Posted by Eric Lynch, Product Manager, Android and Dom Elliott, Group Product Manager, Google Play Modern digital security is at a turning point. We are on the threshold of using quantum computers to solve “impossible” problems in drug discovery, materials… Read More "Implementing Post-Quantum Cryptography in Android"
OPINION Your perimeter is hardened, your SOC is on high alert for zero-days, and your firewalls are pristine. But while you’re watching the fences, the adversary is walking through the front door with a smile and a valid employee ID.… Read More "Your Next Breach Will Look Like Business as Usual"
Security experts have warned users to beware of malicious Chrome extensions designed to secretly monitor and exfiltrate users’ AI conversations. Expel explained in a blog post, published on March 24, that it had observed “several dozen” incidents in the past… Read More "Experts Sound Alarm Over “Prompt Poaching” Browser Extensions"
Microsoft security researchers discovered that a third-party Android SDK widely used in cryptocurrency wallet applications is affected by a severe vulnerability that could expose highly sensitive information. The vulnerability was found in EngageLab’s EngageSDK, which is designed for managing messaging… Read More "Microsoft Finds Vulnerability Exposing Millions of Android Crypto Wallet Users"
Posted by Jiacheng Lu, Software Engineer, Google Pixel Team Google is continuously advancing the security of Pixel devices. We have been focusing on hardening the cellular baseband modem against exploitation. Recognizing the risks associated within the complex modem firmware, Pixel… Read More "Bringing Rust to the Pixel Baseband"
No one checked oversized requests While the previous authorization bypass was triggered when request Content-Length was set to 0, no one checked at the time what would happen in the same function if the request exceeded a certain size. “When… Read More "Old Docker authorization bypass pops up despite previous patch"
A widely used Python package with more than 95 million monthly downloads has been compromised with credential-stealing malware, expanding the ongoing supply chain campaign linked to the TeamPCP threat group. The newly discovered compromise affects the LiteLLM package on PyPI… Read More "TeamPCP Expands Supply Chain Campaign With LiteLLM PyPI Compromise"
Anthropic said this week that the debut of its new Claude Mythos Preview model marks a critical juncture in the evolution of cybersecurity, representing an unprecedented existential threat to existing software defense strategies. So, is it more AI hype—or a… Read More "Anthropic’s Mythos Will Force a Cybersecurity Reckoning—Just Not the One You Think"
A threat actor built an exploit for a critical-severity vulnerability in Marimo and started using it in attacks roughly nine hours after the bug’s public disclosure, cloud security firm Sysdig reports. Marimo is an open source reactive notebook for Python… Read More "Critical Marimo Flaw Exploited Hours After Public Disclosure"
The US Federal Communications Commission (FCC) has banned the import and sale of all “consumer-grade” internet routers produced in a foreign country, citing “an unacceptable risk” to the national security of the US. The ban, announced in an FCC public… Read More "US: FCC Bans Foreign-Made Routers Over National Security Concerns"
