https://it.slashdot.org/ News for nerds, stuff that matters en-us Copyright Slashdot Media. All Rights Reserved. 2026-04-19T01:38:16+00:00 Slashdot Media feedback@slashdot.org Technology 1970-01-01T00:00+00:00 1 hourly https://a.fsdn.com/sd/topics/topicslashdot.gif https://it.slashdot.org/ https://it.slashdot.org/story/26/04/18/0552210/30-wordpress-plugins-turned-into-malware-after-ownership-change?utm_source=rss1.0mainlinkanon&utm_medium=feed Wednesday BleepingComputer reported that more than 30 WordPress plugins "have been compromised with malicious code that allows unauthorized access to websites running them." A malicious actor planted the backdoor code last year but only recently started pushing it to users via updates, generating spam pages and causing redirects, as per the instructions received from the command-and-control (C2) server. The compromise affects plugins with hundreds of thousands of active installations and was spotted by Austin Ginder, the founder of managed WordPress hosting provider Anchor Hosting, after receiving a tip about one add-on containing code that allowed third-party access. Further investigation by Ginder revealed that a backdoor had been present in all plugins within the EssentialPlugin package since August 2025, after the project was acquired in a six-figure deal by a new owner.... "The injected code was sophisticated. It fetched spam links, redirects, and fake pages from a command-and-control server. It only showed the spam to Googlebot, making it invisible to site owners," explained Ginder. "WordPress.org's v2.6.9.1 update neutralized the phone-home mechanism in the plugin," Ginder writes in a blog post. "But it did not touch wp-config.php. The SEO spam injection was still actively serving hidden content to Googlebot. "And here is the wildest part. It resolved its C2 domain through an Ethereum smart contract, querying public blockchain RPC endpoints. Traditional domain takedowns would not work because the attacker could update the smart contract to point to a new domain at any time." This has happened before. In 2017, a buyer using the alias "Daley Tias" purchased the Display Widgets plugin (200,000 installs) for $15,000 and injected payday loan spam. That buyer went on to compromise at least 9 plugins the same way.... The WordPress plugin marketplace has a trust problem... The Flippa listing for Essential Plugin was public. The buyer's background in SEO and gambling marketing was public. And yet the acquisition sailed through without any review from WordPress.org. WordPress.org has no mechanism to flag or review plugin ownership transfers. There is no "change of control" notification to users. No additional code review triggered by a new committer. The Plugins Team responded quickly once the attack was discovered. But 8 months passed between the backdoor being planted and being caught. Thanks to Slashdot reader axettone for sharing the news.<p><div class="share_submission" style="position:relative;"> <a class="slashpop" href="http://twitter.com/home?status=30+WordPress+Plugins+Turned+Into+Malware+After+Ownership+Change%3A+https%3A%2F%2Fit.slashdot.org%2Fstory%2F26%2F04%2F18%2F0552210%2F%3Futm_source%3Dtwitter%26utm_medium%3Dtwitter"><img src="https://a.fsdn.com/sd/twitter_icon_large.png"></a> <a class="slashpop" href="http://www.facebook.com/sharer.php?u=https%3A%2F%2Fit.slashdot.org%2Fstory%2F26%2F04%2F18%2F0552210%2F30-wordpress-plugins-turned-into-malware-after-ownership-change%3Futm_source%3Dslashdot%26utm_medium%3Dfacebook"><img src="https://a.fsdn.com/sd/facebook_icon_large.png"></a> </div></p><p><a href="https://it.slashdot.org/story/26/04/18/0552210/30-wordpress-plugins-turned-into-malware-after-ownership-change?utm_source=rss1.0moreanon&amp;utm_medium=feed">Read more of this story</a> at Slashdot.</p> EditorDavid 2026-04-18T18:34:00+00:00 security supply-chain-attacked it 10 10,8,6,5,2,1,1 https://yro.slashdot.org/story/26/04/18/039221/us-government-now-wants-anthropics-mythos-preparing-for-ai-cybersecurity-threats?utm_source=rss1.0mainlinkanon&utm_medium=feed Friday Anthropic's CEO met with top U.S. officials and "discussed opportunities for collaboration," according to a White House spokesperson itedd by Politico, "as well as shared approaches and protocols to address the challenges associated with scaling this technology." CNN notes the meeting happens at the same time Anthropic "battles the Trump administration in court for blacklisting its Claude AI model..." The meeting took place as the US government is trying to balance its hardline approach to Anthropic with the national security implications of turning its back on the company's breakthrough technology &mdash; including its Mythos tool that can identify cybersecurity threats but also present a roadmap for hackers to attack companies or the government... The Office of Management and Budget has already told agencies it is preparing to give them access to Mythos to prepare, Bloomberg reported. Axios reported the White House is also in discussion to gain access to Mythos. The Trump administration "recognizes the power" of Mythos, reports Axios, "and its highly sophisticated &mdash; and potentially dangerous &mdash; ability to breach cybersecurity defenses." "It would be grossly irresponsible for the U.S. government to deprive itself of the technological leaps that the new model presents," a source close to negotiations told us. "It would be a gift to China"... Some parts of the U.S. intelligence community, plus the Cybersecurity and Infrastructure Security Agency (CISA, part of Homeland Security), are testing Mythos. Treasury and others want it. The White House added they plan to invite other AI companies for similar discussions, Politico reports. But Mythos "is also alarming regulators in Europe, who have told POLITICO they have not been able to gain access..." U.S. government agency tech leaders sought access to the model after Anthropic earlier this year began testing the model and granted limited access to a select group of companies, including JPMorgan, Amazon and Apple... after finding it had hacking capabilities far outstripping those of previous AI models. This includes the ability to autonomously identify and exploit complex software vulnerabilities, such as so-called zero-day flaws, which even some of the sharpest human minds are unable to patch. The AI