Enlarge / The Framework Laptop 13. (credit: Andrew Cunningham) Since Framework showed off its first prototypes in February 2021, we've generally been fans of the company's modular, repairable, upgradeable laptops. Not that the company's hardware releases to date have been perfect—each Framework Laptop 13 model has had quirks and …

Enlarge (credit: Aurich Lawson | Apple) A newly discovered vulnerability baked into Apple’s M-series of chips allows attackers to extract secret keys from Macs when they perform widely used cryptographic operations, academic researchers have revealed in a paper published Thursday. The flaw—a side channel allowing end-to-end key extractions …

Enlarge (credit: Aurich Lawson | Getty Images) AI assistants have been widely available for a little more than a year, and they already have access to our most private thoughts and business secrets. People ask them about becoming pregnant or terminating or preventing pregnancy, consult them when considering a divorce …

Enlarge / Terrapin is coming for your data. (credit: Aurich Lawson | Getty Images) Sometime around the start of 1995, an unknown person planted a password sniffer on the network backbone of Finland’s Helsinki University of Technology (now known as Aalto University). Once in place, this piece of dedicated hardware …

Enlarge (credit: Getty Images) Hundreds of Windows and Linux computer models from virtually all hardware makers are vulnerable to a new attack that executes malicious firmware early in the boot-up sequence, a feat that allows infections that are nearly impossible to detect or remove using current defense mechanisms. The …

Enlarge (credit: Getty Images) For the first time, researchers have demonstrated that a large portion of cryptographic keys used to protect data in computer-to-server SSH traffic are vulnerable to complete compromise when naturally occurring computational errors occur while the connection is being established. Underscoring the importance of their discovery …

Enlarge (credit: Aurich Lawson | Getty Images) The Signal Foundation, maker of the Signal Protocol that encrypts messages sent by more than a billion people, has rolled out an update designed to prepare for a very real prospect that’s never far from the thoughts of just about every security …

Enlarge (credit: Steve McDowell / Agefotostock ) In late May, researchers drove out a team of China state hackers who over the previous seven months had exploited a critical vulnerability that gave them backdoors into the networks of a who’s who of sensitive organizations. Barracuda, the security vendor whose Email …

Enlarge A few months ago, an engineer in a data center in Norway encountered some perplexing errors that caused a Windows server to suddenly reset its system clock to 55 days in the future. The engineer relied on the server to maintain a routing table that tracked cell phone …

Enlarge (credit: Getty Images) Researchers have discovered a suite of vulnerabilities that largely break a next-generation protocol that was designed to prevent the hacking of access control systems used at secure facilities on US military bases and buildings belonging to federal, state, and local governments and private organizations. The …

Enlarge (credit: Aurich Lawson | Getty Images) A recent move by Google to populate the Internet with eight new top-level domains is prompting concerns that two of the additions could be a boon to online scammers who trick people into clicking on malicious links. Frequently abbreviated as TLD, a top-level …

Enlarge (credit: Aurich Lawson | Getty Images) Federal authorities, tech pundits, and news outlets want you to be on the lookout for a scary cyberattack that can hack your phone when you do nothing more than plug it into a public charging station. These warnings of “juice jacking,” as the …

Enlarge (credit: Aurich Lawson | Getty Images) Researchers on Wednesday announced a major cybersecurity find—the world’s first-known instance of real-world malware that can hijack a computer’s boot process even when Secure Boot and other advanced protections are enabled and running on fully updated versions of Windows. Dubbed …

Enlarge / Ally debit card owners are reporting fraudulent charges at a steady cadence over the past week. (credit: Getty Images) Ben Langhofer, a financial planner and single father of three in Wichita, Kansas, decided to start a side business. He had made a handbook for his family, laying out …

Enlarge / A group of Amazon Echo smart speakers, including Echo Studio, Echo, and Echo Dot models. (Photo by Neil Godwin/Future Publishing via Getty Images) (credit: T3 Magazine/Getty Images) Academic researchers have devised a new working exploit that commandeers Amazon Echo smart speakers and forces them to unlock …

Enlarge (credit: Aurich Lawson | Getty Images) This is a story about how a simple software bug allowed the fourth-biggest cryptocurrency theft ever. Hackers stole more than $323 million in cryptocurrency by exploiting a vulnerability in Wormhole, a Web-based service that allows inter-blockchain transactions. Wormhole lets people move digital coins …

Enlarge / A man walks by the building entrance of Israeli cyber company NSO Group at one of its branches in the Arava Desert on November 11, 2021, in Sapir, Israel. (credit: Amir Levy | Getty Images) In February 2019, an Israeli woman sat across from the son of Uganda’s …

Enlarge (credit: ANDRZEJ WOJCICKI / SCIENCE PHOTO LIBRARY / Getty Images) In the first half of this guide to personal digital security, I covered the basics of assessing digital risks and protecting what you can control: your devices. But the physical devices you use represent only a fraction of your overall …

Enlarge / Artist's impression of how to keep your digital stuff safe from all kinds of threats. (credit: Aurich Lawson | Getty Images) I spend most of my time these days investigating the uglier side of digital life—examining the techniques, tools, and practices of cyber criminals to help people better …