Tech News
Back to home

Articles tagged with "data-breach"

Why a recent supply-chain attack singled out security firms Checkmarx and Bitwarden

Why a recent supply-chain attack singled out security firms Checkmarx and Bitwarden

Security firm Checkmarx has been targeted in a series of supply-chain attacks over the past six weeks, with malware being pushed to customers through compromised accounts. The attacks began with the breach of the Trivy vulnerability scanner, leading to malware being distributed to Checkmarx users. Checkmarx's GitHub account was also compromised, leading to the dissemination of malware to its users. The company faced additional malware pushes, indicating ongoing security challenges. A ransomware group known as Lapsu$ recently dumped Checkmarx's private data on the dark web, suggesting persistent access by attackers.

Ars Technica
Ransomware accidentally destroys all files larger than 128KB, preventing decryption — VECT code likely partly vibe coded with AI or used an old code base, security researchers suggest

Ransomware accidentally destroys all files larger than 128KB, preventing decryption — VECT code likely partly vibe coded with AI or used an old code base, security researchers suggest

The VECT ransomware, discovered in December 2025, contains a critical bug that turns it into a wiper, destroying files larger than 128KB and preventing decryption. Check Point Research found that the ransomware's flawed programming causes irreversible damage to encrypted files, rendering payment to unlock data ineffective. The ransomware's code also exhibits various other issues, leading researchers to speculate that it may have been partly generated with AI or based on outdated code. Despite these flaws, the group behind VECT appears sophisticated, with multi-platform capabilities and partnerships with other threat actors. The researchers warn that the group could potentially fix these issues and release a more effective version in the future, leveraging its existing distribution system to infect more systems.

Tom's Hardware
Enthusiast fixes 30-year issue with S3 graphics card — hacking the VBIOS fixes black levels by scalpelling out the Virge DX’s ‘pedestal bit’

Enthusiast fixes 30-year issue with S3 graphics card — hacking the VBIOS fixes black levels by scalpelling out the Virge DX’s ‘pedestal bit’

A retro hardware enthusiast successfully fixed a 30-year-old issue with S3 graphics cards by hacking the VBIOS to address the 'pedestal bit' problem that caused washed-out black levels. By adjusting the hexadecimal value in the VBIOS code, the darkest blacks were restored to their proper color, eliminating the undesirable gray appearance. The enthusiast used debugging tools to locate and modify the pedestal bit, then dumped the VBIOS to a file, made the necessary tweaks, and flashed it back to the hardware. The fix resulted in a deep black background upon booting, confirming the successful elimination of the pedestal bit issue. This solution can potentially be applied to other S3 Virge DX models, offering a resolution to a long-standing problem in graphics card technology.

Tom's Hardware
How a cavalcade of blunders gave unauthorized users access to Claude Mythos — restricted model accessed by third parties, thanks to knowledge from data breach

How a cavalcade of blunders gave unauthorized users access to Claude Mythos — restricted model accessed by third parties, thanks to knowledge from data breach

Unauthorized users gained access to Anthropic's cybersecurity AI model, Claude Mythos, through a breach that exposed proprietary AI models. Despite Mythos' capabilities in finding vulnerabilities, it couldn't prevent unauthorized access through a third-party contractor. The breach stemmed from a hack at Mercor, which led to a chain of breaches involving third-party tools. This incident underscores the importance of cybersecurity and the vulnerability posed by the human element in digital security. As AI tools like Mythos become more prevalent, the need for robust security measures is increasingly crucial to prevent unauthorized access and data breaches.

Tom's Hardware
In a first, a ransomware family is confirmed to be quantum-safe

In a first, a ransomware family is confirmed to be quantum-safe

A new ransomware family named Kyber claims to be quantum-safe by using ML-KEM encryption, a post-quantum cryptography standard. This encryption method is designed to be resistant to attacks by quantum computers, unlike traditional methods like Elliptic Curve and RSA. Security firm Rapid7 confirmed that Kyber uses the highest strength version of ML-KEM to encrypt victims' data with AES-256, making it the first known case of ransomware utilizing post-quantum cryptography. This development highlights the evolving tactics of cybercriminals to enhance the security of their malicious activities.

Ars Technica
Ransomware negotiator pleads guilty after leaking victims' insurance details to 'BlackCat' hackers — perp gave attackers a precise picture of exactly how much each target could afford to pay

Ransomware negotiator pleads guilty after leaking victims' insurance details to 'BlackCat' hackers — perp gave attackers a precise picture of exactly how much each target could afford to pay

Former ransomware negotiator Angelo Martino has pleaded guilty to collaborating with the ALPHV/BlackCat ransomware gang to extort five U.S. companies, providing confidential details about the victims' insurance policies and negotiation perceptions. Martino's actions led to over $75 million in ransom payments, with individual payments exceeding $25 million. He also participated in deploying BlackCat ransomware against additional U.S. victims, demanding over $16 million in ransom. Law enforcement has seized more than $10 million from Martino, including cryptocurrency and various assets purchased with illicit proceeds. Martino, along with his co-conspirators, faces a maximum of 20 years in prison, with sentencing scheduled for July 9th.

