Bruce Schneier – Page 2 – WindowsTechs.com

Rowhammer Attack Against NVIDIA Chips

Posted on May 6, 2026 by Bruce Schneier

A new rowhammer attack gives complete control of NVIDIA CPUs.

On Thursday, two research teams, working independently of each other, demonstrated attacks against two cards from Nvidia’s Ampere generation that take GPU rowhammering into new—and potentially much more consequential—territory: GDDR bitflips that give adversaries full control of CPU memory, resulting in full system compromise of the host machine. For the attack to work, IOMMU memory management must be disabled, as is the default in BIOS settings.

“Our work shows that Rowhammer, which is well-studied on CPUs, is a serious threat on GPUs as well,” said Andrew Kwong, co-author of one of the papers. “…

Continue reading Rowhammer Attack Against NVIDIA Chips→

DarkSword Malware

Posted on May 5, 2026 by Bruce Schneier

DarkSword is a sophisticated piece of malware—probably government designed—that targets iOS.

Google Threat Intelligence Group (GTIG) has identified a new iOS full-chain exploit that leveraged multiple zero-day vulnerabilities to fully compromise devices. Based on toolmarks in recovered payloads, we believe the exploit chain to be called DarkSword. Since at least November 2025, GTIG has observed multiple commercial surveillance vendors and suspected state-sponsored actors utilizing DarkSword in distinct campaigns. These threat actors have deployed the exploit chain against targets in Saudi Arabia, Turkey, Malaysia, and Ukraine…

Continue reading DarkSword Malware→

Polymarket is a platform where people can bet on real-world events, political and otherwise. Leaving the ethical considerations of this aside (for one, it facilitates assassination), one of the issues with making this work is the verification of these … Continue reading Hacking Polymarket→

A Ransomware Negotiator Was Working for a Ransomware Gang

Posted on May 1, 2026 by Bruce Schneier

Someone pleaded guilty to secretly working for a ransomware gang as he negotiated ransomware payments for clients.
Continue reading A Ransomware Negotiator Was Working for a Ransomware Gang→

Fast16 Malware

Posted on April 30, 2026 by Bruce Schneier

Researchers have reverse-engineered a piece of malware named Fast16. It’s almost certainly state-sponsored, probably US in origin, and was deployed against Iran years before Stuxnet:

“…the Fast16 malware was designed to carry out the most subtle form of sabotage ever seen in an in-the-wild malware tool: By automatically spreading across networks and then silently manipulating computation processes in certain software applications that perform high-precision mathematical calculations and simulate physical phenomena, Fast16 can alter the results of those programs to cause failures that range from faulty research results to catastrophic damage to real-world equipment.”…

Continue reading Fast16 Malware→

Claude Mythos Has Found 271 Zero-Days in Firefox

Posted on April 29, 2026 by Bruce Schneier

That’s a lot. No, it’s an extraordinary number:

Since February, the Firefox team has been working around the clock using frontier AI models to find and fix latent security vulnerabilities in the browser. We wrote previously about our collaboration with Anthropic to scan Firefox with Opus 4.6, which led to fixes for 22 security-sensitive bugs in Firefox 148.

As part of our continued collaboration with Anthropic, we had the opportunity to apply an early version of Claude Mythos Preview to Firefox. This week’s release of Firefox 150 includes fixes for 271 vulnerabilities identified during this initial evaluation…

Continue reading Claude Mythos Has Found 271 Zero-Days in Firefox→

What Anthropic’s Mythos Means for the Future of Cybersecurity

Posted on April 28, 2026 by Bruce Schneier

Two weeks ago, Anthropic announced that its new model, Claude Mythos Preview, can autonomously find and weaponize software vulnerabilities, turning them into working exploits without expert guidance. These were vulnerabilities in key software like operating systems and internet infrastructure that thousands of software developers working on those systems failed to find. This capability will have major security implications, compromising the devices and services we use every day. As a result, Anthropic is not releasing the model to the general public, but instead to a …

Continue reading What Anthropic’s Mythos Means for the Future of Cybersecurity→

Medieval Encrypted Letter Decoded

Posted on April 27, 2026 by Bruce Schneier

Sent by a Spanish diplomat. Apparently people have been working on it since it was rediscovered in 1860.
Continue reading Medieval Encrypted Letter Decoded→

Friday Squid Blogging: How Squid Survived Extinction Events

Posted on April 24, 2026 by Bruce Schneier

Science news:

Scientists have finally cracked a long-standing mystery about squid and cuttlefish evolution by analyzing newly sequenced genomes alongside global datasets. The research reveals that these bizarre, intelligent creatures likely originated deep in the ocean over 100 million years ago, surviving mass extinction events by retreating into oxygen-rich deep-sea refuges. For millions of years, their evolution barely changed—until a dramatic post-extinction boom sparked rapid diversification as they moved into new shallow-water habitats. …

Continue reading Friday Squid Blogging: How Squid Survived Extinction Events→

Hiding Bluetooth Trackers in Mail

Posted on April 24, 2026 by Bruce Schneier

It was used to track a Dutch naval ship:

Dutch journalist Just Vervaart, working for regional media network Omroep Gelderland, followed the directions posted on the Dutch government website and mailed a postcard with a hidden tracker inside. Because of this, they were able to track the ship for about a day, watching it sail from Heraklion, Crete, before it turned towards Cyprus. While it only showed the location of that one vessel, knowing that it was part of a carrier strike group sailing in the Mediterranean could potentially put the entire fleet at risk…

Continue reading Hiding Bluetooth Trackers in Mail→