Recent Issues

May 15, 2025

In this issue:

  1. Slopsquatting
  2. CVE Program Almost Unfunded
  3. Age Verification Using Facial Scans
  4. Android Improves Its Security
  5. Regulating AI Behavior with a Hypervisor
  6. New Linux Rootkit
  7. Cryptocurrency Thefts Get Physical
  8. Windscribe Acquitted on Charges of Not Collecting Users’ Data
  9. Applying Security Engineering to Prompt Injection Security
  10. WhatsApp Case Against NSO Group Progressing
  11. US as a Surveillance State
  12. NCSC Guidance on “Advanced Cryptography”
  13. Privacy for Agentic AI
  14. Another Move in the Deepfake Creation/Detection Arms Race
  15. Fake Student Fraud in Community Colleges
  16. Chinese AI Submersible
  17. Florida Backdoor Bill Fails
  18. Court Rules Against NSO Group
  19. Google’s Advanced Protection Now on Android
  20. Upcoming Speaking Engagements
  21. AI-Generated Law
Read This Issue →

April 15, 2025

In this issue:

  1. Improvements in Brute Force Attacks
  2. Is Security Human Factors Research Skewed Towards Western Ideas and Habits?
  3. Critical GitHub Attack
  4. NCSC Releases Post-Quantum Cryptography Timeline
  5. My Writings Are in the LibGen AI Training Corpus
  6. More Countries are Demanding Backdoors to Encrypted Apps
  7. Report on Paragon Spyware
  8. AI Data Poisoning
  9. A Taxonomy of Adversarial Machine Learning Attacks and Mitigations
  10. AIs as Trusted Third Parties
  11. The Signal Chat Leak and the NSA
  12. Cell Phone OPSEC for Border Crossings
  13. Rational Astrologies and Security
  14. Web 3.0 Requires Data Integrity
  15. Troy Hunt Gets Phished
  16. DIRNSA Fired
  17. Arguing Against CALEA
  18. How to Leak to a Journalist
  19. Reimagining Democracy
  20. AI Vulnerability Finding
  21. China Sort of Admits to Being Behind Volt Typhoon
  22. Upcoming Speaking Engagements
Read This Issue →

March 15, 2025

In this issue:

  1. Atlas of Surveillance
  2. Story About Medical Device Security
  3. Device Code Phishing
  4. An LLM Trained to Create Backdoors in Code
  5. Implementing Cryptography in AI Systems
  6. More Research Showing AI Breaking the Rules
  7. North Korean Hackers Steal $1.5B in Cryptocurrency
  8. UK Demanded Apple Add a Backdoor to iCloud
  9. “Emergent Misalignment” in LLMs
  10. Trojaned AI Tool Leads to Disney Hack
  11. CISA Identifies Five New Vulnerabilities Currently Being Exploited
  12. The Combined Cipher Machine
  13. Rayhunter: Device to Detect Cellular Surveillance
  14. Thousands of WordPress Websites Infected with Malware
  15. Silk Typhoon Hackers Indicted
  16. China, Russia, Iran, and North Korea Intelligence Sharing
  17. RIP Mark Klein
  18. TP-Link Router Botnet
  19. Upcoming Speaking Engagements
Read This Issue →

February 15, 2025

In this issue:

  1. Phishing False Alarm
  2. FBI Deletes PlugX Malware from Thousands of Computers
  3. Social Engineering to Disable iMessage Protections
  4. Biden Signs New Cybersecurity Order
  5. AI Mistakes Are Very Different from Human Mistakes
  6. AI Will Write Complex Laws
  7. Third Interdisciplinary Workshop on Reimagining Democracy (IWORD 2024)
  8. New VPN Backdoor
  9. CISA Under Trump
  10. ExxonMobil Lobbyist Caught Hacking Climate Activists
  11. Fake Reddit and WeTransfer Sites Are Pushing Malware
  12. Journalists and Civil Society Members Using WhatsApp Targeted by Paragon Spyware
  13. Deepfakes and the 2024 US Election
  14. On Generative AI Security
  15. AIs and Robots Should Sound Robotic
  16. Screenshot-Reading Malware
  17. UK Is Ordering Apple to Break Its Own Encryption
  18. Pairwise Authentication of Humans
  19. Trusted Execution Environments
  20. Delivering Malware Through Abandoned Amazon S3 Buckets
  21. DOGE as a National Cyberattack
  22. AI and Civil Service Purges
  23. Upcoming Speaking Engagements
Read This Issue →

