Older AMD, Intel chips vulnerable to data-leaking 'Retbleed' Spectre variant Speculative execution side-channels continue to haunt silicon world Research12 Jul 2022 | 8
How data on a billion people may have leaked from a Chinese police dashboard Record-breaking dump thanks to password-less Kibana endpoint? Research10 Jul 2022 | 24
Someone may be prepping an NPM crypto-mining spree 1,300 packages from 1,000 automated user accounts set the stage for something big Research07 Jul 2022 | 8
Hive ransomware gang rapidly evolves with complex encryption, Rust code RaaS malware devs have been busy bees Research06 Jul 2022 | 3
Near-undetectable malware linked to Russia's Cozy Bear The fun folk who attacked Solar Winds using a poisoned CV and tools from the murky world of commercial hackware Research06 Jul 2022 | 64
Actual quantum computers don't exist yet. The cryptography to defeat them may already be here NIST pushes ahead with CRYSTALS-KYBER, CRYSTALS-Dilithium, FALCON, SPHINCS+ algorithms Research05 Jul 2022 | 42
Pentagon: We'll pay you if you can find a way to hack us DoD puts money behind bug bounty program after reward-free pilot Research05 Jul 2022 | 18
What to do about inherent security flaws in critical infrastructure? Industrial systems' security got 99 problems and CVEs are one. Or more Research03 Jul 2022 | 46
We're now truly in the era of ransomware as pure extortion without the encryption Feature Why screw around with cryptography and keys when just stealing the info is good enough Research25 Jun 2022 | 22
Google: How we tackled this iPhone, Android spyware Watching people's every move and collecting their info – not on our watch, says web ads giant Research24 Jun 2022 | 25
Mega's unbreakable encryption proves to be anything but Boffins devise five attacks to expose private files Research22 Jun 2022 | 39
How refactoring code in Safari's WebKit resurrected 'zombie' security bug Fixed in 2013, reinstated in 2016, exploited in the wild this year Research21 Jun 2022 | 14
CISA and friends raise alarm on critical flaws in industrial equipment, infrastructure Updated Nearly 60 holes found affecting 'more than 30,000' machines worldwide Research21 Jun 2022 | 23
US senators seek ban on sale of health location data With Supreme Court set to overturn Roe v Wade, privacy is key Research17 Jun 2022 | 32
Malaysia-linked DragonForce hacktivists attack Indian targets Just what we needed: a threat to rival Anonymous Research15 Jun 2022 | 5
Unpatched Exchange server, stolen RDP logins... How miscreants get BlackCat ransomware on your network Microsoft details this ransomware-as-a-service Research15 Jun 2022 | 1
Chinese-sponsored gang Gallium upgrades to sneaky PingPull RAT Broadens targets from telecoms to finance and government orgs Research14 Jun 2022 | 2
Symbiote Linux malware spotted – and infections are 'very hard to detect' Performing live forensics on hijacked machine may not turn anything up, warn researchers Research10 Jun 2022 | 21
Apple M1 chip contains hardware vulnerability that bypasses memory defense MIT CSAIL boffins devise PACMAN attack to let existing exploits avoid pointer authentication Research10 Jun 2022 | 9
Emotet malware gang re-emerges with Chrome-based credit card heistware Crimeware groups are re-inventing themselves Research10 Jun 2022 | 5
Chinese 'Aoqin Dragon' gang runs undetected ten-year espionage spree Researcher spots it targeting Asian government and telco targets, probably with Beijing's approval Research10 Jun 2022 | 12
Hardware flaws give Bluetooth chipsets unique fingerprints that can be tracked While this poses a privacy and security threat, an attacker's ability to exploit it may come down to luck Research10 Jun 2022 | 6
Now Windows Follina zero-day exploited to infect PCs with Qbot Data-stealing malware also paired with Black Basta ransomware gang Research09 Jun 2022 | 4
To cut off all nearby phones with these Chinese chips, this is the bug to exploit Android patches incoming for NAS-ty memory overwrite flaw Research03 Jun 2022 | 28
Clipminer rakes in $1.7m in crypto hijacking scam Crooks divert transactions to own wallets while running mining on the side Research03 Jun 2022 | 2
Healthcare organizations face rising ransomware attacks – and are paying up Via their insurance companies, natch Research03 Jun 2022 | 10
Conti spotted working on exploits for Intel Management Engine flaws Don't leave those firmware patches to last Research02 Jun 2022 | 11
Dear Europe, here again are the reasons why scanning devices for unlawful files is not going to fly Antivirus-but-for-pictures would trample rights, not even work as expected, say academics Research02 Jun 2022 | 165
Super-spreader FluBot squashed by Europol Your package is delayed. Click this innocent-looking link to reschedule Research02 Jun 2022 | 5
Watch out for phishing emails that inject spyware trio You wait for one infection and then three come along at once Research01 Jun 2022 | 13
