Recent Issues

February 15, 2025

In this issue:

  1. Phishing False Alarm
  2. FBI Deletes PlugX Malware from Thousands of Computers
  3. Social Engineering to Disable iMessage Protections
  4. Biden Signs New Cybersecurity Order
  5. AI Mistakes Are Very Different from Human Mistakes
  6. AI Will Write Complex Laws
  7. Third Interdisciplinary Workshop on Reimagining Democracy (IWORD 2024)
  8. New VPN Backdoor
  9. CISA Under Trump
  10. ExxonMobil Lobbyist Caught Hacking Climate Activists
  11. Fake Reddit and WeTransfer Sites Are Pushing Malware
  12. Journalists and Civil Society Members Using WhatsApp Targeted by Paragon Spyware
  13. Deepfakes and the 2024 US Election
  14. On Generative AI Security
  15. AIs and Robots Should Sound Robotic
  16. Screenshot-Reading Malware
  17. UK Is Ordering Apple to Break Its Own Encryption
  18. Pairwise Authentication of Humans
  19. Trusted Execution Environments
  20. Delivering Malware Through Abandoned Amazon S3 Buckets
  21. DOGE as a National Cyberattack
  22. AI and Civil Service Purges
  23. Upcoming Speaking Engagements
Read This Issue →

January 15, 2025

In this issue:

  1. Short-Lived Certificates Coming to Let’s Encrypt
  2. Hacking Digital License Plates
  3. New Advances in the Understanding of Prime Numbers
  4. Mailbox Insecurity
  5. Criminal Complaint against LockBit Ransomware Writer
  6. Spyware Maker NSO Group Found Liable for Hacking WhatsApp
  7. Scams Based on Fake Google Emails
  8. Casino Players Using Hidden Cameras for Cheating
  9. Salt Typhoon’s Reach Continues to Grow
  10. Gift Card Fraud
  11. Google Is Allowing Device Fingerprinting
  12. ShredOS
  13. Privacy of Photos.app’s Enhanced Visual Search
  14. US Treasury Department Sanctions Chinese Company Over Cyberattacks
  15. Zero-Day Vulnerability in Ivanti VPN
  16. Apps That Are Spying on Your Location
  17. Microsoft Takes Legal Action Against AI “Hacking as a Service” Scheme
  18. The First Password on the Internet
  19. Upcoming Speaking Engagements
Read This Issue →

December 15, 2024

In this issue:

  1. Good Essay on the History of Bad Password Policies
  2. Most of 2023’s Top Exploited Vulnerabilities Were Zero-Days
  3. Why Italy Sells So Much Spyware
  4. Steve Bellovin’s Retirement Talk
  5. Secret Service Tracking People’s Locations without Warrant
  6. The Scale of Geoblocking by Nation
  7. Security Analysis of the MERGE Voting Protocol
  8. What Graykey Can and Can’t Unlock
  9. NSO Group Spies on People on Behalf of Governments
  10. Race Condition Attacks against LLMs
  11. Details about the iOS Inactivity Reboot Feature
  12. Algorithms Are Coming for Democracy—but It’s Not All Bad
  13. AI and the 2024 Elections
  14. Detecting Pegasus Infections
  15. Trust Issues in AI
  16. Full-Face Masks to Frustrate Identification
  17. Jailbreaking LLM-Controlled Robots
  18. Ultralytics Supply-Chain Attack
  19. Upcoming Speaking Events
Read This Issue →

November 15, 2024

In this issue:

