Using WinRAR? Be sure to patch against these code execution bugs…

Imagine if you clicked on a harmless-looking image, but an unknown application fired up instead...

S3 Ep146: Tell us about that breach! (If you want to.)

Serious security stories explained clearly in plain English - listen now. (Full transcript available.)

S3 Ep144: When threat hunting goes down a rabbit hole

Latest episode - check it out now!

Urgent! Apple fixes critical zero-day hole in iPhones, iPads and Macs

Don't delay, do it today. This is a code-implantation bug in WebKit that attackers already know how to exploit.

Gozi banking malware “IT chief” finally jailed after more than 10 years

Gozi threesome from way back in the late 2000s and early 2010s now all charged, convicted and sentenced. The DOJ got there in the end...

S3 Ep136: Navigating a manic malware maelstrom

Latest episode - listen now. Full transcript inside...

Ransomware tales: The MitM attack that really had a Man in the Middle

Another traitorous sysadmin story, this one busted by system logs that gave his game away...

Bootkit zero-day fix – is this Microsoft’s most cautious patch ever?

When blocking buggy bootup modules, you have to be really careful not to lock your keys inside the car...

World Password Day: 2 + 2 = 4

We've kept it short and simple, with no sermons, no judgmentalism, no tubthumping... and no BUY NOW buttons. Have a nice day!

Apple delivers first-ever Rapid Security Response “cyberattack” patch – leaves some users confused

Just when we'd got used to three-numbered versions, such as "13.3.1", here comes an update suffix, bringing you "13.3.1 (a)"...

Einstein tilings – the amazing “Hat” shape that never repeats!

Imagine tiling a whole football field using a single shape... yet not being able to produce a repeating pattern, even if you wanted to.

Dangerous Android phone 0-day bugs revealed – patch or work around them now!

Despite its usually inflexible 0-day disclosure policy, Google is keeping four mobile modem bugs semi-secret due to likely ease of exploitation.

Dutch suspect locked up for alleged personal data megathefts

Undercover Austrian "controlled data buy" leads to Amsterdam arrest and ongoing investigation. Suspect is said to steal and sell all sorts of data, including medical records.

The horror! The horror! NOTEPAD gets tabbed editing (very briefly)

Is there a special meaning of "don't" that means "go right ahead"?

Critical “10-out-of-10” Linux kernel SMB hole – should you worry?

It's serious, it's critical, and you could call it severe... but in HHGttG terminology, it's probably "mostly harmless".

S3 Ep113: Pwning the Windows kernel – the crooks who hoodwinked Microsoft [Audio + Text]

Return o' the rookit, super-sneaky wireless spyware, credit card skimming, and patches galore. Listen and learn!

COVID-bit: the wireless spyware trick with an unfortunate name

It's not the switching that's the problem, it's the switching of the switching!

How to hack an unpatched Exchange server with rogue PowerShell code

Review your servers, your patches and your authentication policies - there's a proof-of-concept out

Public URL scanning tools – when security leads to insecurity

Never make your users cry/By how you use an API

When cops hack back: Dutch police fleece DEADBOLT criminals (legally!)

Crooks: Show us the money! Cops: How about you show us the decryption keys first?

Zoom for Mac patches sneaky “spy-on-me” bug – update now!

Hey! That back door isn't supposed to be there at all, let alone propped open...

JavaScript bugs aplenty in Node.js ecosystem – found automatically

How to get the better of bugs in all the possible packages in your supply chain?

Breaching airgap security: using your phone’s gyroscope as a microphone

One bit per second makes the Voyager probe data rate seem blindingly fast. But it's enough to break your security assumptions...

Paying ransomware crooks won’t reduce your legal risk, warns regulator

"We paid the crooks to keep things under control and make a bad thing better"... isn't a valid excuse. Who knew?

S3 Ep82: Bugs, bugs, bugs (and Colonial Pipeline again) [Podcast]

Latest episode - lots to learn - plain English - fun with a serious side - listen now!

“VMware Spring Cloud Function” Java bug gives instant remote code execution – update now!

Easy unauthenticated remote code execution - PoC code already out

Cryptocoin ATMs ruled illegal – “Shut down at once”, says regulator

If you live in the UK and hadn't yet heard of cryptocoin ATMs... it's too late now!

Microsoft blocks web installation of its own App Installer files

It's a big deal when a vendor decides to block one of its own "features" for security reasons. Here's why we think it's a good idea.

S3 Ep55: Live malware, global encryption, dating scams, and secret emanations [Podcasts]

Latest episode - listen now! (And sign up for our forthcoming Live Malware Demo at the same time.)