startup also wrote that the model could carry out end-to-end cyberattacks autonomously, including by navigating enterprise IT systems and chaining together exploits. It could also act as a force-multiplier for research needed to build chemical and biological weapons, and in certain instances, made efforts to cover its tracks when attacking systems, according to Anthropic's report on the model's capabilities and its safety assessments. Those findings and others have inspired fears that the model could be co-opted to launch powerful cyberattacks with relative ease if it fell into the wrong hands. Logan Graham, a senior security researcher at Anthropic, previously told POLITICO that researchers and tech firms had been given early access to Mythos so they could find flaws in their critical code before state-backed hackers or cybercriminals could exploit them. "Within six, 12 or 24 months, these kinds of capabilities could be just broadly available to everybody in the world," Graham said.<p><div class="share_submission" style="position:relative;"> <a class="slashpop" href="http://twitter.com/home?status=US+Government+Now+Wants+Anthropic's+'Mythos'%2C+Preparing+for+AI+Cybersecurity+Threats%3A+https%3A%2F%2Fyro.slashdot.org%2Fstory%2F26%2F04%2F18%2F039221%2F%3Futm_source%3Dtwitter%26utm_medium%3Dtwitter"><img src="https://a.fsdn.com/sd/twitter_icon_large.png"></a> <a class="slashpop" href="http://www.facebook.com/sharer.php?u=https%3A%2F%2Fyro.slashdot.org%2Fstory%2F26%2F04%2F18%2F039221%2Fus-government-now-wants-anthropics-mythos-preparing-for-ai-cybersecurity-threats%3Futm_source%3Dslashdot%26utm_medium%3Dfacebook"><img src="https://a.fsdn.com/sd/facebook_icon_large.png"></a> </div></p><p><a href="https://yro.slashdot.org/story/26/04/18/039221/us-government-now-wants-anthropics-mythos-preparing-for-ai-cybersecurity-threats?utm_source=rss1.0moreanon&amp;utm_medium=feed">Read more of this story</a> at Slashdot.</p> EditorDavid 2026-04-18T14:34:00+00:00 ai Claude-your-way-back yro 18 18,18,15,13,6,4,3 https://it.slashdot.org/story/26/04/17/2127243/nist-limits-cve-enrichment-after-263-surge-in-vulnerability-submissions?utm_source=rss1.0mainlinkanon&utm_medium=feed NIST is narrowing how it handles CVEs in the National Vulnerability Database (NVD), saying it will only automatically enrich higher-priority vulnerabilities. "CVEs that do not meet those criteria will still be listed in the NVD but will not automatically be enriched by NIST," it said. "This change is driven by a surge in CVE submissions, which increased 263% between 2020 and 2025. We don't expect this trend to let up anytime soon." The Hacker News reports: The prioritization criteria outlined by NIST, which went into effect on April 15, 2026, are as follows: - CVEs appearing in the U.S. Cybersecurity and Infrastructure Security Agency's (CISA) Known Exploited Vulnerabilities (KEV) catalog. - CVEs for software used within the federal government. - CVEs for critical software as defined by Executive Order 14028: this includes software that's designed to run with elevated privilege or managed privileges, has privileged access to networking or computing resources, controls access to data or operational technology, and operates outside of normal trust boundaries with elevated access. Any CVE submission that doesn't meet these thresholds will be marked as "Not Scheduled." The idea, NIST said, is to focus on CVEs that have the maximum potential for widespread impact. "While CVEs that do not meet these criteria may have a significant impact on affected systems, they generally do not present the same level of systemic risk as those in the prioritized categories," it added. [...] Changes have also been instituted for various other aspects of the NVD operations. These include: - NIST will no longer routinely provide a separate severity score for a CVE where the CVE Numbering Authority has already provided a severity score. - A modified CVE will be reanalyzed only if it "materially impacts" the enrichment data. Users can request specific CVEs to be reanalyzed by sending an email to the same address listed above. - All unenriched CVEs currently in backlog with an NVD publish date earlier than March 1, 2026, will be moved into the "Not Scheduled" category. This does not apply to CVEs that are already in the KEV catalog. - NIST has updated the CVE status labels and descriptions, as well as the NVD Dashboard, to accurately reflect the status of all CVEs and other statistics in real time.<p><div class="share_submission" style="position:relative;"> <a class="slashpop" href="http://twitter.com/home?status=NIST+Limits+CVE+Enrichment+After+263%25+Surge+In+Vulnerability+Submissions%3A+https%3A%2F%2Fit.slashdot.org%2Fstory%2F26%2F04%2F17%2F2127243%2F%3Futm_source%3Dtwitter%26utm_medium%3Dtwitter"><img src="https://a.fsdn.com/sd/twitter_icon_large.png"></a> <a class="slashpop" href="http://www.facebook.com/sharer.php?u=https%3A%2F%2Fit.slashdot.org%2Fstory%2F26%2F04%2F17%2F2127243%2Fnist-limits-cve-enrichment-after-263-surge-in-vulnerability-submissions%3Futm_source%3Dslashdot%26utm_medium%3Dfacebook"><img src="https://a.fsdn.com/sd/facebook_icon_large.png"></a> </div></p><p><a href="https://it.slashdot.org/story/26/04/17/2127243/nist-limits-cve-enrichment-after-263-surge-in-vulnerability-submissions?utm_source=rss1.0moreanon&amp;utm_medium=feed">Read more of this story</a> at Slashdot.</p> BeauHD 2026-04-17T22:00:00+00:00 security too-many-to-handle it 17 17,16,11,10,3,3,1 https://yro.slashdot.org/story/26/04/16/2052224/totalrecall-reloaded-tool-finds-a-side-entrance-to-windows-11-recall-database?utm_source=rss1.0mainlinkanon&utm_medium=feed An anonymous reader quotes a report from Ars Technica: Two years ago, Microsoft launched its first wave of "Copilot+" Windows PCs with a handful of exclusive features that could take advantage of the neural processing unit (NPU) hardware being built into newer laptop processors. These NPUs could enable AI and machine learning features that could run locally rather than in someone's cloud, theoretically enhancing security and privacy. One of the first Copilot+ features was Recall, a feature that promised to track all your PC usage via screenshot to help you remember your past activity. But as originally implemented, Recall was neither private nor secure; the feature stored its screenshots plus a giant