Tom's Hardware
US-sanctioned currency exchange says $15 million heist done by "unfriendly states"

US-sanctioned currency exchange says $15 million heist done by "unfriendly states"

Grinex, a US-sanctioned cryptocurrency exchange in Kyrgyzstan, announced a $15 million heist allegedly orchestrated by hackers linked to "unfriendly states." TRM researchers confirmed the theft, noting more drained addresses than initially reported by Grinex. The attack targeted Russian users, with Grinex attributing it to a coordinated effort to harm Russia's financial sovereignty. TokenSpot, another Kyrgyzstan-based exchange, was also breached, with both exchanges becoming inoperable on Wednesday. The US Treasury Department had previously sanctioned Grinex's predecessor, Garantex, for facilitating ransomware actors and cybercriminals.

Ars Technica
Rockstar Games confirms it was hacked by malicious group — 'ShinyHunters' takes credit, gives until April 14 to pay ransom or it will release confidential data

Rockstar Games confirms it was hacked by malicious group — 'ShinyHunters' takes credit, gives until April 14 to pay ransom or it will release confidential data

Rockstar Games has confirmed being hacked by the group "ShinyHunters," who are demanding a ransom by April 14 to prevent the release of confidential data. The group exploited Anodot to access Rockstar's Snowflake instances, potentially compromising corporate data. While Rockstar claims the stolen information is non-material and won't impact players, the threat of data exposure remains. ShinyHunters' tactics involve targeting companies through API keys and third-party integrations, posing a broader cybersecurity risk to businesses beyond Rockstar. If the ransom isn't paid, the group plans to make the stolen data public, potentially revealing internal company information.

Tom's Hardware
HWMonitor and CPU-Z developer CPUID breached by unknown attackers — cyberattack forced users to download malware instead of valid apps for six hours

HWMonitor and CPU-Z developer CPUID breached by unknown attackers — cyberattack forced users to download malware instead of valid apps for six hours

Unknown attackers breached the website of CPUID, the developer of HWMonitor and CPU-Z, serving users infected files instead of legitimate ones for six hours. The malware aimed to steal browser credentials, particularly from Google Chrome. The breach was fixed, and CPUID's original files were not compromised. Supply chain attacks like this have become more common, with popular tech tools being targeted to distribute malware. Users who downloaded the infected files may have had their systems compromised.

Tom's Hardware
10 petabytes of sensitive data stolen from China's National Supercomputing Center, hackers claim — daring heist would be largest ever China hack, covering 6,000 clients across science, defense, and beyond

10 petabytes of sensitive data stolen from China's National Supercomputing Center, hackers claim — daring heist would be largest ever China hack, covering 6,000 clients across science, defense, and beyond

A hacker group named FlamingChina claims to have stolen over 10 petabytes of sensitive data from China's National Supercomputing Center, affecting 6,000 clients in science, defense, and other sectors. The breach, if confirmed, would be the largest known hack in China, exposing research from entities like AVIC and COMAC. The stolen data includes classified files on weapons systems and simulation results, with access being sold for cryptocurrency. The attack, allegedly executed through a compromised VPN domain and botnet, highlights cybersecurity vulnerabilities in China's critical infrastructure and raises concerns about the potential misuse of the stolen technologies by foreign entities.

Tom's Hardware
Crypto platform Drift suffers from hack suspected to total $270 million — firm goes into damage control mode, suspends deposits and withdrawals

Crypto platform Drift suffers from hack suspected to total $270 million — firm goes into damage control mode, suspends deposits and withdrawals

Drift Protocol, a major open-sourced perpetual futures exchange on Solana, has been hit by a cyberattack leading to the suspension of deposits and withdrawals. While the company has not confirmed the exact amount lost, estimates suggest around $130 million to $270 million in crypto stolen. This breach is considered one of the largest reported hacks this year. Despite law enforcement efforts to combat such incidents, scams remain a significant threat, with billions lost in crypto assets in 2025.

