Light bulb Limited Spots Available: Secure Your Lifetime Subscription on Gumroad!

Articles & Guides

All 620 Featured 15 Articles 618 Guides 2
Showing 15 of 620 posts · RSS
NYC Health + Hospitals, the Largest US Public Health System, Says an Unauthorized Actor Sat Inside Its Network From Late November 2025 to February 2, 2026 and Copied the Personal, Medical, Financial, and Biometric Data—Including Fingerprints and Palm Prints—of at Least 1.8 Million People
Article

NYC Health + Hospitals, the Largest US Public Health System, Says an Unauthorized Actor Sat Inside Its Network From Late November 2025 to February 2, 2026 and Copied the Personal, Medical, Financial, and Biometric Data—Including Fingerprints and Palm Prints—of at Least 1.8 Million People

May 27, 2026 · 6 min read

German Researchers at KIT Identified People With Nearly 100% Accuracy Using Ordinary WiFi—No Phone, No Device, No Password—By Reading How an Unencrypted Stream of Router Feedback Data Bends Around the Human Body, and They Warn Every Router Could Become Invisible Surveillance Infrastructure
Article

German Researchers at KIT Identified People With Nearly 100% Accuracy Using Ordinary WiFi—No Phone, No Device, No Password—By Reading How an Unencrypted Stream of Router Feedback Data Bends Around the Human Body, and They Warn Every Router Could Become Invisible Surveillance Infrastructure

May 27, 2026 · 6 min read

A Spyware Investigator at Amnesty International Exposed Russian Government Hackers Trying to Hijack Signal Accounts—The Campaign Abuses Signal's Legitimate Linked Device QR Code Feature to Silently Mirror Messages, Targeted More Than 13,500 People Including Journalists and Politicians, and Bypasses End to End Encryption Without Breaking the Cryptography
Article

A Spyware Investigator at Amnesty International Exposed Russian Government Hackers Trying to Hijack Signal Accounts—The Campaign Abuses Signal's Legitimate Linked Device QR Code Feature to Silently Mirror Messages, Targeted More Than 13,500 People Including Journalists and Politicians, and Bypasses End to End Encryption Without Breaking the Cryptography

May 27, 2026 · 6 min read

A California Federal Jury Ordered Google to Pay More Than $425 Million to 98 Million Users Who Turned Off the Web & App Activity Setting and Were Tracked Anyway—The Verdict Lands in the Same Year as a $135 Million Android Settlement, a New RTB Control, and a $1.375 Billion Texas Payout
Article

A California Federal Jury Ordered Google to Pay More Than $425 Million to 98 Million Users Who Turned Off the Web & App Activity Setting and Were Tracked Anyway—The Verdict Lands in the Same Year as a $135 Million Android Settlement, a New RTB Control, and a $1.375 Billion Texas Payout

May 27, 2026 · 7 min read

A Carnegie Mellon CyLab Study Showed That Google's Topics API and Other Privacy-Preserving Interest Buckets Still Re-Identify Individuals—34% Accuracy on Web Browsing and Over 95% on Music Listening—Because a Transformer Reading the Sequence of Your Topics Over Time Is All It Takes to Pick You Out
Article

A Carnegie Mellon CyLab Study Showed That Google's Topics API and Other Privacy-Preserving Interest Buckets Still Re-Identify Individuals—34% Accuracy on Web Browsing and Over 95% on Music Listening—Because a Transformer Reading the Sequence of Your Topics Over Time Is All It Takes to Pick You Out

May 27, 2026 · 6 min read

Signal Said It Will Leave Canada Before Complying With Bill C-22's 12 Month Metadata Retention Rule—And the US House GOP Just Sent Ottawa a Letter Warning the Bill Threatens American National Security Too
Article

Signal Said It Will Leave Canada Before Complying With Bill C-22's 12 Month Metadata Retention Rule—And the US House GOP Just Sent Ottawa a Letter Warning the Bill Threatens American National Security Too

May 26, 2026 · 8 min read

DHS Said on May 22 That ICE Has 'No Relationship' With Paragon Solutions—But the Agency Refused to Say Whether It Switched to a Different Spyware Vendor, and ICE's Outgoing Director Already Confirmed Homeland Security Investigations Is Using Commercial Spyware
Article

DHS Said on May 22 That ICE Has 'No Relationship' With Paragon Solutions—But the Agency Refused to Say Whether It Switched to a Different Spyware Vendor, and ICE's Outgoing Director Already Confirmed Homeland Security Investigations Is Using Commercial Spyware

May 26, 2026 · 7 min read

The FTC Just Settled With Cox Media Group, MindSift, and 1010 Digital Works for $930,000 on May 21—They Sold an 'Active Listening' AI Service That Was Supposed to Target Ads Based on Conversations Captured From Smart Device Microphones, and the FTC Says the Conversations Never Happened
Article