January 15, 2025

In this issue:

  1. Short-Lived Certificates Coming to Let’s Encrypt
  2. Hacking Digital License Plates
  3. New Advances in the Understanding of Prime Numbers
  4. Mailbox Insecurity
  5. Criminal Complaint against LockBit Ransomware Writer
  6. Spyware Maker NSO Group Found Liable for Hacking WhatsApp
  7. Scams Based on Fake Google Emails
  8. Casino Players Using Hidden Cameras for Cheating
  9. Salt Typhoon’s Reach Continues to Grow
  10. Gift Card Fraud
  11. Google Is Allowing Device Fingerprinting
  12. ShredOS
  13. Privacy of Photos.app’s Enhanced Visual Search
  14. US Treasury Department Sanctions Chinese Company Over Cyberattacks
  15. Zero-Day Vulnerability in Ivanti VPN
  16. Apps That Are Spying on Your Location
  17. Microsoft Takes Legal Action Against AI “Hacking as a Service” Scheme
  18. The First Password on the Internet
  19. Upcoming Speaking Engagements
Read This Issue →

December 15, 2024

In this issue:

  1. Good Essay on the History of Bad Password Policies
  2. Most of 2023’s Top Exploited Vulnerabilities Were Zero-Days
  3. Why Italy Sells So Much Spyware
  4. Steve Bellovin’s Retirement Talk
  5. Secret Service Tracking People’s Locations without Warrant
  6. The Scale of Geoblocking by Nation
  7. Security Analysis of the MERGE Voting Protocol
  8. What Graykey Can and Can’t Unlock
  9. NSO Group Spies on People on Behalf of Governments
  10. Race Condition Attacks against LLMs
  11. Details about the iOS Inactivity Reboot Feature
  12. Algorithms Are Coming for Democracy—but It’s Not All Bad
  13. AI and the 2024 Elections
  14. Detecting Pegasus Infections
  15. Trust Issues in AI
  16. Full-Face Masks to Frustrate Identification
  17. Jailbreaking LLM-Controlled Robots
  18. Ultralytics Supply-Chain Attack
  19. Upcoming Speaking Events
Read This Issue →

November 15, 2024

In this issue:

  1. More Details on Israel Sabotaging Hezbollah Pagers and Walkie-Talkies
  2. Cheating at Conkers
  3. Justice Department Indicts Tech CEO for Falsifying Security Certifications
  4. AI and the SEC Whistleblower Program
  5. No, the Chinese Have Not Broken Modern Encryption Systems with a Quantum Computer
  6. Are Automatic License Plate Scanners Constitutional?
  7. Watermark for LLM-Generated Text
  8. Criminals Are Blowing up ATMs in Germany
  9. Law Enforcement Deanonymizes Tor Users
  10. Simson Garfinkel on Spooky Cryptographic Action at a Distance
  11. Tracking World Leaders Using Strava
  12. Roger Grimes on Prioritizing Cybersecurity Advice
  13. Sophos Versus the Chinese Hackers
  14. AIs Discovering Vulnerabilities
  15. IoT Devices in Password-Spraying Botnet
  16. Subverting LLM Coders
  17. Prompt Injection Defenses Against LLM Cyberattacks
  18. AI Industry is Trying to Subvert the Definition of “Open Source AI”
  19. Criminals Exploiting FBI Emergency Data Requests
  20. Mapping License Plate Scanners in the US
  21. New iOS Security Feature Makes It Harder for Police to Unlock Seized Phones
Read This Issue →

