EinloggenRegistrieren

Security Now!

SN 1030: Internet Foreground Radiation - The NPM Repository is Under Siege

Hinzugefügt: 18. Juni 2025

An exploited iOS iMessage vulnerability Apple denies?
The NPM repository is under siege with no end in sight.
Were Comcast and Digital Realty compromised? Don't ask them.
Matthew Green agrees:...

SN 1029: The Illusion of Thinking - Meta Apps and JavaScript Collusion

Hinzugefügt: 11. Juni 2025

In memoriam: Bill Atkinson
Meta native apps & JavaScript collude for a localhost local mess.
The EU rolls out its own DNS4EU filtered DNS service.
Ukraine DDoS's Russia's Railway DNS ... and......

SN 1028: AI Vulnerability Hunting - Jailbreaking is Over

Hinzugefügt: 4. Juni 2025

Pwn2Own 2025, Berlin results.
PayPal seeks a "newly registered domains" patent.
An expert iOS jailbreak developer gives up.
The rising abuse of SVG images, via JavaScript.
Interesting feedback...

SN 1027: Artificial Intelligence - The Status of Encrypted Client Hello

Hinzugefügt: 28. Mai 2025

What the status of Encrypted Client Hello (ECH)?
What radio technology would be best for remote inverter shutdown?
Some DNS providers already block newly listed domains.
Knowing when not to...

SN 1026: Rogue Comms Tech Found in US Power Grid - Is AI Replicating Itself?

Hinzugefügt: 21. Mai 2025

Chrome to actively refuse admin privileges.
Android Messenger is getting manual key verification.
Pwn2Own to add AI "pwning" as in-scope attack targets.
AI has already been found to be...

SN 1025: Secure Conversation Records Retention - FBI Says to Toss Your Old Router

Hinzugefügt: 14. Mai 2025

The state of Virginia passes an age-restriction law that has no chance.
New Zealand also tries something similar, citing Australia's lead.
A nasty Python package for Discord survived 3 years and...

SN 1024: Don't Blame Signal - The Real Story Behind the TM SGNL Breach

Hinzugefügt: 7. Mai 2025

Microsoft to officially abandon passwords and support their deletion.
Meta's RayBan smart glasses weaken their privacy terms.
30% of Microsoft code is now being written by AI.
Google says prying...

SN 1023: Preventing Windows Sandbox Abuse - Microsoft Says "Don't Delete This Folder"

Hinzugefügt: 30. April 2025

Why did a mysterious empty "inetpub" directory appear after April's Patch Tuesday?
And what new Windows Update crashing hack did this also create?
North Korea is now creating fake US companies to...

SN 1022: The Windows Sandbox - Short-life Certs, Ransomware Payout Stats

Hinzugefügt: 23. April 2025

Enabling Firefox's Tab Grouping.
Recalled Recall Re-Rolls out.
The crucial CVE program nearly died. It's been given new life.
China confesses to hacking the US (blames our stance on Taiwan)....

SN 1021: Device Bound Session Credentials - Hotpatching in Win 11, Apple vs. UK

Hinzugefügt: 16. April 2025

Android to get "Lockdown Mode".
What's in the new editions of Chrome and Firefox?
Why did Apple silently re-enable automatic updates?
My new iPhone 16, Chinese tariffs and electronics.
Dynamic...

SN 1020: Multi-Perspective Issuance Corroboration - IoT Done Right, France Phishes, Gmails E2EE

Hinzugefügt: 9. April 2025

Canon printer driver vulnerabilities enable Windows kernel exploitation.
Astonishing cyber-security awareness from a household appliance manufacturer.
France tries to hook 2.5 million school...

SN 1019: EU OS - Troy Hunt Phished, Ransomware List, InControl

Hinzugefügt: 2. April 2025

Kuala Lumpur International Airport says no to a ransom attack, switches to whiteboard.
A tired and jet-lagged Troy Hunt got Phished then listed himself on his own site.
Cloudflare completely...

SN 1018: The Quantum Threat - ESP32 Backdoor Update, RCS E2EE

Hinzugefügt: 26. März 2025

The dangers of doing things you don't understand.
Espressif responds to the claims of an ESP32 backdoor.
A widely leveraged mistake Microsoft stubbornly refuses to correct.
A disturbingly simple...

SN 1017: Is YOUR System Vulnerable to RowHammer? - Telegram's Crypto, Twitter Outage, FBI Warning

Hinzugefügt: 19. März 2025

An analysis of Telegram Messenger's crypto.
A beautiful statement of the goal of modern crypto design.
Who was behind Twitter's recent outage trouble?
An embedded Firefox root certificate...

SN 1016: The Bluetooth Backdoor - North Korean Texans, Apple Pushes Back

Hinzugefügt: 12. März 2025

Utah passes age verification requirement for app stores.
The inside story on fake North Korean employees. Is that a Texas accent?
An update on the ongoing Bybit cryptoheist saga.
The industry...

SN 1015: Spatial-Domain Wireless Jamming - Firefox Privacy Policy, Signal Leaving Sweden?

Hinzugefügt: 5. März 2025

Firefox amends their privacy policy -- the world melts down.
Signal threatens to leave Sweden.
Aftermath of the massive $1.5 billion Bybit ETH heist.
It turns out that it wasn't actually Bybit's...

SN 1013: Chrome Web Store is a mess - Apple Encryption in the UK, Texas Vs. DeepSeek

Hinzugefügt: 19. Februar 2025

US lawmakers respond to the UK's outrageous demand about Apple's encryption.
What, exactly, is a "backdoor", and can a "backdoor" NOT be secret?
Highlights from last week's Windows' Patch...

SN 1011: Jailbreaking AI - Deepseek, "ROUTERS" Act, Zyxel Vulnerability

Hinzugefügt: 5. Februar 2025

Why was DeepSeek banned by Italian authorities?
What internal proprietary DeepSeek data was found online?
What is "DeepSeek" anyway? Why do we care, and what does it mean?
Did Microsoft just...

SN 1010: DNS Over TLS - Record DDoS, Hackers Get Hacked

Hinzugefügt: 29. Januar 2025

eM Client CAN be purchased outright.
An astonishing 5-year-old typo in MasterCard's DNS.
An unwelcome surprise received by 18,459 low-level hackers.
DDoS attacks continue growing, seemingly...

SN 1009: Attacking TOTP - Force-Installed Outlook, DJI Firmware Update

Hinzugefügt: 22. Januar 2025

What do we learn from January's record breaking 0-day critical Patch Tuesday?
Microsoft to "force-install" a new Outlook into all Windows 10 and 11 desktops?
GoDaddy required to get much more...