Security

The Manhattan Institute's push for 'civil terrorism' laws reclassifies protest crimes as felonies; Utah passed it, Arizona may follow.

NIST's NVD backlog hit 27,000 flaws, with manual scoring matching independent results 12% of the time and $200,000 in duplication with CISA.

FROST, a new side-channel attack, lets websites spy by measuring SSD latency via OPFS and a neural network to detect open tabs and apps.

Iran's national intranet project is exposed by a partial internet reconnection, highlighting a power struggle and digital sovereignty push.

A critical BadHost vulnerability in the Starlette framework puts millions of AI agents and tools at risk of data theft. Here's what users should do.

Bug Hunting Arms Race accelerates as AI submissions flood programs. Curl, Google adjust; Linux mailing list overwhelmed. 90-day disclosure may be obsolete.

The-hosting data loss hit customers after Dutch authorities seized 800 servers. Here's what happened and what affected users should do.

First VPN was infiltrated by police, who identified thousands of users. The service was used by 25 ransomware groups.

FBI license plate reader access in near real-time leads the week's security news, with a Chromium Fetch flaw, deepfake arrests, and more.

Kimwolf botnet takedown reveals four IoT botnets competing for the same vulnerable devices in a crowded DDoS-for-hire economy.

CISA's GitHub leak and Congressional push highlight federal cyber resilience gaps, prompting calls for better repository controls and talent investment.

EPIC's data broker opt-out audit reveals systematic manipulation across 38 companies, elevating broken forms into a safety and regulatory liability issue.