๐ Image
Massive breach spills credentials for thousands of sensitive networks
The affected include Oracle, Lenovo, FedEx, a NATO contractor, and Fortinet.
Dan Goodin
โ
|
0
Dan Goodin
Senior Security Editor
dan.goodin@arstechnica.com
Dan Goodin is Senior Security Editor at Ars Technica, where he oversees coverage of malware, computer espionage, botnets, hardware hacking, encryption, and passwords. A journalist with more than 25 years experience, he has been chronicling the exploits of white-hat, grey-hat and black-hat hackers since 2005 as a reporter for the Associated Press and later, The Register. He has a Bachelors Degree in English from the University of Massachusetts and a Masters of Journalism from UC Berkeley. In his spare time, he enjoys gardening, cooking, and following the independent music scene. Based in San Francisco, Dan can receive encrypted messages over Signal at DanArs.82. You can find him on Mastodon at here and on Bluesky at here.
Recent stories by
Dan Goodin
๐ Image
Windows and Linux users: The deadline to update Secure Boot keys is near
What you need to know about the expiration of keys securing your machineโs boot sequence.
Dan Goodin
โ
|
82
๐ In this photo illustration, the Microsoft Copilot AI logo is seen displayed on a smartphone screen.
Critical Copilot vulnerability allowed hackers to steal 2FA code from users
SearchLeak exploit shows why the industryโs approach to LLM security fails over and over.
Dan Goodin
โ
|
86
๐ Image
Users cry foul after AMD stripped memory crypto from its consumer CPUs
AMDโs stripping of TSME from consumer CPUs appears to be a deliberate, covert move.
Dan Goodin
โ
|
89
๐ Image
PeopleSoft 0-day affecting hundreds of organizations steals gigabytes of data
Vulnerability in the Oracle-owned PeopleSoft software is about as critical as they come.
Dan Goodin
โ
|
48
๐ Image
Locked in heated rivalry with researcher, Microsoft fixes 0-day they disclosed
A separate zero-day also disclosed by Nightmare Eclipse appears to be patched as well.
Dan Goodin
โ
|
110
๐ Image
High-severity vulnerability in Linux caused by a single faulty character
Use-after-free bug can be exploited to evade sandbox defenses.
Dan Goodin
โ
|
56
๐ Image
For the 2nd time in weeks, Microsoft packages laced with credential stealer
73 packages run self-replicating stealer as soon as theyโre opened by an AI agent.
Dan Goodin
โ
|
39
๐ Image
How a USB-connected speaker can infect a PC without ever being touched
Seller of the Sound Blaster Katana V2X doesnโt consider the behavior a vulnerability.
Dan Goodin
โ
|
137
๐ Image
Dashlane explains how attackers managed to download encrypted password vaults
By targeting large numbers of users, attackers increased their chances of success.
Dan Goodin
โ
|
82
๐ Image
Canโt make sense of Dashlaneโs vault theft notification? Youโre not alone.
Security advisory leaves out key details. Dashlane maintains complete silence.
Dan Goodin
โ
|
40
๐ A photograph of a red fedora
Dozens of Red Hat packages backdoored through its official NPM channel
Anyone who has downloaded affected Red Hat packages should investigate immediately.
Dan Goodin
โ
|
40
๐ Rows of 1950s-style robots operate computer workstations.
Botnet of more than 17 million devices dismantled
The botnet was reportedly tied to a Russia-based residential proxy network.
Dan Goodin
โ
|
27
๐ Illustration of Retro Robots on Glass Blocks -- AI coding Agents
Fed up with vibe coders, dev sneaks data-nuking prompt injection into their code
Undisclosed addition in jqwik instructed AI coding agents to delete app output.
Dan Goodin
โ
|
386
๐ Image of a solid state drive.
Websites have a new way to spy on visitors: Analyzing their SSD activity
Telltale SSD activity can be measured in the browser using simple JavaScript.
Dan Goodin
โ
|
148
๐ Image
Millions of AI agents imperiled by critical vulnerability in open source package
โBadHostโ was found in Starlette, a package with 325 million weekly downloads.
