Technology

HWMonitor and CPU-Z developer CPUID breached by unknown attackers — cyberattack forced users to download malware instead of valid apps for six hours

Source

Tom's Hardware

Published

Apr 10, 2026

TL;DR

AI Generated

Unknown attackers breached the website of CPUID, the developer of HWMonitor and CPU-Z, serving users infected files instead of legitimate ones for six hours. The malware aimed to steal browser credentials, particularly from Google Chrome. The breach was fixed, and CPUID's original files were not compromised. Supply chain attacks like this have become more common, with popular tech tools being targeted to distribute malware. Users who downloaded the infected files may have had their systems compromised.

Read Full Article

Bluetooth tracker hidden in a postcard and mailed to a warship exposed its location — $5 gadget put a $585 million Dutch ship at risk for 24 hours

A Dutch warship, HNLMS Evertsen, part of a NATO carrier strike group, unknowingly exposed its location for 24 hours after receiving a postcard with a hidden Bluetooth tracker. The tracker, similar to an Apple AirTag but cheaper at $5, was mailed in, allowing spies to track the $585 million Navy ship without physical access. Dutch authorities discovered and disabled the tracker within a day, prompting a ban on electronic greeting cards due to security risks. This incident highlights the ongoing challenges of maintaining operational security in the face of new technologies that can inadvertently compromise military operations.

Tom's Hardware•

22 hours ago

US-sanctioned currency exchange says $15 million heist done by "unfriendly states"

Grinex, a US-sanctioned cryptocurrency exchange in Kyrgyzstan, announced a $15 million heist allegedly orchestrated by hackers linked to "unfriendly states." TRM researchers confirmed the theft, noting more drained addresses than initially reported by Grinex. The attack targeted Russian users, with Grinex attributing it to a coordinated effort to harm Russia's financial sovereignty. TokenSpot, another Kyrgyzstan-based exchange, was also breached, with both exchanges becoming inoperable on Wednesday. The US Treasury Department had previously sanctioned Grinex's predecessor, Garantex, for facilitating ransomware actors and cybercriminals.

Ars Technica•

1 day ago

MIT Technology Review

The Download: cyberscammers’ banking bypasses, and carbon removal troubles

Cyberscammers are using illicit tools sold on Telegram to bypass banks' security measures, exploiting weaknesses in facial recognition scans to gain unauthorized access. Meanwhile, concerns arise about the future of carbon removal efforts as Microsoft pauses its purchases, impacting around 80% of contracted carbon removal. These developments highlight ongoing challenges in cybersecurity and environmental sustainability within the tech industry.

MIT Technology Review•

3 days ago

Iran reportedly bought an in-orbit Chinese satellite to target US military sites in the Middle East — purchase agreement included ongoing ground control services based in China

Iran's Islamic Revolutionary Guards Corps reportedly purchased a Chinese Earth-observation satellite in 2024, allowing them to capture high-resolution satellite imagery for military purposes. The satellite was acquired from a Chinese commercial aerospace company and included access to ground control services based in China. Despite the satellite's civilian nature, it was used to target US military sites in the Middle East, showcasing the dual-use application of such technology. The involvement of Chinese companies with ties to the military-industrial complex raises concerns about the blurred lines between civilian and military applications in the tech industry. The distributed nature of the satellite's services makes it challenging for potential attackers to disable it, highlighting the complexities of international tech collaborations in sensitive geopolitical contexts.