Recent articles
April 8, 2026
Iran-linked hackers disrupt operations at US critical infrastructure sites
As the US and Israel's war has ramped up, so too have hacks on US industrial sites.
arstechnica.com
April 8, 2026
Thousands of consumer routers hacked by Russia's military
End-of-life routers in homes and small offices hacked in 120 countries.
arstechnica.com
April 3, 2026
OpenClaw gives users yet another reason to be freaked out about security
The viral AI agentic tool let attackers silently gain admin unauthenticated access.
arstechnica.com
April 2, 2026
New Rowhammer attacks give complete control of machines running Nvidia GPUs
Both GDDRHammer and GeForge hammer GPU memory in ways that compromise the CPU.
arstechnica.com
March 31, 2026
New quantum-computing advances heighten threat to elliptic curve cryptosystems
No, the sky isn't falling, but Q Day is coming, and it won't be as expensive as thought.
arstechnica.com
March 25, 2026
Google bumps up Q Day deadline to 2029, far sooner than previously thought
Company warns entire industry to move off RSA and EC more quickly.
arstechnica.com
March 24, 2026
Self-propagating malware poisons open source software and wipes Iran-based machines
Development houses: It's time to check your networks for infections.
arstechnica.com
March 20, 2026
Widely used Trivy scanner compromised in ongoing supply-chain attack
Admins: Sorry to say, but it's likely a rotate-your-secrets kind of weekend.
arstechnica.com
March 17, 2026
Researchers disclose vulnerabilities in IP KVMs from four manufacturers
Internet-exposed devices that give BIOS-level access? What could possibly go wrong?
arstechnica.com
March 13, 2026
Supply-chain attack using invisible code hits GitHub and other repositories
Unicode that's invisible to the human eye was largely abandoned—until attackers took notice.
arstechnica.com
March 12, 2026
The who, what, and why of the attack that has shut down Stryker's Windows network"
Company says it doesn't know how long it will take to restore its Microsoft environment.
arstechnica.com
March 11, 2026
14,000 routers are infected by malware that's highly resistant to takedowns
Most of the devices are made by Asus and are located in the US.
arstechnica.com
March 6, 2026
Feds take notice of iOS vulnerabilities exploited under mysterious circumstances
The long, strange trip of a large assembly of advanced iOS exploits.
arstechnica.com
March 3, 2026
LLMs can unmask pseudonymous users at scale with surprising accuracy
Pseudonymity has never been perfect for preserving privacy. Soon it may be pointless.
arstechnica.com
February 28, 2026
Google quantum-proofs HTTPS by squeezing 2.5kB of data into 64-byte space
Merkle Tree Certificate support is already in Chrome. Soon, it will be everywhere.
arstechnica.com
February 26, 2026
New AirSnitch attack breaks Wi-Fi encryption in homes, offices, and enterprises
That guest network you set up for your neighbors may not be as secure as you think.
arstechnica.com
February 17, 2026
Password managers' promise that they can't see your vaults isn't always true
Contrary to what password managers say, a server compromise can mean game over.
arstechnica.com
February 11, 2026
Once-hobbled Lumma Stealer is back with lures that are hard to resist
ClickFix bait, combined with advanced Castleloader malware, is installing Lumma "at scale."
arstechnica.com
February 6, 2026
Malicious packages for dYdX cryptocurrency exchange empties user wallets
Incident is at least the third time the exchange has been targeted by thieves.
arstechnica.com
February 4, 2026
Microsoft releases urgent Office patch. Russian-state hackers pounce.
The window to patch vulnerabilities is shrinking rapidly.
arstechnica.com
February 4, 2026
Notepad++ Users, You May Have Been Hacked by China
Suspected Chinese state-backed hackers hijacked the Notepadd++ update infrastructure to deliver a backdoored version of the popular free source code editor and note-taking app for Windows.
www.wired.com
February 2, 2026
Notepad++ users take note: It's time to check if you're hacked
Suspected China-state hackers used update infrastructure to deliver backdoored version.
arstechnica.com
January 29, 2026
County pays $600,000 to pentesters it arrested for assessing courthouse security
Settlement comes more than 6 years after Gary DeMercurio and Justin Wynn's ordeal began.
arstechnica.com
January 28, 2026
Site catering to online criminals has been seized by the FBI
One of the last holdouts for ransomware discussions, RAMP is taken down.
arstechnica.com
January 27, 2026
There's a rash of scam spam coming from a real Microsoft address
Abusing Microsoft's reputation may make scam harder to spot.
arstechnica.com
January 26, 2026
Why has Microsoft been routing example.com traffic to a company in Japan?
Company's autodiscover caused users' test credentials to be sent outside Microsoft networks.
arstechnica.com
January 24, 2026
Poland's energy grid was targeted by never-before-seen wiper malware
Destructive payload unleashed on 10-year anniversary of Russia's attack on Ukraine's grid.
arstechnica.com
January 22, 2026
Overrun with AI slop, cURL scraps bug bounties to ensure "intact mental health"
The onslaught includes LLMs finding bogus vulnerabilities and code that won't compile.
arstechnica.com
January 21, 2026
Millions of people imperiled through sign-in links sent by SMS
Even well-known services with millions of users are exposing sensitive data.
arstechnica.com
January 16, 2026
Mandiant releases rainbow table that cracks weak admin password in 12 hours
Windows laggards still using the vulnerable hashing function: Your days are numbered.
arstechnica.com