Tom's Hardware
Hacker charged for stealing $53 million in crypto, faces up to 30 years in prison — Uranium Finance thief spent $2 million of illicit funds on Magic: The Gathering, $1 million on Pokémon cards

Hacker charged for stealing $53 million in crypto, faces up to 30 years in prison — Uranium Finance thief spent $2 million of illicit funds on Magic: The Gathering, $1 million on Pokémon cards

A hacker named Jonathan Spalletta, also known as Cthulhon and Jspalletta, has been charged by the U.S. for stealing $53.3 million in cryptocurrency from Uranium Finance through two separate attacks. He faces up to 30 years in prison for computer fraud and money laundering. Spalletta spent $2 million of the stolen funds on Magic: The Gathering items and $1 million on Pokémon cards. Authorities are urging additional victims of the hack to come forward, as they continue to crack down on crypto theft cases.

Tom's Hardware
CanisterWorm malware wipes Iranian machines for no apparent reason — sophisticated attack spreads through npm packages and uses ICP canister as control surface

CanisterWorm malware wipes Iranian machines for no apparent reason — sophisticated attack spreads through npm packages and uses ICP canister as control surface

A hacking group named TeamPCP has developed the CanisterWorm malware, which targets Iranian machines and wipes their contents without a clear motive. The malware spreads through npm packages and uses an ICP canister as a control surface, making it a sophisticated and unique attack. The group's previous activities focused on monetary gain, but this latest version of the malware seems to be more about showcasing their capabilities. The attack was initiated through a hack on the Trivy open-source vulnerability scanner software, highlighting the importance of securing software publishing infrastructure. The ICP protocol, which the malware utilizes, has strict security measures in place to prevent unauthorized access and takedowns.

Tom's Hardware
Self-propagating malware poisons open source software and wipes Iran-based machines

Self-propagating malware poisons open source software and wipes Iran-based machines

A hacking group named TeamPCP is spreading a new self-propagating backdoor and data wiper targeting Iranian machines. The group has been using a worm to compromise cloud-hosted platforms for various malicious activities like data exfiltration, ransomware deployment, extortion, and cryptocurrency mining. TeamPCP recently compromised the Trivy vulnerability scanner through a supply-chain attack and spread potent malware that automatically infects new machines without user interaction. The malware targets npm repository access tokens and creates new versions of packages with malicious code. The worm is controlled by a tamper-proof mechanism using an Internet Computer Protocol-based canister, allowing attackers to constantly change control server URLs.

Ars Technica
12 years after release, the Xbox One has finally been hacked

12 years after release, the Xbox One has finally been hacked

The Xbox One, released 12 years ago, has been hacked for the first time. The hacking exploit was demonstrated by a security researcher who managed to run a custom code on the console. This breach could potentially lead to homebrew software and unauthorized modifications on the Xbox One. Microsoft has not yet responded to this security vulnerability.

TweakTown
Zombie ZIP vulnerability lets compressed malware leisurely stroll past 95% of antivirus apps — security suites are blissfully unaware of security issue

Zombie ZIP vulnerability lets compressed malware leisurely stroll past 95% of antivirus apps — security suites are blissfully unaware of security issue

A new vulnerability called Zombie ZIP allows malware to bypass 95% of antivirus apps by disguising compressed data as uncompressed in ZIP files. This trick evades detection as the data appears as random bytes to antivirus software. The flaw has been exploited in a proof-of-concept Python script that can easily extract malware from corrupted ZIP files. Security experts recommend caution with ZIP files until antivirus solutions catch up with this issue.

Tom's Hardware
The FBI is looking for victimized Steam users who downloaded games with hidden malware — Investigation underway into multiple infected titles from 2024 to 2026

The FBI is looking for victimized Steam users who downloaded games with hidden malware — Investigation underway into multiple infected titles from 2024 to 2026

The FBI is investigating malware-infected fake games on Steam from 2024 to 2026 and is seeking affected users to come forward. Games like Chemia, Dashverse, and BlockBasters have been identified as part of this scam, with BlockBasters even siphoning $32,000 in donations. These malicious games are often crypto scams that compromise user accounts and drain wallets. Despite Valve's efforts, these games continue to slip through the vetting system, leading to an increase in such incidents. Victims can provide information to the FBI voluntarily to aid in catching these criminals under federal law.

Tom's Hardware
The who, what, and why of the attack that has shut down Stryker's Windows network"

The who, what, and why of the attack that has shut down Stryker's Windows network"

Stryker, a medical device manufacturer, experienced a cyberattack following US and Israel airstrikes on Iran, with a group aligned with the Iranian government claiming responsibility. The attack led to a global network disruption in Stryker's Microsoft environment, affecting phones and computers of employees. The company confirmed that the incident did not involve ransomware or malware and is contained within the internal Microsoft environment. While critical medical devices like Lifepak, Lifenet, and Mako are functioning normally, Stryker has not provided a timeline for full recovery.