  1. More Details on Israel Sabotaging Hezbollah Pagers and Walkie-Talkies
  2. Cheating at Conkers
  3. Justice Department Indicts Tech CEO for Falsifying Security Certifications
  4. AI and the SEC Whistleblower Program
  5. No, the Chinese Have Not Broken Modern Encryption Systems with a Quantum Computer
  6. Are Automatic License Plate Scanners Constitutional?
  7. Watermark for LLM-Generated Text
  8. Criminals Are Blowing up ATMs in Germany
  9. Law Enforcement Deanonymizes Tor Users
  10. Simson Garfinkel on Spooky Cryptographic Action at a Distance
  11. Tracking World Leaders Using Strava
  12. Roger Grimes on Prioritizing Cybersecurity Advice
  13. Sophos Versus the Chinese Hackers
  14. AIs Discovering Vulnerabilities
  15. IoT Devices in Password-Spraying Botnet
  16. Subverting LLM Coders
  17. Prompt Injection Defenses Against LLM Cyberattacks
  18. AI Industry is Trying to Subvert the Definition of “Open Source AI”
  19. Criminals Exploiting FBI Emergency Data Requests
  20. Mapping License Plate Scanners in the US
  21. New iOS Security Feature Makes It Harder for Police to Unlock Seized Phones
Read This Issue →

October 15, 2024

In this issue:

  1. Legacy Ivanti Cloud Service Appliance Being Exploited
  2. Python Developers Targeted with Malware During Fake Job Interviews
  3. Remotely Exploding Pagers
  4. FBI Shuts Down Chinese Botnet
  5. Clever Social Engineering Attack Using Captchas
  6. Hacking the “Bike Angels” System for Moving Bikeshares
  7. Israel’s Pager Attacks and Supply Chain Vulnerabilities
  8. New Windows Malware Locks Computer in Kiosk Mode
  9. An Analysis of the EU’s Cyber Resilience Act
  10. NIST Recommends Some Common-Sense Password Rules
  11. AI and the 2024 US Elections
  12. Hacking ChatGPT by Planting False Memories into Its Data
  13. California AI Safety Bill Vetoed
  14. Weird Zimbra Vulnerability
  15. Largest Recorded DDoS Attack is 3.8 Tbps
  16. China Possibly Hacking US “Lawful Access” Backdoor
  17. Auto-Identification Smart Glasses
  18. Deebot Robot Vacuums Are Using Photos and Audio to Train Their AI
  19. IronNet Has Shut Down
  20. More on My AI and Democracy Book
  21. Perfectl Malware
  22. Upcoming Speaking Engagements
Read This Issue →

September 15, 2024

In this issue:

  1. NIST Releases First Post-Quantum Encryption Algorithms
  2. New Windows IPv6 Zero-Click Vulnerability
  3. The State of Ransomware
  4. Hacking Wireless Bicycle Shifters
  5. Story of an Undercover CIA Officer who Penetrated Al Qaeda
  6. Surveillance Watch
  7. Take a Selfie Using a NY Surveillance Camera
  8. US Federal Court Rules Against Geofence Warrants
  9. The Present and Future of TV Surveillance
  10. Matthew Green on Telegram’s Encryption
  11. Adm. Grace Hopper’s 1982 NSA Lecture Has Been Published
  12. SQL Injection Attack on Airport Security
  13. List of Old NSA Training Videos
  14. Security Researcher Sued for Disproving Government Statements
  15. Long Analysis of the M-209
  16. YubiKey Side-Channel Attack
  17. Australia Threatens to Force Companies to Break Encryption
  18. New Chrome Zero-Day
  19. Evaluating the Effectiveness of Reward Modeling of Generative AI Systems
  20. Microsoft Is Adding New Cryptography Algorithms
  21. My TedXBillings Talk
  22. Upcoming Speaking Engagements
Read This Issue →

August 15, 2024

In this issue:

  1. Hacking Scientific Citations
  2. Cloudflare Reports that Almost 7% of All Internet Traffic Is Malicious
  3. Criminal Gang Physically Assaulting People for Their Cryptocurrency
  4. Brett Solomon on Digital Rights
  5. Snake Mimics a Spider
  6. 2017 ODNI Memo on Kaspersky Labs
  7. Robot Dog Internet Jammer
  8. Data Wallets Using the Solid Protocol
  9. The CrowdStrike Outage and Market-Driven Brittleness
  10. Compromising the Secure Boot Process
  11. New Research in Detecting AI-Generated Videos
  12. Providing Security Updates to Automobile Software
  13. Education in Secure Software Development
  14. Leaked GitHub Python Token
  15. New Patent Application for Car-to-Car Surveillance
  16. On the Cyber Safety Review Board
  17. Problems with Georgia’s Voter Registration Portal
  18. People-Search Site Removal Services Largely Ineffective
  19. Taxonomy of Generative AI Misuse
  20. On the Voynich Manuscript
  21. Texas Sues GM for Collecting Driving Data without Consent
  22. Upcoming Speaking Engagements
Read This Issue →

