Facebook’s Delegated Recovery delegates account-recovery permissions to third-party accounts controlled by the user. GitHub is the program’s first partner.

Facebook is letting users tie a physical security key to their account as an added layer of security.

Facebook dismisses a researcher who says multimedia content sent via Facebook Messenger can be intercepted by a third party under certain conditions.

Claims of a security hole in WhatsApp’s messenger app were shot down by WhatsApp, which called the allegations false.

A bug bounty hunter earned $5,000 for a Facebook hack that allowed him to bypass security protection and access any Facebook user’s true email address.

Facebook makes freely available an internal tool used to monitor CT logs for new TLS certificates issued for a domain. Users can monitor and audit this information for malicious or mistakenly issued certs.

Researchers have spotted an increase in Nemucod downloader infections moving via Facebook Messenger spam, with some victims being infected with Locky ransomware.

Academics audited the popular end-to-end encryption app Signal and their findings are encouraging.

The Article 29 Working Party, an EU privacy coalition urges WhatsApp to clarify that user information shared between the company and Facebook is compliant with data protection laws on the books in Europe.

Facebook announced this week that its paid out more than $5 million to 900 researchers in the five years since it implemented its bug bounty program.