Recent articles
July 15, 2026
Windows 0-day drops the same day Microsoft releases record number of patches
HiveLegacy is a "powerful primitive" that's likely capable of other nefarious actions.
arstechnica.com
July 14, 2026
Microsoft’s Secure Boot has been broken for a decade and no one noticed until now
Old and forgotten "shims" Microsoft failed to revoke have made Secure Boot bypasses simple.
arstechnica.com
July 13, 2026
The US government warns that Russia state hackers are coming after your router
With residential proxies all the rage, CISA urges router users to be vigilant.
arstechnica.com
July 13, 2026
Now, defenders are embracing the prompt injection, too
"Context bombing" tricks hacking agents into shutting down before they can do harm.
arstechnica.com
July 9, 2026
Patch for Windows Defender 0-day could allow attackers to fill hard disk
The feud between NightmareEclipse and Microsoft shows no signs of resolving soon.
arstechnica.com
July 8, 2026
Google pays $250K for Linux vulnerability allowing guest VM escapes
Both vulnerabilities allow untrusted users to gain root privileges.
arstechnica.com
July 8, 2026
Hackers can use 9 of the most popular AI tools to assemble massive botnets
"HalluSquatting" weaponizes LLMs' inability to say "I don't know."
arstechnica.com
July 2, 2026
Newly discovered PamStealer isn't your typical macOS malware
The discovery underscores the increased effort being poured into Mac infostealers.
arstechnica.com
June 30, 2026
New attack provides one more reason why AI browsers are a bad idea
Telling an LLM that 2 + 2 = 5 is enough to make it follow forbidden instructions.
arstechnica.com
June 29, 2026
US offers $10 million for info on group behind Signal and WhatsApp hacking spree
Operation by two Russia-state groups has been ongoing since at least March.
arstechnica.com
June 24, 2026
One-two punch delivered in global operation disrupts cybercrime "assembly line"
"Operation Endgame" simultaneously disrupts two widely used crime tools.
arstechnica.com
June 23, 2026
White House drastically shortens deadline for dropping quantum-vulnerable crypto
Order warns of national security risks if post-quantum cryptography isn't adopted in time.
arstechnica.com
June 22, 2026
Following user outcry, AMD reinstates memory encryption in consumer CPUs
Critics saw the move as an underhanded way to steer them toward more costly chips.
arstechnica.com
June 21, 2026
A Critical Deadline Is Approaching for Windows and Linux Security
The cryptographic keys that secure your computer's boot sequence will start to expire on June 24. Here's what that means for you.
www.wired.com
June 18, 2026
Microsoft discovers new lightweight backdoor that steals cryptocurrency
Crypto Clipper spreads over USB and communicates over Tor.
arstechnica.com
June 18, 2026
Apple patches high-severity eavesdropping vulnerability in Beats Studio Buds
The vulnerability, disclosed 12 months ago, affects multiple manufacturers.
arstechnica.com
June 17, 2026
Massive breach spills credentials for thousands of sensitive networks
The affected include Oracle, Lenovo, FedEx, a NATO contractor, and Fortinet.
arstechnica.com
June 17, 2026
Windows and Linux users: The deadline to update Secure Boot keys is near
What you need to know about the expiration of keys securing your machine's boot sequence.
arstechnica.com
June 16, 2026
Critical Copilot vulnerability allowed hackers to seal 2FA code from users
SearchLeak exploit shows why the industry's approach to LLM security fails over and over.
arstechnica.com
June 15, 2026
Users cry foul after AMD stripped memory crypto from its consumer CPUs
AMD's stripping of TSME from consumer CPUs appears to be a deliberate, covert move.
arstechnica.com
June 12, 2026
PeopleSoft 0-day affecting hundreds of organizations steals gigabytes of data
Vulnerability in the Oracle-owned PeopleSoft software is about as critical as they come.
arstechnica.com
June 9, 2026
Locked in heated rivalry with researcher, Microsoft fixes 0-day they disclosed
A separate zero-day also disclosed by Nightmare Eclipse appears to be patched as well.
arstechnica.com
June 9, 2026
High-severity vulnerability in Linux caused by a single errant character
Use-after-free bug can be exploited to evade sandbox defenses.
arstechnica.com
June 8, 2026
For the 2nd time in weeks, Microsoft packages laced with credential stealer
73 packages run self-replicating stealer as soon as they're opened by an AI agent.
arstechnica.com
June 5, 2026
Highly reviewed speaker can be hacked over the air to infect connected devices
Seller of the Sound Blaster Katana V2X doesn't consider the behavior a vulnerability.
arstechnica.com
June 4, 2026
Dashlane explains how attackers managed to download encrypted password vaults
By targeting large numbers of users, attackers increased their chances of success.
arstechnica.com
June 3, 2026
Dashlane issues opaque advisory warning 20 encrypted vaults were stolen
Security advisory leaves out key details. Dashlane maintains complete silence.
arstechnica.com
June 1, 2026
Dozens of Red Hat packages backdoored through its official NPM channel
Anyone who has downloaded affected Red Hat packages should investigate immediately.
arstechnica.com
June 1, 2026
Websites Can Now Spy on You Through Your Hard Drive
Thanks to the newly detailed FROST technique, telltale SSD activity can be measured in the browser using simple JavaScript.
www.wired.com
May 29, 2026
Botnet of more than 17 million devices dismantled
The botnet was reportedly tied to a Russia-based residential proxy network.
arstechnica.com