Dan Goodin
โ
|
67
๐ Image
Texas AG sues Meta over claims that WhatsApp doesnโt provide end-to-end encryption
Critics note a lack of factual support in lawsuit filed by US Senate candidate.
Dan Goodin
โ
|
49
๐ Chromium Logo
Google publishes exploit code threatening millions of Chromium users
Google publishes exploit code before patch, reported 42 months earlier, is fixed.
Dan Goodin
โ
|
63
๐ Image
Zero-day exploit completely defeats default Windows 11 BitLocker protections
Itโs not entirely clear how the exploit works. Microsoft says itโs investigating.
Dan Goodin
โ
|
60
๐ Image
Linux bitten by second severe vulnerability in as many weeks
Production-version patches are coming online and should be installed pronto.
Dan Goodin
โ
|
93
๐ Image
Chaos erupts as cyberattack disrupts learning platform Canvas amid finals
Across the country, schools and colleges postpone year-end tests.
Dan Goodin
โ
|
93
๐ Image
Mozilla says 271 vulnerabilities found by Mythos have โalmost no false positivesโ
The developer of Firefox says it has โcompletely bought inโ on AI-assisted bug discovery.
Dan Goodin
โ
|
138
๐ Image
Widely used Daemon Tools disk app backdoored in monthlong supply-chain attack
Daemon Tools users: Itโs time to check your machines for stealthy infections, stat.
Dan Goodin
โ
|
63
๐ Image
Ubuntu infrastructure has been down for more than a day
The outage has hampered communication concerning a critical vulnerability that gives root.
Dan Goodin
โ
|
76
๐ Image
The most severe Linux threat to surface in years catches the world flat-footed
CopyFail threatens multi-tenant servers, CI/CD work flows, Kubernetes containers, and more.
Dan Goodin
โ
|
162
๐ A cartoon man runs across a white field of ones and zeroes.
Why a recent supply-chain attack singled out security firms Checkmarx and Bitwarden
Security firms find themselves especially exposed.
Dan Goodin
โ
|
20
๐ Image
Open source package with 1 million monthly downloads stole user credentials
If youโre one of millions using element-data, itโs time to check for compromise.
Dan Goodin
โ
|
33
๐ Red neon light of triple X's.
Why are top university websites serving porn? It comes down to shoddy housekeeping.
Hundreds of subdomains from dozens of universities have been hijacked by scammers.
Dan Goodin
โ
|
67
๐ Illustration of ones and zeros being encrypted.
In a first, a ransomware family is confirmed to be quantum-safe
Technically speaking, thereโs no practical benefit to use PQC. So why is it being used?
Dan Goodin
โ
|
19
๐ Image
Microsoft issues emergency update for macOS and Linux ASP.NET threat
When authentication fails, things can go very, very wrong.
Dan Goodin
โ
|
25
๐ Image
Contrary to popular superstition, AES 128 is just fine in a post-quantum world
A stubborn misconception is hampering the already hard work of quantum readiness.
Dan Goodin
โ
|
79
๐ A $100 bill with green digital numbers appearing throughout the bill.
US-sanctioned currency exchange says $15 million heist done by โunfriendly statesโ
Grinex says needed hacking resources โavailable exclusively toโฆ unfriendly states.โ
Dan Goodin
โ
|
78
๐ conceptual graphic of symbols representing quantum states floating above a stylized computer chip.
Recent advances push Big Tech closer to the Q-Day danger zone
Hereโs which players are winning the race to transition to post-quantum crypto.
Dan Goodin
โ
|
69
๐ Flag of Iran on binary code.
Iran-linked hackers disrupt operations at US critical infrastructure sites
As the US and Israelโs war has ramped up, so too have hacks on US industrial sites.
Dan Goodin
โ
|
90
๐ Image
Thousands of consumer routers hacked by Russiaโs military
End-of-life routers in homes and small offices hacked in 120 countries.
Dan Goodin
โ
|
101
๐ A blue crayfish on a countertop
OpenClaw gives users yet another reason to be freaked out about security
The viral AI agentic tool let attackers silently gain admin unauthenticated access.
Dan Goodin
โ
|
85