database of all user activity in totally unencrypted files on the user's disk, making it trivial for anyone with remote or local access to grab days, weeks, or even months of sensitive data, depending on the age of the user's Recall database. After journalists and security researchers discovered and detailed these flaws, Microsoft delayed the Recall rollout by almost a year and substantially overhauled its security. All locally stored data would now be encrypted and viewable only with Windows Hello authentication; the feature now did a better job detecting and excluding sensitive information, including financial information, from its database; and Recall would be turned off by default, rather than enabled on every PC that supported it. The reconstituted Recall was a big improvement, but having a feature that records the vast majority of your PC usage is still a security and privacy risk. Security researcher Alexander Hagenah was the author of the original "TotalRecall" tool that made it trivially simple to grab the Recall information on any Windows PC, and an updated "TotalRecall Reloaded" version exposes what Hagenah believes are additional vulnerabilities. The problem, as detailed by Hagenah on the TotalRecall GitHub page, isn't with the security around the Recall database, which he calls "rock solid." The problem is that, once the user has authenticated, the system passes Recall data to another system process called AIXHost.exe, and that process doesn't benefit from the same security protections as the rest of Recall. "The vault is solid," Hagenah writes. "The delivery truck is not." The TotalRecall Reloaded tool uses an executable file to inject a DLL file into AIXHost.exe, something that can be done without administrator privileges. It then waits in the background for the user to open Recall and authenticate using Windows Hello. Once this is done, the tool can intercept screenshots, OCR'd text, and other metadata that Recall sends to the AIXHost.exe process, which can continue even after the user closes their Recall session. "The VBS enclave won't decrypt anything without Windows Hello," Hagenah writes. "The tool doesn't bypass that. It makes the user do it, silently rides along when the user does it, or waits for the user to do it." A handful of tasks, including grabbing the most recent Recall screenshot, capturing select metadata about the Recall database, and deleting the user's entire Recall database, can be done with no Windows Hello authentication. Once authenticated, Hagenah says the TotalRecall Reloaded tool can access both new information recorded to the Recall database as well as data Recall has previously recorded. "We appreciate Alexander Hagenah for identifying and responsibly reporting this issue. After careful investigation, we determined that the access patterns demonstrated are consistent with intended protections and existing controls, and do not represent a bypass of a security boundary or unauthorized access to data," a Microsoft spokesperson told Ars. "The authorization period has a timeout and anti-hammering protection that limit the impact of malicious queries."<p><div class="share_submission" style="position:relative;"> <a class="slashpop" href="http://twitter.com/home?status='TotalRecall+Reloaded'+Tool+Finds+a+Side+Entrance+To+Windows+11+Recall+Database%3A+https%3A%2F%2Fyro.slashdot.org%2Fstory%2F26%2F04%2F16%2F2052224%2F%3Futm_source%3Dtwitter%26utm_medium%3Dtwitter"><img src="https://a.fsdn.com/sd/twitter_icon_large.png"></a> <a class="slashpop" href="http://www.facebook.com/sharer.php?u=https%3A%2F%2Fyro.slashdot.org%2Fstory%2F26%2F04%2F16%2F2052224%2Ftotalrecall-reloaded-tool-finds-a-side-entrance-to-windows-11-recall-database%3Futm_source%3Dslashdot%26utm_medium%3Dfacebook"><img src="https://a.fsdn.com/sd/facebook_icon_large.png"></a> </div></p><p><a href="https://yro.slashdot.org/story/26/04/16/2052224/totalrecall-reloaded-tool-finds-a-side-entrance-to-windows-11-recall-database?utm_source=rss1.0moreanon&amp;utm_medium=feed">Read more of this story</a> at Slashdot.</p> BeauHD 2026-04-16T23:00:00+00:00 privacy recalled-again yro 29 29,29,26,24,9,6,4 https://yro.slashdot.org/story/26/04/15/1913213/calcom-is-going-closed-source-because-of-ai?utm_source=rss1.0mainlinkanon&utm_medium=feed Cal is moving its flagship scheduling software from open source to a proprietary license, arguing that AI coding tools now make it much easier for attackers to scan public codebases for vulnerabilities. "Open source security always relied on people to find and fix any problems," said Peer Richelsen, co-founder of Cal. "Now AI attackers are flaunting that transparency." CEO Bailey Pumfleet added: "Open-source code is basically like handing out the blueprint to a bank vault. And now there are 100x more hackers studying the blueprint." The company says it still supports open source and is releasing a separate Cal.diy version for hobbyists, but doesn't want to risk customer booking data in its commercial product. ZDNet reports: When Cal was founded in 2022, Bailey Pumfleet, the CEO and co-founder, wrote, "Cal.com would be an open-source project [because] limitations of existing scheduling products could only be solved by open source." Since Cal was successful and now claims to be the largest Next.js project, he was on to something. Today, however, Pumfleet tells me that AI programs such as "Claude Opus can scour the code to find vulnerabilities," so the company is moving the project from the GNU Affero General Public License (AGPL) to a proprietary license to defend the program's security. [...] Cal also quoted Huzaifa Ahmad, CEO of Hex Security, "Open-source applications are 5-10x easier to exploit than closed-source ones. The result, where Cal sits, is a fundamental shift in the software economy. Companies with open code will be forced to risk customer data or close public access to their code." "We are committed to protecting sensitive data," Pumfleet said. "We want to be a scheduling company, not a cybersecurity company." He added, "Cal.com handles sensitive booking data for our users. We won't risk that for our love of open source." While its commercial program is no longer open source, Cal has released Cal.diy. This is a fully open-source version of its platform for hobbyists. The open project will enable experimentation outside the closed application that handles high-stakes data. Pumfleet concluded, "This decision is entirely around the vulnerability that open source introduces. We still firmly love open source, and if the situation were to change, we'd open source again. It's just that right now, we can't risk the customer data."