Technology

New AirSnitch attack bypasses Wi-Fi encryption in homes, offices, and enterprises

Source

Ars Technica

Published

Feb 26, 2026

TL;DR

AI Generated

A new attack called AirSnitch has been discovered that can bypass Wi-Fi encryption in homes, offices, and enterprises. Despite the widespread use of Wi-Fi, security vulnerabilities have plagued the protocol's history. The AirSnitch attack takes advantage of weaknesses at the lowest levels of the network stack, rendering encryption ineffective in providing client isolation. This attack affects routers from various manufacturers, including Netgear, D-Link, Ubiquiti, Cisco, and those running DD-WRT and OpenWrt.

Read Full Article

How a USB-connected speaker can infect a PC without ever being touched

A researcher discovered a vulnerability in the Sound Blaster Katana V2X speaker that allows a Bluetooth device to connect to a PC via USB without authentication or pairing. The Creative Transport Protocol (CTP) used by the speaker enables commands like changing LED colors and equalizer settings, as well as uploading new firmware without security measures. This flaw could potentially lead to remote code execution on the targeted device, highlighting a security risk in USB-connected speakers.

Ars Technica•

1 week ago

Dashlane explains how attackers managed to download encrypted password vaults

Attackers targeted Dashlane users by abusing the device enrollment mechanism, sending automated requests to registered email addresses to download encrypted password vaults. Dashlane's security systems detected the attack and locked targeted accounts, preventing widespread data breaches. The attackers managed to access fewer than 20 personal user vaults before the operation was halted. Dashlane's verification process requires a one-time six-digit token sent to the user's email for device enrollment, ensuring security measures are in place to protect user data.

Ars Technica•

1 week ago

Can't make sense of Dashlane's vault theft notification? You're not alone.

Dashlane issued a security advisory about attackers obtaining 20 encrypted user vaults through a brute force attack on 2FA protections. Users are confused by the notification process and lack of information from Dashlane, leading to discussions on social media. The attack involved guessing passcodes within a three-hour window, raising questions about the feasibility of such a large-scale breach. Dashlane's response to the attack and potential rate limiting measures are unclear, leaving users concerned about the security of their accounts.

Ars Technica•

1 week ago

Dozens of Red Hat packages backdoored through its official NPM channel

Red Hat's official NPM accounts were compromised, leading to the distribution of a malicious worm that steals sensitive credentials across machines. The attack targeted the @redhat-cloud-services channel, a trusted source for Red Hat packages, affecting over 30 packages. The malware collects credentials during the npm install process and spreads by republishing infected packages to other accounts. Organizations are advised to consider systems that installed the affected packages as potentially compromised, as the payload executes during installation, not runtime use. The malware encrypts and sends credentials through web requests, with a fallback option to publish data to compromised GitHub repositories.

Ars Technica•

2 weeks ago

How a USB-connected speaker can infect a PC without ever being touched

Ars Technica•

1 week ago

Dashlane explains how attackers managed to download encrypted password vaults

Ars Technica•

1 week ago

Can't make sense of Dashlane's vault theft notification? You're not alone.

Ars Technica•

1 week ago

Dozens of Red Hat packages backdoored through its official NPM channel

Ars Technica•

2 weeks ago

New AirSnitch attack bypasses Wi-Fi encryption in homes, offices, and enterprises

TL;DR

Similar Articles

How a USB-connected speaker can infect a PC without ever being touched

Dashlane explains how attackers managed to download encrypted password vaults

Can't make sense of Dashlane's vault theft notification? You're not alone.

Dozens of Red Hat packages backdoored through its official NPM channel

We use cookies

New AirSnitch attack bypasses Wi-Fi encryption in homes, offices, and enterprises

TL;DR

Similar Articles

How a USB-connected speaker can infect a PC without ever being touched

Dashlane explains how attackers managed to download encrypted password vaults

Can't make sense of Dashlane's vault theft notification? You're not alone.

Dozens of Red Hat packages backdoored through its official NPM channel