How Uber seems to know where you are – even with restricted location permissions
Is the ride-hailing app secretly tracking you? Not really, but this iOS feature may make it feel that way.
General
20 articles
Cybersecurity Awareness Month 2025: Passwords alone are not enough
Never rely on just a password, however strong it may be. Multi-factor authentication is essential for anyone who wants to protect their online accounts from ...
The case for cybersecurity: Why successful businesses are built on protection
Company leaders need to recognize the gravity of cyber risk, turn awareness into action, and put security front and center
Manufacturing under fire: Strengthening cyber-defenses amid surging threats
Manufacturers operate in one of the most unforgiving threat environments and face a unique set of pressures that make attacks particularly damaging
Cybersecurity Awareness Month 2025: Knowledge is power
We're kicking off the month with a focus on the human element: the first line of defense, but also the path of least resistance for many cybercriminals
This month in security with Tony Anscombe – September 2025 edition
The past 30 days have seen no shortage of new threats and incidents that brought into sharp relief the need for well-thought-out cyber-resilience plans
Roblox executors: It’s all fun and games until someone gets hacked
You could be getting more than you bargained for when you download that cheat tool promising quick wins
Accelerating adoption of AI for cybersecurity at DEF CON 33
Posted by Elie Bursztein and Marianna Tishchenko, Google Privacy, Safety and Security Team Empowering cyber defenders with AI is critical to tilting the cybe...
WebSocket Turbo Intruder: Unearthing the WebSocket Goldmine
Many testers and tools give up the moment a protocol upgrade to WebSocket occurs, or only perform shallow analysis.
How Pixel and Android are bringing a new level of trust to your images with C2PA Content Credentials
Posted by Eric Lynch, Senior Product Manager, Android Security, and Sherif Hanna, Group Product Manager, Google C2PA Core At Made by Google 2025, we announce...
Cookie Chaos: How to bypass __Host and __Secure cookie prefixes
Browsers added cookie prefixes to protect your sessions and stop attackers from setting harmful cookies.
Widespread Data Theft Targets Salesforce Instances via Salesloft Drift
Written by: Austin Larsen, Matt Lin, Tyler McLellan, Omar ElAhdan Update (August 28) Based on new information identified by GTIG, the scope of this compromis...
Countering Chinese State-Sponsored Actors Compromise of Networks Worldwide to Feed Global Espionage System
Executive summary People’s Republic of China (PRC) state-sponsored cyber threat actors are targeting networks globally, including, but not limited to, teleco...
Beware the false false-positive: how to distinguish HTTP pipelining from request smuggling
Sometimes people think they've found HTTP request smuggling, when they're actually just observing HTTP keep-alive or pipelining.
Android’s pKVM Becomes First Globally Certified Software to Achieve Prestigious SESIP Level 5 Security Certification
Posted by Dave Kleidermacher, VP Engineering, Android Security & Privacy Today marks a watershed moment and new benchmark for open-source security and the fu...
HTTP/1.1 must die: the desync endgame
Abstract Upstream HTTP/1.1 is inherently insecure and regularly exposes millions of websites to hostile takeover.
Beyond Convenience: Exposing the Risks of VMware vSphere Active Directory Integration
Written by: Stuart Carrera, Brian Meyer Executive Summary Broadcom's VMware vSphere product continues to be a top choice for private cloud virtualization, un...
Repeater Strike: manual testing, amplified
Manual testing doesn't have to be repetitive.
Advancing Protection in Chrome on Android
Posted by David Adrian, Javier Castro & Peter Kotwicz, Chrome Security Team Android recently announced Advanced Protection, which extends Google’s Advanced P...
Mitigating prompt injection attacks with a layered defense strategy
Posted by Adam Gavish, Google GenAI Security Team With the rapid adoption of generative AI, a new wave of threats is emerging across the industry with the ai...