JSON libraries using the JWE specification to create, sign and encrypt access tokens have been patched against an attack that allows for the recovery of a private key.

Google paid out $38,000 in bounty rewards tied to flaws it fixed with a Chrome 57 browser update.

The makers of the popular messaging app Confide said Wednesday it has patched multiple security vulnerabilities that could of allowed hackers to intercept messages sent using its secure end-to-end messaging platform.

FBI Director James Comey revived old rhetoric on strong encryption during a keynote at the Boston Conference on Cyber Security. He did not address the leak of CIA hacking tools or Russia during his talk.

Prosecutors with the U.S. Department of Justice dropped their case against a suspect who visited the dark web site child pornography site Playpen.

Prosecutors with the U.S. Department of Justice dropped their case against a suspect who visited the dark web site child pornography site Playpen.

A proof of concept bypass of Google’s CAPTCHA verification system uses Google’s own web-based tools to pull off the skirting of the system.

IOActive Labs released a report Wednesday warning that consumer, industrial, and service robots in use today have serious security vulnerabilities.

The ramifications of the recent SHA-1 collision attack have extended to Git and the Apache Subversion repository, both of which rely on the outdated and vulnerable hashing algorithm.

Mike Mimoso and Chris Brook recap RSA and discuss the news of the week including the impact of Cloudflare’s “Cloudbleed” bug, Google breaking SHA-1, and more.