<p><div class="share_submission" style="position:relative;"> <a class="slashpop" href="http://twitter.com/home?status=Cal.com+Is+Going+Closed+Source+Because+of+AI%3A+https%3A%2F%2Fyro.slashdot.org%2Fstory%2F26%2F04%2F15%2F1913213%2F%3Futm_source%3Dtwitter%26utm_medium%3Dtwitter"><img src="https://a.fsdn.com/sd/twitter_icon_large.png"></a> <a class="slashpop" href="http://www.facebook.com/sharer.php?u=https%3A%2F%2Fyro.slashdot.org%2Fstory%2F26%2F04%2F15%2F1913213%2Fcalcom-is-going-closed-source-because-of-ai%3Futm_source%3Dslashdot%26utm_medium%3Dfacebook"><img src="https://a.fsdn.com/sd/facebook_icon_large.png"></a> </div></p><p><a href="https://yro.slashdot.org/story/26/04/15/1913213/calcom-is-going-closed-source-because-of-ai?utm_source=rss1.0moreanon&amp;utm_medium=feed">Read more of this story</a> at Slashdot.</p> BeauHD 2026-04-15T21:00:00+00:00 ai blueprint-to-the-bank-vault yro 92 92,92,84,81,20,12,5 https://it.slashdot.org/story/26/04/13/1653212/bookingcom-hit-by-data-breach?utm_source=rss1.0mainlinkanon&utm_medium=feed Booking.com says hackers accessed customer reservation data in a breach that may have exposed booking details, names, email addresses, phone numbers, addresses, and messages shared with accommodations. PCMag reports: On Sunday, users reported receiving emails from Booking.com, warning them that "unauthorized third parties may have been able to access certain booking information associated with your reservation." The email suggests the hackers have already exploited customer information. "We recently noticed suspicious activity affecting a number of reservations, and we immediately took action to contain the issue," Booking.com wrote. "Based on the findings of our investigation to date, accessed information could include booking details and name(s), emails, addresses, phone numbers associated with the booking, and anything that you may have shared with the accommodation." Amsterdam-based Booking.com has now generated new PINs for customer reservations to prevent hackers from accessing them. Still, the incident risks exposing affected customers to potential phishing scams. The Australian Broadcasting Corporation and several Reddit users say they received scam messages from accounts posing as Booking.com.<p><div class="share_submission" style="position:relative;"> <a class="slashpop" href="http://twitter.com/home?status=Booking.com+Hit+By+Data+Breach%3A+https%3A%2F%2Fit.slashdot.org%2Fstory%2F26%2F04%2F13%2F1653212%2F%3Futm_source%3Dtwitter%26utm_medium%3Dtwitter"><img src="https://a.fsdn.com/sd/twitter_icon_large.png"></a> <a class="slashpop" href="http://www.facebook.com/sharer.php?u=https%3A%2F%2Fit.slashdot.org%2Fstory%2F26%2F04%2F13%2F1653212%2Fbookingcom-hit-by-data-breach%3Futm_source%3Dslashdot%26utm_medium%3Dfacebook"><img src="https://a.fsdn.com/sd/facebook_icon_large.png"></a> </div></p><p><a href="https://it.slashdot.org/story/26/04/13/1653212/bookingcom-hit-by-data-breach?utm_source=rss1.0moreanon&amp;utm_medium=feed">Read more of this story</a> at Slashdot.</p> BeauHD 2026-04-13T18:00:00+00:00 security another-day-another-breach it 15 15,15,11,9,6,5,2 https://news.slashdot.org/story/26/04/12/1728224/botched-it-upgrade-ended-liquor-sales-for-the-entire-state-of-mississippi?utm_source=rss1.0mainlinkanon&utm_medium=feed Mississippi has one warehouse &mdash; run by a contractor &mdash; that sells all the liquor for the entire state of 2.9 million people. "If a restaurant or store anywhere in Mississippi wanted a bottle of Jim Beam, they had to order it from the wholesale warehouse," reports the Washington Post. But then Mississippi's warehouse-managing contractor implemented a new computer system that wasn't compatible with the state's delivery system (like they'd promised it would be back in 2023). And then things got even worse... "The problem, business owners allege, is that the company tore out the conveyor belts but didn't hire humans to replace them." In February a state Revenue Department commissioner told lawmakers the state was hiring temporary replacement workers, but in the five weeks through March 29th they'd only managed to reduce "pending" orders by 21.7%, from 218,851 down to 171,190, according to stats from Mississippi Today. At least four Mississippi businesses are now suing the warehouse operator "claiming breach of contract and harm to their business." So what's it like in a state suddenly running dry? The Washington Post reports: Willie the one-eyed skeleton is dressed for Cinco de Mayo, but the liquor store where Willie sits ran out of Jose Cuervo months ago. Arrow Wine and Spirits is also out of Tito's and Burnett's vodka, Franzia boxed wine, Jack Daniels, and every kind of premixed margarita... Restaurants in Jackson had no wine on Valentine's Day, and bars on the Gulf Coast ran dry before Mardi Gras. At least five liquor shops have closed, and if cheap pints don't hit the corner stores soon, many of them will, too... [A]s both the state and its businesses lose millions in revenue, many say they see no real end to the crisis. Nearly 174,000 cases of alcohol are sitting in a warehouse north of Jackson, but no one seems to know how to get them out the door... Even the shops that have received deliveries say they often get the wrong thing &mdash; Jell-O shots, for instance, that should have been small-batch Norwegian gin... At Willie the one-eyed skeleton's liquor store they'd previously made 300 to 400 sales a day, according to the article, but last week had 34 customers. And Mississippi is one of 17 U.S. states requiring liquor stores to buy their liquor from distribution centers controlled by the state's Department of Revenue... Mississippi Today points out that while some want the state to finally privatize liquor distribution, "The state collects around $120 million a year in taxes on alcohol." Plus the state has already authorized "borrowing $95 million to construct a new warehouse, set to begin operations in 2027..." Thanks to Slashdot reader jrnvk for sharing the news.