Tech News
Rocket Report: A new super-heavy launch site in California; 2025 year in review
Security - Posted On:2026-01-09 12:45:00 Source: arstechnica
Welcome to Edition 8.24 of the Rocket Report! We're back from a restorative holiday, and there's a great deal Eric and I look forward to covering in 2026. You can get a taste of what we're expecting this year in this feature. Other storylines are also worth watching this year that didn't make the Top 20. Will SpaceX's Starship begin launching Starlink satellites? Will United Launch Alliance finally get its Vulcan rocket flying at a higher cadence? Will Blue Origin's New Glenn rocket be certified by the US Space Force? I'm looking forward to learning the answers to these questions, and more. As for what has already happened in 2026, it has been a slow start on the world's launch pads, with only a pair of SpaceX missions completed in the first week of the year. Only? Two launches in one week by any company would have been remarkable just a few years ago.
As always, we welcome reader submissions. If you don't want to miss an issue, please subscribe using the box below (the form will not appear on AMP-enabled versions of the site). Each report will include information on small-, medium-, and heavy-lift rockets, as well as a quick look ahead at the next three launches on the calendar.
New launch records set in 2025. The number of orbital launch attempts worldwide last year surpassed the record 2024 flight rate by 25 percent, with SpaceX and China accounting for the bulk of the launch activity, Aviation Week & Space Technology reports. Including near-orbital flight tests of SpaceX’s Starship-Super Heavy launch system, the number of orbital launch attempts worldwide reached 329 last year, an annual analysis of global launch and satellite activity by Jonathan’s Space Report shows. Of those 329 attempts, 321 reached orbit or marginal orbits. In addition to five Starship-Super Heavy launches, SpaceX launched 165 Falcon 9 rockets in 2025, surpassing its 2024 record of 134 Falcon 9 and two Falcon Heavy flights. No Falcon Heavy rockets flew in 2025. US providers, including Rocket Lab Electron orbital flights from its New Zealand spaceport, added another 30 orbital launches to the 2025 tally, solidifying the US as the world leader in space launch.
Rocket Report: SpaceX and China led the way in 2025; Vandenberg has room to grow
Security - Posted On:2026-01-09 11:15:00 Source: arstechnica
Welcome to Edition 8.24 of the Rocket Report! We're back from a restorative holiday, and there's a great deal Eric and I look forward to covering in 2026. You can get a taste of what we're expecting this year in this feature. Other storylines are also worth watching this year that didn't make the Top 20. Will SpaceX's Starship begin launching Starlink satellites? Will United Launch Alliance finally get its Vulcan rocket flying at a higher cadence? Will Blue Origin's New Glenn rocket be certified by the US Space Force? I'm looking forward to learning the answers to these questions, and more. As for what has already happened in 2026, it has been a slow start on the world's launch pads, with only a pair of SpaceX missions completed in the first week of the year. Only? Two launches in one week by any company would have been remarkable just a few years ago.
As always, we welcome reader submissions. If you don't want to miss an issue, please subscribe using the box below (the form will not appear on AMP-enabled versions of the site). Each report will include information on small-, medium-, and heavy-lift rockets, as well as a quick look ahead at the next three launches on the calendar.
New launch records set in 2025. The number of orbital launch attempts worldwide last year surpassed the record 2024 flight rate by 25 percent, with SpaceX and China accounting for the bulk of the launch activity, Aviation Week & Space Technology reports. Including near-orbital flight tests of SpaceX’s Starship-Super Heavy launch system, the number of orbital launch attempts worldwide reached 329 last year, an annual analysis of global launch and satellite activity by Jonathan’s Space Report shows. Of those 329 attempts, 321 reached orbit or marginal orbits. In addition to five Starship-Super Heavy launches, SpaceX launched 165 Falcon 9 rockets in 2025, surpassing its 2024 record of 134 Falcon 9 and two Falcon Heavy flights. No Falcon Heavy rockets flew in 2025. US providers, including Rocket Lab Electron orbital flights from its New Zealand spaceport, added another 30 orbital launches to the 2025 tally, solidifying the US as the world leader in space launch.
Michigan man learns the hard way that “catch a cheater” spyware apps aren’t legal
Security - Posted On:2026-01-08 17:45:01 Source: arstechnica
In 2002, Bryan Fleming helped to create pcTattletale, software for monitoring phone and computer usage. Fleming's tool would record everything done on the target device, and the videos would be uploaded to a server where they could be viewed by the pcTattletale subscriber.