Ars Technica
Iran hacking group claims attack on med-tech company Stryker — says over 200,000 devices have been wiped clean and over 50TB of data extracted

Iran hacking group claims attack on med-tech company Stryker — says over 200,000 devices have been wiped clean and over 50TB of data extracted

An Iranian hacking group, Handala, has claimed responsibility for a cyberattack on Stryker, a medical technology company based in the U.S. The attack resulted in the wiping of over 200,000 devices and the extraction of 50TB of data. Employees reported that both company-managed and personal devices were affected, causing disruptions to their work. The breach highlights the vulnerability of personal devices connected to corporate networks and the potential risks associated with mobile device management software. This incident is part of the escalating cyber conflict in the Middle East, with Stryker being an unexpected target of international cyber warfare.

Tom's Hardware
14,000 routers are infected by malware that's highly resistant to takedowns

14,000 routers are infected by malware that's highly resistant to takedowns

A botnet of 14,000 routers, primarily Asus models, has been infected with the KadNap malware, creating a takedown-resistant proxy network for cybercrime. The malware exploits unpatched vulnerabilities in the routers, with a high concentration of Asus devices likely due to reliable exploits available for those models. The botnet's sophisticated peer-to-peer design based on Kademlia makes it challenging to detect and take down through traditional methods, using distributed hash tables to conceal command-and-control servers' IP addresses. This decentralized structure and hash substitution provide resilience against takedowns and denial of service attacks.

Ars Technica
Authorities seize crypto wallet... then accidentally publish the password - $4.4m gone

Authorities seize crypto wallet... then accidentally publish the password - $4.4m gone

Authorities seized a crypto wallet containing $4.4 million in cryptocurrency, but then accidentally published the password online. This blunder led to the funds being stolen from the wallet. The incident highlights the risks associated with storing large sums of money in digital wallets and the importance of maintaining strict security measures.

TweakTown
$20 million lost in 'jackpotting' ATM malware attacks in 2025, FBI reports — scheme forces machines to spit out cash, targets banks and ATM operators

$20 million lost in 'jackpotting' ATM malware attacks in 2025, FBI reports — scheme forces machines to spit out cash, targets banks and ATM operators

The FBI has issued a warning about increasing malware attacks on ATMs, with a specific focus on "jackpotting" attacks that force machines to dispense cash. These attacks involve threat actors using generic keys to access ATM maintenance cabinets, loading malware onto the storage drive, and manipulating the machines to dispense money. The FBI reported over $20 million in losses from these attacks in 2025, with a significant rise in incidents in recent years. Financial institutions are advised to take steps like monitoring for unauthorized files, disabling USB ports, and enhancing security measures to combat these attacks. The vulnerabilities in ATMs, particularly those running on outdated operating systems like Windows 7, pose a significant risk that needs to be addressed promptly to prevent further financial losses.

Tom's Hardware
A 16-year-old intern helped Netgear catch scammers in India for $800 — Culprits would pose as Netgear employees & sell fake support packages to customers

A 16-year-old intern helped Netgear catch scammers in India for $800 — Culprits would pose as Netgear employees & sell fake support packages to customers

A 16-year-old intern at Netgear played a crucial role in helping the company catch scammers in India who were posing as Netgear employees and selling fake support packages to customers. The scammers would constantly move their fake websites to evade legal action, but the intern, Wyatt, with his digital fluency, managed to outsmart them. By pretending to be a customer and luring in the scammers, Wyatt obtained crucial information like fake invoices, leading to a successful lawsuit by Netgear against the scammers. The company won over $860,000 in damages and traced some of the funds back to India. Wyatt, who earned $800 for his internship, provided a unique solution to combat internet theft, showcasing the effectiveness of unconventional approaches in tackling cybercrime.

Tom's Hardware
MIT Technology Review

The curious case of the disappearing Lamborghinis

A new trend of high-end vehicle theft during transport is on the rise, blending high-tech methods with traditional chop-shop techniques. Criminals use email phishing and fraudulent paperwork to impersonate legitimate transport companies, diverting luxury vehicles to resell or ship overseas. The article highlights several high-profile cases involving stolen luxury cars, including those of professional athletes and celebrities. The industry faces challenges in tracking and preventing these thefts, with estimates suggesting thousands of high-end cars have been stolen, resulting in significant financial losses. Efforts to combat this issue include enhanced security measures on online marketplaces and increased awareness campaigns.

