❌

普通视图

发现新文章，点击刷新页面。

昨天 — 2025年7月14日首页

Tomshardware
McDonald's McHire bot exposed personal information of 64M people by using '123456' as a password in 2025 2025年7月13日 21:09

McDonald's McHire bot exposed personal information of 64M people by using '123456' as a password in 2025

2025年7月13日 21:09

A pair of security researchers have revealed vulnerabilities in the McHire chatbot Paradox developed for McDonald's that could have been exploited to reveal personal information about roughly 64 million people who have used the service to apply for jobs at their local franchises. (Hat-tip Wired.)

A picture of a child dressed as Ronald McDonald looking sad

Security vulnerability on U.S. trains that let anyone activate the brakes on the rear car was known for 13 years — operators refused to fix the issue until now

作者 editors@tomshardware.com (Jowi Morales)

2025年7月13日 20:29

A security researcher discovered that the wireless RF communication between the first and last car of American trains isn't encrypted.

Freight Train

昨天以前首页

Russian pro basketball player gets the cuffs for allegedly being a member of ransomware gang — lawyer claims client "sucks at computers and is not even able to install an application"

作者 editors@tomshardware.com (Jowi Morales)

2025年7月12日 23:49

Russian basketball player Daniil Kasatkin is suspected of acting as a ransomware negotiator for the ransomware gang behind some of the attacks in the U.S. between 2020 and 2022.

Daniil Kasatkin

Tomshardware
Czechia warns that DeepSeek can share all user information with the Chinese government 2025年7月12日 02:05

Czechia warns that DeepSeek can share all user information with the Chinese government

2025年7月12日 02:05

U.S. lawmakers issued similar warnings after the China-based AI company released its eponymous chatbot.

DeepSeek app in front of China flag

Bitcoin Depot tells 27,000 crypto ATM customers that it leaked their personal information, but waited a year to disclose due to an ongoing investigation

2025年7月10日 20:25

Bitcoin Depot is reportedly informing nearly 27,000 users of its crypto-dispensing ATMs that someone made off with their personal information in June 2024.

Crypto

AI malware can now evade Microsoft Defender — open-source LLM outsmarts tool around 8% of the time after three months of training

2025年7月10日 19:29

Researchers spent three months and approximately $1,500 training the open-source Qwen 2.5 LLM to bypass Microsoft Defender

Cybersecurity

Tomshardware
IBM's new Power11 server chips are focused on two things: AI and ransomware 2025年7月9日 18:00

IBM's new Power11 server chips are focused on two things: AI and ransomware

2025年7月9日 18:00

The company says the new servers can detect ransomware attacks within a minute of their start.

IBM logo on a metallic surface

Popular industry security tool repurposed by cybercriminals to deploy infostealer malware — Shellter developer blasts 'reckless and unprofessional' researchers for not disclosing issue for months

2025年7月8日 23:09

The developers behind a popular industry security tool say it has been repurposed by hackers, but blame a research group for not disclosing a vulnerability months earlier.

Malware Warning

Hacker 'turf war' unfolding as Russian DragonForce ransomware gang drama could lead to 'double extortions,' making life even worse for potential victims

2025年7月8日 03:41

Through the fire and flames they saw... a reason to pick a fight with RansomHub.

laptop on fire

Recertified HDD vendor goHardDrive caught leaking thousands of customer details — company pays astonishingly low $20 bug bounty for discovery of inexplicable online database of names, addresses, phone numbers, and more

作者 editors@tomshardware.com (Jowi Morales)

2025年7月3日 19:06

Developer Michael Lynch accidentally discovered a privacy vulnerability exposing the details of thousands of customers online.

hacker in front of computer

Microsoft's youngest security researcher started collaboration with the company at just 13 — high school junior filed 20 vulnerability reports last summer, named MSRC Most Valuable Researcher twice

2025年7月2日 23:45

Microsoft has published a blog about one of its youngest and most outstanding security researchers. Dylan started work for MSRC age 13.

Microsoft MSRC Blog graphic - Dylan

German charity refuses to comply with Bitcoin ransomware demand — hackers attempt to extort hunger-fighting group for over $2 million

2025年7月2日 23:45

A German hunger-fighting charity is on the hook for some $2 million after being extorted by cybercriminals.

Bitcoin crash coin disintegrating

29 North Korean laptop farms busted by U.S. Department of Justice — illicit IT workers across 16 states reportedly obtained employment with more than 100 U.S. companies to help fund regime

2025年7月2日 18:31

The Department of Justice says it searched 29 known or suspected laptop farms in 16 states, leading to a series of arrests and seizures.

Laptop hand

Rogue IT worker gets seven months in prison over $200,000 digital rampage — technician changed all of his company's passwords after getting suspended

2025年7月1日 23:09

A suspended IT worker who caused at least $200,000 of damage in an act of revenge upon his employer has been sentenced.

