The maker of the Omnipod 5 insulin-delivery system is warning customers that its controller device isn't registering decimal points in every case, potentially leading to dangerous doses being administered.

Insulet says it received two reports of "adverse events" directly related to the issue, without detailing exactly what these were. It has written to customers to highlight that delivery of the wrong dose can lead to "severe hypoglycemia." The company is developing a fix, although it is not yet available.

Apple has issued emergency fixes to plug security flaws in iPhones, iPads, and Macs that may already be under attack.

The software updates for iOS, iPadOS, macOS Sonoma, and Safari web browser address two bugs: an out-of-bounds read flaw tracked as CVE-2023-42916, and a memory corruption vulnerability tracked as CVE-2023-42917.

There's a war on and critical infrastructure operators are still using default passwords

A group representing some of Spain's largest media outlets have sued Meta, demanding €550 million ($596 million) in recompense for Zuckercorp's "systemic and massive" disregard for EU privacy regulations that have left them at risk of collapse.

A sample of the Qilin ransomware gang's VMware ESXi encryptor has been found and it could be one of the most advanced and customizable Linux encryptors seen to date.

The enterprise is increasingly moving to virtual machines to host their servers, as they allow for better usage of available CPU, memory, and storage resources.

Due to this adoption, almost all ransomware gangs have created dedicated VMware ESXi encryptors to target these servers.

WordPress administrators are being emailed fake WordPress security advisories for a fictitious vulnerability tracked as CVE-2023-45124 to infect sites with a malicious plugin.

The campaign has been caught and reported by WordPress security experts at Wordfence and PatchStack, who published alerts on their sites to raise awareness.

The emails pretend to be from WordPress, warning that a new critical remote code execution (RCE) flaw in the platform was detected on the admin's site, urging them to download and install a plugin that allegedly addresses the security issue.

Google announced today that the December 2023 Android security updates tackle 85 vulnerabilities, including a critical severity zero-click remote code execution (RCE) bug.

Tracked as CVE-2023-40088, the zero-click RCE bug was found in Android's System component and doesn't require additional privileges to be exploited.

While the company has yet to reveal if attackers have targeted this security flaw in the wild, threat actors could exploit it to gain arbitrary code execution without user interaction.

More than a dozen malicious loan apps, which are generically named SpyLoan, have been downloaded more than 12 million times this year from Google Play but the count is much larger since they are also available on third-party stores and suspicious websites.

SpyLoan Android threats steal from the device personal data that includes a list of all accounts, device info, call logs, installed apps, calendar events, local Wi-Fi network details, and metadata from images. Researchers say that the risk also extends to contacts list, location data, and text messages.

Sam Altman has appeared to lead credence to the theory he was fired from OpenAI over his company's super powerful, secret new AI system he helped build. 

Multiple employees reportedly warned the company's board of directors that this project, named Q* (pronounced 'Q star'), was becoming so advanced it could already pass math exams and perform critical thinking tasks. 

And they felt Altman was not taking their warnings seriously.