Two years ago, researchers in the Netherlands discovered an intentional backdoor in an encryption algorithm baked into radios used by critical infrastructure–as well as police, intelligence agencies, and military forces around the world–that made any communication secured with the algorithm vulnerable to eavesdropping.

When the researchers publicly disclosed the issue in 2023, the European Telecommunications Standards Institute (ETSI), which developed the algorithm, advised anyone using it for sensitive communication to deploy an end-to-end encryption solution on top of the flawed algorithm to bolster the security of their communications.

But now the same researchers have found that at least one implementation of the end-to-end encryption solution endorsed by ETSI has a similar issue that makes it equally vulnerable to eavesdropping. The encryption algorithm used for the device they examined starts with a 128-bit key, but this gets compressed to 56 bits before it encrypts traffic, making it easier to crack. It’s not clear who is using this implementation of the end-to-end encryption algorithm, nor if anyone using devices with the end-to-end encryption is aware of the security vulnerability in them.

Read full article

Comments

After the United Kingdom’s Online Safety Act went into effect on Friday, requiring porn platforms and other adult content sites to implement user age verification mechanisms, use of virtual private networks (VPNs) and other circumvention tools spiked in the UK over the weekend.

Experts had expected the surge, given that similar trends have been visible in other countries that have implemented age check laws. But as a new wave of age check regulations debuts, open Internet advocates warn that the uptick in use of circumvention tools in the UK is the latest example of how an escalating cat-and-mouse game can develop between people looking to anonymously access services online and governments seeking to enforce content restrictions.

The Online Safety Act requires that websites hosting porn, self-harm, suicide, and eating disorder content implement “highly effective” age checks for visitors from the UK. These checks can include uploading an ID document and selfie for validation and analysis. And along with increased demand for services like VPNs—which allow users to mask basic indicators of their physical location online—people have also been playing around with other creative workarounds. In some cases, reportedly, you can even use the video game Death Stranding’s photo mode to take a selfie of character Sam Porter Bridges and submit it to access age-gated forum content.

Read full article

Comments

Xuewu Liu, a Chinese inventor who has no medical training or credentials of any kind, is charging cancer patients $20,000 for access to an AI-driven but entirely unproven treatment that includes injecting a highly concentrated dose of chlorine dioxide, a toxic bleach solution, directly into cancerous tumors.

One patient tells WIRED her tumor has grown faster since the procedure and that she suspects it may have caused her cancer to spread—a claim Liu disputes—while experts allege his marketing of the treatment has likely put him on the wrong side of US regulations. Nonetheless, while Liu currently only offers the treatment informally in China and at a German clinic, he is now working with a Texas-based former pharmaceutical executive to bring his treatment to America. They believe that the appointment of Robert F. Kennedy Jr. as US health secretary will help “open doors” to get the untested treatment—in which at least one clinic in California appears to have interest—approved in the US.

Kennedy’s Make America Healthy Again movement is embracing alternative medicines and the idea of giving patients the freedom to try unproven treatments. While the health secretary did not respond to a request for comment about Liu’s treatment, he did mention chlorine dioxide when questioned about President Donald Trump’s Operation Warp Speed during his Senate confirmation hearing in February, and the Food and Drug Administration recently removed a warning about the substance from its website. The agency says the removal was part of a routine process of archiving old pages on its site, but it has had the effect of emboldening the bleacher community.

Read full article

Comments

If you’re an electric vehicle enthusiast, President Donald Trump and congressional Republicans’ One Big Beautiful Bill (OBBB) is anything but. The legislation, signed by the president last weekend, cuts all sorts of US government support for emission-light vehicles. The whole thing creates a measure of uncertainty for an American auto industry that’s already struggling to stay afloat during a sea change.

Still, nearly one in four US vehicle shoppers say they’re still “very likely” to consider buying an EV, and 35 percent say they’re “somewhat likely,” according to a May survey by JD Power—figures unchanged since last year. On those EV-curious folks’ behalf, WIRED asked experts for their tips for navigating this weird time in cars.

Go electric … soon? Now?

First things first: The new bill nixed the electric vehicle tax credit of up to $7,500, bringing to an end years of federal support for EVs. This program was supposed to last until 2032 but is now set to expire on September 30. This extra oomph from the feds helped some of the “cheapest” electrics—like the $43,000 Tesla Model 3, the $37,000 Chevy Equinox EV, and the $61,000 Hyundai Ioniq 9—feel more accessible to people with smaller (but not small) budgets.

Read full article

Comments

It’s a tumultuous time for copyright in the United States, with dozens of potentially economy-shaking AI copyright lawsuits winding through the courts. It’s also the most turbulent moment in the US Copyright Office’s history. Described as “sleepy” in the past, the Copyright Office has taken on new prominence during the AI boom, issuing key rulings about AI and copyright. It also hasn’t had a leader in more than a month.

In May, Copyright Register Shira Perlmutter was abruptly fired by email by the White House’s deputy director of personnel. Perlmutter is now suing the Trump administration, alleging that her firing was invalid; the government maintains that the executive branch has the authority to dismiss her. As the legality of the ouster is debated, the reality within the office is this: There’s effectively nobody in charge. And without a leader actually showing up at work, the Copyright Office is not totally business-as-usual; in fact, there’s debate over whether the copyright certificates it’s issuing could be challenged.

