The Wire
Curated cybersecurity and tech news — AI-summarized, source attributed.
Chrome 146 ships hardware-bound session cookies to neuter infostealer theft
Chrome 146 on Windows now enforces Device Bound Session Credentials (DBSC), tying authenticated browser sessions to a private key that lives inside the device's
CPUID supply chain breach pushed trojanized CPU-Z and HWMonitor for six hours
Attackers compromised a secondary API at CPUID between April 9 and 10, swapping download links on the official site to point at Cloudflare R2-hosted trojanized
Discord's broken support left a hacker extorting kids for 8 days
A 12-year-old who lied about her age to create a Discord account had it hijacked after clicking a phishing link disguised as Discord support. Without two-factor
EngageLab SDK Bug Put 50M Android Users at Risk, Crypto Wallets Hit Hard
A security flaw in the EngageLab SDK - a third-party library integrated into Android applications - reportedly exposed roughly 50 million users, with an estimat
Fancy Bear Maintains Aggressive Global Cyber Campaign
Russia's APT28, widely known as Fancy Bear, continues to run persistent cyber-espionage operations targeting governments, defense contractors, and critical infr
FedRAMP Greenlit Microsoft's GCC High Despite Reviewers Calling Security Docs 'A Pile of Shit'
Federal cybersecurity evaluators flagged Microsoft's Government Community Cloud High in late 2024 as essentially unassessable, citing missing detailed security
Gmail E2EE lands on Android and iOS for enterprise client-side encryption users
Google has extended Gmail's end-to-end encryption to the Android and iOS apps, letting enterprise users compose and read encrypted messages natively without ext
Industrial Controllers Remain Exposed as Cyberwarfare Escalates
Industrial control systems and operational technology environments continue to face significant security gaps even as nation-state actors and hacktivist groups
Lua-Based LucidRook Malware Hits Taiwanese NGOs via Fake Antivirus Lures
Cisco Talos has uncovered a threat cluster tracked as UAT-10362 running spear-phishing operations against Taiwanese NGOs and academic institutions. The campaign
LucidRook malware hits Taiwan NGOs and universities via Lua-powered loader
Cisco Talos has documented LucidRook, a modular malware family deployed by UAT-10362 against non-governmental organizations and universities in Taiwan. October
Marimo RCE Bug Exploited in the Wild Just 10 Hours After Public Disclosure
A remote code execution vulnerability in Marimo, tracked as CVE-2026-39987, was weaponized by attackers within roughly 10 hours of its public disclosure. The ra
Meta launches Muse Spark, its first post-Llama model - hosted only, no open weights
Meta released Muse Spark, a hosted model with no open weights - a sharp departure from the Llama line. Benchmarks put it roughly on par with Opus 4.6, Gemini 3.