Security

Web portal leaves kids’ chats with AI toy open to anyone with Gmail account

Just about anyone with a Gmail account could access Bondu chat transcripts.

WIRED – 1/30/2026 | 36

Three-story courthouse with corner gables.

County pays $600,000 to pentesters it arrested for assessing courthouse security

Settlement comes more than 6 years after Gary DeMercurio and Justin Wynn’s ordeal began.

Dan Goodin – 1/29/2026 | 88

Ethernet cables accompanies by an exclamation points inside a triangle.

Site catering to online criminals has been seized by the FBI

One of the last holdouts for ransomware discussions, RAMP is taken down.

Dan Goodin – 1/28/2026 | 39

Broken handset on a floor with pixel details.

There’s a rash of scam spam coming from a real Microsoft address

Abusing Microsoft’s reputation may make scam harder to spot.

Dan Goodin – 1/27/2026 | 49

Why has Microsoft been routing example.com traffic to a company in Japan?

Company’s autodiscover caused users’ test credentials to be sent outside Microsoft networks.

Dan Goodin – 1/26/2026 | 70

A laptop PC running Windows 11 sitting next to a coffee mug.

How to encrypt your PC’s disk without giving the keys to Microsoft

Storing recovery keys with Microsoft allows the company to unlock your disk.

Andrew Cunningham – 1/26/2026 | 156

Poland’s energy grid was targeted by never-before-seen wiper malware

Destructive payload unleashed on tenth anniversary of Russia’s attack on Ukraine’s grid.

Dan Goodin – 1/24/2026 | 185

Ai chatbot vomiting misinformation and synthetic data.

Overrun with AI slop, cURL scraps bug bounties to ensure “intact mental health”

The onslaught includes LLMs finding bogus vulnerabilities and code that won’t compile.

Dan Goodin – 1/22/2026 | 90

Person wearing a hoodie whose face is not visible sitting in front of a laptop in a dark room.

Hacker who stole 120,000 bitcoins wants a second chance—and a security job

Crypto theft was “the worst thing I had ever done.”

Cyrus Farivar – 1/22/2026 | 65

Digital generated image of abstract smartphone stylized as mousetrap surrounded by multicoloured social message chat icons.

Millions of people imperiled through sign-in links sent by SMS

Even well-known services with millions of users are exposing sensitive data.

Dan Goodin – 1/21/2026 | 70

Mandiant releases rainbow table that cracks weak admin password in 12 hours

Windows laggards still using the vulnerable hashing function: Your days are numbered.

Dan Goodin – 1/16/2026 | 24

Red Electric Power Plug Adn cable forming a chart on blue background. Increase to electricity prices concept.

Why I’m withholding certainty that “precise” US cyber-op disrupted Venezuelan electricity

NYT says US hackers were able to turn off power and then quickly turn it back on.

Dan Goodin – 1/15/2026 | 72

Pixel Buds Pro 2 in hand

Many Bluetooth devices with Google Fast Pair vulnerable to “WhisperPair” hack

Even Google’s own earbuds are vulnerable to the Fast Pair hack.

Ryan Whitwam – 1/15/2026 | 41

A single click mounted a covert, multistage attack against Copilot

Exploit exfiltrating data from chat histories worked even after users closed chat windows.

Dan Goodin – 1/14/2026 | 69

US gov’t: House sysadmin stole 200 phones, caught by House IT desk

Scheme allegedly cost taxpayers $150,000.

Nate Anderson – 1/14/2026 | 65

Never-before-seen Linux malware is “far more advanced than typical”

VoidLink includes an unusually broad and advanced array of capabilities.

Dan Goodin – 1/13/2026 | 48

Signal creator Moxie Marlinspike wants to do for AI what he did for messaging

Introducing Confer, an end-to-end AI assistant that just works.

Dan Goodin – 1/13/2026 | 113

Rocket Report: A new super-heavy launch site in California; 2025 year in review

SpaceX opened its 2026 launch campaign with a mission for the Italian government.