This might sound creepy, but it can also be legal when used by a parent monitoring their child or an employee monitoring their workers. These are exactly the use cases that were once outlined on pcTattletale's website, where the software was said to have "helped tens of thousands of parents stop their daughters from meeting up with pedophiles." Businesses can "track productivity, theft, lost hours, and more." Even "police departments use it for investigating."
But this week, nearly 25 years after launching pcTattletale, Fleming pled guilty in federal court to having knowingly built and marketed software to spy on other adults without their consent. In other words, pcTattletale was often used to spy on romantic partners without their knowledge—and Fleming helped people do it.
Commercial spyware “Landfall” ran rampant on Samsung phones for almost a year
Security - Posted On:2025-11-07 15:15:01 Source: arstechnica
Another day, another malware attack on smartphones. Researchers at Unit 42, the threat intelligence arm of Palo Alto Networks, have revealed a sophisticated spyware known as “Landfall” targeting Samsung Galaxy phones. The researchers say this campaign leveraged a zero-day exploit in Samsung Android software to steal a raft of personal data, and it was active for almost a year. Thankfully, the underlying vulnerability has now been patched, and the attacks were most likely targeted at specific groups.
Unit 42 says that Landfall first appeared in July 2024, relying on a software flaw now catalogued as CVE-2025-21042. Samsung issued a patch for its phones in April 2025, but details of the attack have only been revealed now.
Even if you were out there poking around the darker corners of the Internet in 2024 and early 2025 with a Samsung Galaxy device, it’s unlikely you’d be infected. The team believes Landfall was used in the Middle East to target individuals for surveillance. It is currently unclear who was behind the attacks.
How to trade your $214,000 cybersecurity job for a jail cell
Security - Posted On:2025-11-07 08:15:00 Source: arstechnica
Helping companies pay ransoms to digital extortionists is kind of a weird business.
On the one hand, you “negotiate” with cybercriminals and in so doing may drive down the costs of recovering from a particular ransomware incident. On the other hand, you’re helping criminals get paid, funding their operations and making further attacks more likely.
And there’s always a temptation built in to this kind of work. Seeing lucrative sums being whisked away through cryptocurrency exchanges and “mixing services”… Realizing from up close just how vulnerable companies are… Learning that modern ransomware can operate as a service where you essentially “rent” the code from its developers in return for a cut of the profits…
Musk and Trump both went to Penn—now hacked by someone sympathetic to their cause
Security - Posted On:2025-11-05 19:30:01 Source: arstechnica
The University of Pennsylvania has a somewhat unusual distinction: It is the alma mater of two of the planet’s most polarizing figures, Elon Musk and Donald Trump. As the political power of both men rose over the last year, the US government began to pressure Penn, first by pulling its research funding and then by targeting the school for past actions related to a transgender swimmer.
After the “sticks” were deployed, a “carrot” was offered. Penn became one of just nine schools nationally to be offered a special “compact” with the federal government, which would give the feds broad control over the school and its speech in return for preferential access to federal funds. Penn declined to sign the deal. (Making the whole surreal situation stranger was the fact that one of Penn’s own wealthy boosters apparently helped the Trump administration write the compact.)
In other words, Penn has become an obvious target of the Trump administration; now it has been targeted by a hacker claiming to share Trump and Musk’s grievances over affirmative action and “wokeness.”
This browser claims “perfect privacies protection,” but it acts like malware
Security - Posted On:2025-10-24 11:15:01 Source: arstechnica
The Universe Browser makes some big promises to its potential users. Its online advertisements claim it’s the “fastest browser,” that people using it will “avoid privacy leaks” and that the software will help “keep you away from danger.” However, everything likely isn’t as it seems.
The browser, which is linked to Chinese online gambling websites and is thought to have been downloaded millions of times, actually routes all Internet traffic through servers in China and “covertly installs several programs that run silently in the background,” according to new findings from network security company Infoblox. The researchers say the “hidden” elements include features similar to malware—including “key logging, surreptitious connections,” and changing a device’s network connections.
Perhaps most significantly, the Infoblox researchers who collaborated with the United Nations Office on Drugs and Crime (UNODC) on the work, found links between the browser’s operation and Southeast Asia’s sprawling, multibillion-dollar cybercrime ecosystem, which has connections to money-laundering, illegal online gambling, human trafficking, and scam operations that use forced labor. The browser itself, the researchers says, is directly linked to a network around major online gambling company BBIN, which the researchers have labeled a threat group they call Vault Viper.
