Zeljka Zorz
Many popular Android apps fail to encrypt login credentials
Using encryption to protect mobile traffic and especially the exchange of credentials between the user and company servers should be a must in this day and age. Unfortunately, …
New Drupal versions fix admin account hijack flaw
New versions of popular open source content management system Drupal are out, and fix a series of vulnerabilities, including a critical one that can result in an attacker …
Microsoft’s anti-surveillance website was hacked
Digital Constitution – a dedicated website Microsoft set up to keep users informed of its efforts to counter US government’s attempts to access customer emails the …
Why LinkedIn chose to keep its bug bounty program private
Bug bounty programs have become de rigueur for tech and Internet companies that want to improve the security of their products by (partly) outsourcing bug discovery. But while …
Reddit announces switch to HTTPS-only
With a short note posted on the site’s developers subreddit, reddit – the so-called “front page of the internet” – has announced that starting with …
Unpatched OS X, iOS flaws allow password, token theft from keychain, apps
Six researchers from Indiana University Bloomington, Peking University and Georgia Tech have recently published a paper in which they detail the existence of critical security …
Let’s Encrypt CA to issue its first cert
Let’s Encrypt, a non-profit certificate authority (CA) set up by the Electronic Frontier Foundation, Mozilla, Cisco, Akamai, IdenTrust, and researchers at the University …
Keyboard app bug puts millions of Samsung mobile users at risk, researcher claims
A vulnerability in the Swift keyboard, which comes pre-installed on Samsung mobile devices, can be exploited by remote attackers to secretly install malicious apps, access the …
Newly patched Flash Player bug exploited to deliver crypto ransomware
“It took less than a week for a functional exploit for a recently patched Adobe Flash Player vulnerability to be added to the Magnitude exploit kit, Trend Micro …
Google announces reward program for Android bugs
Google has announced that it will start paying researchers for information about vulnerabilities affecting Android.The Android Security Rewards are incremental. “For …
LastPass breached, hashed master passwords compromised
LastPass, the company behind the popular password management service of the same name, has announced on Monday that they have suffered a breach, and has urged users to verify …
Trojan uses steganography to hide itself in image files
“The Dell SecureWorks CTU research team has recently analyzed a piece of malware that uses digital steganography to hide part of its malicious code. Stegoloader, as they …
Featured news
Resources
Don't miss
- AWS launches new cloud security features
- Chaining two LPEs to get “root”: Most Linux distros vulnerable (CVE-2025-6018, CVE-2025-6019)
- Kernel-level container insights: Utilizing eBPF with Cilium, Tetragon, and SBOMs for security
- AI is changing cybersecurity roles, and entry-level jobs are at risk
- From cleaners to creepers: The risk of mobile privilege escalation