The firing followed a pattern. The USCO is part of the Library of Congress; Perlmutter had been appointed to her role by Librarian of Congress Carla Hayden. A few days before Perlmutter’s dismissal, Hayden, who had been in her role since 2016, was also fired by the White House via email. The White House appointed Deputy Attorney General Todd Blanche, who had previously served as President Trump’s defense attorney, as the new acting Librarian of Congress.

Read full article

Comments

The Israel-linked hacker group known as Predatory Sparrow has carried out some of the most disruptive and destructive cyberattacks in history, twice disabling thousands of gas station payment systems across Iran and once even setting a steel mill in the country on fire. Now, in the midst of a new war unfolding between the two countries, they appear to be bent on burning Iran's financial system.

Predatory Sparrow, which often goes by its Farsi name, Gonjeshke Darande, in an effort to appear as a homegrown hacktivist organization, announced in a post on on its X account Wednesday that it had targeted the Iranian crypto exchange Nobitex, accusing the exchange of enabling sanctions violations and terrorist financing on behalf of the Iranian regime. According to cryptocurrency tracing firm Elliptic, the hackers destroyed more than $90 million in Nobitex holdings, a rare instance of hackers burning crypto assets rather than stealing them.

“These cyberattacks are the result of Nobitex being a key regime tool for financing terrorism and violating sanctions,” the hackers posted to X. “Associating with regime terror financing and sanction violation infrastructure puts your assets at risk.”

Read full article

Comments

A consortium of global law enforcement agencies and tech companies announced on Wednesday that they have disrupted the infostealer malware known as Lumma. One of the most popular infostealers worldwide, Lumma has been used by hundreds of what Microsoft calls “cyber threat actors” to steal passwords, credit card and banking information, and cryptocurrency wallet details. The tool, which officials say is developed in Russia, has provided cybercriminals with the information and credentials they needed to drain bank accounts, disrupt services, and carry out data extortion attacks against schools, among other things.

Microsoft’s Digital Crimes Unit (DCU) obtained an order from a United States district court last week to seize and take down about 2,300 domains underpinning Lumma’s infrastructure. At the same time, the US Department of Justice seized Lumma’s command and control infrastructure and disrupted cybercriminal marketplaces that sold the Lumma malware. All of this was coordinated, too, with the disruption of regional Lumma infrastructure by Europol’s European Cybercrime Center and Japan’s Cybercrime Control Center.

Microsoft lawyers wrote on Wednesday that Lumma, which is also known as LummaC2, has spread so broadly because it is “easy to distribute, difficult to detect, and can be programmed to bypass certain security defenses.” Steven Masada, assistant general counsel at Microsoft’s DCU, says in a blog post that Lumma is a “go-to tool,” including for the notorious Scattered Spider cybercriminal gang. Attackers distribute the malware using targeted phishing attacks that typically impersonate established companies and services, like Microsoft itself, to trick victims.

Read full article

Comments

My earliest memory of 4chan was sitting up late at night, typing its URL into my browser, and scrolling through a thread of LOLcat memes, which were brand-new at the time.

Back then a photoshop of a cat saying "I can has cheezburger" or an image of an owl saying “ORLY?” was, without question, the funniest thing my 14-year-old brain had ever laid eyes on. So much so, I woke my dad up by laughing too hard and had to tell him that I was scrolling through pictures of cats at 2 in the morning. Later, I would become intimately familiar with the site’s much more nefarious tendencies.

It's strange to look back at 4chan, apparently wiped off the Internet entirely last week by hackers from a rival message board, and think about how many different websites it was over its more than two decades online. What began as a hub for Internet culture and an anonymous way station for the Internet's anarchic true believers devolved over the years into a fan club for mass shooters, the central node of Gamergate, and the beating heart of far-right fascism around the world—a virus that infected every facet of our lives, from the slang we use to the politicians we vote for. But the site itself had been frozen in amber since the George W. Bush administration.

Read full article

Comments

A New Mexico man is facing federal charges for two separate incidents of alleged arson—one at an Albuquerque Tesla showroom and one at the New Mexico Republican Party’s office—according to a Monday press release from the Department of Justice.

Jamison Wagner, 40, was charged with allegedly setting fire to a building or vehicle used in interstate commerce. The charge can apply to goods manufactured and sold in different states and the facilities that house them—like the Tesla showroom or the Republican office, which also sells MAGA merchandise. DOJ spokesperson Shannon Shevlin tells WIRED that Wagner’s arrest happened on Saturday.

“Let this be the final lesson to those taking part in this ongoing wave of political violence,” Attorney General Pam Bondi said in the Monday press release. “We will arrest you, we will prosecute you, and we will not negotiate. Crimes have consequences.”

Read full article

Comments

The booming popularity of Ozempic and other GLP-1 drugs for weight loss has led to a flurry of companies vying to make new and improved anti-obesity medications.

One of those is Boston-based Syntis Bio, which is working on a daily pill that mimics the effects of gastric bypass—no actual surgery required. Today, the company announced early data from animals and a small group of human volunteers showing that its approach is safe and may be able to suppress hunger. The company presented the findings Thursday at the European Congress on Obesity and Weight Management.

“We're at a stage with obesity treatment where it's important for us to figure out, how do we now tune it to be more effective?” says Rahul Dhanda, Syntis Bio’s CEO and cofounder.

Read full article

Comments