CloudFlare, a content delivery network and web security provider used by millions of websites, has admitted that a severe security vulnerability has caused sensitive data to be exposed across a number of different websites. It has been dubbed Cloudbleed and is said to be worse than Heartbleed, a similar bug from 2014. What exactly is Cloudbleed and how could you be affected by it? Let's find out.


The SHA-1 cryptographic hash function may be 22 years old but it's still widely used today to validate Git repositories, document and digital certificates. We already know SHA-1 is insecure - security experts have been banging on about theoretical attacks facilitated by the algorithm for years. Now Google researchers have demonstrated a practical collision attack is possible. Here's what you need to know and why you should care.


Google introduced its Verify Apps cloud-based service in 2012 that will check every application before installation on an Android device for added security against malware and other nasties. It has been regularly updated with new features. Now Verify Apps can remove an application without confirmation from the user if the service finds that it's purely harmful.