The vulnerability lets an attacker take control of any device running Android 2.2 onwards using multimedia content - but while Google has had a patch since April, 95% of devices remain unprotected.
Get a roundup of the top tech news of the last 7 Days
Why haven't you bought a Windows Phone?
All the latest news on Windows 10 as it nears its launch
The Redmond Report: EP 3 - Christmas comes early
The Pursuit of 'Appyness: Which apps are you still waiting for on Windows phones and PCs?
pursuit of appyness
In the most recent of its '10 reasons to upgrade' videos, Microsoft wants you to know that Windows 10 is the most secure Windows ever, with advanced authentication techniques and stronger security.
Internet Explorer has often struggled with bugs and HP has just revealed four more, affecting only the mobile version of Internet Explorer and allowing remote execution of code on a device.
According to a security report, email spam has slowed down remarkably, reaching a rate even lower than that recorded over a decade ago. However, despite this, malware volume has reportedly spiked.
Windows 10 Mobile is doing away with the traditional timed lockout that users get when they enter their PIN wrong too many times, adding a challenge phrase to discourage thieves and devious friends.
Two seemingly legitimate Android games, which were up on the Play Store, were stealing users' Facebook credentials and using them to propagate through friends lists and automated scripts.
You can save up to 94% on these select deals ranging from web development courses, to IT security, to the ZeroLemon portable solar charger in this Top Neowin Deals of the Month Roundup!
Samsung, through its driver and software update program, disabled Windows Update on numerous machines to "help your configuration settings". The move likely left users more vulnerable and less secure.
Microsoft has announced that starting with the next Windows 10 Insider release, you will need to start pairing your Windows 10 preview release with your Microsoft Account.
After working 9 months to update their code and webpages in preparation, reddit has finally made the leap to become HTTPS-only, and will begin encrypting all traffic on June 29th.
LastPass has discovered suspicious activity on their network, which compromised emails, password reminders, and authentication hashes; all you need to do is take a few measures and you'll be fine.
The United States government is buying up zero-day and other types of digital exploits found in popular software. Their official stated goal is to use these in developing attack programs.
The Ask toolbar is undeniably one of the programs on the internet no one really wanted. In line with this, Microsoft has flagged the toolbar as malware, for its ability to alter a browser's settings.
Windows 10 build 10130 has received another round of patches on its road towards the Slow ring. This time it's all about security and bug fixes for "a few top issues reported in the build."
The largest federal employee union has claimed in an internal letter that Chinese hackers in last week's attack stole the Social Security numbers and info of every single federal employee.
A recently-discovered vulnerability in Apple's Macintosh computers allows hackers to dig deep into your computer undetected and rewrite how your machine works.
Chinese hackers have been blamed for an attack at the U.S. government's Office of Personnel Management which may have compromised the data of up to 4 million people in every federal agency.
In a long awaited move by Plex users, the media-streaming software provider has announced a partnership with DigiCert to provide free SSL streaming to all Plex Media Server users.
Russia is the prime suspect in what looks like a state-sponsored cyber attack upon the German parliament. The Bundestag's network was compromised and data was transferred outside of the country.
Microsoft is looking to show the EU that its products are secure and that user data is being treated with privacy in mind. To that end the company is opening a Transparency Center in Brussels.
In a surprising turn of events, Microsoft's PowerShell team announced that the company will begin incorporating OpenSSH into Windows, in addition to contributing back to the Open Source project.
Google's says its new 'My Account' hub will make it easier for users to protect their data and put them in control, while a new information site will help them understand privacy and security issues.
Apple has issued a temporary workaround for the malicious unicode DoS attack that has been impacting iOS users. Apple is in the process of issuing a software update that will remedy the issue.
A dormant ransomware similar to Cryptolocker has recently been activated. Dubbed "Locker," the program encrypts computer files, and asks the victim for 0.1 bitcoin in exchange for the decryption key.
A vulnerability in the way Apple's core operating system handles unicode characters allows an attacker to send a specially crafted message that can automatically reboot any Apple product.
ESET security researchers have issued a paper outlining a new variant of router malware, a worm that is stealing social media auth tokens to "like" pages without the user's consent.
A new research report has revealed that most Android devices retain critical data such as contact information, messages, images and application data after a factory reset, raising privacy concerns.
A new release by The Intercept details methods that the NSA planned for controlling the Android Market (now Google Play) in order to deliver spyware to targets via app installs.
In an effort to patch any possible vulnerabilities, United Airlines has launched a program which will reward up to 1 million free miles to anyone who finds a bug or security flaw in their website.
If your Apple Watch gets stolen, the thief will have no trouble wiping your data and then using or selling the device, as an apparent bug in Apple's software allows a hard reset without your passcode.
Microsoft is detailing some of the security features that will be coming with the new Edge browser in Windows 10. The company wants to make Edge the fastest, easiest to use and most secure browser.
Browser preferences for privacy are all well and good, but Google takes it a step further by saving your online presence online, to enable or disable certain tracking options requires a few steps.
At San Francisco's RSA conference, mobile security firm Skycure has revealed an iOS vulnerability to malformed SSL certificates that can throw an iPhone or iPad into a perpetual boot loop.
One of the new security features coming to Windows 10 is called Device Guard. Alongside Windows Hello and Microsoft Passport it aims to offer enterprise customers top-notch security on their devices.
In a complicated deal worth about $1.9 billion, Raytheon Co has said it will combine its cyber security unit with Websense to create a new company, reporting to the arms maker's executive
Taking many cues from Samsung's Knox, and similar to features introduced in Lollipop, Android for Work allows IT departments to remotely manage work data on personal smart phones securely.
If you needed further proof that normal users don't think about computer security, look no further than this statistic: 65% of users who file taxes online do so using an open Wi-Fi hotspot.
An audit of Truecrypt's source code indicates that while there are no NSA backdoors in the encryption software, there are unfortunately a few major issues with the now-defunct tool.
Free disk encryption software based on TrueCrypt. It adds enhanced security to the algorithms used for system and partitions encryption making it immune to new developments in brute-force attacks.
Microsoft has posted an alert saying that they have revoked an improperly issued SSL certificate that could have impacted all version of Windows but automatic updates should take care of the issue.
Microsoft has just unveiled Windows Hello and Passport, two systems designed to make passwords obsolete in Windows 10. They rely on biometric signatures and secondary devices for authentication.
A new version of the famous ransomware Cryptolocker named TeslaCrypt has been released, and is out to target gamers. It holds game files hostage unless a payment in bitcoins is made.
EMET is a utility that helps prevent vulnerabilities in software from being successfully exploited. EMET achieves this goal by using security mitigation technologies.
Lenovo has seemingly been caught pushing known adware to its users. Pre-installed on a number of Lenovo systems, the software inserts ads, and has the potential to steal private encrypted data.
Despite Twitter's promotion of the two-factor authentication system to improve security over accounts, Twitter's CFO himself got hacked yesterday, with the account posting over 300 spam tweets.
Lovestruck and horny employees are putting their employers and co-workers at risk by using dating apps that are severely vulnerable to hackers, according to a new report by IBM.
In the spirit of Safer Internet Day, Google has produced a security dashboard and is offering 2 GB of extra drive space anyone who reviews their security preferences before the 17th.
An early investigation into the recent Anthem breach, that might have exposed 80 million accounts, is starting to point to the usual suspects: the Chinese government and the DEEP PANDA hacking group
Google has pulled numerous apps from its Play Store that had been directing users to install more software, which secretly collected their personal data and sent premium-rate text messages.