Recent articles
May 14, 2026
Zero-day exploit completely defeats default Windows 11 BitLocker protections
It's not entirely clear how the exploit works. Microsoft says it's investigating.
arstechnica.com
May 11, 2026
Linux bitten by second severe vulnerability in as many weeks
Production-version patches are coming online and should be installed pronto.
arstechnica.com
May 8, 2026
Chaos erupts as cyberattack disrupts learning platform Canvas amid finals
Across the country, schools and colleges postpone year-end tests.
arstechnica.com
May 7, 2026
Mozilla says 271 vulnerabilities found by Mythos have "almost no false positives"
The developer of Firefox says it has "completely bought in" on AI-assisted bug discovery.
arstechnica.com
May 5, 2026
Widely used Daemon Tools disk app backdoored in monthlong supply-chain attack
Daemon Tools users: It's time to check your machines for stealthy infections, stat.
arstechnica.com
May 1, 2026
Dangerous New Linux Exploit Gives Attackers Root Access to Countless Computers
The exploit, dubbed CopyFail and tracked as CVE-2026-31431, allows hackers to take over PCs and data center servers. The Linux vulnerabilities have been patched—but many machines remain at risk.
www.wired.com
May 1, 2026
Ubuntu infrastructure has been down for more than a day
The outage has hampered communication concerning a critical vulnerability that gives root.
arstechnica.com
April 30, 2026
The most severe Linux threat to surface in years catches the world flat-footed
CopyFail threatens multi-tenant servers, CI/CD work flows, Kubernetes containers, and more.
arstechnica.com
April 29, 2026
Why a recent supply-chain attack singled out security firms Checkmarx and Bitwarden
Security firms find themselves especially exposed.
arstechnica.com
April 27, 2026
Open source package with 1 million monthly downloads stole user credentials
If you're one of millions using element-data, it's time to check for compromise.
arstechnica.com
April 24, 2026
Why are top university websites serving porn? It comes down to shoddy housekeeping.
Hundreds of subdomains from dozens of universities have been hijacked by scammers.
arstechnica.com
April 23, 2026
In a first, a ransomware family is confirmed to be quantum-safe
Technically speaking, there's no practical benefit to use PQC. So why is it being used?
arstechnica.com
April 22, 2026
Microsoft issues emergency update for macOS and Linux ASP.NET threat
When authentication fails, things can go very, very wrong.
arstechnica.com
April 21, 2026
Contrary to popular superstition, AES 128 is just fine in a post-quantum world
A stubborn misconception is hampering the already hard work of quantum readiness.
arstechnica.com
April 17, 2026
Russia-friendly exchange says "western special service" behind $15 million cyberattack
Grinex says needed hacking resources "available exclusively to ... unfriendly states."
arstechnica.com
April 17, 2026
Recent advances push Big Tech closer to the Q-Day danger zone
Here's which players are winning the race to transition to post-quantum crypto.
arstechnica.com
April 8, 2026
Iran-linked hackers disrupt operations at US critical infrastructure sites
As the US and Israel's war has ramped up, so too have hacks on US industrial sites.
arstechnica.com
April 8, 2026
Thousands of consumer routers hacked by Russia's military
End-of-life routers in homes and small offices hacked in 120 countries.
arstechnica.com
April 3, 2026
OpenClaw gives users yet another reason to be freaked out about security
The viral AI agentic tool let attackers silently gain admin unauthenticated access.
arstechnica.com
April 2, 2026
New Rowhammer attacks give complete control of machines running Nvidia GPUs
Both GDDRHammer and GeForge hammer GPU memory in ways that compromise the CPU.
arstechnica.com
March 31, 2026
New quantum-computing advances heighten threat to elliptic curve cryptosystems
No, the sky isn't falling, but Q Day is coming, and it won't be as expensive as thought.
arstechnica.com
March 25, 2026
Google bumps up Q Day deadline to 2029, far sooner than previously thought
Company warns entire industry to move off RSA and EC more quickly.
arstechnica.com
March 24, 2026
Self-propagating malware poisons open source software and wipes Iran-based machines
Development houses: It's time to check your networks for infections.
arstechnica.com
March 20, 2026
Widely used Trivy scanner compromised in ongoing supply-chain attack
Admins: Sorry to say, but it's likely a rotate-your-secrets kind of weekend.
arstechnica.com
March 17, 2026
Researchers disclose vulnerabilities in IP KVMs from four manufacturers
Internet-exposed devices that give BIOS-level access? What could possibly go wrong?
arstechnica.com
March 13, 2026
Supply-chain attack using invisible code hits GitHub and other repositories
Unicode that's invisible to the human eye was largely abandoned—until attackers took notice.
arstechnica.com
March 12, 2026
The who, what, and why of the attack that has shut down Stryker's Windows network"
Company says it doesn't know how long it will take to restore its Microsoft environment.
arstechnica.com
March 11, 2026
14,000 routers are infected by malware that's highly resistant to takedowns
Most of the devices are made by Asus and are located in the US.
arstechnica.com
March 6, 2026
Feds take notice of iOS vulnerabilities exploited under mysterious circumstances
The long, strange trip of a large assembly of advanced iOS exploits.
arstechnica.com
March 3, 2026
LLMs can unmask pseudonymous users at scale with surprising accuracy
Pseudonymity has never been perfect for preserving privacy. Soon it may be pointless.
arstechnica.com