Millions of shiny new Android smartphones are being purchased with dangerous malware factory-installed, according to Google's own security research team. There have been multiple headlines about the millions of harmful apps being installed from the Play Store, but this is something new. And the danger to unsuspecting users, trusting that new boxed devices are safe and clean, is that some of that preinstalled malware can download other malware in the background, commit ad fraud, or even take over its host device.

Black Hat and Defcon are underway in Vegas, WhatsApp flaws allow hackers to alter messages, and more of this week’s top security news.

Some kids play in a band after school. Bill Demirkapi hacked two education software giants.

The Android Security team's former tech lead, who's now a security researcher on Google's Project Zero, breaks down why.

Researchers found 35 ES&S voting machines connected to the internet, contradicting statements by election officials and the manufacturer.

Apple plans to hand out $1 million to researchers who find the most critical weaknesses in iPhones.

Fears of cyber-hijackings? That's plane crazy, says Dreamliner maker

Insider threats come in many forms. How bribable are your employees?

You don't even have to click anything.

Google brings its Advanced Protection for Gmail to Chrome, but it only works if you're logged in.

Changes to configuration files don't change signature, can add malicious features.

A few months after confirming five vulnerabilities known as Dragonblood in the WPA3 standard, researchers have now found two more.

"The FBI says they're 'going dark.' Well yeah, because they've been staring at the sun."

Dear Engineer. You failed your licensing exam. Open this document to learn more.

Never mind your wallet—what’s in your WAF ruleset?

The problems in communication are insurmountable. Here are the top 6 problems you may face when using the wrong communication app.

Google security researchers have discovered six so-called ‘zero interaction’ iOS vulnerabilities – bugs that can allow an attacker to take control of the phone without the user having to do anything other than receive and open a message. Five of them have been fixed in iOS 12.4, but Apple has not yet been able to completely close the sixth one …

No More Ransom is a global partnership between public and private sectors, including community involvement, 151-strong over three years.

Now we have the Senate Intel Committee’s report on how Russia sought to influence the 2016 elections and how it might do it again in 2020.

The moral of the story: Try to avoid being inept and negligent, OK?