andMe accounts appear to have been exposed on BreachForums. While the scale of the campaign is unknown, 23andMe says it's working to verify the data.

Your Cheap Android TV Streaming Box May Have a Dangerous Backdoor

New research has found that some streaming devices and dozens of Android and iOS apps are secretly being used for fraud and other cybercrime.

The Biggest Hack of 2023 Keeps Getting Bigger

Victims of the MOVEit breach continue to come forward. But the full scale of the attack is still unknown.