(get it in RSS or Atom)

Google issues Android patches for Stagefright 2 (for some users)


First there was Stagefright, then more Android bugs of the same sort... us Stagefright 2 and another round of patches.

Apple swiftly closes hole in iOS 9 Lock screen

You can't use the recent "ask Siri" trick to sneak past the iOS 9 Lock screen any more.

"Give us an iOS 9 zero-day and we'll give you $1 million"


The firm willing to pay for breaking into iPhones and iPads was founded by a contractor who's sold such bugs to spy agencies.

Apple's App Store hit by the XCodeGhost of malware present

Until this week, the App Store was to malware what Earth was to the Hitchhiker's Guide: "Mostly Harmless."

Not any more...

Would you like to buy a Replay? 60 Second Security

Catch our latest weekly video - it only takes a minute!

"Stagefright - are we in the clear now?" [Chet Chat Podcast 214]

Listen to Sophos experts Chester Wisniewski and Paul Ducklin in the latest episode of our weekly security podcast...

Google fixes an Android Lollipop lockscreen bypass bug - how bad was it?


The exploit worked by entering an extremely long string of characters into the password field while the camera is open, causing the device to crash and return to the homescreen.

Apple iOS 9 is out - with a LOT of security holes patched

As usual, we recommend updating as soon as you can, for the fixes much more than the features.

We hashed them once, we hashed them twice! 60 Second Security

Out weekly wrap-up video.

Watch (and smile!) in just 1 minute...

Android's Stagefright is back! Here’s what you need to know

Exploit code for the Stagefright vulnerability is now public.

But it's not all bad news: we explain the risk and how to avoid it...

"The breach lasted a year. Or was it two?" [Chet Chat Podcast 213]

Join Sophos experts John Shier and Paul Ducklin for the latest episode of our security podcast.

A fun quarter-hour of "news you can use"...

Self-driving cars can be stopped with a laser pointer


Security researcher Jonathan Petit was able to launch a denial-of-service attack against a self-driving car by overwhelming the car's sensors with images of fake vehicles and other objects.

Anatomy of a malicious email: Crooks exploiting recent Word hole

Crooks have recently been using CVE-2015-1641, a Word bug that was patched in April 2015.

We explain why you really, really want to patch!

Unnoticed Firefox attacker had access to severe vulnerabilities for over a year


An attacker with access to security-sensitive information about the Firefox web browser went unnoticed for as much as two years, putting hundreds of millions of users at risk.

Microsoft Word Intruder Revealed - inside a malware construction kit

What happens when cybercrooks take a leaf out of the Advanced Persistent Threatsters' book?

Gabor Szappanos of SophosLabs investigates...

Uber hires the guys who hacked a Jeep to develop safer driverless cars


Charlie Miller and Chris Valasek, security researchers who caused huge headaches for Fiat Chrysler when they showed the world how to remotely hack a Jeep, have hacked their way into new jobs with Uber.

PayPal patches potential payment-stealing vulnerability

An XSS hole could apparently have allowed a crook to pop up a realistic PayPal "pay page" and steal the victim's card data.

Paul Ducklin takes a look...

How a crook could have taken over your Facebook pages

A Facebook bug hunter just found a hole through which crooks could take over your personal Facebook pages.

Facebook fixed it PDQ...

Meet "SexyCyborg" and her high-heeled shoes... with hacking tools inside!

Meet "SexyCyborg" and her high-heeled shoes... with hacking tools inside!

American TV show, Mr Robot, inspires Chinese web developer to create her own hacking toolkit - hidden away in her high heels.