Microsoft will pay $20 million to settle charges brought by the Federal Trade Commission accusing the tech giant of illegally collecting the personal information of children without their parents’ consent — and in some cases retaining it “for years.”

ReversingLabs has discovered a new kind of PyPI attack. Lucky us.

No wonder Google is having trouble keeping up with policing its app store. Since Monday, researchers have reported that hundreds of Android apps and Chrome extensions with millions of installs from the company’s official marketplaces have included functions for snooping on user files, manipulating the contents of clipboards, and injecting deliberately unknown code into webpages.

Chainguard's new Container Registry costs far less to run and the company has also upgraded how it hosts and distributes its Images to improve security.

Smartphone malware sold to governments around the world can surreptitiously record voice calls and nearby audio, collect data from apps such as Signal and WhatsApp, and hide apps or prevent them from running upon device reboots, researchers from Cisco’s Talos security team have found.

Ars chats with law philosopher Scott Shapiro about his new book, Fancy Bear Goes Phishing. Turing himself showed that perfect cybersecurity is impossible through the proof that he gave. It's easy to extend the proof just to see that among the problems that cannot be solved are finding bugs in computer programs.

The well-known open source password manager is launching passwordless.dev, a comprehensive toolkit for developers.

Overall, Android devices have earned a decidedly mixed reputation for security. While the OS itself and Google's Pixels have stood up over the years against software exploits, the never-ending flow of malicious apps in Google Play and vulnerable devices from some third-party manufacturers have tarnished its image.

Another day, another strange Twitter problem.

Brendan Burns, Kubernetes' co-founder shared his thoughts on GitOps and Kubernetes at GitOpsCon.

The Snake network has been detected in more than 50 countries, including Australia.

Kubernetes 1.27 compatibility, bug fixes, and support for containerD WASM and gVisor container sandboxes, there are a few of our favorite things that the new version of k0s brings us.

Meta on Wednesday warned that hackers are using the promise of generative artificial intelligence like ChatGPT to trick people into installing malicious code on devices. Over the course of the past month, security analysts with the social-media giant have found malicious software posing as ChatGPT or similar AI tools, chief information security officer Guy Rosen said in a briefing.

More than half of the enterprise routers researchers bought secondhand hadn’t been wiped, exposing sensitive info like login credentials and customer data.

In the rush to commercialize LLMs, security got left behind

Security researchers are examining newly discovered Mac ransomware samples from the notorious gang LockBit, marking the first known example of a prominent ransomware group toying with macOS versions of its malware.

Supply-chain Levels for Software Artifacts (SLSA) Version 1.0 will help protect software code from tampering and facilitate secure development practices.

It's time. SBOM and SLSA are now being used to check the security of major cloud-native programs.

With a CVSS score of 9.8 and active exploits using the IceFire ransomware, this is a "Patch It, Now!" bug.

A market-leading garage door controller is so riddled with severe security and privacy vulnerabilities that the researcher who discovered them, Sam Sabetan, is advising anyone using one to immediately disconnect it until they are fixed.