Bug bounty businesses bombarded with AI slop
“Never-ending” AI slop strains corporate hacking reward schemes.
Financial Times
–
|
80
Security
Zero-day exploit completely defeats default Windows 11 BitLocker protections
It’s not entirely clear how the exploit works. Microsoft says it’s investigating.
Dan Goodin
–
|
59
Linux bitten by second severe vulnerability in as many weeks
Production-version patches are coming online and should be installed pronto.
Dan Goodin
–
|
93
Chaos erupts as cyberattack disrupts learning platform Canvas amid finals
Across the country, schools and colleges postpone year-end tests.
Dan Goodin
–
|
93
Mozilla says 271 vulnerabilities found by Mythos have “almost no false positives”
The developer of Firefox says it has “completely bought in” on AI-assisted bug discovery.
Dan Goodin
–
|
138
Widely used Daemon Tools disk app backdoored in monthlong supply-chain attack
Daemon Tools users: It’s time to check your machines for stealthy infections, stat.
Dan Goodin
–
|
63
Ubuntu infrastructure has been down for more than a day
The outage has hampered communication concerning a critical vulnerability that gives root.
Dan Goodin
–
|
76
GPT-5.5 matches heavily hyped Mythos Preview in new cybersecurity tests
New results suggest Mythos’ cyber threat isn’t “a breakthrough specific to one model.”
Kyle Orland
–
|
163
Most Read
The most severe Linux threat to surface in years catches the world flat-footed
CopyFail threatens multi-tenant servers, CI/CD work flows, Kubernetes containers, and more.
Dan Goodin
–
|
162
Why a recent supply-chain attack singled out security firms Checkmarx and Bitwarden
Security firms find themselves especially exposed.
Dan Goodin
–
|
20
Open source package with 1 million monthly downloads stole user credentials
If you’re one of millions using element-data, it’s time to check for compromise.
Dan Goodin
–
|
33
Why are top university websites serving porn? It comes down to shoddy housekeeping.
Hundreds of subdomains from dozens of universities have been hijacked by scammers.
Dan Goodin
–
|
67
In a first, a ransomware family is confirmed to be quantum-safe
Technically speaking, there’s no practical benefit to use PQC. So why is it being used?
Dan Goodin
–
|
19
Crypto scam lures ships into Strait of Hormuz, falsely promising safe passage
Ship attacked by Iran after possibly falling for safe passage crypto scam.
Jeremy Hsu
–
|
171
Microsoft issues emergency update for macOS and Linux ASP.NET threat
When authentication fails, things can go very, very wrong.
Dan Goodin
–
|
25
Mozilla: Anthropic’s Mythos found 271 security vulnerabilities in Firefox 150
CTO says new AI model is “every bit as capable” as world’s best security researchers.
Kyle Orland
–
|
212
Contrary to popular superstition, AES 128 is just fine in a post-quantum world
A stubborn misconception is hampering the already hard work of quantum readiness.
Dan Goodin
–
|
79
US-sanctioned currency exchange says $15 million heist done by “unfriendly states”
Grinex says needed hacking resources “available exclusively to… unfriendly states.”
Dan Goodin
–
|
78
Recent advances push Big Tech closer to the Q-Day danger zone
Here’s which players are winning the race to transition to post-quantum crypto.
Dan Goodin
–
|
69
“TotalRecall Reloaded” tool finds a side entrance to Windows 11’s Recall database
“The vault is solid. The delivery truck is not.”
Andrew Cunningham
–
|
113
UK gov’s Mythos AI tests help separate cybersecurity threat from hype
New model is the first AI system to complete a difficult multistep infiltration challenge.
Kyle Orland
–
|
54
Iran-linked hackers disrupt operations at US critical infrastructure sites
As the US and Israel’s war has ramped up, so too have hacks on US industrial sites.
Dan Goodin
–
|
90
Thousands of consumer routers hacked by Russia’s military
End-of-life routers in homes and small offices hacked in 120 countries.
Dan Goodin
–
|
101
CBP facility codes sure seem to have leaked via online flashcards
Quizlet flashcards seem to include sensitive information about gate security at CBP locations.
WIRED
–
|
106
OpenClaw gives users yet another reason to be freaked out about security
The viral AI agentic tool let attackers silently gain admin unauthenticated access.
Dan Goodin
–
|
85
New Rowhammer attacks give complete control of machines running Nvidia GPUs
GDDRHammer, GeForge and GPUBreach hammer GPU memory in ways that hijack the CPU.
Dan Goodin
–
|
48
Quantum computers need vastly fewer resources than thought to break vital encryption
No, the sky isn’t falling, but Q Day is coming, and it won’t be as expensive as thought.
Dan Goodin
–
|
39
Iran’s hackers are on the offensive against the US and Israel
Tehran hopes to stoke fear and extract intel in a series of cyber attacks.
Financial Times
–
|
66
Internet Yiff Machine: We hacked 93GB of “anonymous” crime tips
Ultra-sensitive data may have been hacked.
Nate Anderson
–
|
68
Google bumps up Q Day deadline to 2029, far sooner than previously thought
Company warns entire industry to move off RSA and EC more quickly.
Dan Goodin
–
|
51
Self-propagating malware poisons open source software and wipes Iran-based machines
Development houses: It’s time to check your networks for infections.
Dan Goodin
–
|
51
After hackers hit an Iowa company, cars around the country failed to start
If you don’t calibrate your interlock in time, your vehicle is dead.
Nate Anderson
–
|
183
Widely used Trivy scanner compromised in ongoing supply-chain attack
Admins: Sorry to say, but it’s likely a rotate-your-secrets kind of weekend.
Dan Goodin
–
|
30
Millions of iPhones can be hacked with a new tool found in the wild
DarkSword, a powerful iPhone-hacking technique, has been discovered in use by Russian hackers.
WIRED
–
|
82
Google details new 24-hour process to sideload unverified Android apps
The “advanced flow” will be available before verification enforcement begins later this year.
Ryan Whitwam
–
|
149
How World ID wants to put a unique human identity on every AI agent
Iris scan-backed tokens could help stop agent swarms from overwhelming online systems.
Kyle Orland
–
|
82