NATO boss mocks Russian navy, which is on the hunt for Red October “the nearest mechanic”
Security - Posted On:2025-10-14 17:45:00 Source: arstechnica
When one of its Kilo-class, diesel-electric submarines recently surfaced off the coast of France, Russia denied that there was a problem with the vessel. The sub was simply surfacing to comply with maritime transit rules governing the English Channel, the Kremlin said—Russia being, of course, a noted follower of international law.
But social media accounts historically linked to Russian security forces suggested a far more serious problem on the submarine Novorossiysk. According to The Maritime Executive, "Rumors began to circulate on well-informed social media channels that the Novorossiysk had suffered a fuel leak. They suggested the vessel lacked onboard capabilities and was forced to surface to empty flooded compartments. Some reports said it was a dangerous fuel leak aboard the vessel, which was commissioned in 2012."
France 24 quoted further social media reports as saying, "The submarine has neither the spare parts nor the qualified specialists onboard to fix the malfunction," and it "now poses an explosion hazard."
Japan is running out of its favorite beer after ransomware attack
Security - Posted On:2025-10-02 10:00:00 Source: arstechnica
Japan is just a few days away from running out of Asahi Super Dry as the producer of the nation’s most popular beer wrestles with a devastating cyber attack that has shut down its domestic breweries.
The vast majority of Asahi Group’s 30 factories in Japan have not operated since Monday after the attack disabled its ordering and delivery system, the company said.
Retailers are already expecting empty shelves as the outage stretches into its fourth day with no clear timeline for factories recommencing operations. Super Dry could also run out at izakaya pubs, which rely on draught and bottles.
Rocket Report: Keeping up with Kuiper; New Glenn’s second flight slips
Security - Posted On:2025-09-26 09:30:01 Source: arstechnica
Welcome to Edition 8.12 of the Rocket Report! We often hear from satellite operators—from the military to venture-backed startups—about their appetite for more launch capacity. With so many rocket launches happening around the world, some might want to dismiss these statements as a corporate plea for more competition, and therefore lower prices. SpaceX is on pace to launch more than 150 times this year. China could end the year with more than 70 orbital launches. These are staggering numbers compared to global launch rates just a few years ago. But I'm convinced there's room for more alternatives for reliable (and reusable) rockets. All of the world's planned mega-constellations will need immense launch capacity just to get off the ground, and if successful, they'll go into regular replacement and replenishment cycles. Throw in the still-undefined Golden Dome missile shield and many nations' desire for a sovereign launch capability, and it's easy to see the demand curve going up.
As always, we welcome reader submissions. If you don't want to miss an issue, please subscribe using the box below (the form will not appear on AMP-enabled versions of the site). Each report will include information on small-, medium-, and heavy-lift rockets, as well as a quick look ahead at the next three launches on the calendar.
Sharp words from Astra’s Chris Kemp. Chris Kemp, the chief executive officer of Astra, apparently didn't get the memo about playing nice with his competitors in the launch business. Kemp made some spicy remarks at the Berkeley Space Symposium 2025 earlier this month, billed as the largest undergraduate aerospace event at the university (see video of the talk). During the speech, Kemp periodically deviated from building up Astra to hurling insults at several of his competitors in the launch industry, Ars reports. To be fair to Kemp, some of his criticisms are not without a kernel of truth. But they are uncharacteristically rough all the same, especially given Astra's uneven-at-best launch record and financial solvency to date.
US uncovers 100,000 SIM cards that could have “shut down” NYC cell network
Security - Posted On:2025-09-23 13:30:01 Source: arstechnica
The US Secret Service announced this morning that it has located and seized a cache of telecom devices large enough to "shut down the cellular network in New York City." And it believes a nation-state is responsible.
According to the agency, "more than 300 co-located SIM servers and 100,000 SIM cards" were discovered at multiple locations within the New York City area. Photos of the seized gear show what appear to be "SIM boxes" bristling with antennas and stuffed with SIM cards, then stacked on six-shelf racks. (SIM boxes are often used for fraud.) One photo even shows neatly stacked towers of punched-out SIM card packaging, suggesting that whoever put the system together invested some quality time in just getting the whole thing set up.
The gear was identified as part of a Secret Service investigation into "anonymous telephonic threats" made against several high-ranking US government officials, but the setup seems designed for something larger than just making a few threats. The Secret Service believes that the system could have been capable of activities like "disabling cell phone towers, enabling denial of services attacks and facilitating anonymous, encrypted communication between potential threat actors and criminal enterprises."
