DuckDuckGo Isn’t as Private as You Think

Plus: A $150 million Twitter fine, a massive leak from a Chinese prison in Xinjiang, and an ISIS plot to assassinate George W. Bush.

Google May Owe You a Chunk of $100 Million

Plus: The US admits to cyber operations supporting Ukraine, SCOTUS investigates its own, and a Michael Flynn surveillance mystery is solved.

The Hacker Gold Rush That's Poised to Eclipse Ransomware

As governments crack down on ransomware, cybercriminals may soon shift to business email compromise—already the world's most profitable type of scam.

AlphaBay Is Taking Over the Dark Web—Again

Five years after it was torn offline, the resurrected dark web marketplace is clawing its way back to the top of the online underworld.

A Long-Awaited Defense Against Data Leaks May Have Just Arrived

MongoDB claims its new “Queryable Encryption” lets users search their databases while sensitive data stays encrypted. Oh, and its cryptography is open source.

Apple Just Killed the Password—for Real This Time

Apple’s iOS 16 and macOS Ventura will introduce passwordless login for apps and websites. It’s only the beginning.

Disinfo and Hate Speech Flood TikTok Ahead of Kenya’s Elections

Mozilla researchers identified accounts with millions of view spreading hate speech and disinformation

How China Hacked US Phone Networks

Plus: Russia rattles its cyber sword, a huge Facebook phishing operation is uncovered, feds take down the SSNDOB marketplace, and more.

Google Warns of New Spyware Targeting iOS and Android Users

The spyware has been used to target people in Italy, Kazakhstan, and Syria, researchers at Google and Lookout have found.

The Post-Roe Privacy Nightmare Has Arrived

Plus: Microsoft details Russia’s Ukraine hacking campaign, Meta’s election integrity efforts dwindle, and more.

Gun Database Breach Leaks Details on Thousands of Owners

Plus: Indian hacker-for-hire groups, Chinese student espionage efforts, and more.

The January 6 Secret Service Text Scandal Turns Criminal

Plus: The FCC cracks down on car warranty robocalls, Thai activists get targeted by NSO's Pegasus, and the Russia-Ukraine cyberwar continues.

How Tor Is Fighting—and Beating—Russian Censorship

Russia has been trying to block the anonymous browser since December—with mixed results.

You Pay More When Companies Get Hacked

Plus: Google delays the end of cookies (again), EU officials were targeted with Pegasus spyware, and more of the top security news.

Bitcoin Fog Case Could Put Cryptocurrency Tracing on Trial

Roman Sterlingov, accused of laundering $336 million, is proclaiming his innocence—and challenging a key investigative tool.

The Microsoft Team Racing to Catch Bugs Before They Happen

What's it like to be responsible for a billion people's digital security? Just ask the company's Morse researchers.

A Slack Bug Exposed Some Users’ Hashed Passwords for 5 Years

The exposure of cryptographically scrambled passwords isn’t a worst-case scenario—but it isn’t great, either.

The US Emergency Alert System Has Dangerous Flaws

Plus: A crypto-heist extravaganza, a peek at an NSO spyware dashboard, and more.

An ISP Settled Piracy Lawsuits. Could Users Take the Hit?

Now that Charter has reached settlements with major record labels, it’s unclear whether the cable provider will pull the plug on users who pirate music.

GitHub Moves to Guard Open Source Against Supply Chain Attacks

The popular Microsoft-owned code repository plans to roll out code signing, which will help beef up the security of open source projects.

A Long-Awaited IoT Reverse Engineering Tool Is Finally Here

Ten years after it was first unveiled, the powerful firmware analysis platform Ofrak is now available to anyone.

Google's Android Red Team Had a Full Pixel 6 Pwn Before Launch

Before the flagship phone ever landed in users’ hands, the security team thoroughly hacked it by finding bugs and developing exploits.

Meta Just Happens to Expand Messenger’s End-to-End Encryption

The company says an expansion of privacy features in Messenger is unrelated to a high-profile Nebraska abortion case.

Sloppy Software Patches Are a ‘Disturbing Trend’

The Zero Day Initiative has found a concerning uptick in security updates that fail to fix vulnerabilities.

The Feds Gear Up for a Privacy Crackdown

Plus: Cisco gets hit by ransomware, Twilio gets phished, a new way to fight email spammers, and much more.

Flaw in the VA Medical Records Platform May Put Patients at Risk

The Veterans Affairs’ VistA software has a vulnerability that could let an attacker “masquerade as a doctor,” a security researcher warns.

A New Tractor Jailbreak Rides the Right-to-Repair Wave

A hacker has formulated an exploit that provides root access to two popular models of the company’s farm equipment.

Janet Jackson’s ‘Rhythm Nation’ Can Crash Old Hard Drives

Plus: The Twilio hack snags a reporter, a new tool to check for spyware, and the Canadian weed pipeline gets hit by a cyberattack.

The Twitter Whistleblower Report’s Most Damning Allegation

Peiter “Mudge” Zatko’s claims about the company’s lax security are all bad. But one clearly captures the extent of systemic issues.

A US Propaganda Operation Hit Russia and China With Memes

Plus: An Iranian hacking tool steals inboxes, LastPass gets hacked, and a deepfake scammer targets the crypto world.

Careless Errors in Hundreds of Apps Could Expose Troves of Data

Researchers found that mobile applications contain keys that could provide access to both user information and private files from unconnected apps.

