Malicious JavaScript code delivered by the AppsFlyer Web SDK hijacked cryptocurrency, potentially in a supply-chain attack.

Plus: A porn-quitting app exposed the masturbation habits of hundreds of thousands of users, Russian hackers are trying to take over people’s Signal accounts, and more.

When Friday the Thirteenth and Patch Tuesday happen on the same week, we’re surely in for a good time. Anyone who maintains any sort of Microsoft ecosystem knows by now to brace for impact ...

This week saw attacks on Claude Code users, LastPass users, Starlink users, and, perhaps worst of all, people who needed an ambulance. Add a dash of AI hacking, and you have another wild week in ...

Rust-based VENON malware targets 33 Brazilian financial platforms using advanced evasion and overlays, enabling credential theft.

Specifically, Assured Security Consultants completed a code audit of GotaTun, Mullvad’s implementation of the WireGuard connection protocol, written in Rust. The audit consisted ...

I’ve also made a couple overview pages that collect posts on specific topics: Package Management and Git. If you want to see everything I’ve written about either of those, those are good places to ...

A China-linked advanced persistent threat actor tracked as UAT-9244 has been targeting telecommunication service providers in South America since 2024, compromising Windows, Linux, and network-edge ...

If you’ve used Linux for a long time, you know that we are spoiled these days. Getting a new piece of hardware back in the day was often a horrible affair, requiring custom kernels and lots ...

Are AGENTS.md files actually helping your AI coding agents, or are they making them stupider? We dive into new research from ETH Zurich, real-world experiments, and security risks to find the truth ...

Anthropic researcher Nicholas Carlini published a blog post describing how he set 16 instances of the company’s Claude Opus 4.6 AI model loose on a shared codebase with minimal supervision, tasking ...