EFF is dismayed by the cavalier attitude by law enforcement over warrantless searches of trillions of phone records and its refusal to turn over documents.

The Gooligan Android malware steals Google authentication tokens from mobile devices to breach user and corporate accounts.

Researchers found a third of the top WordPress e-commerce plugins contain severe vulnerabilities tied to XSS cross-site scripting, SQL injection and file manipulation flaws.

Attackers could exploit over-the-air updates in three million Android devices to remotely execute commands with root privileges via a man-in-the-middle (MiTM) attack.

Qualcomm and HackerOne are partnering for a bug bounty program that pays out up to $15,000 for vulnerabilities found in chipsets used in smartphones made by Samsung, LG and HTC.

A vulnerability in iOS 8, 9, 10, and even the most recent beta version, 10.2 beta 3, could allow an attacker to access photos and contacts on a locked iPhone.

Security experts warn iPhone call history data may be synced to iCloud accounts without user knowledge, making personal phone records an easy target for a determined third-party.

Academics audited the popular end-to-end encryption app Signal and their findings are encouraging.

Mobile app developers need to be aware of improper OAuth 2.0 implementations that have put one billion mobile apps at risk to takeover.

A phishing campaign is targeting some of the 22 million victims of the massive United States Office of Personnel Management breaches of 2014 and 2015.