MIT Technology Review
Google reports that state hackers from China, Russia and Iran are using Gemini in 'all stages' of attacks — phishing lures, coding and vulnerability testing get AI underpinnings from hostile actors

Google reports that state hackers from China, Russia and Iran are using Gemini in 'all stages' of attacks — phishing lures, coding and vulnerability testing get AI underpinnings from hostile actors

Google has reported that state hackers from China, Russia, and Iran are utilizing its Gemini AI models in various stages of cyber attacks, including phishing lures, coding, and vulnerability testing. The AI is being used by these hostile actors for target acquisition, social engineering message generation, and post-hack actions. Different countries employ Gemini differently, with China using it for cybersecurity analysis, North Korea for phishing attacks, and Iran for researching potential targets. Google is actively monitoring and mitigating these activities to prevent misuse of its AI services and improve protections against AI-related attacks.

Tom's Hardware
The myth of the high-tech heist

The myth of the high-tech heist

The article challenges the high-tech heist myth perpetuated by movies, emphasizing that real-life thieves rarely rely on sophisticated gadgets like in films. Research shows that successful heists prioritize meticulous planning, practice, and exploiting human vulnerabilities rather than high-tech tools. Examples like the Louvre robbery demonstrate that speed and skill trump complex security systems. The article explores how heist movies celebrate logistical expertise and collective art-making, contrasting with the lone-wolf mindset of modern grift stories. Ultimately, it suggests that heists, in a way, reflect a desire for a more competent, collective society.

MIT Technology Review
Unofficial 7-zip.com website served up malware-laden downloads for over a week — infected PCs forced into a proxy botnet

Unofficial 7-zip.com website served up malware-laden downloads for over a week — infected PCs forced into a proxy botnet

The unofficial 7-zip.com website was found to be serving malware-laden downloads for over a week, infecting PCs and turning them into a proxy botnet. The site redirected users to malicious executables after a short delay, making it difficult to detect the malware. The malware installed a proxy server on infected PCs, allowing cybercriminals to hide their activities. Users are advised to always download software from official sources and verify file hashes to ensure security. The issue was first noticed by SourceForge users and later gained attention through a Reddit post.

Tom's Hardware
MIT Technology Review

AI is already making online crimes easier. It could get much worse.

AI is being used by cybercriminals to make online crimes easier, with the potential for even more sophisticated attacks in the future. Researchers have discovered AI-powered ransomware that can autonomously generate customized code and ransom notes. Criminals are increasingly exploiting deepfake technologies to impersonate individuals and carry out scams. AI tools are being used to create convincing spam emails and targeted attacks, with estimates suggesting that at least half of spam emails are now generated using AI. While AI is enhancing criminals' productivity, researchers emphasize the importance of traditional defense mechanisms and collaboration to combat evolving cyber threats.

MIT Technology Review
Once-hobbled Lumma Stealer is back with lures that are hard to resist

Once-hobbled Lumma Stealer is back with lures that are hard to resist

Lumma Stealer, an infostealer that infected hundreds of thousands of Windows computers, has resurfaced with hard-to-detect attacks that steal credentials and sensitive files. Originating in Russian-speaking cybercrime forums, Lumma offers lure sites with free cracked software, games, and pirated movies, making it a popular tool for various crime groups. Despite a major law enforcement takedown in 2025, Lumma has rebuilt its infrastructure and continues to spread globally, using social engineering lures like "ClickFix" to trick users into infecting their machines. The malware's resurgence highlights the challenges of combating sophisticated cyber threats.

Ars Technica
Nitrogen ransomware programmers lock themselves out of a payment — key management bug encrypts victims' data forever

Nitrogen ransomware programmers lock themselves out of a payment — key management bug encrypts victims' data forever

A variant of Nitrogen ransomware has a key management bug that encrypts victims' data irreversibly, making it impossible to recover even if the ransom is paid. The specific strain targets VMware ESXi hypervisors, affecting virtual machines within them. Due to an error in the encryption process, the public key necessary for decryption is overwritten, rendering the data permanently inaccessible. Victims are advised to rely on backups as paying the ransom will not lead to data recovery. The bug highlights the unintentional consequences of coding errors in ransomware attacks.

Tom's Hardware
Security researcher says AMD auto-updater downloads software insecurely, enabling remote code execution — company rep reportedly said man-in-the-middle attacks are "out of scope," ignored bug

Security researcher says AMD auto-updater downloads software insecurely, enabling remote code execution — company rep reportedly said man-in-the-middle attacks are "out of scope," ignored bug

A security researcher discovered that AMD's Windows driver auto-updater downloads software insecurely, potentially allowing remote code execution by attackers. The researcher reported the issue to AMD, but the company reportedly dismissed it, stating that man-in-the-middle attacks were "out of scope." The insecure connection used by the auto-updater could enable attackers to intercept downloads and inject malware. The potential attack surface is significant, affecting millions of computers with AMD hardware. AMD has not confirmed the bug yet, but if valid, it could pose a serious security risk that needs immediate attention.