The FTC Just Settled With Cox Media Group, MindSift, and 1010 Digital Works for $930,000 on May 21—They Sold an 'Active Listening' AI Service That Was Supposed to Target Ads Based on Conversations Captured From Smart Device Microphones, and the FTC Says the Conversations Never Happened

May 26, 2026 · 7 min read

A New Zero Click WhatsApp Takeover Hijacks iPhone Accounts Running iOS 16 With No Warning, No Linked Device Prompt, and No User Interaction—Victims Only Find Out When They Are Suddenly Logged Out, and the Attacker Keeps the Account on the Original Device
Article

A New Zero Click WhatsApp Takeover Hijacks iPhone Accounts Running iOS 16 With No Warning, No Linked Device Prompt, and No User Interaction—Victims Only Find Out When They Are Suddenly Logged Out, and the Attacker Keeps the Account on the Original Device

May 26, 2026 · 7 min read

Attackers Chained a 9.4 Severity Ghost CMS SQL Injection Bug to Seed ClickFix Malware on More Than 700 Unpatched Sites—Including Harvard University, Oxford University, Auburn University, and DuckDuckGo, Each Briefly Serving a Fake Cloudflare Prompt That Ran a Shell Command on Visiting Windows Machines
Article

Attackers Chained a 9.4 Severity Ghost CMS SQL Injection Bug to Seed ClickFix Malware on More Than 700 Unpatched Sites—Including Harvard University, Oxford University, Auburn University, and DuckDuckGo, Each Briefly Serving a Fake Cloudflare Prompt That Ran a Shell Command on Visiting Windows Machines

May 26, 2026 · 7 min read

Qilin Sat Inside Covenant Health's Hospital Network From May 18 to May 26 and Walked Out With the Records of 480,000 Patients Across Two Hospitals in Maine and One in New Hampshire—St. Mary's Labs Processed Paper Orders, and St. Joseph in New Hampshire Shut Its Satellite Services to Keep the Main Hospital Running
Article

Qilin Sat Inside Covenant Health's Hospital Network From May 18 to May 26 and Walked Out With the Records of 480,000 Patients Across Two Hospitals in Maine and One in New Hampshire—St. Mary's Labs Processed Paper Orders, and St. Joseph in New Hampshire Shut Its Satellite Services to Keep the Main Hospital Running

May 26, 2026 · 7 min read

Meta Just Settled With a 2,800 Student Kentucky School District Three Weeks Before a June 15 Federal Trial That Asked Mark Zuckerberg's Company to Pay $60 Million Toward a 15 Year Mental Health Program—And 1,200 Other School Districts Are Still in Line Behind Breathitt County
Article

Meta Just Settled With a 2,800 Student Kentucky School District Three Weeks Before a June 15 Federal Trial That Asked Mark Zuckerberg's Company to Pay $60 Million Toward a 15 Year Mental Health Program—And 1,200 Other School Districts Are Still in Line Behind Breathitt County

May 26, 2026 · 7 min read

CISA Opened Its Known Exploited Vulnerabilities Catalog to Outside Researchers on May 21 With a Structured Nomination Form—The Agency That Previously Took Submissions by Email at vulnerability@cisa.dhs.gov Now Wants the Data Fields Filled In Before It Triages the Report
Article

CISA Opened Its Known Exploited Vulnerabilities Catalog to Outside Researchers on May 21 With a Structured Nomination Form—The Agency That Previously Took Submissions by Email at vulnerability@cisa.dhs.gov Now Wants the Data Fields Filled In Before It Triages the Report

May 26, 2026 · 7 min read

Linux Just Got Two Local Privilege Escalation Bugs in One Week—Both AI Discovered, and the OpenSSF's Christopher Robinson Says 30% of the Security Reports He Triages Are Duplicates From People Running the Same Scanners
Article

Linux Just Got Two Local Privilege Escalation Bugs in One Week—Both AI Discovered, and the OpenSSF's Christopher Robinson Says 30% of the Security Reports He Triages Are Duplicates From People Running the Same Scanners

May 25, 2026 · 7 min read

The EU Commission Just Missed Its February Deadline for the High Risk AI Guidelines—Released the Draft on May 19, Three Months Late, With Compliance Now Bumped to December 2027 and August 2028 After 110 European Businesses Lobbied for the Extension
Article

The EU Commission Just Missed Its February Deadline for the High Risk AI Guidelines—Released the Draft on May 19, Three Months Late, With Compliance Now Bumped to December 2027 and August 2028 After 110 European Businesses Lobbied for the Extension

May 25, 2026 · 7 min read