July 15, 2024

In this issue:

  1. Using LLMs to Exploit Vulnerabilities
  2. Rethinking Democracy for the Age of AI
  3. The Hacking of Culture and the Creation of Socio-Technical Debt
  4. New Blog Moderation Policy
  5. Recovering Public Keys from Signatures
  6. Ross Anderson’s Memorial Service
  7. Paul Nakasone Joins OpenAI’s Board of Directors
  8. Breaking the M-209
  9. The US Is Banning Kaspersky
  10. Security Analysis of the EU’s Digital Wallet
  11. James Bamford on Section 702 Extension
  12. Model Extraction from Neural Networks
  13. Public Surveillance of Bars
  14. Upcoming Book on AI and Democracy
  15. New Open SSH Vulnerability
  16. On the CSRB’s Non-Investigation of the SolarWinds Attack
  17. Reverse-Engineering Ticketmaster’s Barcode System
  18. RADIUS Vulnerability
  19. Apple Is Alerting iPhone Users of Spyware Attacks
  20. The NSA Has a Long-Lost Lecture by Adm. Grace Hopper
  21. Upcoming Speaking Engagements
Read This Issue →

June 15, 2024

In this issue:

  1. Zero-Trust DNS
  2. FBI Seizes BreachForums Website
  3. IBM Sells Cybersecurity Group
  4. Detecting Malicious Trackers
  5. Unredacting Pixelated Text
  6. Personal AI Assistants and Privacy
  7. On the Zero-Day Market
  8. Lattice-Based Cryptosystems and Quantum Cryptanalysis
  9. Privacy Implications of Tracking Wireless Access Points
  10. Supply Chain Attack against Courtroom Software
  11. How AI Will Change Democracy
  12. AI Will Increase the Quantity—and Quality—of Phishing Scams
  13. Seeing Like a Data Structure
  14. Breaking a Password Manager
  15. Online Privacy and Overfishing
  16. Espionage with a Drone
  17. The Justice Department Took Down the 911 S5 Botnet
  18. Security and Human Behavior (SHB) 2024
  19. Exploiting Mistyped URLs
  20. LLMs Acting Deceptively
  21. Using AI for Political Polling
  22. AI and the Indian Election
  23. Demo of AES GCM Misuse Problems
  24. Upcoming Speaking Engagements
Read This Issue →

May 15, 2024

In this issue:

  1. New Lattice Cryptanalytic Technique
  2. X.com Automatically Changing Link Text but Not URLs
  3. Using AI-Generated Legislative Amendments as a Delaying Technique
  4. Other Attempts to Take Over Open Source Projects
  5. Using Legitimate GitHub URLs for Malware
  6. Microsoft and Security Incentives
  7. Dan Solove on Privacy Regulation
  8. The Rise of Large-Language-Model Optimization
  9. Long Article on GM Spying on Its Cars’ Drivers
  10. Whale Song Code
  11. WhatsApp in India
  12. AI Voice Scam
  13. The UK Bans Default Passwords
  14. Rare Interviews with Enigma Cryptanalyst Marian Rejewski
  15. My TED Talks
  16. New Lawsuit Attempting to Make Adversarial Interoperability Legal
  17. New Attack on VPNs
  18. How Criminals Are Using Generative AI
  19. New Attack Against Self-Driving Car AI
  20. LLMs’ Data-Control Path Insecurity
  21. Another Chrome Vulnerability
  22. Upcoming Speaking Engagements
Read This Issue →
← Earlier NewsletterLater Newsletter →

Sidebar photo of Bruce Schneier by Joe MacInnis.