<p><div class="share_submission" style="position:relative;"> <a class="slashpop" href="http://twitter.com/home?status=Botched+IT+Upgrade+Ended+Liquor+Sales+for+the+Entire+State+of+Mississippi%3A+https%3A%2F%2Fnews.slashdot.org%2Fstory%2F26%2F04%2F12%2F1728224%2F%3Futm_source%3Dtwitter%26utm_medium%3Dtwitter"><img src="https://a.fsdn.com/sd/twitter_icon_large.png"></a> <a class="slashpop" href="http://www.facebook.com/sharer.php?u=https%3A%2F%2Fnews.slashdot.org%2Fstory%2F26%2F04%2F12%2F1728224%2Fbotched-it-upgrade-ended-liquor-sales-for-the-entire-state-of-mississippi%3Futm_source%3Dslashdot%26utm_medium%3Dfacebook"><img src="https://a.fsdn.com/sd/facebook_icon_large.png"></a> </div></p><p><a href="https://news.slashdot.org/story/26/04/12/1728224/botched-it-upgrade-ended-liquor-sales-for-the-entire-state-of-mississippi?utm_source=rss1.0moreanon&amp;utm_medium=feed">Read more of this story</a> at Slashdot.</p> EditorDavid 2026-04-12T17:34:00+00:00 beer dry-February news 118 118,112,99,86,33,17,12 https://it.slashdot.org/story/26/04/11/012218/cpuid-site-hijacked-to-serve-malware-instead-of-hwmonitor-downloads?utm_source=rss1.0mainlinkanon&utm_medium=feed Attackers briefly hijacked part of CPUID's backend and swapped legitimate download links on its site with malware-laced ones. "The issue hit tools like HWMonitor and CPU-Z, with users on Reddit and elsewhere starting to notice something wasn't right when installers tripped antivirus alerts or showed up under odd names," reports The Register. From the report: CPUID has since confirmed the breach, pinning it on a compromised backend component rather than tampering with its software builds. "Investigations are still ongoing, but it appears that a secondary feature (basically a side API) was compromised for approximately six hours between April 9 and April 10, causing the main website to randomly display malicious links (our signed original files were not compromised)," one of the site's owners said in a post on X. "The breach was found and has since been fixed." The files themselves appear to have been left alone and remain properly signed, so it doesn't seem like anyone got into the build process. Instead, the problem sat in front of that, in how downloads were being served. For anyone who hit the site during that stretch, though, that distinction offers little comfort. If the link you clicked had been swapped out, you were pulling whatever it pointed to, whether you realized it or not.<p><div class="share_submission" style="position:relative;"> <a class="slashpop" href="http://twitter.com/home?status=CPUID+Site+Hijacked+To+Serve+Malware+Instead+of+HWMonitor+Downloads%3A+https%3A%2F%2Fit.slashdot.org%2Fstory%2F26%2F04%2F11%2F012218%2F%3Futm_source%3Dtwitter%26utm_medium%3Dtwitter"><img src="https://a.fsdn.com/sd/twitter_icon_large.png"></a> <a class="slashpop" href="http://www.facebook.com/sharer.php?u=https%3A%2F%2Fit.slashdot.org%2Fstory%2F26%2F04%2F11%2F012218%2Fcpuid-site-hijacked-to-serve-malware-instead-of-hwmonitor-downloads%3Futm_source%3Dslashdot%26utm_medium%3Dfacebook"><img src="https://a.fsdn.com/sd/facebook_icon_large.png"></a> </div></p><p><a href="https://it.slashdot.org/story/26/04/11/012218/cpuid-site-hijacked-to-serve-malware-instead-of-hwmonitor-downloads?utm_source=rss1.0moreanon&amp;utm_medium=feed">Read more of this story</a> at Slashdot.</p> BeauHD 2026-04-11T07:00:00+00:00 security PSA it 13 13,10,10,9,3,2,2 https://it.slashdot.org/story/26/04/10/1620217/google-rolls-out-gmail-end-to-end-encryption-on-mobile-devices?utm_source=rss1.0mainlinkanon&utm_medium=feed Gmail's end-to-end encryption is now available on all Android and iOS devices, letting enterprise users send and read encrypted emails directly in the app without any extra tools. "This launch combines the highest level of privacy and data encryption with a user-friendly experience for all users, enabling simple encrypted email for all customers from small businesses to enterprises and public sector," Google announced in a blog post. BleepingComputer reports: Starting this week, encrypted messages will be delivered as regular emails to Gmail recipients' inboxes if they use the Gmail app. Recipients who don't have the Gmail mobile app and use other email services can read them in a web browser, regardless of the device and service they're using. [...] This feature is now available for all client-side encryption (CSE) users with Enterprise Plus licenses and the Assured Controls or Assured Controls Plus add-on after admins enable the Android and iOS clients in the CSE admin interface via the Admin Console. Gmail's end-to-end encryption (E2EE) feature is powered by the client-side encryption (CSE) technical control, which allows Google Workspace organizations to use encryption keys they control and are stored outside Google's servers to protect sensitive documents and emails.<p><div class="share_submission" style="position:relative;"> <a class="slashpop" href="http://twitter.com/home?status=Google+Rolls+Out+Gmail+End-To-End+Encryption+On+Mobile+Devices%3A+https%3A%2F%2Fit.slashdot.org%2Fstory%2F26%2F04%2F10%2F1620217%2F%3Futm_source%3Dtwitter%26utm_medium%3Dtwitter"><img src="https://a.fsdn.com/sd/twitter_icon_large.png"></a> <a class="slashpop" href="http://www.facebook.com/sharer.php?u=https%3A%2F%2Fit.slashdot.org%2Fstory%2F26%2F04%2F10%2F1620217%2Fgoogle-rolls-out-gmail-end-to-end-encryption-on-mobile-devices%3Futm_source%3Dslashdot%26utm_medium%3Dfacebook"><img src="https://a.fsdn.com/sd/facebook_icon_large.png"></a> </div></p><p><a href="https://it.slashdot.org/story/26/04/10/1620217/google-rolls-out-gmail-end-to-end-encryption-on-mobile-devices?utm_source=rss1.0moreanon&amp;utm_medium=feed">Read more of this story</a> at Slashdot.