AI Code Hallucinations Increase the Risk of ‘Package Confusion’ Attacks

A new study found that code generated by AI is more likely to contain made-up information that can be used to trick software into interacting with malicious code.

Microsoft’s Recall AI Tool Is Making an Unwelcome Return

Microsoft held off on releasing the privacy-unfriendly feature after a swell of pushback last year. Now it’s trying again, with a few improvements that skeptics say still aren't enough.

Cybersecurity Professor Mysteriously Disappears as FBI Raids His Homes

Xiaofeng Wang, a longtime computer science professor at Indiana University, has disappeared along with his wife, and their profiles on the school's website were wiped ahead of recent FBI raids.

A Brand-New Botnet Is Delivering Record-Size DDoS Attacks

Eleven11bot infects webcams and video recorders, with a large concentration in the US.

A Mysterious Hacking Group Has 2 New Tools to Steal Data From Air-Gapped Machines

It's hard enough creating one air-gap-jumping tool. Researchers say the group GoldenJackal did it twice in five years.

Stealthy Malware Has Infected Thousands of Linux Systems for Years

Perfctl malware is hard to detect, persists after reboots, and can perform a breadth of malicious activities.

YubiKeys Are a Security Gold Standard—but They Can Be Cloned

Security researchers have discovered a cryptographic flaw that leaves the YubiKey 5 vulnerable to attack.

‘TunnelVision’ Attack Leaves Nearly All VPNs Vulnerable to Spying

TunnelVision is an attack developed by researchers that can expose VPN traffic to snooping or tampering.

The XZ Backdoor: Everything You Need to Know

Details are starting to emerge about a stunning supply chain attack that sent the open source software community reeling.