man in the middle
Apple just patched an SSL/TLS bug in iOS - but the flaw is not yet fixed in OS X.
Paul Ducklin comes to the rescue with explanations, mitigations, and even an unofficial patch! (For educational purposes only, you understand.)
If you have web-facing code written in Ruby, and you support SSL (which you do, right?), be sure to patch as soon as you can, to avoid falling victim to what seems very much like a four-year-old flaw...
A security researcher has published a proof-of-concept attack on Instagram for iOS that would allow malicious users to remotely hijack victims' accounts, delete or download photos, and tinker with profile details.
Six German academics have taken on the question, "Just how well-informed are Android developers, and how much can we trust them to do web security properly?"
It seems the answer is, "Not enough."
Security researchers have captured 120,000 emails intended for Fortune 500 companies by exploiting a basic typo.
The emails included trade secrets, business invoices, personal information about employees, network diagrams and passwords.