Defenders Get A MoonPeak At North Korea's Malware Backbone

How To Manipulate The Execution Flow Of TOCTOU Attacks

Hackers Leak Their Own Operations Through Exposed Telegram Bot API Tokens

The US Government Wants You—Yes, You—to Hunt Down Generative AI Flaws

The AI ethics nonprofit Humane Intelligence and the US National Institute of Standards and Technology are launching a series of contests to get more people probing for problems in generative AI systems.

Deadbeat Dad Faked His Own Death By Hacking Government Databases

Cyberattack Disrupts Microchip Manufacturing Facilities

An AWS Configuration Issue Could Expose Thousands of Web Apps

Amazon has updated its instructions for how customers should more securely implement AWS's traffic-routing service known as Application Load Balancer, but it's not clear everyone will get the memo.

Windows Zero-Day Attack Linked To North Korea's Lazarus APT

National Public Data Says Breach Impacts 1.3 Million People

Bicycles Can Be Hacked Now

Unicoin Hints At Potential Data Meddling After G-Suite Compromise

The Slow-Burn Nightmare of the National Public Data Breach

Social Security numbers, physical addresses, and more—all available online. After months of confusion, leaked information from a background-check firm underscores the long-term risks of data breaches.

SolarWinds Web Help Desk Vulnerability Possibly Exploited As Zero Day

Every American's Social Security Number May Have Been Stolen By Hackers

Researchers Hack Electronic Shifters With A Few Hundred Dollars Of Hardware

Russian Sells Almost 3,000 Logins, Gets 40 Months In Jail

Nearly All Google Pixel Phones Exposed by Unpatched Flaw in Hidden Android App

A fix is coming, but data analytics giant Palantir says it’s ditching Android devices altogether because Google’s response to the vulnerability has been troubling.

A Single Iranian Hacker Group Targeted Both Presidential Campaigns, Google Says

APT42, which is believed to work for Iran’s Revolutionary Guard Corps, targeted about a dozen people associated with both Trump’s and Biden’s campaigns this spring, according to Google’s Threat Analysis Group.

Your Gym Locker May Be Hackable

Security researchers say they’ve extracted digital management keys from select electronic lockers and revealed how they could be cloned.

Want to Win a Bike Race? Hack Your Rival’s Wireless Shifters

Please don’t, actually. But do update your Shimano Di2 shifters’ software to prevent a new radio-based form of cycling sabotage.

Dispossessor Ransomware Group Shut Down By US, EU Authorities

20-Year-Old Hardware Flaw Found In AMD Chips

20-Year-Ol Hardware Flaw Found In AMD Chips

200k Impacted By East Valley Institute Of Technology Data Breach

GPS Spoofers Hack Time On Commercial Airlines

Trump Campaign Says It Has Been Hacked

Thousands of Corporate Secrets Were Left Exposed. This Guy Found Them All

Security researcher Bill Demirkapi found more than 15,000 hardcoded secrets and 66,000 vulnerable websites—all by searching overlooked data sources.

Google Researchers Found Nearly a Dozen Flaws in Popular Qualcomm Software for Mobile GPUs

The vulnerabilities, which have been patched, may have novel appeal to attackers as an avenue to compromising phones.

ATM Software Flaws Left Piles of Cash for Anyone Who Knew to Look

Six vulnerabilities in ATM-maker Diebold Nixdorf’s popular Vynamic Security Suite could have been exploited to control ATMs using “relatively simplistic attacks.”

512-bit RSA Key In Home System Gives Control Of Virtual Power Plant

Paris Olympics Deal With Ransomware Attack

0.0.0.0 Day Browser Flaw Enables Malicious Requests To Local Networks

‘Sinkclose’ Flaw in Hundreds of Millions of AMD Chips Allows Deep, Virtually Unfixable Infections

Researchers warn that a bug in AMD’s chips would allow attackers to root into some of the most privileged portions of a computer—and that it has persisted in the company’s processors for decades.

