An OpenSSL update released on Thursday patched three vulnerabilities included one rated high severity in TLS connections using the ChaCha20-Poly 1305 ciphersuite.

Academics audited the popular end-to-end encryption app Signal and their findings are encouraging.

Siemens is warning customers of a local privilege escalation vulnerability that leaves over a dozen models of its SCADA equipment open to attack.

Yahoo’s latest SEC filing includes confirmation that it knew attackers were on its network in 2014 and stole information on 500 million accounts.

Mobile app developers need to be aware of improper OAuth 2.0 implementations that have put one billion mobile apps at risk to takeover.

A phishing campaign is targeting some of the 22 million victims of the massive United States Office of Personnel Management breaches of 2014 and 2015.

Google’s Safe Browsing program expands to include “Repeat Offender” websites in blacklisting program.

An issue in iOS WebView that is trivial to exploit can give an attacker the ability to trigger phone calls from a targeted device, researcher Collin Mulliner said.

The banking Trojan TrickBot is evolving fast, according to researchers, and within weeks will expand its victim list and attack scope.

Microsoft released 14 security bulletins today, six rated critical. Among the fixes is a patch for a Windows kernel zero-day vulnerability disclosed by Google that was being used in attacks by the Sofacy APT gang.