Copilot exposes private GitHub pages, some removed by Microsoft
Repositories once set to public and later to private, still accessible through Copilot...
All posts by Dan Goodin
Read More »
Dan Goodin
03:20
How North Korea pulled off a $1.5 billion crypto heist—the biggest in history
Attack on Bybit didn't hack infrastructure or exploit smart contract code. So how did it work...
Dan Goodin
09:26
What is device code phishing, and why are Russian spies so successful at it?
Overlooked attack method has been used since last August in a rash of account takeovers...
Dan Goodin
10:20
DeepSeek iOS app sends data unencrypted to ByteDance-controlled servers
Apple's defenses that protect data from being sent in the clear are globally disabled...
Dan Goodin
05:20
Russia takes unusual route to hack Starlink-connected devices in Ukraine
Secret Blizzard has used the resources of at least 6 other groups in the past 7 years...
Dan Goodin
07:28
Found on VirusTotal: The world’s first UEFI bootkit for Linux
Bootkitty" is likely a proof-of-concept, but may portend working UEFI malware for Linux...
Dan Goodin
18:22
Location tracking of phones is out of control. Here’s how to fight back.
Unique IDs assigned to Android and iOS devices threaten your privacy. Who knew...
Dan Goodin
03:23
Attackers exploit critical Zimbra vulnerability using cc’d email addresses
When successful, attacks install a backdoor. Getting it to work reliably is another matter...
Dan Goodin
15:01
NIST proposes barring some of the most nonsensical password rules
Proposed guidelines aim to inject badly needed common sense into password hygiene...
Dan Goodin
22:33
YubiKeys are vulnerable to cloning attacks thanks to newly discovered side channel
Sophisticated attack breaks security assurances of the most popular FIDO key...