</p> BeauHD 2026-04-10T17:00:00+00:00 encryption natively-supported it 27 27,27,25,23,9,2,2 https://it.slashdot.org/story/26/04/09/194221/openai-to-limit-new-model-release-on-cybersecurity-fears?utm_source=rss1.0mainlinkanon&utm_medium=feed OpenAI is reportedly preparing a new cybersecurity product for a small group of partners, out of concern that a broader rollout could wreak havoc if it were released more widely. If that move sounds familiar, it's because Anthropic took a similar limited-release approach with its Mythos model and Project Glasswing initiative. Axios reports: OpenAI introduced its "Trusted Access for Cyber" pilot program in February after rolling out GPT-5.3-Codex, the company's most cyber-capable reasoning model. Organizations in the invite-only program are given access to "even more cyber capable or permissive models to accelerate legitimate defensive work," according to a blog post. At the time, OpenAI committed $10 million in API credits to participants. [...] Restricting the rollout of a new frontier model makes "more sense" if companies are concerned about models' ability to write new exploits -- rather than about their ability to find bugs in the first place, Stanislav Fort, CEO of security firm Aisle, told Axios. Staggering the release of new AI models looks a lot like how cybersecurity vendors currently handle the disclosure of security flaws in software, Lee added. "It's the same debate we've had for decades around responsible vulnerability disclosure," Lee said.<p><div class="share_submission" style="position:relative;"> <a class="slashpop" href="http://twitter.com/home?status=OpenAI+To+Limit+New+Model+Release+On+Cybersecurity+Fears%3A+https%3A%2F%2Fit.slashdot.org%2Fstory%2F26%2F04%2F09%2F194221%2F%3Futm_source%3Dtwitter%26utm_medium%3Dtwitter"><img src="https://a.fsdn.com/sd/twitter_icon_large.png"></a> <a class="slashpop" href="http://www.facebook.com/sharer.php?u=https%3A%2F%2Fit.slashdot.org%2Fstory%2F26%2F04%2F09%2F194221%2Fopenai-to-limit-new-model-release-on-cybersecurity-fears%3Futm_source%3Dslashdot%26utm_medium%3Dfacebook"><img src="https://a.fsdn.com/sd/facebook_icon_large.png"></a> </div></p><p><a href="https://it.slashdot.org/story/26/04/09/194221/openai-to-limit-new-model-release-on-cybersecurity-fears?utm_source=rss1.0moreanon&amp;utm_medium=feed">Read more of this story</a> at Slashdot.</p> BeauHD 2026-04-09T20:00:00+00:00 security familiar-moves it 37 37,36,34,31,8,3,1 https://yro.slashdot.org/story/26/04/09/1720203/hacker-steals-10-petabytes-of-data-from-chinas-tianjin-supercomputer-center?utm_source=rss1.0mainlinkanon&utm_medium=feed An anonymous reader quotes a report from CNN: A hacker has allegedly stolen a massive trove of sensitive data -- including highly classified defense documents and missile schematics -- from a state-run Chinese supercomputer in what could potentially constitute the largest known heist of data from China. The dataset, which allegedly contains more than 10 petabytes of sensitive information, is believed by experts to have been obtained from the National Supercomputing Center (NSCC) in Tianjin -- a centralized hub that provides infrastructure services for more than 6,000 clients across China, including advanced science and defense agencies. Cyber experts who have spoken to the alleged hacker and reviewed samples of the stolen data they posted online say they appeared to gain entry to the massive computer with comparative ease and were able to siphon out huge amounts of data over the course of multiple months without being detected. An account calling itself FlamingChina posted a sample of the alleged dataset on an anonymous Telegram channel on February 6, claiming it contained "research across various fields including aerospace engineering, military research, bioinformatics, fusion simulation and more." The group alleges the information is linked to "top organizations" including the Aviation Industry Corporation of China, the Commercial Aircraft Corporation of China, and the National University of Defense Technology. Cyber security experts who have reviewed the data say the group is offering a limited preview of the alleged dataset, for thousands of dollars, with full access priced at hundreds of thousands of dollars. Payment was requested in cryptocurrency. CNN cannot verify the origins of the alleged dataset and the claims made by FlamingChina, but spoke with multiple experts whose initial assessment of the leak indicated it was genuine. The alleged sample data appeared to include documents marked "secret" in Chinese, along with technical files, animated simulations and renderings of defense equipment including bombs and missiles.<p><div class="share_submission" style="position:relative;"> <a class="slashpop" href="http://twitter.com/home?status=Hacker+Steals+10+Petabytes+of+Data+From+China's+Tianjin+Supercomputer+Center%3A+https%3A%2F%2Fyro.slashdot.org%2Fstory%2F26%2F04%2F09%2F1720203%2F%3Futm_source%3Dtwitter%26utm_medium%3Dtwitter"><img src="https://a.fsdn.com/sd/twitter_icon_large.png"></a> <a class="slashpop" href="http://www.facebook.com/sharer.php?u=https%3A%2F%2Fyro.slashdot.org%2Fstory%2F26%2F04%2F09%2F1720203%2Fhacker-steals-10-petabytes-of-data-from-chinas-tianjin-supercomputer-center%3Futm_source%3Dslashdot%26utm_medium%3Dfacebook"><img src="https://a.fsdn.com/sd/facebook_icon_large.png"></a> </div></p><p><a href="https://yro.slashdot.org/story/26/04/09/1720203/hacker-steals-10-petabytes-of-data-from-chinas-tianjin-supercomputer-center?utm_source=rss1.0moreanon&amp;utm_medium=feed">Read more of this story</a> at Slashdot.</p> BeauHD 2026-04-09T19:00:00+00:00 privacy largest-ever-China-hack yro 71 71,69,57,54,15,5,4 https://it.slashdot.org/story/26/04/08/2139228/iran-linked-hackers-disrupted-us-oil-gas-water-sites?utm_source=rss1.0mainlinkanon&utm_medium=feed The FBI says (PDF) Iran-linked hackers disrupted internet-connected systems used by U.S. oil, gas, and water companies. Even with the recent two-week ceasefire between Iran and the United States and Israel, hackers backing Tehran say they won't end their retaliatory cyberattacks. The Hill reports: The report warned that similar companies across the country should be aware of an increased push by hackers to take over programmable logic controller (PLC) systems, which can be used to digitally control physical machinery from remote locations. Secure internet access for PLCs from one company, Rockwell Automation, were removed by Iran-linked coders who then "maliciously interacted with project files and altered data," according to the report. Hackers first gained access to some of the platforms in January of last year. All access to compromised platforms ended in March, the report said. The FBI said the move resulted in "operational disruption" and "financial loss." [...] Rockwell Automation wasn't the only company to recently face cyberattacks from Iran-linked hackers. Stryker, a major U.S. medical device maker, was targeted by Iran-affiliated coders in mid-March. It was unclear if physical operations were affected by the security breach. FBI Director Kash Patel was personally impacted by hackers who leaked his emails and records related to his personal travels and business from more than 10 years ago. [...] The FBI urged companies to adopt network defenders and multifactor authentication to prevent future attacks. Tuesday's report was published alongside the National Security Agency, the Department of Energy, and the Cybersecurity and Infrastructure Security Agency. "Government and experts have been warning about internet connected systems for years, and how vulnerable they are," one source familiar with the federal investigation into the hacks told CNN. Many companies have "ealready removed those systems and followed the guidance," the person added.