Stephen Clark – 1/9/2026 | 196

Trojan horse on top of blocks of hexadecimal programming codes. Illustration of the concept of online hacking, computer spyware, malware and ransomware.

Michigan man learns the hard way that “catch a cheater” spyware apps aren’t legal

Spying doesn’t become legal just because “cheaters” are the targets.

Nate Anderson – 1/8/2026 | 166

Female hand holding smartphone showing an evil with devil horn on her AI chatbot conversation app in the city. Illustrating the ideas around the risks and dangers of Artificial Intelligence (AI).

ChatGPT falls to new data-pilfering attack as a vicious cycle in AI continues

Will LLMs ever be able to stamp out the root cause of these attacks? Possibly not.

Dan Goodin – 1/8/2026 | 65

The nation’s strictest privacy law just took effect, to data brokers’ chagrin

Californians can now submit demands requiring 500 brokers to delete their data.

Dan Goodin – 1/5/2026 | 98

Supply chains, AI, and the cloud: The biggest failures (and one success) of 2025

The past year has seen plenty of hacks and outages. Here are the ones topping the list.

Dan Goodin – 12/31/2025 | 17

Browser extensions with 8 million users collect extended AI conversations

The extensions, available for Chromium browsers, harvest full AI conversations over months.

Dan Goodin – 12/17/2025 | 75

Microsoft will finally kill obsolete cipher that has wreaked decades of havoc

The weak RC4 for administrative authentication has been a hacker holy grail for decades.

Dan Goodin – 12/15/2025 | 64

Admins and defenders gird themselves against maximum-severity server vuln

Open source React executes malicious code with malformed HTML—no authentication needed.

Dan Goodin – 12/3/2025 | 83

Fraudulent gambling network may actually be something more nefarious

Researchers say there’s more to the network, which has operated for 14 years.

Dan Goodin – 12/3/2025 | 19

Finger touching digital screen of a CO2 monitor to measure indoor air quality and carbon dioxide concentration. Composite image between a hand photography and a 3D background.

This hacker conference installed a literal antivirus monitoring system

Organizers had a way for attendees to track CO₂ levels throughout the venue—even before they arrived.

WIRED – 11/22/2025 | 104

Stylized illustration of key.

Oops. Cryptographers cancel election results after losing decryption key.

Voting system required three keys. One of them has been “irretrievably lost.”

Dan Goodin – 11/21/2025 | 181

Ethernet ports on an Asus router.

How to know if your Asus router is one of thousands hacked by China-state hackers

So far, the hackers are laying low, likely for later use.

Dan Goodin – 11/21/2025 | 99

Critics scoff after Microsoft warns AI feature can infect machines and pilfer data

Integration of Copilot Actions into Windows is off by default, but for how long?

Dan Goodin – 11/19/2025 | 69

purple bitcoin symbol with data chips

Bonkers Bitcoin heist: 5-star hotels, cash-filled envelopes, vanishing funds

Bitcoin mining hardware exec falls for sophisticated crypto scam to tune of $200k

WIRED – 11/18/2025 | 76

5 plead guilty to laptop farm and ID theft scheme to land North Koreans US IT jobs

Fleets of laptops run from US residences gave appearance workers were in the US.

Dan Goodin – 11/17/2025 | 43

An "AI" balloon floating close to a sharp, upturned push pin.

Researchers question Anthropic claim that AI-assisted attack was 90% autonomous

The results of AI-assisted hacking aren’t as impressive as many might have us believe.

Dan Goodin – 11/14/2025 | 84

A stylized skull and crossbones made out of ones and zeroes.

ClickFix may be the biggest security threat your family has never heard of

Relatively new technique can bypass many endpoint protections.

Dan Goodin – 11/11/2025 | 181

Samsung Galaxy Z Fold 7 hinge macro

Commercial spyware “Landfall” ran rampant on Samsung phones for almost a year

Targeted attack could steal all of a phone’s data and activate camera or mic.

Ryan Whitwam – 11/7/2025 | 68

How to trade your $214,000 cybersecurity job for a jail cell

Ransomware doesn’t pay what it used to.

Nate Anderson – 11/7/2025 | 68