(get it in RSS or Atom)

Microsoft Word Intruder gets down to business: Operation Pony Express

Still not convinced about patching promptly?

Gabor Szappanos of SophosLabs goes behind the scenes of a Microsoft Word based malware campaign...

"Stagefright - are we in the clear now?" [Chet Chat Podcast 214]

Listen to Sophos experts Chester Wisniewski and Paul Ducklin in the latest episode of our weekly security podcast...

Apple iOS 9 is out - with a LOT of security holes patched

As usual, we recommend updating as soon as you can, for the fixes much more than the features.

We hashed them once, we hashed them twice! 60 Second Security

Out weekly wrap-up video.

Watch (and smile!) in just 1 minute...

Android's Stagefright is back! Here’s what you need to know

Exploit code for the Stagefright vulnerability is now public.

But it's not all bad news: we explain the risk and how to avoid it...

Anatomy of a malicious email: Crooks exploiting recent Word hole

Crooks have recently been using CVE-2015-1641, a Word bug that was patched in April 2015.

We explain why you really, really want to patch!

What part of "Prohibited" don't you understand? 60 Second Security

Enjoy the latest episode of our weekly 1-minute video - short and sweet security!

Avoid that cyberflash - 60 Second Security

Here's our weekly 1-minute video: Android, Adobe and Apple's AirDrop all get a look in this time.

Apple issues updates for lots of critical holes - patch now!

Whether you believe in Mac malware or not, you still need the latest Apple patches to close off numerous critical holes.

Another Android hole: "OCtoRuTA" - One (Java) Class to Rule Them All

Yet another large-scale vulnerability has been revealed in Android.

This one lets an otherwise innocent-looking app go rogue, and enjoy privileges normally limited to the trusted parts of Android.

Firefox zero-day hole used against Windows and Linux to steal passwords

Poisoned ads have been helping to siphon off passwords from Windows and Linux computers in an attack apparently aimed at developers.

Xen fixes another "virtual machine escape" bug


Last time it was the floppy disk drive that let crooks squeeze out of jail - this time, the virtual CD-ROM is their springboard...

Apple puts a stop to invoice poisoning bug


The vulnerability posed "a significant risk to buyers, sellers or Apple website managers/developers".

Beyond the breaches: Understanding the Angler exploit kit

Crimeware expert Fraser Howard tells you what you need to know about Angler - the current "market leader" in the exploit kit scene.

A must-read report if you want to bolster your defences...

If you make everybody use weaker locks, it's burglars who benefit! 60 Sec Security [VIDEO]

Security can be's the latest episode of our weekly 1-minute video.


Another "Hacking Team" zero-day surfaces - this time in IE, not Flash!

Yet another zero-day has been dragged out of the data dump from hacked Italian security outfit Hacking Team.

Microsoft was all over this in double-quick time, so get the patch!

Did Firefox listen to Facebook and just kill Flash? (No, but there's another patch!)

Did Firefox listen to Facebook and just kill Flash? (No, but there's another patch!)

The OpenSSL "CVE-2015-1793" certificate verification bug - what you need to know


OpenSSL announced on Monday that it had a "high severity" update arriving in three days' time.

That's today, and the update is out. Paul Ducklin tells you what you need to know...

Flash malware that gives you a free security update

Malware that patches Flash for you after it's broken in?

Sadly, it's not all about fact, it's not about you at all.