<p><div class="share_submission" style="position:relative;"> <a class="slashpop" href="http://twitter.com/home?status=Iran-Linked+Hackers+Disrupted+US+Oil%2C+Gas%2C+Water+Sites%3A+https%3A%2F%2Fit.slashdot.org%2Fstory%2F26%2F04%2F08%2F2139228%2F%3Futm_source%3Dtwitter%26utm_medium%3Dtwitter"><img src="https://a.fsdn.com/sd/twitter_icon_large.png"></a> <a class="slashpop" href="http://www.facebook.com/sharer.php?u=https%3A%2F%2Fit.slashdot.org%2Fstory%2F26%2F04%2F08%2F2139228%2Firan-linked-hackers-disrupted-us-oil-gas-water-sites%3Futm_source%3Dslashdot%26utm_medium%3Dfacebook"><img src="https://a.fsdn.com/sd/facebook_icon_large.png"></a> </div></p><p><a href="https://it.slashdot.org/story/26/04/08/2139228/iran-linked-hackers-disrupted-us-oil-gas-water-sites?utm_source=rss1.0moreanon&amp;utm_medium=feed">Read more of this story</a> at Slashdot.</p> BeauHD 2026-04-08T22:00:00+00:00 security PSA it 93 93,86,64,59,15,8,3 https://tech.slashdot.org/story/26/04/08/1715213/microsoft-abruptly-terminates-veracrypt-account-halting-windows-updates?utm_source=rss1.0mainlinkanon&utm_medium=feed Microsoft has apparently terminated the account VeraCrypt uses to sign its Windows drivers and bootloader, leaving the encryption project unable to publish Windows updates and throwing future releases into doubt. VeraCrypt's developer says Microsoft gave no clear explanation or warning for the move. "I didn't receive any emails from Microsoft nor any prior warnings," Mounir Idrassi, VeraCrypt's developer, told 404 Media. From the report: VeraCrypt is an open-source tool for encrypting data at rest. Users can create encrypted partitions on their drives, or make individual encrypted volumes to store their files in. Like its predecessor TrueCrypt, which VeraCrypt is based on, it also lets users create a second, innocuous looking volume if they are compelled to hand over their credentials. Last week, Idrassi took to the SourceForge forums to explain why he had been absent for a few months. The most serious challenge, he wrote, "is that Microsoft terminated the account I have used for years to sign Windows drivers and the bootloader." "Regarding VeraCrypt, I cannot publish Windows updates. Linux and macOS updates can still be done but Windows is the platform used by the majority of users and so the inability to deliver Windows releases is a major blow to the project," he continued. "Currently I'm out of options." Idrassi told 404 Media the termination happened in mid-January. "I was surprised to discover that I could no longer use my account," he said. On the forum and in the email to 404 Media, Idrassi shared what he said was the only message he received connected to the account shutdown. "Based on the information you have provided to date, we have determined that your organization does not currently meet the requirements to pass verification. There are no appeals available, we have closed your application," it reads. Idrassi told 404 Media the message is concerning his company IDRIX. "As you can read in their message, they say that the organization (IDRIX) doesn't meet their requirements, but I don't see which requirement IDRIX suddenly stopped meeting," he said. Idrassi said he has tried contacting Microsoft support, but he received automated responses that he believes contained AI-generated text.<p><div class="share_submission" style="position:relative;"> <a class="slashpop" href="http://twitter.com/home?status=Microsoft+Abruptly+Terminates+VeraCrypt+Account%2C+Halting+Windows+Updates%3A+https%3A%2F%2Ftech.slashdot.org%2Fstory%2F26%2F04%2F08%2F1715213%2F%3Futm_source%3Dtwitter%26utm_medium%3Dtwitter"><img src="https://a.fsdn.com/sd/twitter_icon_large.png"></a> <a class="slashpop" href="http://www.facebook.com/sharer.php?u=https%3A%2F%2Ftech.slashdot.org%2Fstory%2F26%2F04%2F08%2F1715213%2Fmicrosoft-abruptly-terminates-veracrypt-account-halting-windows-updates%3Futm_source%3Dslashdot%26utm_medium%3Dfacebook"><img src="https://a.fsdn.com/sd/facebook_icon_large.png"></a> </div></p><p><a href="https://tech.slashdot.org/story/26/04/08/1715213/microsoft-abruptly-terminates-veracrypt-account-halting-windows-updates?utm_source=rss1.0moreanon&amp;utm_medium=feed">Read more of this story</a> at Slashdot.</p> BeauHD 2026-04-08T17:00:00+00:00 encryption delicate-supply-chain technology 102 102,101,91,78,31,16,13 https://it.slashdot.org/story/26/04/07/2326240/russian-government-hackers-broke-into-thousands-of-home-routers-to-steal-passwords?utm_source=rss1.0mainlinkanon&utm_medium=feed An anonymous reader quotes a report from TechCrunch: A group of Russian government hackers have hijacked thousands of home and small business routers around the world as part of an ongoing campaign aimed at redirecting victim's internet traffic to steal their passwords and access tokens, security researchers and government authorities warned on Tuesday. [...] The hacking group targeted unpatched routers made by MikroTik and TP-Link using previously disclosed vulnerabilities according to the U.K. government's cybersecurity unit NCSC and Lumen's research arm Black Lotus Labs, which released new details of the campaign Tuesday. According to the researchers, the hackers were able to spy on large numbers of people over the course of several years by compromising their routers, many of which run outdated software, leaving them vulnerable to remote attacks without their owners' knowledge. The NCSC said that these operations are "likely opportunistic in nature, with the actor casting a wide net to reach many potential victims, before narrowing in on targets of intelligence