That groan you hear is users’ reaction to Recall going back into Windows
Snapshotting and AI processing a screen every 3 seconds. What could possibly go wrong?
Dan Goodin
–
|
460
Dan Goodin
Senior Security Editor
[email protected]
Dan Goodin is Senior Security Editor at Ars Technica, where he oversees coverage of malware, computer espionage, botnets, hardware hacking, encryption, and passwords. A journalist with more than 25 years experience, he has been chronicling the exploits of white-hat, grey-hat and black-hat hackers since 2005 as a reporter for the Associated Press and later, The Register. He has a Bachelors Degree in English from the University of Massachusetts and a Masters of Journalism from UC Berkeley. In his spare time, he enjoys gardening, cooking, and following the independent music scene. Based in San Francisco, Dan can receive encrypted messages over Signal at DanArs.82. You can find him on Mastodon at here and on Bluesky at here.
Recent stories by
Dan Goodin
Researcher uncovers dozens of sketchy Chrome extensions with 4 million installs
Even weirder: Why would Google give so many the "Featured" stamp for trustworthiness?
Dan Goodin
–
|
49
OpenAI helps spammers plaster 80,000 sites with messages that bypassed filters
Company didn't notice its chatbot was being abused for (at least) 4 months.
Dan Goodin
–
|
30
“The girl should be calling men.” Leak exposes Black Basta’s influence tactics.
Disclosure of tactics, techniques, and procedures provides rare glimpse into secretive group.
Dan Goodin
–
|
61
NSA warns “fast flux” threatens national security. What is fast flux anyway?
Used by nation-states and crime groups, fast flux bypasses many common defenses.
Dan Goodin
–
|
80
Gmail unveils end-to-end encrypted messages. Only thing is: It’s not true E2EE.
Yes, encryption/decryption occurs on end-user devices, but there's a catch.
Dan Goodin
–
|
71
FBI raids home of prominent computer scientist who has gone incommunicado
Indiana University quietly removes profile of tenured professor and refuses to say why.
Dan Goodin
–
|
438
Oracle has reportedly suffered 2 separate breaches exposing thousands of customers‘ PII
Alleged breaches affect Oracle Cloud and Oracle Health.
Dan Goodin
–
|
56
Most Read
Gemini hackers can deliver more potent attacks with a helping hand from… Gemini
Hacking LLMs has always been more art than science. A new attack on Gemini could change that.
Dan Goodin
–
|
37
Large enterprises scramble after supply-chain attack spills their secrets
tj-actions/changed-files corrupted to run credential-stealing memory scraper.
Dan Goodin
–
|
84
Android apps laced with North Korean spyware found in Google Play
Google's Firebase platform also hosted configuration settings used by the apps.
Dan Goodin
–
|
23
Apple patches 0-day exploited in “extremely sophisticated attack”
0-day exploited by maliciously crafted web content to break out of security sandbox.
Dan Goodin
–
|
65
Nearly 1 million Windows devices targeted in advanced “malvertising” spree
Malware stole login credentials, cryptocurrency, and more from infected machines.
Dan Goodin
–
|
55
Massive botnet that appeared overnight is delivering record-size DDoSes
Eleven11bot infects video recorders, with the largest concentration of them in the US.
Dan Goodin
–
|
60
Threat posed by new VMware hyperjacking vulnerabilities is hard to overstate
Just one compromised VM can make all other VMs on that hypervisor sitting ducks.
Dan Goodin
–
|
37
Serbian student’s Android phone compromised by exploit from Cellebrite
Android users who haven't installed Google's February patch batch should do so ASAP.
Dan Goodin
–
|
50
Copilot exposes private GitHub pages, some removed by Microsoft
Repositories, once set to public and later to private, still accessible through Copilot.
Dan Goodin
–
|
64
Google Password Manager finally syncs to iOS—here’s how
Chrome for iOS no longer syncs solely to iCloud.
Dan Goodin
–
|
38
How North Korea pulled off a $1.5 billion crypto heist—the biggest in history
Attack on Bybit didn't hack infrastructure or exploit smart contract code. So how did it work?
Dan Goodin
–
|
225
Leaked chat logs expose inner workings of secretive ransomware group
Researchers are poring over the data and feeding it into ChatGPT.
Dan Goodin
–
|
40
Notorious crooks broke into a company network in 48 minutes. Here’s how.
Report sheds new light on the tactics allowing attackers to move at breakneck speed.
Dan Goodin
–
|
40
Microsoft warns that the powerful XCSSET macOS malware is back with new tricks
XCSSET has been targeting Mac users since 2020.
Dan Goodin
–
|
28
What is device code phishing, and why are Russian spies so successful at it?
Overlooked attack method has been used since last August in a rash of account takeovers.
Dan Goodin
–
|
27
Financially motivated hackers are helping their espionage counterparts and vice versa
Two players who mostly worked independently are increasingly collaborative.
Dan Goodin
–
|
21
New hack uses prompt injection to corrupt Gemini’s long-term memory
There's yet another way to inject malicious prompts into chatbots.
Dan Goodin
–
|
45
DeepSeek iOS app sends data unencrypted to ByteDance-controlled servers
Apple's defenses that protect data from being sent in the clear are globally disabled.
Dan Goodin
–
|
107
7-Zip 0-day was exploited in Russia’s ongoing invasion of Ukraine
Vulnerability stripped MotW tag Windows uses to flag Internet-downloaded files.
Dan Goodin
–
|
41
Go Module Mirror served backdoor to devs for 3+ years
Supply chain attack targets developers using the Go programming language.
Dan Goodin
–
|
36
22-year-old math wiz indicted for alleged DeFI hack that stole $65M
22-year-old Andean Medjedovic of Canada could spend decades in prison if convicted.
Dan Goodin
–
|
88
Apple chips can be hacked to leak secrets from Gmail, iCloud, and more
Side channel gives unauthenticated remote attackers access they should never have.
Dan Goodin
–
|
83
Backdoor infecting VPNs used “magic packets” for stealth and security
J-Magic backdoor infected organizations in a wide array of industries.
Dan Goodin
–
|
36
Data breach hitting PowerSchool looks very, very bad
Schools are now notifying families their data has been stolen.
Dan Goodin
–
|
161
Researchers say new attack could take down the European power grid
Power grid in Central Europe uses unencrypted radio signals to add and shed loads.
Dan Goodin
–
|
63
The Internet is (once again) awash with IoT botnets delivering record DDoSes
Bigger, badder DDoSes are flooding the Internet. Dismal IoT security is largely to blame.
Dan Goodin
–
|
50
Microsoft patches Windows to eliminate Secure Boot bypass threat
File that neutered Secure Boot passed Microsoft's internal review process.
Dan Goodin
–
|
36
Microsoft sues service for creating illicit content with its AI platform
Service used undocumented APIs and other tricks to bypass safety guardrails.
Dan Goodin
–
|
61