Investors beware: AI-powered financial scams swamp social media
Can you tell the difference between legitimate marketing and deepfake scam ads? It’s not always as easy as you may think.
General
20 articles
Android’s pKVM Becomes First Globally Certified Software to Achieve Prestigious SESIP Level 5 Security Certification
Posted by Dave Kleidermacher, VP Engineering, Android Security & Privacy Today marks a watershed moment and new benchmark for open-source security and the fu...
Supply-chain dependencies: Check your resilience blind spot
Does your business truly understand its dependencies, and how to mitigate the risks posed by an attack on them?
How the always-on generation can level up its cybersecurity game
Digital natives are comfortable with technology, but may be more exposed to online scams and other threats than they think
HTTP/1.1 must die: the desync endgame
Abstract Upstream HTTP/1.1 is inherently insecure and regularly exposes millions of websites to hostile takeover.
Repeater Strike: manual testing, amplified
Manual testing doesn't have to be repetitive.
Advancing Protection in Chrome on Android
Posted by David Adrian, Javier Castro & Peter Kotwicz, Chrome Security Team Android recently announced Advanced Protection, which extends Google’s Advanced P...
Mitigating prompt injection attacks with a layered defense strategy
Posted by Google GenAI Security Team With the rapid adoption of generative AI, a new wave of threats is emerging across the industry with the aim of manipula...
Sustaining Digital Certificate Security - Upcoming Changes to the Chrome Root Store
Posted by Chrome Root Program, Chrome Security Team Note: Google Chrome communicated its removal of default trust of Chunghwa Telecom and Netlock in the publ...
Tracking the Cost of Quantum Factoring
Posted by Craig Gidney, Quantum Research Scientist, and Sophie Schmieg, Senior Staff Cryptography Engineer Google Quantum AI's mission is to build best in cl...
Firefox Security Response to pwn2own 2025
At Mozilla, we consider security to be a paramount aspect of the web. This is why not only does Firefox have a long running bug bounty program but also matur...
What’s New in Android Security and Privacy in 2025
Posted by Dave Kleidermacher, VP Engineering, Android Security and Privacy Android’s intelligent protections keep you safe from everyday dangers. Our dedicat...
Advanced Protection: Google’s Strongest Security for Mobile Devices
Posted by Il-Sung Lee, Group Product Manager, Android Security Protecting users who need heightened security has been a long-standing commitment at Google, w...
Document My Pentest: you hack, the AI writes it up!
Tired of repeating yourself? Automate your web security audit trail.
Updated GPG key for signing Firefox Releases
The GPG key used to sign the Firefox release manifests is expiring soon, and so we’re going to be switching over to a new signing subkey shortly. The GPG fin...
SAML roulette: the hacker always wins
Introduction In this post, we’ll show precisely how to chain round-trip attacks and namespace confusion to achieve unauthenticated admin access on GitLab Ent...
Enhancing CA Practices: Key Updates in Mozilla Root Store Policy, v3.0
Mozilla remains committed to fostering a secure, agile, and transparent Web PKI ecosystem. The new Mozilla Root Store Policy (MRSP) v3.
Shadow Repeater:AI-enhanced manual testing
Have you ever wondered how many vulnerabilities you've missed by a hair's breadth, due to a single flawed choice?
Bypassing character blocklists with unicode overflows
Unicode codepoint truncation - also called a Unicode overflow attack - happens when a server tries to store a Unicode character in a single byte.
Stealing HttpOnly cookies with the cookie sandwich technique
In this post, I will introduce the "cookie sandwich" technique which lets you bypass the HttpOnly flag on certain servers.