Android phones not running the latest Oreo OS are vulnerable to a high-severity “toast” overlay attack.

Researchers find six previously unknown memory corruption and unlock-bypass vulnerabilities in major chipset vendors’ firmware code.

Google fixed 81 vulnerabilities, including 13 critical remote code execution bugs, in the September edition of its Android Security Bulletin on Tuesday.

The Onliner spambot, Google’s forthcoming Not Secure warnings for Chrome, the WireX botnet, Sarahah privacy and more are discussed.

Google began sending out notices to site owners this month who haven’t yet migrated from HTTP to HTTPS warning them that in October their sites will be marked “NOT SECURE.”

A large botnet of Android devices called WireX is responsible for large-scale application-layer DDoS attacks against businesses in the hospitality, porn and gambling industries.

More than 500 Android mobile apps have been removed from Google Play after it was discovered that an embedded advertising SDK called Igenix could be leveraged to quietly install spyware on devices.

IBM researchers have demonstrated a filesystem-level version of the Rowhammer attack against MLC NAND flash memory.

Ransomware called IKARUSdilapidated is managing to slip into unsuspecting organizations as an unknown file.

The impending demise of Adobe Flash will create legacy challenges similar to Windows XP as companies begin to wean themselves off the vulnerable code base.