Collaborate Disseminate
Signal, the encrypted messaging app trusted by security-savvy users around the world, has confirmed that hackers have managed to takeover accounts – with government officials and journalists among those being targeted.
Read more in my article on the H… Continue reading Your Signal account is safe – unless you fall for this trick
A Wikipedia security engineer accidentally wakes a dormant JavaScript worm that hadn’t stirred since 2024 – and within minutes, giant woodpecker images are plastered across the internet’s favourite encyclopaedia.
Meanwhile, a crypto contractor hired t… Continue reading Smashing Security podcast #458: How not to steal $46 million from the US government
Elon Musk’s social media site says it suspended 800 million accounts in a year for spam and manipulation – but with state-backed campaigns still flooding the platform, the real question is how many fake accounts remain.
Read more in my article on the … Continue reading Twitter suspended 800 million accounts last year – so why does manipulation remain so rampant?
In a co-ordinated public-private operation between law enforcement agencies and cybersecurity industry partners, Tycoon 2FA – one of the world’s most prolific phishing-as-a-service platforms – has been dismantled.
Read more in my article on the Hot fo… Continue reading How hackers bypassed MFA with a $120 phishing kit – until a global takedown shut it down
When a top cybersecurity firm discovered it had a leak, you would expect the FBI to be called. Instead, the person put in charge of the investigation was the actual leaker… who promptly sent an innocent colleague into a career-ending ambush.
In this… Continue reading Smashing Security podcast #457: How a cybersecurity boss framed his own employee
South Korea’s National Tax Service (NTS) has found itself in the middle of a deeply embarrassing – and costly – blunder after accidentally handing thieves the master key to a seized cryptocurrency wallet.
Read more in my article on the Hot for Securit… Continue reading They seized $4.8m in crypto… then gave the master key to the internet
A new report claims that the cost of insider security incidents has surged 20% in two years, reaching an average of US $19.5 million per organization annually, with no sign that the alarming figure is flattening.
Read more in my article on the Fortra … Continue reading Your staff are your biggest security risk: AI is making it worse
There is a certain poetic justice in a cybersecurity-related story that has emerged from Moscow this week: A man has been accused of trying to extort money… from a notorious Russian ransomware gang.
Read more in my article on the Hot for Security blog. Continue reading Notorious ransomware gang allegedly blackmailed by fake FSB officer
When the mysterious operator of an internet archiving-service decided to silence a curious Finnish blogger, they didn’t just send a stroppy email – they allegedly weaponised their own CAPTCHA page to launch a DDoS attack, threatened to invent an entire… Continue reading Smashing Security podcast #456: How to lose friends and DDoS people
Amid a privacy backlash, a US $10,000 reward has been offered for anyone who can find a way to run Ring doorbell cameras locally, cutting off the flow of video data to Amazon’s servers.
Read more in my article on the Hot for Security blog. Continue reading $10,000 bounty offered if you can hack Ring cameras to stop them sharing your data with Amazon