Millions of people in Louisiana and Oregon have had their data compromised in the sprawling cyberattack that has also hit the US federal government, state agencies said late Thursday.

No wonder Google is having trouble keeping up with policing its app store. Since Monday, researchers have reported that hundreds of Android apps and Chrome extensions with millions of installs from the company’s official marketplaces have included functions for snooping on user files, manipulating the contents of clipboards, and injecting deliberately unknown code into webpages.

Smartphone malware sold to governments around the world can surreptitiously record voice calls and nearby audio, collect data from apps such as Signal and WhatsApp, and hide apps or prevent them from running upon device reboots, researchers from Cisco’s Talos security team have found.

We're not ready to make the move.

Researchers at Tencent Labs and Zhejiang University have presented a new attack called 'BrutePrint,' which brute-forces fingerprints on modern smartphones to bypass user authentication and take control of the device.

Overall, Android devices have earned a decidedly mixed reputation for security. While the OS itself and Google's Pixels have stood up over the years against software exploits, the never-ending flow of malicious apps in Google Play and vulnerable devices from some third-party manufacturers have tarnished its image.

Meta on Wednesday warned that hackers are using the promise of generative artificial intelligence like ChatGPT to trick people into installing malicious code on devices. Over the course of the past month, security analysts with the social-media giant have found malicious software posing as ChatGPT or similar AI tools, chief information security officer Guy Rosen said in a briefing.

More than half of the enterprise routers researchers bought secondhand hadn’t been wiped, exposing sensitive info like login credentials and customer data.

In the rush to commercialize LLMs, security got left behind

The U.S. government is warning of the dangers of using public, free cellphone charging stations, such as airports, hotels and shopping centers. The FCC put out a statement, and local branches of the FBI are also expressing concern. That's because cybercriminals are using the USB cables at these charging stations to hack into phones while they're charging.

The FBI recently warned consumers against using free public charging stations, saying crooks have managed to hijack public chargers that can infect devices with malware, or software that can give hackers access to your phone, tablet or computer.

A market-leading garage door controller is so riddled with severe security and privacy vulnerabilities that the researcher who discovered them, Sam Sabetan, is advising anyone using one to immediately disconnect it until they are fixed.

AI language models are the shiniest, most exciting thing in tech right now. But they’re poised to create a major new problem: they are ridiculously easy to misuse and to deploy as powerful phishing or scamming tools. No programming skills are needed. What’s worse is that there is no known fix.

If you need another reminder to be careful when downloading new apps for your devices, a new batch of malicious apps has been discovered stealing both data and money from unsuspecting users. As reported by Laptop Mag(opens in new tab), these 203 malicious iOS and Android apps were first discovered by Thailand’s Ministry of Digital Economy and Society (DES) and the UK’s National Cyber Security Centre (NCSC).

In an era of quantum computing "arms race", it is time to transition to quantum-safe systems.

We’re changing some of our security practices. Here is what you need to know to ensure a smooth transition.

Google is urging owners of certain Android phones to take urgent action to protect themselves from critical vulnerabilities that give skilled hackers the ability to surreptitiously compromise their devices by making a specially crafted call to their number. It’s not clear if all actions urged are even possible, however, and even if they are, the measures will neuter devices of most voice-calling capabilities.

Nearly two-and-a-half years after the Trump administration threatened to ban TikTok in the United States if it didn't divest from its Chinese owners, the Biden administration is now doing the same.

A voice identification system used by the Australian government for millions of people has a serious security flaw, a Guardian Australia investigation has found. Centrelink and the Australian Taxation Office (ATO) both give people the option of using a “voiceprint”, along with other information, to verify their identity over the phone, allowing them to then access sensitive information from their accounts.

A popular ransomware operator claims to have compromised Ring, the Amazon-owned company that builds smart doorbells with cameras. A new report on Vice’s Motherboard states that the group known as ALPHV, popular for its use of the BlackCat encryptor malware, added a new entry to its leak site, next to which is Ring’s logo.