Four common API vulnerabilities and how to prevent them
Proper security measures are one of the most important aspects of building an application programming interface, or API. It’s great for an API to connect systems and give …
How Facebook and Google nudge users to make anti-privacy choices
Facebook, Google and Microsoft use design techniques and tricks to steer users toward sharing more information about themselves to benefit those businesses, the Norwegian …
Google lays groundwork for secure offline app distribution
Google will start adding security metadata to Android application packages (APKs) distributed via Google Play, so that users with limited internet access can check whether the …
3,000+ mobile apps leaking data from unsecured Firebase databases
Appthority published research on its discovery of a new HospitalGown threat variant that occurs when app developers fail to require authentication to Google Firebase …
Google removes inline installation option for Chrome extensions
Google is shutting down an often used vector for delivering malicious Chrome extensions to users by removing the inline installation option. What will happen? The announcement …
New Spectre-like flaw found in CPUs using speculative execution
A new flaw that can allow an attacker to obtain access to sensitive information on affected systems has been discovered in modern CPUs. CVE-2018-3639, discovered by …
Chrome to dynamically point out “Not secure” HTTP sites
Google expects HTTPS to become the default, and is preparing users for it by slowly moving Chrome towards showing only negative security indicators. Google’s own numbers …
Google will force Android OEMs to push out security patches regularly
Android P, the ninth major version of the widely-used mobile OS, is expected to be released later this year. Google has already announced a slew of security and privacy …
Amazon to kill off censorship-foiling domain fronting option
Secure messaging services and other privacy-oriented tools that rely on domain fronting to foil censorship efforts by various countries have been dealt a severe blow in the …
Easily exploited flaw in Microsoft Malware Protection Engine allows total system compromise
A critical and extremely easily exploitable vulnerability in the Microsoft Malware Protection Engine (MMPE) has been patched through an out-of-band security update pushed out …
Google to purge cryptomining extensions from Chrome Web Store
In a bid to prevent Chrome users’ computers being covertly used for cryptocurrency mining, Google will try to purge the Chrome Web Store of extensions that hijack …
March Patch Tuesday forecast: In like a lamb, out like a lion
It’s March and up here in the Midwest we have a saying for this early spring month, “In like a lamb, out like a lion.” Often the month of March comes with a …
Featured news
Resources
Don't miss
- Banshee Stealer variant targets Russian-speaking macOS users
- Ivanti Connect Secure zero-day exploited since mid-December (CVE-2025-0282)
- GitLab CISO on proactive monitoring and metrics for DevSecOps success
- Sara: Open-source RouterOS security inspector
- Cybersecurity in 2025: Global conflict, grown-up AI, and the wisdom of the crowd