interest as the attack develops." Per the researchers and government advisories, the Russian hackers hacked routers to modify the device's settings so that the victim's internet requests are surreptitiously passed to infrastructure run by the hackers. This allows the hackers to redirect victims to spoof websites under their control, then steal passwords and tokens that let the hackers log in to that victim's online accounts without needing their two-factor authentication codes. Black Lotus Labs said that Fancy Bear compromised at least 18,000 victims in around 120 countries, including government departments, law enforcement agencies, and email providers across North Africa, Central America, and Southeast Asia. Microsoft, which also released details of the campaign on Tuesday, said in a blog post that its researchers identified over 200 organizations and 5,000 consumer devices affected by these hacking operations, including at least three government organizations in Africa. The Justice Department said Tuesday it neutralized compromised routers in the U.S. under court authorization. As the DOJ put it, the FBI "developed a series of commands to send to compromised routers" to collect evidence, reset settings, and prevent hackers from breaking back in.<p><div class="share_submission" style="position:relative;"> <a class="slashpop" href="http://twitter.com/home?status=Russian+Government+Hackers+Broke+Into+Thousands+of+Home+Routers+To+Steal+Passwords%3A+https%3A%2F%2Fit.slashdot.org%2Fstory%2F26%2F04%2F07%2F2326240%2F%3Futm_source%3Dtwitter%26utm_medium%3Dtwitter"><img src="https://a.fsdn.com/sd/twitter_icon_large.png"></a> <a class="slashpop" href="http://www.facebook.com/sharer.php?u=https%3A%2F%2Fit.slashdot.org%2Fstory%2F26%2F04%2F07%2F2326240%2Frussian-government-hackers-broke-into-thousands-of-home-routers-to-steal-passwords%3Futm_source%3Dslashdot%26utm_medium%3Dfacebook"><img src="https://a.fsdn.com/sd/facebook_icon_large.png"></a> </div></p><p><a href="https://it.slashdot.org/story/26/04/07/2326240/russian-government-hackers-broke-into-thousands-of-home-routers-to-steal-passwords?utm_source=rss1.0moreanon&amp;utm_medium=feed">Read more of this story</a> at Slashdot.</p> BeauHD 2026-04-08T03:30:00+00:00 security behind-the-scenes it 70 70,68,62,58,15,6,4 https://it.slashdot.org/story/26/04/07/2115208/anthropic-unveils-claude-mythos-powerful-ai-with-major-cyber-implications?utm_source=rss1.0mainlinkanon&utm_medium=feed "Anthropic has unveiled Claude Mythos, a new AI model capable of discovering critical vulnerabilities at scale," writes Slashdot reader wiredmikey. "It's already powering Project Glasswing, a joint effort with major tech firms to secure critical software. But the same capabilities could also accelerate offensive cyber operations." SecurityWeek reports: Mythos is not an incremental improvement but a step change in performance over Anthropic's current range of frontier models: Haiku (smallest), Sonnet (middle ground), and Opus (most powerful). Mythos sits in a fourth tier named Copybara, and Anthropic describes it as superior to any other existing AI frontier model. It incorporates the current trend in the use of AI: the modern use of agentic AI. "The powerful cyber capabilities of Claude Mythos Preview are a result of its strong agentic coding and reasoning skills... the model has the highest scores of any model yet developed on a variety of software coding tasks," notes Anthropic in a blog titled Project Glasswing -- Securing critical software for the AI era. In the last few weeks, Mythos Preview has identified thousands of zero-day vulnerabilities with many classified as critical. Several are ten or 20 years old -- the oldest found so far is a 27-years old bug in OpenBSD. Elsewhere, a 16-years old vulnerability found in video software has survived five million hits from other automated testing tools without ever being discovered. And it autonomously found and chained together several in the Linux kernel allowing an attacker to escalate from ordinary user access to complete control of the machine. [...] Anthropic is concerned that Mythos' capabilities could unleash cyberattacks too fast and too sophisticated for defenders to block. It hopes that Mythos can be used to improve cybersecurity generally before malicious actors can get access to it. To this end, the firm has announced the next stage of this preparation as Project Glasswing, powered by Mythos Preview. Given the rate of AI progress, it will not be long before such capabilities proliferate, potentially beyond actors who are committed to deploying them safely. "Project Glasswing is a starting point. No one organization can solve these cybersecurity problems alone: frontier AI developers, other software companies, security researchers, open-source maintainers, and governments across the world all have essential roles to play." Claude Mythos Preview is described as a general-purpose, unreleased frontier model from Anthropic that has nevertheless completed its training phase. The firm does not plan to make Mythos Preview generally available. The implication is that 'Preview' is a term used solely to describe the current state of Mythos and the market's readiness to receive it, and will be dropped when the firm gets closer to general release.<p><div class="share_submission" style="position:relative;"> <a class="slashpop" href="http://twitter.com/home?status=Anthropic+Unveils+'Claude+Mythos'%2C+Powerful+AI+With+Major+Cyber+Implications%3A+https%3A%2F%2Fit.slashdot.org%2Fstory%2F26%2F04%2F07%2F2115208%2F%3Futm_source%3Dtwitter%26utm_medium%3Dtwitter"><img src="https://a.fsdn.com/sd/twitter_icon_large.png"></a> <a class="slashpop" href="http://www.facebook.com/sharer.php?u=https%3A%2F%2Fit.slashdot.org%2Fstory%2F26%2F04%2F07%2F2115208%2Fanthropic-unveils-claude-mythos-powerful-ai-with-major-cyber-implications%3Futm_source%3Dslashdot%26utm_medium%3Dfacebook"><img src="https://a.fsdn.com/sd/facebook_icon_large.png"></a> </div></p><p><a href="https://it.slashdot.org/story/26/04/07/2115208/anthropic-unveils-claude-mythos-powerful-ai-with-major-cyber-implications?utm_source=rss1.0moreanon&amp;utm_medium=feed">Read more of this story</a> at Slashdot.</p> BeauHD 2026-04-07T22:00:00+00:00 ai cybersecurity-reckoning it 61 61,58,53,46,16,10,6 Search Slashdot stories query https://it.slashdot.org/search.pl