By the evening of November 11 of last year, FTX’s staff had already endured one of the worst days in the company’s short life. What had recently been one of the world's top cryptocurrency exchanges, valued at $32 billion only 10 months earlier, had just declared bankruptcy. Executives had, after …

For much of the cybersecurity industry, malware spread via USB drives represents the quaint hacker threat of the past decade—or the one before that. But a group of China-backed spies appears to have figured out that global organizations with staff in developing countries still keep one foot in the technological …

The loose nexus of Chinese-origin cyberspies collectively called APT41 is known for carrying out some of the most brazen hacking schemes linked to China over the past decade. Its methods range from a spree of software supply chain attacks that planted malware in popular applications to a sideline in profit-focused …

For years, some cybersecurity defenders and advocates have called for a kind of Geneva Convention for cyberwar, new international laws that would create clear consequences for anyone hacking civilian critical infrastructure, like power grids, banks, and hospitals. Now the lead prosecutor of the International Criminal Court at the Hague has …

For state-sponsored hacking operations, unpatched vulnerabilities are valuable ammunition. Intelligence agencies and militaries seize on hackable bugs when they're revealed—exploiting them to carry out their campaigns of espionage or cyberwar—or spend millions to dig up new ones or to buy them in secret from the hacker gray market. But for …

Since war first broke out between Ukraine and Russia in 2014, Russian hackers have used some of the most sophisticated hacking techniques ever seen in the wild to destroy Ukrainian networks, disrupt the country’s satellite communications, and even trigger blackouts for hundreds of thousands of Ukrainian citizens. But the mysterious …

Every software supply chain attack, in which hackers corrupt a legitimate application to push out their malware to hundreds or potentially thousands of victims, represents a disturbing new outbreak of a cybersecurity scourge. But when that supply chain attack is pulled off by a mysterious group of hackers, abusing a …