These days, it’s nearly impossible to traverse the web without leaving some trace of your activity. That’s thanks to a panopticon of cookies, keystroke loggers, fingerprinting, tracking pixels, and probably some other horrors that haven’t even come to light. Maybe that sounds paranoid, but it’s exactly what researchers in Austria uncovered in bombshell new cybersecurity research.

According to the recently released paper, first spotted by Ars Technica, researchers have uncovered a type of no-interaction attack that websites can easily run to access data stored in your computer.

It’s called FROST, which stands for “fingerprinting remotely using OPFS-based SSD timing.” It’s a mouthful for sure, but it basically allows malicious websites to spy on your computer activity, all without installing any software or tricking you into clicking sketchy email links.

Per the researchers, it works by taking advantage of your computer’s solid state drive (SSD), the internal storage devices which have largely taken over from magnetic hard drives on the consumer market. Whenever you visit a site, your computer’s SSD starts buzzing with activity, allowing webpages to store temporary files for your browsing pleasure.

FROST attacks take advantage of this by creating a massive file — we’re talking several gigabytes — which functionally blocks your computer from moving what it sees as temporary web data out of the SSD. While that mammoth file is being processed, however, the malicious website is able to probe the timing of incoming data from other sites, generating data which can then be analyzed through a machine learning model to predict what else you’re doing online.

While “predict” suggests the attacker is guessing, the FROST method is scary good at identifying what a victim’s doing on their computer. Researchers write that by using this technique, their machine learning model was able to predict which sites a user would access with an accuracy rate of 88.95 percent, and could accurately predict accessed applications 95.83 percent of the time.

Worse, the whole thing works regardless of what browser you use — because it works through your SSD, an attacker can theoretically track your web browsing on Firefox based on a website accessed via Google Chrome. Researchers only experimented with the technique on Mac and Linux devices, but caveated that Windows devices are not immune.

“In principle, it would be possible to train a model on any system activity that reliably generates SSD accesses,” the study’s lead author, Hannes Weissteiner, told Ars.

While FROST represents the kind of vulnerability that probably needs to be patched by web developers, Ars notes that you can mitigate the risks by closing website tabs as soon as you’re done with them. It isn’t much, but it could prevent you from becoming the next victim of a scary new kind of cyberattack.

More on web development: New Website Detects Apocalypse If Billionaire Jets Start Fleeing en Masse

The post Websites Are Spying on Your Solid State Drive appeared first on Futurism.

Monstrous defeats keep coming for Mike Lindell, the notorious entrepreneur behind the MyPillow brand and one-time advisor to Donald Trump.

According to Straight Arrow News, a clique of hackers known as “Play” is claiming to have accessed a huge chunk of private data from MyPillow, which it’s now holding hostage. Per the outlet, which viewed a communique from the gang, the hackers now have access to “private and personal confidential data, clients’ documents, budget, payroll, IDs, taxes, finance information and etc.”

Lindell’s company has been given until Friday, May 29 to respond — or else its data will be published online, the hackers threatened. The amount they’re trying to extort hasn’t been disclosed, and neither the hackers nor MyPillow responded to Straight Arrow‘s requests for comment.

Play first appeared in 2022, when it orchestrated cyber attacks throughout the US, Brazil, Germany, and Switzerland, among others. Their targets tend to be those associated with government functionaries, like the Argentinian judiciary, and an IT firm contracted by the Swiss Federal Department of Finance.

In that vein, a successful attack on Lindell would be a major trophy. The entrepreneur first met Trump in the run-up to the 2016 presidential election, a relationship which blossomed as the would-be president ferried the increasingly crankish Lindell around rallies across the country.

In 2020, Lindell briefly served as Trump’s reelection campaign chair, then nearly ran for governor of Minnesota with his blessings. Later in November of 2022, Lindell ran for Chair of the Republican National Committee, though he lost after receiving only 2.4 percent of the total votes.

Now in 2026, the MyPillow founder is once again running for governor of Minnesota, having filed all the corresponding paperwork — which is more than he did last election cycle. That said, the hack comes as his finances and personal life are now under perhaps more scrutiny than they’ve ever been. Given his ties to Trump, who appears to be backing him again in the 2026 election, there could conceivably be some fascinating details lurking in the MyPillow archives.

Whether Lindell can pony up to keep them hidden remains to be seen: in April of 2025 he admitted that he didn’t even have “5 cents” to his name, owing to an avalanche of civil suits and federal investigations stemming from his political antics.

More on hacking: Riot Games Denies Using Anti-Cheat Software That Bricks Hackers’ Computers

The post The MyPillow Guy’s Entire Business is Being Held Hostage by Hackers appeared first on Futurism.