Tom's Hardware
Malicious packages for dYdX cryptocurrency exchange empties user wallets

Malicious packages for dYdX cryptocurrency exchange empties user wallets

Malicious packages on npm and PyPI repositories targeted dYdX cryptocurrency exchange, stealing wallet credentials and backdooring devices. The compromised versions put applications at risk of complete wallet compromise and irreversible cryptocurrency theft. The attack impacted various versions of npm and PyPI packages. The malware extracted seed phrases and device fingerprints, allowing threat actors to track victims across compromises. The domain used for exfiltrating data mimicked the legitimate dYdX service through typosquatting.

Ars Technica
$40 million worth of crypto stolen from Step Finance — hackers compromise executives’ devices to gain illicit access

$40 million worth of crypto stolen from Step Finance — hackers compromise executives’ devices to gain illicit access

Step Finance, a DeFi platform, experienced a breach resulting in the theft of approximately $40 million in crypto. The hack was executed through compromising the devices of the executive team. Despite recovering some assets, the platform has halted operations temporarily to enhance security. The investigation is ongoing to determine how the attack occurred, with the company cautioning users against using STEP tokens until normal operations resume. This incident contributes to the growing trend of crypto thefts, with nearly $400 million lost in 42 reported incidents in 2026.

Tom's Hardware
Microsoft releases urgent Office patch. Russian-state hackers pounce.

Microsoft releases urgent Office patch. Russian-state hackers pounce.

Russian-state hackers quickly exploited a critical Microsoft Office vulnerability, CVE-2026-21509, targeting diplomatic, maritime, and transport organizations in multiple countries. The hackers, known as APT28 or Fancy Bear, launched a sophisticated campaign within 48 hours of Microsoft releasing a security update, deploying new backdoor implants. The attack was designed for stealth and used encrypted exploits and payloads that ran in memory to avoid detection. The spear phishing campaign, lasting 72 hours, targeted organizations in Eastern Europe, including defense ministries, transportation operators, and diplomatic entities.

Ars Technica
The rise of Moltbook suggests viral AI prompts may be the next big security threat

The rise of Moltbook suggests viral AI prompts may be the next big security threat

The article discusses the potential security threat posed by the rise of Moltbook, a novel platform that involves networks of AI agents sharing and carrying out instructions from prompts. These self-replicating adversarial prompts, termed "prompt worms" or "prompt viruses," could spread through AI networks by exploiting the agents' core function of following instructions. Unlike traditional worms that exploit system vulnerabilities, prompt worms manipulate AI agents into subverting their intended instructions through "prompt injection." This emerging trend raises concerns among security researchers about the potential for AI-driven security breaches akin to the Morris worm incident in 1988.

Ars Technica
Notepad++ update server hijacked in targeted attacks — outfit claims Chinese state-sponsored hackers may be to blame

Notepad++ update server hijacked in targeted attacks — outfit claims Chinese state-sponsored hackers may be to blame

The Notepad++ update server was compromised in a targeted supply chain attack, potentially by a Chinese state-sponsored group, redirecting specific users to malicious installers through the editor's updater. The attackers gained control to manipulate update requests and deliver trojanized installers. Notepad++ confirmed that users who downloaded installers from the official website were not affected, and the compromise was linked to the Chinese espionage group Lotus Blossom by Rapid7. Stricter validation checks have been implemented to prevent future unauthorized updates, and users are advised to upgrade to the latest release for enhanced security measures.

Tom's Hardware
Malicious OpenClaw ‘skill’ targets crypto users on ClawHubv — 14 malicious skills were uploaded to ClawHub last month

Malicious OpenClaw ‘skill’ targets crypto users on ClawHubv — 14 malicious skills were uploaded to ClawHub last month

Security researchers have identified 14 malicious "skills" uploaded to ClawHub, a public registry for OpenClaw users, between January 27 and 29. These skills pretend to be crypto trading or wallet tools but actually deliver malware to users' systems. The malware targeted both Windows and macOS users and used social engineering techniques to spread. Users were tricked into running obfuscated terminal commands that fetched and executed remote scripts. The incident highlights the risks of introducing third-party code into OpenClaw's ecosystem, emphasizing the need for caution and scrutiny when installing skills from public registries.

