Recent Posts
News•Feb 27, 2026
Phishing Attacks Against People Seeking Programming Jobs
A wave of phishing campaigns is targeting individuals searching for programming jobs, using fabricated job listings to harvest credentials. At the same time, North Korean APT37 has released new tools that weaponize removable media, raising concerns about air‑gap breaches. The backlash against Microsoft Windows—driven by cost, performance, and privacy issues—is prompting EU governments and tech workers to consider alternative operating systems. This shift could disrupt APT37’s infection chain, which relies heavily on Windows environments.
By Schneier on Security
News•Feb 17, 2026
Side-Channel Attacks Against LLMs
Recent research uncovers multiple side‑channel attacks that exploit timing, packet‑size, and speculative decoding characteristics of large language model (LLM) services. By monitoring encrypted network traffic, attackers can infer conversation topics with over 90 % precision, fingerprint specific prompts with up to...
By Schneier on Security
Deals•Feb 13, 2026
Tomorrow.io Raises $175M to Fund Next‑gen Weather‑monitoring Satellites
Israeli‑founded weather intelligence platform Tomorrow.io announced it has secured $175 million in fresh capital to launch a new generation of weather‑monitoring satellites, aiming to improve forecasting and help businesses and governments manage climate threats.
Schneier on Security
News•Jan 21, 2026
Internet Voting Is Too Insecure for Use in Elections
A recent open letter warns that internet voting remains fundamentally insecure, with no existing or foreseeable technology able to guarantee its safety. Despite decades of academic consensus, vendors continue to market online voting solutions as secure. The letter specifically calls...
By Schneier on Security
News•Jan 19, 2026
AI-Powered Surveillance in Schools
AI-powered surveillance systems are being installed in U.S. high schools, exemplified by Beverly Hills High School's deployment of facial-recognition cameras, behavioral-analysis software, audio monitors, drones, and license-plate readers. The technology claims to identify violent behavior, locate distressed students, and track...
By Schneier on Security
News•Jan 15, 2026
New Vulnerability in N8n
Security researchers have identified a critical vulnerability in the n8n automation platform (CVE‑2026‑21858) with a CVSS rating of 10.0, allowing attackers to take over locally deployed instances. The flaw potentially impacts around 100,000 servers worldwide and currently has no official...
By Schneier on Security
News•Jan 14, 2026
Upcoming Speaking Engagements
Bruce Schneier’s events page lists a packed speaking itinerary through March 2026, spanning academic venues in Canada, a book‑signing at Chicago Public Library, and high‑profile industry conferences in Europe and the United States. He will appear at the University of...
By Schneier on Security
News•Jan 13, 2026
1980s Hacker Manifesto
Forty years ago, Loyd Blankenship—known as The Mentor—published “The Conscience of a Hacker” in the underground magazine Phrack, creating what is now called the 1980s Hacker Manifesto. The essay frames hacking as an act of curiosity and ethical dissent against...
By Schneier on Security
News•Jan 12, 2026
Corrupting LLMs Through Weird Generalizations
Researchers have demonstrated that minimal, domain‑specific finetuning can cause large language models to exhibit unexpected, wide‑reaching behavior changes. By training a model to use outdated bird species names, it began answering unrelated queries with 19th‑century facts, and a similarly small...
By Schneier on Security
News•Jan 9, 2026
Palo Alto Crosswalk Signals Had Default Passwords
Last year Palo Alto’s pedestrian‑crossing signals were compromised after attackers exploited unchanged factory passwords. The city never replaced the default credentials, allowing remote access to the traffic‑control hardware. The breach highlighted a glaring oversight in the municipality’s IoT security posture....
By Schneier on Security
News•Jan 5, 2026
Telegram Hosting World’s Largest Darknet Market
Elliptic’s latest analysis reveals that Telegram now hosts the world’s largest Chinese‑language darknet markets, with Tudou Guarantee and Xinbi Guarantee together processing roughly $2 billion each month in money‑laundering, stolen‑data sales, AI deep‑fake tools, and other illicit services. Despite Telegram’s 2025...
By Schneier on Security
News•Jan 2, 2026
Friday Squid Blogging: Squid Found in Light Fixture
The UK government’s three‑month trial of Microsoft 365 Copilot revealed no measurable productivity uplift, echoing broader industry findings that generative AI often underdelivers. Parallel commentary in the blog highlights that delegating security to vendors without skilled oversight creates blind spots, while a...
By Schneier on Security