Microsoft’s Entra ID vulnerabilities could have been catastrophic
Security - Posted On:2025-09-20 08:45:00 Source: arstechnica
As businesses around the world have shifted their digital infrastructure over the last decade from self-hosted servers to the cloud, they’ve benefitted from the standardized, built-in security features of major cloud providers like Microsoft. But with so much riding on these systems, there can be potentially disastrous consequences at a massive scale if something goes wrong. Case in point: Security researcher Dirk-jan Mollema recently stumbled upon a pair of vulnerabilities in Microsoft Azure’s identity and access management platform that could have been exploited for a potentially cataclysmic takeover of all Azure customer accounts.
Known as Entra ID, the system stores each Azure cloud customer’s user identities, sign-in access controls, applications, and subscription management tools. Mollema has studied Entra ID security in depth and published multiple studies about weaknesses in the system, which was formerly known as Azure Active Directory. But while preparing to present at the Black Hat security conference in Las Vegas in July, Mollema discovered two vulnerabilities that he realized could be used to gain global administrator privileges—essentially god mode—and compromise every Entra ID directory, or what is known as a “tenant.” Mollema says that this would have exposed nearly every Entra ID tenant in the world other than, perhaps, government cloud infrastructure.
“I was just staring at my screen. I was like, ‘No, this shouldn’t really happen,’” says Mollema, who runs the Dutch cybersecurity company Outsider Security and specializes in cloud security. “It was quite bad. As bad as it gets, I would say.”
The US is now the largest investor in commercial spyware
Security - Posted On:2025-09-11 10:30:01 Source: arstechnica
The United States has emerged as the largest investor in commercial spyware—a global industry that has enabled the covert surveillance of journalists, human rights defenders, politicians, diplomats, and others, posing grave threats to human rights and national security.
In 2024, 20 new US-based spyware investors were identified, bringing the total number of American backers of this technology to 31. This growth has largely outpaced other major investing countries such as Israel, Italy, and the United Kingdom, according to a new report published today by the Atlantic Council.
The study surveyed 561 entities across 46 countries between 1992 and 2024, identifying 34 new investors. This brings the total to 128, up from 94 in the dataset published last year.
Sextortion with a twist: Spyware takes webcam pics of users watching porn
Security - Posted On:2025-09-04 19:15:00 Source: arstechnica
Sextortion-based hacking, which hijacks a victim's webcam or blackmails them with nudes they're tricked or coerced into sharing, has long represented one of the most disturbing forms of cybercrime. Now one specimen of widely available spyware has turned that relatively manual crime into an automated feature, detecting when the user is browsing pornography on their PC, screenshotting it, and taking a candid photo of the victim through their webcam.
On Wednesday, researchers at security firm Proofpoint published their analysisof an open-source variant of “infostealer” malware known as Stealerium that the company has seen used in multiple cybercriminal campaigns since May of this year. The malware, like all infostealers, is designed to infect a target's computer and automatically send a hacker a wide variety of stolen sensitive data, including banking information, usernames and passwords, and keys to victims' crypto wallets. Stealerium, however, adds another, more humiliating form of espionage: It also monitors the victim's browser for web addresses that include certain NSFW keywords, screenshots browser tabs that include those words, photographs the victim via their webcam while they're watching those porn pages, and sends all the images to a hacker—who can then blackmail the victim with the threat of releasing them.
“When it comes to infostealers, they typically are looking for whatever they can grab,” says Selena Larson, one of the Proofpoint researchers who worked on the company's analysis. “This adds another layer of privacy invasion and sensitive information that you definitely wouldn't want in the hands of a particular hacker.”
Blame the governor! Oklahoma’s “board meeting porn” scandal goes gonzo.
Security - Posted On:2025-07-31 16:15:00 Source: arstechnica
Only a week has passed since two Oklahoma Board of Education members complained about seeing nude women appear on a TV set during an official board meeting. And yet we've already reached the "just asking questions" stage of the scandal lifecycle, with the state's hard-right education boss wondering aloud if Oklahoma's governor might not be behind the whole thing.
On the surface, this appears an odd reaction. One might have expected Superintendent of Public Instruction Ryan Walters to agree with his outraged board members. You know, a sort of "Together we will unmask the degenerates who are making a mockery of our meetings with their streaming retro pornography!"
But no. Walters first put out a press release, titled "Response to the Most Absurd, False, and Gutter Political Attack from a Desperate, Failing Establishment," in which he said that "any suggestion that a device of mine was used to stream inappropriate content on the television set is categorically false."
