Flux RSS

Situation as at 31 December 2025

Situation as at 31 December 2025

Someone tries to remote control his own DJI Romo vacuum, and ends up controlling 7,000 of them from all around the world. The IoT is horribly insecure, but we already knew that.

Out-of-court consumer complaint resolution

Surprising no one, Meta’s new AI glasses are a privacy disaster. I’m not sure what can be done here. This is a technology that will exist, whether we like it or not. Meanwhile, there is a new Android app that detects when there are smart glasses nearby.

Latest update on the AML/CFT standardised data collection

An expensive mistake: Someone jumped at the opportunity to steal $4.4 million in crypto assets after South Korea’s National Tax Service exposed publicly the mnemonic recovery phrase of a seized cryptocurrency wallet. The funds were stored in a Ledger cold wallet seized in law enforcement raids at 124 high-value tax evaders that resulted in confiscating digital assets worth 8.1 billion won (currently approximately $5.6 million). When announcing the success of the operation, the agency released photos of a Ledger device, a popular hardware wallet for crypto storage and management. However, the images also showed a handwritten note of the wallet recovery phrase, which serves as the master key that allows restoring the assets to another device. The authorities failed to redact that info, allowing anyone to transfer into their account the assets in the cold wallet. Reportedly, shortly after the press release was published, 4 million Pre-Retogeum (PRTG) tokens, worth approximately $4.8 million at the time, were transferred out of the confiscated wallet to a new address.

I’m skeptical about—and not qualified to review—this new result in factorization with a quantum computer, but if it’s true it’s a theoretical improvement in the speed of factoring large numbers with a quantum computer.

Extract from the CSSF Newsletter No 302 – March 2026

To consolidate all of our security intelligence and news in one location, we have migrated Naked Security to the Sophos News platform. Categories: Naked Security

It took six months for notifications to start, and we still don't know exactly what went down... but here's our advice on what to do. Categories: Naked Security Tags: data breach, MDR, Mom's Meals, PurFoods, ransomre, Ransomware

Latest episode - listen now! Full transcript inside... Categories: Naked Security Tags: cybercrime, hacking, IoT, TP-LINK, WinRAR

Imagine if you clicked on a harmless-looking image, but an unknown application fired up instead... Categories: Naked Security

Cryptography isn't just about secrecy. You need to take care of authenticity (no imposters!) and integrity (no tampering!) as well. Categories: Naked Security Tags: cryptography, Tapo, TP-LINK

WYSIWYG is short for "what you see is what you get". Except when it isn't... Categories: Naked Security Tags: Airplane Mode, data leakage, iPhone, WYSIWYG

Celebrating the true crypto bros. Listen now (full transcript available). Categories: Naked Security Tags: cybercrime, hacking, scams