Ex-employee cyberattacker sentenced

689 different Brother printer models all use the serial number to create default password — ridiculous security flaw baked in from manufacturing, can't be fully remediated with firmware

2025年6月28日 01:06

689 Brother printer models, along with some from a handful of other manufacturers, are vulnerable to a critical security vulnerability. The printer's default password is determined algorithmically at manufacturing and is reverse-engineerable, and is unfixable via firmware updates.

Brother printers join the dark side

Massive DDoS attack delivered 37.4TB in 45 seconds, equivalent to 10,000 HD movies, to one victim IP address — Cloudflare blocks largest cyber assault ever recorded

作者 editors@tomshardware.com (Jowi Morales)

2025年6月21日 22:54

Cloudflare says that it blocked the 7.3 Tbps of junk traffic in mid-May — the largest DDoS attack to happen in recorded history.

Global DDoS illustration

16 billion accounts exposed in one of the largest data breaches in history — enormous data haul holds two accounts for every human alive

2025年6月19日 23:16

A collection of entirely new data leak datasets has been uncovered by security researchers, exposing 16 billion new records to the public. The data was sourced from around the world, with breaches on this scale easily contributing to massive future attacks.

3D illustration of several file cabinets full of folders.

University researchers tout using smartwatches to steal data from air-gapped systems — SmartAttack paper proposes using wearable as a covert ultrasonic signal receiver

作者 stephen.warwick@futurenet.com (Stephen Warwick)

2025年6月13日 19:10

A new air-gap attack dubbed 'SmartAttack' theorizes using a smartwatch to capture covert signals and steal information.

IT server

Massive privacy concern: over 40,000 security cameras are streaming unsecured footage worldwide

作者 editors@tomshardware.com (Kunal Khullar)

2025年6月12日 03:26

Bitsight warns of real-time privacy breaches as cameras in homes, offices, and factories stream openly on the web

Security camera

Asus responds to concerns over 9,000+ routers compromised by botnet — firmware updates and factory reset can purge routers of persistent backdoor

2025年6月5日 18:53

A stealthy botnet attack that has to date infected over 9,000 exposed routers has been addressed by Asus. The company advises users to monitor their SSH access and update firmware to protect against and purge routers from the attack.

Router

9,000 Asus routers compromised by botnet attack and persistent SSH backdoor that even firmware updates can't fix

作者 editors@tomshardware.com (Kunal Khullar)

2025年5月29日 20:14

New botnet campaign exploits legitimate system features to establish deep persistence while remaining virtually undetectable

Asus RT-BE86U

Tomshardware
Flaw in Asus DriverHub makes utility vulnerable to remote code executioneditors@tomshardware.com (Aaron Klotz) 2025年5月14日 01:25

Flaw in Asus DriverHub makes utility vulnerable to remote code execution

作者 editors@tomshardware.com (Aaron Klotz)

2025年5月14日 01:25

A vulnerability has been exposed in Asus' DriverHub utility that makes it vulnerable to remote code execution attacks. Thankfully, the vulnerability has been patched and has not been used in any known hacks.

hacker

Tomshardware
Microsoft makes passkeys the default authentication method for all new accountseditors@tomshardware.com (Jowi Morales) 2025年5月2日 20:49

Microsoft makes passkeys the default authentication method for all new accounts

作者 editors@tomshardware.com (Jowi Morales)

2025年5月2日 20:49

Microsoft says that passkeys reduce password use by 20% and wants to remove password use altogether.

Microsoft passkey login

Tomshardware
Crosswalks in Silicon Valley hacked to play satirical messages from Musk and Zuckerberg sound-a-likes 2025年4月13日 23:22

Crosswalks in Silicon Valley hacked to play satirical messages from Musk and Zuckerberg sound-a-likes

2025年4月13日 23:22

A number of Silicon Valley crosswalks were hacked to sound like U.S. big-tech broligarchs, according to reports published by local media this weekend.

Hacked crosswalks in Silicon Valley

Tomshardware
Akira ransomware can be cracked with 16 RTX 4090 GPUs in around ten hours — new counterattack breaks encryption 2025年3月16日 20:59

Akira ransomware can be cracked with 16 RTX 4090 GPUs in around ten hours — new counterattack breaks encryption

2025年3月16日 20:59

Tinyhack publishes a full how-to guide on brute-forcing past the Akira ransomware's encryption attack and freeing captive files.

GeForce RTX 3090

Apartment buildings broken into with phone in minutes — IoT-connected intercoms using default creds vulnerable to anyone with Google

2025年2月27日 22:47

A wide list of apartment complexes using IoT-connected intercoms still use the default logins from their manuals, making them easily accessible by bad actors.

A broken lock on a PCB.

Tomshardware
FBI identifies North Korea as source of $1.5 billion ByBit hack 2025年2月27日 22:10

FBI identifies North Korea as source of $1.5 billion ByBit hack

2025年2月27日 22:10

The FBI has traced the ByBit crypto exchange hack to a group of North Korean hackers.