Tom's Hardware
WinRAR exploit reportedly remains widely-used by China and Russia state actors despite patch — vulnerability allows malicious archives to deliver a hidden payload to Windows Startup folder

WinRAR exploit reportedly remains widely-used by China and Russia state actors despite patch — vulnerability allows malicious archives to deliver a hidden payload to Windows Startup folder

Despite a patch released in July 2025, a WinRAR exploit (CVE-2025-8088) continues to be utilized by state actors from China and Russia, allowing them to deliver hidden payloads to critical directories like the Windows Startup folder. The exploit takes advantage of a path traversal vulnerability in earlier WinRAR versions, enabling attackers to surreptitiously deliver malware when victims open malicious archives. Despite the availability of fast internet and cloud storage, archiving apps like WinRAR remain popular due to their ability to package files, encrypt data, and reduce file sizes. Users are advised to update WinRAR to the latest version (7.13) to mitigate the risk of falling victim to this exploit, which has targeted Ukrainian military units, government entities, and commercial organizations in various regions.

Tom's Hardware
Site catering to online criminals has been seized by the FBI

Site catering to online criminals has been seized by the FBI

The FBI has seized RAMP, a Russian-language online marketplace known as the "only place ransomware allowed," in an effort to combat cyber threats targeting critical infrastructure. The forum, which operated with impunity, was a hub for buying, selling, and trading ransomware and other online threats. With over 14,000 registered users and strict vetting processes, RAMP provided discussion groups, cyberattack tutorials, and a marketplace for malware and services. The seizure was coordinated with the Department of Justice and marks a significant blow to the online criminal ecosystem.

Ars Technica
There's a rash of scam spam coming from a real Microsoft address

There's a rash of scam spam coming from a real Microsoft address

Scammers are using a legitimate Microsoft email address, no-reply-powerbi@microsoft.com, to send scam spam emails claiming false charges and providing a phone number for disputing transactions. The emails aim to trick recipients into downloading a remote access application to take control of their devices. Multiple reports of this scam have surfaced, with some victims falling for the scheme. Security experts suggest that scammers are exploiting a Power BI function that allows external email addresses to be added as subscribers, making it easier to miss the scam mention at the bottom of the email.

Ars Technica
Millions of people imperiled through sign-in links sent by SMS

Millions of people imperiled through sign-in links sent by SMS

Websites using SMS authentication links are putting millions of users at risk of scams, identity theft, and other crimes, according to recent research. Over 700 endpoints were identified delivering texts for 175 services, with easily guessable links that allow scammers to access user accounts by modifying security tokens. Some links had weak token combinations, making them vulnerable to brute force attacks, while others granted unauthorized access to user data with just a click. The practice of sending authentication links via SMS poses a significant security and privacy threat to users.

Ars Technica
A single click mounted a covert, multistage attack against Copilot

A single click mounted a covert, multistage attack against Copilot

Microsoft fixed a vulnerability in its Copilot AI assistant that allowed white-hat researchers from Varonis to execute a covert, multistage attack by tricking users into clicking a malicious link. The attack extracted sensitive user data from Copilot chat history, even after the chat was closed, bypassing security controls and detection by endpoint protection apps. The attack involved a Varonis-controlled domain and a detailed prompt embedded in a URL parameter, extracting a user secret and further details from the target. Microsoft has since addressed the vulnerability to prevent such attacks in the future.

Ars Technica
Never-before-seen Linux malware is “far more advanced than typical”

Never-before-seen Linux malware is “far more advanced than typical”

Researchers have identified a new Linux malware framework called VoidLink, featuring over 30 modules that offer advanced capabilities for attackers, including stealth, reconnaissance, privilege escalation, and lateral movement within networks. VoidLink is designed to target machines in popular cloud services like AWS, GCP, Azure, Alibaba, and Tencent, with plans to expand to other services. This sophisticated malware indicates a shift in attackers' focus towards Linux systems, cloud infrastructure, and application deployment environments, posing a significant threat to organizations. Checkpoint researchers describe VoidLink as a comprehensive ecosystem for maintaining long-term access to compromised Linux systems, emphasizing the need for heightened defense measures against such advanced threats.

Ars Technica
Doom conquers the kitchen through an electric cooking pot — classic shooter runs seamlessly after a full device firmware refresh

Doom conquers the kitchen through an electric cooking pot — classic shooter runs seamlessly after a full device firmware refresh

A YouTuber successfully ran Doom on a Krups Cook4Mec smart pressure cooker by reprogramming the appliance's touchscreen hardware. The device's built-in Wi-Fi led to a full teardown, revealing an ESP32 Wi-Fi module and a Renesas R7S721031VZ main processor on the display board. By reverse-engineering the LCD initialization process and flashing custom firmware, Doom was ported to the touchscreen system, allowing the game to run on the cooker's display with touchscreen controls. This unconventional use of a kitchen appliance showcases the capabilities of smart devices and the potential for running unexpected software on them.