How Hackers Extracted the ‘Keys to the Kingdom’ to Clone HID Keycards

A team of researchers have developed a method for extracting authentication keys out of HID encoders, which could allow hackers to clone the types of keycards used to secure offices and other areas worldwide.

Computer Crash Reports Are an Untapped Hacker Gold Mine

One hacker solved the CrowdStrike outage mystery with simple crash reports, illustrating the wealth of detail about potential bugs and vulnerabilities those key documents hold.

Tricky Web Timing Attacks Are Getting Easier to Use—and Abuse

New research shows how known techniques for finding weaknesses in websites are actually practical in uncovering vulnerabilities, for better or worse.

Microsoft’s AI Can Be Turned Into an Automated Phishing Machine

Attacks on Microsoft’s Copilot AI allow for answers to be manipulated, data extracted, and security protections bypassed, new research shows.

USPS Text Scammers Duped His Wife, So He Hacked Their Operation

The Smishing Triad network sends up to 100,000 scam texts per day globally. One of those messages went to Grant Smith, who infiltrated their systems and exposed them to US authorities.

A Deep Dive Into CVE-2023-2163: How Google Found And Fixed An eBPF Linux Kernel Vulnerability

Critical Vulnerabilities In 6 AWS Services Disclosed At Black Hat USA

Samsung Boosts Bug Bounty To A Cool Million For Cracks Of The Knox Vault Subsystem

US Offering $10 Million Reward For Iranian ICS Hackers

Watch How a Hacker’s Infrared Laser Can Spy on Your Laptop’s Keystrokes

Hacker Samy Kamkar is debuting his own open source version of a laser microphone—a spy tool that can invisibly pick up the sounds inside your home through a window, and even the text you’re typing.

A Flaw in Windows Update Opens the Door to Zombie Exploits

A researcher found a vulnerability that would let hackers strategically downgrade a target’s Windows version to reexpose patched vulnerabilities. Microsoft is working on fixes for the issue.

Ransomware Attack Cost LoanDepot $27 Million

Inherent Disadvantage: Why Hackers Have The Upper Hand In The Cloud

A New Plan to Break the Cycle of Destructive Critical Infrastructure Hacks

As digital threats against US water, food, health care, and other vital sectors loom large, a new project called UnDisruptable27 aims to help fix cybersecurity weaknesses where other efforts have failed.

Thousands Of Devices Wiped Remotely Following Mobile Guardian Hack

New SLUBStick Attack Makes Linux Kernel Vulnerabilities More Dangerous

Chinese Hackers Deliver Malware Via ISP-Level DNS Poisoning

SnakeKeylogger Slithers Into Windows Inboxes To Steal Secrets

How Project 2025 Would Put US Elections at Risk

Experts say the “nonsensical” policy proposal, which largely aligns with Donald Trump’s agenda, would weaken the US agency tasked with protecting election integrity, critical infrastructure, and more.

US Hands Over Russian Cybercriminals in WSJ Reporter Prisoner Swap

Plus: Meta pays $1.4 million in a historic privacy settlement, Microsoft blames a cyberattack for a major Azure outage, and an artist creates a face recognition system to reveal your NYPD “coppelganger.”

Who Are The Two Major Hackers Russia Just Received In A Prisoner Swap?

Company Paid Record-Breaking $75 Million To Ransomware Group

Black Hat USA 2024, BSidesLV, And DEFCON 32: Your Hacker Summer Camp Guide

A $500 Open Source Tool Lets Anyone Hack Computer Chips With Lasers

The RayV Lite will make it hundreds of times cheaper for anyone to carry out physics-bending feats of hardware hacking.

Spamhaus Is Disappointed With CloudFlare

Hackers Exploit VMware Vulnerability That Gives Them Hypervisor Admin

Acronis Product Vulnerability Exploited In The Wild