Crypto Hacker

Tomshardware
CS2 fans targeted by Streamjackers — viewers swindled out of crypto and Steam valuables 2025年2月24日 01:13

CS2 fans targeted by Streamjackers — viewers swindled out of crypto and Steam valuables

2025年2月24日 01:13

Cybercriminals are targeting the CS2 community with streamjacking scams. Innocents have been lured into sharing Steam credentials, and paying into crypto-doubling scams.

Streamjackers want your digital treasures

Tomshardware
Security researcher finds vulnerability in internet-connected bed, could allow access to all devices on network 2025年2月23日 23:27

Security researcher finds vulnerability in internet-connected bed, could allow access to all devices on network

2025年2月23日 23:27

Web-connected smart bed provider Eight Sleep revealed to be including an SSH backdoor in its beds, as well as exposing a live AWS key.

Eight Sleep's Pod 4 Ultra Smart Bed

Intel roasts AMD and Nvidia in its latest product security report, claiming AMD has vulnerabilities with no fix planned, Nvidia has only high-severity security bugs [Updated]

2025年2月12日 00:26

Intel says that AMD and Nvidia had more vulnerabilities versus its products.

13th Generation Intel CPU

Tomshardware
Backdoor uncovered in China-made patient monitors — Contec CMS8000 raises questions about healthcare device security 2025年2月2日 01:14

Backdoor uncovered in China-made patient monitors — Contec CMS8000 raises questions about healthcare device security

2025年2月2日 01:14

The CISA and FDA have released security warnings about the Contec CMS8000, which is used for patient monitoring.

Contec CMS-8000

Tomshardware
Apple silicon is vulnerable to side-channel speculative execution attacks "FLOP" and "SLAP" 2025年1月30日 02:57

Apple silicon is vulnerable to side-channel speculative execution attacks "FLOP" and "SLAP"

2025年1月30日 02:57

Apple Silicon is extra prone to stolen information thanks to some yet-unpatched speculative execution attacks.

Apple M3 SoC

Tomshardware
Microsoft OneDrive for Business allegedly keeps OCR'ed data in an unprotected format 2025年1月28日 02:52

Microsoft OneDrive for Business allegedly keeps OCR'ed data in an unprotected format

2025年1月28日 02:52

Security experts warn that Microsoft's OneDrive for Business allegedly keeps private data in an unprotected format.

OneDrive install on phone

Tomshardware
Chinese hackers compromise South Korean VPN — malicious code found inside NSIS installer 2025年1月24日 01:46

Chinese hackers compromise South Korean VPN — malicious code found inside NSIS installer

2025年1月24日 01:46

ESET researchers uncovered a supply chain attack on a South Korean VPN by the China-aligned APT group PlushDaemon

Fingerprint security

Tomshardware
The first-ever ransomware dropped 35 years ago disguised as a floppy sharing 'AIDS Information' 2025年1月20日 00:15

The first-ever ransomware dropped 35 years ago disguised as a floppy sharing 'AIDS Information'

2025年1月20日 00:15

The first-ever example of ransomware dropped 35 years ago, in December 1989.

5.25-inch floppy disk

Tomshardware
Chinese hackers infiltrated US Treasury Secretary's PC — attackers had access to over 400 PCs 2025年1月19日 03:53

Chinese hackers infiltrated US Treasury Secretary's PC — attackers had access to over 400 PCs

2025年1月19日 03:53

Chinese hackers accessed over 400 computers and over 3,000 unclassified files when they infiltrated the U.S. Treasury.

Crypto Hacker

Tomshardware
ASML-backed university suffers cyberattack — institution is the pipeline for ASML's talent needs 2025年1月15日 00:01

ASML-backed university suffers cyberattack — institution is the pipeline for ASML's talent needs

2025年1月15日 00:01

ASML-backed Eindhoven University of Technology suffered a severe cyberattack that forced the school to cancel classes for at least two days.

ASML

Tomshardware
Chinese hackers target US Treasury computers used for sanctions — Committee on Foreign Investment specifically targeted 2025年1月11日 04:52

Chinese hackers target US Treasury computers used for sanctions — Committee on Foreign Investment specifically targeted

2025年1月11日 04:52

Chinese hackers gained access to an unclassified CFIUS system.

A security specialist

U.S. uncovers hacking campaign targeting Guam's critical infrastructure — suspected Chinese Volt Typhoon hacks could disrupt the defense of Taiwan

2025年1月6日 01:35

The U.S. government has uncovered a Chinese hacking campaign targeting Guam's critical infrastructure, according to Bloomberg.

Guam harbor

Tomshardware
Significant U.S. Treasury cybersecurity breach is the latest in string of China hack attacks claims U.S. officials 2025年1月2日 20:48

Significant U.S. Treasury cybersecurity breach is the latest in string of China hack attacks claims U.S. officials

2025年1月2日 20:48

The attacks appear to have targeted influential individuals, aiming to gather information that could serve the interests of the Chinese government.

US Capitol Building