Police Across US Bypass Warrants With Mass Location-Tracking Tool

Plus: An unsecured database exposed face recognition data in China, ‘Cuba’ ransomware knocks out Montenegro, and more.

Hackers Target Los Angeles School District With Ransomware

Plus: Albania cuts ties with Iran, claims of a TikTok data breach that didn’t happen, and much more.

The Twitter Whistleblower’s Testimony Has Senators Out for Blood

Peiter “Mudge” Zatko’s allegations about the social media platform renewed a sense of urgency for lawmakers to rein in Big Tech.

US Border Agents May Have a Copy of Your Text Messages

Plus: An AI artist exposes surveillance of Instagram users, the US charges Iranians over a ransomware campaign, and more.

A New Linux Tool Aims to Guard Against Supply Chain Attacks

Security firm Chainguard has created a simple, open source way for organizations to defend the cloud against some of the most insidious attacks.

Slack’s and Teams’ Lax App Security Raises Alarms

New research shows how third-party apps could be exploited to infiltrate these sensitive workplace tools.

Child Predators Mine Twitch to Prey on Kids

Plus: A leaked trove illuminates Russia’s internet regulator, a report finds Facebook and Instagram violated Palestinian rights, and more.

Cloudflare Takes a Stab at a Captcha That Doesn’t Suck

The internet infrastructure company has an alternative tool to check whether you’re human—and it doesn’t force you to pick out buses in tiny boxes.

The Race to Find the Nord Stream Saboteurs

Damage to the pipeline that runs between Russia and Germany is being treated as deliberate. Finding out what happened may not be straightforward.

Mystery Hackers Are ‘Hyperjacking’ Targets for Insidious Spying

For decades, security researchers warned about techniques for hijacking virtualization software. Now one group has put them into practice.

The Challenge of Cracking Iran’s Internet Blockade

People around the world are rallying to subvert Iran's internet shutdown, but actually pulling it off is proving difficult and risky.

Microsoft Exchange Server Has a Zero-Day Problem

Plus: CIA failures allegedly got US informants killed, a former NSA worker is charged under the Espionage Act, and more.

Binance Hackers Minted $569M in Crypto—Then It Got Complicated

Plus: The US warns of a mysterious military contractor breach, a "poisoned" version of the Tor Browser is tracking Chinese users, and more.

Google’s Pixel 7 and Pixel 7 Pro Pack New Android VPN and Tensor G2, Titan M2 Chips

The company says it hardened the security of its new flagship phones—and plans to release a built-in Android VPN.

Celsius Exchange Data Dump Is a Gift to Crypto Sleuths—and Thieves

By releasing half a million users’ transactions in a bankruptcy court filing, the company has opened a vast breach in its users’ financial privacy.

The $1 Billion Alex Jones Effect

The Infowars host now knows the cost of “free speech”—but does the landmark judgment signal a crackdown on disinformation?

Elon Musk’s SpaceX Bails on Starlink Funding for Ukraine

Plus: Hackers hit the Mormon Church, Signal plans to ditch SMS for Android, and a Fat Bear election erupts in scandal.

How to Use Passkeys in Google Chrome and Android

Google wants to make your digital life—in its ecosystem, anyway—passwordless and more secure.

The Hunt for Wikipedia's Disinformation Moles

Custodians of the crowdsourced encyclopedia are charged with protecting it from state-sponsored manipulators. A new study reveals how.

TikTok’s Security Threat Comes Into Focus

Plus: A Microsoft cloud leak exposed potential customers, new IoT security labels come to the US, and details emerge about Trump’s document stash.

A Pro-China Disinfo Campaign Is Targeting US Elections—Badly

The suspected Chinese influence operation had limited success. But it signals a growing threat from a new disinformation adversary.

Apple MacOS Ventura Bug Breaks Third-Party Security Tools

Your anti-malware software may not work if you upgraded to the new operating system. But Apple says a fix is on the way.

TikTok Admits Staff in China Can Access Europeans’ Data

Plus: Liz Truss’ phone-hacking trouble, Cash App’s sex-trafficking problem, and the rising cost of ransomware.

IRS Seizes Another Silk Road Hacker’s $3.36 Billion Bitcoin Stash

A year after a billion-dollar seizure of the dark web market's crypto, the same agency found a giant trove hidden under a different hacker's floorboards.

Russia’s New Cyberwarfare in Ukraine Is Fast, Dirty, and Relentless

Security researchers see updated tactics and tools—and a tempo change—in the cyberattacks Russia’s GRU military intelligence agency is inflicting on Ukraine.

Elon Musk's Twitter Blue Verification Is a Gift to Scammers

Anyone can get a blue tick on Twitter without proving who they are. And it’s already causing a ton of problems.

Russia’s Sway Over Criminal Ransomware Gangs Is Coming Into Focus

Questions about the Kremlin’s relationships with these groups remain. But researchers are finally getting some answers.

‘Dark Ships’ Emerge From the Shadows of the Nord Stream Mystery

Satellite monitors discovered two vessels with their trackers turned off in the area of the pipeline prior to the suspected sabotage in September.

Elon Musk Introduces Twitter Mayhem Mode

Plus: US midterms survive disinformation efforts, the government names the alleged Lockbit ransomware attacker, and the Powerball drawing hits a security snag.