St. Paul, MN, was hacked so badly that the National Guard has been deployed
Security - Posted On:2025-07-31 08:45:00 Source: arstechnica
Hacking attacks—many using ransomware—now hit US cities every few days. They are expensive to mitigate and extremely disruptive. Abilene, Texas, for instance, had 477 GB of data stolen this spring. The city refused to pay the requested ransom and instead decided to replace every server, desktop, laptop, desk telephone, and storage device. This has required a "temporary return to pen-and-paper systems" while the entire city network is rebuilt, but at least Abilene was insured against such an attack.
Sometimes, though, the hacks hit harder than usual. That was the case in St. Paul, Minnesota, which suffered a significant cyberattack last Friday that it has been unable to mitigate. Things have gotten so bad that the city has declared a state of emergency, while the governor activated the National Guard to assist.
According to remarks by St. Paul Mayor Melvin Carter, the attack was first noticed early in the morning of Friday, July 25. It was, Carter said, "a deliberate, coordinated digital attack, carried out by a sophisticated external actor—intentionally and criminally targeting our city’s information infrastructure."
St. Paul, MN was hacked so badly that the National Guard has been deployed
Security - Posted On:2025-07-30 17:15:01 Source: arstechnica
Hacking attacks—many using ransomware—now hit US cities every few days. They are expensive to mitigate and extremely disruptive. Abilene, Texas, for instance, had 477 GB of data stolen this spring. The city refused to pay the requested ransom and instead decided to replace every server, desktop, laptop, desk telephone, and storage device. This has required a "temporary return to pen-and-paper systems" while the entire city network is rebuilt, but at least Abilene was insured against such an attack.
Sometimes, though, the hacks hit harder than usual. That was the case in St. Paul, Minnesota, which suffered a significant cyberattack last Friday that it has been unable to mitigate. Things have gotten so bad that the city has declared a state of emergency, while the governor activated the National Guard to assist.
According to remarks by St. Paul Mayor Melvin Carter, the attack was first noticed early in the morning of Friday, July 25. It was, Carter said, "a deliberate, coordinated digital attack, carried out by a sophisticated external actor—intentionally and criminally targeting our city’s information infrastructure."
Microsoft to stop using China-based teams to support Department of Defense
Security - Posted On:2025-07-26 07:30:00 Source: arstechnica
Last week, Microsoft announced that it would no longer use China-based engineering teams to support the Defense Department’s cloud computing systems, following ProPublica’s investigation of the practice, which cybersecurity experts said could expose the government to hacking and espionage.
But it turns out the Pentagon was not the only part of the government facing such a threat. For years, Microsoft has also used its global workforce, including China-based personnel, to maintain the cloud systems of other federal departments, including parts of Justice, Treasury and Commerce, ProPublica has found.
This work has taken place in what’s known as the Government Community Cloud, which is intended for information that is not classified but is nonetheless sensitive. The Federal Risk and Authorization Management Program, the US government’s cloud accreditation organization, has approved GCC to handle “moderate” impact information “where the loss of confidentiality, integrity, and availability would result in serious adverse effect on an agency’s operations, assets, or individuals.”
North Korean hackers ran US-based “laptop farm” from Arizona woman’s home
Security - Posted On:2025-07-25 19:30:00 Source: arstechnica
Christina Chapman, a 50-year-old Arizona woman, has just been sentenced to 102 months in prison for helping North Korean hackers steal US identities in order to get "remote" IT jobs with more than 300 American companies, including Nike. The scheme funneled millions of dollars to the North Korean state.
Why did Chapman do it? In a letter sent this week to the judge, Chapman said that she was "looking for a job that was Monday through Friday that would allow me to be present for my mom" who was battling cancer. (Her mother died in 2023.) But "the area where we lived didn't provide for a lot of job opportunities that fit what I needed. I also thought that the job was allowing me to help others."
She offered her "deepest and sincerest apologies to any person who was harmed by my actions," thanked the FBI for busting her, and said that when she gets out of prison, she hopes to "pursue the books that I have been working on writing and starting my own underwear company."
Hackers—hope to defect to Russia? Don’t Google “defecting to Russia.”
Security - Posted On:2025-07-24 16:45:01 Source: arstechnica
To the casual observer, cybercriminals can look like swashbuckling geniuses.
They possess technical skills formidable enough to penetrate the networks of the biggest companies on the planet.
They cover their tracks using technology that is arcane to most people—VPNs, encrypted chat apps, onion routing, aliases in dark web forums.