Zenbleed: How the quest for CPU performance could put your passwords at risk

You need to turn on a special setting to stop (the code you wrote to stop [the code you wrote to improve performance] from reducing performance) from reducing security.

Ghostscript bug could allow rogue documents to run system commands

Even if you've never heard of the venerable Ghostscript project, you may have it installed without knowing.

Mac malware-for-hire steals passwords and cryptocoins, sends “crime logs” via Telegram

These malware peddlers are specifically going after Mac users. The hint's in the name: "Atomic macOS Stealer", or AMOS for short.

Ex-CEO of breached pyschotherapy clinic gets prison sentence for bad data security

Did the sentence fit the crime? Read the backstory, and then have your say in our comments! (You may post anonymously.)

FBI and FCC warn about “Juicejacking” – but just how useful is their advice?

USB charging stations - can you trust them? What are the real risks, and how can you keep your data safe on the road?

Popular server-side JavaScript security sandbox “vm2” patches remote execution hole

The security error was in the error handling system that was supposed to catch potential security errors...

Google Pixel phones had a serious data leakage bug – here’s what to do!

What if the "safe" images you shared after carefully cropping them... had some or all of the "unsafe" pixels left behind anyway?

Dangerous Android phone 0-day bugs revealed – patch or work around them now!

Despite its usually inflexible 0-day disclosure policy, Google is keeping four mobile modem bugs semi-secret due to likely ease of exploitation.

Tracers in the Dark: The Global Hunt for the Crime Lords of Crypto

Hear renowned cybersecurity author Andy Greenberg's thoughtful commentary about the "war on crypto" as we talk to him about his new book...

Dutch suspect locked up for alleged personal data megathefts

Undercover Austrian "controlled data buy" leads to Amsterdam arrest and ongoing investigation. Suspect is said to steal and sell all sorts of data, including medical records.

S3 Ep109: How one leaked email password could drain your business [Audio + Transcript]

Latest episode - listen now! Cybersecurity news plus loads of great advice...

Dangerous SIM-swap lockscreen bypass – update Android now!

A bit like leaving the front door keys under the doormat...

Psychotherapy extortion suspect: arrest warrant issued

Wanted! Not only the extortionist who abused the data, but also the CEO who let it happen.

S3 Ep106: Facial recognition without consent – should it be banned?

Latest episode - listen (or read) now. Teachable moments for X-Ops professionals!

Serious Security: How randomly (or not) can you shuffle cards?

What if you could guess the next card correctly twice as often as you should?

WhatsApp goes after Chinese password scammers via US court

If you can't beat 'em, sue 'em!

OpenSSL issues a bugfix for the previous bugfix

Fortunately, it's not a major bugfix, which means it's easy to patch and can teach us all some useful lessons.

Microsoft patches the Patch Tuesday patch that broke authentication

Remember the good old days when security patches rarely needed patches? Because security patches themlelves were rare enough anyway?

Firefox out-of-band update to 100.0.1 – just in time for Pwn2Own?

A new point-release of Firefox. Not unusual, but the timing of this one is interesting, with Pwn2Own coming up in a few days.

Android monthly updates are out – critical bugs found in critical places!

Android May 2022 updates are out - with some critical fixes in some critical places. Learn more...

S3 Ep77: Bugs, busts and old-school PDP-11 hacking [Podcast]

Latest episode - listen now! Cybersecurity news and advice in plain English.

Google’s monthly Android updates patch numerous “get root” holes

Get the update now... if it's available for your phone. Here's how to check.

Zlib data compressor fixes 17-year-old security bug – patch, errrm, now

This code is venerable! Surely all the bugs must be out by now?

OpenSSL patches infinite-loop DoS bug in certificate verification

When it comes to writing loops in your code... never sit on the fence!

“Dirty Pipe” Linux kernel bug lets anyone write to any file

Even read-only files can be written to, leading to a dangerously general purpose elevation-of-privilege attack.

Firefox update brings a whole new sort of security sandbox

Firefox 95.0 is out, with the usual security fixes... plus some funky new ones.