Tom's Hardware
Supply chains, AI, and the cloud: The biggest failures (and one success) of 2025

Supply chains, AI, and the cloud: The biggest failures (and one success) of 2025

In 2025, supply-chain attacks continued to plague organizations, with threat actors exploiting vulnerabilities in widely used software to compromise downstream users. One notable attack involved hackers inserting a backdoor into a code library used by developers of Solana-related software, resulting in financial gains for the attackers. Other significant supply-chain attacks included the seeding of a malicious package on a mirror proxy for the Go programming language, flooding the NPM repository with malicious packages, and compromising e-commerce companies through software developers. These attacks highlight the ongoing challenges in securing supply chains against cyber threats.

Ars Technica
Condé Nast user database reportedly breached, Ars unaffected

Condé Nast user database reportedly breached, Ars unaffected

A hacker named Lovely reportedly breached a Condé Nast user database, releasing over 2.3 million user records from WIRED with demographic info but no passwords. The hacker plans to release 40 million more records from other Condé Nast properties, excluding Ars Technica due to its separate tech stack. Despite urging Condé Nast to patch vulnerabilities, the hacker claims the company neglected user data security. DataBreaches.Net suggests the hacker's motives may be profit-driven rather than altruistic. Condé Nast has not responded publicly, and internal communication about the breach has not been shared with Ars Technica.

Ars Technica
U.S. cybersecurity experts plead guilty for ransomware attacks, face 20 years in prison each — group demanded up to $10 million from each victim

U.S. cybersecurity experts plead guilty for ransomware attacks, face 20 years in prison each — group demanded up to $10 million from each victim

Two former cybersecurity experts have pleaded guilty to ransomware attacks on U.S. companies, facing up to 20 years in prison each for demanding up to $10 million from victims. The offenders, former employees of Sygnia and DigitalMint, used their expertise to commit the crimes they should have been preventing. The group, including an unnamed co-conspirator, utilized the ALPHV BlackCat ransomware-as-a-service, targeting companies in multiple states. The FBI Miami Field Office led the investigation, with assistance from the U.S. Secret Service, and the Southern District of Florida is handling the asset forfeiture case.

Tom's Hardware
Rainbow Six Siege X servers are back online after a hack completely shut down the game — Ubisoft rolling back free ultra-rare skins and billions of credits

Rainbow Six Siege X servers are back online after a hack completely shut down the game — Ubisoft rolling back free ultra-rare skins and billions of credits

Ubisoft has restored Rainbow Six Siege X servers after a significant hack forced the game offline. The hack allowed attackers to manipulate in-game systems, resulting in players receiving unauthorized credits and rare skins. Players who logged in during the affected period may experience temporary account disruptions as Ubisoft rectifies the situation. The investigation into the hack will continue over the next two weeks, with the marketplace remaining closed until further notice. The incident marks one of the largest gaming hacks, prompting a complete shutdown of the game to address the breach.

Tom's Hardware
FBI issues wanted notice for alleged North Korean remote IT workers accused of $900,000 crypto theft — $5 million reward up for grabs for information on DPRK-linked suspects

FBI issues wanted notice for alleged North Korean remote IT workers accused of $900,000 crypto theft — $5 million reward up for grabs for information on DPRK-linked suspects

The FBI has issued a public wanted notice for four individuals accused of being fraudulent remote IT workers for North Korea, involved in identity theft and the theft of over $900,000 in cryptocurrency. A $5 million reward is offered for information leading to the disruption of financial support for North Korea. The suspects allegedly used stolen identities to secure IT roles and access company systems and digital wallets in 2022. The stolen funds were laundered through cryptocurrency transactions. The FBI is increasing pressure on both the operators and support networks behind such schemes by making the notice public.

Tom's Hardware
Rainbow Six Siege is under siege by hackers, Ubisoft forced to take all servers offline — players randomly received billions of credits, ultra-exclusive skins, and bans or unbans

Rainbow Six Siege is under siege by hackers, Ubisoft forced to take all servers offline — players randomly received billions of credits, ultra-exclusive skins, and bans or unbans

Ubisoft had to shut down all Rainbow Six Siege servers due to a hack that resulted in players receiving billions of in-game credits, exclusive skins, and bans or unbans. The breach caused chaos, prompting players to stay offline as it seemed to be a significant breach beyond a simple hack. Ubisoft has not provided details on the incident, leading to frustration among players. The extent of the damage is still unknown, but users are advised to update their passwords as a precaution. This hack is one of the first instances where an apparent breach has taken down an entire game, reminiscent of past major gaming hacks in 2011.

Tom's Hardware

We use cookies

We use cookies to ensure you get the best experience on our website. For more information on how we use cookies, please see our cookie policy.