Google’s top Android engineer describes how the attack surface is shrinking on the mobile operating system.

MedSec CEO Justine Bone said shorting companies to profit off discovered vulnerabilities is a viable business model for the security community.

Abuse of the Docker API allows remote code execution on targeted system, which enables hackers to escalate and persists thanks to novel attacks called Host Rebinding Attack and Shadow Containers.

As we approach the first anniversary of the ShadowBrokers, their true identity and source of their stolen NSA exploits remains a mystery.

A ransomware study released Google revealed the malware earned criminals $25 million over the past two years.

APT Cobalt Gypsy or OilRig, used a fake persona called “Mia Ash” to ensnare tech-savvy workers in the oil and gas industry into downloading PupyRAT malware.

Spyware called Adups found on millions of low-end phones is still collecting personal identifiable information of users despite public outcry.

Three radiation monitoring device vendors will not patch a handful of vulnerabilities that could be abused by hackers, including a backdoor that affords high privileges on one device.

At Black Hat, Facebook CSO Alex Stamos’ keynote message was one of bringing empathy and inclusion to security, and that it’s time to stop being insular.

Microsoft has said it will not patch a two-decade-old Windows SMB vulnerability, called SMBloris because it behaves comparably to the Slowloris attacks. The flaw will be disclosed and demonstrated during DEF CON.