A trio of important Google apps have recently received updates on Samsung phones and they require a manual update.

At WWDC26, Apple flashed a slide listing hundreds of small refinements coming to OS 27. We captured, OCRed, and categorized every item so you can actually read everything that Apple included.

Proofpoint says UNK_DeadDrop sent 250+ phishing emails to nearly 100 firms, using GitHub and VS Code lures to steal ...

A coding error in several Microsoft 365 Android apps could have allowed a malicious app on the same device to silently obtain account tokens and act as the signed-in user, according to new research ...

Fake Claude Code install sites are pushing malware that steals API keys, developer credentials, crypto wallets, and other sensitive data.

A new infostealer variant targets macOS users by spoofing Apple, Microsoft, and Google and then then gets to work searching for victims’ password managers so it can steal all of their credentials and ...

A ClickFix campaign targeting macOS users delivers an AppleScript-based infostealer that collects credentials and live session cookies from 14 browsers, 16 cryptocurrency wallets, and more than 200 ...

“A new 2026 study reveals that AI companion apps with 150M installs are a privacy disaster. More than half expose intimate chat histories due to critical flaws like hardcoded credentials and script ...

If you’d like to help getting the app published on Google Play, write me an email to jakub at jakubvalenta dot cz and I’ll invite you to the testing program. Share a map link with GeoShare and the app ...

CVE-2025-12735 in expr-eval allows remote code execution via unsafe input evaluation Vulnerable versions ≤2.0.2; patched in 2.0.3 and forked in expr-eval-fork 3.0.0 Developers should sanitize ...

This is done by creating a local proxy server which forward requests to real proxy server with password injected. You change your browser's proxy config to use the ...