Security Latest

The cybersecurity lead for VA.gov was fired last week. He tells WIRED that the Veterans Affairs digital hub will be more vulnerable without someone in his role.

Several government departments are investigating TP-Link routers over Chinese cyberattack fears, but the company denies links.

Approximately 500 NIST staffers, including at least three lab directors, are expected to lose their jobs at the standards agency as part of the ongoing DOGE purge, sources tell WIRED.

Google enables marketers to target people with serious illnesses and crushing debt—against its policies—as well as the makers of classified defense technology, a WIRED investigation has found.

Breeze Liu has been a prominent advocate for victims. But even she struggled to scrub nonconsensual intimate images and videos of herself from the web.

DOGE technologists Edward Coristine—the 19-year-old known online as “Big Balls”—and Kyle Schutt are now listed as staff at the Cybersecurity and Infrastructure Security Agency.

Google warns that hackers tied to Russia are tricking Ukrainian soldiers with fake QR codes for Signal group invites that let spies steal their messages. Signal has pushed out new safeguards.

At least eight ongoing lawsuits related to the so-called Department of Government Efficiency’s alleged access to sensitive data hinge on the Watergate-inspired Privacy Act of 1974. But it’s not airtight.

Plus: Researchers find RedNote lacks basic security measures, surveillance ramps up around the US-Mexico border, and the UK ordering Apple to create an encryption backdoor comes under fire.

The US Cybersecurity and Infrastructure Security Agency has frozen efforts to aid states in securing elections, according to an internal memo viewed by WIRED.

Romance scams cost victims hundreds of millions of dollars a year. As people grow increasingly isolated, and generative AI helps scammers scale their crimes, the problem could get worse.

Despite high-profile attention and even US sanctions, the group hasn’t stopped or even slowed its operation, including the breach of two more US telecoms.

A team Microsoft calls BadPilot is acting as Sandworm’s “initial access operation,” the company says. And over the last year it’s trained its sights on the US, the UK, Canada, and Australia.

A Florida data broker told a US senator it obtained sensitive data on US military members in Germany from a Lithuanian firm, which denies involvement—revealing the opaque nature of online ad surveillance.

Services supporting victims of online child exploitation and trafficking around the world have faced USAID and State Department cuts—and children are suffering as a result, sources tell WIRED.

Swarms of weaponized unmanned surface vessels have proven formidable weapons in the Black and Red Seas. Can the US military learn the right lessons from it?

Plus: Benjamin Netanyahu gives Donald Trump a golden pager, Hewlett Packard Enterprise blames Russian government hackers for a breach, and more.

The ACLU says it stands ready to sue for access to government records that detail DOGE’s access to sensitive personnel data.

Experts question whether Edward Coristine, a DOGE staffer who has gone by “Big Balls” online, would pass the background check typically required for access to sensitive US government systems.

The dismantling of USAID by Elon Musk’s DOGE and a State Department funding freeze have severely disrupted efforts to help people escape forced labor camps run by criminal scammers.