Apple fixes iPhone bug that let FBI retrieve deleted Signal messages(CVE-2026-28950)
Apple has rolled out security updates for iPhones and iPads that fix CVE-2026-28950, a logging issue in Notification Services that made devices unexpectedly retain …
Which messaging app takes the most limited approach to permissions on Android?
Messaging apps handle sensitive conversations, contacts, and media, and their behavior on a device varies in ways that affect privacy. An analysis of Android versions of …
Russian hackers go after high-value targets through Signal
Russian intelligence-linked hackers are targeting commercial messaging platforms, with Signal a primary focus, the FBI and CISA warn. The campaign is aimed at individuals of …
Russian hackers crack into officials’ Signal and WhatsApp accounts
Russian state hackers are trying to break into Signal and WhatsApp accounts used by diplomats, military staff, and government officials worldwide, Dutch intelligence agencies …
State-backed phishing attacks targeting military officials and journalists on Signal
German security authorities are warning that a likely state-backed hacking group is engaged in attempts at phishing senior political figures, military officials, diplomats, …
ProSpy and ToSpy: New spyware families impersonating secure messaging apps
ESET researchers have found two Android spyware campaigns aimed at people looking for secure messaging apps such as Signal and ToTok. The attackers spread the spyware through …
Signal adds secure backup option for chat history
Losing a phone can mean losing years of conversations. Signal is rolling out a new secure backup feature to help users keep their messages safe without giving up privacy. The …
Signal blocks Microsoft Recall from screenshotting conversations
Signal has released a new version of its end-to-end encrypted communication app for Windows that prevents Microsoft Recall and users from screenshotting text-based …
CISA: Use Signal or other secure communications app
In the wake of the widespread compromise of US telecom giants’ networks by Chinese hackers and the FBI advising Americans to use end-to-end encrypted communications, …
Observations from Black Hat USA 2024, BSidesLV, and DEF CON 32
I recently spent six days in Las Vegas attending DEF CON, BsidesLV, and Black Hat USA 2024, where I had the opportunity to engage with and learn from some of the top security …
Google “confirms” that exploited Chrome zero-day is actually in libwebp (CVE-2023-5129)
UPDATE (September 28, 2023, 03:15 a.m. ET): The CVE-2023-5129 ID has been either rejected or withdrawn by the CVE Numbering Authority (Google), since it’s a duplicate of …
Signal takes a quantum leap with E2EE protocol upgrade
Signal has announced an upgrade to its end-to-end encryption (E2EE) protocol to protect users of its popular messaging app from encryption-breaking attacks through quantum …
Featured news
Resources
Don't miss
- Download: Automating Pentest Delivery Guide
- Open-source privacy proxy masks PII before prompts reach external AI services
- cPanel zero-day exploited for months before patch release (CVE-2026-41940)
- Cisco releases open-source toolkit for verifying AI model lineage
- Nine-year-old Linux kernel flaw enables reliable local privilege escalation (CVE-2026-31431)