October 15, 2024

In this issue:

  1. Legacy Ivanti Cloud Service Appliance Being Exploited
  2. Python Developers Targeted with Malware During Fake Job Interviews
  3. Remotely Exploding Pagers
  4. FBI Shuts Down Chinese Botnet
  5. Clever Social Engineering Attack Using Captchas
  6. Hacking the “Bike Angels” System for Moving Bikeshares
  7. Israel’s Pager Attacks and Supply Chain Vulnerabilities
  8. New Windows Malware Locks Computer in Kiosk Mode
  9. An Analysis of the EU’s Cyber Resilience Act
  10. NIST Recommends Some Common-Sense Password Rules
  11. AI and the 2024 US Elections
  12. Hacking ChatGPT by Planting False Memories into Its Data
  13. California AI Safety Bill Vetoed
  14. Weird Zimbra Vulnerability
  15. Largest Recorded DDoS Attack is 3.8 Tbps
  16. China Possibly Hacking US “Lawful Access” Backdoor
  17. Auto-Identification Smart Glasses
  18. Deebot Robot Vacuums Are Using Photos and Audio to Train Their AI
  19. IronNet Has Shut Down
  20. More on My AI and Democracy Book
  21. Perfectl Malware
  22. Upcoming Speaking Engagements
Read This Issue →

September 15, 2024

In this issue:

  1. NIST Releases First Post-Quantum Encryption Algorithms
  2. New Windows IPv6 Zero-Click Vulnerability
  3. The State of Ransomware
  4. Hacking Wireless Bicycle Shifters
  5. Story of an Undercover CIA Officer who Penetrated Al Qaeda
  6. Surveillance Watch
  7. Take a Selfie Using a NY Surveillance Camera
  8. US Federal Court Rules Against Geofence Warrants
  9. The Present and Future of TV Surveillance
  10. Matthew Green on Telegram’s Encryption
  11. Adm. Grace Hopper’s 1982 NSA Lecture Has Been Published
  12. SQL Injection Attack on Airport Security
  13. List of Old NSA Training Videos
  14. Security Researcher Sued for Disproving Government Statements
  15. Long Analysis of the M-209
  16. YubiKey Side-Channel Attack
  17. Australia Threatens to Force Companies to Break Encryption
  18. New Chrome Zero-Day
  19. Evaluating the Effectiveness of Reward Modeling of Generative AI Systems
  20. Microsoft Is Adding New Cryptography Algorithms
  21. My TedXBillings Talk
  22. Upcoming Speaking Engagements
Read This Issue →

August 15, 2024

In this issue:

  1. Hacking Scientific Citations
  2. Cloudflare Reports that Almost 7% of All Internet Traffic Is Malicious
  3. Criminal Gang Physically Assaulting People for Their Cryptocurrency
  4. Brett Solomon on Digital Rights
  5. Snake Mimics a Spider
  6. 2017 ODNI Memo on Kaspersky Labs
  7. Robot Dog Internet Jammer
  8. Data Wallets Using the Solid Protocol
  9. The CrowdStrike Outage and Market-Driven Brittleness
  10. Compromising the Secure Boot Process
  11. New Research in Detecting AI-Generated Videos
  12. Providing Security Updates to Automobile Software
  13. Education in Secure Software Development
  14. Leaked GitHub Python Token
  15. New Patent Application for Car-to-Car Surveillance
  16. On the Cyber Safety Review Board
  17. Problems with Georgia’s Voter Registration Portal
  18. People-Search Site Removal Services Largely Ineffective
  19. Taxonomy of Generative AI Misuse
  20. On the Voynich Manuscript
  21. Texas Sues GM for Collecting Driving Data without Consent
  22. Upcoming Speaking Engagements
Read This Issue →
← Earlier NewsletterLater Newsletter →

Sidebar photo of Bruce Schneier by Joe MacInnis.