Security

Google enables passkey sign-in for all Google Accounts, marking the most significant push yet toward a passwordless future built on FIDO2 and WebAuthn.

Samsung employees accidentally leaked proprietary source code and meeting notes via ChatGPT, exposing the urgent need for enterprise AI usage policies.

Italy’s data protection authority blocks ChatGPT over GDPR concerns, setting a precedent for how AI services will navigate European privacy law.

Italy’s data protection authority blocks ChatGPT over GDPR concerns, raising questions every company building with AI needs to answer.

The Biden administration’s new cybersecurity strategy shifts liability toward software vendors, and developers need to pay attention.

A massive ransomware campaign is exploiting a two-year-old VMware ESXi vulnerability, and the scale of unpatched systems is alarming.

CircleCI discloses a security incident and urges all customers to immediately rotate secrets stored in the platform. A reminder of the risks in our CI/CD supply chain.

LastPass reveals attackers obtained copies of customer vault data, turning an already serious breach into one of the worst password manager incidents in history.

A year after Log4Shell shook the software industry, we examine what’s improved in supply chain security — and what still keeps us up at night.

The OpenSSL 3.0.7 patch for CVE-2022-3602 and CVE-2022-3786 arrived this week — here’s what happened and what it teaches us about vulnerability response.

A teenager allegedly breached Uber’s internal systems through social engineering and MFA fatigue, exposing fundamental weaknesses in how we think about authentication.

Twilio’s breach through a sophisticated phishing attack targeting employees raises hard questions about SMS-based authentication and supply chain trust.