Signal is testing out a new private contact discovery service that will let the app determine if a user has Signal contacts in their address book, but forbid its servers from accessing the users’ address book.

Google’s Project Zero released a proof-of-concept attack against a Wi-Fi firmware vulnerability in Broadcom chips that backdoors the iPhone 7. The flaw was patched in iOS 11.

Oracle released fixes for a handful of recently patched Apache Struts 2 vulnerabilities late last week.

Researcher Patrick Wardle has discovered a critical vulnerability that allows an attacker to dump passwords in plaintext from the macOS Keychain. The vulnerability is in macOS High Sierra, Sierra and El Capitan, and has yet to be patched.

IOActive analyzed 21 mobile stock trading platforms and found vulnerabilities that put transactions and personal information at risk. Of the 13 firms notified, only two acknowledged the disclosure.

Deloitte, one of the “big four” global accounting firms, admitted it fell victim to a cyber attack last year but downplayed the incident on Monday saying it only affected a few of its high profile clients.

Researchers settle PIN versus pattern debate with study that proves a low-tech hack makes cracking an unlock screen simple.

Mike Mimoso talks to Chris Vickery of Upguard of the recent rash of Amazon S3 data leaks.

Adobe suffered at a minimum a PR black eye on Friday when one of its private PGP keys was inadvertently published to its Product Incident Security Response Team (PSIRT) blog.

Verizon is the latest company to leak confidential data through an exposed Amazon S3 bucket.