Recent articles
February 17, 2026
Password managers' promise that they can't see your vaults isn't always true
Contrary to what password managers say, a server compromise can mean game over.
arstechnica.com
February 11, 2026
Once-hobbled Lumma Stealer is back with lures that are hard to resist
ClickFix bait, combined with advanced Castleloader malware, is installing Lumma "at scale."
arstechnica.com
February 6, 2026
Malicious packages for dYdX cryptocurrency exchange empties user wallets
Incident is at least the third time the exchange has been targeted by thieves.
arstechnica.com
February 4, 2026
Microsoft releases urgent Office patch. Russian-state hackers pounce.
The window to patch vulnerabilities is shrinking rapidly.
arstechnica.com
February 4, 2026
Notepad++ Users, You May Have Been Hacked by China
Suspected Chinese state-backed hackers hijacked the Notepadd++ update infrastructure to deliver a backdoored version of the popular free source code editor and note-taking app for Windows.
www.wired.com
February 2, 2026
Notepad++ users take note: It's time to check if you're hacked
Suspected China-state hackers used update infrastructure to deliver backdoored version.
arstechnica.com
January 29, 2026
County pays $600,000 to pentesters it arrested for assessing courthouse security
Settlement comes more than 6 years after Gary DeMercurio and Justin Wynn's ordeal began.
arstechnica.com
January 28, 2026
Site catering to online criminals has been seized by the FBI
One of the last holdouts for ransomware discussions, RAMP is taken down.
arstechnica.com
January 27, 2026
There's a rash of scam spam coming from a real Microsoft address
Abusing Microsoft's reputation may make scam harder to spot.
arstechnica.com
January 26, 2026
Why has Microsoft been routing example.com traffic to a company in Japan?
Company's autodiscover caused users' test credentials to be sent outside Microsoft networks.
arstechnica.com
January 24, 2026
Poland's energy grid was targeted by never-before-seen wiper malware
Destructive payload unleashed on 10-year anniversary of Russia's attack on Ukraine's grid.
arstechnica.com
January 22, 2026
Overrun with AI slop, cURL scraps bug bounties to ensure "intact mental health"
The onslaught includes LLMs finding bogus vulnerabilities and code that won't compile.
arstechnica.com
January 21, 2026
Millions of people imperiled through sign-in links sent by SMS
Even well-known services with millions of users are exposing sensitive data.
arstechnica.com
January 16, 2026
Mandiant releases rainbow table that cracks weak admin password in 12 hours
Windows laggards still using the vulnerable hashing function: Your days are numbered.
arstechnica.com
January 15, 2026
Why I’m withholding certainty that “precise” US cyber-op disrupted Venezuelan electricity
NYT says US hackers were able to turn off power and then quickly turn it back on.
arstechnica.com
January 14, 2026
A single click mounted a covert, multistage attack against Copilot
Exploit exfiltrating data from chat histories worked even after users closed chat windows.
arstechnica.com
January 13, 2026
Never-before-seen Linux malware is “far more advanced than typical”
VoidLink includes an unusually broad and advanced array of capabilities.
arstechnica.com
January 13, 2026
Signal creator Moxie Marlinspike wants to do for AI what he did for messaging
Introducing Confer, an end-to-end AI assistant that just works.
arstechnica.com
January 8, 2026
ChatGPT falls to new data-pilfering attack as a vicious cycle in AI continues
Will LLMs ever be able to stamp out the root cause of these attacks? Possibly not.
arstechnica.com
January 5, 2026
The nation’s strictest privacy law just took effect, to data brokers’ chagrin
Californians can now submit demands requiring 500 brokers to delete their data.
arstechnica.com
December 31, 2025
Supply chains, AI, and the cloud: The biggest failures (and one success) of 2025
The past year has seen plenty of hacks and outages. Here are the ones topping the list.
arstechnica.com
December 17, 2025
Browser extensions with 8 million users collect extended AI conversations
The extensions, available for Chromium browsers, harvest full AI conversations over months.
arstechnica.com
December 15, 2025
Microsoft will finally kill obsolete cipher that has wreaked decades of havoc
The weak RC4 for administrative authentication has been a hacker Holy Grail for decades.
arstechnica.com
December 4, 2025
In comedy of errors, men accused of wiping gov databases turned to an AI tool
Defendants were convicted of similar crimes a decade ago. How were they cleared again?
arstechnica.com
December 3, 2025
Maximum-severity vulnerability threatens 6% of all websites
Open source React executes malicious code with malformed HTML—no authentication needed.
arstechnica.com
December 3, 2025
Fraudulent gambling network may actually be something more nefarious
Researchers say there's more to the network, which has operated for 14 years.
arstechnica.com