Security news aggregator

Latest coverage for TOR

Tor is an anonymity network that routes traffic through relays, supporting privacy while also complicating the investigation of online abuse.

4 headlines in this view

Refine the feed

Search across headline titles and summaries.

Tag briefing

Background for this topic.

Tor is an open-source privacy network that routes Internet traffic through a sequence of volunteer-operated relays. Layered encryption limits what each relay can learn about the connection, helping users resist traffic monitoring, censorship, and location tracking. Tor also supports onion services, which are reachable within Tor without exposing a conventional server address. It provides anonymity protections, not a guarantee of anonymity or confidentiality.

Security practitioners should remember that Tor does not encrypt traffic beyond the network: an exit relay can observe unencrypted application data, so HTTPS and secure application design remain necessary. Endpoint compromise, unsafe browser configuration, fingerprinting, or opening downloaded content can also identify or harm a user. A powerful observer may correlate traffic entering and leaving the network. In enterprise investigations, Tor connections are useful leads but weak attribution evidence because many unrelated users share relay addresses; correlate them with authentication, endpoint, and application telemetry rather than treating a Tor IP as proof of malicious activity.

Showing 4 most recent headlines Filtered view

USB .lnk malware steals crypto via clipboard hijack, replaces wallet addresses, steals seed phrases, and screenshots. Microsoft Threat Intelligence has been tracking a clipboard-stealing malware (Clipper) campaign since February 2026 that targets cryptocurrency wallets. A clipper is a type of malicious software that monitors and manipulates your clipboard, the temporary memory where data is stored […]

Microsoft has disclosed details of a Windows-based cryptocurrency clipper campaign that has targeted users since February 2026 with clipboard-intercepting malware with self-spreading capabilities and using the Tor anonymity network to hide communication

Microsoft Threat Intelligence analyzed a cryptocurrency clipper campaign that combines clipboard theft, wallet replacement, Tor-based communications, and worm-like propagation. Beyond stealing cryptocurrency transactions, the malware establishes persistent access and enables follow-on activity through a lightweight backdoor capability. The post Crypto Clipper uses Tor and worm-like propagation for persistence and control appeared first on Microsoft Security Blog.