What if ransomware evolved to hit IoT in the enterprise? Proof-of-concept lab work demos potential future threat Research01 Jun 2022 | 6
EnemyBot malware adds enterprise flaws to exploit arsenal Fast-evolving botnet targets critical VMware, F5 BIG-IP bugs, we're told Research01 Jun 2022 | 2
Australian digital driving licenses can be defaced in minutes Brute force attack leaves the license wide open for undetectable alteration, but back end data remains unchanged Research30 May 2022 | 56
This Windows malware uses PowerShell to inject malicious extension into Chrome And that's a bit odd, says Red Canary Research27 May 2022 | 13
How to reprogram Apple AirTags, play custom sounds Voltage glitch here, glitch there, now you can fiddle with location disc's firmware Research27 May 2022 | 5
Ransomware encrypts files, demands three good deeds to restore data Shut up and take ... poor kids to KFC? Research26 May 2022 | 16
Cheers ransomware hits VMware ESXi systems Now we can say extortionware has jumped the shark Research26 May 2022 | 3
Verizon: Ransomware sees biggest jump in five years We're only here for DBIRs Research26 May 2022 | 6
Ex-spymaster and fellow Brexiteers' emails leaked by suspected Russian op A 'Very English Coop (sic) d'Etat' Research26 May 2022 | 166
About half of popular websites tested found vulnerable to account pre-hijacking In detail: Ocean's Eleven-grade ruse in which victims' profiles are rigged from the start Research25 May 2022 | 12
Predator spyware sold with Chrome, Android zero-day exploits to monitor targets Or so says Google after tracking 30+ vendors peddling surveillance malware Research24 May 2022 | 6
It's 2022 and there are still malware-laden PDFs in emails exploiting bugs from 2017 Crafty file names, encrypted malicious code, Office flaws – ah, it's like the Before Times Research24 May 2022 | 23
Microsoft Bing censors politically sensitive Chinese terms Updated Research claims it fails to autofill certain names in Han characters, Microsoft says it's technical error Research20 May 2022 | 22
Hot glare of the spotlight doesn’t slow BlackByte ransomware gang Crew's raids continue worldwide, Talos team warns Research19 May 2022 | 4
Your snoozing iOS 15 iPhone may actually be sleeping with one antenna open No, you're not really gonna be hacked. But you may be surprised Research19 May 2022 | 40
Meet Wizard Spider, the multimillion-dollar gang behind Conti, Ryuk malware Analysis Russia-linked crime-as-a-service crew is rich, professional – and investing in R&D Research18 May 2022 | 3
Pentester pops open Tesla Model 3 using low-cost Bluetooth module Anything that uses proximity-based BLE is vulnerable, claim researchers Research17 May 2022 | 51
Shopping for malware: $260 gets you a password stealer. $90 for a crypto-miner... We take a look at low, low subscription prices – not that we want to give anyone any ideas Research14 May 2022 | 6
Most organizations hit by ransomware would pay up if hit again Nine out of ten organizations would do it all over again, keeping attackers in business Research13 May 2022 | 34
Iran-linked Cobalt Mirage extracts money, info from US orgs – report Khamenei, can you just not? Not right now, fam Research13 May 2022 | 3
Anatomy of a campaign to inject JavaScript into compromised WordPress sites Reverse-engineered code redirects visitors to dodgy corners of the internet Research13 May 2022 | 8
It costs just $7 to rent DCRat to backdoor your network Budget-friendly tool breaks the you-get-what-you-pay-for rule Research09 May 2022 | 10
Security is a pain for American Dental Association: Ransomware infection feared In brief Plus: Another university hit with malware, and more Research02 May 2022 | 5
Facebook's Meta, tracking code, and the student financial aid website Also: Oculus virtual reality apps fail to detail info collection Research30 Apr 2022 | 15
Data-wiper malware strains surge as Ukraine battles ongoing invasion Besides files being erased, another thing being deleted: Any sense this is a coincidence Research29 Apr 2022 | 11
Bumblebee malware loader emerges as Conti's BazarLoader fades At least three threat groups are using the loader in malicious email campaigns Research29 Apr 2022 | 3
Study: How Amazon uses Echo smart speaker conversations to target ads Updated Web giant milks advertisers with data harvested from digital assistant Research27 Apr 2022 | 167
Who is exploiting VMware right now? Probably Iran's Rocket Kitten, to name one We hope you've patched that 9.8/10 severity bug Research26 Apr 2022 | 5
Now Mandiant says 2021 was a record year for exploited zero-day security bugs Now that's a race condition Research23 Apr 2022 | 4
Criminals adopting new methods to bypass improved defenses, says Zscaler PhaaS, SMiShing, and remote work drive increase in phishing attacks Research20 Apr 2022 | 5