Google bumps up Q Day deadline to 2029, far sooner than previously thought
Company warns entire industry to move off RSA and EC more quickly.
Dan Goodin
–
|
43
Dan Goodin
Senior Security Editor
dan.goodin@meincmagazine.com
Dan Goodin is Senior Security Editor at Ars Technica, where he oversees coverage of malware, computer espionage, botnets, hardware hacking, encryption, and passwords. A journalist with more than 25 years experience, he has been chronicling the exploits of white-hat, grey-hat and black-hat hackers since 2005 as a reporter for the Associated Press and later, The Register. He has a Bachelors Degree in English from the University of Massachusetts and a Masters of Journalism from UC Berkeley. In his spare time, he enjoys gardening, cooking, and following the independent music scene. Based in San Francisco, Dan can receive encrypted messages over Signal at DanArs.82. You can find him on Mastodon at here and on Bluesky at here.
Recent stories by
Dan Goodin
Self-propagating malware poisons open source software and wipes Iran-based machines
Development houses: It’s time to check your networks for infections.
Dan Goodin
–
|
47
Widely used Trivy scanner compromised in ongoing supply-chain attack
Admins: Sorry to say, but it’s likely a rotate-your-secrets kind of weekend.
Dan Goodin
–
|
30
Researchers disclose vulnerabilities in IP KVMs from four manufacturers
Internet-exposed devices that give BIOS-level access? What could possibly go wrong?
Dan Goodin
–
|
28
Supply-chain attack using invisible code hits GitHub and other repositories
Unicode that’s invisible to the human eye was largely abandoned—until attackers took notice.
Dan Goodin
–
|
78
The who, what, and why of the attack that has shut down Stryker’s Windows network
Company says it doesn’t know how long it will take to restore its Microsoft environment.
Dan Goodin
–
|
79
14,000 routers are infected by malware that’s highly resistant to takedowns
Most of the devices are made by Asus and are located in the US.
Dan Goodin
–
|
36
Feds take notice of iOS vulnerabilities exploited under mysterious circumstances
The long, strange trip of a large assembly of advanced iOS exploits.
Dan Goodin
–
|
37
Most Read
LLMs can unmask pseudonymous users at scale with surprising accuracy
Pseudonymity has never been perfect for preserving privacy. Soon it may be pointless.
Dan Goodin
–
|
219
Google quantum-proofs HTTPS by squeezing 15kB of data into 700-byte space
Merkle Tree Certificate support is already in Chrome. Soon, it will be everywhere.
Dan Goodin
–
|
94
New AirSnitch attack bypasses Wi-Fi encryption in homes, offices, and enterprises
That guest network you set up for your neighbors may not be as secure as you think.
Dan Goodin
–
|
166
Password managers’ promise that they can’t see your vaults isn’t always true
Contrary to what password managers say, a server compromise can mean game over.
Dan Goodin
–
|
168
Once-hobbled Lumma Stealer is back with lures that are hard to resist
ClickFix bait, combined with advanced Castleloader malware, is installing Lumma “at scale.”
Dan Goodin
–
|
20
Malicious packages for dYdX cryptocurrency exchange empties user wallets
Incident is at least the third time the exchange has been targeted by thieves.
Dan Goodin
–
|
35
Microsoft releases urgent Office patch. Russian-state hackers pounce.
The window to patch vulnerabilities is shrinking rapidly.
Dan Goodin
–
|
77
Notepad++ users take note: It’s time to check if you’re hacked
Suspected China-state hackers used update infrastructure to deliver backdoored version.
Dan Goodin
–
|
113
County pays $600,000 to pentesters it arrested for assessing courthouse security
Settlement comes more than 6 years after Gary DeMercurio and Justin Wynn’s ordeal began.
Dan Goodin
–
|
96
Site catering to online criminals has been seized by the FBI
One of the last holdouts for ransomware discussions, RAMP is taken down.
Dan Goodin
–
|
40
There’s a rash of scam spam coming from a real Microsoft address
Abusing Microsoft’s reputation may make scam harder to spot.
Dan Goodin
–
|
49
Why has Microsoft been routing example.com traffic to a company in Japan?
Company’s autodiscover caused users’ test credentials to be sent outside Microsoft networks.
Dan Goodin
–
|
70
Poland’s energy grid was targeted by never-before-seen wiper malware
Destructive payload unleashed on tenth anniversary of Russia’s attack on Ukraine’s grid.
Dan Goodin
–
|
188
Overrun with AI slop, cURL scraps bug bounties to ensure “intact mental health”
The onslaught includes LLMs finding bogus vulnerabilities and code that won’t compile.
Dan Goodin
–
|
90
Millions of people imperiled through sign-in links sent by SMS
Even well-known services with millions of users are exposing sensitive data.
Dan Goodin
–
|
70
Mandiant releases rainbow table that cracks weak admin password in 12 hours
Windows laggards still using the vulnerable hashing function: Your days are numbered.
Dan Goodin
–
|
24
Why I’m withholding certainty that “precise” US cyber-op disrupted Venezuelan electricity
NYT says US hackers were able to turn off power and then quickly turn it back on.
Dan Goodin
–
|
72
A single click mounted a covert, multistage attack against Copilot
Exploit exfiltrating data from chat histories worked even after users closed chat windows.
Dan Goodin
–
|
69
Never-before-seen Linux malware is “far more advanced than typical”
VoidLink includes an unusually broad and advanced array of capabilities.
Dan Goodin
–
|
48
Signal creator Moxie Marlinspike wants to do for AI what he did for messaging
Introducing Confer, an end-to-end AI assistant that just works.
Dan Goodin
–
|
113
ChatGPT falls to new data-pilfering attack as a vicious cycle in AI continues
Will LLMs ever be able to stamp out the root cause of these attacks? Possibly not.
Dan Goodin
–
|
65
The nation’s strictest privacy law just took effect, to data brokers’ chagrin
Californians can now submit demands requiring 500 brokers to delete their data.
Dan Goodin
–
|
99
Supply chains, AI, and the cloud: The biggest failures (and one success) of 2025
The past year has seen plenty of hacks and outages. Here are the ones topping the list.
Dan Goodin
–
|
17
Browser extensions with 8 million users collect extended AI conversations
The extensions, available for Chromium browsers, harvest full AI conversations over months.
Dan Goodin
–
|
75
Microsoft will finally kill obsolete cipher that has wreaked decades of havoc
The weak RC4 for administrative authentication has been a hacker holy grail for decades.
Dan Goodin
–
|
64
In comedy of errors, men accused of wiping gov databases turned to an AI tool
Defendants were convicted of similar crimes a decade ago. How were they cleared again?
Dan Goodin
–
|
99
Admins and defenders gird themselves against maximum-severity server vuln
Open source React executes malicious code with malformed HTML—no authentication needed.
Dan Goodin
–
|
83
Fraudulent gambling network may actually be something more nefarious
Researchers say there’s more to the network, which has operated for 14 years.
Dan Goodin
–
|
19